dependabot-common 0.216.2 → 0.218.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency.rb +4 -0
- data/lib/dependabot/dependency_group.rb +4 -0
- data/lib/dependabot/git_commit_checker.rb +18 -20
- data/lib/dependabot/git_metadata_fetcher.rb +1 -1
- data/lib/dependabot/metadata_finders/base/release_finder.rb +8 -1
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +6 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +30 -9
- data/lib/dependabot.rb +1 -1
- metadata +20 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae17b3827b4bf6723d7b236187ae554dca95b8c3954d85407e7396db327872c4
|
4
|
+
data.tar.gz: fdac2c829db67fcb54cf0f19282ba725ffba58fd38005e1132596862a0148a41
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e49bc5f0106a4a7865f8426002345682789f282258112acf4a0fbdad1e540bd2cbc2801f452822131a7467556e75a3031d620ed26fa9a86a335528272edc774b
|
7
|
+
data.tar.gz: a73940ba5bb5ef5d08397a1999f6a6708c828d355c2f98f0ff47b365ff2e18d7d0ab60862289b1dcb2ff42b06f13fe5fe45ba9f53bb5f31aeab48be5b6db81d9
|
@@ -199,6 +199,10 @@ module Dependabot
|
|
199
199
|
self == other
|
200
200
|
end
|
201
201
|
|
202
|
+
def specific_requirements
|
203
|
+
requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
|
204
|
+
end
|
205
|
+
|
202
206
|
def requirement_class
|
203
207
|
Utils.requirement_class_for_package_manager(package_manager)
|
204
208
|
end
|
@@ -162,6 +162,24 @@ module Dependabot
|
|
162
162
|
false
|
163
163
|
end
|
164
164
|
|
165
|
+
def dependency_source_details
|
166
|
+
sources =
|
167
|
+
dependency.requirements.
|
168
|
+
map { |requirement| requirement.fetch(:source) }.uniq.compact.
|
169
|
+
select { |source| source[:type] == "git" }
|
170
|
+
|
171
|
+
return sources.first if sources.count <= 1
|
172
|
+
|
173
|
+
# If there are multiple source URLs, then it's unclear how we should
|
174
|
+
# proceed
|
175
|
+
raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
|
176
|
+
|
177
|
+
# Otherwise it's reasonable to take the first source and use that. This
|
178
|
+
# will happen if we have multiple git sources with difference references
|
179
|
+
# specified. In that case it's fine to update them all.
|
180
|
+
sources.first
|
181
|
+
end
|
182
|
+
|
165
183
|
private
|
166
184
|
|
167
185
|
attr_reader :dependency, :credentials, :ignored_versions
|
@@ -322,26 +340,6 @@ module Dependabot
|
|
322
340
|
end
|
323
341
|
end
|
324
342
|
|
325
|
-
def dependency_source_details
|
326
|
-
sources =
|
327
|
-
dependency.requirements.
|
328
|
-
map { |requirement| requirement.fetch(:source) }.uniq.compact.
|
329
|
-
select { |source| source[:type] == "git" }
|
330
|
-
|
331
|
-
return sources.first if sources.count <= 1
|
332
|
-
|
333
|
-
# If there are multiple source types, or multiple source URLs, then it's
|
334
|
-
# unclear how we should proceed
|
335
|
-
if sources.map { |s| [s.fetch(:type), s.fetch(:url, nil)] }.uniq.count > 1
|
336
|
-
raise "Multiple sources! #{sources.join(', ')}"
|
337
|
-
end
|
338
|
-
|
339
|
-
# Otherwise it's reasonable to take the first source and use that. This
|
340
|
-
# will happen if we have multiple git sources with difference references
|
341
|
-
# specified. In that case it's fine to update them all.
|
342
|
-
sources.first
|
343
|
-
end
|
344
|
-
|
345
343
|
def ref_or_branch
|
346
344
|
dependency_source_details.fetch(:ref) ||
|
347
345
|
dependency_source_details.fetch(:branch)
|
@@ -108,7 +108,7 @@ module Dependabot
|
|
108
108
|
service_pack_uri = uri
|
109
109
|
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
|
110
110
|
|
111
|
-
env = { "PATH" => ENV.fetch("PATH", nil) }
|
111
|
+
env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
|
112
112
|
command = "git ls-remote #{service_pack_uri}"
|
113
113
|
command = SharedHelpers.escape_command(command)
|
114
114
|
|
@@ -20,9 +20,16 @@ module Dependabot
|
|
20
20
|
def releases_url
|
21
21
|
return unless source
|
22
22
|
|
23
|
+
# Azure does not provide tags via API, so we can't check whether
|
24
|
+
# there are any releases. So, optimistically return the tags location
|
25
|
+
return "#{source.url}/tags" if source.provider == "azure"
|
26
|
+
|
27
|
+
# If there are no releases, we won't be linking to the releases page
|
28
|
+
return unless all_releases.any?
|
29
|
+
|
23
30
|
case source.provider
|
24
31
|
when "github" then "#{source.url}/releases"
|
25
|
-
when "gitlab"
|
32
|
+
when "gitlab" then "#{source.url}/tags"
|
26
33
|
when "bitbucket", "codecommit" then nil
|
27
34
|
else raise "Unexpected repo provider '#{source.provider}'"
|
28
35
|
end
|
@@ -21,7 +21,7 @@ module Dependabot
|
|
21
21
|
# fixed-length name, so we can punt on handling truncation until
|
22
22
|
# we determine the strict validation rules for names
|
23
23
|
def new_branch_name
|
24
|
-
File.join(prefixes,
|
24
|
+
File.join(prefixes, timestamped_group_name).gsub("/", separator)
|
25
25
|
end
|
26
26
|
|
27
27
|
private
|
@@ -37,9 +37,11 @@ module Dependabot
|
|
37
37
|
].compact
|
38
38
|
end
|
39
39
|
|
40
|
-
#
|
41
|
-
|
42
|
-
|
40
|
+
# When superseding a grouped update pull request, we will have a period
|
41
|
+
# of time when there are two branches for the group so we use a timestamp
|
42
|
+
# to avoid collisions.
|
43
|
+
def timestamped_group_name
|
44
|
+
"#{dependency_group.name}-#{Time.now.utc.to_i}"
|
43
45
|
end
|
44
46
|
|
45
47
|
def package_manager
|
@@ -222,9 +222,12 @@ module Dependabot
|
|
222
222
|
msg + "to permit the latest version."
|
223
223
|
end
|
224
224
|
|
225
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
225
226
|
# rubocop:disable Metrics/PerceivedComplexity
|
226
227
|
# rubocop:disable Metrics/AbcSize
|
227
228
|
def version_commit_message_intro
|
229
|
+
return group_intro if dependency_group
|
230
|
+
|
228
231
|
return multidependency_property_intro if dependencies.count > 1 && updating_a_property?
|
229
232
|
|
230
233
|
return dependency_set_intro if dependencies.count > 1 && updating_a_dependency_set?
|
@@ -251,7 +254,7 @@ module Dependabot
|
|
251
254
|
|
252
255
|
msg
|
253
256
|
end
|
254
|
-
|
257
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
255
258
|
# rubocop:enable Metrics/PerceivedComplexity
|
256
259
|
# rubocop:enable Metrics/AbcSize
|
257
260
|
|
@@ -309,6 +312,19 @@ module Dependabot
|
|
309
312
|
msg
|
310
313
|
end
|
311
314
|
|
315
|
+
def group_intro
|
316
|
+
update_count = dependencies.map(&:name).uniq.count
|
317
|
+
|
318
|
+
msg = "Bumps the #{dependency_group.name} group#{pr_name_directory} with #{update_count} update"
|
319
|
+
msg += if update_count > 1
|
320
|
+
"s: #{dependency_links[0..-2].join(', ')} and #{dependency_links[-1]}."
|
321
|
+
else
|
322
|
+
": #{dependency_links.first}."
|
323
|
+
end
|
324
|
+
|
325
|
+
msg
|
326
|
+
end
|
327
|
+
|
312
328
|
def from_version_msg(previous_version)
|
313
329
|
return "" unless previous_version
|
314
330
|
|
@@ -357,14 +373,19 @@ module Dependabot
|
|
357
373
|
end
|
358
374
|
|
359
375
|
def dependency_links
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
376
|
+
return @dependency_links if defined?(@dependency_links)
|
377
|
+
|
378
|
+
uniq_deps = dependencies.each_with_object({}) { |dep, memo| memo[dep.name] ||= dep }.values
|
379
|
+
@dependency_links = uniq_deps.map { |dep| dependency_link(dep) }
|
380
|
+
end
|
381
|
+
|
382
|
+
def dependency_link(dependency)
|
383
|
+
if source_url(dependency)
|
384
|
+
"[#{dependency.display_name}](#{source_url(dependency)})"
|
385
|
+
elsif homepage_url(dependency)
|
386
|
+
"[#{dependency.display_name}](#{homepage_url(dependency)})"
|
387
|
+
else
|
388
|
+
dependency.display_name
|
368
389
|
end
|
369
390
|
end
|
370
391
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.218.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -84,14 +84,14 @@ dependencies:
|
|
84
84
|
requirements:
|
85
85
|
- - "~>"
|
86
86
|
- !ruby/object:Gem::Version
|
87
|
-
version:
|
87
|
+
version: 1.14.0
|
88
88
|
type: :runtime
|
89
89
|
prerelease: false
|
90
90
|
version_requirements: !ruby/object:Gem::Requirement
|
91
91
|
requirements:
|
92
92
|
- - "~>"
|
93
93
|
- !ruby/object:Gem::Version
|
94
|
-
version:
|
94
|
+
version: 1.14.0
|
95
95
|
- !ruby/object:Gem::Dependency
|
96
96
|
name: excon
|
97
97
|
requirement: !ruby/object:Gem::Requirement
|
@@ -208,6 +208,20 @@ dependencies:
|
|
208
208
|
- - "<"
|
209
209
|
- !ruby/object:Gem::Version
|
210
210
|
version: '4.0'
|
211
|
+
- !ruby/object:Gem::Dependency
|
212
|
+
name: psych
|
213
|
+
requirement: !ruby/object:Gem::Requirement
|
214
|
+
requirements:
|
215
|
+
- - "~>"
|
216
|
+
- !ruby/object:Gem::Version
|
217
|
+
version: '5.0'
|
218
|
+
type: :runtime
|
219
|
+
prerelease: false
|
220
|
+
version_requirements: !ruby/object:Gem::Requirement
|
221
|
+
requirements:
|
222
|
+
- - "~>"
|
223
|
+
- !ruby/object:Gem::Version
|
224
|
+
version: '5.0'
|
211
225
|
- !ruby/object:Gem::Dependency
|
212
226
|
name: toml-rb
|
213
227
|
requirement: !ruby/object:Gem::Requirement
|
@@ -493,8 +507,8 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
493
507
|
licenses:
|
494
508
|
- Nonstandard
|
495
509
|
metadata:
|
496
|
-
|
497
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/
|
510
|
+
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
511
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.218.0
|
498
512
|
post_install_message:
|
499
513
|
rdoc_options: []
|
500
514
|
require_paths:
|