dependabot-common 0.218.0 → 0.220.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +15 -6
  3. data/lib/dependabot.rb +1 -1
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae17b3827b4bf6723d7b236187ae554dca95b8c3954d85407e7396db327872c4
4
- data.tar.gz: fdac2c829db67fcb54cf0f19282ba725ffba58fd38005e1132596862a0148a41
3
+ metadata.gz: ffac7b072d3084a0eaa087c7bf4cdf6bf8f180a7312a55bd99fd5648320bb38f
4
+ data.tar.gz: af8cb21616a02e1a3368ae839f591fd2dfed3154bd4b138fe13843447f9306d6
5
5
  SHA512:
6
- metadata.gz: e49bc5f0106a4a7865f8426002345682789f282258112acf4a0fbdad1e540bd2cbc2801f452822131a7467556e75a3031d620ed26fa9a86a335528272edc774b
7
- data.tar.gz: a73940ba5bb5ef5d08397a1999f6a6708c828d355c2f98f0ff47b365ff2e18d7d0ab60862289b1dcb2ff42b06f13fe5fe45ba9f53bb5f31aeab48be5b6db81d9
6
+ metadata.gz: 3073fb55361f0b46820a01071dc35e14fa91bdbbe653cd581256dde2889df9abeef87bd6787d5c32fd619aaa728736db98116dce9ca357d132e7814941f949dd
7
+ data.tar.gz: 3a1c6297dcd5425c3838550486066ece3ca2f89f7d1386adc0fa29e1afa681d17a0c30ed8fe987c672e25727af75319e072e1db4668fed0d35b4f4220457fdb9
data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb CHANGED
@@ -21,7 +21,7 @@ module Dependabot
21
21
  # fixed-length name, so we can punt on handling truncation until
22
22
  # we determine the strict validation rules for names
23
23
  def new_branch_name
24
- File.join(prefixes, timestamped_group_name).gsub("/", separator)
24
+ File.join(prefixes, group_name_with_dependency_digest).gsub("/", separator)
25
25
  end
26
26
 
27
27
  private
@@ -37,11 +37,20 @@ module Dependabot
37
37
  ].compact
38
38
  end
39
39
 
40
- # When superseding a grouped update pull request, we will have a period
41
- # of time when there are two branches for the group so we use a timestamp
42
- # to avoid collisions.
43
- def timestamped_group_name
44
- "#{dependency_group.name}-#{Time.now.utc.to_i}"
40
+ # Group pull requests will generally include too many dependencies to include
41
+ # in the branch name, but we rely on branch names being deterministic for a
42
+ # given set of dependency changes.
43
+ #
44
+ # Let's append a short hash digest of the dependency changes so that we can
45
+ # meet this guarantee.
46
+ def group_name_with_dependency_digest
47
+ "#{dependency_group.name}-#{dependency_digest}"
48
+ end
49
+
50
+ def dependency_digest
51
+ @dependency_digest ||= Digest::MD5.hexdigest(dependencies.map do |dependency|
52
+ "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
53
+ end.sort.join(",")).slice(0, 10)
45
54
  end
46
55
 
47
56
  def package_manager
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.218.0"
4
+ VERSION = "0.220.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.218.0
4
+ version: 0.220.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-22 00:00:00.000000000 Z
11
+ date: 2023-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -508,7 +508,7 @@ licenses:
508
508
  - Nonstandard
509
509
  metadata:
510
510
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
511
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.218.0
511
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.220.0
512
512
  post_install_message:
513
513
  rdoc_options: []
514
514
  require_paths: