dependabot-common 0.215.0 → 0.216.0

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -22,7 +22,6 @@ module Dependabot
 
         def commits_url
           return unless source
-          return if source.provider == "azure" # TODO: Fetch Azure commits
           return if source.provider == "codecommit" # TODO: Fetch Codecommit commits
 
           path =
@@ -30,6 +29,7 @@ module Dependabot
             when "github" then github_compare_path(new_tag, previous_tag)
             when "bitbucket" then bitbucket_compare_path(new_tag, previous_tag)
             when "gitlab" then gitlab_compare_path(new_tag, previous_tag)
+            when "azure" then azure_compare_path(new_tag, previous_tag)
             else raise "Unexpected source provider '#{source.provider}'"
             end
 
@@ -44,7 +44,7 @@ module Dependabot
           when "github" then fetch_github_commits
           when "bitbucket" then fetch_bitbucket_commits
           when "gitlab" then fetch_gitlab_commits
-          when "azure" then [] # TODO: Fetch Azure commits
+          when "azure" then fetch_azure_commits
           when "codecommit" then [] # TODO: Fetch Codecommit commits
           else raise "Unexpected source provider '#{source.provider}'"
           end
@@ -216,6 +216,18 @@ module Dependabot
           end
         end
 
+        def azure_compare_path(new_tag, previous_tag)
+          # GC for commits, GT for tags, and GB for branches
+          type = git_sha?(new_tag) ? "GC" : "GT"
+          if new_tag && previous_tag
+            "branchCompare?baseVersion=#{type}#{previous_tag}&targetVersion=#{type}#{new_tag}"
+          elsif new_tag
+            "commits?itemVersion=#{type}#{new_tag}"
+          else
+            "commits"
+          end
+        end
+
         def fetch_github_commits
           commits =
             begin
@@ -282,6 +294,26 @@ module Dependabot
           []
         end
 
+        def fetch_azure_commits
+          type = git_sha?(new_tag) ? "commit" : "tag"
+          azure_client.
+            compare(previous_tag, new_tag, type).
+            map do |commit|
+            {
+              message: commit["comment"],
+              sha: commit["commitId"],
+              html_url: commit["remoteUrl"]
+            }
+          end
+        rescue Dependabot::Clients::Azure::NotFound,
+               Dependabot::Clients::Azure::Unauthorized,
+               Dependabot::Clients::Azure::Forbidden,
+               Excon::Error::Server,
+               Excon::Error::Socket,
+               Excon::Error::Timeout
+          []
+        end
+
         def gitlab_client
           @gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
                              for_gitlab_dot_com(credentials: credentials)
@@ -289,7 +321,12 @@ module Dependabot
 
         def github_client
           @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_github_dot_com(credentials: credentials)
+                             for_source(source: source, credentials: credentials)
+        end
+
+        def azure_client
+          @azure_client ||= Dependabot::Clients::Azure.
+                            for_source(source: source, credentials: credentials)
         end
 
         def bitbucket_client

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -300,7 +300,7 @@ module Dependabot
 
         def github_client
           @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_github_dot_com(credentials: credentials)
+                             for_source(source: source, credentials: credentials)
         end
       end
     end

data/lib/dependabot/pull_request_creator/branch_namer/group_rule_strategy.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Dependabot
+  class PullRequestCreator
+    class BranchNamer
+      class GroupRuleStrategy
+        def initialize(dependencies:, files:, target_branch:, group_rule:,
+                       separator: "/", prefix: "dependabot", max_length: nil)
+          @dependencies  = dependencies
+          @files         = files
+          @target_branch = target_branch
+          @group_rule    = group_rule
+          @separator     = separator
+          @prefix        = prefix
+          @max_length    = max_length
+        end
+
+        def new_branch_name
+          group_rule.name
+        end
+
+        private
+
+        attr_reader :group_rule
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb

@@ -0,0 +1,208 @@
+# frozen_string_literal: true
+
+require "digest"
+
+require "dependabot/metadata_finders"
+
+module Dependabot
+  class PullRequestCreator
+    class BranchNamer
+      class SoloStrategy
+        attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length
+
+        def initialize(dependencies:, files:, target_branch:, separator: "/",
+                       prefix: "dependabot", max_length: nil)
+          @dependencies  = dependencies
+          @files         = files
+          @target_branch = target_branch
+          @separator     = separator
+          @prefix        = prefix
+          @max_length    = max_length
+        end
+
+        def new_branch_name
+          @name ||=
+            begin
+              dependency_name_part =
+                if dependencies.count > 1 && updating_a_property?
+                  property_name
+                elsif dependencies.count > 1 && updating_a_dependency_set?
+                  dependency_set.fetch(:group)
+                else
+                  dependencies.
+                    map(&:name).
+                    join("-and-").
+                    tr(":[]", "-").
+                    tr("@", "")
+                end
+
+              "#{dependency_name_part}-#{branch_version_suffix}"
+            end
+
+          # Some users need branch names without slashes
+          sanitized_name = sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
+
+          # Shorten the ref in case users refs have length limits
+          if @max_length && (sanitized_name.length > @max_length)
+            sha = Digest::SHA1.hexdigest(sanitized_name)[0, @max_length]
+            sanitized_name[[@max_length - sha.size, 0].max..] = sha
+          end
+
+          sanitized_name
+        end
+
+        private
+
+        def prefixes
+          [
+            prefix,
+            package_manager,
+            files.first.directory.tr(" ", "-"),
+            target_branch
+          ].compact
+        end
+
+        def package_manager
+          dependencies.first.package_manager
+        end
+
+        def updating_a_property?
+          dependencies.first.
+            requirements.
+            any? { |r| r.dig(:metadata, :property_name) }
+        end
+
+        def updating_a_dependency_set?
+          dependencies.first.
+            requirements.
+            any? { |r| r.dig(:metadata, :dependency_set) }
+        end
+
+        def property_name
+          @property_name ||= dependencies.first.requirements.
+                             find { |r| r.dig(:metadata, :property_name) }&.
+                             dig(:metadata, :property_name)
+
+          raise "No property name!" unless @property_name
+
+          @property_name
+        end
+
+        def dependency_set
+          @dependency_set ||= dependencies.first.requirements.
+                              find { |r| r.dig(:metadata, :dependency_set) }&.
+                              dig(:metadata, :dependency_set)
+
+          raise "No dependency set!" unless @dependency_set
+
+          @dependency_set
+        end
+
+        def branch_version_suffix
+          dep = dependencies.first
+
+          if dep.removed?
+            "-removed"
+          elsif library? && ref_changed?(dep) && new_ref(dep)
+            new_ref(dep)
+          elsif library?
+            sanitized_requirement(dep)
+          else
+            new_version(dep)
+          end
+        end
+
+        def sanitized_requirement(dependency)
+          new_library_requirement(dependency).
+            delete(" ").
+            gsub("!=", "neq-").
+            gsub(">=", "gte-").
+            gsub("<=", "lte-").
+            gsub("~>", "tw-").
+            gsub("^", "tw-").
+            gsub("||", "or-").
+            gsub("~", "approx-").
+            gsub("~=", "tw-").
+            gsub(/==*/, "eq-").
+            gsub(">", "gt-").
+            gsub("<", "lt-").
+            gsub("*", "star").
+            gsub(",", "-and-")
+        end
+
+        def new_version(dependency)
+          # Version looks like a git SHA and we could be updating to a specific
+          # ref in which case we return that otherwise we return a shorthand sha
+          if dependency.version.match?(/^[0-9a-f]{40}$/)
+            return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
+
+            dependency.version[0..6]
+          elsif dependency.version == dependency.previous_version &&
+                package_manager == "docker"
+            dependency.requirements.
+              filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
+              first.split(":").last[0..6]
+          else
+            dependency.version
+          end
+        end
+
+        def previous_ref(dependency)
+          previous_refs = dependency.previous_requirements.filter_map do |r|
+            r.dig(:source, "ref") || r.dig(:source, :ref)
+          end.uniq
+          return previous_refs.first if previous_refs.count == 1
+        end
+
+        def new_ref(dependency)
+          new_refs = dependency.requirements.filter_map do |r|
+            r.dig(:source, "ref") || r.dig(:source, :ref)
+          end.uniq
+          return new_refs.first if new_refs.count == 1
+        end
+
+        def ref_changed?(dependency)
+          # We could go from multiple previous refs (nil) to a single new ref
+          previous_ref(dependency) != new_ref(dependency)
+        end
+
+        def new_library_requirement(dependency)
+          updated_reqs =
+            dependency.requirements - dependency.previous_requirements
+
+          gemspec =
+            updated_reqs.find { |r| r[:file].match?(%r{^[^/]*\.gemspec$}) }
+          return gemspec[:requirement] if gemspec
+
+          updated_reqs.first[:requirement]
+        end
+
+        # TODO: Bring this in line with existing library checks that we do in the
+        # update checkers, which are also overriden by passing an explicit
+        # `requirements_update_strategy`.
+        #
+        # TODO re-use in MessageBuilder
+        def library?
+          dependencies.any? { |d| !d.appears_in_lockfile? }
+        end
+
+        def requirements_changed?(dependency)
+          (dependency.requirements - dependency.previous_requirements).any?
+        end
+
+        def sanitize_ref(ref)
+          # This isn't a complete implementation of git's ref validation, but it
+          # covers most cases that crop up. Its list of allowed characters is a
+          # bit stricter than git's, but that's for cosmetic reasons.
+          ref.
+            # Remove forbidden characters (those not already replaced elsewhere)
+            gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
+            # Slashes can't be followed by periods
+            gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
+            # Trailing periods are forbidden
+            sub(/\.$/, "")
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -4,203 +4,52 @@ require "digest"
 
 require "dependabot/metadata_finders"
 require "dependabot/pull_request_creator"
+require "dependabot/pull_request_creator/branch_namer/solo_strategy"
 
 module Dependabot
   class PullRequestCreator
     class BranchNamer
-      attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length
+      attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :group_rule
 
-      def initialize(dependencies:, files:, target_branch:, separator: "/",
-                     prefix: "dependabot", max_length: nil)
+      def initialize(dependencies:, files:, target_branch:, group_rule: nil,
+                     separator: "/", prefix: "dependabot", max_length: nil)
         @dependencies  = dependencies
         @files         = files
         @target_branch = target_branch
+        @group_rule    = group_rule
         @separator     = separator
         @prefix        = prefix
         @max_length    = max_length
       end
 
       def new_branch_name
-        @name ||=
-          begin
-            dependency_name_part =
-              if dependencies.count > 1 && updating_a_property?
-                property_name
-              elsif dependencies.count > 1 && updating_a_dependency_set?
-                dependency_set.fetch(:group)
-              else
-                dependencies.
-                  map(&:name).
-                  join("-and-").
-                  tr(":[]", "-").
-                  tr("@", "")
-              end
-
-            "#{dependency_name_part}-#{branch_version_suffix}"
-          end
-
-        # Some users need branch names without slashes
-        sanitized_name = sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
-
-        # Shorten the ref in case users refs have length limits
-        if @max_length && (sanitized_name.length > @max_length)
-          sha = Digest::SHA1.hexdigest(sanitized_name)[0, @max_length]
-          sanitized_name[[@max_length - sha.size, 0].max..] = sha
-        end
-
-        sanitized_name
+        strategy.new_branch_name
       end
 
       private
 
-      def prefixes
-        [
-          prefix,
-          package_manager,
-          files.first.directory.tr(" ", "-"),
-          target_branch
-        ].compact
-      end
-
-      def package_manager
-        dependencies.first.package_manager
-      end
-
-      def updating_a_property?
-        dependencies.first.
-          requirements.
-          any? { |r| r.dig(:metadata, :property_name) }
-      end
-
-      def updating_a_dependency_set?
-        dependencies.first.
-          requirements.
-          any? { |r| r.dig(:metadata, :dependency_set) }
-      end
-
-      def property_name
-        @property_name ||= dependencies.first.requirements.
-                           find { |r| r.dig(:metadata, :property_name) }&.
-                           dig(:metadata, :property_name)
-
-        raise "No property name!" unless @property_name
-
-        @property_name
-      end
-
-      def dependency_set
-        @dependency_set ||= dependencies.first.requirements.
-                            find { |r| r.dig(:metadata, :dependency_set) }&.
-                            dig(:metadata, :dependency_set)
-
-        raise "No dependency set!" unless @dependency_set
-
-        @dependency_set
-      end
-
-      def branch_version_suffix
-        dep = dependencies.first
-
-        if dep.removed?
-          "-removed"
-        elsif library? && ref_changed?(dep) && new_ref(dep)
-          new_ref(dep)
-        elsif library?
-          sanitized_requirement(dep)
-        else
-          new_version(dep)
-        end
-      end
-
-      def sanitized_requirement(dependency)
-        new_library_requirement(dependency).
-          delete(" ").
-          gsub("!=", "neq-").
-          gsub(">=", "gte-").
-          gsub("<=", "lte-").
-          gsub("~>", "tw-").
-          gsub("^", "tw-").
-          gsub("||", "or-").
-          gsub("~", "approx-").
-          gsub("~=", "tw-").
-          gsub(/==*/, "eq-").
-          gsub(">", "gt-").
-          gsub("<", "lt-").
-          gsub("*", "star").
-          gsub(",", "-and-")
-      end
-
-      def new_version(dependency)
-        # Version looks like a git SHA and we could be updating to a specific
-        # ref in which case we return that otherwise we return a shorthand sha
-        if dependency.version.match?(/^[0-9a-f]{40}$/)
-          return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
-
-          dependency.version[0..6]
-        elsif dependency.version == dependency.previous_version &&
-              package_manager == "docker"
-          dependency.requirements.
-            filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
-            first.split(":").last[0..6]
-        else
-          dependency.version
-        end
-      end
-
-      def previous_ref(dependency)
-        previous_refs = dependency.previous_requirements.filter_map do |r|
-          r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.uniq
-        return previous_refs.first if previous_refs.count == 1
-      end
-
-      def new_ref(dependency)
-        new_refs = dependency.requirements.filter_map do |r|
-          r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.uniq
-        return new_refs.first if new_refs.count == 1
-      end
-
-      def ref_changed?(dependency)
-        # We could go from multiple previous refs (nil) to a single new ref
-        previous_ref(dependency) != new_ref(dependency)
-      end
-
-      def new_library_requirement(dependency)
-        updated_reqs =
-          dependency.requirements - dependency.previous_requirements
-
-        gemspec =
-          updated_reqs.find { |r| r[:file].match?(%r{^[^/]*\.gemspec$}) }
-        return gemspec[:requirement] if gemspec
-
-        updated_reqs.first[:requirement]
-      end
-
-      # TODO: Bring this in line with existing library checks that we do in the
-      # update checkers, which are also overriden by passing an explicit
-      # `requirements_update_strategy`.
-      #
-      # TODO re-use in MessageBuilder
-      def library?
-        dependencies.any? { |d| !d.appears_in_lockfile? }
-      end
-
-      def requirements_changed?(dependency)
-        (dependency.requirements - dependency.previous_requirements).any?
-      end
-
-      def sanitize_ref(ref)
-        # This isn't a complete implementation of git's ref validation, but it
-        # covers most cases that crop up. Its list of allowed characters is a
-        # bit stricter than git's, but that's for cosmetic reasons.
-        ref.
-          # Remove forbidden characters (those not already replaced elsewhere)
-          gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
-          # Slashes can't be followed by periods
-          gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
-          # Trailing periods are forbidden
-          sub(/\.$/, "")
+      def strategy
+        @strategy ||=
+          if group_rule.nil?
+            SoloStrategy.new(
+              dependencies: dependencies,
+              files: files,
+              target_branch: target_branch,
+              separator: separator,
+              prefix: prefix,
+              max_length: max_length
+            )
+          else
+            GroupRuleStrategy.new(
+              dependencies: dependencies,
+              files: files,
+              target_branch: target_branch,
+              group_rule: group_rule,
+              separator: separator,
+              prefix: prefix,
+              max_length: max_length
+            )
+          end
       end
     end
   end

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -174,7 +174,11 @@ module Dependabot
       end
 
       def default_labels_for_pr
-        if custom_labels then custom_labels & labels
+        if custom_labels
+          # Azure does not have centralised labels
+          return custom_labels if source.provider == "azure"
+
+          custom_labels & labels
         else
           [
             default_dependencies_label,

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -34,7 +34,7 @@ module Dependabot
           @github_redirection_service = github_redirection_service
         end
 
-        def sanitize_links_and_mentions(text:, unsafe: false)
+        def sanitize_links_and_mentions(text:, unsafe: false, format_html: true)
           doc = CommonMarker.render_doc(
             text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
           )
@@ -45,6 +45,8 @@ module Dependabot
           sanitize_nwo_text(doc)
 
           mode = unsafe ? :UNSAFE : :DEFAULT
+          return doc.to_commonmark([mode] + COMMONMARKER_OPTIONS) unless format_html
+
           doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
         end
 

data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb

@@ -247,7 +247,7 @@ module Dependabot
         def sanitize_links_and_mentions(text, unsafe: false)
           LinkAndMentionSanitizer.
             new(github_redirection_service: github_redirection_service).
-            sanitize_links_and_mentions(text: text, unsafe: unsafe)
+            sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
         end
 
         def sanitize_template_tags(text)