dependabot-common 0.221.0 → 0.222.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/dependency.rb +30 -0
- data/lib/dependabot/dependency_group.rb +10 -1
- data/lib/dependabot/git_commit_checker.rb +1 -15
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +2 -0
- data/lib/dependabot/shared_helpers.rb +14 -4
- data/lib/dependabot/update_checkers/base.rb +7 -4
- data/lib/dependabot/workspace/git.rb +1 -1
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 22ca5d1f9a39115d1a98e019146c3cf0050c3e51da521b7dc9ac9b9bd4c2d20d
|
4
|
+
data.tar.gz: bb02102d73e82e7f976fbb777ea49b98a0a868c377b5df0fa2073f44b798f180
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9ce814028e149278172a5d233644880ef1feb05633bf197f99dee6a2e658bce8f38b4aa4f542e83fdaffdceb2e189d036dbde47a218fae328d1cc17e18d3471b
|
7
|
+
data.tar.gz: 20e3106fbab9f3527b28a3afd1bad3bbef9e7b44200de7e4fa54d0cf03ed76f3e57809a38f398177c26591a25c3950b36c57a99678db3dc4ee6ce8cd7fc80201
|
@@ -211,6 +211,36 @@ module Dependabot
|
|
211
211
|
Utils.version_class_for_package_manager(package_manager)
|
212
212
|
end
|
213
213
|
|
214
|
+
def source_details(allowed_types: nil)
|
215
|
+
sources = all_sources.uniq.compact
|
216
|
+
sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types
|
217
|
+
|
218
|
+
git = allowed_types == ["git"]
|
219
|
+
|
220
|
+
if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
|
221
|
+
raise "Multiple sources! #{sources.join(', ')}"
|
222
|
+
end
|
223
|
+
|
224
|
+
sources.first
|
225
|
+
end
|
226
|
+
|
227
|
+
def source_type
|
228
|
+
details = source_details
|
229
|
+
return "default" if details.nil?
|
230
|
+
|
231
|
+
details[:type] || details.fetch("type")
|
232
|
+
end
|
233
|
+
|
234
|
+
def all_sources
|
235
|
+
if top_level?
|
236
|
+
requirements.map { |requirement| requirement.fetch(:source) }
|
237
|
+
elsif subdependency_metadata
|
238
|
+
subdependency_metadata.filter_map { |data| data[:source] }
|
239
|
+
else
|
240
|
+
[]
|
241
|
+
end
|
242
|
+
end
|
243
|
+
|
214
244
|
private
|
215
245
|
|
216
246
|
def check_values
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "wildcard_matcher"
|
4
|
+
require "yaml"
|
4
5
|
|
5
6
|
module Dependabot
|
6
7
|
class DependencyGroup
|
@@ -13,7 +14,8 @@ module Dependabot
|
|
13
14
|
end
|
14
15
|
|
15
16
|
def contains?(dependency)
|
16
|
-
@dependencies.include?(dependency)
|
17
|
+
return true if @dependencies.include?(dependency)
|
18
|
+
|
17
19
|
positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
|
18
20
|
negative_match = rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
|
19
21
|
|
@@ -23,5 +25,12 @@ module Dependabot
|
|
23
25
|
def to_h
|
24
26
|
{ "name" => name }
|
25
27
|
end
|
28
|
+
|
29
|
+
# Provides a debug utility to view the group as it appears in the config file.
|
30
|
+
def to_config_yaml
|
31
|
+
{
|
32
|
+
"groups" => { name => rules }
|
33
|
+
}.to_yaml.delete_prefix("---\n")
|
34
|
+
end
|
26
35
|
end
|
27
36
|
end
|
@@ -163,21 +163,7 @@ module Dependabot
|
|
163
163
|
end
|
164
164
|
|
165
165
|
def dependency_source_details
|
166
|
-
|
167
|
-
dependency.requirements.
|
168
|
-
map { |requirement| requirement.fetch(:source) }.uniq.compact.
|
169
|
-
select { |source| source[:type] == "git" }
|
170
|
-
|
171
|
-
return sources.first if sources.count <= 1
|
172
|
-
|
173
|
-
# If there are multiple source URLs, then it's unclear how we should
|
174
|
-
# proceed
|
175
|
-
raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
|
176
|
-
|
177
|
-
# Otherwise it's reasonable to take the first source and use that. This
|
178
|
-
# will happen if we have multiple git sources with difference references
|
179
|
-
# specified. In that case it's fine to update them all.
|
180
|
-
sources.first
|
166
|
+
dependency.source_details(allowed_types: ["git"])
|
181
167
|
end
|
182
168
|
|
183
169
|
private
|
@@ -134,6 +134,8 @@ module Dependabot
|
|
134
134
|
end
|
135
135
|
|
136
136
|
def replace_github_host(text)
|
137
|
+
return text if !github_redirection_service.nil? && text.include?(github_redirection_service)
|
138
|
+
|
137
139
|
text.gsub(
|
138
140
|
/(www\.)?github.com/, github_redirection_service || "github.com"
|
139
141
|
)
|
@@ -21,7 +21,7 @@ module Dependabot
|
|
21
21
|
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
|
22
22
|
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
|
23
23
|
"(#{RUBY_PLATFORM}) " \
|
24
|
-
"(+https://github.com/dependabot/dependabot-core)"
|
24
|
+
"(+https://github.com/dependabot/dependabot-core)".freeze
|
25
25
|
SIGKILL = 9
|
26
26
|
|
27
27
|
def self.in_a_temporary_repo_directory(directory = "/", repo_contents_path = nil, &block)
|
@@ -315,10 +315,20 @@ module Dependabot
|
|
315
315
|
FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
|
316
316
|
end
|
317
317
|
|
318
|
-
def self.run_shell_command(command,
|
318
|
+
def self.run_shell_command(command,
|
319
|
+
allow_unsafe_shell_command: false,
|
320
|
+
env: {},
|
321
|
+
fingerprint: nil,
|
322
|
+
stderr_to_stdout: true)
|
319
323
|
start = Time.now
|
320
324
|
cmd = allow_unsafe_shell_command ? command : escape_command(command)
|
321
|
-
|
325
|
+
|
326
|
+
if stderr_to_stdout
|
327
|
+
stdout, process = Open3.capture2e(env || {}, cmd)
|
328
|
+
else
|
329
|
+
stdout, stderr, process = Open3.capture3(env || {}, cmd)
|
330
|
+
end
|
331
|
+
|
322
332
|
time_taken = Time.now - start
|
323
333
|
|
324
334
|
# Raise an error with the output from the shell session if the
|
@@ -333,7 +343,7 @@ module Dependabot
|
|
333
343
|
}
|
334
344
|
|
335
345
|
raise SharedHelpers::HelperSubprocessFailed.new(
|
336
|
-
message: stdout,
|
346
|
+
message: stderr_to_stdout ? stdout : "#{stderr}\n#{stdout}",
|
337
347
|
error_context: error_context
|
338
348
|
)
|
339
349
|
end
|
@@ -10,12 +10,12 @@ module Dependabot
|
|
10
10
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
11
11
|
:credentials, :ignored_versions, :raise_on_ignored,
|
12
12
|
:security_advisories, :requirements_update_strategy,
|
13
|
-
:options
|
13
|
+
:dependency_group, :options
|
14
14
|
|
15
15
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
16
16
|
credentials:, ignored_versions: [],
|
17
17
|
raise_on_ignored: false, security_advisories: [],
|
18
|
-
requirements_update_strategy: nil,
|
18
|
+
requirements_update_strategy: nil, dependency_group: nil,
|
19
19
|
options: {})
|
20
20
|
@dependency = dependency
|
21
21
|
@dependency_files = dependency_files
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
25
25
|
@ignored_versions = ignored_versions
|
26
26
|
@raise_on_ignored = raise_on_ignored
|
27
27
|
@security_advisories = security_advisories
|
28
|
+
@dependency_group = dependency_group
|
28
29
|
@options = options
|
29
30
|
end
|
30
31
|
|
@@ -164,7 +165,8 @@ module Dependabot
|
|
164
165
|
requirements: dependency.requirements,
|
165
166
|
previous_version: previous_version,
|
166
167
|
previous_requirements: dependency.requirements,
|
167
|
-
package_manager: dependency.package_manager
|
168
|
+
package_manager: dependency.package_manager,
|
169
|
+
subdependency_metadata: dependency.subdependency_metadata
|
168
170
|
)
|
169
171
|
end
|
170
172
|
|
@@ -178,7 +180,8 @@ module Dependabot
|
|
178
180
|
requirements: updated_requirements,
|
179
181
|
previous_version: previous_version,
|
180
182
|
previous_requirements: dependency.requirements,
|
181
|
-
package_manager: dependency.package_manager
|
183
|
+
package_manager: dependency.package_manager,
|
184
|
+
subdependency_metadata: dependency.subdependency_metadata
|
182
185
|
)
|
183
186
|
end
|
184
187
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.222.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-07-
|
11
|
+
date: 2023-07-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -486,7 +486,7 @@ licenses:
|
|
486
486
|
- Nonstandard
|
487
487
|
metadata:
|
488
488
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
489
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
489
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.222.0
|
490
490
|
post_install_message:
|
491
491
|
rdoc_options: []
|
492
492
|
require_paths:
|