dependabot-common 0.182.4 → 0.185.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b56ea9f42fa8def1dc34297a9f854e901efaa0539b5a09fbe90dc35ae7d8108d
|
4
|
+
data.tar.gz: 356fd5d7415556bcc0dae58d9a66b1c2d51425044ec200150633e02c955c3174
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3b64c813f3396cd8cfebc2fb5f9cb60228edd68333da9e5411af81540e55bbc14a5eea0a1a734ee2c780cbae6bdb7d985c45aa16adc934d1e2b2f05025dd9ae7
|
7
|
+
data.tar.gz: 1a6fff1224aeeed66c120ffea9c54707e204ecab08a6e97ec8a7c4e95cf4507ed672689284bfdf1feb074eed3dc7d1ca2e2e0da6dd4182d4343b949e796291c9
|
@@ -160,7 +160,8 @@ module Dependabot
|
|
160
160
|
url,
|
161
161
|
user: credentials&.fetch("username", nil),
|
162
162
|
password: credentials&.fetch("password", nil),
|
163
|
-
|
163
|
+
# Setting to false to prevent Excon retries, use BitbucketWithRetries for retries.
|
164
|
+
idempotent: false,
|
164
165
|
**Dependabot::SharedHelpers.excon_defaults(
|
165
166
|
headers: auth_header
|
166
167
|
)
|
@@ -446,7 +446,13 @@ module Dependabot
|
|
446
446
|
)
|
447
447
|
end
|
448
448
|
|
449
|
-
|
449
|
+
if tmp.content == ""
|
450
|
+
# The file may have exceeded the 1MB limit
|
451
|
+
# see https://github.blog/changelog/2022-05-03-increased-file-size-limit-when-retrieving-file-contents-via-rest-api/
|
452
|
+
github_client.contents(repo, path: path, ref: commit, accept: "application/vnd.github.v3.raw")
|
453
|
+
else
|
454
|
+
Base64.decode64(tmp.content).force_encoding("UTF-8").encode
|
455
|
+
end
|
450
456
|
rescue Octokit::Forbidden => e
|
451
457
|
raise unless e.message.include?("too_large")
|
452
458
|
|
@@ -48,7 +48,6 @@ module Dependabot
|
|
48
48
|
|
49
49
|
attr_reader :url, :credentials
|
50
50
|
|
51
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
52
51
|
def fetch_upload_pack_for(uri)
|
53
52
|
response = fetch_raw_upload_pack_for(uri)
|
54
53
|
return response.body if response.status == 200
|
@@ -70,15 +69,10 @@ module Dependabot
|
|
70
69
|
|
71
70
|
raise Dependabot::GitDependenciesNotReachable, [uri]
|
72
71
|
rescue Excon::Error::Socket, Excon::Error::Timeout
|
73
|
-
retry_count ||= 0
|
74
|
-
retry_count += 1
|
75
|
-
|
76
|
-
sleep(rand(0.9)) && retry if retry_count <= 2 && uri.match?(KNOWN_HOSTS)
|
77
72
|
raise if uri.match?(KNOWN_HOSTS)
|
78
73
|
|
79
74
|
raise Dependabot::GitDependenciesNotReachable, [uri]
|
80
75
|
end
|
81
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
82
76
|
|
83
77
|
def fetch_raw_upload_pack_for(uri)
|
84
78
|
url = service_pack_uri(uri)
|
@@ -160,8 +160,8 @@ module Dependabot
|
|
160
160
|
end
|
161
161
|
|
162
162
|
def self.with_git_configured(credentials:)
|
163
|
-
backup_git_config_path = stash_global_git_config
|
164
|
-
configure_git_to_use_https_with_credentials(credentials)
|
163
|
+
backup_git_config_path, safe_directories = stash_global_git_config
|
164
|
+
configure_git_to_use_https_with_credentials(credentials, safe_directories)
|
165
165
|
yield
|
166
166
|
rescue Errno::ENOSPC => e
|
167
167
|
raise Dependabot::OutOfDisk, e.message
|
@@ -175,7 +175,7 @@ module Dependabot
|
|
175
175
|
|
176
176
|
# rubocop:disable Metrics/AbcSize
|
177
177
|
# rubocop:disable Metrics/PerceivedComplexity
|
178
|
-
def self.configure_git_to_use_https_with_credentials(credentials)
|
178
|
+
def self.configure_git_to_use_https_with_credentials(credentials, safe_directories)
|
179
179
|
File.open(GIT_CONFIG_GLOBAL_PATH, "w") do |file|
|
180
180
|
file << "# Generated by dependabot/dependabot-core"
|
181
181
|
end
|
@@ -190,6 +190,12 @@ module Dependabot
|
|
190
190
|
allow_unsafe_shell_command: true
|
191
191
|
)
|
192
192
|
|
193
|
+
# see https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
194
|
+
safe_directories ||= []
|
195
|
+
safe_directories.each do |path|
|
196
|
+
run_shell_command("git config --global --add safe.directory #{path}")
|
197
|
+
end
|
198
|
+
|
193
199
|
github_credentials = credentials.
|
194
200
|
select { |c| c["type"] == "git_source" }.
|
195
201
|
select { |c| c["host"] == "github.com" }.
|
@@ -267,8 +273,13 @@ module Dependabot
|
|
267
273
|
digest = Digest::SHA2.hexdigest(contents)[0...10]
|
268
274
|
backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
|
269
275
|
|
276
|
+
# to preserve safe directories from global .gitconfig
|
277
|
+
output, process = Open3.capture2("git config --global --get-all safe.directory")
|
278
|
+
safe_directories = []
|
279
|
+
safe_directories = output.split("\n").compact if process.success?
|
280
|
+
|
270
281
|
FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
|
271
|
-
backup_path
|
282
|
+
[backup_path, safe_directories]
|
272
283
|
end
|
273
284
|
|
274
285
|
def self.reset_global_git_config(backup_path)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.185.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -226,16 +226,30 @@ dependencies:
|
|
226
226
|
name: debase
|
227
227
|
requirement: !ruby/object:Gem::Requirement
|
228
228
|
requirements:
|
229
|
-
- -
|
229
|
+
- - '='
|
230
230
|
- !ruby/object:Gem::Version
|
231
|
-
version: 0.2.
|
231
|
+
version: 0.2.3
|
232
232
|
type: :development
|
233
233
|
prerelease: false
|
234
234
|
version_requirements: !ruby/object:Gem::Requirement
|
235
235
|
requirements:
|
236
|
-
- -
|
236
|
+
- - '='
|
237
|
+
- !ruby/object:Gem::Version
|
238
|
+
version: 0.2.3
|
239
|
+
- !ruby/object:Gem::Dependency
|
240
|
+
name: debase-ruby_core_source
|
241
|
+
requirement: !ruby/object:Gem::Requirement
|
242
|
+
requirements:
|
243
|
+
- - '='
|
244
|
+
- !ruby/object:Gem::Version
|
245
|
+
version: 0.10.14
|
246
|
+
type: :development
|
247
|
+
prerelease: false
|
248
|
+
version_requirements: !ruby/object:Gem::Requirement
|
249
|
+
requirements:
|
250
|
+
- - '='
|
237
251
|
- !ruby/object:Gem::Version
|
238
|
-
version: 0.
|
252
|
+
version: 0.10.14
|
239
253
|
- !ruby/object:Gem::Dependency
|
240
254
|
name: debug
|
241
255
|
requirement: !ruby/object:Gem::Requirement
|
@@ -312,14 +326,14 @@ dependencies:
|
|
312
326
|
requirements:
|
313
327
|
- - "~>"
|
314
328
|
- !ruby/object:Gem::Version
|
315
|
-
version: 1.
|
329
|
+
version: 1.28.2
|
316
330
|
type: :development
|
317
331
|
prerelease: false
|
318
332
|
version_requirements: !ruby/object:Gem::Requirement
|
319
333
|
requirements:
|
320
334
|
- - "~>"
|
321
335
|
- !ruby/object:Gem::Version
|
322
|
-
version: 1.
|
336
|
+
version: 1.28.2
|
323
337
|
- !ruby/object:Gem::Dependency
|
324
338
|
name: ruby-debug-ide
|
325
339
|
requirement: !ruby/object:Gem::Requirement
|
@@ -497,7 +511,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
497
511
|
- !ruby/object:Gem::Version
|
498
512
|
version: 2.7.3
|
499
513
|
requirements: []
|
500
|
-
rubygems_version: 3.
|
514
|
+
rubygems_version: 3.3.7
|
501
515
|
signing_key:
|
502
516
|
specification_version: 4
|
503
517
|
summary: Shared code used between Dependabot package managers
|