dependabot-common 0.222.0 → 0.224.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22ca5d1f9a39115d1a98e019146c3cf0050c3e51da521b7dc9ac9b9bd4c2d20d
4
- data.tar.gz: bb02102d73e82e7f976fbb777ea49b98a0a868c377b5df0fa2073f44b798f180
3
+ metadata.gz: 967a29e273078457f5010415215784a3bf9bd8b9cd78e101ab8d7dc97ab42fba
4
+ data.tar.gz: c840404ceecf85c06defa6748f5075c1e336e3878f0f18c3d1c6282b986d86b4
5
5
  SHA512:
6
- metadata.gz: 9ce814028e149278172a5d233644880ef1feb05633bf197f99dee6a2e658bce8f38b4aa4f542e83fdaffdceb2e189d036dbde47a218fae328d1cc17e18d3471b
7
- data.tar.gz: 20e3106fbab9f3527b28a3afd1bad3bbef9e7b44200de7e4fa54d0cf03ed76f3e57809a38f398177c26591a25c3950b36c57a99678db3dc4ee6ce8cd7fc80201
6
+ metadata.gz: 1bdead2177caa4c1c9cd90371bf07cb8def978492718809f3a67ee995f24c4da02424989d25f87298ad2ac04b371c63108a9520d58e33d0b6f925446dfc0d5be
7
+ data.tar.gz: 2e5f484acea22c05982c2840317f7f559171ca239b846da310ac2ae40b7006fe10df16d1e26f204d3ccee0e163e8c51af5e283635f929edb1fbeaa5d6986c2ad
@@ -22,8 +22,6 @@ module Dependabot
22
22
 
23
23
  RETRYABLE_ERRORS = [InternalServerError, BadGateway, ServiceNotAvailable].freeze
24
24
 
25
- MAX_PR_DESCRIPTION_LENGTH = 3999
26
-
27
25
  #######################
28
26
  # Constructor methods #
29
27
  #######################
@@ -174,7 +172,6 @@ module Dependabot
174
172
  def create_pull_request(pr_name, source_branch, target_branch,
175
173
  pr_description, labels,
176
174
  reviewers = nil, assignees = nil, work_item = nil)
177
- pr_description = truncate_pr_description(pr_description)
178
175
 
179
176
  content = {
180
177
  sourceRefName: "refs/heads/" + source_branch,
@@ -375,19 +372,6 @@ module Dependabot
375
372
  end
376
373
  end
377
374
 
378
- def truncate_pr_description(pr_description)
379
- # Azure DevOps only support descriptions up to 4000 characters in UTF-16
380
- # encoding.
381
- # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
382
- pr_description = pr_description.dup.force_encoding(Encoding::UTF_16)
383
- if pr_description.length > MAX_PR_DESCRIPTION_LENGTH
384
- truncated_msg = (+"...\n\n_Description has been truncated_").force_encoding(Encoding::UTF_16)
385
- truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
386
- pr_description = (pr_description[0..truncate_length] + truncated_msg)
387
- end
388
- pr_description.force_encoding(Encoding::UTF_8)
389
- end
390
-
391
375
  def tags_creation_forbidden?(response)
392
376
  return if response.body.empty?
393
377
 
@@ -15,11 +15,9 @@ module Dependabot
15
15
 
16
16
  def contains?(dependency)
17
17
  return true if @dependencies.include?(dependency)
18
+ return false if matches_excluded_pattern?(dependency.name)
18
19
 
19
- positive_match = rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
20
- negative_match = rules["exclude-patterns"]&.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
21
-
22
- positive_match && !negative_match
20
+ matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
23
21
  end
24
22
 
25
23
  def to_h
@@ -32,5 +30,29 @@ module Dependabot
32
30
  "groups" => { name => rules }
33
31
  }.to_yaml.delete_prefix("---\n")
34
32
  end
33
+
34
+ private
35
+
36
+ def matches_pattern?(dependency_name)
37
+ return true unless rules.key?("patterns") # If no patterns are defined, we pass this check by default
38
+
39
+ rules["patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
40
+ end
41
+
42
+ def matches_excluded_pattern?(dependency_name)
43
+ return false unless rules.key?("exclude-patterns") # If there are no exclusions, fail by default
44
+
45
+ rules["exclude-patterns"].any? { |rule| WildcardMatcher.match?(rule, dependency_name) }
46
+ end
47
+
48
+ def matches_dependency_type?(dependency)
49
+ return true unless rules.key?("dependency-type") # If no dependency-type is set, match by default
50
+
51
+ rules["dependency-type"] == if dependency.production?
52
+ "production"
53
+ else
54
+ "development"
55
+ end
56
+ end
35
57
  end
36
58
  end
@@ -112,13 +112,17 @@ module Dependabot
112
112
  command = "git ls-remote #{service_pack_uri}"
113
113
  command = SharedHelpers.escape_command(command)
114
114
 
115
- stdout, stderr, process = Open3.capture3(env, command)
116
- # package the command response like a HTTP response so error handling
117
- # remains unchanged
118
- if process.success?
119
- OpenStruct.new(body: stdout, status: 200)
115
+ begin
116
+ stdout, stderr, process = Open3.capture3(env, command)
117
+ # package the command response like a HTTP response so error handling remains unchanged
118
+ rescue Errno::ENOENT => e # thrown when `git` isn't installed...
119
+ OpenStruct.new(body: e.message, status: 500)
120
120
  else
121
- OpenStruct.new(body: stderr, status: 500)
121
+ if process.success?
122
+ OpenStruct.new(body: stdout, status: 200)
123
+ else
124
+ OpenStruct.new(body: stderr, status: 500)
125
+ end
122
126
  end
123
127
  end
124
128
 
@@ -10,6 +10,11 @@ module Dependabot
10
10
  :files, :commit_message, :pr_description, :pr_name,
11
11
  :author_details, :labeler, :reviewers, :assignees, :work_item
12
12
 
13
+ # Azure DevOps limits PR descriptions to a max of 4,000 characters in UTF-16 encoding:
14
+ # https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
15
+ PR_DESCRIPTION_MAX_LENGTH = 3_999 # 0 based count
16
+ PR_DESCRIPTION_ENCODING = Encoding::UTF_16
17
+
13
18
  def initialize(source:, branch_name:, base_commit:, credentials:,
14
19
  files:, commit_message:, pr_description:, pr_name:,
15
20
  author_details:, labeler:, reviewers: nil, assignees: nil, work_item: nil)
@@ -10,6 +10,10 @@ module Dependabot
10
10
  :files, :commit_message, :pr_description, :pr_name,
11
11
  :author_details, :labeler
12
12
 
13
+ # CodeCommit limits PR descriptions to a max length of 10,240 characters:
14
+ # https://docs.aws.amazon.com/codecommit/latest/APIReference/API_PullRequest.html
15
+ PR_DESCRIPTION_MAX_LENGTH = 10_239 # 0 based count
16
+
13
17
  def initialize(source:, branch_name:, base_commit:, credentials:,
14
18
  files:, commit_message:, pr_description:, pr_name:,
15
19
  author_details:, labeler:, require_up_to_date_base:)
@@ -9,7 +9,9 @@ module Dependabot
9
9
  class PullRequestCreator
10
10
  # rubocop:disable Metrics/ClassLength
11
11
  class Github
12
- MAX_PR_DESCRIPTION_LENGTH = 65_536 # characters (see #create_pull_request)
12
+ # GitHub limits PR descriptions to a max of 65,536 characters:
13
+ # https://github.com/orgs/community/discussions/27190#discussioncomment-3726017
14
+ PR_DESCRIPTION_MAX_LENGTH = 65_535 # 0 based count
13
15
 
14
16
  attr_reader :source, :branch_name, :base_commit, :credentials,
15
17
  :files, :pr_description, :pr_name, :commit_message,
@@ -349,18 +351,6 @@ module Dependabot
349
351
  end
350
352
 
351
353
  def create_pull_request
352
- # Limit PR description to MAX_PR_DESCRIPTION_LENGTH (65,536) characters
353
- # and truncate with message if over. The API limit is 262,144 bytes
354
- # (https://github.community/t/maximum-length-for-the-comment-body-in-issues-and-pr/148867/2).
355
- # As Ruby strings are UTF-8 encoded, this is a pessimistic limit: it
356
- # presumes the case where all characters are 4 bytes.
357
- pr_description = @pr_description.dup
358
- if pr_description && pr_description.length > MAX_PR_DESCRIPTION_LENGTH
359
- truncated_msg = "...\n\n_Description has been truncated_"
360
- truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
361
- pr_description = (pr_description[0, truncate_length] + truncated_msg)
362
- end
363
-
364
354
  github_client_for_source.create_pull_request(
365
355
  source.repo,
366
356
  target_branch,
@@ -22,13 +22,16 @@ module Dependabot
22
22
  attr_reader :source, :dependencies, :files, :credentials,
23
23
  :pr_message_header, :pr_message_footer,
24
24
  :commit_message_options, :vulnerabilities_fixed,
25
- :github_redirection_service, :dependency_group
25
+ :github_redirection_service, :dependency_group, :pr_message_max_length,
26
+ :pr_message_encoding
27
+
28
+ TRUNCATED_MSG = "...\n\n_Description has been truncated_"
26
29
 
27
30
  def initialize(source:, dependencies:, files:, credentials:,
28
31
  pr_message_header: nil, pr_message_footer: nil,
29
32
  commit_message_options: {}, vulnerabilities_fixed: {},
30
33
  github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
31
- dependency_group: nil)
34
+ dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil)
32
35
  @dependencies = dependencies
33
36
  @files = files
34
37
  @source = source
@@ -39,8 +42,14 @@ module Dependabot
39
42
  @vulnerabilities_fixed = vulnerabilities_fixed
40
43
  @github_redirection_service = github_redirection_service
41
44
  @dependency_group = dependency_group
45
+ @pr_message_max_length = pr_message_max_length
46
+ @pr_message_encoding = pr_message_encoding
42
47
  end
43
48
 
49
+ attr_writer :pr_message_max_length
50
+
51
+ attr_writer :pr_message_encoding
52
+
44
53
  def pr_name
45
54
  name = dependency_group ? group_pr_name : solo_pr_name
46
55
  name[0] = name[0].capitalize if pr_name_prefixer.capitalize_first_word?
@@ -48,13 +57,31 @@ module Dependabot
48
57
  end
49
58
 
50
59
  def pr_message
51
- suffixed_pr_message_header + commit_message_intro +
52
- metadata_cascades + prefixed_pr_message_footer
60
+ msg = "#{suffixed_pr_message_header}#{commit_message_intro}#{metadata_cascades}#{prefixed_pr_message_footer}"
61
+ truncate_pr_message(msg)
53
62
  rescue StandardError => e
54
63
  Dependabot.logger.error("Error while generating PR message: #{e.message}")
55
64
  suffixed_pr_message_header + prefixed_pr_message_footer
56
65
  end
57
66
 
67
+ # Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
68
+ # The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
69
+ def truncate_pr_message(msg)
70
+ return msg if pr_message_max_length.nil?
71
+
72
+ msg = msg.dup
73
+ msg = msg.force_encoding(pr_message_encoding) unless pr_message_encoding.nil?
74
+
75
+ if msg.length > pr_message_max_length
76
+ tr_msg = pr_message_encoding.nil? ? TRUNCATED_MSG : (+TRUNCATED_MSG).dup.force_encoding(pr_message_encoding)
77
+ trunc_length = pr_message_max_length - tr_msg.length
78
+ msg = (msg[0..trunc_length] + tr_msg)
79
+ end
80
+ # if we used a custom encoding for calculating length, then we need to force back to UTF-8
81
+ msg.force_encoding(Encoding::UTF_8) unless pr_message_encoding.nil?
82
+ msg
83
+ end
84
+
58
85
  def commit_message
59
86
  message = commit_subject + "\n\n"
60
87
  message += commit_message_intro
@@ -49,7 +49,8 @@ module Dependabot
49
49
  :commit_message_options, :vulnerabilities_fixed,
50
50
  :reviewers, :assignees, :milestone, :branch_name_separator,
51
51
  :branch_name_prefix, :branch_name_max_length, :github_redirection_service,
52
- :custom_headers, :provider_metadata, :dependency_group
52
+ :custom_headers, :provider_metadata, :dependency_group, :pr_message_max_length,
53
+ :pr_message_encoding
53
54
 
54
55
  def initialize(source:, base_commit:, dependencies:, files:, credentials:,
55
56
  pr_message_header: nil, pr_message_footer: nil,
@@ -61,7 +62,8 @@ module Dependabot
61
62
  automerge_candidate: false,
62
63
  github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
63
64
  custom_headers: nil, require_up_to_date_base: false,
64
- provider_metadata: {}, message: nil, dependency_group: nil)
65
+ provider_metadata: {}, message: nil, dependency_group: nil, pr_message_max_length: nil,
66
+ pr_message_encoding: nil)
65
67
  @dependencies = dependencies
66
68
  @source = source
67
69
  @base_commit = base_commit
@@ -88,6 +90,8 @@ module Dependabot
88
90
  @provider_metadata = provider_metadata
89
91
  @message = message
90
92
  @dependency_group = dependency_group
93
+ @pr_message_max_length = pr_message_max_length
94
+ @pr_message_encoding = pr_message_encoding
91
95
 
92
96
  check_dependencies_have_previous_version
93
97
  end
@@ -216,19 +220,32 @@ module Dependabot
216
220
  end
217
221
 
218
222
  def message
219
- @message ||=
220
- MessageBuilder.new(
221
- source: source,
222
- dependencies: dependencies,
223
- files: files,
224
- credentials: credentials,
225
- commit_message_options: commit_message_options,
226
- pr_message_header: pr_message_header,
227
- pr_message_footer: pr_message_footer,
228
- vulnerabilities_fixed: vulnerabilities_fixed,
229
- github_redirection_service: github_redirection_service,
230
- dependency_group: dependency_group
231
- )
223
+ return @message unless @message.nil?
224
+
225
+ case source.provider
226
+ when "github"
227
+ @pr_message_max_length = Github::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
228
+ when "azure"
229
+ @pr_message_max_length = Azure::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
230
+ @pr_message_encoding = Azure::PR_DESCRIPTION_ENCODING if @pr_message_encoding.nil?
231
+ when "codecommit"
232
+ @pr_message_max_length = Codecommit::PR_DESCRIPTION_MAX_LENGTH if @pr_message_max_length.nil?
233
+ end
234
+
235
+ @message = MessageBuilder.new(
236
+ source: source,
237
+ dependencies: dependencies,
238
+ files: files,
239
+ credentials: credentials,
240
+ commit_message_options: commit_message_options,
241
+ pr_message_header: pr_message_header,
242
+ pr_message_footer: pr_message_footer,
243
+ vulnerabilities_fixed: vulnerabilities_fixed,
244
+ github_redirection_service: github_redirection_service,
245
+ dependency_group: dependency_group,
246
+ pr_message_max_length: pr_message_max_length,
247
+ pr_message_encoding: pr_message_encoding
248
+ )
232
249
  end
233
250
 
234
251
  def branch_namer
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.222.0"
4
+ VERSION = "0.224.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.222.0
4
+ version: 0.224.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-25 00:00:00.000000000 Z
11
+ date: 2023-07-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
486
486
  - Nonstandard
487
487
  metadata:
488
488
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
489
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.222.0
489
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
490
490
  post_install_message:
491
491
  rdoc_options: []
492
492
  require_paths: