dependabot-common 0.229.0 → 0.231.0

data/lib/dependabot/pull_request_creator/github.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "octokit"
@@ -42,8 +43,12 @@ module Dependabot
       end
 
       def create
-        return if branch_exists?(branch_name) && unmerged_pull_request_exists?
-        return if require_up_to_date_base? && !base_commit_is_up_to_date?
+        if branch_exists?(branch_name) && unmerged_pull_request_exists?
+          raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.id} already exists"
+        end
+        if require_up_to_date_base? && !base_commit_is_up_to_date?
+          raise BaseCommitNotUpToDate, "HEAD #{head_commit} does not match base #{base_commit}"
+        end
 
         create_annotated_pull_request
       rescue AnnotationError, Octokit::Error => e
@@ -75,7 +80,11 @@ module Dependabot
       # rubocop:enable Metrics/PerceivedComplexity
 
       def unmerged_pull_request_exists?
-        pull_requests_for_branch.reject(&:merged).any?
+        unmerged_pull_requests.any?
+      end
+
+      def unmerged_pull_requests
+        pull_requests_for_branch.reject(&:merged)
       end
 
       def pull_requests_for_branch
@@ -105,16 +114,20 @@ module Dependabot
       end
 
       def base_commit_is_up_to_date?
-        git_metadata_fetcher.head_commit_for_ref(target_branch) == base_commit
+        head_commit == base_commit
+      end
+
+      def head_commit
+        @head_commit ||= git_metadata_fetcher.head_commit_for_ref(target_branch)
       end
 
       def create_annotated_pull_request
         commit = create_commit
         branch = create_or_update_branch(commit)
-        return unless branch
+        raise UnexpectedError, "Branch not created" unless branch
 
         pull_request = create_pull_request
-        return unless pull_request
+        raise UnexpectedError, "PR not created" unless pull_request
 
         begin
           annotate_pull_request(pull_request)
@@ -219,10 +232,7 @@ module Dependabot
         # A race condition may cause GitHub to fail here, in which case we retry
         retry_count ||= 0
         retry_count += 1
-        if retry_count > 10
-          raise "Repeatedly failed to create or update branch #{branch_name} " \
-                "with commit #{commit.sha}."
-        end
+        raise if retry_count > 10
 
         sleep(rand(1..1.99))
         retry
@@ -303,8 +313,8 @@ module Dependabot
           reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
         reviewers = []
         reviewers += reviewers_hash[:reviewers] || []
-        reviewers += (reviewers_hash[:team_reviewers] || []).
-                     map { |rv| "#{source.repo.split('/').first}/#{rv}" }
+        reviewers += (reviewers_hash[:team_reviewers] || [])
+                     .map { |rv| "#{source.repo.split('/').first}/#{rv}" }
 
         reviewers_string =
           if reviewers.count == 1
@@ -358,9 +368,7 @@ module Dependabot
           pr_description,
           headers: custom_headers || {}
         )
-      rescue Octokit::UnprocessableEntity => e
-        return handle_pr_creation_error(e) if e.message.include? "Error summary"
-
+      rescue Octokit::UnprocessableEntity
         # Sometimes PR creation fails with no details (presumably because the
         # details are internal). It doesn't hurt to retry in these cases, in
         # case the cause is a race.
@@ -371,18 +379,6 @@ module Dependabot
         retry
       end
 
-      def handle_pr_creation_error(error)
-        # Ignore races that we lose
-        return if error.message.include?("pull request already exists")
-
-        # Ignore cases where the target branch has been deleted
-        return if error.message.include?("field: base") &&
-                  source.branch &&
-                  !branch_exists?(source.branch)
-
-        raise
-      end
-
       def target_branch
         source.branch || default_branch
       end

data/lib/dependabot/pull_request_creator/gitlab.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/gitlab_with_retries"

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "octokit"
@@ -137,8 +138,8 @@ module Dependabot
         version_str = dep.previous_version
         return version_str if version_class.correct?(version_str)
 
-        source = dep.previous_requirements.
-                 find { |r| r.fetch(:source) }&.fetch(:source)
+        source = dep.previous_requirements
+                    .find { |r| r.fetch(:source) }&.fetch(:source)
         type = source&.fetch("type", nil) || source&.fetch(:type)
         return version_str unless type == "git"
 
@@ -233,8 +234,8 @@ module Dependabot
 
       def language_label
         label_name =
-          self.class.label_details_for_package_manager(package_manager).
-          fetch(:name)
+          self.class.label_details_for_package_manager(package_manager)
+              .fetch(:name)
         labels.find { |l| l.casecmp(label_name).zero? }
       end
 
@@ -252,9 +253,9 @@ module Dependabot
         client = github_client_for_source
 
         labels =
-          client.
-          labels(source.repo, per_page: 100).
-          map(&:name)
+          client
+          .labels(source.repo, per_page: 100)
+          .map(&:name)
 
         next_link = client.last_response.rels[:next]
 
@@ -268,16 +269,16 @@ module Dependabot
       end
 
       def fetch_gitlab_labels
-        gitlab_client_for_source.
-          labels(source.repo, per_page: 100).
-          auto_paginate.
-          map(&:name)
+        gitlab_client_for_source
+          .labels(source.repo, per_page: 100)
+          .auto_paginate
+          .map(&:name)
       end
 
       def fetch_azure_labels
         language_name =
-          self.class.label_details_for_package_manager(package_manager).
-          fetch(:name)
+          self.class.label_details_for_package_manager(package_manager)
+              .fetch(:name)
 
         @labels = [
           *@labels,
@@ -379,13 +380,13 @@ module Dependabot
 
       def create_gitlab_language_label
         language_name =
-          self.class.label_details_for_package_manager(package_manager).
-          fetch(:name)
+          self.class.label_details_for_package_manager(package_manager)
+              .fetch(:name)
         gitlab_client_for_source.create_label(
           source.repo,
           language_name,
-          "#" + self.class.label_details_for_package_manager(package_manager).
-                fetch(:colour)
+          "#" + self.class.label_details_for_package_manager(package_manager)
+                .fetch(:colour)
         )
         @labels = [*@labels, language_name].uniq
       end

data/lib/dependabot/pull_request_creator/message.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 module Dependabot

data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/pull_request_creator/message_builder"
@@ -28,15 +29,15 @@ module Dependabot
           # of them with an absolute link that uses the source URL
           ISSUE_LINK_REGEXS.reduce(text) do |updated_text, regex|
             updated_text.gsub(regex) do |issue_link|
-              tag = issue_link.
-                    match(/(?<tag>(?:\#|GH-)?\d+)/i).
-                    named_captures.fetch("tag")
+              tag = issue_link
+                    .match(/(?<tag>(?:\#|GH-)?\d+)/i)
+                    .named_captures.fetch("tag")
               number = tag.match(/\d+/).to_s
 
-              repo = issue_link.
-                     match("#{REPO_REGEX}#{TAG_REGEX}")&.
-                     named_captures&.
-                     fetch("repo", nil)
+              repo = issue_link
+                     .match("#{REPO_REGEX}#{TAG_REGEX}")
+                     &.named_captures
+                     &.fetch("repo", nil)
               source = repo ? "https://github.com/#{repo}" : source_url
 
               "[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "commonmarker"

data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/pull_request_creator/message_builder"
@@ -202,9 +203,9 @@ module Dependabot
         end
 
         def link_issues(text:)
-          IssueLinker.
-            new(source_url: source_url).
-            link_issues(text: text)
+          IssueLinker
+            .new(source_url: source_url)
+            .link_issues(text: text)
         end
 
         def fix_relative_links(text:, base_url:)
@@ -245,9 +246,9 @@ module Dependabot
         end
 
         def sanitize_links_and_mentions(text, unsafe: false)
-          LinkAndMentionSanitizer.
-            new(github_redirection_service: github_redirection_service).
-            sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
+          LinkAndMentionSanitizer
+            .new(github_redirection_service: github_redirection_service)
+            .sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
         end
 
         def sanitize_template_tags(text)

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "pathname"
@@ -392,15 +393,15 @@ module Dependabot
       end
 
       def updating_a_property?
-        dependencies.first.
-          requirements.
-          any? { |r| r.dig(:metadata, :property_name) }
+        dependencies.first
+                    .requirements
+                    .any? { |r| r.dig(:metadata, :property_name) }
       end
 
       def updating_a_dependency_set?
-        dependencies.first.
-          requirements.
-          any? { |r| r.dig(:metadata, :dependency_set) }
+        dependencies.first
+                    .requirements
+                    .any? { |r| r.dig(:metadata, :dependency_set) }
       end
 
       def removing_a_transitive_dependency?
@@ -413,9 +414,9 @@ module Dependabot
       end
 
       def property_name
-        @property_name ||= dependencies.first.requirements.
-                           find { |r| r.dig(:metadata, :property_name) }&.
-                           dig(:metadata, :property_name)
+        @property_name ||= dependencies.first.requirements
+                                       .find { |r| r.dig(:metadata, :property_name) }
+                           &.dig(:metadata, :property_name)
 
         raise "No property name!" unless @property_name
 
@@ -423,9 +424,9 @@ module Dependabot
       end
 
       def dependency_set
-        @dependency_set ||= dependencies.first.requirements.
-                            find { |r| r.dig(:metadata, :dependency_set) }&.
-                            dig(:metadata, :dependency_set)
+        @dependency_set ||= dependencies.first.requirements
+                                        .find { |r| r.dig(:metadata, :dependency_set) }
+                            &.dig(:metadata, :dependency_set)
 
         raise "No dependency set!" unless @dependency_set
 
@@ -596,9 +597,9 @@ module Dependabot
       def metadata_finder(dependency)
         @metadata_finder ||= {}
         @metadata_finder[dependency.name] ||=
-          MetadataFinders.
-          for_package_manager(dependency.package_manager).
-          new(dependency: dependency, credentials: credentials)
+          MetadataFinders
+          .for_package_manager(dependency.package_manager)
+          .new(dependency: dependency, credentials: credentials)
       end
 
       def pr_name_prefixer
@@ -648,8 +649,8 @@ module Dependabot
       # TODO re-use in BranchNamer
       def library?
         # Reject any nested child gemspecs/vendored git dependencies
-        root_files = files.map(&:name).
-                     select { |p| Pathname.new(p).dirname.to_s == "." }
+        root_files = files.map(&:name)
+                          .select { |p| Pathname.new(p).dirname.to_s == "." }
         return true if root_files.any? { |nm| nm.end_with?(".gemspec") }
 
         dependencies.any? { |d| d.humanized_previous_version.nil? }

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/azure"
@@ -179,12 +180,12 @@ module Dependabot
         angular_only_pres = ANGULAR_PREFIXES - ESLINT_PREFIXES.map(&:downcase)
 
         uses_eslint_only_pres =
-          recent_commit_messages.
-          any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
+          recent_commit_messages
+          .any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
 
         uses_angular_only_pres =
-          recent_commit_messages.
-          any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
+          recent_commit_messages
+          .any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
 
         # If using any angular-only prefixes, return true
         # (i.e., we assume Angular over ESLint when both are present)
@@ -220,12 +221,12 @@ module Dependabot
         raise "Not using angular commits!" unless using_angular_commit_messages?
 
         recent_commits_using_chore =
-          recent_commit_messages.
-          any? { |msg| msg.start_with?("chore", "Chore") }
+          recent_commit_messages
+          .any? { |msg| msg.start_with?("chore", "Chore") }
 
         recent_commits_using_build =
-          recent_commit_messages.
-          any? { |msg| msg.start_with?("build", "Build") }
+          recent_commit_messages
+          .any? { |msg| msg.start_with?("build", "Build") }
 
         commit_prefix =
           if recent_commits_using_chore && !recent_commits_using_build
@@ -246,8 +247,8 @@ module Dependabot
 
         return last_dependabot_commit_message&.start_with?(/[A-Z]/) if semantic_messages.none?
 
-        capitalized_msgs = semantic_messages.
-                           select { |m| m.start_with?(/[A-Z]/) }
+        capitalized_msgs = semantic_messages
+                           .select { |m| m.start_with?(/[A-Z]/) }
         capitalized_msgs.count.to_f / semantic_messages.count > 0.5
       end
 
@@ -255,8 +256,8 @@ module Dependabot
         return false unless recent_commit_messages.any?
 
         gitmoji_messages =
-          recent_commit_messages.
-          select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
+          recent_commit_messages
+          .select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
 
         gitmoji_messages.count / recent_commit_messages.count.to_f > 0.3
       end
@@ -277,55 +278,55 @@ module Dependabot
       end
 
       def recent_github_commit_messages
-        recent_github_commits.
-          reject { |c| c.author&.type == "Bot" }.
-          reject { |c| c.commit&.message&.start_with?("Merge") }.
-          map(&:commit).
-          filter_map(&:message).
-          map(&:strip)
+        recent_github_commits
+          .reject { |c| c.author&.type == "Bot" }
+          .reject { |c| c.commit&.message&.start_with?("Merge") }
+          .map(&:commit)
+          .filter_map(&:message)
+          .map(&:strip)
       end
 
       def recent_gitlab_commit_messages
         @recent_gitlab_commit_messages ||=
           gitlab_client_for_source.commits(source.repo)
 
-        @recent_gitlab_commit_messages.
-          reject { |c| c.author_email == dependabot_email }.
-          reject { |c| c.message&.start_with?("merge !") }.
-          filter_map(&:message).
-          map(&:strip)
+        @recent_gitlab_commit_messages
+          .reject { |c| c.author_email == dependabot_email }
+          .reject { |c| c.message&.start_with?("merge !") }
+          .filter_map(&:message)
+          .map(&:strip)
       end
 
       def recent_azure_commit_messages
         @recent_azure_commit_messages ||=
           azure_client_for_source.commits
 
-        @recent_azure_commit_messages.
-          reject { |c| azure_commit_author_email(c) == dependabot_email }.
-          reject { |c| c.fetch("comment")&.start_with?("Merge") }.
-          filter_map { |c| c.fetch("comment") }.
-          map(&:strip)
+        @recent_azure_commit_messages
+          .reject { |c| azure_commit_author_email(c) == dependabot_email }
+          .reject { |c| c.fetch("comment")&.start_with?("Merge") }
+          .filter_map { |c| c.fetch("comment") }
+          .map(&:strip)
       end
 
       def recent_bitbucket_commit_messages
         @recent_bitbucket_commit_messages ||=
           bitbucket_client_for_source.commits(source.repo)
 
-        @recent_bitbucket_commit_messages.
-          reject { |c| bitbucket_commit_author_email(c) == dependabot_email }.
-          filter_map { |c| c.fetch("message", nil) }.
-          reject { |m| m.start_with?("Merge") }.
-          map(&:strip)
+        @recent_bitbucket_commit_messages
+          .reject { |c| bitbucket_commit_author_email(c) == dependabot_email }
+          .filter_map { |c| c.fetch("message", nil) }
+          .reject { |m| m.start_with?("Merge") }
+          .map(&:strip)
       end
 
       def recent_codecommit_commit_messages
         @recent_codecommit_commit_messages ||=
           codecommit_client_for_source.commits
-        @recent_codecommit_commit_messages.commits.
-          reject { |c| c.author.email == dependabot_email }.
-          reject { |c| c.message&.start_with?("Merge") }.
-          filter_map(&:message).
-          map(&:strip)
+        @recent_codecommit_commit_messages.commits
+                                          .reject { |c| c.author.email == dependabot_email }
+                                          .reject { |c| c.message&.start_with?("Merge") }
+                                          .filter_map(&:message)
+                                          .map(&:strip)
       end
 
       def last_dependabot_commit_message
@@ -341,12 +342,12 @@ module Dependabot
       end
 
       def last_github_dependabot_commit_message
-        recent_github_commits.
-          reject { |c| c.commit&.message&.start_with?("Merge") }.
-          find { |c| c.commit.author&.name&.include?("dependabot") }&.
-          commit&.
-          message&.
-          strip
+        recent_github_commits
+          .reject { |c| c.commit&.message&.start_with?("Merge") }
+          .find { |c| c.commit.author&.name&.include?("dependabot") }
+          &.commit
+          &.message
+          &.strip
       end
 
       def recent_github_commits
@@ -360,40 +361,40 @@ module Dependabot
         @recent_gitlab_commit_messages ||=
           gitlab_client_for_source.commits(source.repo)
 
-        @recent_gitlab_commit_messages.
-          find { |c| c.author_email == dependabot_email }&.
-          message&.
-          strip
+        @recent_gitlab_commit_messages
+          .find { |c| c.author_email == dependabot_email }
+          &.message
+          &.strip
       end
 
       def last_azure_dependabot_commit_message
         @recent_azure_commit_messages ||=
           azure_client_for_source.commits
 
-        @recent_azure_commit_messages.
-          find { |c| azure_commit_author_email(c) == dependabot_email }&.
-          message&.
-          strip
+        @recent_azure_commit_messages
+          .find { |c| azure_commit_author_email(c) == dependabot_email }
+          &.message
+          &.strip
       end
 
       def last_bitbucket_dependabot_commit_message
         @recent_bitbucket_commit_messages ||=
           bitbucket_client_for_source.commits(source.repo)
 
-        @recent_bitbucket_commit_messages.
-          find { |c| bitbucket_commit_author_email(c) == dependabot_email }&.
-          fetch("message", nil)&.
-          strip
+        @recent_bitbucket_commit_messages
+          .find { |c| bitbucket_commit_author_email(c) == dependabot_email }
+          &.fetch("message", nil)
+          &.strip
       end
 
       def last_codecommit_dependabot_commit_message
         @recent_codecommit_commit_messages ||=
           codecommit_client_for_source.commits(source.repo)
 
-        @recent_codecommit_commit_messages.commits.
-          find { |c| c.author.email == dependabot_email }&.
-          message&.
-          strip
+        @recent_codecommit_commit_messages.commits
+                                          .find { |c| c.author.email == dependabot_email }
+          &.message
+          &.strip
       end
 
       def azure_commit_author_email(commit)

data/lib/dependabot/pull_request_creator.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/metadata_finders"
@@ -33,6 +34,12 @@ module Dependabot
 
     class NoHistoryInCommon < StandardError; end
 
+    class UnmergedPRExists < StandardError; end
+
+    class BaseCommitNotUpToDate < StandardError; end
+
+    class UnexpectedError < StandardError; end
+
     # AnnotationError is raised if a PR was created, but failed annotation
     class AnnotationError < StandardError
       attr_reader :cause, :pull_request

data/lib/dependabot/pull_request_updater/azure.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/azure"

data/lib/dependabot/pull_request_updater/github.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "octokit"
@@ -197,12 +198,12 @@ module Dependabot
 
         @commit_being_updated =
           if pull_request.commits == 1
-            github_client_for_source.
-              git_commit(source.repo, pull_request.head.sha)
+            github_client_for_source
+              .git_commit(source.repo, pull_request.head.sha)
           else
             commits =
-              github_client_for_source.
-              pull_request_commits(source.repo, pull_request_number)
+              github_client_for_source
+              .pull_request_commits(source.repo, pull_request_number)
 
             commit = commits.find { |c| c.sha == old_commit }
             commit&.commit

data/lib/dependabot/pull_request_updater/gitlab.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/clients/gitlab_with_retries"

data/lib/dependabot/pull_request_updater.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/pull_request_updater/github"

data/lib/dependabot/registry_client.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/shared_helpers"

data/lib/dependabot/security_advisory.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "dependabot/version"
@@ -25,14 +26,14 @@ module Dependabot
         raise ArgumentError, "must be a #{version_class}"
       end
 
-      in_safe_range = safe_versions.
-                      any? { |r| r.satisfied_by?(version) }
+      in_safe_range = safe_versions
+                      .any? { |r| r.satisfied_by?(version) }
 
       # If version is known safe for this advisory, it's not vulnerable
       return false if in_safe_range
 
-      in_vulnerable_range = vulnerable_versions.
-                            any? { |r| r.satisfied_by?(version) }
+      in_vulnerable_range = vulnerable_versions
+                            .any? { |r| r.satisfied_by?(version) }
 
       # If in the vulnerable range and not known safe, it's vulnerable
       return true if in_vulnerable_range

data/lib/dependabot/shared_helpers.rb

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 
 require "digest"
@@ -235,10 +236,10 @@ module Dependabot
         run_shell_command("git config --global --add safe.directory #{path}")
       end
 
-      github_credentials = credentials.
-                           select { |c| c["type"] == "git_source" }.
-                           select { |c| c["host"] == "github.com" }.
-                           select { |c| c["password"] && c["username"] }
+      github_credentials = credentials
+                           .select { |c| c["type"] == "git_source" }
+                           .select { |c| c["host"] == "github.com" }
+                           .select { |c| c["password"] && c["username"] }
 
       # If multiple credentials are specified for github.com, pick the one that
       # *isn't* just an app token (since it must have been added deliberately)