dependabot-common 0.224.0 → 0.225.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_group.rb +82 -0
  3. data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
  4. data/lib/dependabot/pull_request_creator/message_builder.rb +62 -3
  5. data/lib/dependabot/update_checkers/base.rb +2 -0
  6. data/lib/dependabot.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 967a29e273078457f5010415215784a3bf9bd8b9cd78e101ab8d7dc97ab42fba
4
- data.tar.gz: c840404ceecf85c06defa6748f5075c1e336e3878f0f18c3d1c6282b986d86b4
3
+ metadata.gz: eff50d0047fd94f2b62e76e55d42561e17780c26da251ba55cd04f493bce0cb5
4
+ data.tar.gz: 34d2e201f6198e4478a2b13d8e2c12162ae1a2e74b6c66ebfd45e12518379155
5
5
  SHA512:
6
- metadata.gz: 1bdead2177caa4c1c9cd90371bf07cb8def978492718809f3a67ee995f24c4da02424989d25f87298ad2ac04b371c63108a9520d58e33d0b6f925446dfc0d5be
7
- data.tar.gz: 2e5f484acea22c05982c2840317f7f559171ca239b846da310ac2ae40b7006fe10df16d1e26f204d3ccee0e163e8c51af5e283635f929edb1fbeaa5d6986c2ad
6
+ metadata.gz: 97d3947770789948f293026af11c4a8f065831ebf4c5ee5f06c3e2fe147766b5d4615b2497fbd7dfbfb4589a07df52a91de9c7041fe49cd74795fd3fb6be6437
7
+ data.tar.gz: 640a7855071b6c94d1a8e91972bf4e34792e6ffcf02ac38d1bb6a42e985fdfc3479b994c645fdb24d77fe450f84e39aef0e6bef2ab41c0394989f9c63f792f19
data/lib/dependabot/dependency_group.rb CHANGED
@@ -1,16 +1,42 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/experiments"
4
+ require "dependabot/config/ignore_condition"
5
+ require "dependabot/logger"
6
+
3
7
  require "wildcard_matcher"
4
8
  require "yaml"
5
9
 
6
10
  module Dependabot
7
11
  class DependencyGroup
12
+ ANY_DEPENDENCY_NAME = "*"
13
+ SECURITY_UPDATES_ONLY = false
14
+
15
+ DEFAULT_UPDATE_TYPES = [
16
+ SEMVER_MAJOR = "major",
17
+ SEMVER_MINOR = "minor",
18
+ SEMVER_PATCH = "patch"
19
+ ].freeze
20
+
21
+ IGNORE_CONDITION_TYPES = {
22
+ SEMVER_MAJOR => Dependabot::Config::IgnoreCondition::MAJOR_VERSION_TYPE,
23
+ SEMVER_MINOR => Dependabot::Config::IgnoreCondition::MINOR_VERSION_TYPE,
24
+ SEMVER_PATCH => Dependabot::Config::IgnoreCondition::PATCH_VERSION_TYPE
25
+ }.freeze
26
+
27
+ class NullIgnoreCondition
28
+ def ignored_versions(_dependency, _security_updates_only)
29
+ []
30
+ end
31
+ end
32
+
8
33
  attr_reader :name, :rules, :dependencies
9
34
 
10
35
  def initialize(name:, rules:)
11
36
  @name = name
12
37
  @rules = rules
13
38
  @dependencies = []
39
+ @ignore_condition = generate_ignore_condition!
14
40
  end
15
41
 
16
42
  def contains?(dependency)
@@ -20,6 +46,18 @@ module Dependabot
20
46
  matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
21
47
  end
22
48
 
49
+ # This method generates ignored versions for the given Dependency based on
50
+ # the any update-types we have defined.
51
+ def ignored_versions_for(dependency)
52
+ @ignore_condition.ignored_versions(dependency, SECURITY_UPDATES_ONLY)
53
+ end
54
+
55
+ def targets_highest_versions_possible?
56
+ return true unless experimental_rules_enabled?
57
+
58
+ update_types.include?(SEMVER_MAJOR)
59
+ end
60
+
23
61
  def to_h
24
62
  { "name" => name }
25
63
  end
@@ -54,5 +92,49 @@ module Dependabot
54
92
  "development"
55
93
  end
56
94
  end
95
+
96
+ def pattern_rules?
97
+ rules.key?("patterns") && rules["patterns"]&.any?
98
+ end
99
+
100
+ def update_types
101
+ rules.fetch("update-types", DEFAULT_UPDATE_TYPES)
102
+ end
103
+
104
+ def generate_ignore_condition!
105
+ return NullIgnoreCondition.new unless experimental_rules_enabled?
106
+
107
+ ignored_update_types = ignored_update_types_for_rules
108
+
109
+ return NullIgnoreCondition.new unless ignored_update_types.any?
110
+
111
+ Dependabot.logger.debug("The #{name} group has set ignores for update-type(s): #{ignored_update_types}")
112
+
113
+ Dependabot::Config::IgnoreCondition.new(
114
+ dependency_name: ANY_DEPENDENCY_NAME,
115
+ update_types: ignored_update_types
116
+ )
117
+ end
118
+
119
+ def ignored_update_types_for_rules
120
+ unless update_types.is_a?(Array)
121
+ raise ArgumentError,
122
+ "The #{name} group has an unexpected value for update-types: '#{update_types}'"
123
+ end
124
+
125
+ unless update_types.any?
126
+ raise ArgumentError,
127
+ "The #{name} group has specified an empty array for update-types."
128
+ end
129
+
130
+ ignored_update_types = DEFAULT_UPDATE_TYPES - update_types
131
+ return [] if ignored_update_types.empty?
132
+
133
+ IGNORE_CONDITION_TYPES.fetch_values(*ignored_update_types)
134
+ end
135
+
136
+ def experimental_rules_enabled?
137
+ Dependabot::Experiments.enabled?(:grouped_updates_experimental_rules)
138
+ end
57
139
  end
58
140
  end
data/lib/dependabot/file_parsers/base/dependency_set.rb CHANGED
@@ -126,6 +126,7 @@ module Dependabot
126
126
  version: version,
127
127
  requirements: requirements,
128
128
  package_manager: old_dep.package_manager,
129
+ metadata: old_dep.metadata,
129
130
  subdependency_metadata: subdependency_metadata
130
131
  )
131
132
  end
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -23,7 +23,7 @@ module Dependabot
23
23
  :pr_message_header, :pr_message_footer,
24
24
  :commit_message_options, :vulnerabilities_fixed,
25
25
  :github_redirection_service, :dependency_group, :pr_message_max_length,
26
- :pr_message_encoding
26
+ :pr_message_encoding, :ignore_conditions
27
27
 
28
28
  TRUNCATED_MSG = "...\n\n_Description has been truncated_"
29
29
 
@@ -31,7 +31,7 @@ module Dependabot
31
31
  pr_message_header: nil, pr_message_footer: nil,
32
32
  commit_message_options: {}, vulnerabilities_fixed: {},
33
33
  github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
34
- dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil)
34
+ dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil, ignore_conditions: [])
35
35
  @dependencies = dependencies
36
36
  @files = files
37
37
  @source = source
@@ -44,6 +44,7 @@ module Dependabot
44
44
  @dependency_group = dependency_group
45
45
  @pr_message_max_length = pr_message_max_length
46
46
  @pr_message_encoding = pr_message_encoding
47
+ @ignore_conditions = ignore_conditions
47
48
  end
48
49
 
49
50
  attr_writer :pr_message_max_length
@@ -57,13 +58,31 @@ module Dependabot
57
58
  end
58
59
 
59
60
  def pr_message
60
- msg = "#{suffixed_pr_message_header}#{commit_message_intro}#{metadata_cascades}#{prefixed_pr_message_footer}"
61
+ # TODO: Remove unignore_commands? feature flag once we are confident
62
+ # that it is working as expected
63
+ msg = if unignore_commands?
64
+ "#{suffixed_pr_message_header}" \
65
+ "#{commit_message_intro}" \
66
+ "#{metadata_cascades}" \
67
+ "#{ignore_conditions_table}" \
68
+ "#{prefixed_pr_message_footer}"
69
+ else
70
+ "#{suffixed_pr_message_header}" \
71
+ "#{commit_message_intro}" \
72
+ "#{metadata_cascades}" \
73
+ "#{prefixed_pr_message_footer}"
74
+ end
75
+
61
76
  truncate_pr_message(msg)
62
77
  rescue StandardError => e
63
78
  Dependabot.logger.error("Error while generating PR message: #{e.message}")
64
79
  suffixed_pr_message_header + prefixed_pr_message_footer
65
80
  end
66
81
 
82
+ def unignore_commands?
83
+ Experiments.enabled?(:unignore_commands)
84
+ end
85
+
67
86
  # Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
68
87
  # The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
69
88
  def truncate_pr_message(msg)
@@ -504,6 +523,46 @@ module Dependabot
504
523
  ).to_s
505
524
  end
506
525
 
526
+ def ignore_conditions_table
527
+ # Return an empty string if ignore_conditions is empty
528
+ return "" if @ignore_conditions.empty?
529
+
530
+ # Filter out the conditions where from_config_file is false and dependency is in @dependencies
531
+ valid_ignore_conditions = @ignore_conditions.select do |ic|
532
+ !ic[:from_config_file] && dependencies.any? { |dep| dep.name == ic[:dependency_name] }
533
+ end
534
+
535
+ # Return an empty string if no valid ignore conditions after filtering
536
+ return "" if valid_ignore_conditions.empty?
537
+
538
+ # Sort them by updated_at (or created_at if updated_at is nil), taking the latest 20
539
+ sorted_ignore_conditions = valid_ignore_conditions.sort_by { |ic| ic[:updated_at] || ic[:created_at] }.last(20)
540
+
541
+ # Map each condition to a row string
542
+ table_rows = sorted_ignore_conditions.map do |ic|
543
+ "| #{ic[:dependency_name]} | [#{ic[:version_requirement]}] |"
544
+ end
545
+
546
+ summary = "Most Recent Ignore Conditions Applied to This Pull Request"
547
+ build_table(summary, table_rows)
548
+ end
549
+
550
+ def build_table(summary, rows)
551
+ table_header = "| Dependency Name | Ignore Conditions |"
552
+ table_divider = "| --- | --- |"
553
+ table_body = rows.join("\n")
554
+ body = "\n#{[table_header, table_divider, table_body].join("\n")}\n"
555
+
556
+ if %w(azure bitbucket codecommit).include?(source.provider)
557
+ "\n##{summary}\n\n#{body}"
558
+ else
559
+ # Build the collapsible section
560
+ msg = "<details>\n<summary>#{summary}</summary>\n\n" \
561
+ "#{[table_header, table_divider, table_body].join("\n")}\n</details>"
562
+ "\n#{msg}\n"
563
+ end
564
+ end
565
+
507
566
  def changelog_url(dependency)
508
567
  metadata_finder(dependency).changelog_url
509
568
  end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -166,6 +166,7 @@ module Dependabot
166
166
  previous_version: previous_version,
167
167
  previous_requirements: dependency.requirements,
168
168
  package_manager: dependency.package_manager,
169
+ metadata: dependency.metadata,
169
170
  subdependency_metadata: dependency.subdependency_metadata
170
171
  )
171
172
  end
@@ -181,6 +182,7 @@ module Dependabot
181
182
  previous_version: previous_version,
182
183
  previous_requirements: dependency.requirements,
183
184
  package_manager: dependency.package_manager,
185
+ metadata: dependency.metadata,
184
186
  subdependency_metadata: dependency.subdependency_metadata
185
187
  )
186
188
  end
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.224.0"
4
+ VERSION = "0.225.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.224.0
4
+ version: 0.225.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-27 00:00:00.000000000 Z
11
+ date: 2023-07-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
486
486
  - Nonstandard
487
487
  metadata:
488
488
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
489
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
489
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
490
490
  post_install_message:
491
491
  rdoc_options: []
492
492
  require_paths: