dependabot-common 0.229.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +4 -3
- data/lib/dependabot/clients/bitbucket.rb +4 -3
- data/lib/dependabot/clients/bitbucket_with_retries.rb +4 -3
- data/lib/dependabot/clients/codecommit.rb +6 -5
- data/lib/dependabot/clients/github_with_retries.rb +11 -10
- data/lib/dependabot/clients/gitlab_with_retries.rb +11 -10
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/config/file_fetcher.rb +1 -0
- data/lib/dependabot/config/ignore_condition.rb +1 -0
- data/lib/dependabot/config/update_config.rb +10 -9
- data/lib/dependabot/config.rb +1 -0
- data/lib/dependabot/dependency.rb +11 -10
- data/lib/dependabot/dependency_file.rb +1 -0
- data/lib/dependabot/dependency_group.rb +1 -0
- data/lib/dependabot/errors.rb +1 -0
- data/lib/dependabot/experiments.rb +1 -0
- data/lib/dependabot/file_fetchers/base.rb +27 -26
- data/lib/dependabot/file_fetchers.rb +1 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
- data/lib/dependabot/file_parsers/base.rb +1 -0
- data/lib/dependabot/file_parsers.rb +1 -0
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -0
- data/lib/dependabot/file_updaters/base.rb +1 -0
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -0
- data/lib/dependabot/file_updaters.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +22 -21
- data/lib/dependabot/git_metadata_fetcher.rb +13 -12
- data/lib/dependabot/logger.rb +1 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +26 -25
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +44 -43
- data/lib/dependabot/metadata_finders/base/release_finder.rb +25 -24
- data/lib/dependabot/metadata_finders/base.rb +3 -2
- data/lib/dependabot/metadata_finders.rb +1 -0
- data/lib/dependabot/pull_request_creator/azure.rb +1 -0
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +36 -35
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -0
- data/lib/dependabot/pull_request_creator/codecommit.rb +3 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +1 -0
- data/lib/dependabot/pull_request_creator/github.rb +23 -27
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +18 -17
- data/lib/dependabot/pull_request_creator/message.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +8 -7
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +18 -17
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +61 -60
- data/lib/dependabot/pull_request_creator.rb +7 -0
- data/lib/dependabot/pull_request_updater/azure.rb +1 -0
- data/lib/dependabot/pull_request_updater/github.rb +5 -4
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_updater.rb +1 -0
- data/lib/dependabot/registry_client.rb +1 -0
- data/lib/dependabot/security_advisory.rb +5 -4
- data/lib/dependabot/shared_helpers.rb +5 -4
- data/lib/dependabot/simple_instrumentor.rb +1 -0
- data/lib/dependabot/source.rb +5 -4
- data/lib/dependabot/update_checkers/base.rb +7 -6
- data/lib/dependabot/update_checkers/version_filters.rb +1 -0
- data/lib/dependabot/update_checkers.rb +1 -0
- data/lib/dependabot/utils.rb +1 -0
- data/lib/dependabot/version.rb +1 -0
- data/lib/dependabot/workspace/base.rb +1 -0
- data/lib/dependabot/workspace/change_attempt.rb +1 -0
- data/lib/dependabot/workspace/git.rb +1 -0
- data/lib/dependabot/workspace.rb +1 -0
- data/lib/dependabot.rb +2 -1
- data/lib/wildcard_matcher.rb +4 -3
- metadata +33 -5
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -111,11 +112,11 @@ module Dependabot
|
|
111
112
|
|
112
113
|
def changelog_from_ref(ref)
|
113
114
|
files =
|
114
|
-
dependency_file_list(ref)
|
115
|
-
select { |f| f.type == "file" }
|
116
|
-
reject { |f| f.name.end_with?(".sh") }
|
117
|
-
reject { |f| f.size > 1_000_000 }
|
118
|
-
reject { |f| f.size < 100 }
|
115
|
+
dependency_file_list(ref)
|
116
|
+
.select { |f| f.type == "file" }
|
117
|
+
.reject { |f| f.name.end_with?(".sh") }
|
118
|
+
.reject { |f| f.size > 1_000_000 }
|
119
|
+
.reject { |f| f.size < 100 }
|
119
120
|
|
120
121
|
select_best_changelog(files)
|
121
122
|
end
|
@@ -176,7 +177,7 @@ module Dependabot
|
|
176
177
|
|
177
178
|
return unless @file_text[file.download_url].valid_encoding?
|
178
179
|
|
179
|
-
@file_text[file.download_url].
|
180
|
+
@file_text[file.download_url].rstrip
|
180
181
|
end
|
181
182
|
|
182
183
|
def fetch_github_file(file_source, file)
|
@@ -194,13 +195,13 @@ module Dependabot
|
|
194
195
|
end
|
195
196
|
|
196
197
|
def fetch_bitbucket_file(file)
|
197
|
-
bitbucket_client.get(file.download_url).body
|
198
|
-
|
198
|
+
bitbucket_client.get(file.download_url).body
|
199
|
+
.force_encoding("UTF-8").encode
|
199
200
|
end
|
200
201
|
|
201
202
|
def fetch_azure_file(file)
|
202
|
-
azure_client.get(file.download_url).body
|
203
|
-
|
203
|
+
azure_client.get(file.download_url).body
|
204
|
+
.force_encoding("UTF-8").encode
|
204
205
|
end
|
205
206
|
|
206
207
|
def upgrade_guide
|
@@ -210,11 +211,11 @@ module Dependabot
|
|
210
211
|
# than the major version
|
211
212
|
return unless major_version_upgrade?
|
212
213
|
|
213
|
-
dependency_file_list
|
214
|
-
select { |f| f.type == "file" }
|
215
|
-
select { |f| f.name.casecmp("upgrade.md").zero? }
|
216
|
-
reject { |f| f.size > 1_000_000 }
|
217
|
-
max_by(&:size)
|
214
|
+
dependency_file_list
|
215
|
+
.select { |f| f.type == "file" }
|
216
|
+
.select { |f| f.name.casecmp("upgrade.md").zero? }
|
217
|
+
.reject { |f| f.size > 1_000_000 }
|
218
|
+
.max_by(&:size)
|
218
219
|
end
|
219
220
|
|
220
221
|
def dependency_file_list(ref = nil)
|
@@ -370,30 +371,30 @@ module Dependabot
|
|
370
371
|
end
|
371
372
|
|
372
373
|
def gitlab_client
|
373
|
-
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
374
|
-
for_gitlab_dot_com(credentials: credentials)
|
374
|
+
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
375
|
+
.for_gitlab_dot_com(credentials: credentials)
|
375
376
|
end
|
376
377
|
|
377
378
|
def github_client
|
378
|
-
@github_client ||= Dependabot::Clients::GithubWithRetries
|
379
|
-
for_source(source: source, credentials: credentials)
|
379
|
+
@github_client ||= Dependabot::Clients::GithubWithRetries
|
380
|
+
.for_source(source: source, credentials: credentials)
|
380
381
|
end
|
381
382
|
|
382
383
|
def azure_client
|
383
|
-
@azure_client ||= Dependabot::Clients::Azure
|
384
|
-
for_source(source: source, credentials: credentials)
|
384
|
+
@azure_client ||= Dependabot::Clients::Azure
|
385
|
+
.for_source(source: source, credentials: credentials)
|
385
386
|
end
|
386
387
|
|
387
388
|
def github_client_for_source(client_source)
|
388
389
|
return github_client if client_source == source
|
389
390
|
|
390
|
-
Dependabot::Clients::GithubWithRetries
|
391
|
-
for_source(source: client_source, credentials: credentials)
|
391
|
+
Dependabot::Clients::GithubWithRetries
|
392
|
+
.for_source(source: client_source, credentials: credentials)
|
392
393
|
end
|
393
394
|
|
394
395
|
def bitbucket_client
|
395
|
-
@bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
|
396
|
-
for_bitbucket_dot_org(credentials: credentials)
|
396
|
+
@bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
|
397
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
397
398
|
end
|
398
399
|
|
399
400
|
def default_bitbucket_branch
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/metadata_finders/base"
|
@@ -48,7 +49,7 @@ module Dependabot
|
|
48
49
|
Range.new(0, -1)
|
49
50
|
end
|
50
51
|
|
51
|
-
changelog_lines.slice(slice_range).join("\n").
|
52
|
+
changelog_lines.slice(slice_range).join("\n").rstrip
|
52
53
|
end
|
53
54
|
|
54
55
|
private
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/clients/github_with_retries"
|
@@ -57,9 +58,9 @@ module Dependabot
|
|
57
58
|
|
58
59
|
return new_ref if new_ref && ref_changed?
|
59
60
|
|
60
|
-
tags = dependency_tags
|
61
|
-
select { |tag| tag_matches_version?(tag, new_version) }
|
62
|
-
sort_by(&:length)
|
61
|
+
tags = dependency_tags
|
62
|
+
.select { |tag| tag_matches_version?(tag, new_version) }
|
63
|
+
.sort_by(&:length)
|
63
64
|
|
64
65
|
tags.find { |t| t.include?(dependency.name) } || tags.first
|
65
66
|
end
|
@@ -76,9 +77,9 @@ module Dependabot
|
|
76
77
|
elsif previous_ref && ref_changed?
|
77
78
|
previous_ref
|
78
79
|
elsif previous_version
|
79
|
-
tags = dependency_tags
|
80
|
-
select { |tag| tag_matches_version?(tag, previous_version) }
|
81
|
-
sort_by(&:length)
|
80
|
+
tags = dependency_tags
|
81
|
+
.select { |tag| tag_matches_version?(tag, previous_version) }
|
82
|
+
.sort_by(&:length)
|
82
83
|
|
83
84
|
tags.find { |t| t.include?(dependency.name) } || tags.first
|
84
85
|
elsif !git_source?(dependency.previous_requirements)
|
@@ -89,10 +90,10 @@ module Dependabot
|
|
89
90
|
# rubocop:enable Metrics/PerceivedComplexity
|
90
91
|
|
91
92
|
def lowest_tag_satisfying_previous_requirements
|
92
|
-
tags = dependency_tags
|
93
|
-
select { |t| version_from_tag(t) }
|
94
|
-
select { |t| satisfies_previous_reqs?(version_from_tag(t)) }
|
95
|
-
sort_by { |t| [version_from_tag(t), t.length] }
|
93
|
+
tags = dependency_tags
|
94
|
+
.select { |t| version_from_tag(t) }
|
95
|
+
.select { |t| satisfies_previous_reqs?(version_from_tag(t)) }
|
96
|
+
.sort_by { |t| [version_from_tag(t), t.length] }
|
96
97
|
|
97
98
|
tags.find { |t| t.include?(dependency.name) } || tags.first
|
98
99
|
end
|
@@ -110,9 +111,9 @@ module Dependabot
|
|
110
111
|
dependency.previous_requirements.all? do |req|
|
111
112
|
next true unless req.fetch(:requirement)
|
112
113
|
|
113
|
-
requirement_class
|
114
|
-
requirements_array(req.fetch(:requirement))
|
115
|
-
all? { |r| r.satisfied_by?(version) }
|
114
|
+
requirement_class
|
115
|
+
.requirements_array(req.fetch(:requirement))
|
116
|
+
.all? { |r| r.satisfied_by?(version) }
|
116
117
|
end
|
117
118
|
end
|
118
119
|
|
@@ -172,10 +173,10 @@ module Dependabot
|
|
172
173
|
def fetch_dependency_tags
|
173
174
|
return [] unless source
|
174
175
|
|
175
|
-
GitMetadataFetcher
|
176
|
-
new(url: source.url, credentials: credentials)
|
177
|
-
tags
|
178
|
-
map(&:name)
|
176
|
+
GitMetadataFetcher
|
177
|
+
.new(url: source.url, credentials: credentials)
|
178
|
+
.tags
|
179
|
+
.map(&:name)
|
179
180
|
rescue Dependabot::GitDependenciesNotReachable,
|
180
181
|
Octokit::ServiceUnavailable
|
181
182
|
# ServiceUnavailable normally means a DMCA takedown
|
@@ -186,9 +187,9 @@ module Dependabot
|
|
186
187
|
if part_of_monorepo?
|
187
188
|
# If part of a monorepo then we're better off linking to the commits
|
188
189
|
# for that directory than trying to put together a compare URL
|
189
|
-
Pathname
|
190
|
-
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory))
|
191
|
-
cleanpath.to_path
|
190
|
+
Pathname
|
191
|
+
.new(File.join("commits/#{new_tag || 'HEAD'}", source.directory))
|
192
|
+
.cleanpath.to_path
|
192
193
|
elsif new_tag && previous_tag
|
193
194
|
"compare/#{previous_tag}...#{new_tag}"
|
194
195
|
else
|
@@ -243,9 +244,9 @@ module Dependabot
|
|
243
244
|
# NOTE: We reverse this so it's consistent with the array we get
|
244
245
|
# from `github_client.compare(...)`
|
245
246
|
args = { sha: new_tag, path: path }.compact
|
246
|
-
github_client
|
247
|
-
commits(repo, **args)
|
248
|
-
reject { |c| previous_commit_shas.include?(c.sha) }.reverse
|
247
|
+
github_client
|
248
|
+
.commits(repo, **args)
|
249
|
+
.reject { |c| previous_commit_shas.include?(c.sha) }.reverse
|
249
250
|
end
|
250
251
|
return [] unless commits
|
251
252
|
|
@@ -261,9 +262,9 @@ module Dependabot
|
|
261
262
|
end
|
262
263
|
|
263
264
|
def fetch_bitbucket_commits
|
264
|
-
bitbucket_client
|
265
|
-
compare(source.repo, previous_tag, new_tag)
|
266
|
-
map do |commit|
|
265
|
+
bitbucket_client
|
266
|
+
.compare(source.repo, previous_tag, new_tag)
|
267
|
+
.map do |commit|
|
267
268
|
{
|
268
269
|
message: commit.dig("summary", "raw"),
|
269
270
|
sha: commit["hash"],
|
@@ -280,10 +281,10 @@ module Dependabot
|
|
280
281
|
end
|
281
282
|
|
282
283
|
def fetch_gitlab_commits
|
283
|
-
gitlab_client
|
284
|
-
compare(source.repo, previous_tag, new_tag)
|
285
|
-
commits
|
286
|
-
map do |commit|
|
284
|
+
gitlab_client
|
285
|
+
.compare(source.repo, previous_tag, new_tag)
|
286
|
+
.commits
|
287
|
+
.map do |commit|
|
287
288
|
{
|
288
289
|
message: commit["message"],
|
289
290
|
sha: commit["id"],
|
@@ -296,9 +297,9 @@ module Dependabot
|
|
296
297
|
|
297
298
|
def fetch_azure_commits
|
298
299
|
type = git_sha?(new_tag) ? "commit" : "tag"
|
299
|
-
azure_client
|
300
|
-
compare(previous_tag, new_tag, type)
|
301
|
-
map do |commit|
|
300
|
+
azure_client
|
301
|
+
.compare(previous_tag, new_tag, type)
|
302
|
+
.map do |commit|
|
302
303
|
{
|
303
304
|
message: commit["comment"],
|
304
305
|
sha: commit["commitId"],
|
@@ -315,23 +316,23 @@ module Dependabot
|
|
315
316
|
end
|
316
317
|
|
317
318
|
def gitlab_client
|
318
|
-
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
319
|
-
for_gitlab_dot_com(credentials: credentials)
|
319
|
+
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
320
|
+
.for_gitlab_dot_com(credentials: credentials)
|
320
321
|
end
|
321
322
|
|
322
323
|
def github_client
|
323
|
-
@github_client ||= Dependabot::Clients::GithubWithRetries
|
324
|
-
for_source(source: source, credentials: credentials)
|
324
|
+
@github_client ||= Dependabot::Clients::GithubWithRetries
|
325
|
+
.for_source(source: source, credentials: credentials)
|
325
326
|
end
|
326
327
|
|
327
328
|
def azure_client
|
328
|
-
@azure_client ||= Dependabot::Clients::Azure
|
329
|
-
for_source(source: source, credentials: credentials)
|
329
|
+
@azure_client ||= Dependabot::Clients::Azure
|
330
|
+
.for_source(source: source, credentials: credentials)
|
330
331
|
end
|
331
332
|
|
332
333
|
def bitbucket_client
|
333
|
-
@bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
|
334
|
-
for_bitbucket_dot_org(credentials: credentials)
|
334
|
+
@bitbucket_client ||= Dependabot::Clients::BitbucketWithRetries
|
335
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
335
336
|
end
|
336
337
|
|
337
338
|
def part_of_monorepo?
|
@@ -355,8 +356,8 @@ module Dependabot
|
|
355
356
|
end
|
356
357
|
|
357
358
|
def reliable_source_directory?
|
358
|
-
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
359
|
-
include?(dependency.package_manager)
|
359
|
+
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
360
|
+
.include?(dependency.package_manager)
|
360
361
|
end
|
361
362
|
|
362
363
|
def default_gitlab_branch
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/clients/github_with_retries"
|
@@ -49,9 +50,9 @@ module Dependabot
|
|
49
50
|
dep_prefix = dependency.name.downcase
|
50
51
|
|
51
52
|
releases_with_dependency_name =
|
52
|
-
releases
|
53
|
-
reject { |r| r.tag_name.nil? }
|
54
|
-
select { |r| r.tag_name.downcase.include?(dep_prefix) }
|
53
|
+
releases
|
54
|
+
.reject { |r| r.tag_name.nil? }
|
55
|
+
.select { |r| r.tag_name.downcase.include?(dep_prefix) }
|
55
56
|
|
56
57
|
return releases unless releases_with_dependency_name.any?
|
57
58
|
|
@@ -116,13 +117,13 @@ module Dependabot
|
|
116
117
|
releases.reject do |release|
|
117
118
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
118
119
|
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
119
|
-
dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
120
|
-
|
120
|
+
dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
121
|
+
.map { |nm| nm.chars.count(".") }.max
|
121
122
|
|
122
|
-
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
123
|
-
|
124
|
-
|
125
|
-
|
123
|
+
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
124
|
+
.select { |nm| version_class.correct?(nm) }
|
125
|
+
.select { |nm| nm.chars.count(".") == dot_count }
|
126
|
+
.map { |nm| version_class.new(nm) }.max
|
126
127
|
|
127
128
|
next conservative unless tag_version
|
128
129
|
|
@@ -138,13 +139,13 @@ module Dependabot
|
|
138
139
|
releases.reject do |release|
|
139
140
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
140
141
|
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
141
|
-
dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
142
|
-
|
142
|
+
dot_count = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
143
|
+
.map { |nm| nm.chars.count(".") }.max
|
143
144
|
|
144
|
-
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
145
|
-
|
146
|
-
|
147
|
-
|
145
|
+
tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?)
|
146
|
+
.select { |nm| version_class.correct?(nm) }
|
147
|
+
.select { |nm| nm.chars.count(".") == dot_count }
|
148
|
+
.map { |nm| version_class.new(nm) }.min
|
148
149
|
|
149
150
|
next conservative unless tag_version
|
150
151
|
|
@@ -232,11 +233,11 @@ module Dependabot
|
|
232
233
|
|
233
234
|
def fetch_gitlab_releases
|
234
235
|
releases =
|
235
|
-
gitlab_client
|
236
|
-
tags(source.repo)
|
237
|
-
select(&:release)
|
238
|
-
sort_by { |r| r.commit.authored_date }
|
239
|
-
reverse
|
236
|
+
gitlab_client
|
237
|
+
.tags(source.repo)
|
238
|
+
.select(&:release)
|
239
|
+
.sort_by { |r| r.commit.authored_date }
|
240
|
+
.reverse
|
240
241
|
|
241
242
|
releases.map do |tag|
|
242
243
|
OpenStruct.new(
|
@@ -301,13 +302,13 @@ module Dependabot
|
|
301
302
|
end
|
302
303
|
|
303
304
|
def gitlab_client
|
304
|
-
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
305
|
-
for_gitlab_dot_com(credentials: credentials)
|
305
|
+
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries
|
306
|
+
.for_gitlab_dot_com(credentials: credentials)
|
306
307
|
end
|
307
308
|
|
308
309
|
def github_client
|
309
|
-
@github_client ||= Dependabot::Clients::GithubWithRetries
|
310
|
-
for_source(source: source, credentials: credentials)
|
310
|
+
@github_client ||= Dependabot::Clients::GithubWithRetries
|
311
|
+
.for_source(source: source, credentials: credentials)
|
311
312
|
end
|
312
313
|
end
|
313
314
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/source"
|
@@ -127,8 +128,8 @@ module Dependabot
|
|
127
128
|
end
|
128
129
|
|
129
130
|
def reliable_source_directory?
|
130
|
-
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
131
|
-
include?(dependency.package_manager)
|
131
|
+
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES
|
132
|
+
.include?(dependency.package_manager)
|
132
133
|
end
|
133
134
|
end
|
134
135
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "digest"
|
@@ -18,11 +19,11 @@ module Dependabot
|
|
18
19
|
elsif dependencies.count > 1 && updating_a_dependency_set?
|
19
20
|
dependency_set.fetch(:group)
|
20
21
|
else
|
21
|
-
dependencies
|
22
|
-
map(&:name)
|
23
|
-
join("-and-")
|
24
|
-
tr(":[]", "-")
|
25
|
-
tr("@", "")
|
22
|
+
dependencies
|
23
|
+
.map(&:name)
|
24
|
+
.join("-and-")
|
25
|
+
.tr(":[]", "-")
|
26
|
+
.tr("@", "")
|
26
27
|
end
|
27
28
|
|
28
29
|
"#{dependency_name_part}-#{branch_version_suffix}"
|
@@ -47,21 +48,21 @@ module Dependabot
|
|
47
48
|
end
|
48
49
|
|
49
50
|
def updating_a_property?
|
50
|
-
dependencies.first
|
51
|
-
|
52
|
-
|
51
|
+
dependencies.first
|
52
|
+
.requirements
|
53
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
53
54
|
end
|
54
55
|
|
55
56
|
def updating_a_dependency_set?
|
56
|
-
dependencies.first
|
57
|
-
|
58
|
-
|
57
|
+
dependencies.first
|
58
|
+
.requirements
|
59
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
59
60
|
end
|
60
61
|
|
61
62
|
def property_name
|
62
|
-
@property_name ||= dependencies.first.requirements
|
63
|
-
|
64
|
-
dig(:metadata, :property_name)
|
63
|
+
@property_name ||= dependencies.first.requirements
|
64
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
65
|
+
&.dig(:metadata, :property_name)
|
65
66
|
|
66
67
|
raise "No property name!" unless @property_name
|
67
68
|
|
@@ -69,9 +70,9 @@ module Dependabot
|
|
69
70
|
end
|
70
71
|
|
71
72
|
def dependency_set
|
72
|
-
@dependency_set ||= dependencies.first.requirements
|
73
|
-
|
74
|
-
dig(:metadata, :dependency_set)
|
73
|
+
@dependency_set ||= dependencies.first.requirements
|
74
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
75
|
+
&.dig(:metadata, :dependency_set)
|
75
76
|
|
76
77
|
raise "No dependency set!" unless @dependency_set
|
77
78
|
|
@@ -93,21 +94,21 @@ module Dependabot
|
|
93
94
|
end
|
94
95
|
|
95
96
|
def sanitized_requirement(dependency)
|
96
|
-
new_library_requirement(dependency)
|
97
|
-
delete(" ")
|
98
|
-
gsub("!=", "neq-")
|
99
|
-
gsub(">=", "gte-")
|
100
|
-
gsub("<=", "lte-")
|
101
|
-
gsub("~>", "tw-")
|
102
|
-
gsub("^", "tw-")
|
103
|
-
gsub("||", "or-")
|
104
|
-
gsub("~", "approx-")
|
105
|
-
gsub("~=", "tw-")
|
106
|
-
gsub(/==*/, "eq-")
|
107
|
-
gsub(">", "gt-")
|
108
|
-
gsub("<", "lt-")
|
109
|
-
gsub("*", "star")
|
110
|
-
gsub(",", "-and-")
|
97
|
+
new_library_requirement(dependency)
|
98
|
+
.delete(" ")
|
99
|
+
.gsub("!=", "neq-")
|
100
|
+
.gsub(">=", "gte-")
|
101
|
+
.gsub("<=", "lte-")
|
102
|
+
.gsub("~>", "tw-")
|
103
|
+
.gsub("^", "tw-")
|
104
|
+
.gsub("||", "or-")
|
105
|
+
.gsub("~", "approx-")
|
106
|
+
.gsub("~=", "tw-")
|
107
|
+
.gsub(/==*/, "eq-")
|
108
|
+
.gsub(">", "gt-")
|
109
|
+
.gsub("<", "lt-")
|
110
|
+
.gsub("*", "star")
|
111
|
+
.gsub(",", "-and-")
|
111
112
|
end
|
112
113
|
|
113
114
|
def new_version(dependency)
|
@@ -119,9 +120,9 @@ module Dependabot
|
|
119
120
|
dependency.version[0..6]
|
120
121
|
elsif dependency.version == dependency.previous_version &&
|
121
122
|
package_manager == "docker"
|
122
|
-
dependency.requirements
|
123
|
-
|
124
|
-
|
123
|
+
dependency.requirements
|
124
|
+
.filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
|
125
|
+
.first.split(":").last[0..6]
|
125
126
|
else
|
126
127
|
dependency.version
|
127
128
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/clients/codecommit"
|
@@ -102,8 +103,8 @@ module Dependabot
|
|
102
103
|
def unmerged_pull_request_exists?
|
103
104
|
unmerged_prs = []
|
104
105
|
pull_requests_for_branch.each do |pr|
|
105
|
-
unless pr.pull_request
|
106
|
-
|
106
|
+
unless pr.pull_request
|
107
|
+
.pull_request_targets[0].merge_metadata.is_merged
|
107
108
|
unmerged_prs << pr
|
108
109
|
end
|
109
110
|
end
|