dependabot-common 0.224.0 → 0.225.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eff50d0047fd94f2b62e76e55d42561e17780c26da251ba55cd04f493bce0cb5
|
4
|
+
data.tar.gz: 34d2e201f6198e4478a2b13d8e2c12162ae1a2e74b6c66ebfd45e12518379155
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 97d3947770789948f293026af11c4a8f065831ebf4c5ee5f06c3e2fe147766b5d4615b2497fbd7dfbfb4589a07df52a91de9c7041fe49cd74795fd3fb6be6437
|
7
|
+
data.tar.gz: 640a7855071b6c94d1a8e91972bf4e34792e6ffcf02ac38d1bb6a42e985fdfc3479b994c645fdb24d77fe450f84e39aef0e6bef2ab41c0394989f9c63f792f19
|
@@ -1,16 +1,42 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "dependabot/experiments"
|
4
|
+
require "dependabot/config/ignore_condition"
|
5
|
+
require "dependabot/logger"
|
6
|
+
|
3
7
|
require "wildcard_matcher"
|
4
8
|
require "yaml"
|
5
9
|
|
6
10
|
module Dependabot
|
7
11
|
class DependencyGroup
|
12
|
+
ANY_DEPENDENCY_NAME = "*"
|
13
|
+
SECURITY_UPDATES_ONLY = false
|
14
|
+
|
15
|
+
DEFAULT_UPDATE_TYPES = [
|
16
|
+
SEMVER_MAJOR = "major",
|
17
|
+
SEMVER_MINOR = "minor",
|
18
|
+
SEMVER_PATCH = "patch"
|
19
|
+
].freeze
|
20
|
+
|
21
|
+
IGNORE_CONDITION_TYPES = {
|
22
|
+
SEMVER_MAJOR => Dependabot::Config::IgnoreCondition::MAJOR_VERSION_TYPE,
|
23
|
+
SEMVER_MINOR => Dependabot::Config::IgnoreCondition::MINOR_VERSION_TYPE,
|
24
|
+
SEMVER_PATCH => Dependabot::Config::IgnoreCondition::PATCH_VERSION_TYPE
|
25
|
+
}.freeze
|
26
|
+
|
27
|
+
class NullIgnoreCondition
|
28
|
+
def ignored_versions(_dependency, _security_updates_only)
|
29
|
+
[]
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
8
33
|
attr_reader :name, :rules, :dependencies
|
9
34
|
|
10
35
|
def initialize(name:, rules:)
|
11
36
|
@name = name
|
12
37
|
@rules = rules
|
13
38
|
@dependencies = []
|
39
|
+
@ignore_condition = generate_ignore_condition!
|
14
40
|
end
|
15
41
|
|
16
42
|
def contains?(dependency)
|
@@ -20,6 +46,18 @@ module Dependabot
|
|
20
46
|
matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
|
21
47
|
end
|
22
48
|
|
49
|
+
# This method generates ignored versions for the given Dependency based on
|
50
|
+
# the any update-types we have defined.
|
51
|
+
def ignored_versions_for(dependency)
|
52
|
+
@ignore_condition.ignored_versions(dependency, SECURITY_UPDATES_ONLY)
|
53
|
+
end
|
54
|
+
|
55
|
+
def targets_highest_versions_possible?
|
56
|
+
return true unless experimental_rules_enabled?
|
57
|
+
|
58
|
+
update_types.include?(SEMVER_MAJOR)
|
59
|
+
end
|
60
|
+
|
23
61
|
def to_h
|
24
62
|
{ "name" => name }
|
25
63
|
end
|
@@ -54,5 +92,49 @@ module Dependabot
|
|
54
92
|
"development"
|
55
93
|
end
|
56
94
|
end
|
95
|
+
|
96
|
+
def pattern_rules?
|
97
|
+
rules.key?("patterns") && rules["patterns"]&.any?
|
98
|
+
end
|
99
|
+
|
100
|
+
def update_types
|
101
|
+
rules.fetch("update-types", DEFAULT_UPDATE_TYPES)
|
102
|
+
end
|
103
|
+
|
104
|
+
def generate_ignore_condition!
|
105
|
+
return NullIgnoreCondition.new unless experimental_rules_enabled?
|
106
|
+
|
107
|
+
ignored_update_types = ignored_update_types_for_rules
|
108
|
+
|
109
|
+
return NullIgnoreCondition.new unless ignored_update_types.any?
|
110
|
+
|
111
|
+
Dependabot.logger.debug("The #{name} group has set ignores for update-type(s): #{ignored_update_types}")
|
112
|
+
|
113
|
+
Dependabot::Config::IgnoreCondition.new(
|
114
|
+
dependency_name: ANY_DEPENDENCY_NAME,
|
115
|
+
update_types: ignored_update_types
|
116
|
+
)
|
117
|
+
end
|
118
|
+
|
119
|
+
def ignored_update_types_for_rules
|
120
|
+
unless update_types.is_a?(Array)
|
121
|
+
raise ArgumentError,
|
122
|
+
"The #{name} group has an unexpected value for update-types: '#{update_types}'"
|
123
|
+
end
|
124
|
+
|
125
|
+
unless update_types.any?
|
126
|
+
raise ArgumentError,
|
127
|
+
"The #{name} group has specified an empty array for update-types."
|
128
|
+
end
|
129
|
+
|
130
|
+
ignored_update_types = DEFAULT_UPDATE_TYPES - update_types
|
131
|
+
return [] if ignored_update_types.empty?
|
132
|
+
|
133
|
+
IGNORE_CONDITION_TYPES.fetch_values(*ignored_update_types)
|
134
|
+
end
|
135
|
+
|
136
|
+
def experimental_rules_enabled?
|
137
|
+
Dependabot::Experiments.enabled?(:grouped_updates_experimental_rules)
|
138
|
+
end
|
57
139
|
end
|
58
140
|
end
|
@@ -23,7 +23,7 @@ module Dependabot
|
|
23
23
|
:pr_message_header, :pr_message_footer,
|
24
24
|
:commit_message_options, :vulnerabilities_fixed,
|
25
25
|
:github_redirection_service, :dependency_group, :pr_message_max_length,
|
26
|
-
:pr_message_encoding
|
26
|
+
:pr_message_encoding, :ignore_conditions
|
27
27
|
|
28
28
|
TRUNCATED_MSG = "...\n\n_Description has been truncated_"
|
29
29
|
|
@@ -31,7 +31,7 @@ module Dependabot
|
|
31
31
|
pr_message_header: nil, pr_message_footer: nil,
|
32
32
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
33
33
|
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
34
|
-
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil)
|
34
|
+
dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil, ignore_conditions: [])
|
35
35
|
@dependencies = dependencies
|
36
36
|
@files = files
|
37
37
|
@source = source
|
@@ -44,6 +44,7 @@ module Dependabot
|
|
44
44
|
@dependency_group = dependency_group
|
45
45
|
@pr_message_max_length = pr_message_max_length
|
46
46
|
@pr_message_encoding = pr_message_encoding
|
47
|
+
@ignore_conditions = ignore_conditions
|
47
48
|
end
|
48
49
|
|
49
50
|
attr_writer :pr_message_max_length
|
@@ -57,13 +58,31 @@ module Dependabot
|
|
57
58
|
end
|
58
59
|
|
59
60
|
def pr_message
|
60
|
-
|
61
|
+
# TODO: Remove unignore_commands? feature flag once we are confident
|
62
|
+
# that it is working as expected
|
63
|
+
msg = if unignore_commands?
|
64
|
+
"#{suffixed_pr_message_header}" \
|
65
|
+
"#{commit_message_intro}" \
|
66
|
+
"#{metadata_cascades}" \
|
67
|
+
"#{ignore_conditions_table}" \
|
68
|
+
"#{prefixed_pr_message_footer}"
|
69
|
+
else
|
70
|
+
"#{suffixed_pr_message_header}" \
|
71
|
+
"#{commit_message_intro}" \
|
72
|
+
"#{metadata_cascades}" \
|
73
|
+
"#{prefixed_pr_message_footer}"
|
74
|
+
end
|
75
|
+
|
61
76
|
truncate_pr_message(msg)
|
62
77
|
rescue StandardError => e
|
63
78
|
Dependabot.logger.error("Error while generating PR message: #{e.message}")
|
64
79
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
65
80
|
end
|
66
81
|
|
82
|
+
def unignore_commands?
|
83
|
+
Experiments.enabled?(:unignore_commands)
|
84
|
+
end
|
85
|
+
|
67
86
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
68
87
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
69
88
|
def truncate_pr_message(msg)
|
@@ -504,6 +523,46 @@ module Dependabot
|
|
504
523
|
).to_s
|
505
524
|
end
|
506
525
|
|
526
|
+
def ignore_conditions_table
|
527
|
+
# Return an empty string if ignore_conditions is empty
|
528
|
+
return "" if @ignore_conditions.empty?
|
529
|
+
|
530
|
+
# Filter out the conditions where from_config_file is false and dependency is in @dependencies
|
531
|
+
valid_ignore_conditions = @ignore_conditions.select do |ic|
|
532
|
+
!ic[:from_config_file] && dependencies.any? { |dep| dep.name == ic[:dependency_name] }
|
533
|
+
end
|
534
|
+
|
535
|
+
# Return an empty string if no valid ignore conditions after filtering
|
536
|
+
return "" if valid_ignore_conditions.empty?
|
537
|
+
|
538
|
+
# Sort them by updated_at (or created_at if updated_at is nil), taking the latest 20
|
539
|
+
sorted_ignore_conditions = valid_ignore_conditions.sort_by { |ic| ic[:updated_at] || ic[:created_at] }.last(20)
|
540
|
+
|
541
|
+
# Map each condition to a row string
|
542
|
+
table_rows = sorted_ignore_conditions.map do |ic|
|
543
|
+
"| #{ic[:dependency_name]} | [#{ic[:version_requirement]}] |"
|
544
|
+
end
|
545
|
+
|
546
|
+
summary = "Most Recent Ignore Conditions Applied to This Pull Request"
|
547
|
+
build_table(summary, table_rows)
|
548
|
+
end
|
549
|
+
|
550
|
+
def build_table(summary, rows)
|
551
|
+
table_header = "| Dependency Name | Ignore Conditions |"
|
552
|
+
table_divider = "| --- | --- |"
|
553
|
+
table_body = rows.join("\n")
|
554
|
+
body = "\n#{[table_header, table_divider, table_body].join("\n")}\n"
|
555
|
+
|
556
|
+
if %w(azure bitbucket codecommit).include?(source.provider)
|
557
|
+
"\n##{summary}\n\n#{body}"
|
558
|
+
else
|
559
|
+
# Build the collapsible section
|
560
|
+
msg = "<details>\n<summary>#{summary}</summary>\n\n" \
|
561
|
+
"#{[table_header, table_divider, table_body].join("\n")}\n</details>"
|
562
|
+
"\n#{msg}\n"
|
563
|
+
end
|
564
|
+
end
|
565
|
+
|
507
566
|
def changelog_url(dependency)
|
508
567
|
metadata_finder(dependency).changelog_url
|
509
568
|
end
|
@@ -166,6 +166,7 @@ module Dependabot
|
|
166
166
|
previous_version: previous_version,
|
167
167
|
previous_requirements: dependency.requirements,
|
168
168
|
package_manager: dependency.package_manager,
|
169
|
+
metadata: dependency.metadata,
|
169
170
|
subdependency_metadata: dependency.subdependency_metadata
|
170
171
|
)
|
171
172
|
end
|
@@ -181,6 +182,7 @@ module Dependabot
|
|
181
182
|
previous_version: previous_version,
|
182
183
|
previous_requirements: dependency.requirements,
|
183
184
|
package_manager: dependency.package_manager,
|
185
|
+
metadata: dependency.metadata,
|
184
186
|
subdependency_metadata: dependency.subdependency_metadata
|
185
187
|
)
|
186
188
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.225.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-07-
|
11
|
+
date: 2023-07-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -486,7 +486,7 @@ licenses:
|
|
486
486
|
- Nonstandard
|
487
487
|
metadata:
|
488
488
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
489
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
489
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
|
490
490
|
post_install_message:
|
491
491
|
rdoc_options: []
|
492
492
|
require_paths:
|