RubyGems - dependabot-common - Versions diffs - 0.219.0 → 0.220.0 - Mend

dependabot-common 0.219.0 → 0.220.0

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +15 -6
data/lib/dependabot.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9de5ea53359451b6552e39b450ef6c53c46d0d99becf02b15949e3af086f7ed8
-  data.tar.gz: aca210e308541379b560262139f618c9721ae905835607fe46425d1b4e702a5d
+  metadata.gz: ffac7b072d3084a0eaa087c7bf4cdf6bf8f180a7312a55bd99fd5648320bb38f
+  data.tar.gz: af8cb21616a02e1a3368ae839f591fd2dfed3154bd4b138fe13843447f9306d6
 SHA512:
-  metadata.gz: a9c643d8050004fe119010919e4b6a08842ef454055332e4ca14c23f6398c05955d990d17e4d8e60f626a181eae4cb3dc8eab911c06752064de08ebcc88ff3e0
-  data.tar.gz: c7bfe1aad5c0231e4a02cb0003a83f133ad82e59cedc035aee9dc3f7ce4d1abbc5d133cd97be54a90c30171b34fc8ca51189fbc92a9d37f1f5ac37896c2c9b56
+  metadata.gz: 3073fb55361f0b46820a01071dc35e14fa91bdbbe653cd581256dde2889df9abeef87bd6787d5c32fd619aaa728736db98116dce9ca357d132e7814941f949dd
+  data.tar.gz: 3a1c6297dcd5425c3838550486066ece3ca2f89f7d1386adc0fa29e1afa681d17a0c30ed8fe987c672e25727af75319e072e1db4668fed0d35b4f4220457fdb9

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Dependabot
         # fixed-length name, so we can punt on handling truncation until
         # we determine the strict validation rules for names
         def new_branch_name
-          File.join(prefixes, timestamped_group_name).gsub("/", separator)
+          File.join(prefixes, group_name_with_dependency_digest).gsub("/", separator)
         end
         private
@@ -37,11 +37,20 @@ module Dependabot
           ].compact
         end
-        # When superseding a grouped update pull request, we will have a period
-        # of time when there are two branches for the group so we use a timestamp
-        # to avoid collisions.
-        def timestamped_group_name
-          "#{dependency_group.name}-#{Time.now.utc.to_i}"
+        # Group pull requests will generally include too many dependencies to include
+        # in the branch name, but we rely on branch names being deterministic for a
+        # given set of dependency changes.
+        #
+        # Let's append a short hash digest of the dependency changes so that we can
+        # meet this guarantee.
+        def group_name_with_dependency_digest
+          "#{dependency_group.name}-#{dependency_digest}"
+        end
+        def dependency_digest
+          @dependency_digest ||= Digest::MD5.hexdigest(dependencies.map do |dependency|
+            "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
+          end.sort.join(",")).slice(0, 10)
         end
         def package_manager

data/lib/dependabot.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.219.0"
+  VERSION = "0.220.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.219.0
+  version: 0.220.0
 platform: ruby
 authors:
 - Dependabot
@@ -508,7 +508,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.219.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.220.0
 post_install_message:
 rdoc_options: []
 require_paths: