dependabot-common 0.215.0 → 0.216.0

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -26,7 +26,7 @@ module Dependabot
       def initialize(source:, dependencies:, files:, credentials:,
                      pr_message_header: nil, pr_message_footer: nil,
                      commit_message_options: {}, vulnerabilities_fixed: {},
-                     github_redirection_service:)
+                     github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE)
         @dependencies               = dependencies
         @files                      = files
         @source                     = source
@@ -110,18 +110,18 @@ module Dependabot
           if dependencies.count == 1
             dependency = dependencies.first
             "#{dependency.display_name} " \
-              "#{from_version_msg(previous_version(dependency))}" \
-              "to #{new_version(dependency)}"
+              "#{from_version_msg(dependency.humanized_previous_version)}" \
+              "to #{dependency.humanized_version}"
           elsif updating_a_property?
             dependency = dependencies.first
             "#{property_name} " \
-              "#{from_version_msg(previous_version(dependency))}" \
-              "to #{new_version(dependency)}"
+              "#{from_version_msg(dependency.humanized_previous_version)}" \
+              "to #{dependency.humanized_version}"
           elsif updating_a_dependency_set?
             dependency = dependencies.first
             "#{dependency_set.fetch(:group)} dependency set " \
-              "#{from_version_msg(previous_version(dependency))}" \
-              "to #{new_version(dependency)}"
+              "#{from_version_msg(dependency.humanized_previous_version)}" \
+              "to #{dependency.humanized_version}"
           else
             names = dependencies.map(&:name).uniq
             if names.count == 1
@@ -231,8 +231,8 @@ module Dependabot
 
         dependency = dependencies.first
         msg = "Bumps #{dependency_links.first} " \
-              "#{from_version_msg(previous_version(dependency))}" \
-              "to #{new_version(dependency)}."
+              "#{from_version_msg(dependency.humanized_previous_version)}" \
+              "to #{dependency.humanized_version}."
 
         msg += " This release includes the previously tagged commit." if switching_from_ref_to_release?(dependency)
 
@@ -252,16 +252,16 @@ module Dependabot
         dependency = dependencies.first
 
         "Bumps `#{property_name}` " \
-          "#{from_version_msg(previous_version(dependency))}" \
-          "to #{new_version(dependency)}."
+          "#{from_version_msg(dependency.humanized_previous_version)}" \
+          "to #{dependency.humanized_version}."
       end
 
       def dependency_set_intro
         dependency = dependencies.first
 
         "Bumps `#{dependency_set.fetch(:group)}` " \
-          "dependency set #{from_version_msg(previous_version(dependency))}" \
-          "to #{new_version(dependency)}."
+          "dependency set #{from_version_msg(dependency.humanized_previous_version)}" \
+          "to #{dependency.humanized_version}."
       end
 
       def multidependency_intro
@@ -273,7 +273,7 @@ module Dependabot
       def transitive_multidependency_intro
         dependency = dependencies.first
 
-        msg = "Bumps #{dependency_links[0]} to #{new_version(dependency)}"
+        msg = "Bumps #{dependency_links[0]} to #{dependency.humanized_version}"
 
         msg += if dependencies.count > 2
                  " and updates ancestor dependencies #{dependency_links[0..-2].join(', ')} " \
@@ -369,8 +369,8 @@ module Dependabot
             "\n\nRemoves `#{dep.display_name}`"
           else
             "\n\nUpdates `#{dep.display_name}` " \
-              "#{from_version_msg(previous_version(dep))}to " \
-              "#{new_version(dep)}" \
+              "#{from_version_msg(dep.humanized_previous_version)}to " \
+              "#{dep.humanized_version}" \
               "#{metadata_links_for_dep(dep)}"
           end
         end.join
@@ -393,8 +393,8 @@ module Dependabot
                   "\nRemoves `#{dep.display_name}`\n"
                 else
                   "\nUpdates `#{dep.display_name}` " \
-                    "#{from_version_msg(previous_version(dep))}" \
-                    "to #{new_version(dep)}"
+                    "#{from_version_msg(dep.humanized_previous_version)}" \
+                    "to #{dep.humanized_version}"
                 end
 
           if vulnerabilities_fixed[dep.name]&.one?
@@ -462,61 +462,6 @@ module Dependabot
           )
       end
 
-      def previous_version(dependency)
-        # If we don't have a previous version, we *may* still be able to figure
-        # one out if a ref was provided and has been changed (in which case the
-        # previous ref was essentially the version).
-        if dependency.previous_version.nil?
-          return ref_changed?(dependency) ? previous_ref(dependency) : nil
-        end
-
-        if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
-          return previous_ref(dependency) if ref_changed?(dependency) && previous_ref(dependency)
-
-          "`#{dependency.previous_version[0..6]}`"
-        elsif dependency.version == dependency.previous_version &&
-              package_manager == "docker"
-          digest = docker_digest_from_reqs(dependency.previous_requirements)
-          "`#{digest.split(':').last[0..6]}`"
-        else
-          dependency.previous_version
-        end
-      end
-
-      def new_version(dependency)
-        if dependency.version.match?(/^[0-9a-f]{40}$/)
-          return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
-
-          "`#{dependency.version[0..6]}`"
-        elsif dependency.version == dependency.previous_version &&
-              package_manager == "docker"
-          digest = docker_digest_from_reqs(dependency.requirements)
-          "`#{digest.split(':').last[0..6]}`"
-        else
-          dependency.version
-        end
-      end
-
-      def docker_digest_from_reqs(requirements)
-        requirements.
-          filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
-          first
-      end
-
-      def previous_ref(dependency)
-        previous_refs = dependency.previous_requirements.filter_map do |r|
-          r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.uniq
-        return previous_refs.first if previous_refs.count == 1
-      end
-
-      def new_ref(dependency)
-        new_refs = dependency.requirements.filter_map do |r|
-          r.dig(:source, "ref") || r.dig(:source, :ref)
-        end.uniq
-        return new_refs.first if new_refs.count == 1
-      end
-
       def old_library_requirement(dependency)
         old_reqs =
           dependency.previous_requirements - dependency.requirements
@@ -527,7 +472,7 @@ module Dependabot
 
         req = old_reqs.first.fetch(:requirement)
         return req if req
-        return previous_ref(dependency) if ref_changed?(dependency)
+        return dependency.previous_ref if dependency.ref_changed?
       end
 
       def new_library_requirement(dependency)
@@ -540,15 +485,11 @@ module Dependabot
 
         req = updated_reqs.first.fetch(:requirement)
         return req if req
-        return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
+        return dependency.new_ref if dependency.ref_changed? && dependency.new_ref
 
         raise "No new requirement!"
       end
 
-      def ref_changed?(dependency)
-        previous_ref(dependency) != new_ref(dependency)
-      end
-
       # TODO: Bring this in line with existing library checks that we do in the
       # update checkers, which are also overriden by passing an explicit
       # `requirements_update_strategy`.
@@ -560,12 +501,12 @@ module Dependabot
                      select { |p| Pathname.new(p).dirname.to_s == "." }
         return true if root_files.select { |nm| nm.end_with?(".gemspec") }.any?
 
-        dependencies.any? { |d| previous_version(d).nil? }
+        dependencies.any? { |d| d.humanized_previous_version.nil? }
       end
 
       def switching_from_ref_to_release?(dependency)
         unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
-               (dependency.previous_version.nil? && previous_ref(dependency))
+               (dependency.previous_version.nil? && dependency.previous_ref)
           return false
         end
 

data/lib/dependabot/pull_request_creator.rb

@@ -235,6 +235,7 @@ module Dependabot
           dependencies: dependencies,
           files: files,
           target_branch: source.branch,
+          group_rule: nil,
           separator: branch_name_separator,
           prefix: branch_name_prefix,
           max_length: branch_name_max_length

data/lib/dependabot/security_advisory.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "rubygems_version_patch"
+require "dependabot/version"
 
 module Dependabot
   class SecurityAdvisory

data/lib/dependabot/shared_helpers.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/notifications"
 require "digest"
 require "English"
 require "excon"
@@ -10,9 +9,10 @@ require "open3"
 require "shellwords"
 require "tmpdir"
 
+require "dependabot/simple_instrumentor"
 require "dependabot/utils"
 require "dependabot/errors"
-require "dependabot/version"
+require "dependabot"
 
 module Dependabot
   module SharedHelpers
@@ -97,6 +97,7 @@ module Dependabot
 
       if ENV["DEBUG_HELPERS"] == "true"
         puts env_cmd
+        puts function
         puts stdout
         puts stderr
       end
@@ -116,6 +117,8 @@ module Dependabot
         process_termsig: process.termsig
       }
 
+      check_out_of_memory_error(stderr, error_context)
+
       response = JSON.parse(stdout)
       return response["result"] if process.success?
 
@@ -134,6 +137,16 @@ module Dependabot
     end
     # rubocop:enable Metrics/MethodLength
 
+    def self.check_out_of_memory_error(stderr, error_context)
+      return unless stderr&.include?("JavaScript heap out of memory")
+
+      raise HelperSubprocessFailed.new(
+        message: "JavaScript heap out of memory",
+        error_class: "Dependabot::OutOfMemoryError",
+        error_context: error_context
+      )
+    end
+
     def self.excon_middleware
       Excon.defaults[:middlewares] +
         [Excon::Middleware::Decompress] +
@@ -151,7 +164,7 @@ module Dependabot
       options ||= {}
       headers = options.delete(:headers)
       {
-        instrumentor: ActiveSupport::Notifications,
+        instrumentor: Dependabot::SimpleInstrumentor,
         connect_timeout: 5,
         write_timeout: 5,
         read_timeout: 20,

data/lib/dependabot/simple_instrumentor.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module SimpleInstrumentor
+    class << self
+      attr_accessor :events, :subscribers
+
+      def subscribe(&block)
+        @subscribers ||= []
+        @subscribers << block
+      end
+
+      def instrument(name, params = {}, &block)
+        @subscribers&.each { |s| s.call(name, params) }
+        yield if block
+      end
+    end
+  end
+end

data/lib/dependabot/source.rb

@@ -5,7 +5,7 @@ module Dependabot
     GITHUB_SOURCE = %r{
       (?<provider>github)
       (?:\.com)[/:]
-      (?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)
+      (?<repo>[\w.-]+/(?:[\w.-])+)
       (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
     }x
 
@@ -14,28 +14,28 @@ module Dependabot
       (?<username>[^@]+@)*
       (?<host>[^/]+)
       [/:]
-      (?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)
+      (?<repo>[\w.-]+/(?:[\w.-])+)
       (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
     }x
 
     GITLAB_SOURCE = %r{
       (?<provider>gitlab)
       (?:\.com)[/:]
-      (?<repo>[^/]+/(?:(?!\.git)[^/])+((?!/tree|/blob/|/-)/[^/]+)?)
+      (?<repo>[^/]+/(?:[^/])+((?!/tree|/blob/|/-)/[^/]+)?)
       (?:(?:/tree|/blob)/(?<branch>[^/]+)/(?<directory>.*)[\#|/].*)?
     }x
 
     BITBUCKET_SOURCE = %r{
       (?<provider>bitbucket)
       (?:\.org)[/:]
-      (?<repo>[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)
+      (?<repo>[\w.-]+/(?:[\w.-])+)
       (?:(?:/src)/(?<branch>[^/]+)/(?<directory>.*)[\#|/])?
     }x
 
     AZURE_SOURCE = %r{
       (?<provider>azure)
       (?:\.com)[/:]
-      (?<repo>[\w.-]+/([\w.-]+/)?(?:_git/)(?:(?!\.git|\.\s)[\w.-])+)
+      (?<repo>[\w.-]+/([\w.-]+/)?(?:_git/)(?:[\w.-])+)
     }x
 
     CODECOMMIT_SOURCE = %r{
@@ -70,7 +70,7 @@ module Dependabot
 
       new(
         provider: captures.fetch("provider"),
-        repo: captures.fetch("repo"),
+        repo: captures.fetch("repo").delete_suffix(".git").delete_suffix("."),
         directory: captures.fetch("directory"),
         branch: captures.fetch("branch")
       )
@@ -87,7 +87,7 @@ module Dependabot
 
       new(
         provider: "github",
-        repo: captures.fetch("repo"),
+        repo: captures.fetch("repo").delete_suffix(".git").delete_suffix("."),
         directory: captures.fetch("directory"),
         branch: captures.fetch("branch"),
         hostname: captures.fetch("host"),

data/lib/dependabot/version.rb

@@ -1,5 +1,22 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.215.0"
+  class Version < Gem::Version
+    def initialize(version)
+      @original_version = version
+
+      super
+    end
+
+    # Opt-in to Rubygems 4 behavior
+    def self.correct?(version)
+      return false if version.nil?
+
+      version.to_s.match?(ANCHORED_VERSION_PATTERN)
+    end
+
+    def to_semver
+      @original_version
+    end
+  end
 end

data/lib/dependabot.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
+  VERSION = "0.216.0"
 end