dependabot-common 0.216.1 → 0.216.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/github_with_retries.rb +1 -1
- data/lib/dependabot/dependency.rb +5 -1
- data/lib/dependabot/dependency_group.rb +9 -1
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
- data/lib/dependabot/git_commit_checker.rb +2 -2
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +1 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +2 -4
- data/lib/dependabot/metadata_finders/base/release_finder.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +29 -22
- data/lib/dependabot/pull_request_creator.rb +2 -1
- data/lib/dependabot/update_checkers/base.rb +2 -2
- data/lib/dependabot.rb +1 -1
- data/lib/wildcard_matcher.rb +13 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b38a1d09ce4d017caa3e68544d16abb8052e27febb10b6c2aa48ea7689dd5dd
|
|
4
|
+
data.tar.gz: 6f1f21ff545f58a09a7dd238cf3a2fe56ca59ab29c6f51a9d7594762769ccf79
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ae81f98a72640e7ea5b5dd7d5f813ff8b32663a0269b9cd4b57bebfe74d5db654f4da4aa9d6bbfe8c0c6a64af78a7017bb29db0e646481a1c81d35b60f3f4ff0
|
|
7
|
+
data.tar.gz: 034a48105df2f2a2633944697a3339b08f4d6f4bdb2fe5f277926d38d7032d2fbb8d5c6878b926710d53f495d8d547165261faab818a70c143afb423af7fda2f
|
|
@@ -95,7 +95,7 @@ module Dependabot
|
|
|
95
95
|
c.proxy = ENV["HTTPS_PROXY"] if ENV["HTTPS_PROXY"]
|
|
96
96
|
end
|
|
97
97
|
|
|
98
|
-
|
|
98
|
+
args[:middleware] = Faraday::RackBuilder.new do |builder|
|
|
99
99
|
builder.use Faraday::Retry::Middleware, exceptions: RETRYABLE_ERRORS, max: max_retries || 3
|
|
100
100
|
|
|
101
101
|
Octokit::Default::MIDDLEWARE.handlers.each do |handler|
|
|
@@ -199,12 +199,16 @@ module Dependabot
|
|
|
199
199
|
self == other
|
|
200
200
|
end
|
|
201
201
|
|
|
202
|
-
|
|
202
|
+
def requirement_class
|
|
203
|
+
Utils.requirement_class_for_package_manager(package_manager)
|
|
204
|
+
end
|
|
203
205
|
|
|
204
206
|
def version_class
|
|
205
207
|
Utils.version_class_for_package_manager(package_manager)
|
|
206
208
|
end
|
|
207
209
|
|
|
210
|
+
private
|
|
211
|
+
|
|
208
212
|
def check_values
|
|
209
213
|
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
|
210
214
|
|
|
@@ -1,12 +1,20 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "wildcard_matcher"
|
|
4
|
+
|
|
3
5
|
module Dependabot
|
|
4
6
|
class DependencyGroup
|
|
5
|
-
attr_reader :name, :rules
|
|
7
|
+
attr_reader :name, :rules, :dependencies
|
|
6
8
|
|
|
7
9
|
def initialize(name:, rules:)
|
|
8
10
|
@name = name
|
|
9
11
|
@rules = rules
|
|
12
|
+
@dependencies = []
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def contains?(dependency)
|
|
16
|
+
@dependencies.include?(dependency) if @dependencies.any?
|
|
17
|
+
rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
|
|
10
18
|
end
|
|
11
19
|
end
|
|
12
20
|
end
|
|
@@ -459,11 +459,11 @@ module Dependabot
|
|
|
459
459
|
end
|
|
460
460
|
|
|
461
461
|
def version_class
|
|
462
|
-
@version_class ||=
|
|
462
|
+
@version_class ||= dependency.version_class
|
|
463
463
|
end
|
|
464
464
|
|
|
465
465
|
def requirement_class
|
|
466
|
-
@requirement_class ||=
|
|
466
|
+
@requirement_class ||= dependency.requirement_class
|
|
467
467
|
end
|
|
468
468
|
|
|
469
469
|
def local_repo_git_metadata_fetcher
|
|
@@ -341,13 +341,11 @@ module Dependabot
|
|
|
341
341
|
end
|
|
342
342
|
|
|
343
343
|
def version_class
|
|
344
|
-
|
|
344
|
+
dependency.version_class
|
|
345
345
|
end
|
|
346
346
|
|
|
347
347
|
def requirement_class
|
|
348
|
-
|
|
349
|
-
dependency.package_manager
|
|
350
|
-
)
|
|
348
|
+
dependency.requirement_class
|
|
351
349
|
end
|
|
352
350
|
|
|
353
351
|
def git_sha?(version)
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require "pathname"
|
|
4
4
|
require "dependabot/clients/github_with_retries"
|
|
5
5
|
require "dependabot/clients/gitlab_with_retries"
|
|
6
|
+
require "dependabot/dependency_group"
|
|
6
7
|
require "dependabot/logger"
|
|
7
8
|
require "dependabot/metadata_finders"
|
|
8
9
|
require "dependabot/pull_request_creator"
|
|
@@ -21,12 +22,13 @@ module Dependabot
|
|
|
21
22
|
attr_reader :source, :dependencies, :files, :credentials,
|
|
22
23
|
:pr_message_header, :pr_message_footer,
|
|
23
24
|
:commit_message_options, :vulnerabilities_fixed,
|
|
24
|
-
:github_redirection_service
|
|
25
|
+
:github_redirection_service, :dependency_group
|
|
25
26
|
|
|
26
27
|
def initialize(source:, dependencies:, files:, credentials:,
|
|
27
28
|
pr_message_header: nil, pr_message_footer: nil,
|
|
28
29
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
|
29
|
-
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE
|
|
30
|
+
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
|
31
|
+
dependency_group: nil)
|
|
30
32
|
@dependencies = dependencies
|
|
31
33
|
@files = files
|
|
32
34
|
@source = source
|
|
@@ -36,19 +38,13 @@ module Dependabot
|
|
|
36
38
|
@commit_message_options = commit_message_options
|
|
37
39
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
|
38
40
|
@github_redirection_service = github_redirection_service
|
|
41
|
+
@dependency_group = dependency_group
|
|
39
42
|
end
|
|
40
43
|
|
|
41
44
|
def pr_name
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
|
46
|
-
pr_name = ""
|
|
47
|
-
end
|
|
48
|
-
pr_name += library? ? library_pr_name : application_pr_name
|
|
49
|
-
return pr_name if files.first.directory == "/"
|
|
50
|
-
|
|
51
|
-
pr_name + " in #{files.first.directory}"
|
|
45
|
+
name = dependency_group ? group_pr_name : solo_pr_name
|
|
46
|
+
name[0] = name[0].capitalize if pr_name_prefixer.capitalize_first_word?
|
|
47
|
+
"#{pr_name_prefix}#{name}"
|
|
52
48
|
end
|
|
53
49
|
|
|
54
50
|
def pr_message
|
|
@@ -82,11 +78,13 @@ module Dependabot
|
|
|
82
78
|
|
|
83
79
|
private
|
|
84
80
|
|
|
85
|
-
def
|
|
86
|
-
|
|
87
|
-
|
|
81
|
+
def solo_pr_name
|
|
82
|
+
name = library? ? library_pr_name : application_pr_name
|
|
83
|
+
"#{name}#{pr_name_directory}"
|
|
84
|
+
end
|
|
88
85
|
|
|
89
|
-
|
|
86
|
+
def library_pr_name
|
|
87
|
+
"update " +
|
|
90
88
|
if dependencies.count == 1
|
|
91
89
|
"#{dependencies.first.display_name} requirement " \
|
|
92
90
|
"#{from_version_msg(old_library_requirement(dependencies.first))}" \
|
|
@@ -101,12 +99,8 @@ module Dependabot
|
|
|
101
99
|
end
|
|
102
100
|
end
|
|
103
101
|
|
|
104
|
-
# rubocop:disable Metrics/AbcSize
|
|
105
102
|
def application_pr_name
|
|
106
|
-
|
|
107
|
-
pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
|
|
108
|
-
|
|
109
|
-
pr_name +
|
|
103
|
+
"bump " +
|
|
110
104
|
if dependencies.count == 1
|
|
111
105
|
dependency = dependencies.first
|
|
112
106
|
"#{dependency.display_name} " \
|
|
@@ -131,10 +125,23 @@ module Dependabot
|
|
|
131
125
|
end
|
|
132
126
|
end
|
|
133
127
|
end
|
|
134
|
-
|
|
128
|
+
|
|
129
|
+
def group_pr_name
|
|
130
|
+
updates = dependencies.map(&:name).uniq.count
|
|
131
|
+
"bump the #{dependency_group.name} group#{pr_name_directory} with #{updates} update#{'s' if updates > 1}"
|
|
132
|
+
end
|
|
135
133
|
|
|
136
134
|
def pr_name_prefix
|
|
137
135
|
pr_name_prefixer.pr_name_prefix
|
|
136
|
+
rescue StandardError => e
|
|
137
|
+
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
|
138
|
+
""
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def pr_name_directory
|
|
142
|
+
return "" if files.first.directory == "/"
|
|
143
|
+
|
|
144
|
+
" in #{files.first.directory}"
|
|
138
145
|
end
|
|
139
146
|
|
|
140
147
|
def commit_subject
|
|
@@ -226,7 +226,8 @@ module Dependabot
|
|
|
226
226
|
pr_message_header: pr_message_header,
|
|
227
227
|
pr_message_footer: pr_message_footer,
|
|
228
228
|
vulnerabilities_fixed: vulnerabilities_fixed,
|
|
229
|
-
github_redirection_service: github_redirection_service
|
|
229
|
+
github_redirection_service: github_redirection_service,
|
|
230
|
+
dependency_group: dependency_group
|
|
230
231
|
)
|
|
231
232
|
end
|
|
232
233
|
|
|
@@ -113,11 +113,11 @@ module Dependabot
|
|
|
113
113
|
end
|
|
114
114
|
|
|
115
115
|
def version_class
|
|
116
|
-
|
|
116
|
+
dependency.version_class
|
|
117
117
|
end
|
|
118
118
|
|
|
119
119
|
def requirement_class
|
|
120
|
-
|
|
120
|
+
dependency.requirement_class
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
# For some languages, the manifest file may be constructed such that
|
data/lib/dependabot.rb
CHANGED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class WildcardMatcher
|
|
4
|
+
def self.match?(wildcard_string, candidate_string)
|
|
5
|
+
return false unless wildcard_string && candidate_string
|
|
6
|
+
|
|
7
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*").
|
|
8
|
+
map { |p| Regexp.quote(p) }.
|
|
9
|
+
join(".*").gsub(/^a|a$/, "")
|
|
10
|
+
regex = /^#{regex_string}$/
|
|
11
|
+
regex.match?(candidate_string.downcase)
|
|
12
|
+
end
|
|
13
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.216.
|
|
4
|
+
version: 0.216.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-04-
|
|
11
|
+
date: 2023-04-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -488,6 +488,7 @@ files:
|
|
|
488
488
|
- lib/dependabot/update_checkers/version_filters.rb
|
|
489
489
|
- lib/dependabot/utils.rb
|
|
490
490
|
- lib/dependabot/version.rb
|
|
491
|
+
- lib/wildcard_matcher.rb
|
|
491
492
|
homepage: https://github.com/dependabot/dependabot-core
|
|
492
493
|
licenses:
|
|
493
494
|
- Nonstandard
|