dependabot-common 0.216.2 → 0.218.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b38a1d09ce4d017caa3e68544d16abb8052e27febb10b6c2aa48ea7689dd5dd
4
- data.tar.gz: 6f1f21ff545f58a09a7dd238cf3a2fe56ca59ab29c6f51a9d7594762769ccf79
3
+ metadata.gz: ae17b3827b4bf6723d7b236187ae554dca95b8c3954d85407e7396db327872c4
4
+ data.tar.gz: fdac2c829db67fcb54cf0f19282ba725ffba58fd38005e1132596862a0148a41
5
5
  SHA512:
6
- metadata.gz: ae81f98a72640e7ea5b5dd7d5f813ff8b32663a0269b9cd4b57bebfe74d5db654f4da4aa9d6bbfe8c0c6a64af78a7017bb29db0e646481a1c81d35b60f3f4ff0
7
- data.tar.gz: 034a48105df2f2a2633944697a3339b08f4d6f4bdb2fe5f277926d38d7032d2fbb8d5c6878b926710d53f495d8d547165261faab818a70c143afb423af7fda2f
6
+ metadata.gz: e49bc5f0106a4a7865f8426002345682789f282258112acf4a0fbdad1e540bd2cbc2801f452822131a7467556e75a3031d620ed26fa9a86a335528272edc774b
7
+ data.tar.gz: a73940ba5bb5ef5d08397a1999f6a6708c828d355c2f98f0ff47b365ff2e18d7d0ab60862289b1dcb2ff42b06f13fe5fe45ba9f53bb5f31aeab48be5b6db81d9
@@ -199,6 +199,10 @@ module Dependabot
199
199
  self == other
200
200
  end
201
201
 
202
+ def specific_requirements
203
+ requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
204
+ end
205
+
202
206
  def requirement_class
203
207
  Utils.requirement_class_for_package_manager(package_manager)
204
208
  end
@@ -16,5 +16,9 @@ module Dependabot
16
16
  @dependencies.include?(dependency) if @dependencies.any?
17
17
  rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
18
18
  end
19
+
20
+ def to_h
21
+ { "name" => name }
22
+ end
19
23
  end
20
24
  end
@@ -162,6 +162,24 @@ module Dependabot
162
162
  false
163
163
  end
164
164
 
165
+ def dependency_source_details
166
+ sources =
167
+ dependency.requirements.
168
+ map { |requirement| requirement.fetch(:source) }.uniq.compact.
169
+ select { |source| source[:type] == "git" }
170
+
171
+ return sources.first if sources.count <= 1
172
+
173
+ # If there are multiple source URLs, then it's unclear how we should
174
+ # proceed
175
+ raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
176
+
177
+ # Otherwise it's reasonable to take the first source and use that. This
178
+ # will happen if we have multiple git sources with difference references
179
+ # specified. In that case it's fine to update them all.
180
+ sources.first
181
+ end
182
+
165
183
  private
166
184
 
167
185
  attr_reader :dependency, :credentials, :ignored_versions
@@ -322,26 +340,6 @@ module Dependabot
322
340
  end
323
341
  end
324
342
 
325
- def dependency_source_details
326
- sources =
327
- dependency.requirements.
328
- map { |requirement| requirement.fetch(:source) }.uniq.compact.
329
- select { |source| source[:type] == "git" }
330
-
331
- return sources.first if sources.count <= 1
332
-
333
- # If there are multiple source types, or multiple source URLs, then it's
334
- # unclear how we should proceed
335
- if sources.map { |s| [s.fetch(:type), s.fetch(:url, nil)] }.uniq.count > 1
336
- raise "Multiple sources! #{sources.join(', ')}"
337
- end
338
-
339
- # Otherwise it's reasonable to take the first source and use that. This
340
- # will happen if we have multiple git sources with difference references
341
- # specified. In that case it's fine to update them all.
342
- sources.first
343
- end
344
-
345
343
  def ref_or_branch
346
344
  dependency_source_details.fetch(:ref) ||
347
345
  dependency_source_details.fetch(:branch)
@@ -108,7 +108,7 @@ module Dependabot
108
108
  service_pack_uri = uri
109
109
  service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
110
110
 
111
- env = { "PATH" => ENV.fetch("PATH", nil) }
111
+ env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
112
112
  command = "git ls-remote #{service_pack_uri}"
113
113
  command = SharedHelpers.escape_command(command)
114
114
 
@@ -20,9 +20,16 @@ module Dependabot
20
20
  def releases_url
21
21
  return unless source
22
22
 
23
+ # Azure does not provide tags via API, so we can't check whether
24
+ # there are any releases. So, optimistically return the tags location
25
+ return "#{source.url}/tags" if source.provider == "azure"
26
+
27
+ # If there are no releases, we won't be linking to the releases page
28
+ return unless all_releases.any?
29
+
23
30
  case source.provider
24
31
  when "github" then "#{source.url}/releases"
25
- when "gitlab", "azure" then "#{source.url}/tags"
32
+ when "gitlab" then "#{source.url}/tags"
26
33
  when "bitbucket", "codecommit" then nil
27
34
  else raise "Unexpected repo provider '#{source.provider}'"
28
35
  end
@@ -21,7 +21,7 @@ module Dependabot
21
21
  # fixed-length name, so we can punt on handling truncation until
22
22
  # we determine the strict validation rules for names
23
23
  def new_branch_name
24
- File.join(prefixes, dependency_group.name, prototype_suffix).gsub("/", separator)
24
+ File.join(prefixes, timestamped_group_name).gsub("/", separator)
25
25
  end
26
26
 
27
27
  private
@@ -37,9 +37,11 @@ module Dependabot
37
37
  ].compact
38
38
  end
39
39
 
40
- # FIXME: Remove once grouped PRs can supersede each other
41
- def prototype_suffix
42
- "prototype-#{Time.now.utc.to_i}"
40
+ # When superseding a grouped update pull request, we will have a period
41
+ # of time when there are two branches for the group so we use a timestamp
42
+ # to avoid collisions.
43
+ def timestamped_group_name
44
+ "#{dependency_group.name}-#{Time.now.utc.to_i}"
43
45
  end
44
46
 
45
47
  def package_manager
@@ -222,9 +222,12 @@ module Dependabot
222
222
  msg + "to permit the latest version."
223
223
  end
224
224
 
225
+ # rubocop:disable Metrics/CyclomaticComplexity
225
226
  # rubocop:disable Metrics/PerceivedComplexity
226
227
  # rubocop:disable Metrics/AbcSize
227
228
  def version_commit_message_intro
229
+ return group_intro if dependency_group
230
+
228
231
  return multidependency_property_intro if dependencies.count > 1 && updating_a_property?
229
232
 
230
233
  return dependency_set_intro if dependencies.count > 1 && updating_a_dependency_set?
@@ -251,7 +254,7 @@ module Dependabot
251
254
 
252
255
  msg
253
256
  end
254
-
257
+ # rubocop:enable Metrics/CyclomaticComplexity
255
258
  # rubocop:enable Metrics/PerceivedComplexity
256
259
  # rubocop:enable Metrics/AbcSize
257
260
 
@@ -309,6 +312,19 @@ module Dependabot
309
312
  msg
310
313
  end
311
314
 
315
+ def group_intro
316
+ update_count = dependencies.map(&:name).uniq.count
317
+
318
+ msg = "Bumps the #{dependency_group.name} group#{pr_name_directory} with #{update_count} update"
319
+ msg += if update_count > 1
320
+ "s: #{dependency_links[0..-2].join(', ')} and #{dependency_links[-1]}."
321
+ else
322
+ ": #{dependency_links.first}."
323
+ end
324
+
325
+ msg
326
+ end
327
+
312
328
  def from_version_msg(previous_version)
313
329
  return "" unless previous_version
314
330
 
@@ -357,14 +373,19 @@ module Dependabot
357
373
  end
358
374
 
359
375
  def dependency_links
360
- dependencies.map do |dependency|
361
- if source_url(dependency)
362
- "[#{dependency.display_name}](#{source_url(dependency)})"
363
- elsif homepage_url(dependency)
364
- "[#{dependency.display_name}](#{homepage_url(dependency)})"
365
- else
366
- dependency.display_name
367
- end
376
+ return @dependency_links if defined?(@dependency_links)
377
+
378
+ uniq_deps = dependencies.each_with_object({}) { |dep, memo| memo[dep.name] ||= dep }.values
379
+ @dependency_links = uniq_deps.map { |dep| dependency_link(dep) }
380
+ end
381
+
382
+ def dependency_link(dependency)
383
+ if source_url(dependency)
384
+ "[#{dependency.display_name}](#{source_url(dependency)})"
385
+ elsif homepage_url(dependency)
386
+ "[#{dependency.display_name}](#{homepage_url(dependency)})"
387
+ else
388
+ dependency.display_name
368
389
  end
369
390
  end
370
391
 
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.216.2"
4
+ VERSION = "0.218.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.216.2
4
+ version: 0.218.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-20 00:00:00.000000000 Z
11
+ date: 2023-05-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -84,14 +84,14 @@ dependencies:
84
84
  requirements:
85
85
  - - "~>"
86
86
  - !ruby/object:Gem::Version
87
- version: '1.14'
87
+ version: 1.14.0
88
88
  type: :runtime
89
89
  prerelease: false
90
90
  version_requirements: !ruby/object:Gem::Requirement
91
91
  requirements:
92
92
  - - "~>"
93
93
  - !ruby/object:Gem::Version
94
- version: '1.14'
94
+ version: 1.14.0
95
95
  - !ruby/object:Gem::Dependency
96
96
  name: excon
97
97
  requirement: !ruby/object:Gem::Requirement
@@ -208,6 +208,20 @@ dependencies:
208
208
  - - "<"
209
209
  - !ruby/object:Gem::Version
210
210
  version: '4.0'
211
+ - !ruby/object:Gem::Dependency
212
+ name: psych
213
+ requirement: !ruby/object:Gem::Requirement
214
+ requirements:
215
+ - - "~>"
216
+ - !ruby/object:Gem::Version
217
+ version: '5.0'
218
+ type: :runtime
219
+ prerelease: false
220
+ version_requirements: !ruby/object:Gem::Requirement
221
+ requirements:
222
+ - - "~>"
223
+ - !ruby/object:Gem::Version
224
+ version: '5.0'
211
225
  - !ruby/object:Gem::Dependency
212
226
  name: toml-rb
213
227
  requirement: !ruby/object:Gem::Requirement
@@ -493,8 +507,8 @@ homepage: https://github.com/dependabot/dependabot-core
493
507
  licenses:
494
508
  - Nonstandard
495
509
  metadata:
496
- issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
497
- changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
510
+ bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
511
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.218.0
498
512
  post_install_message:
499
513
  rdoc_options: []
500
514
  require_paths: