dependabot-common 0.208.0 → 0.211.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency.rb +8 -2
  3. data/lib/dependabot/file_updaters/vendor_updater.rb +1 -3
  4. data/lib/dependabot/pull_request_creator/message_builder.rb +17 -7
  5. data/lib/dependabot/pull_request_updater/azure.rb +7 -3
  6. data/lib/dependabot/security_advisory.rb +3 -0
  7. data/lib/dependabot/version.rb +1 -1
  8. metadata +22 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 912d048222662ce1e434cebc8cfe40f108937215a3d4b2d2ce60613aaaeda092
4
- data.tar.gz: a1b87d317cd78ce56d0140c8ea7adb3740ee212e7417b1dc12a1ad78512034f0
3
+ metadata.gz: 6e1b0e492dee111c834810de7850faa8a0bb5150e281d5eb32e8b44802f2be1f
4
+ data.tar.gz: 2c9c14aeb59e0d6c33b1630c5425529dff45624f9b1657390ae644dd8d0abbbf
5
5
  SHA512:
6
- metadata.gz: b1900e1ceba510ad0f73ed1c0a53265261f730c07af87f6731347a13e3d0ada91066fe138ce370a3ec997687188d56c880ad921d2839e1106dc146a02fd1dd03
7
- data.tar.gz: 42ef74f670779d88927c3426b6598b06fd77f057e41fe29a78b2976ed3007b6d085113ca3f7d23da0efd9989374cc50b0ef101a64e403b5338463e868f1dc594
6
+ metadata.gz: 821283e91686501710d6146944b8b10f559cd7ed9e0084edfc5176027083c24b26918a273c823f5fd829f575d5e1a29ead356db403307ba0e36147de30e9e3de
7
+ data.tar.gz: 768791aeb20b739bd36d4b788164f5d9e11f096879b7ac517cc4fbaa81462f58e1e1cb1d03a8fce5183b0af4da2ac5458a482dc31ee36cc6d5bf09697300c5ef
data/lib/dependabot/dependency.rb CHANGED
@@ -41,7 +41,7 @@ module Dependabot
41
41
 
42
42
  def initialize(name:, requirements:, package_manager:, version: nil,
43
43
  previous_version: nil, previous_requirements: nil,
44
- subdependency_metadata: [])
44
+ subdependency_metadata: [], removed: false)
45
45
  @name = name
46
46
  @version = version
47
47
  @requirements = requirements.map { |req| symbolize_keys(req) }
@@ -53,6 +53,7 @@ module Dependabot
53
53
  @subdependency_metadata = subdependency_metadata&.
54
54
  map { |h| symbolize_keys(h) }
55
55
  end
56
+ @removed = removed
56
57
 
57
58
  check_values
58
59
  end
@@ -61,6 +62,10 @@ module Dependabot
61
62
  requirements.any?
62
63
  end
63
64
 
65
+ def removed?
66
+ @removed
67
+ end
68
+
64
69
  def to_h
65
70
  {
66
71
  "name" => name,
@@ -69,7 +74,8 @@ module Dependabot
69
74
  "previous_version" => previous_version,
70
75
  "previous_requirements" => previous_requirements,
71
76
  "package_manager" => package_manager,
72
- "subdependency_metadata" => subdependency_metadata
77
+ "subdependency_metadata" => subdependency_metadata,
78
+ "removed" => removed? ? true : nil
73
79
  }.compact
74
80
  end
75
81
 
data/lib/dependabot/file_updaters/vendor_updater.rb CHANGED
@@ -18,9 +18,7 @@ module Dependabot
18
18
  return [] unless repo_contents_path && vendor_dir
19
19
 
20
20
  Dir.chdir(repo_contents_path) do
21
- relative_dir = Pathname.new(vendor_dir).relative_path_from(
22
- repo_contents_path
23
- )
21
+ relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(vendor_dir)
24
22
 
25
23
  status = SharedHelpers.run_shell_command(
26
24
  "git status --untracked-files all --porcelain v1 #{relative_dir}"
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -293,10 +293,14 @@ module Dependabot
293
293
  return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
294
294
 
295
295
  dependencies.map do |dep|
296
- "\n\nUpdates `#{dep.display_name}` "\
297
- "#{from_version_msg(previous_version(dep))}to "\
298
- "#{new_version(dep)}"\
299
- "#{metadata_links_for_dep(dep)}"
296
+ if dep.removed?
297
+ "\n\nRemoves `#{dep.display_name}`"
298
+ else
299
+ "\n\nUpdates `#{dep.display_name}` "\
300
+ "#{from_version_msg(previous_version(dep))}to "\
301
+ "#{new_version(dep)}"\
302
+ "#{metadata_links_for_dep(dep)}"
303
+ end
300
304
  end.join
301
305
  end
302
306
 
@@ -313,9 +317,13 @@ module Dependabot
313
317
  return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
314
318
 
315
319
  dependencies.map do |dep|
316
- msg = "\nUpdates `#{dep.display_name}` "\
317
- "#{from_version_msg(previous_version(dep))}"\
318
- "to #{new_version(dep)}"
320
+ msg = if dep.removed?
321
+ "\nRemoves `#{dep.display_name}`"
322
+ else
323
+ "\nUpdates `#{dep.display_name}` "\
324
+ "#{from_version_msg(previous_version(dep))}"\
325
+ "to #{new_version(dep)}"
326
+ end
319
327
 
320
328
  if vulnerabilities_fixed[dep.name]&.one?
321
329
  msg += " **This update includes a security fix.**"
@@ -328,6 +336,8 @@ module Dependabot
328
336
  end
329
337
 
330
338
  def metadata_cascades_for_dep(dependency)
339
+ return "" if dependency.removed?
340
+
331
341
  MetadataPresenter.new(
332
342
  dependency: dependency,
333
343
  source: source,
data/lib/dependabot/pull_request_updater/azure.rb CHANGED
@@ -11,16 +11,17 @@ module Dependabot
11
11
  OBJECT_ID_FOR_BRANCH_DELETE = "0000000000000000000000000000000000000000"
12
12
 
13
13
  attr_reader :source, :files, :base_commit, :old_commit, :credentials,
14
- :pull_request_number
14
+ :pull_request_number, :author_details
15
15
 
16
16
  def initialize(source:, files:, base_commit:, old_commit:,
17
- credentials:, pull_request_number:)
17
+ credentials:, pull_request_number:, author_details: nil)
18
18
  @source = source
19
19
  @files = files
20
20
  @base_commit = base_commit
21
21
  @old_commit = old_commit
22
22
  @credentials = credentials
23
23
  @pull_request_number = pull_request_number
24
+ @author_details = author_details
24
25
  end
25
26
 
26
27
  def update
@@ -74,12 +75,15 @@ module Dependabot
74
75
  end
75
76
 
76
77
  def create_temp_branch
78
+ author = author_details&.slice(:name, :email, :date)
79
+ author = nil unless author&.any?
80
+
77
81
  response = azure_client_for_source.create_commit(
78
82
  temp_branch_name,
79
83
  base_commit,
80
84
  commit_message,
81
85
  files,
82
- nil
86
+ author
83
87
  )
84
88
 
85
89
  JSON.parse(response.body).fetch("refUpdates").first.fetch("newObjectId")
data/lib/dependabot/security_advisory.rb CHANGED
@@ -62,6 +62,9 @@ module Dependabot
62
62
  # Ignore deps that weren't previously vulnerable
63
63
  return false unless affects_version?(dependency.previous_version)
64
64
 
65
+ # Removing a dependency is a way to fix the vulnerability
66
+ return true if dependency.removed?
67
+
65
68
  # Select deps that are now fixed
66
69
  !affects_version?(dependency.version)
67
70
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.208.0"
4
+ VERSION = "0.211.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.208.0
4
+ version: 0.211.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-16 00:00:00.000000000 Z
11
+ date: 2022-08-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -98,20 +98,20 @@ dependencies:
98
98
  requirements:
99
99
  - - "~>"
100
100
  - !ruby/object:Gem::Version
101
- version: '1.7'
101
+ version: '1.11'
102
102
  - - ">="
103
103
  - !ruby/object:Gem::Version
104
- version: 1.7.1
104
+ version: 1.11.0
105
105
  type: :runtime
106
106
  prerelease: false
107
107
  version_requirements: !ruby/object:Gem::Requirement
108
108
  requirements:
109
109
  - - "~>"
110
110
  - !ruby/object:Gem::Version
111
- version: '1.7'
111
+ version: '1.11'
112
112
  - - ">="
113
113
  - !ruby/object:Gem::Version
114
- version: 1.7.1
114
+ version: 1.11.0
115
115
  - !ruby/object:Gem::Dependency
116
116
  name: excon
117
117
  requirement: !ruby/object:Gem::Requirement
@@ -284,6 +284,20 @@ dependencies:
284
284
  - - "~>"
285
285
  - !ruby/object:Gem::Version
286
286
  version: '2.0'
287
+ - !ruby/object:Gem::Dependency
288
+ name: parallel_tests
289
+ requirement: !ruby/object:Gem::Requirement
290
+ requirements:
291
+ - - "~>"
292
+ - !ruby/object:Gem::Version
293
+ version: 3.11.1
294
+ type: :development
295
+ prerelease: false
296
+ version_requirements: !ruby/object:Gem::Requirement
297
+ requirements:
298
+ - - "~>"
299
+ - !ruby/object:Gem::Version
300
+ version: 3.11.1
287
301
  - !ruby/object:Gem::Dependency
288
302
  name: rake
289
303
  requirement: !ruby/object:Gem::Requirement
@@ -332,14 +346,14 @@ dependencies:
332
346
  requirements:
333
347
  - - "~>"
334
348
  - !ruby/object:Gem::Version
335
- version: 1.33.0
349
+ version: 1.35.1
336
350
  type: :development
337
351
  prerelease: false
338
352
  version_requirements: !ruby/object:Gem::Requirement
339
353
  requirements:
340
354
  - - "~>"
341
355
  - !ruby/object:Gem::Version
342
- version: 1.33.0
356
+ version: 1.35.1
343
357
  - !ruby/object:Gem::Dependency
344
358
  name: ruby-debug-ide
345
359
  requirement: !ruby/object:Gem::Requirement