dependabot-common 0.212.0 → 0.214.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5242196cd22b0092cbdaaf08f6d5ce3f4249d1eeccedada949822b0b14657e9c
-  data.tar.gz: f47437aa525423bdbb507dfa5b0978863e41f3010682ed1c6f321d2ac67efea9
+  metadata.gz: 1fab7bc375e03e37b65e94e3e05e7c9ad945d982295b6c9a030083ed038dbaf3
+  data.tar.gz: 9924a1980357d1833988bd19a8119a05162a28cc20cbdf157626744ef93be0ba
 SHA512:
-  metadata.gz: cad3f4c8848f45b07d7769bdf4a1b351e3cca4f921bb449cee629ddffc3c579df3b1dfc9343ecfdabd1192d1f1e207e82f8af0c8ee0f142af5856e5bee769d0e
-  data.tar.gz: c564e966eba317b8b5e61bf4d82df255248ee4932711d85854e38e843ce0f26d0dc22a649cb7e2f475e01f2b0fd61dce160a46a5ecdc0cbe61d560fd5b004587
+  metadata.gz: 88069b0acbe42180a064046ab55cba565da0f9a3e00d40582a3fb406aee9e3b357cf8e3bdf34dc84da959c931c1519a87e02022e994baf947193f7d6fb949be8
+  data.tar.gz: 785cddd10adbed3413e7fdfcbfcc9b5fa00fde7a55f6e171db0c62f4e4a9f17000dc06d7e4c75d312fda6c7801e9fa6428642ea2b3473dc1b4d7f14e0a660bff

data/lib/dependabot/clients/azure.rb

@@ -172,7 +172,8 @@ module Dependabot
 
       # rubocop:disable Metrics/ParameterLists
       def create_pull_request(pr_name, source_branch, target_branch,
-                              pr_description, labels, work_item = nil)
+                              pr_description, labels,
+                              reviewers = nil, assignees = nil, work_item = nil)
         pr_description = truncate_pr_description(pr_description)
 
         content = {
@@ -181,6 +182,7 @@ module Dependabot
           title: pr_name,
           description: pr_description,
           labels: labels.map { |label| { name: label } },
+          reviewers: pr_reviewers(reviewers, assignees),
           workItemRefs: [{ id: work_item }]
         }
 
@@ -324,6 +326,13 @@ module Dependabot
         message&.include?("TF401289")
       end
 
+      def pr_reviewers(reviewers, assignees)
+        return [] unless reviewers || assignees
+
+        pr_reviewers = reviewers&.map { |r_id| { id: r_id, isRequired: true } } || []
+        pr_reviewers + (assignees&.map { |r_id| { id: r_id, isRequired: false } } || [])
+      end
+
       attr_reader :auth_header
       attr_reader :credentials
       attr_reader :source

data/lib/dependabot/clients/bitbucket.rb

@@ -12,6 +12,8 @@ module Dependabot
 
       class Forbidden < StandardError; end
 
+      class TimedOut < StandardError; end
+
       #######################
       # Constructor methods #
       #######################
@@ -79,19 +81,24 @@ module Dependabot
         JSON.parse(response.body)
       end
 
-      def pull_requests(repo, source_branch, target_branch)
-        pr_path = "#{repo}/pullrequests"
-        # Get pull requests with any status
-        pr_path += "?status=OPEN&status=MERGED&status=DECLINED&status=SUPERSEDED"
+      def pull_requests(repo, source_branch, target_branch, status = %w(OPEN MERGED DECLINED SUPERSEDED))
+        pr_path = "#{repo}/pullrequests?"
+        # Get pull requests with given status
+        status.each { |n| pr_path += "status=#{n}&" }
         next_page_url = base_url + pr_path
         pull_requests = paginate({ "next" => next_page_url })
 
         pull_requests unless source_branch && target_branch
 
         pull_requests.select do |pr|
-          pr_source_branch = pr.fetch("source").fetch("branch").fetch("name")
+          if source_branch.nil?
+            source_branch_matches = true
+          else
+            pr_source_branch = pr.fetch("source").fetch("branch").fetch("name")
+            source_branch_matches = pr_source_branch == source_branch
+          end
           pr_target_branch = pr.fetch("destination").fetch("branch").fetch("name")
-          pr_source_branch == source_branch && pr_target_branch == target_branch
+          source_branch_matches && pr_target_branch == target_branch
         end
       end
 
@@ -106,8 +113,7 @@ module Dependabot
         }
 
         files.each do |file|
-          absolute_path = file.name.start_with?("/") ? file.name : "/" + file.name
-          parameters[absolute_path] = file.content
+          parameters[file.path] = file.content
         end
 
         body = encode_form_parameters(parameters)
@@ -144,7 +150,31 @@ module Dependabot
       end
       # rubocop:enable Metrics/ParameterLists
 
+      def decline_pull_request(repo, pr_id, comment = nil)
+        # https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/
+        decline_path = "#{repo}/pullrequests/#{pr_id}/decline"
+        post(base_url + decline_path, "")
+
+        comment = "Dependabot declined the pull request." if comment.nil?
+
+        content = {
+          content: {
+            raw: comment
+          }
+        }
+
+        comment_path = "#{repo}/pullrequests/#{pr_id}/comments"
+        post(base_url + comment_path, content.to_json)
+      end
+
+      def current_user
+        base_url = "https://api.bitbucket.org/2.0/user?fields=uuid"
+        response = get(base_url)
+        JSON.parse(response.body).fetch("uuid")
+      end
+
       def default_reviewers(repo)
+        current_uuid = current_user
         path = "#{repo}/default-reviewers?pagelen=100&fields=values.uuid,next"
         reviewers_url = base_url + path
 
@@ -153,7 +183,7 @@ module Dependabot
         reviewer_data = []
 
         default_reviewers.each do |reviewer|
-          reviewer_data.append({ uuid: reviewer.fetch("uuid") })
+          reviewer_data.append({ uuid: reviewer.fetch("uuid") }) unless current_uuid == reviewer.fetch("uuid")
         end
 
         reviewer_data
@@ -198,6 +228,14 @@ module Dependabot
       end
 
       def post(url, body, content_type = "application/json")
+        headers = auth_header
+
+        headers = if body.empty?
+                    headers.merge({ "Accept" => "application/json" })
+                  else
+                    headers.merge({ "Content-Type" => content_type })
+                  end
+
         response = Excon.post(
           url,
           body: body,
@@ -205,16 +243,13 @@ module Dependabot
           password: credentials&.fetch("password", nil),
           idempotent: false,
           **SharedHelpers.excon_defaults(
-            headers: auth_header.merge(
-              {
-                "Content-Type" => content_type
-              }
-            )
+            headers: headers
           )
         )
         raise Unauthorized if response.status == 401
         raise Forbidden if response.status == 403
         raise NotFound if response.status == 404
+        raise TimedOut if response.status == 555
 
         response
       end

data/lib/dependabot/clients/github_with_retries.rb

@@ -84,7 +84,16 @@ module Dependabot
         access_tokens << nil if access_tokens.empty?
         access_tokens.uniq!
 
-        @max_retries = max_retries || 3
+        Octokit.middleware = Faraday::RackBuilder.new do |builder|
+          builder.use Faraday::Retry::Middleware, exceptions: RETRYABLE_ERRORS, max: max_retries || 3
+
+          Octokit::Default::MIDDLEWARE.handlers.each do |handler|
+            next if handler.klass == Faraday::Retry::Middleware
+
+            builder.use handler.klass
+          end
+        end
+
         @clients = access_tokens.map do |token|
           Octokit::Client.new(args.merge(access_token: token))
         end
@@ -95,13 +104,11 @@ module Dependabot
         client = untried_clients.pop
 
         begin
-          retry_connection_failures do
-            if client.respond_to?(method_name)
-              mutatable_args = args.map(&:dup)
-              client.public_send(method_name, *mutatable_args, &block)
-            else
-              super
-            end
+          if client.respond_to?(method_name)
+            mutatable_args = args.map(&:dup)
+            client.public_send(method_name, *mutatable_args, &block)
+          else
+            super
           end
         rescue Octokit::NotFound, Octokit::Unauthorized, Octokit::Forbidden
           raise unless (client = untried_clients.pop)
@@ -113,17 +120,6 @@ module Dependabot
       def respond_to_missing?(method_name, include_private = false)
         @clients.first.respond_to?(method_name) || super
       end
-
-      def retry_connection_failures
-        retry_attempt = 0
-
-        begin
-          yield
-        rescue *RETRYABLE_ERRORS
-          retry_attempt += 1
-          retry_attempt <= @max_retries ? retry : raise
-        end
-      end
     end
   end
 end

data/lib/dependabot/config/file.rb

@@ -71,7 +71,7 @@ module Dependabot
         commit_message = cfg&.dig(:"commit-message") || {}
         Dependabot::Config::UpdateConfig::CommitMessageOptions.new(
           prefix: commit_message[:prefix],
-          prefix_development: commit_message[:"prefix-development"],
+          prefix_development: commit_message[:"prefix-development"] || commit_message[:prefix],
           include: commit_message[:include]
         )
       end

data/lib/dependabot/dependency.rb

@@ -37,11 +37,11 @@ module Dependabot
 
     attr_reader :name, :version, :requirements, :package_manager,
                 :previous_version, :previous_requirements,
-                :subdependency_metadata
+                :subdependency_metadata, :metadata
 
     def initialize(name:, requirements:, package_manager:, version: nil,
                    previous_version: nil, previous_requirements: nil,
-                   subdependency_metadata: [], removed: false)
+                   subdependency_metadata: [], removed: false, metadata: {})
       @name = name
       @version = version
       @requirements = requirements.map { |req| symbolize_keys(req) }
@@ -54,6 +54,7 @@ module Dependabot
                                   map { |h| symbolize_keys(h) }
       end
       @removed = removed
+      @metadata = symbolize_keys(metadata || {})
 
       check_values
     end
@@ -66,6 +67,10 @@ module Dependabot
       @removed
     end
 
+    def numeric_version
+      @numeric_version ||= version_class.new(version) if version && version_class.correct?(version)
+    end
+
     def to_h
       {
         "name" => name,
@@ -105,6 +110,22 @@ module Dependabot
       display_name_builder.call(name)
     end
 
+    # Returns all detected versions of the dependency. Only ecosystems that
+    # support this feature will return more than the current version.
+    def all_versions
+      all_versions = metadata[:all_versions]
+      return [version].compact unless all_versions
+
+      all_versions.filter_map(&:version)
+    end
+
+    # This dependency is being indirectly updated by an update to another
+    # dependency. We don't need to try and update it ourselves but want to
+    # surface it to the user in the PR.
+    def informational_only?
+      metadata[:information_only]
+    end
+
     def ==(other)
       other.instance_of?(self.class) && to_h == other.to_h
     end
@@ -119,6 +140,10 @@ module Dependabot
 
     private
 
+    def version_class
+      Utils.version_class_for_package_manager(package_manager)
+    end
+
     def check_values
       raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
 

data/lib/dependabot/dependency_file.rb

@@ -5,7 +5,7 @@ require "pathname"
 module Dependabot
   class DependencyFile
     attr_accessor :name, :content, :directory, :type, :support_file,
-                  :symlink_target, :content_encoding, :operation
+                  :symlink_target, :content_encoding, :operation, :mode
 
     class ContentEncoding
       UTF_8 = "utf-8"
@@ -20,7 +20,8 @@ module Dependabot
 
     def initialize(name:, content:, directory: "/", type: "file",
                    support_file: false, symlink_target: nil,
-                   content_encoding: ContentEncoding::UTF_8, deleted: false, operation: Operation::UPDATE)
+                   content_encoding: ContentEncoding::UTF_8, deleted: false,
+                   operation: Operation::UPDATE, mode: nil)
       @name = name
       @content = content
       @directory = clean_directory(directory)
@@ -40,6 +41,12 @@ module Dependabot
       # support_file flag instead)
       @type = type
 
+      begin
+        @mode = File.stat((symlink_target || path).sub(%r{^/}, "")).mode.to_s(8)
+      rescue StandardError
+        @mode = mode
+      end
+
       return unless (type == "symlink") ^ symlink_target
 
       raise "Symlinks must specify a target!" unless symlink_target
@@ -55,7 +62,8 @@ module Dependabot
         "support_file" => support_file,
         "content_encoding" => content_encoding,
         "deleted" => deleted,
-        "operation" => operation
+        "operation" => operation,
+        "mode" => mode
       }
 
       details["symlink_target"] = symlink_target if symlink_target

data/lib/dependabot/errors.rb

@@ -4,9 +4,9 @@ require "dependabot/utils"
 
 module Dependabot
   class DependabotError < StandardError
-    BASIC_AUTH_REGEX = %r{://(?<auth>[^:]*:[^@%\s]+(@|%40))}.freeze
+    BASIC_AUTH_REGEX = %r{://(?<auth>[^:]*:[^@%\s]+(@|%40))}
     # Remove any path segment from fury.io sources
-    FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}.freeze
+    FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}
 
     def initialize(message = nil)
       super(sanitize_message(message))
@@ -18,7 +18,7 @@ module Dependabot
       return message unless message.is_a?(String)
 
       path_regex =
-        Regexp.escape(Utils::BUMP_TMP_DIR_PATH) + "\/" +
+        Regexp.escape(Utils::BUMP_TMP_DIR_PATH) + "\\/" +
         Regexp.escape(Utils::BUMP_TMP_FILE_PREFIX) + "[a-zA-Z0-9-]*"
 
       message = message.gsub(/#{path_regex}/, "dependabot_tmp_dir").strip

data/lib/dependabot/experiments.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Experiments
+    @experiments = {}
+
+    def self.reset!
+      @experiments = {}
+    end
+
+    def self.register(name, value)
+      @experiments[name.to_sym] = value
+    end
+
+    def self.enabled?(name)
+      !!@experiments[name.to_sym]
+    end
+  end
+end