dependabot-common 0.180.2 → 0.180.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/github_with_retries.rb +7 -1
  3. data/lib/dependabot/git_commit_checker.rb +44 -21
  4. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +8 -2
  5. data/lib/dependabot/metadata_finders/base/commits_finder.rb +6 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ac9e012745f0fea5e47eda90f3c6ed888b6aaea281d8467d5e7db0c70c822510
4
- data.tar.gz: aea88499b949b0b6f4b4b7fa3dc071566589497d9a70f25b61c32aceef59a9e8
3
+ metadata.gz: e96320c0d005a01e60eb0dbda0ecbef317564c601ea749f2e7161f5078af74c7
4
+ data.tar.gz: 55fede508dc3d1e527d82565a5a3516fe618645e106d4bec9821e1216d8d87d5
5
5
  SHA512:
6
- metadata.gz: 2989802bd0a6e6aafafb367c6280be61ef838287dc6f4bf43ee3c8c08901705ae1c39d533368ee39deaca9a90f21826ea11c50ccea448d7374d59be4a0d48f69
7
- data.tar.gz: 6e8d0658b12140c6f57c1a7b0629382f9ae5fd558d33684c1a63f0408ba1735ce5edc807b894857923d3a3a66f308bef735d6d67a502ad62bf68d30d9b0a9b91
6
+ metadata.gz: f833e1abb07f8feb45f08c0c9bf6601a612cca37d5e61b6e2a8be5f4e72987dcc37669b6313428dfb7ece40f59c420c6bf923e152d2bc52be93eec97213cd2d0
7
+ data.tar.gz: 55f7f4c31e3caf18f4b3c9897dee9b9edfbd2c71616516411022902fefa30ee63a15d0fa0ab07bf8105178d323c41ea657397b8eea589ecad672b4599df67678
data/lib/dependabot/clients/github_with_retries.rb CHANGED
@@ -5,10 +5,16 @@ require "octokit"
5
5
  module Dependabot
6
6
  module Clients
7
7
  class GithubWithRetries
8
+ DEFAULT_OPEN_TIMEOUT_IN_SECONDS = 2
9
+
10
+ def self.open_timeout_in_seconds
11
+ ENV.fetch("DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS", DEFAULT_OPEN_TIMEOUT_IN_SECONDS).to_i
12
+ end
13
+
8
14
  DEFAULT_CLIENT_ARGS = {
9
15
  connection_options: {
10
16
  request: {
11
- open_timeout: 2,
17
+ open_timeout: open_timeout_in_seconds,
12
18
  timeout: 5
13
19
  }
14
20
  }
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -50,7 +50,7 @@ module Dependabot
50
50
  return true if dependency.version&.start_with?(ref)
51
51
 
52
52
  # Check the specified `ref` isn't actually a branch
53
- !local_upload_pack.match?("refs/heads/#{ref}")
53
+ !local_upload_pack.match?(%r{ refs/heads/#{ref}$})
54
54
  end
55
55
 
56
56
  def pinned_ref_looks_like_version?
@@ -86,25 +86,27 @@ module Dependabot
86
86
  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
87
87
  end
88
88
 
89
- # rubocop:disable Metrics/PerceivedComplexity
90
- # rubocop:disable Metrics/AbcSize
91
- def local_tag_for_latest_version
92
- tags =
93
- local_tags.
94
- select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
95
- filtered = tags.
96
- reject { |t| tag_included_in_ignore_requirements?(t) }
97
- if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
98
- raise Dependabot::AllVersionsIgnored
99
- end
89
+ def local_tags_for_latest_version_commit_sha
90
+ tags = allowed_version_tags
91
+ max_tag = max_version_tag(tags)
92
+
93
+ return [] unless max_tag
100
94
 
101
- tag = filtered.
102
- reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
103
- max_by do |t|
104
- version = t.name.match(VERSION_REGEX).named_captures.
105
- fetch("version")
106
- version_class.new(version)
107
- end
95
+ tags.
96
+ select { |t| t.commit_sha == max_tag.commit_sha }.
97
+ map do |t|
98
+ version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
99
+ {
100
+ tag: t.name,
101
+ version: version_class.new(version),
102
+ commit_sha: t.commit_sha,
103
+ tag_sha: t.tag_sha
104
+ }
105
+ end
106
+ end
107
+
108
+ def local_tag_for_latest_version
109
+ tag = max_version_tag(allowed_version_tags)
108
110
 
109
111
  return unless tag
110
112
 
@@ -116,8 +118,29 @@ module Dependabot
116
118
  tag_sha: tag.tag_sha
117
119
  }
118
120
  end
119
- # rubocop:enable Metrics/AbcSize
120
- # rubocop:enable Metrics/PerceivedComplexity
121
+
122
+ def max_version_tag(tags)
123
+ tags.
124
+ max_by do |t|
125
+ version = t.name.match(VERSION_REGEX).named_captures.
126
+ fetch("version")
127
+ version_class.new(version)
128
+ end
129
+ end
130
+
131
+ def allowed_version_tags
132
+ tags =
133
+ local_tags.
134
+ select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
135
+ filtered = tags.
136
+ reject { |t| tag_included_in_ignore_requirements?(t) }
137
+ if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
138
+ raise Dependabot::AllVersionsIgnored
139
+ end
140
+
141
+ filtered.
142
+ reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
143
+ end
121
144
 
122
145
  def current_version
123
146
  return unless dependency.version && version_tag?(dependency.version)
data/lib/dependabot/metadata_finders/base/changelog_finder.rb CHANGED
@@ -271,6 +271,7 @@ module Dependabot
271
271
  end
272
272
 
273
273
  def fetch_gitlab_file_list
274
+ branch = default_gitlab_branch
274
275
  gitlab_client.repo_tree(source.repo).map do |file|
275
276
  type = case file.type
276
277
  when "blob" then "file"
@@ -281,8 +282,8 @@ module Dependabot
281
282
  name: file.name,
282
283
  type: type,
283
284
  size: 100, # GitLab doesn't return file size
284
- html_url: "#{source.url}/blob/master/#{file.path}",
285
- download_url: "#{source.url}/raw/master/#{file.path}"
285
+ html_url: "#{source.url}/blob/#{branch}/#{file.path}",
286
+ download_url: "#{source.url}/raw/#{branch}/#{file.path}"
286
287
  )
287
288
  end
288
289
  rescue Gitlab::Error::NotFound
@@ -355,6 +356,11 @@ module Dependabot
355
356
  @default_bitbucket_branch ||=
356
357
  bitbucket_client.fetch_default_branch(source.repo)
357
358
  end
359
+
360
+ def default_gitlab_branch
361
+ @default_gitlab_branch ||=
362
+ gitlab_client.fetch_default_branch(source.repo)
363
+ end
358
364
  end
359
365
  end
360
366
  end
data/lib/dependabot/metadata_finders/base/commits_finder.rb CHANGED
@@ -210,7 +210,7 @@ module Dependabot
210
210
  elsif new_tag
211
211
  "commits/#{new_tag}"
212
212
  else
213
- "commits/master"
213
+ "commits/#{default_gitlab_branch}"
214
214
  end
215
215
  end
216
216
 
@@ -321,6 +321,11 @@ module Dependabot
321
321
  MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
322
322
  include?(dependency.package_manager)
323
323
  end
324
+
325
+ def default_gitlab_branch
326
+ @default_gitlab_branch ||=
327
+ gitlab_client.fetch_default_branch(source.repo)
328
+ end
324
329
  end
325
330
  end
326
331
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.180.2"
4
+ VERSION = "0.180.5"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.2
4
+ version: 0.180.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-28 00:00:00.000000000 Z
11
+ date: 2022-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport