dependabot-common 0.230.0 → 0.231.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +4 -3
- data/lib/dependabot/clients/bitbucket.rb +4 -3
- data/lib/dependabot/clients/bitbucket_with_retries.rb +4 -3
- data/lib/dependabot/clients/codecommit.rb +6 -5
- data/lib/dependabot/clients/github_with_retries.rb +11 -10
- data/lib/dependabot/clients/gitlab_with_retries.rb +11 -10
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/config/file_fetcher.rb +1 -0
- data/lib/dependabot/config/ignore_condition.rb +1 -0
- data/lib/dependabot/config/update_config.rb +10 -9
- data/lib/dependabot/config.rb +1 -0
- data/lib/dependabot/dependency.rb +11 -10
- data/lib/dependabot/dependency_file.rb +1 -0
- data/lib/dependabot/dependency_group.rb +1 -0
- data/lib/dependabot/errors.rb +1 -0
- data/lib/dependabot/experiments.rb +1 -0
- data/lib/dependabot/file_fetchers/base.rb +27 -26
- data/lib/dependabot/file_fetchers.rb +1 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
- data/lib/dependabot/file_parsers/base.rb +1 -0
- data/lib/dependabot/file_parsers.rb +1 -0
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -0
- data/lib/dependabot/file_updaters/base.rb +1 -0
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -0
- data/lib/dependabot/file_updaters.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +22 -21
- data/lib/dependabot/git_metadata_fetcher.rb +13 -12
- data/lib/dependabot/logger.rb +1 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +26 -25
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +44 -43
- data/lib/dependabot/metadata_finders/base/release_finder.rb +25 -24
- data/lib/dependabot/metadata_finders/base.rb +3 -2
- data/lib/dependabot/metadata_finders.rb +1 -0
- data/lib/dependabot/pull_request_creator/azure.rb +1 -0
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +36 -35
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -0
- data/lib/dependabot/pull_request_creator/codecommit.rb +3 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +1 -0
- data/lib/dependabot/pull_request_creator/github.rb +23 -27
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +18 -17
- data/lib/dependabot/pull_request_creator/message.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +8 -7
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +18 -17
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +61 -60
- data/lib/dependabot/pull_request_creator.rb +7 -0
- data/lib/dependabot/pull_request_updater/azure.rb +1 -0
- data/lib/dependabot/pull_request_updater/github.rb +5 -4
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_updater.rb +1 -0
- data/lib/dependabot/registry_client.rb +1 -0
- data/lib/dependabot/security_advisory.rb +5 -4
- data/lib/dependabot/shared_helpers.rb +5 -4
- data/lib/dependabot/simple_instrumentor.rb +1 -0
- data/lib/dependabot/source.rb +5 -4
- data/lib/dependabot/update_checkers/base.rb +7 -6
- data/lib/dependabot/update_checkers/version_filters.rb +1 -0
- data/lib/dependabot/update_checkers.rb +1 -0
- data/lib/dependabot/utils.rb +1 -0
- data/lib/dependabot/version.rb +1 -0
- data/lib/dependabot/workspace/base.rb +1 -0
- data/lib/dependabot/workspace/change_attempt.rb +1 -0
- data/lib/dependabot/workspace/git.rb +1 -0
- data/lib/dependabot/workspace.rb +1 -0
- data/lib/dependabot.rb +2 -1
- data/lib/wildcard_matcher.rb +4 -3
- metadata +31 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5d2f9c9c0156ef16d90d71e67b08b4ce0cc2a489b24cc8513ac15da22ece26ba
|
4
|
+
data.tar.gz: 4a393b071ec3a4cf4623813c9ebbd66f0e59d5aa72c1e26afe06d9373c9aa1f4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 763323fd77547bec05d7408ccffd972001377feb752287978e065516a8bbf44bda1c10e2ab8349199d70584f3002c40a8d1071d020b329be3c5d05618bf25195
|
7
|
+
data.tar.gz: 23088ec44dfe2e1622217ac1d9b10aa0bf841cbb6873dfcea61384abef048e9b73a3a97a1ba4121bedfa5e3f1e2c7bb9d48c70db9788acddb1fe020940a23079
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -28,9 +29,9 @@ module Dependabot
|
|
28
29
|
|
29
30
|
def self.for_source(source:, credentials:)
|
30
31
|
credential =
|
31
|
-
credentials
|
32
|
-
select { |cred| cred["type"] == "git_source" }
|
33
|
-
find { |cred| cred["host"] == source.hostname }
|
32
|
+
credentials
|
33
|
+
.select { |cred| cred["type"] == "git_source" }
|
34
|
+
.find { |cred| cred["host"] == source.hostname }
|
34
35
|
|
35
36
|
new(source, credential)
|
36
37
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -20,9 +21,9 @@ module Dependabot
|
|
20
21
|
|
21
22
|
def self.for_source(source:, credentials:)
|
22
23
|
credential =
|
23
|
-
credentials
|
24
|
-
select { |cred| cred["type"] == "git_source" }
|
25
|
-
find { |cred| cred["host"] == source.hostname }
|
24
|
+
credentials
|
25
|
+
.select { |cred| cred["type"] == "git_source" }
|
26
|
+
.find { |cred| cred["host"] == source.hostname }
|
26
27
|
|
27
28
|
new(credentials: credential)
|
28
29
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require_relative "bitbucket"
|
@@ -16,9 +17,9 @@ module Dependabot
|
|
16
17
|
|
17
18
|
def self.for_bitbucket_dot_org(credentials:)
|
18
19
|
credential =
|
19
|
-
credentials
|
20
|
-
select { |cred| cred["type"] == "git_source" }
|
21
|
-
find { |cred| cred["host"] == "bitbucket.org" }
|
20
|
+
credentials
|
21
|
+
.select { |cred| cred["type"] == "git_source" }
|
22
|
+
.find { |cred| cred["host"] == "bitbucket.org" }
|
22
23
|
|
23
24
|
new(credentials: credential)
|
24
25
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -13,9 +14,9 @@ module Dependabot
|
|
13
14
|
|
14
15
|
def self.for_source(source:, credentials:)
|
15
16
|
credential =
|
16
|
-
credentials
|
17
|
-
select { |cred| cred["type"] == "git_source" }
|
18
|
-
find { |cred| cred["region"] == source.hostname }
|
17
|
+
credentials
|
18
|
+
.select { |cred| cred["type"] == "git_source" }
|
19
|
+
.find { |cred| cred["region"] == source.hostname }
|
19
20
|
|
20
21
|
new(source, credential)
|
21
22
|
end
|
@@ -146,8 +147,8 @@ module Dependabot
|
|
146
147
|
pull_request_id: id
|
147
148
|
)
|
148
149
|
# only include PRs from the referenced branch
|
149
|
-
if pr_hash.pull_request.pull_request_targets[0]
|
150
|
-
|
150
|
+
if pr_hash.pull_request.pull_request_targets[0]
|
151
|
+
.source_reference.include? branch
|
151
152
|
result << pr_hash
|
152
153
|
end
|
153
154
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "octokit"
|
@@ -38,11 +39,11 @@ module Dependabot
|
|
38
39
|
|
39
40
|
def self.for_source(source:, credentials:)
|
40
41
|
access_tokens =
|
41
|
-
credentials
|
42
|
-
select { |cred| cred["type"] == "git_source" }
|
43
|
-
select { |cred| cred["host"] == source.hostname }
|
44
|
-
select { |cred| cred["password"] }
|
45
|
-
map { |cred| cred.fetch("password") }
|
42
|
+
credentials
|
43
|
+
.select { |cred| cred["type"] == "git_source" }
|
44
|
+
.select { |cred| cred["host"] == source.hostname }
|
45
|
+
.select { |cred| cred["password"] }
|
46
|
+
.map { |cred| cred.fetch("password") }
|
46
47
|
|
47
48
|
new(
|
48
49
|
access_tokens: access_tokens,
|
@@ -52,11 +53,11 @@ module Dependabot
|
|
52
53
|
|
53
54
|
def self.for_github_dot_com(credentials:)
|
54
55
|
access_tokens =
|
55
|
-
credentials
|
56
|
-
select { |cred| cred["type"] == "git_source" }
|
57
|
-
select { |cred| cred["host"] == "github.com" }
|
58
|
-
select { |cred| cred["password"] }
|
59
|
-
map { |cred| cred.fetch("password") }
|
56
|
+
credentials
|
57
|
+
.select { |cred| cred["type"] == "git_source" }
|
58
|
+
.select { |cred| cred["host"] == "github.com" }
|
59
|
+
.select { |cred| cred["password"] }
|
60
|
+
.map { |cred| cred.fetch("password") }
|
60
61
|
|
61
62
|
new(access_tokens: access_tokens)
|
62
63
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "gitlab"
|
@@ -18,11 +19,11 @@ module Dependabot
|
|
18
19
|
|
19
20
|
def self.for_source(source:, credentials:)
|
20
21
|
access_token =
|
21
|
-
credentials
|
22
|
-
select { |cred| cred["type"] == "git_source" }
|
23
|
-
select { |cred| cred["password"] }
|
24
|
-
find { |cred| cred["host"] == source.hostname }
|
25
|
-
fetch("password")
|
22
|
+
credentials
|
23
|
+
.select { |cred| cred["type"] == "git_source" }
|
24
|
+
.select { |cred| cred["password"] }
|
25
|
+
.find { |cred| cred["host"] == source.hostname }
|
26
|
+
&.fetch("password")
|
26
27
|
|
27
28
|
new(
|
28
29
|
endpoint: source.api_endpoint,
|
@@ -32,11 +33,11 @@ module Dependabot
|
|
32
33
|
|
33
34
|
def self.for_gitlab_dot_com(credentials:)
|
34
35
|
access_token =
|
35
|
-
credentials
|
36
|
-
select { |cred| cred["type"] == "git_source" }
|
37
|
-
select { |cred| cred["password"] }
|
38
|
-
find { |cred| cred["host"] == "gitlab.com" }
|
39
|
-
fetch("password")
|
36
|
+
credentials
|
37
|
+
.select { |cred| cred["type"] == "git_source" }
|
38
|
+
.select { |cred| cred["password"] }
|
39
|
+
.find { |cred| cred["host"] == "gitlab.com" }
|
40
|
+
&.fetch("password")
|
40
41
|
|
41
42
|
new(
|
42
43
|
endpoint: "https://gitlab.com/api/v4",
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/config/ignore_condition"
|
@@ -16,20 +17,20 @@ module Dependabot
|
|
16
17
|
normalizer = name_normaliser_for(dependency)
|
17
18
|
dep_name = normalizer.call(dependency.name)
|
18
19
|
|
19
|
-
@ignore_conditions
|
20
|
-
select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }
|
21
|
-
map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
22
|
-
flatten
|
23
|
-
compact
|
24
|
-
uniq
|
20
|
+
@ignore_conditions
|
21
|
+
.select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }
|
22
|
+
.map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
23
|
+
.flatten
|
24
|
+
.compact
|
25
|
+
.uniq
|
25
26
|
end
|
26
27
|
|
27
28
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
28
29
|
return false unless wildcard_string && candidate_string
|
29
30
|
|
30
|
-
regex_string = "a#{wildcard_string.downcase}a".split("*")
|
31
|
-
|
32
|
-
|
31
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*")
|
32
|
+
.map { |p| Regexp.quote(p) }
|
33
|
+
.join(".*").gsub(/^a|a$/, "")
|
33
34
|
regex = /^#{regex_string}$/
|
34
35
|
regex.match?(candidate_string.downcase)
|
35
36
|
end
|
data/lib/dependabot/config.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/version"
|
@@ -50,8 +51,8 @@ module Dependabot
|
|
50
51
|
previous_requirements&.map { |req| symbolize_keys(req) }
|
51
52
|
@package_manager = package_manager
|
52
53
|
unless top_level? || subdependency_metadata == []
|
53
|
-
@subdependency_metadata = subdependency_metadata
|
54
|
-
map { |h| symbolize_keys(h) }
|
54
|
+
@subdependency_metadata = subdependency_metadata
|
55
|
+
&.map { |h| symbolize_keys(h) }
|
55
56
|
end
|
56
57
|
@removed = removed
|
57
58
|
@metadata = symbolize_keys(metadata || {})
|
@@ -93,9 +94,9 @@ module Dependabot
|
|
93
94
|
|
94
95
|
groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
|
95
96
|
|
96
|
-
self.class
|
97
|
-
|
98
|
-
|
97
|
+
self.class
|
98
|
+
.production_check_for_package_manager(package_manager)
|
99
|
+
.call(groups)
|
99
100
|
end
|
100
101
|
|
101
102
|
def subdependency_production_check
|
@@ -148,9 +149,9 @@ module Dependabot
|
|
148
149
|
end
|
149
150
|
|
150
151
|
def docker_digest_from_reqs(requirements)
|
151
|
-
requirements
|
152
|
-
filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
|
153
|
-
first
|
152
|
+
requirements
|
153
|
+
.filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
|
154
|
+
.first
|
154
155
|
end
|
155
156
|
|
156
157
|
def previous_ref
|
@@ -259,8 +260,8 @@ module Dependabot
|
|
259
260
|
|
260
261
|
required_keys = %i(requirement file groups source)
|
261
262
|
optional_keys = %i(metadata)
|
262
|
-
unless requirement_fields.flatten
|
263
|
-
|
263
|
+
unless requirement_fields.flatten
|
264
|
+
.all? { |r| required_keys.sort == (r.keys - optional_keys).sort }
|
264
265
|
raise ArgumentError, "each requirement must have the following " \
|
265
266
|
"required keys: #{required_keys.join(', ')}." \
|
266
267
|
"Optionally, it may have the following keys: " \
|
data/lib/dependabot/errors.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "stringio"
|
@@ -125,9 +126,9 @@ module Dependabot
|
|
125
126
|
basename = File.basename(filename)
|
126
127
|
|
127
128
|
repo_includes_basename =
|
128
|
-
repo_contents(dir: dir, fetch_submodules: fetch_submodules)
|
129
|
-
reject { |f| f.type == "dir" }
|
130
|
-
map(&:name).include?(basename)
|
129
|
+
repo_contents(dir: dir, fetch_submodules: fetch_submodules)
|
130
|
+
.reject { |f| f.type == "dir" }
|
131
|
+
.map(&:name).include?(basename)
|
131
132
|
return unless repo_includes_basename
|
132
133
|
|
133
134
|
fetch_file_from_host(filename, fetch_submodules: fetch_submodules)
|
@@ -215,8 +216,8 @@ module Dependabot
|
|
215
216
|
end
|
216
217
|
|
217
218
|
def default_branch_for_repo
|
218
|
-
@default_branch_for_repo ||= client_for_provider
|
219
|
-
fetch_default_branch(repo)
|
219
|
+
@default_branch_for_repo ||= client_for_provider
|
220
|
+
.fetch_default_branch(repo)
|
220
221
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
221
222
|
raise Dependabot::RepoNotFound, source
|
222
223
|
end
|
@@ -277,22 +278,22 @@ module Dependabot
|
|
277
278
|
|
278
279
|
def azure_client
|
279
280
|
@azure_client ||=
|
280
|
-
Dependabot::Clients::Azure
|
281
|
-
for_source(source: source, credentials: credentials)
|
281
|
+
Dependabot::Clients::Azure
|
282
|
+
.for_source(source: source, credentials: credentials)
|
282
283
|
end
|
283
284
|
|
284
285
|
def bitbucket_client
|
285
286
|
# TODO: When self-hosted Bitbucket is supported this should use
|
286
287
|
# `Bitbucket.for_source`
|
287
288
|
@bitbucket_client ||=
|
288
|
-
Dependabot::Clients::BitbucketWithRetries
|
289
|
-
for_bitbucket_dot_org(credentials: credentials)
|
289
|
+
Dependabot::Clients::BitbucketWithRetries
|
290
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
290
291
|
end
|
291
292
|
|
292
293
|
def codecommit_client
|
293
294
|
@codecommit_client ||=
|
294
|
-
Dependabot::Clients::CodeCommit
|
295
|
-
for_source(source: source, credentials: credentials)
|
295
|
+
Dependabot::Clients::CodeCommit
|
296
|
+
.for_source(source: source, credentials: credentials)
|
296
297
|
end
|
297
298
|
|
298
299
|
#################################################
|
@@ -303,8 +304,8 @@ module Dependabot
|
|
303
304
|
raise_errors: true)
|
304
305
|
path = path.gsub(" ", "%20")
|
305
306
|
provider, repo, tmp_path, commit =
|
306
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
307
|
-
values_at(:provider, :repo, :path, :commit)
|
307
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
308
|
+
.values_at(:provider, :repo, :path, :commit)
|
308
309
|
|
309
310
|
_fetch_repo_contents_fully_specified(provider, repo, tmp_path, commit)
|
310
311
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
@@ -315,8 +316,8 @@ module Dependabot
|
|
315
316
|
# it's because we've found a sub-module (and are fetching them). Trigger
|
316
317
|
# a retry to get its contents.
|
317
318
|
updated_path =
|
318
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
319
|
-
fetch(:path)
|
319
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
320
|
+
.fetch(:path)
|
320
321
|
retry if updated_path != tmp_path
|
321
322
|
|
322
323
|
return result.call unless fetch_submodules && !retrying
|
@@ -392,9 +393,9 @@ module Dependabot
|
|
392
393
|
end
|
393
394
|
|
394
395
|
def _gitlab_repo_contents(repo, path, commit)
|
395
|
-
gitlab_client
|
396
|
-
repo_tree(repo, path: path, ref: commit, per_page: 100)
|
397
|
-
map do |file|
|
396
|
+
gitlab_client
|
397
|
+
.repo_tree(repo, path: path, ref: commit, per_page: 100)
|
398
|
+
.map do |file|
|
398
399
|
# GitLab API essentially returns the output from `git ls-tree`
|
399
400
|
type = case file.type
|
400
401
|
when "blob" then "file"
|
@@ -477,9 +478,9 @@ module Dependabot
|
|
477
478
|
sub_path =
|
478
479
|
path.gsub(%r{^#{Regexp.quote(_linked_dir_for(path))}(/|$)}, "")
|
479
480
|
new_path =
|
480
|
-
Pathname.new(File.join(linked_dir_details.fetch(:path), sub_path))
|
481
|
-
|
482
|
-
|
481
|
+
Pathname.new(File.join(linked_dir_details.fetch(:path), sub_path))
|
482
|
+
.cleanpath.to_path
|
483
|
+
.gsub(%r{^/}, "")
|
483
484
|
{
|
484
485
|
repo: linked_dir_details.fetch(:repo),
|
485
486
|
commit: linked_dir_details.fetch(:commit),
|
@@ -500,8 +501,8 @@ module Dependabot
|
|
500
501
|
path = path.gsub(%r{^/*}, "")
|
501
502
|
|
502
503
|
provider, repo, path, commit =
|
503
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
504
|
-
values_at(:provider, :repo, :path, :commit)
|
504
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
505
|
+
.values_at(:provider, :repo, :path, :commit)
|
505
506
|
|
506
507
|
_fetch_file_content_fully_specified(provider, repo, path, commit)
|
507
508
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
@@ -596,9 +597,9 @@ module Dependabot
|
|
596
597
|
|
597
598
|
def _linked_dir_for(path)
|
598
599
|
linked_dirs = @linked_paths.keys
|
599
|
-
linked_dirs
|
600
|
-
select { |k| path.match?(%r{^#{Regexp.quote(k)}(/|$)}) }
|
601
|
-
max_by(&:length)
|
600
|
+
linked_dirs
|
601
|
+
.select { |k| path.match?(%r{^#{Regexp.quote(k)}(/|$)}) }
|
602
|
+
.max_by(&:length)
|
602
603
|
end
|
603
604
|
|
604
605
|
# rubocop:disable Metrics/AbcSize
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -188,8 +189,8 @@ module Dependabot
|
|
188
189
|
end
|
189
190
|
|
190
191
|
def most_specific_version_tag_for_sha(commit_sha)
|
191
|
-
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
192
|
-
|
192
|
+
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
193
|
+
.sort_by { |t| version_class.new(t.name) }
|
193
194
|
return if tags.empty?
|
194
195
|
|
195
196
|
tags[-1].name
|
@@ -197,16 +198,16 @@ module Dependabot
|
|
197
198
|
|
198
199
|
def allowed_versions(local_tags)
|
199
200
|
tags =
|
200
|
-
local_tags
|
201
|
-
select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
202
|
-
filtered = tags
|
203
|
-
reject { |t| tag_included_in_ignore_requirements?(t) }
|
201
|
+
local_tags
|
202
|
+
.select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
203
|
+
filtered = tags
|
204
|
+
.reject { |t| tag_included_in_ignore_requirements?(t) }
|
204
205
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
|
205
206
|
raise Dependabot::AllVersionsIgnored
|
206
207
|
end
|
207
208
|
|
208
|
-
filtered
|
209
|
-
reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
209
|
+
filtered
|
210
|
+
.reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
210
211
|
end
|
211
212
|
|
212
213
|
def pinned_ref_in_release?(version)
|
@@ -285,15 +286,15 @@ module Dependabot
|
|
285
286
|
end
|
286
287
|
|
287
288
|
def github_commit_comparison_status(ref1, ref2)
|
288
|
-
client = Clients::GithubWithRetries
|
289
|
-
for_github_dot_com(credentials: credentials)
|
289
|
+
client = Clients::GithubWithRetries
|
290
|
+
.for_github_dot_com(credentials: credentials)
|
290
291
|
|
291
292
|
client.compare(listing_source_repo, ref1, ref2).status
|
292
293
|
end
|
293
294
|
|
294
295
|
def gitlab_commit_comparison_status(ref1, ref2)
|
295
|
-
client = Clients::GitlabWithRetries
|
296
|
-
for_gitlab_dot_com(credentials: credentials)
|
296
|
+
client = Clients::GitlabWithRetries
|
297
|
+
.for_gitlab_dot_com(credentials: credentials)
|
297
298
|
|
298
299
|
comparison = client.compare(listing_source_repo, ref1, ref2)
|
299
300
|
|
@@ -309,8 +310,8 @@ module Dependabot
|
|
309
310
|
"#{listing_source_repo}/commits/?" \
|
310
311
|
"include=#{ref2}&exclude=#{ref1}"
|
311
312
|
|
312
|
-
client = Clients::BitbucketWithRetries
|
313
|
-
for_bitbucket_dot_org(credentials: credentials)
|
313
|
+
client = Clients::BitbucketWithRetries
|
314
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
314
315
|
|
315
316
|
response = client.get(url)
|
316
317
|
|
@@ -373,10 +374,10 @@ module Dependabot
|
|
373
374
|
package_manager: dependency.package_manager
|
374
375
|
)
|
375
376
|
|
376
|
-
MetadataFinders
|
377
|
-
for_package_manager(dependency.package_manager)
|
378
|
-
new(dependency: candidate_dep, credentials: credentials)
|
379
|
-
source_url
|
377
|
+
MetadataFinders
|
378
|
+
.for_package_manager(dependency.package_manager)
|
379
|
+
.new(dependency: candidate_dep, credentials: credentials)
|
380
|
+
.source_url
|
380
381
|
end
|
381
382
|
end
|
382
383
|
|
@@ -387,9 +388,9 @@ module Dependabot
|
|
387
388
|
end
|
388
389
|
|
389
390
|
def listing_tag_for_version(version)
|
390
|
-
listing_tags
|
391
|
-
find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
392
|
-
name
|
391
|
+
listing_tags
|
392
|
+
.find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
393
|
+
&.name
|
393
394
|
end
|
394
395
|
|
395
396
|
def listing_tags
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -50,20 +51,20 @@ module Dependabot
|
|
50
51
|
# causes problems for our `sha_for_update_pack_line` logic. The format
|
51
52
|
# of this opening clause is documented at
|
52
53
|
# https://git-scm.com/docs/http-protocol#_smart_server_response
|
53
|
-
line = upload_pack.gsub(/^[0-9a-f]{4}# service=git-upload-pack/, "")
|
54
|
-
|
54
|
+
line = upload_pack.gsub(/^[0-9a-f]{4}# service=git-upload-pack/, "")
|
55
|
+
.lines.find { |l| l.include?(" HEAD") }
|
55
56
|
return sha_for_update_pack_line(line) if line
|
56
57
|
end
|
57
58
|
|
58
|
-
refs_for_upload_pack
|
59
|
-
find { |r| r.name == ref }
|
60
|
-
commit_sha
|
59
|
+
refs_for_upload_pack
|
60
|
+
.find { |r| r.name == ref }
|
61
|
+
&.commit_sha
|
61
62
|
end
|
62
63
|
|
63
64
|
def head_commit_for_ref_sha(ref)
|
64
|
-
refs_for_upload_pack
|
65
|
-
find { |r| r.ref_sha == ref }
|
66
|
-
commit_sha
|
65
|
+
refs_for_upload_pack
|
66
|
+
.find { |r| r.ref_sha == ref }
|
67
|
+
&.commit_sha
|
67
68
|
end
|
68
69
|
|
69
70
|
private
|
@@ -151,8 +152,8 @@ module Dependabot
|
|
151
152
|
# Loop through the peeled lines, updating the commit_sha for any
|
152
153
|
# matching tags in our results hash
|
153
154
|
peeled_lines.each do |line|
|
154
|
-
ref_name = line.split(%r{ refs/(tags|heads)/})
|
155
|
-
|
155
|
+
ref_name = line.split(%r{ refs/(tags|heads)/})
|
156
|
+
.last.strip.gsub(/\^{}$/, "")
|
156
157
|
next unless result[ref_name]
|
157
158
|
|
158
159
|
result[ref_name].commit_sha = sha_for_update_pack_line(line)
|
@@ -190,8 +191,8 @@ module Dependabot
|
|
190
191
|
def uri_with_auth(uri)
|
191
192
|
uri = SharedHelpers.scp_to_standard(uri)
|
192
193
|
uri = URI(uri)
|
193
|
-
cred = credentials.select { |c| c["type"] == "git_source" }
|
194
|
-
|
194
|
+
cred = credentials.select { |c| c["type"] == "git_source" }
|
195
|
+
.find { |c| uri.host == c["host"] }
|
195
196
|
|
196
197
|
uri.scheme = "https" if uri.scheme != "http"
|
197
198
|
|
data/lib/dependabot/logger.rb
CHANGED