dependabot-common 0.180.3 → 0.181.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/github_with_retries.rb +7 -1
  3. data/lib/dependabot/git_commit_checker.rb +44 -21
  4. data/lib/dependabot/version.rb +1 -1
  5. metadata +32 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0b4c1b2ea482de6dfe3ed2f5d528b9d955af8b8003a6b2ee0a525e7684bffb74
4
- data.tar.gz: 5b3965c5bbb71869e057f04a20e561ba4ccef3b985133dfefb0ed48654d62d41
3
+ metadata.gz: bb71ba32bbc485a7ab9b3408cb8bf7d5f7f3880a5631fce81125fc92568f11f0
4
+ data.tar.gz: 8a3d04075708622fe08714bc5937a316d850c8a0c41e74159271c6ca88029a52
5
5
  SHA512:
6
- metadata.gz: ebc82fe32f383fea95e3ae56f56f6d49b3fef6d483e548db131a8a8f02a93bfbf804ab26121b38fe75384aad2d23f53ebefef510bd286c9a5433d88f37ef5522
7
- data.tar.gz: 2a88f5f5c1c021e7607fbc43b9300ceba2b8f31a1126dfc2f15df60978190d532c7f14e5a615bf86b226e0f0bffd18d8d69903182a4807c5407c18550bbe9bcb
6
+ metadata.gz: 27b48b0901c1962f8378329ac593448896537ce947a55f1ff79703a312a77177835889b4a5e43e8e34237e97355b26102b3e68a39f87a6c7a90ef5bcf07c7cb7
7
+ data.tar.gz: 9758deb16cc4e2cfa86141eb2c63a3a1821475cb72c18ddfe67b4c8765afea23bcb2e347e2b1e38285b65d2f719ec72ca72543f3982fed590cd60f617960c534
data/lib/dependabot/clients/github_with_retries.rb CHANGED
@@ -5,10 +5,16 @@ require "octokit"
5
5
  module Dependabot
6
6
  module Clients
7
7
  class GithubWithRetries
8
+ DEFAULT_OPEN_TIMEOUT_IN_SECONDS = 2
9
+
10
+ def self.open_timeout_in_seconds
11
+ ENV.fetch("DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS", DEFAULT_OPEN_TIMEOUT_IN_SECONDS).to_i
12
+ end
13
+
8
14
  DEFAULT_CLIENT_ARGS = {
9
15
  connection_options: {
10
16
  request: {
11
- open_timeout: 2,
17
+ open_timeout: open_timeout_in_seconds,
12
18
  timeout: 5
13
19
  }
14
20
  }
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -50,7 +50,7 @@ module Dependabot
50
50
  return true if dependency.version&.start_with?(ref)
51
51
 
52
52
  # Check the specified `ref` isn't actually a branch
53
- !local_upload_pack.match?("refs/heads/#{ref}")
53
+ !local_upload_pack.match?(%r{ refs/heads/#{ref}$})
54
54
  end
55
55
 
56
56
  def pinned_ref_looks_like_version?
@@ -86,25 +86,27 @@ module Dependabot
86
86
  raise Dependabot::GitDependencyReferenceNotFound, dependency.name
87
87
  end
88
88
 
89
- # rubocop:disable Metrics/PerceivedComplexity
90
- # rubocop:disable Metrics/AbcSize
91
- def local_tag_for_latest_version
92
- tags =
93
- local_tags.
94
- select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
95
- filtered = tags.
96
- reject { |t| tag_included_in_ignore_requirements?(t) }
97
- if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
98
- raise Dependabot::AllVersionsIgnored
99
- end
89
+ def local_tags_for_latest_version_commit_sha
90
+ tags = allowed_version_tags
91
+ max_tag = max_version_tag(tags)
92
+
93
+ return [] unless max_tag
100
94
 
101
- tag = filtered.
102
- reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
103
- max_by do |t|
104
- version = t.name.match(VERSION_REGEX).named_captures.
105
- fetch("version")
106
- version_class.new(version)
107
- end
95
+ tags.
96
+ select { |t| t.commit_sha == max_tag.commit_sha }.
97
+ map do |t|
98
+ version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
99
+ {
100
+ tag: t.name,
101
+ version: version_class.new(version),
102
+ commit_sha: t.commit_sha,
103
+ tag_sha: t.tag_sha
104
+ }
105
+ end
106
+ end
107
+
108
+ def local_tag_for_latest_version
109
+ tag = max_version_tag(allowed_version_tags)
108
110
 
109
111
  return unless tag
110
112
 
@@ -116,8 +118,29 @@ module Dependabot
116
118
  tag_sha: tag.tag_sha
117
119
  }
118
120
  end
119
- # rubocop:enable Metrics/AbcSize
120
- # rubocop:enable Metrics/PerceivedComplexity
121
+
122
+ def max_version_tag(tags)
123
+ tags.
124
+ max_by do |t|
125
+ version = t.name.match(VERSION_REGEX).named_captures.
126
+ fetch("version")
127
+ version_class.new(version)
128
+ end
129
+ end
130
+
131
+ def allowed_version_tags
132
+ tags =
133
+ local_tags.
134
+ select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
135
+ filtered = tags.
136
+ reject { |t| tag_included_in_ignore_requirements?(t) }
137
+ if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
138
+ raise Dependabot::AllVersionsIgnored
139
+ end
140
+
141
+ filtered.
142
+ reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
143
+ end
121
144
 
122
145
  def current_version
123
146
  return unless dependency.version && version_tag?(dependency.version)
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.180.3"
4
+ VERSION = "0.181.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.3
4
+ version: 0.181.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-04 00:00:00.000000000 Z
11
+ date: 2022-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -222,6 +222,20 @@ dependencies:
222
222
  - - "<"
223
223
  - !ruby/object:Gem::Version
224
224
  version: '3.0'
225
+ - !ruby/object:Gem::Dependency
226
+ name: debase
227
+ requirement: !ruby/object:Gem::Requirement
228
+ requirements:
229
+ - - "~>"
230
+ - !ruby/object:Gem::Version
231
+ version: 0.2.4.1
232
+ type: :development
233
+ prerelease: false
234
+ version_requirements: !ruby/object:Gem::Requirement
235
+ requirements:
236
+ - - "~>"
237
+ - !ruby/object:Gem::Version
238
+ version: 0.2.4.1
225
239
  - !ruby/object:Gem::Dependency
226
240
  name: debug
227
241
  requirement: !ruby/object:Gem::Requirement
@@ -298,14 +312,28 @@ dependencies:
298
312
  requirements:
299
313
  - - "~>"
300
314
  - !ruby/object:Gem::Version
301
- version: 1.26.0
315
+ version: 1.27.0
316
+ type: :development
317
+ prerelease: false
318
+ version_requirements: !ruby/object:Gem::Requirement
319
+ requirements:
320
+ - - "~>"
321
+ - !ruby/object:Gem::Version
322
+ version: 1.27.0
323
+ - !ruby/object:Gem::Dependency
324
+ name: ruby-debug-ide
325
+ requirement: !ruby/object:Gem::Requirement
326
+ requirements:
327
+ - - "~>"
328
+ - !ruby/object:Gem::Version
329
+ version: 0.7.3
302
330
  type: :development
303
331
  prerelease: false
304
332
  version_requirements: !ruby/object:Gem::Requirement
305
333
  requirements:
306
334
  - - "~>"
307
335
  - !ruby/object:Gem::Version
308
- version: 1.26.0
336
+ version: 0.7.3
309
337
  - !ruby/object:Gem::Dependency
310
338
  name: simplecov
311
339
  requirement: !ruby/object:Gem::Requirement