dependabot-common 0.221.0 → 0.223.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 883ba90c6d526f51118f6fabc2082e4ddd09cd73338f103978e2c59a63c6ef67
-  data.tar.gz: e86edce90676becde42edc6fdc7c7a17304ddab77966905d059a3ae11934d8f6
+  metadata.gz: 18ecca84ce32ec9c88e10c027588144887dcbec20f59878d30d8d3c26d0d41f4
+  data.tar.gz: 4a13a9d395adf5c8567523e6afb21ab4dc2d265b98d30f2c99bee1b19d8c5119
 SHA512:
-  metadata.gz: a806d1c610355284b4a98a4e3b6ae5ad7f070be18af6fadf23ed98b2ac842eeb55ccc09f4e90c5483b2ab42821ece37c1c3390133817f61e52c4fc580fda111d
-  data.tar.gz: 87ca2cbe54385a9ebd526ea9016ef652f183eb7b9b5d8be0849cd5ad7513ba5ce57071081c95788e3eb92600696ca801fa2abbbe020c32d537c26157bcb38d3b
+  metadata.gz: 9ce88a617e9e8d0952c76630f8f8c76956a38f66cedc06e2da6f360ceaf9b28a52fef49be84102213a4262d96abf56c7ec55c6d75fc53e6e6b6653d3c8f363b1
+  data.tar.gz: 4b58cd7780d8c2c4f8d18a0622a7a16d2f0ace2204098d5376b4077fef02a1b6629cea77c4b280f745b4e4946568d9be2014e6e38f31ac088696eb981d69019a

data/lib/dependabot/config/file.rb

@@ -53,6 +53,7 @@ module Dependabot
         "npm" => "npm_and_yarn",
         "pip" => "pip",
         "pub" => "pub",
+        "swift" => "swift",
         "terraform" => "terraform"
       }.freeze
 

data/lib/dependabot/dependency.rb

@@ -211,6 +211,36 @@ module Dependabot
       Utils.version_class_for_package_manager(package_manager)
     end
 
+    def source_details(allowed_types: nil)
+      sources = all_sources.uniq.compact
+      sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types
+
+      git = allowed_types == ["git"]
+
+      if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
+        raise "Multiple sources! #{sources.join(', ')}"
+      end
+
+      sources.first
+    end
+
+    def source_type
+      details = source_details
+      return "default" if details.nil?
+
+      details[:type] || details.fetch("type")
+    end
+
+    def all_sources
+      if top_level?
+        requirements.map { |requirement| requirement.fetch(:source) }
+      elsif subdependency_metadata
+        subdependency_metadata.filter_map { |data| data[:source] }
+      else
+        []
+      end
+    end
+
     private
 
     def check_values

data/lib/dependabot/dependency_group.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "wildcard_matcher"
+require "yaml"
 
 module Dependabot
   class DependencyGroup
@@ -13,15 +14,45 @@ module Dependabot
     end
 
     def contains?(dependency)
-      @dependencies.include?(dependency) if @dependencies.any?
-      positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
-      negative_match =  rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
+      return true if @dependencies.include?(dependency)
+      return false if matches_excluded_pattern?(dependency.name)
 
-      positive_match && !negative_match
+      matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
     end
 
     def to_h
       { "name" => name }
     end
+
+    # Provides a debug utility to view the group as it appears in the config file.
+    def to_config_yaml
+      {
+        "groups" => { name => rules }
+      }.to_yaml.delete_prefix("---\n")
+    end
+
+    private
+
+    def matches_pattern?(dependency_name)
+      return true unless rules.key?("patterns") # If no patterns are defined, we pass this check by default
+
+      rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+    end
+
+    def matches_excluded_pattern?(dependency_name)
+      return false unless rules.key?("exclude-patterns") # If there are no exclusions, fail by default
+
+      rules["exclude-patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+    end
+
+    def matches_dependency_type?(dependency)
+      return true unless rules.key?("dependency-type") # If no dependency-type is set, match by default
+
+      rules["dependency-type"] == if dependency.production?
+                                    "production"
+                                  else
+                                    "development"
+                                  end
+    end
   end
 end

data/lib/dependabot/git_commit_checker.rb

@@ -163,21 +163,7 @@ module Dependabot
     end
 
     def dependency_source_details
-      sources =
-        dependency.requirements.
-        map { |requirement| requirement.fetch(:source) }.uniq.compact.
-        select { |source| source[:type] == "git" }
-
-      return sources.first if sources.count <= 1
-
-      # If there are multiple source URLs, then it's unclear how we should
-      # proceed
-      raise "Multiple sources! #{sources.join(', ')}" if sources.map { |s| s[:url] }.uniq.count > 1
-
-      # Otherwise it's reasonable to take the first source and use that. This
-      # will happen if we have multiple git sources with difference references
-      # specified. In that case it's fine to update them all.
-      sources.first
+      dependency.source_details(allowed_types: ["git"])
     end
 
     private

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -134,6 +134,8 @@ module Dependabot
         end
 
         def replace_github_host(text)
+          return text if !github_redirection_service.nil? && text.include?(github_redirection_service)
+
           text.gsub(
             /(www\.)?github.com/, github_redirection_service || "github.com"
           )

data/lib/dependabot/shared_helpers.rb

@@ -21,7 +21,7 @@ module Dependabot
     USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
                  "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
                  "(#{RUBY_PLATFORM}) " \
-                 "(+https://github.com/dependabot/dependabot-core)"
+                 "(+https://github.com/dependabot/dependabot-core)".freeze
     SIGKILL = 9
 
     def self.in_a_temporary_repo_directory(directory = "/", repo_contents_path = nil, &block)
@@ -315,10 +315,20 @@ module Dependabot
       FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
     end
 
-    def self.run_shell_command(command, allow_unsafe_shell_command: false, env: {}, fingerprint: nil)
+    def self.run_shell_command(command,
+                               allow_unsafe_shell_command: false,
+                               env: {},
+                               fingerprint: nil,
+                               stderr_to_stdout: true)
       start = Time.now
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
-      stdout, process = Open3.capture2e(env || {}, cmd)
+
+      if stderr_to_stdout
+        stdout, process = Open3.capture2e(env || {}, cmd)
+      else
+        stdout, stderr, process = Open3.capture3(env || {}, cmd)
+      end
+
       time_taken = Time.now - start
 
       # Raise an error with the output from the shell session if the
@@ -333,7 +343,7 @@ module Dependabot
       }
 
       raise SharedHelpers::HelperSubprocessFailed.new(
-        message: stdout,
+        message: stderr_to_stdout ? stdout : "#{stderr}\n#{stdout}",
         error_context: error_context
       )
     end

data/lib/dependabot/update_checkers/base.rb

@@ -10,12 +10,12 @@ module Dependabot
       attr_reader :dependency, :dependency_files, :repo_contents_path,
                   :credentials, :ignored_versions, :raise_on_ignored,
                   :security_advisories, :requirements_update_strategy,
-                  :options
+                  :dependency_group, :options
 
       def initialize(dependency:, dependency_files:, repo_contents_path: nil,
                      credentials:, ignored_versions: [],
                      raise_on_ignored: false, security_advisories: [],
-                     requirements_update_strategy: nil,
+                     requirements_update_strategy: nil, dependency_group: nil,
                      options: {})
         @dependency = dependency
         @dependency_files = dependency_files
@@ -25,6 +25,7 @@ module Dependabot
         @ignored_versions = ignored_versions
         @raise_on_ignored = raise_on_ignored
         @security_advisories = security_advisories
+        @dependency_group = dependency_group
         @options = options
       end
 
@@ -164,7 +165,8 @@ module Dependabot
           requirements: dependency.requirements,
           previous_version: previous_version,
           previous_requirements: dependency.requirements,
-          package_manager: dependency.package_manager
+          package_manager: dependency.package_manager,
+          subdependency_metadata: dependency.subdependency_metadata
         )
       end
 
@@ -178,7 +180,8 @@ module Dependabot
           requirements: updated_requirements,
           previous_version: previous_version,
           previous_requirements: dependency.requirements,
-          package_manager: dependency.package_manager
+          package_manager: dependency.package_manager,
+          subdependency_metadata: dependency.subdependency_metadata
         )
       end
 

data/lib/dependabot/workspace/git.rb

@@ -7,7 +7,7 @@ module Dependabot
   module Workspace
     class Git < Base
       USER = "dependabot[bot]"
-      EMAIL = "#{USER}@users.noreply.github.com"
+      EMAIL = "#{USER}@users.noreply.github.com".freeze
 
       attr_reader :initial_head_sha
 

data/lib/dependabot.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.221.0"
+  VERSION = "0.223.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.221.0
+  version: 0.223.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-13 00:00:00.000000000 Z
+date: 2023-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.221.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.223.0
 post_install_message: 
 rdoc_options: []
 require_paths: