dependabot-common 0.221.0 → 0.222.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/file.rb +1 -0
  3. data/lib/dependabot/dependency.rb +30 -0
  4. data/lib/dependabot/dependency_group.rb +10 -1
  5. data/lib/dependabot/git_commit_checker.rb +1 -15
  6. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +2 -0
  7. data/lib/dependabot/shared_helpers.rb +14 -4
  8. data/lib/dependabot/update_checkers/base.rb +7 -4
  9. data/lib/dependabot/workspace/git.rb +1 -1
  10. data/lib/dependabot.rb +1 -1
  11. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 883ba90c6d526f51118f6fabc2082e4ddd09cd73338f103978e2c59a63c6ef67
4
- data.tar.gz: e86edce90676becde42edc6fdc7c7a17304ddab77966905d059a3ae11934d8f6
3
+ metadata.gz: 22ca5d1f9a39115d1a98e019146c3cf0050c3e51da521b7dc9ac9b9bd4c2d20d
4
+ data.tar.gz: bb02102d73e82e7f976fbb777ea49b98a0a868c377b5df0fa2073f44b798f180
5
5
  SHA512:
6
- metadata.gz: a806d1c610355284b4a98a4e3b6ae5ad7f070be18af6fadf23ed98b2ac842eeb55ccc09f4e90c5483b2ab42821ece37c1c3390133817f61e52c4fc580fda111d
7
- data.tar.gz: 87ca2cbe54385a9ebd526ea9016ef652f183eb7b9b5d8be0849cd5ad7513ba5ce57071081c95788e3eb92600696ca801fa2abbbe020c32d537c26157bcb38d3b
6
+ metadata.gz: 9ce814028e149278172a5d233644880ef1feb05633bf197f99dee6a2e658bce8f38b4aa4f542e83fdaffdceb2e189d036dbde47a218fae328d1cc17e18d3471b
7
+ data.tar.gz: 20e3106fbab9f3527b28a3afd1bad3bbef9e7b44200de7e4fa54d0cf03ed76f3e57809a38f398177c26591a25c3950b36c57a99678db3dc4ee6ce8cd7fc80201
data/lib/dependabot/config/file.rb CHANGED
@@ -53,6 +53,7 @@ module Dependabot
53
53
  "npm" => "npm_and_yarn",
54
54
  "pip" => "pip",
55
55
  "pub" => "pub",
56
+ "swift" => "swift",
56
57
  "terraform" => "terraform"
57
58
  }.freeze
58
59
 
data/lib/dependabot/dependency.rb CHANGED
@@ -211,6 +211,36 @@ module Dependabot
211
211
  Utils.version_class_for_package_manager(package_manager)
212
212
  end
213
213
 
214
+ def source_details(allowed_types: nil)
215
+ sources = all_sources.uniq.compact
216
+ sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types
217
+
218
+ git = allowed_types == ["git"]
219
+
220
+ if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
221
+ raise "Multiple sources! #{sources.join(', ')}"
222
+ end
223
+
224
+ sources.first
225
+ end
226
+
227
+ def source_type
228
+ details = source_details
229
+ return "default" if details.nil?
230
+
231
+ details[:type] || details.fetch("type")
232
+ end
233
+
234
+ def all_sources
235
+ if top_level?
236
+ requirements.map { |requirement| requirement.fetch(:source) }
237
+ elsif subdependency_metadata
238
+ subdependency_metadata.filter_map { |data| data[:source] }
239
+ else
240
+ []
241
+ end
242
+ end
243
+
214
244
  private
215
245
 
216
246
  def check_values
data/lib/dependabot/dependency_group.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "wildcard_matcher"
4
+ require "yaml"
4
5
 
5
6
  module Dependabot
6
7
  class DependencyGroup
@@ -13,7 +14,8 @@ module Dependabot
13
14
  end
14
15
 
15
16
  def contains?(dependency)
16
- @dependencies.include?(dependency) if @dependencies.any?
17
+ return true if @dependencies.include?(dependency)
18
+
17
19
  positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
18
20
  negative_match = rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
19
21
 
@@ -23,5 +25,12 @@ module Dependabot
23
25
  def to_h
24
26
  { "name" => name }
25
27
  end
28
+
29
+ # Provides a debug utility to view the group as it appears in the config file.
30
+ def to_config_yaml
31
+ {
32
+ "groups" => { name => rules }
33
+ }.to_yaml.delete_prefix("---\n")
34
+ end
26
35
  end
27
36
  end
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -163,21 +163,7 @@ module Dependabot
163
163
  end
164
164
 
165
165
  def dependency_source_details
166
- sources =
167
- dependency.requirements.
168
- map { |requirement| requirement.fetch(:source) }.uniq.compact.
169
- select { |source| source[:type] == "git" }
170
-
171
- return sources.first if sources.count <= 1
172
-
173
- # If there are multiple source URLs, then it's unclear how we should
174
- # proceed
175
- raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
176
-
177
- # Otherwise it's reasonable to take the first source and use that. This
178
- # will happen if we have multiple git sources with difference references
179
- # specified. In that case it's fine to update them all.
180
- sources.first
166
+ dependency.source_details(allowed_types: ["git"])
181
167
  end
182
168
 
183
169
  private
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED
@@ -134,6 +134,8 @@ module Dependabot
134
134
  end
135
135
 
136
136
  def replace_github_host(text)
137
+ return text if !github_redirection_service.nil? && text.include?(github_redirection_service)
138
+
137
139
  text.gsub(
138
140
  /(www\.)?github.com/, github_redirection_service || "github.com"
139
141
  )
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -21,7 +21,7 @@ module Dependabot
21
21
  USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
22
22
  "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
23
23
  "(#{RUBY_PLATFORM}) " \
24
- "(+https://github.com/dependabot/dependabot-core)"
24
+ "(+https://github.com/dependabot/dependabot-core)".freeze
25
25
  SIGKILL = 9
26
26
 
27
27
  def self.in_a_temporary_repo_directory(directory = "/", repo_contents_path = nil, &block)
@@ -315,10 +315,20 @@ module Dependabot
315
315
  FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
316
316
  end
317
317
 
318
- def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {}, fingerprint: nil)
318
+ def self.run_shell_command(command,
319
+ allow_unsafe_shell_command: false,
320
+ env: {},
321
+ fingerprint: nil,
322
+ stderr_to_stdout: true)
319
323
  start = Time.now
320
324
  cmd = allow_unsafe_shell_command ? command : escape_command(command)
321
- stdout, process = Open3.capture2e(env || {}, cmd)
325
+
326
+ if stderr_to_stdout
327
+ stdout, process = Open3.capture2e(env || {}, cmd)
328
+ else
329
+ stdout, stderr, process = Open3.capture3(env || {}, cmd)
330
+ end
331
+
322
332
  time_taken = Time.now - start
323
333
 
324
334
  # Raise an error with the output from the shell session if the
@@ -333,7 +343,7 @@ module Dependabot
333
343
  }
334
344
 
335
345
  raise SharedHelpers::HelperSubprocessFailed.new(
336
- message: stdout,
346
+ message: stderr_to_stdout ? stdout : "#{stderr}\n#{stdout}",
337
347
  error_context: error_context
338
348
  )
339
349
  end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -10,12 +10,12 @@ module Dependabot
10
10
  attr_reader :dependency, :dependency_files, :repo_contents_path,
11
11
  :credentials, :ignored_versions, :raise_on_ignored,
12
12
  :security_advisories, :requirements_update_strategy,
13
- :options
13
+ :dependency_group, :options
14
14
 
15
15
  def initialize(dependency:, dependency_files:, repo_contents_path: nil,
16
16
  credentials:, ignored_versions: [],
17
17
  raise_on_ignored: false, security_advisories: [],
18
- requirements_update_strategy: nil,
18
+ requirements_update_strategy: nil, dependency_group: nil,
19
19
  options: {})
20
20
  @dependency = dependency
21
21
  @dependency_files = dependency_files
@@ -25,6 +25,7 @@ module Dependabot
25
25
  @ignored_versions = ignored_versions
26
26
  @raise_on_ignored = raise_on_ignored
27
27
  @security_advisories = security_advisories
28
+ @dependency_group = dependency_group
28
29
  @options = options
29
30
  end
30
31
 
@@ -164,7 +165,8 @@ module Dependabot
164
165
  requirements: dependency.requirements,
165
166
  previous_version: previous_version,
166
167
  previous_requirements: dependency.requirements,
167
- package_manager: dependency.package_manager
168
+ package_manager: dependency.package_manager,
169
+ subdependency_metadata: dependency.subdependency_metadata
168
170
  )
169
171
  end
170
172
 
@@ -178,7 +180,8 @@ module Dependabot
178
180
  requirements: updated_requirements,
179
181
  previous_version: previous_version,
180
182
  previous_requirements: dependency.requirements,
181
- package_manager: dependency.package_manager
183
+ package_manager: dependency.package_manager,
184
+ subdependency_metadata: dependency.subdependency_metadata
182
185
  )
183
186
  end
184
187
 
data/lib/dependabot/workspace/git.rb CHANGED
@@ -7,7 +7,7 @@ module Dependabot
7
7
  module Workspace
8
8
  class Git < Base
9
9
  USER = "dependabot[bot]"
10
- EMAIL = "#{USER}@users.noreply.github.com"
10
+ EMAIL = "#{USER}@users.noreply.github.com".freeze
11
11
 
12
12
  attr_reader :initial_head_sha
13
13
 
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.221.0"
4
+ VERSION = "0.222.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.221.0
4
+ version: 0.222.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-13 00:00:00.000000000 Z
11
+ date: 2023-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
486
486
  - Nonstandard
487
487
  metadata:
488
488
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
489
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.221.0
489
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.222.0
490
490
  post_install_message:
491
491
  rdoc_options: []
492
492
  require_paths: