dependabot-common 0.216.0 → 0.216.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/github_with_retries.rb +1 -1
- data/lib/dependabot/dependency.rb +5 -1
- data/lib/dependabot/dependency_group.rb +20 -0
- data/lib/dependabot/errors.rb +2 -2
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
- data/lib/dependabot/git_commit_checker.rb +2 -2
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +1 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +2 -4
- data/lib/dependabot/metadata_finders/base/release_finder.rb +1 -1
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +55 -0
- data/lib/dependabot/pull_request_creator/branch_namer.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +30 -23
- data/lib/dependabot/pull_request_creator.rb +6 -4
- data/lib/dependabot/update_checkers/base.rb +2 -2
- data/lib/dependabot.rb +1 -1
- data/lib/wildcard_matcher.rb +13 -0
- metadata +7 -6
- data/lib/dependabot/group_rule.rb +0 -11
- data/lib/dependabot/pull_request_creator/branch_namer/group_rule_strategy.rb +0 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b38a1d09ce4d017caa3e68544d16abb8052e27febb10b6c2aa48ea7689dd5dd
|
4
|
+
data.tar.gz: 6f1f21ff545f58a09a7dd238cf3a2fe56ca59ab29c6f51a9d7594762769ccf79
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ae81f98a72640e7ea5b5dd7d5f813ff8b32663a0269b9cd4b57bebfe74d5db654f4da4aa9d6bbfe8c0c6a64af78a7017bb29db0e646481a1c81d35b60f3f4ff0
|
7
|
+
data.tar.gz: 034a48105df2f2a2633944697a3339b08f4d6f4bdb2fe5f277926d38d7032d2fbb8d5c6878b926710d53f495d8d547165261faab818a70c143afb423af7fda2f
|
@@ -95,7 +95,7 @@ module Dependabot
|
|
95
95
|
c.proxy = ENV["HTTPS_PROXY"] if ENV["HTTPS_PROXY"]
|
96
96
|
end
|
97
97
|
|
98
|
-
|
98
|
+
args[:middleware] = Faraday::RackBuilder.new do |builder|
|
99
99
|
builder.use Faraday::Retry::Middleware, exceptions: RETRYABLE_ERRORS, max: max_retries || 3
|
100
100
|
|
101
101
|
Octokit::Default::MIDDLEWARE.handlers.each do |handler|
|
@@ -199,12 +199,16 @@ module Dependabot
|
|
199
199
|
self == other
|
200
200
|
end
|
201
201
|
|
202
|
-
|
202
|
+
def requirement_class
|
203
|
+
Utils.requirement_class_for_package_manager(package_manager)
|
204
|
+
end
|
203
205
|
|
204
206
|
def version_class
|
205
207
|
Utils.version_class_for_package_manager(package_manager)
|
206
208
|
end
|
207
209
|
|
210
|
+
private
|
211
|
+
|
208
212
|
def check_values
|
209
213
|
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
210
214
|
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "wildcard_matcher"
|
4
|
+
|
5
|
+
module Dependabot
|
6
|
+
class DependencyGroup
|
7
|
+
attr_reader :name, :rules, :dependencies
|
8
|
+
|
9
|
+
def initialize(name:, rules:)
|
10
|
+
@name = name
|
11
|
+
@rules = rules
|
12
|
+
@dependencies = []
|
13
|
+
end
|
14
|
+
|
15
|
+
def contains?(dependency)
|
16
|
+
@dependencies.include?(dependency) if @dependencies.any?
|
17
|
+
rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
data/lib/dependabot/errors.rb
CHANGED
@@ -80,7 +80,7 @@ module Dependabot
|
|
80
80
|
|
81
81
|
def initialize(file_path, msg = nil)
|
82
82
|
@file_path = file_path
|
83
|
-
super("#{file_path} not found"
|
83
|
+
super(msg || "#{file_path} not found")
|
84
84
|
end
|
85
85
|
|
86
86
|
def file_name
|
@@ -98,7 +98,7 @@ module Dependabot
|
|
98
98
|
|
99
99
|
def initialize(file_path, msg = nil)
|
100
100
|
@file_path = file_path
|
101
|
-
super(msg)
|
101
|
+
super(msg || "#{file_path} not parseable")
|
102
102
|
end
|
103
103
|
|
104
104
|
def file_name
|
@@ -459,11 +459,11 @@ module Dependabot
|
|
459
459
|
end
|
460
460
|
|
461
461
|
def version_class
|
462
|
-
@version_class ||=
|
462
|
+
@version_class ||= dependency.version_class
|
463
463
|
end
|
464
464
|
|
465
465
|
def requirement_class
|
466
|
-
@requirement_class ||=
|
466
|
+
@requirement_class ||= dependency.requirement_class
|
467
467
|
end
|
468
468
|
|
469
469
|
def local_repo_git_metadata_fetcher
|
@@ -341,13 +341,11 @@ module Dependabot
|
|
341
341
|
end
|
342
342
|
|
343
343
|
def version_class
|
344
|
-
|
344
|
+
dependency.version_class
|
345
345
|
end
|
346
346
|
|
347
347
|
def requirement_class
|
348
|
-
|
349
|
-
dependency.package_manager
|
350
|
-
)
|
348
|
+
dependency.requirement_class
|
351
349
|
end
|
352
350
|
|
353
351
|
def git_sha?(version)
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class PullRequestCreator
|
5
|
+
class BranchNamer
|
6
|
+
class DependencyGroupStrategy
|
7
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group:,
|
8
|
+
separator: "/", prefix: "dependabot", max_length: nil)
|
9
|
+
@dependencies = dependencies
|
10
|
+
@files = files
|
11
|
+
@target_branch = target_branch
|
12
|
+
@dependency_group = dependency_group
|
13
|
+
@separator = separator
|
14
|
+
@prefix = prefix
|
15
|
+
@max_length = max_length
|
16
|
+
end
|
17
|
+
|
18
|
+
# FIXME: Incorporate max_length truncation once we allow user config
|
19
|
+
#
|
20
|
+
# For now, we are using a placeholder DependencyGroup with a
|
21
|
+
# fixed-length name, so we can punt on handling truncation until
|
22
|
+
# we determine the strict validation rules for names
|
23
|
+
def new_branch_name
|
24
|
+
File.join(prefixes, dependency_group.name, prototype_suffix).gsub("/", separator)
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
attr_reader :dependencies, :dependency_group, :files, :target_branch, :separator, :prefix, :max_length
|
30
|
+
|
31
|
+
def prefixes
|
32
|
+
[
|
33
|
+
prefix,
|
34
|
+
package_manager,
|
35
|
+
directory,
|
36
|
+
target_branch
|
37
|
+
].compact
|
38
|
+
end
|
39
|
+
|
40
|
+
# FIXME: Remove once grouped PRs can supersede each other
|
41
|
+
def prototype_suffix
|
42
|
+
"prototype-#{Time.now.utc.to_i}"
|
43
|
+
end
|
44
|
+
|
45
|
+
def package_manager
|
46
|
+
dependencies.first.package_manager
|
47
|
+
end
|
48
|
+
|
49
|
+
def directory
|
50
|
+
files.first.directory.tr(" ", "-")
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -5,18 +5,19 @@ require "digest"
|
|
5
5
|
require "dependabot/metadata_finders"
|
6
6
|
require "dependabot/pull_request_creator"
|
7
7
|
require "dependabot/pull_request_creator/branch_namer/solo_strategy"
|
8
|
+
require "dependabot/pull_request_creator/branch_namer/dependency_group_strategy"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
class PullRequestCreator
|
11
12
|
class BranchNamer
|
12
|
-
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :
|
13
|
+
attr_reader :dependencies, :files, :target_branch, :separator, :prefix, :max_length, :dependency_group
|
13
14
|
|
14
|
-
def initialize(dependencies:, files:, target_branch:,
|
15
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group: nil,
|
15
16
|
separator: "/", prefix: "dependabot", max_length: nil)
|
16
17
|
@dependencies = dependencies
|
17
18
|
@files = files
|
18
19
|
@target_branch = target_branch
|
19
|
-
@
|
20
|
+
@dependency_group = dependency_group
|
20
21
|
@separator = separator
|
21
22
|
@prefix = prefix
|
22
23
|
@max_length = max_length
|
@@ -30,7 +31,7 @@ module Dependabot
|
|
30
31
|
|
31
32
|
def strategy
|
32
33
|
@strategy ||=
|
33
|
-
if
|
34
|
+
if dependency_group.nil?
|
34
35
|
SoloStrategy.new(
|
35
36
|
dependencies: dependencies,
|
36
37
|
files: files,
|
@@ -40,11 +41,11 @@ module Dependabot
|
|
40
41
|
max_length: max_length
|
41
42
|
)
|
42
43
|
else
|
43
|
-
|
44
|
+
DependencyGroupStrategy.new(
|
44
45
|
dependencies: dependencies,
|
45
46
|
files: files,
|
46
47
|
target_branch: target_branch,
|
47
|
-
|
48
|
+
dependency_group: dependency_group,
|
48
49
|
separator: separator,
|
49
50
|
prefix: prefix,
|
50
51
|
max_length: max_length
|
@@ -3,6 +3,7 @@
|
|
3
3
|
require "pathname"
|
4
4
|
require "dependabot/clients/github_with_retries"
|
5
5
|
require "dependabot/clients/gitlab_with_retries"
|
6
|
+
require "dependabot/dependency_group"
|
6
7
|
require "dependabot/logger"
|
7
8
|
require "dependabot/metadata_finders"
|
8
9
|
require "dependabot/pull_request_creator"
|
@@ -21,12 +22,13 @@ module Dependabot
|
|
21
22
|
attr_reader :source, :dependencies, :files, :credentials,
|
22
23
|
:pr_message_header, :pr_message_footer,
|
23
24
|
:commit_message_options, :vulnerabilities_fixed,
|
24
|
-
:github_redirection_service
|
25
|
+
:github_redirection_service, :dependency_group
|
25
26
|
|
26
27
|
def initialize(source:, dependencies:, files:, credentials:,
|
27
28
|
pr_message_header: nil, pr_message_footer: nil,
|
28
29
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
29
|
-
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE
|
30
|
+
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
31
|
+
dependency_group: nil)
|
30
32
|
@dependencies = dependencies
|
31
33
|
@files = files
|
32
34
|
@source = source
|
@@ -36,23 +38,17 @@ module Dependabot
|
|
36
38
|
@commit_message_options = commit_message_options
|
37
39
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
38
40
|
@github_redirection_service = github_redirection_service
|
41
|
+
@dependency_group = dependency_group
|
39
42
|
end
|
40
43
|
|
41
44
|
def pr_name
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
46
|
-
pr_name = ""
|
47
|
-
end
|
48
|
-
pr_name += library? ? library_pr_name : application_pr_name
|
49
|
-
return pr_name if files.first.directory == "/"
|
50
|
-
|
51
|
-
pr_name + " in #{files.first.directory}"
|
45
|
+
name = dependency_group ? group_pr_name : solo_pr_name
|
46
|
+
name[0] = name[0].capitalize if pr_name_prefixer.capitalize_first_word?
|
47
|
+
"#{pr_name_prefix}#{name}"
|
52
48
|
end
|
53
49
|
|
54
50
|
def pr_message
|
55
|
-
suffixed_pr_message_header + commit_message_intro +
|
51
|
+
suffixed_pr_message_header + commit_message_intro +
|
56
52
|
metadata_cascades + prefixed_pr_message_footer
|
57
53
|
rescue StandardError => e
|
58
54
|
Dependabot.logger.error("Error while generating PR message: #{e.message}")
|
@@ -82,11 +78,13 @@ module Dependabot
|
|
82
78
|
|
83
79
|
private
|
84
80
|
|
85
|
-
def
|
86
|
-
|
87
|
-
|
81
|
+
def solo_pr_name
|
82
|
+
name = library? ? library_pr_name : application_pr_name
|
83
|
+
"#{name}#{pr_name_directory}"
|
84
|
+
end
|
88
85
|
|
89
|
-
|
86
|
+
def library_pr_name
|
87
|
+
"update " +
|
90
88
|
if dependencies.count == 1
|
91
89
|
"#{dependencies.first.display_name} requirement " \
|
92
90
|
"#{from_version_msg(old_library_requirement(dependencies.first))}" \
|
@@ -101,12 +99,8 @@ module Dependabot
|
|
101
99
|
end
|
102
100
|
end
|
103
101
|
|
104
|
-
# rubocop:disable Metrics/AbcSize
|
105
102
|
def application_pr_name
|
106
|
-
|
107
|
-
pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
|
108
|
-
|
109
|
-
pr_name +
|
103
|
+
"bump " +
|
110
104
|
if dependencies.count == 1
|
111
105
|
dependency = dependencies.first
|
112
106
|
"#{dependency.display_name} " \
|
@@ -131,10 +125,23 @@ module Dependabot
|
|
131
125
|
end
|
132
126
|
end
|
133
127
|
end
|
134
|
-
|
128
|
+
|
129
|
+
def group_pr_name
|
130
|
+
updates = dependencies.map(&:name).uniq.count
|
131
|
+
"bump the #{dependency_group.name} group#{pr_name_directory} with #{updates} update#{'s' if updates > 1}"
|
132
|
+
end
|
135
133
|
|
136
134
|
def pr_name_prefix
|
137
135
|
pr_name_prefixer.pr_name_prefix
|
136
|
+
rescue StandardError => e
|
137
|
+
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
138
|
+
""
|
139
|
+
end
|
140
|
+
|
141
|
+
def pr_name_directory
|
142
|
+
return "" if files.first.directory == "/"
|
143
|
+
|
144
|
+
" in #{files.first.directory}"
|
138
145
|
end
|
139
146
|
|
140
147
|
def commit_subject
|
@@ -49,7 +49,7 @@ module Dependabot
|
|
49
49
|
:commit_message_options, :vulnerabilities_fixed,
|
50
50
|
:reviewers, :assignees, :milestone, :branch_name_separator,
|
51
51
|
:branch_name_prefix, :branch_name_max_length, :github_redirection_service,
|
52
|
-
:custom_headers, :provider_metadata
|
52
|
+
:custom_headers, :provider_metadata, :dependency_group
|
53
53
|
|
54
54
|
def initialize(source:, base_commit:, dependencies:, files:, credentials:,
|
55
55
|
pr_message_header: nil, pr_message_footer: nil,
|
@@ -61,7 +61,7 @@ module Dependabot
|
|
61
61
|
automerge_candidate: false,
|
62
62
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
63
63
|
custom_headers: nil, require_up_to_date_base: false,
|
64
|
-
provider_metadata: {}, message: nil)
|
64
|
+
provider_metadata: {}, message: nil, dependency_group: nil)
|
65
65
|
@dependencies = dependencies
|
66
66
|
@source = source
|
67
67
|
@base_commit = base_commit
|
@@ -87,6 +87,7 @@ module Dependabot
|
|
87
87
|
@require_up_to_date_base = require_up_to_date_base
|
88
88
|
@provider_metadata = provider_metadata
|
89
89
|
@message = message
|
90
|
+
@dependency_group = dependency_group
|
90
91
|
|
91
92
|
check_dependencies_have_previous_version
|
92
93
|
end
|
@@ -225,7 +226,8 @@ module Dependabot
|
|
225
226
|
pr_message_header: pr_message_header,
|
226
227
|
pr_message_footer: pr_message_footer,
|
227
228
|
vulnerabilities_fixed: vulnerabilities_fixed,
|
228
|
-
github_redirection_service: github_redirection_service
|
229
|
+
github_redirection_service: github_redirection_service,
|
230
|
+
dependency_group: dependency_group
|
229
231
|
)
|
230
232
|
end
|
231
233
|
|
@@ -235,7 +237,7 @@ module Dependabot
|
|
235
237
|
dependencies: dependencies,
|
236
238
|
files: files,
|
237
239
|
target_branch: source.branch,
|
238
|
-
|
240
|
+
dependency_group: dependency_group,
|
239
241
|
separator: branch_name_separator,
|
240
242
|
prefix: branch_name_prefix,
|
241
243
|
max_length: branch_name_max_length
|
@@ -113,11 +113,11 @@ module Dependabot
|
|
113
113
|
end
|
114
114
|
|
115
115
|
def version_class
|
116
|
-
|
116
|
+
dependency.version_class
|
117
117
|
end
|
118
118
|
|
119
119
|
def requirement_class
|
120
|
-
|
120
|
+
dependency.requirement_class
|
121
121
|
end
|
122
122
|
|
123
123
|
# For some languages, the manifest file may be constructed such that
|
data/lib/dependabot.rb
CHANGED
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class WildcardMatcher
|
4
|
+
def self.match?(wildcard_string, candidate_string)
|
5
|
+
return false unless wildcard_string && candidate_string
|
6
|
+
|
7
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*").
|
8
|
+
map { |p| Regexp.quote(p) }.
|
9
|
+
join(".*").gsub(/^a|a$/, "")
|
10
|
+
regex = /^#{regex_string}$/
|
11
|
+
regex.match?(candidate_string.downcase)
|
12
|
+
end
|
13
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.216.
|
4
|
+
version: 0.216.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-04-
|
11
|
+
date: 2023-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -318,14 +318,14 @@ dependencies:
|
|
318
318
|
requirements:
|
319
319
|
- - "~>"
|
320
320
|
- !ruby/object:Gem::Version
|
321
|
-
version: 1.
|
321
|
+
version: 1.50.0
|
322
322
|
type: :development
|
323
323
|
prerelease: false
|
324
324
|
version_requirements: !ruby/object:Gem::Requirement
|
325
325
|
requirements:
|
326
326
|
- - "~>"
|
327
327
|
- !ruby/object:Gem::Version
|
328
|
-
version: 1.
|
328
|
+
version: 1.50.0
|
329
329
|
- !ruby/object:Gem::Dependency
|
330
330
|
name: rubocop-performance
|
331
331
|
requirement: !ruby/object:Gem::Requirement
|
@@ -432,6 +432,7 @@ files:
|
|
432
432
|
- lib/dependabot/config/update_config.rb
|
433
433
|
- lib/dependabot/dependency.rb
|
434
434
|
- lib/dependabot/dependency_file.rb
|
435
|
+
- lib/dependabot/dependency_group.rb
|
435
436
|
- lib/dependabot/errors.rb
|
436
437
|
- lib/dependabot/experiments.rb
|
437
438
|
- lib/dependabot/file_fetchers.rb
|
@@ -447,7 +448,6 @@ files:
|
|
447
448
|
- lib/dependabot/file_updaters/vendor_updater.rb
|
448
449
|
- lib/dependabot/git_commit_checker.rb
|
449
450
|
- lib/dependabot/git_metadata_fetcher.rb
|
450
|
-
- lib/dependabot/group_rule.rb
|
451
451
|
- lib/dependabot/logger.rb
|
452
452
|
- lib/dependabot/metadata_finders.rb
|
453
453
|
- lib/dependabot/metadata_finders/README.md
|
@@ -460,7 +460,7 @@ files:
|
|
460
460
|
- lib/dependabot/pull_request_creator/azure.rb
|
461
461
|
- lib/dependabot/pull_request_creator/bitbucket.rb
|
462
462
|
- lib/dependabot/pull_request_creator/branch_namer.rb
|
463
|
-
- lib/dependabot/pull_request_creator/branch_namer/
|
463
|
+
- lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb
|
464
464
|
- lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb
|
465
465
|
- lib/dependabot/pull_request_creator/codecommit.rb
|
466
466
|
- lib/dependabot/pull_request_creator/commit_signer.rb
|
@@ -488,6 +488,7 @@ files:
|
|
488
488
|
- lib/dependabot/update_checkers/version_filters.rb
|
489
489
|
- lib/dependabot/utils.rb
|
490
490
|
- lib/dependabot/version.rb
|
491
|
+
- lib/wildcard_matcher.rb
|
491
492
|
homepage: https://github.com/dependabot/dependabot-core
|
492
493
|
licenses:
|
493
494
|
- Nonstandard
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Dependabot
|
4
|
-
class PullRequestCreator
|
5
|
-
class BranchNamer
|
6
|
-
class GroupRuleStrategy
|
7
|
-
def initialize(dependencies:, files:, target_branch:, group_rule:,
|
8
|
-
separator: "/", prefix: "dependabot", max_length: nil)
|
9
|
-
@dependencies = dependencies
|
10
|
-
@files = files
|
11
|
-
@target_branch = target_branch
|
12
|
-
@group_rule = group_rule
|
13
|
-
@separator = separator
|
14
|
-
@prefix = prefix
|
15
|
-
@max_length = max_length
|
16
|
-
end
|
17
|
-
|
18
|
-
def new_branch_name
|
19
|
-
group_rule.name
|
20
|
-
end
|
21
|
-
|
22
|
-
private
|
23
|
-
|
24
|
-
attr_reader :group_rule
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|