dependabot-common 0.227.0 → 0.229.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e7821b483eacc96c321f9dba2b95892317ba3c73f530820c5490677488c3399
4
- data.tar.gz: bc801665fabf999aac3d5065b1e2689fc98df6b98baa082e64da043fc1ef7995
3
+ metadata.gz: 5e851f5d32a6d2f1add4781ed00d14b25638fe48034eb33def72ee00e9a2bcf3
4
+ data.tar.gz: 74ea5d577f55d6a8a304bc52a91296130f619548c9c40813baeae1c47ee25640
5
5
  SHA512:
6
- metadata.gz: 2e1fb470523d4ea14fbe43f15155f089489fec19354aeb391d5bfa860944ea3286ed40db48630b7861dbcf6cdb2534a637d8f76e3ce322b14a9d0a8365c885a9
7
- data.tar.gz: f486b2b36383f38064575b3022929ce110cab12ef863762dbae31a8d36691e0a8af59e2252a31b960a3b53d31f1ab8758f10411a8a53a3e12a50ff007a96f410
6
+ metadata.gz: ee6e2b243a1fb81ab46f2a02f136227c5cd147a38922f00db9fc44c89115e27f8ddb7c0445085cd16439fe35c0b1bc8609d693e108d63672cff7f88cbe13c40d
7
+ data.tar.gz: e059c7e5da28f0e4c45ad0171cf955ae25b113a7bbb779458a3b3fbe0e52ef39cbb6d78c180a257b9b963fcb85632cbcc80d20c2021996e070240509b5019ada
@@ -373,7 +373,7 @@ module Dependabot
373
373
  end
374
374
 
375
375
  def tags_creation_forbidden?(response)
376
- return if response.body.empty?
376
+ return false if response.body.empty?
377
377
 
378
378
  message = JSON.parse(response.body).fetch("message", nil)
379
379
  message&.include?("TF401289")
@@ -7,6 +7,11 @@ module Dependabot
7
7
  class GitlabWithRetries
8
8
  RETRYABLE_ERRORS = [Gitlab::Error::BadGateway].freeze
9
9
 
10
+ class ContentEncoding
11
+ BASE64 = "base64"
12
+ TEXT = "text"
13
+ end
14
+
10
15
  #######################
11
16
  # Constructor methods #
12
17
  #######################
@@ -60,6 +65,24 @@ module Dependabot
60
65
  @client = ::Gitlab::Client.new(args)
61
66
  end
62
67
 
68
+ # Create commit in gitlab repo with correctly mapped file actions
69
+ #
70
+ # @param [String] repo
71
+ # @param [String] branch_name
72
+ # @param [String] commit_message
73
+ # @param [Array<Dependabot::DependencyFile>] files
74
+ # @param [Hash] options
75
+ # @return [Gitlab::ObjectifiedHash]
76
+ def create_commit(repo, branch_name, commit_message, files, **options)
77
+ @client.create_commit(
78
+ repo,
79
+ branch_name,
80
+ commit_message,
81
+ file_actions(files),
82
+ **options
83
+ )
84
+ end
85
+
63
86
  def method_missing(method_name, *args, &block)
64
87
  retry_connection_failures do
65
88
  if @client.respond_to?(method_name)
@@ -85,6 +108,47 @@ module Dependabot
85
108
  retry_attempt <= @max_retries ? retry : raise
86
109
  end
87
110
  end
111
+
112
+ private
113
+
114
+ # Array of file actions for a commit
115
+ #
116
+ # @param [Array<Dependabot::DependencyFile>] files
117
+ # @return [Array<Hash>]
118
+ def file_actions(files)
119
+ files.map do |file|
120
+ {
121
+ action: file_action(file),
122
+ encoding: file_encoding(file),
123
+ file_path: file.type == "symlink" ? file.symlink_target : file.path,
124
+ content: file.content
125
+ }
126
+ end
127
+ end
128
+
129
+ # Single file action
130
+ #
131
+ # @param [Dependabot::DependencyFile] file
132
+ # @return [String]
133
+ def file_action(file)
134
+ if file.operation == Dependabot::DependencyFile::Operation::DELETE
135
+ "delete"
136
+ elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
137
+ "create"
138
+ else
139
+ "update"
140
+ end
141
+ end
142
+
143
+ # Encoding option for gitlab commit operation
144
+ #
145
+ # @param [Dependabot::DependencyFile] file
146
+ # @return [String]
147
+ def file_encoding(file)
148
+ return ContentEncoding::BASE64 if file.content_encoding == Dependabot::DependencyFile::ContentEncoding::BASE64
149
+
150
+ ContentEncoding::TEXT
151
+ end
88
152
  end
89
153
  end
90
154
  end
@@ -157,14 +157,14 @@ module Dependabot
157
157
  previous_refs = previous_requirements.filter_map do |r|
158
158
  r.dig(:source, "ref") || r.dig(:source, :ref)
159
159
  end.uniq
160
- return previous_refs.first if previous_refs.count == 1
160
+ previous_refs.first if previous_refs.count == 1
161
161
  end
162
162
 
163
163
  def new_ref
164
164
  new_refs = requirements.filter_map do |r|
165
165
  r.dig(:source, "ref") || r.dig(:source, :ref)
166
166
  end.uniq
167
- return new_refs.first if new_refs.count == 1
167
+ new_refs.first if new_refs.count == 1
168
168
  end
169
169
 
170
170
  def ref_changed?
@@ -9,12 +9,21 @@ require "yaml"
9
9
 
10
10
  module Dependabot
11
11
  class DependencyGroup
12
- attr_reader :name, :rules, :dependencies
12
+ attr_reader :name, :rules, :dependencies, :handled_dependencies
13
13
 
14
14
  def initialize(name:, rules:)
15
15
  @name = name
16
16
  @rules = rules
17
17
  @dependencies = []
18
+ @handled_dependencies = Set.new
19
+ end
20
+
21
+ def add_to_handled(*dependencies)
22
+ @handled_dependencies += dependencies.map(&:name)
23
+ end
24
+
25
+ def add_all_to_handled
26
+ @handled_dependencies += dependencies.map(&:name)
18
27
  end
19
28
 
20
29
  def contains?(dependency)
@@ -333,14 +333,14 @@ module Dependabot
333
333
  previous_refs = dependency.previous_requirements.filter_map do |r|
334
334
  r.dig(:source, "ref") || r.dig(:source, :ref)
335
335
  end.uniq
336
- return previous_refs.first if previous_refs.count == 1
336
+ previous_refs.first if previous_refs.count == 1
337
337
  end
338
338
 
339
339
  def new_ref
340
340
  new_refs = dependency.requirements.filter_map do |r|
341
341
  r.dig(:source, "ref") || r.dig(:source, :ref)
342
342
  end.uniq
343
- return new_refs.first if new_refs.count == 1
343
+ new_refs.first if new_refs.count == 1
344
344
  end
345
345
 
346
346
  def ref_changed?
@@ -140,14 +140,14 @@ module Dependabot
140
140
  previous_refs = dependency.previous_requirements.filter_map do |r|
141
141
  r.dig(:source, "ref") || r.dig(:source, :ref)
142
142
  end.uniq
143
- return previous_refs.first if previous_refs.count == 1
143
+ previous_refs.first if previous_refs.count == 1
144
144
  end
145
145
 
146
146
  def new_ref
147
147
  new_refs = dependency.requirements.filter_map do |r|
148
148
  r.dig(:source, "ref") || r.dig(:source, :ref)
149
149
  end.uniq
150
- return new_refs.first if new_refs.count == 1
150
+ new_refs.first if new_refs.count == 1
151
151
  end
152
152
 
153
153
  # TODO: Refactor me so that Composer doesn't need to be special cased
@@ -139,7 +139,7 @@ module Dependabot
139
139
  previous_refs = dependency.previous_requirements.filter_map do |r|
140
140
  r.dig(:source, "ref") || r.dig(:source, :ref)
141
141
  end.uniq
142
- return previous_refs.first if previous_refs.count == 1
142
+ previous_refs.first if previous_refs.count == 1
143
143
  end
144
144
 
145
145
  def new_ref
@@ -148,7 +148,7 @@ module Dependabot
148
148
  new_refs = dependency.requirements.filter_map do |r|
149
149
  r.dig(:source, "ref") || r.dig(:source, :ref)
150
150
  end.uniq
151
- return new_refs.first if new_refs.count == 1
151
+ new_refs.first if new_refs.count == 1
152
152
  end
153
153
 
154
154
  def tag_matches_version?(tag, version)
@@ -189,7 +189,7 @@ module Dependabot
189
189
  end
190
190
 
191
191
  def version_regex(version)
192
- /(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
192
+ /(?:[^0-9\.]|\A)#{Regexp.escape(version || 'unknown')}\z/
193
193
  end
194
194
 
195
195
  def version_class
@@ -285,14 +285,14 @@ module Dependabot
285
285
  previous_refs = dependency.previous_requirements.filter_map do |r|
286
286
  r.dig(:source, "ref") || r.dig(:source, :ref)
287
287
  end.uniq
288
- return previous_refs.first if previous_refs.count == 1
288
+ previous_refs.first if previous_refs.count == 1
289
289
  end
290
290
 
291
291
  def new_ref
292
292
  new_refs = dependency.requirements.filter_map do |r|
293
293
  r.dig(:source, "ref") || r.dig(:source, :ref)
294
294
  end.uniq
295
- return new_refs.first if new_refs.count == 1
295
+ new_refs.first if new_refs.count == 1
296
296
  end
297
297
 
298
298
  def ref_changed?
@@ -131,14 +131,14 @@ module Dependabot
131
131
  previous_refs = dependency.previous_requirements.filter_map do |r|
132
132
  r.dig(:source, "ref") || r.dig(:source, :ref)
133
133
  end.uniq
134
- return previous_refs.first if previous_refs.count == 1
134
+ previous_refs.first if previous_refs.count == 1
135
135
  end
136
136
 
137
137
  def new_ref(dependency)
138
138
  new_refs = dependency.requirements.filter_map do |r|
139
139
  r.dig(:source, "ref") || r.dig(:source, :ref)
140
140
  end.uniq
141
- return new_refs.first if new_refs.count == 1
141
+ new_refs.first if new_refs.count == 1
142
142
  end
143
143
 
144
144
  def ref_changed?(dependency)
@@ -99,32 +99,10 @@ module Dependabot
99
99
  source.repo,
100
100
  branch_name,
101
101
  commit_message,
102
- file_actions
102
+ files
103
103
  )
104
104
  end
105
105
 
106
- def file_actions
107
- files.map do |file|
108
- {
109
- action: file_action(file),
110
- file_path: file.type == "symlink" ? file.symlink_target : file.path,
111
- content: file.content,
112
- encoding: file.content_encoding
113
- }
114
- end
115
- end
116
-
117
- # @param [DependencyFile] file
118
- def file_action(file)
119
- if file.operation == Dependabot::DependencyFile::Operation::DELETE
120
- "delete"
121
- elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
122
- "create"
123
- else
124
- "update"
125
- end
126
- end
127
-
128
106
  def create_submodule_update_commit
129
107
  file = files.first
130
108
 
@@ -622,7 +622,8 @@ module Dependabot
622
622
 
623
623
  req = old_reqs.first.fetch(:requirement)
624
624
  return req if req
625
- return dependency.previous_ref if dependency.ref_changed?
625
+
626
+ dependency.previous_ref if dependency.ref_changed?
626
627
  end
627
628
 
628
629
  def new_library_requirement(dependency)
@@ -649,7 +650,7 @@ module Dependabot
649
650
  # Reject any nested child gemspecs/vendored git dependencies
650
651
  root_files = files.map(&:name).
651
652
  select { |p| Pathname.new(p).dirname.to_s == "." }
652
- return true if root_files.select { |nm| nm.end_with?(".gemspec") }.any?
653
+ return true if root_files.any? { |nm| nm.end_with?(".gemspec") }
653
654
 
654
655
  dependencies.any? { |d| d.humanized_previous_version.nil? }
655
656
  end
@@ -68,33 +68,11 @@ module Dependabot
68
68
  source.repo,
69
69
  merge_request.source_branch,
70
70
  commit_being_updated.title,
71
- file_actions,
71
+ files,
72
72
  force: true,
73
73
  start_branch: merge_request.target_branch
74
74
  )
75
75
  end
76
-
77
- def file_actions
78
- files.map do |file|
79
- {
80
- action: file_action(file),
81
- file_path: file.type == "symlink" ? file.symlink_target : file.path,
82
- content: file.content,
83
- encoding: file.content_encoding
84
- }
85
- end
86
- end
87
-
88
- # @param [DependencyFile] file
89
- def file_action(file)
90
- if file.operation == Dependabot::DependencyFile::Operation::DELETE
91
- "delete"
92
- elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
93
- "create"
94
- else
95
- "update"
96
- end
97
- end
98
76
  end
99
77
  end
100
78
  end
@@ -17,7 +17,7 @@ require "dependabot"
17
17
 
18
18
  module Dependabot
19
19
  module SharedHelpers
20
- GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
20
+ GIT_CONFIG_GLOBAL_PATH = File.expand_path(".gitconfig", Utils::BUMP_TMP_DIR_PATH)
21
21
  USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
22
22
  "#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
23
23
  "(#{RUBY_PLATFORM}) " \
@@ -182,13 +182,23 @@ module Dependabot
182
182
  end
183
183
 
184
184
  def self.with_git_configured(credentials:)
185
- backup_git_config_path, safe_directories = stash_global_git_config
186
- configure_git_to_use_https_with_credentials(credentials, safe_directories)
187
- yield
185
+ safe_directories = find_safe_directories
186
+
187
+ FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
188
+
189
+ previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
190
+
191
+ begin
192
+ ENV["GIT_CONFIG_GLOBAL"] = GIT_CONFIG_GLOBAL_PATH
193
+ configure_git_to_use_https_with_credentials(credentials, safe_directories)
194
+ yield
195
+ ensure
196
+ ENV["GIT_CONFIG_GLOBAL"] = previous_config
197
+ end
188
198
  rescue Errno::ENOSPC => e
189
199
  raise Dependabot::OutOfDisk, e.message
190
200
  ensure
191
- reset_global_git_config(backup_git_config_path)
201
+ FileUtils.rm_f(GIT_CONFIG_GLOBAL_PATH)
192
202
  end
193
203
 
194
204
  # Handle SCP-style git URIs
@@ -221,7 +231,6 @@ module Dependabot
221
231
  )
222
232
 
223
233
  # see https://github.blog/2022-04-12-git-security-vulnerability-announced/
224
- safe_directories ||= []
225
234
  safe_directories.each do |path|
226
235
  run_shell_command("git config --global --add safe.directory #{path}")
227
236
  end
@@ -296,30 +305,12 @@ module Dependabot
296
305
  end
297
306
  end
298
307
 
299
- def self.stash_global_git_config
300
- return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
301
-
302
- contents = File.read(GIT_CONFIG_GLOBAL_PATH)
303
- digest = Digest::SHA2.hexdigest(contents)[0...10]
304
- backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
305
-
308
+ def self.find_safe_directories
306
309
  # to preserve safe directories from global .gitconfig
307
310
  output, process = Open3.capture2("git config --global --get-all safe.directory")
308
311
  safe_directories = []
309
312
  safe_directories = output.split("\n").compact if process.success?
310
-
311
- FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
312
- [backup_path, safe_directories]
313
- end
314
-
315
- def self.reset_global_git_config(backup_path)
316
- if backup_path.nil?
317
- FileUtils.rm(GIT_CONFIG_GLOBAL_PATH)
318
- return
319
- end
320
- return unless File.exist?(backup_path)
321
-
322
- FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
313
+ safe_directories
323
314
  end
324
315
 
325
316
  def self.run_shell_command(command,
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "tmpdir"
3
4
  require "set"
4
5
 
5
6
  # TODO: in due course, these "registries" should live in a wrapper gem, not
@@ -7,7 +8,7 @@ require "set"
7
8
  module Dependabot
8
9
  module Utils
9
10
  BUMP_TMP_FILE_PREFIX = "dependabot_"
10
- BUMP_TMP_DIR_PATH = "tmp"
11
+ BUMP_TMP_DIR_PATH = File.expand_path(Dir::Tmpname.create("", "tmp") { nil })
11
12
 
12
13
  @version_classes = {}
13
14
 
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.227.0"
4
+ VERSION = "0.229.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.227.0
4
+ version: 0.229.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-18 00:00:00.000000000 Z
11
+ date: 2023-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -332,14 +332,14 @@ dependencies:
332
332
  requirements:
333
333
  - - "~>"
334
334
  - !ruby/object:Gem::Version
335
- version: 1.50.0
335
+ version: 1.56.0
336
336
  type: :development
337
337
  prerelease: false
338
338
  version_requirements: !ruby/object:Gem::Requirement
339
339
  requirements:
340
340
  - - "~>"
341
341
  - !ruby/object:Gem::Version
342
- version: 1.50.0
342
+ version: 1.56.0
343
343
  - !ruby/object:Gem::Dependency
344
344
  name: rubocop-performance
345
345
  requirement: !ruby/object:Gem::Requirement
@@ -486,7 +486,7 @@ licenses:
486
486
  - Nonstandard
487
487
  metadata:
488
488
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
489
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
489
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.229.0
490
490
  post_install_message:
491
491
  rdoc_options: []
492
492
  require_paths: