dependabot-common 0.222.0 → 0.224.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22ca5d1f9a39115d1a98e019146c3cf0050c3e51da521b7dc9ac9b9bd4c2d20d
-  data.tar.gz: bb02102d73e82e7f976fbb777ea49b98a0a868c377b5df0fa2073f44b798f180
+  metadata.gz: 967a29e273078457f5010415215784a3bf9bd8b9cd78e101ab8d7dc97ab42fba
+  data.tar.gz: c840404ceecf85c06defa6748f5075c1e336e3878f0f18c3d1c6282b986d86b4
 SHA512:
-  metadata.gz: 9ce814028e149278172a5d233644880ef1feb05633bf197f99dee6a2e658bce8f38b4aa4f542e83fdaffdceb2e189d036dbde47a218fae328d1cc17e18d3471b
-  data.tar.gz: 20e3106fbab9f3527b28a3afd1bad3bbef9e7b44200de7e4fa54d0cf03ed76f3e57809a38f398177c26591a25c3950b36c57a99678db3dc4ee6ce8cd7fc80201
+  metadata.gz: 1bdead2177caa4c1c9cd90371bf07cb8def978492718809f3a67ee995f24c4da02424989d25f87298ad2ac04b371c63108a9520d58e33d0b6f925446dfc0d5be
+  data.tar.gz: 2e5f484acea22c05982c2840317f7f559171ca239b846da310ac2ae40b7006fe10df16d1e26f204d3ccee0e163e8c51af5e283635f929edb1fbeaa5d6986c2ad

data/lib/dependabot/clients/azure.rb

@@ -22,8 +22,6 @@ module Dependabot
 
       RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
 
-      MAX_PR_DESCRIPTION_LENGTH = 3999
-
       #######################
       # Constructor methods #
       #######################
@@ -174,7 +172,6 @@ module Dependabot
       def create_pull_request(pr_name, source_branch, target_branch,
                               pr_description, labels,
                               reviewers = nil, assignees = nil, work_item = nil)
-        pr_description = truncate_pr_description(pr_description)
 
         content = {
           sourceRefName: "refs/heads/" + source_branch,
@@ -375,19 +372,6 @@ module Dependabot
         end
       end
 
-      def truncate_pr_description(pr_description)
-        # Azure DevOps only support descriptions up to 4000 characters in UTF-16
-        # encoding.
-        # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
-        pr_description = pr_description.dup.force_encoding(Encoding::UTF_16)
-        if pr_description.length > MAX_PR_DESCRIPTION_LENGTH
-          truncated_msg = (+"...\n\n_Description has been truncated_").force_encoding(Encoding::UTF_16)
-          truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
-          pr_description = (pr_description[0..truncate_length] + truncated_msg)
-        end
-        pr_description.force_encoding(Encoding::UTF_8)
-      end
-
       def tags_creation_forbidden?(response)
         return if response.body.empty?
 

data/lib/dependabot/dependency_group.rb

@@ -15,11 +15,9 @@ module Dependabot
 
     def contains?(dependency)
       return true if @dependencies.include?(dependency)
+      return false if matches_excluded_pattern?(dependency.name)
 
-      positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
-      negative_match =  rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
-
-      positive_match && !negative_match
+      matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
     end
 
     def to_h
@@ -32,5 +30,29 @@ module Dependabot
         "groups" => { name => rules }
       }.to_yaml.delete_prefix("---\n")
     end
+
+    private
+
+    def matches_pattern?(dependency_name)
+      return true unless rules.key?("patterns") # If no patterns are defined, we pass this check by default
+
+      rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+    end
+
+    def matches_excluded_pattern?(dependency_name)
+      return false unless rules.key?("exclude-patterns") # If there are no exclusions, fail by default
+
+      rules["exclude-patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
+    end
+
+    def matches_dependency_type?(dependency)
+      return true unless rules.key?("dependency-type") # If no dependency-type is set, match by default
+
+      rules["dependency-type"] == if dependency.production?
+                                    "production"
+                                  else
+                                    "development"
+                                  end
+    end
   end
 end

data/lib/dependabot/git_metadata_fetcher.rb

@@ -112,13 +112,17 @@ module Dependabot
       command = "git ls-remote #{service_pack_uri}"
       command = SharedHelpers.escape_command(command)
 
-      stdout, stderr, process = Open3.capture3(env, command)
-      # package the command response like a HTTP response so error handling
-      # remains unchanged
-      if process.success?
-        OpenStruct.new(body: stdout, status: 200)
+      begin
+        stdout, stderr, process = Open3.capture3(env, command)
+        # package the command response like a HTTP response so error handling remains unchanged
+      rescue Errno::ENOENT => e # thrown when `git` isn't installed...
+        OpenStruct.new(body: e.message, status: 500)
       else
-        OpenStruct.new(body: stderr, status: 500)
+        if process.success?
+          OpenStruct.new(body: stdout, status: 200)
+        else
+          OpenStruct.new(body: stderr, status: 500)
+        end
       end
     end
 

data/lib/dependabot/pull_request_creator/azure.rb

@@ -10,6 +10,11 @@ module Dependabot
                   :files, :commit_message, :pr_description, :pr_name,
                   :author_details, :labeler, :reviewers, :assignees, :work_item
 
+      # Azure DevOps limits PR descriptions to a max of 4,000 characters in UTF-16 encoding:
+      # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
+      PR_DESCRIPTION_MAX_LENGTH = 3_999 # 0 based count
+      PR_DESCRIPTION_ENCODING = Encoding::UTF_16
+
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
                      author_details:, labeler:, reviewers: nil, assignees: nil, work_item: nil)

data/lib/dependabot/pull_request_creator/codecommit.rb

@@ -10,6 +10,10 @@ module Dependabot
                   :files, :commit_message, :pr_description, :pr_name,
                   :author_details, :labeler
 
+      # CodeCommit limits PR descriptions to a max length of 10,240 characters:
+      # https://docs.aws.amazon.com/codecommit/latest/APIReference/API_PullRequest.html
+      PR_DESCRIPTION_MAX_LENGTH = 10_239 # 0 based count
+
       def initialize(source:, branch_name:, base_commit:, credentials:,
                      files:, commit_message:, pr_description:, pr_name:,
                      author_details:, labeler:, require_up_to_date_base:)

data/lib/dependabot/pull_request_creator/github.rb

@@ -9,7 +9,9 @@ module Dependabot
   class PullRequestCreator
     # rubocop:disable Metrics/ClassLength
     class Github
-      MAX_PR_DESCRIPTION_LENGTH = 65_536 # characters (see #create_pull_request)
+      # GitHub limits PR descriptions to a max of 65,536 characters:
+      # https://github.com/orgs/community/discussions/27190#discussioncomment-3726017
+      PR_DESCRIPTION_MAX_LENGTH = 65_535 # 0 based count
 
       attr_reader :source, :branch_name, :base_commit, :credentials,
                   :files, :pr_description, :pr_name, :commit_message,
@@ -349,18 +351,6 @@ module Dependabot
       end
 
       def create_pull_request
-        # Limit PR description to MAX_PR_DESCRIPTION_LENGTH (65,536) characters
-        # and truncate with message if over. The API limit is 262,144 bytes
-        # (https://github.community/t/maximum-length-for-the-comment-body-in-issues-and-pr/148867/2).
-        # As Ruby strings are UTF-8 encoded, this is a pessimistic limit: it
-        # presumes the case where all characters are 4 bytes.
-        pr_description = @pr_description.dup
-        if pr_description && pr_description.length > MAX_PR_DESCRIPTION_LENGTH
-          truncated_msg = "...\n\n_Description has been truncated_"
-          truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
-          pr_description = (pr_description[0, truncate_length] + truncated_msg)
-        end
-
         github_client_for_source.create_pull_request(
           source.repo,
           target_branch,

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -22,13 +22,16 @@ module Dependabot
       attr_reader :source, :dependencies, :files, :credentials,
                   :pr_message_header, :pr_message_footer,
                   :commit_message_options, :vulnerabilities_fixed,
-                  :github_redirection_service, :dependency_group
+                  :github_redirection_service, :dependency_group, :pr_message_max_length,
+                  :pr_message_encoding
+
+      TRUNCATED_MSG = "...\n\n_Description has been truncated_"
 
       def initialize(source:, dependencies:, files:, credentials:,
                      pr_message_header: nil, pr_message_footer: nil,
                      commit_message_options: {}, vulnerabilities_fixed: {},
                      github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
-                     dependency_group: nil)
+                     dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil)
         @dependencies               = dependencies
         @files                      = files
         @source                     = source
@@ -39,8 +42,14 @@ module Dependabot
         @vulnerabilities_fixed      = vulnerabilities_fixed
         @github_redirection_service = github_redirection_service
         @dependency_group           = dependency_group
+        @pr_message_max_length      = pr_message_max_length
+        @pr_message_encoding        = pr_message_encoding
       end
 
+      attr_writer :pr_message_max_length
+
+      attr_writer :pr_message_encoding
+
       def pr_name
         name = dependency_group ? group_pr_name : solo_pr_name
         name[0] = name[0].capitalize if pr_name_prefixer.capitalize_first_word?
@@ -48,13 +57,31 @@ module Dependabot
       end
 
       def pr_message
-        suffixed_pr_message_header + commit_message_intro +
-          metadata_cascades + prefixed_pr_message_footer
+        msg = "#{suffixed_pr_message_header}#{commit_message_intro}#{metadata_cascades}#{prefixed_pr_message_footer}"
+        truncate_pr_message(msg)
       rescue StandardError => e
         Dependabot.logger.error("Error while generating PR message: #{e.message}")
         suffixed_pr_message_header + prefixed_pr_message_footer
       end
 
+      # Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
+      # The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
+      def truncate_pr_message(msg)
+        return msg if pr_message_max_length.nil?
+
+        msg = msg.dup
+        msg = msg.force_encoding(pr_message_encoding) unless pr_message_encoding.nil?
+
+        if msg.length > pr_message_max_length
+          tr_msg = pr_message_encoding.nil? ? TRUNCATED_MSG : (+TRUNCATED_MSG).dup.force_encoding(pr_message_encoding)
+          trunc_length = pr_message_max_length - tr_msg.length
+          msg = (msg[0..trunc_length] + tr_msg)
+        end
+        # if we used a custom encoding for calculating length, then we need to force back to UTF-8
+        msg.force_encoding(Encoding::UTF_8) unless pr_message_encoding.nil?
+        msg
+      end
+
       def commit_message
         message = commit_subject + "\n\n"
         message += commit_message_intro

data/lib/dependabot/pull_request_creator.rb

@@ -49,7 +49,8 @@ module Dependabot
                 :commit_message_options, :vulnerabilities_fixed,
                 :reviewers, :assignees, :milestone, :branch_name_separator,
                 :branch_name_prefix, :branch_name_max_length, :github_redirection_service,
-                :custom_headers, :provider_metadata, :dependency_group
+                :custom_headers, :provider_metadata, :dependency_group, :pr_message_max_length,
+                :pr_message_encoding
 
     def initialize(source:, base_commit:, dependencies:, files:, credentials:,
                    pr_message_header: nil, pr_message_footer: nil,
@@ -61,7 +62,8 @@ module Dependabot
                    automerge_candidate: false,
                    github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
                    custom_headers: nil, require_up_to_date_base: false,
-                   provider_metadata: {}, message: nil, dependency_group: nil)
+                   provider_metadata: {}, message: nil, dependency_group: nil, pr_message_max_length: nil,
+                   pr_message_encoding: nil)
       @dependencies               = dependencies
       @source                     = source
       @base_commit                = base_commit
@@ -88,6 +90,8 @@ module Dependabot
       @provider_metadata          = provider_metadata
       @message                    = message
       @dependency_group           = dependency_group
+      @pr_message_max_length      = pr_message_max_length
+      @pr_message_encoding        = pr_message_encoding
 
       check_dependencies_have_previous_version
     end
@@ -216,19 +220,32 @@ module Dependabot
     end
 
     def message
-      @message ||=
-        MessageBuilder.new(
-          source: source,
-          dependencies: dependencies,
-          files: files,
-          credentials: credentials,
-          commit_message_options: commit_message_options,
-          pr_message_header: pr_message_header,
-          pr_message_footer: pr_message_footer,
-          vulnerabilities_fixed: vulnerabilities_fixed,
-          github_redirection_service: github_redirection_service,
-          dependency_group: dependency_group
-        )
+      return @message unless @message.nil?
+
+      case source.provider
+      when "github"
+        @pr_message_max_length = Github::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
+      when "azure"
+        @pr_message_max_length = Azure::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
+        @pr_message_encoding = Azure::PR_DESCRIPTION_ENCODING if @pr_message_encoding.nil?
+      when "codecommit"
+        @pr_message_max_length = Codecommit::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
+      end
+
+      @message = MessageBuilder.new(
+        source: source,
+        dependencies: dependencies,
+        files: files,
+        credentials: credentials,
+        commit_message_options: commit_message_options,
+        pr_message_header: pr_message_header,
+        pr_message_footer: pr_message_footer,
+        vulnerabilities_fixed: vulnerabilities_fixed,
+        github_redirection_service: github_redirection_service,
+        dependency_group: dependency_group,
+        pr_message_max_length: pr_message_max_length,
+        pr_message_encoding: pr_message_encoding
+      )
     end
 
     def branch_namer

data/lib/dependabot.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.222.0"
+  VERSION = "0.224.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.222.0
+  version: 0.224.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-25 00:00:00.000000000 Z
+date: 2023-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.222.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
 post_install_message: 
 rdoc_options: []
 require_paths: