dependabot-common 0.214.0 → 0.215.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/github_with_retries.rb +6 -1
  3. data/lib/dependabot/file_updaters/vendor_updater.rb +2 -1
  4. data/lib/dependabot/git_commit_checker.rb +5 -5
  5. data/lib/dependabot/shared_helpers.rb +6 -4
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1fab7bc375e03e37b65e94e3e05e7c9ad945d982295b6c9a030083ed038dbaf3
4
- data.tar.gz: 9924a1980357d1833988bd19a8119a05162a28cc20cbdf157626744ef93be0ba
3
+ metadata.gz: e671c74d96743b47570682e512064ebb84774d5b63ce1090278f34d0f6ea857d
4
+ data.tar.gz: 32956c64580c84d9592253981318c2e442511988e21887f5c3bb5757d95adb2f
5
5
  SHA512:
6
- metadata.gz: 88069b0acbe42180a064046ab55cba565da0f9a3e00d40582a3fb406aee9e3b357cf8e3bdf34dc84da959c931c1519a87e02022e994baf947193f7d6fb949be8
7
- data.tar.gz: 785cddd10adbed3413e7fdfcbfcc9b5fa00fde7a55f6e171db0c62f4e4a9f17000dc06d7e4c75d312fda6c7801e9fa6428642ea2b3473dc1b4d7f14e0a660bff
6
+ metadata.gz: 35725326642881096654be6bf9e0278555078763c4003a676fcea4ae55115ecda3358866398f39ca5e0626853070e177b827f90d3f63b4701db1092a3bacc948
7
+ data.tar.gz: efbfb8bf7609d0ddae2e9294fedbcfd592b016c41cede8010760c8bb81d32ed005fafac040b98f9222310a92bec2c4ce9ec0c0dacfb459309ac85ea3e001538c
data/lib/dependabot/clients/github_with_retries.rb CHANGED
@@ -6,16 +6,21 @@ module Dependabot
6
6
  module Clients
7
7
  class GithubWithRetries
8
8
  DEFAULT_OPEN_TIMEOUT_IN_SECONDS = 2
9
+ DEFAULT_READ_TIMEOUT_IN_SECONDS = 5
9
10
 
10
11
  def self.open_timeout_in_seconds
11
12
  ENV.fetch("DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS", DEFAULT_OPEN_TIMEOUT_IN_SECONDS).to_i
12
13
  end
13
14
 
15
+ def self.read_timeout_in_seconds
16
+ ENV.fetch("DEPENDABOT_READ_TIMEOUT_IN_SECONDS", DEFAULT_READ_TIMEOUT_IN_SECONDS).to_i
17
+ end
18
+
14
19
  DEFAULT_CLIENT_ARGS = {
15
20
  connection_options: {
16
21
  request: {
17
22
  open_timeout: open_timeout_in_seconds,
18
- timeout: 5
23
+ timeout: read_timeout_in_seconds
19
24
  }
20
25
  }
21
26
  }.freeze
data/lib/dependabot/file_updaters/vendor_updater.rb CHANGED
@@ -23,7 +23,8 @@ module Dependabot
23
23
  # rubocop:enable Performance/DeletePrefix
24
24
 
25
25
  status = SharedHelpers.run_shell_command(
26
- "git status --untracked-files all --porcelain v1 #{relative_dir}"
26
+ "git status --untracked-files all --porcelain v1 #{relative_dir}",
27
+ fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
27
28
  )
28
29
  changed_paths = status.split("\n").map(&:split)
29
30
  changed_paths.map do |type, path|
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -99,12 +99,10 @@ module Dependabot
99
99
  local_repo_git_metadata_fetcher.head_commit_for_ref(name)
100
100
  end
101
101
 
102
- def local_tag_for_latest_version_matching_existing_precision
103
- max_local_tag_for_current_precision(allowed_version_tags)
104
- end
105
-
106
102
  def local_ref_for_latest_version_matching_existing_precision
107
- max_local_tag_for_current_precision(allowed_version_refs)
103
+ allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
104
+
105
+ max_local_tag_for_current_precision(allowed_refs)
108
106
  end
109
107
 
110
108
  def local_tag_for_latest_version
@@ -151,6 +149,8 @@ module Dependabot
151
149
  end
152
150
 
153
151
  def local_tag_for_pinned_sha
152
+ return unless pinned_ref_looks_like_commit_sha?
153
+
154
154
  commit_sha = dependency_source_details.fetch(:ref)
155
155
  most_specific_version_tag_for_sha(commit_sha)
156
156
  end
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -59,12 +59,12 @@ module Dependabot
59
59
  super(message)
60
60
  @error_class = error_class || ""
61
61
  @error_context = error_context
62
- @command = error_context[:command]
62
+ @fingerprint = error_context[:fingerprint] || error_context[:command]
63
63
  @trace = trace
64
64
  end
65
65
 
66
66
  def raven_context
67
- { fingerprint: [@command], extra: @error_context }
67
+ { fingerprint: [@fingerprint], extra: @error_context.except(:stderr_output, :fingerprint) }
68
68
  end
69
69
  end
70
70
 
@@ -190,7 +190,8 @@ module Dependabot
190
190
  run_shell_command(
191
191
  "git config --global credential.helper " \
192
192
  "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
193
- allow_unsafe_shell_command: true
193
+ allow_unsafe_shell_command: true,
194
+ fingerprint: "git config --global credential.helper '<helper_command>'"
194
195
  )
195
196
 
196
197
  # see https://github.blog/2022-04-12-git-security-vulnerability-announced/
@@ -295,7 +296,7 @@ module Dependabot
295
296
  FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
296
297
  end
297
298
 
298
- def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {})
299
+ def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {}, fingerprint: nil)
299
300
  start = Time.now
300
301
  cmd = allow_unsafe_shell_command ? command : escape_command(command)
301
302
  stdout, process = Open3.capture2e(env || {}, cmd)
@@ -307,6 +308,7 @@ module Dependabot
307
308
 
308
309
  error_context = {
309
310
  command: cmd,
311
+ fingerprint: fingerprint,
310
312
  time_taken: time_taken,
311
313
  process_exit_value: process.to_s
312
314
  }
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.214.0"
4
+ VERSION = "0.215.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.214.0
4
+ version: 0.215.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-01 00:00:00.000000000 Z
11
+ date: 2022-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport