dependabot-common 0.217.0 → 0.219.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d5abb76fb8627e0143acff75fd3b34d60e7ff6acb73d27bf78fffd4964f73ba
-  data.tar.gz: f2c88e753d1e7b7c7b3dea7e4f5b1b8ab9e432767789ec33a80616c125dbd2d2
+  metadata.gz: 9de5ea53359451b6552e39b450ef6c53c46d0d99becf02b15949e3af086f7ed8
+  data.tar.gz: aca210e308541379b560262139f618c9721ae905835607fe46425d1b4e702a5d
 SHA512:
-  metadata.gz: a787ec426a2d6c6c5728420e5af6d5284ee16f385977360a25b0b81a7afad39fb2a351b3f5b801e475a2ada914fc1e856e0c4de4579f8b4d4aece4f73a5f77d7
-  data.tar.gz: 39d1cfbc804401a119627f00f4ba56d188195cf9833c96104efcd3fdc041984145783934a52c44e0cce43d6475362c49ce1e8516815724af06675c6f91b1f85f
+  metadata.gz: a9c643d8050004fe119010919e4b6a08842ef454055332e4ca14c23f6398c05955d990d17e4d8e60f626a181eae4cb3dc8eab911c06752064de08ebcc88ff3e0
+  data.tar.gz: c7bfe1aad5c0231e4a02cb0003a83f133ad82e59cedc035aee9dc3f7ce4d1abbc5d133cd97be54a90c30171b34fc8ca51189fbc92a9d37f1f5ac37896c2c9b56

data/lib/dependabot/dependency.rb

@@ -199,6 +199,10 @@ module Dependabot
       self == other
     end
 
+    def specific_requirements
+      requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
+    end
+
     def requirement_class
       Utils.requirement_class_for_package_manager(package_manager)
     end

data/lib/dependabot/dependency_group.rb

@@ -16,5 +16,9 @@ module Dependabot
       @dependencies.include?(dependency) if @dependencies.any?
       rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
     end
+
+    def to_h
+      { "name" => name }
+    end
   end
 end

data/lib/dependabot/git_commit_checker.rb

@@ -162,6 +162,24 @@ module Dependabot
       false
     end
 
+    def dependency_source_details
+      sources =
+        dependency.requirements.
+        map { |requirement| requirement.fetch(:source) }.uniq.compact.
+        select { |source| source[:type] == "git" }
+
+      return sources.first if sources.count <= 1
+
+      # If there are multiple source URLs, then it's unclear how we should
+      # proceed
+      raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
+
+      # Otherwise it's reasonable to take the first source and use that. This
+      # will happen if we have multiple git sources with difference references
+      # specified. In that case it's fine to update them all.
+      sources.first
+    end
+
     private
 
     attr_reader :dependency, :credentials, :ignored_versions
@@ -322,26 +340,6 @@ module Dependabot
       end
     end
 
-    def dependency_source_details
-      sources =
-        dependency.requirements.
-        map { |requirement| requirement.fetch(:source) }.uniq.compact.
-        select { |source| source[:type] == "git" }
-
-      return sources.first if sources.count <= 1
-
-      # If there are multiple source types, or multiple source URLs, then it's
-      # unclear how we should proceed
-      if sources.map { |s| [s.fetch(:type), s.fetch(:url, nil)] }.uniq.count > 1
-        raise "Multiple sources! #{sources.join(', ')}"
-      end
-
-      # Otherwise it's reasonable to take the first source and use that. This
-      # will happen if we have multiple git sources with difference references
-      # specified. In that case it's fine to update them all.
-      sources.first
-    end
-
     def ref_or_branch
       dependency_source_details.fetch(:ref) ||
         dependency_source_details.fetch(:branch)

data/lib/dependabot/git_metadata_fetcher.rb

@@ -108,7 +108,7 @@ module Dependabot
       service_pack_uri = uri
       service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
 
-      env = { "PATH" => ENV.fetch("PATH", nil) }
+      env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
       command = "git ls-remote #{service_pack_uri}"
       command = SharedHelpers.escape_command(command)
 

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -20,9 +20,16 @@ module Dependabot
         def releases_url
           return unless source
 
+          # Azure does not provide tags via API, so we can't check whether
+          # there are any releases. So, optimistically return the tags location
+          return "#{source.url}/tags" if source.provider == "azure"
+
+          # If there are no releases, we won't be linking to the releases page
+          return unless all_releases.any?
+
           case source.provider
           when "github" then "#{source.url}/releases"
-          when "gitlab", "azure" then "#{source.url}/tags"
+          when "gitlab" then "#{source.url}/tags"
           when "bitbucket", "codecommit" then nil
           else raise "Unexpected repo provider '#{source.provider}'"
           end

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb

@@ -21,7 +21,7 @@ module Dependabot
         # fixed-length name, so we can punt on handling truncation until
         # we determine the strict validation rules for names
         def new_branch_name
-          File.join(prefixes, dependency_group.name, prototype_suffix).gsub("/", separator)
+          File.join(prefixes, timestamped_group_name).gsub("/", separator)
         end
 
         private
@@ -37,9 +37,11 @@ module Dependabot
           ].compact
         end
 
-        # FIXME: Remove once grouped PRs can supersede each other
-        def prototype_suffix
-          "prototype-#{Time.now.utc.to_i}"
+        # When superseding a grouped update pull request, we will have a period
+        # of time when there are two branches for the group so we use a timestamp
+        # to avoid collisions.
+        def timestamped_group_name
+          "#{dependency_group.name}-#{Time.now.utc.to_i}"
         end
 
         def package_manager

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -222,9 +222,12 @@ module Dependabot
         msg + "to permit the latest version."
       end
 
+      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       def version_commit_message_intro
+        return group_intro if dependency_group
+
         return multidependency_property_intro if dependencies.count > 1 && updating_a_property?
 
         return dependency_set_intro if dependencies.count > 1 && updating_a_dependency_set?
@@ -251,7 +254,7 @@ module Dependabot
 
         msg
       end
-
+      # rubocop:enable Metrics/CyclomaticComplexity
       # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Metrics/AbcSize
 
@@ -309,6 +312,19 @@ module Dependabot
         msg
       end
 
+      def group_intro
+        update_count = dependencies.map(&:name).uniq.count
+
+        msg = "Bumps the #{dependency_group.name} group#{pr_name_directory} with #{update_count} update"
+        msg += if update_count > 1
+                 "s: #{dependency_links[0..-2].join(', ')} and #{dependency_links[-1]}."
+               else
+                 ": #{dependency_links.first}."
+               end
+
+        msg
+      end
+
       def from_version_msg(previous_version)
         return "" unless previous_version
 
@@ -357,14 +373,19 @@ module Dependabot
       end
 
       def dependency_links
-        dependencies.map do |dependency|
-          if source_url(dependency)
-            "[#{dependency.display_name}](#{source_url(dependency)})"
-          elsif homepage_url(dependency)
-            "[#{dependency.display_name}](#{homepage_url(dependency)})"
-          else
-            dependency.display_name
-          end
+        return @dependency_links if defined?(@dependency_links)
+
+        uniq_deps = dependencies.each_with_object({}) { |dep, memo| memo[dep.name] ||= dep }.values
+        @dependency_links = uniq_deps.map { |dep| dependency_link(dep) }
+      end
+
+      def dependency_link(dependency)
+        if source_url(dependency)
+          "[#{dependency.display_name}](#{source_url(dependency)})"
+        elsif homepage_url(dependency)
+          "[#{dependency.display_name}](#{homepage_url(dependency)})"
+        else
+          dependency.display_name
         end
       end
 

data/lib/dependabot.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.217.0"
+  VERSION = "0.219.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.217.0
+  version: 0.219.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-24 00:00:00.000000000 Z
+date: 2023-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -84,14 +84,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: 1.14.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: 1.14.0
 - !ruby/object:Gem::Dependency
   name: excon
   requirement: !ruby/object:Gem::Requirement
@@ -507,8 +507,8 @@ homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
 metadata:
-  issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.219.0
 post_install_message: 
 rdoc_options: []
 require_paths: