dependabot-common 0.230.0 → 0.231.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +4 -3
- data/lib/dependabot/clients/bitbucket.rb +4 -3
- data/lib/dependabot/clients/bitbucket_with_retries.rb +4 -3
- data/lib/dependabot/clients/codecommit.rb +6 -5
- data/lib/dependabot/clients/github_with_retries.rb +11 -10
- data/lib/dependabot/clients/gitlab_with_retries.rb +11 -10
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/config/file_fetcher.rb +1 -0
- data/lib/dependabot/config/ignore_condition.rb +1 -0
- data/lib/dependabot/config/update_config.rb +10 -9
- data/lib/dependabot/config.rb +1 -0
- data/lib/dependabot/dependency.rb +11 -10
- data/lib/dependabot/dependency_file.rb +1 -0
- data/lib/dependabot/dependency_group.rb +1 -0
- data/lib/dependabot/errors.rb +1 -0
- data/lib/dependabot/experiments.rb +1 -0
- data/lib/dependabot/file_fetchers/base.rb +27 -26
- data/lib/dependabot/file_fetchers.rb +1 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
- data/lib/dependabot/file_parsers/base.rb +1 -0
- data/lib/dependabot/file_parsers.rb +1 -0
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -0
- data/lib/dependabot/file_updaters/base.rb +1 -0
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -0
- data/lib/dependabot/file_updaters.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +22 -21
- data/lib/dependabot/git_metadata_fetcher.rb +13 -12
- data/lib/dependabot/logger.rb +1 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +26 -25
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +44 -43
- data/lib/dependabot/metadata_finders/base/release_finder.rb +25 -24
- data/lib/dependabot/metadata_finders/base.rb +3 -2
- data/lib/dependabot/metadata_finders.rb +1 -0
- data/lib/dependabot/pull_request_creator/azure.rb +1 -0
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +36 -35
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -0
- data/lib/dependabot/pull_request_creator/codecommit.rb +3 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +1 -0
- data/lib/dependabot/pull_request_creator/github.rb +23 -27
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +18 -17
- data/lib/dependabot/pull_request_creator/message.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +8 -7
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +18 -17
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +61 -60
- data/lib/dependabot/pull_request_creator.rb +7 -0
- data/lib/dependabot/pull_request_updater/azure.rb +1 -0
- data/lib/dependabot/pull_request_updater/github.rb +5 -4
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_updater.rb +1 -0
- data/lib/dependabot/registry_client.rb +1 -0
- data/lib/dependabot/security_advisory.rb +5 -4
- data/lib/dependabot/shared_helpers.rb +5 -4
- data/lib/dependabot/simple_instrumentor.rb +1 -0
- data/lib/dependabot/source.rb +5 -4
- data/lib/dependabot/update_checkers/base.rb +7 -6
- data/lib/dependabot/update_checkers/version_filters.rb +1 -0
- data/lib/dependabot/update_checkers.rb +1 -0
- data/lib/dependabot/utils.rb +1 -0
- data/lib/dependabot/version.rb +1 -0
- data/lib/dependabot/workspace/base.rb +1 -0
- data/lib/dependabot/workspace/change_attempt.rb +1 -0
- data/lib/dependabot/workspace/git.rb +1 -0
- data/lib/dependabot/workspace.rb +1 -0
- data/lib/dependabot.rb +2 -1
- data/lib/wildcard_matcher.rb +4 -3
- metadata +31 -3
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "octokit"
|
|
@@ -42,8 +43,12 @@ module Dependabot
|
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
def create
|
|
45
|
-
|
|
46
|
-
|
|
46
|
+
if branch_exists?(branch_name) && unmerged_pull_request_exists?
|
|
47
|
+
raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.id} already exists"
|
|
48
|
+
end
|
|
49
|
+
if require_up_to_date_base? && !base_commit_is_up_to_date?
|
|
50
|
+
raise BaseCommitNotUpToDate, "HEAD #{head_commit} does not match base #{base_commit}"
|
|
51
|
+
end
|
|
47
52
|
|
|
48
53
|
create_annotated_pull_request
|
|
49
54
|
rescue AnnotationError, Octokit::Error => e
|
|
@@ -75,7 +80,11 @@ module Dependabot
|
|
|
75
80
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
76
81
|
|
|
77
82
|
def unmerged_pull_request_exists?
|
|
78
|
-
|
|
83
|
+
unmerged_pull_requests.any?
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def unmerged_pull_requests
|
|
87
|
+
pull_requests_for_branch.reject(&:merged)
|
|
79
88
|
end
|
|
80
89
|
|
|
81
90
|
def pull_requests_for_branch
|
|
@@ -105,16 +114,20 @@ module Dependabot
|
|
|
105
114
|
end
|
|
106
115
|
|
|
107
116
|
def base_commit_is_up_to_date?
|
|
108
|
-
|
|
117
|
+
head_commit == base_commit
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
def head_commit
|
|
121
|
+
@head_commit ||= git_metadata_fetcher.head_commit_for_ref(target_branch)
|
|
109
122
|
end
|
|
110
123
|
|
|
111
124
|
def create_annotated_pull_request
|
|
112
125
|
commit = create_commit
|
|
113
126
|
branch = create_or_update_branch(commit)
|
|
114
|
-
|
|
127
|
+
raise UnexpectedError, "Branch not created" unless branch
|
|
115
128
|
|
|
116
129
|
pull_request = create_pull_request
|
|
117
|
-
|
|
130
|
+
raise UnexpectedError, "PR not created" unless pull_request
|
|
118
131
|
|
|
119
132
|
begin
|
|
120
133
|
annotate_pull_request(pull_request)
|
|
@@ -219,10 +232,7 @@ module Dependabot
|
|
|
219
232
|
# A race condition may cause GitHub to fail here, in which case we retry
|
|
220
233
|
retry_count ||= 0
|
|
221
234
|
retry_count += 1
|
|
222
|
-
if retry_count > 10
|
|
223
|
-
raise "Repeatedly failed to create or update branch #{branch_name} " \
|
|
224
|
-
"with commit #{commit.sha}."
|
|
225
|
-
end
|
|
235
|
+
raise if retry_count > 10
|
|
226
236
|
|
|
227
237
|
sleep(rand(1..1.99))
|
|
228
238
|
retry
|
|
@@ -303,8 +313,8 @@ module Dependabot
|
|
|
303
313
|
reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
|
|
304
314
|
reviewers = []
|
|
305
315
|
reviewers += reviewers_hash[:reviewers] || []
|
|
306
|
-
reviewers += (reviewers_hash[:team_reviewers] || [])
|
|
307
|
-
map { |rv| "#{source.repo.split('/').first}/#{rv}" }
|
|
316
|
+
reviewers += (reviewers_hash[:team_reviewers] || [])
|
|
317
|
+
.map { |rv| "#{source.repo.split('/').first}/#{rv}" }
|
|
308
318
|
|
|
309
319
|
reviewers_string =
|
|
310
320
|
if reviewers.count == 1
|
|
@@ -358,9 +368,7 @@ module Dependabot
|
|
|
358
368
|
pr_description,
|
|
359
369
|
headers: custom_headers || {}
|
|
360
370
|
)
|
|
361
|
-
rescue Octokit::UnprocessableEntity
|
|
362
|
-
return handle_pr_creation_error(e) if e.message.include? "Error summary"
|
|
363
|
-
|
|
371
|
+
rescue Octokit::UnprocessableEntity
|
|
364
372
|
# Sometimes PR creation fails with no details (presumably because the
|
|
365
373
|
# details are internal). It doesn't hurt to retry in these cases, in
|
|
366
374
|
# case the cause is a race.
|
|
@@ -371,18 +379,6 @@ module Dependabot
|
|
|
371
379
|
retry
|
|
372
380
|
end
|
|
373
381
|
|
|
374
|
-
def handle_pr_creation_error(error)
|
|
375
|
-
# Ignore races that we lose
|
|
376
|
-
return if error.message.include?("pull request already exists")
|
|
377
|
-
|
|
378
|
-
# Ignore cases where the target branch has been deleted
|
|
379
|
-
return if error.message.include?("field: base") &&
|
|
380
|
-
source.branch &&
|
|
381
|
-
!branch_exists?(source.branch)
|
|
382
|
-
|
|
383
|
-
raise
|
|
384
|
-
end
|
|
385
|
-
|
|
386
382
|
def target_branch
|
|
387
383
|
source.branch || default_branch
|
|
388
384
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "octokit"
|
|
@@ -137,8 +138,8 @@ module Dependabot
|
|
|
137
138
|
version_str = dep.previous_version
|
|
138
139
|
return version_str if version_class.correct?(version_str)
|
|
139
140
|
|
|
140
|
-
source = dep.previous_requirements
|
|
141
|
-
|
|
141
|
+
source = dep.previous_requirements
|
|
142
|
+
.find { |r| r.fetch(:source) }&.fetch(:source)
|
|
142
143
|
type = source&.fetch("type", nil) || source&.fetch(:type)
|
|
143
144
|
return version_str unless type == "git"
|
|
144
145
|
|
|
@@ -233,8 +234,8 @@ module Dependabot
|
|
|
233
234
|
|
|
234
235
|
def language_label
|
|
235
236
|
label_name =
|
|
236
|
-
self.class.label_details_for_package_manager(package_manager)
|
|
237
|
-
|
|
237
|
+
self.class.label_details_for_package_manager(package_manager)
|
|
238
|
+
.fetch(:name)
|
|
238
239
|
labels.find { |l| l.casecmp(label_name).zero? }
|
|
239
240
|
end
|
|
240
241
|
|
|
@@ -252,9 +253,9 @@ module Dependabot
|
|
|
252
253
|
client = github_client_for_source
|
|
253
254
|
|
|
254
255
|
labels =
|
|
255
|
-
client
|
|
256
|
-
labels(source.repo, per_page: 100)
|
|
257
|
-
map(&:name)
|
|
256
|
+
client
|
|
257
|
+
.labels(source.repo, per_page: 100)
|
|
258
|
+
.map(&:name)
|
|
258
259
|
|
|
259
260
|
next_link = client.last_response.rels[:next]
|
|
260
261
|
|
|
@@ -268,16 +269,16 @@ module Dependabot
|
|
|
268
269
|
end
|
|
269
270
|
|
|
270
271
|
def fetch_gitlab_labels
|
|
271
|
-
gitlab_client_for_source
|
|
272
|
-
labels(source.repo, per_page: 100)
|
|
273
|
-
auto_paginate
|
|
274
|
-
map(&:name)
|
|
272
|
+
gitlab_client_for_source
|
|
273
|
+
.labels(source.repo, per_page: 100)
|
|
274
|
+
.auto_paginate
|
|
275
|
+
.map(&:name)
|
|
275
276
|
end
|
|
276
277
|
|
|
277
278
|
def fetch_azure_labels
|
|
278
279
|
language_name =
|
|
279
|
-
self.class.label_details_for_package_manager(package_manager)
|
|
280
|
-
|
|
280
|
+
self.class.label_details_for_package_manager(package_manager)
|
|
281
|
+
.fetch(:name)
|
|
281
282
|
|
|
282
283
|
@labels = [
|
|
283
284
|
*@labels,
|
|
@@ -379,13 +380,13 @@ module Dependabot
|
|
|
379
380
|
|
|
380
381
|
def create_gitlab_language_label
|
|
381
382
|
language_name =
|
|
382
|
-
self.class.label_details_for_package_manager(package_manager)
|
|
383
|
-
|
|
383
|
+
self.class.label_details_for_package_manager(package_manager)
|
|
384
|
+
.fetch(:name)
|
|
384
385
|
gitlab_client_for_source.create_label(
|
|
385
386
|
source.repo,
|
|
386
387
|
language_name,
|
|
387
|
-
"#" + self.class.label_details_for_package_manager(package_manager)
|
|
388
|
-
fetch(:colour)
|
|
388
|
+
"#" + self.class.label_details_for_package_manager(package_manager)
|
|
389
|
+
.fetch(:colour)
|
|
389
390
|
)
|
|
390
391
|
@labels = [*@labels, language_name].uniq
|
|
391
392
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/pull_request_creator/message_builder"
|
|
@@ -28,15 +29,15 @@ module Dependabot
|
|
|
28
29
|
# of them with an absolute link that uses the source URL
|
|
29
30
|
ISSUE_LINK_REGEXS.reduce(text) do |updated_text, regex|
|
|
30
31
|
updated_text.gsub(regex) do |issue_link|
|
|
31
|
-
tag = issue_link
|
|
32
|
-
match(/(?<tag>(?:\#|GH-)?\d+)/i)
|
|
33
|
-
named_captures.fetch("tag")
|
|
32
|
+
tag = issue_link
|
|
33
|
+
.match(/(?<tag>(?:\#|GH-)?\d+)/i)
|
|
34
|
+
.named_captures.fetch("tag")
|
|
34
35
|
number = tag.match(/\d+/).to_s
|
|
35
36
|
|
|
36
|
-
repo = issue_link
|
|
37
|
-
match("#{REPO_REGEX}#{TAG_REGEX}")
|
|
38
|
-
named_captures
|
|
39
|
-
fetch("repo", nil)
|
|
37
|
+
repo = issue_link
|
|
38
|
+
.match("#{REPO_REGEX}#{TAG_REGEX}")
|
|
39
|
+
&.named_captures
|
|
40
|
+
&.fetch("repo", nil)
|
|
40
41
|
source = repo ? "https://github.com/#{repo}" : source_url
|
|
41
42
|
|
|
42
43
|
"[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/pull_request_creator/message_builder"
|
|
@@ -202,9 +203,9 @@ module Dependabot
|
|
|
202
203
|
end
|
|
203
204
|
|
|
204
205
|
def link_issues(text:)
|
|
205
|
-
IssueLinker
|
|
206
|
-
new(source_url: source_url)
|
|
207
|
-
link_issues(text: text)
|
|
206
|
+
IssueLinker
|
|
207
|
+
.new(source_url: source_url)
|
|
208
|
+
.link_issues(text: text)
|
|
208
209
|
end
|
|
209
210
|
|
|
210
211
|
def fix_relative_links(text:, base_url:)
|
|
@@ -245,9 +246,9 @@ module Dependabot
|
|
|
245
246
|
end
|
|
246
247
|
|
|
247
248
|
def sanitize_links_and_mentions(text, unsafe: false)
|
|
248
|
-
LinkAndMentionSanitizer
|
|
249
|
-
new(github_redirection_service: github_redirection_service)
|
|
250
|
-
sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
|
|
249
|
+
LinkAndMentionSanitizer
|
|
250
|
+
.new(github_redirection_service: github_redirection_service)
|
|
251
|
+
.sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
|
|
251
252
|
end
|
|
252
253
|
|
|
253
254
|
def sanitize_template_tags(text)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "pathname"
|
|
@@ -392,15 +393,15 @@ module Dependabot
|
|
|
392
393
|
end
|
|
393
394
|
|
|
394
395
|
def updating_a_property?
|
|
395
|
-
dependencies.first
|
|
396
|
-
|
|
397
|
-
|
|
396
|
+
dependencies.first
|
|
397
|
+
.requirements
|
|
398
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
|
398
399
|
end
|
|
399
400
|
|
|
400
401
|
def updating_a_dependency_set?
|
|
401
|
-
dependencies.first
|
|
402
|
-
|
|
403
|
-
|
|
402
|
+
dependencies.first
|
|
403
|
+
.requirements
|
|
404
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
|
404
405
|
end
|
|
405
406
|
|
|
406
407
|
def removing_a_transitive_dependency?
|
|
@@ -413,9 +414,9 @@ module Dependabot
|
|
|
413
414
|
end
|
|
414
415
|
|
|
415
416
|
def property_name
|
|
416
|
-
@property_name ||= dependencies.first.requirements
|
|
417
|
-
|
|
418
|
-
dig(:metadata, :property_name)
|
|
417
|
+
@property_name ||= dependencies.first.requirements
|
|
418
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
419
|
+
&.dig(:metadata, :property_name)
|
|
419
420
|
|
|
420
421
|
raise "No property name!" unless @property_name
|
|
421
422
|
|
|
@@ -423,9 +424,9 @@ module Dependabot
|
|
|
423
424
|
end
|
|
424
425
|
|
|
425
426
|
def dependency_set
|
|
426
|
-
@dependency_set ||= dependencies.first.requirements
|
|
427
|
-
|
|
428
|
-
dig(:metadata, :dependency_set)
|
|
427
|
+
@dependency_set ||= dependencies.first.requirements
|
|
428
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
429
|
+
&.dig(:metadata, :dependency_set)
|
|
429
430
|
|
|
430
431
|
raise "No dependency set!" unless @dependency_set
|
|
431
432
|
|
|
@@ -596,9 +597,9 @@ module Dependabot
|
|
|
596
597
|
def metadata_finder(dependency)
|
|
597
598
|
@metadata_finder ||= {}
|
|
598
599
|
@metadata_finder[dependency.name] ||=
|
|
599
|
-
MetadataFinders
|
|
600
|
-
for_package_manager(dependency.package_manager)
|
|
601
|
-
new(dependency: dependency, credentials: credentials)
|
|
600
|
+
MetadataFinders
|
|
601
|
+
.for_package_manager(dependency.package_manager)
|
|
602
|
+
.new(dependency: dependency, credentials: credentials)
|
|
602
603
|
end
|
|
603
604
|
|
|
604
605
|
def pr_name_prefixer
|
|
@@ -648,8 +649,8 @@ module Dependabot
|
|
|
648
649
|
# TODO re-use in BranchNamer
|
|
649
650
|
def library?
|
|
650
651
|
# Reject any nested child gemspecs/vendored git dependencies
|
|
651
|
-
root_files = files.map(&:name)
|
|
652
|
-
|
|
652
|
+
root_files = files.map(&:name)
|
|
653
|
+
.select { |p| Pathname.new(p).dirname.to_s == "." }
|
|
653
654
|
return true if root_files.any? { |nm| nm.end_with?(".gemspec") }
|
|
654
655
|
|
|
655
656
|
dependencies.any? { |d| d.humanized_previous_version.nil? }
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/clients/azure"
|
|
@@ -179,12 +180,12 @@ module Dependabot
|
|
|
179
180
|
angular_only_pres = ANGULAR_PREFIXES - ESLINT_PREFIXES.map(&:downcase)
|
|
180
181
|
|
|
181
182
|
uses_eslint_only_pres =
|
|
182
|
-
recent_commit_messages
|
|
183
|
-
any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
|
183
|
+
recent_commit_messages
|
|
184
|
+
.any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
|
184
185
|
|
|
185
186
|
uses_angular_only_pres =
|
|
186
|
-
recent_commit_messages
|
|
187
|
-
any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
|
187
|
+
recent_commit_messages
|
|
188
|
+
.any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
|
188
189
|
|
|
189
190
|
# If using any angular-only prefixes, return true
|
|
190
191
|
# (i.e., we assume Angular over ESLint when both are present)
|
|
@@ -220,12 +221,12 @@ module Dependabot
|
|
|
220
221
|
raise "Not using angular commits!" unless using_angular_commit_messages?
|
|
221
222
|
|
|
222
223
|
recent_commits_using_chore =
|
|
223
|
-
recent_commit_messages
|
|
224
|
-
any? { |msg| msg.start_with?("chore", "Chore") }
|
|
224
|
+
recent_commit_messages
|
|
225
|
+
.any? { |msg| msg.start_with?("chore", "Chore") }
|
|
225
226
|
|
|
226
227
|
recent_commits_using_build =
|
|
227
|
-
recent_commit_messages
|
|
228
|
-
any? { |msg| msg.start_with?("build", "Build") }
|
|
228
|
+
recent_commit_messages
|
|
229
|
+
.any? { |msg| msg.start_with?("build", "Build") }
|
|
229
230
|
|
|
230
231
|
commit_prefix =
|
|
231
232
|
if recent_commits_using_chore && !recent_commits_using_build
|
|
@@ -246,8 +247,8 @@ module Dependabot
|
|
|
246
247
|
|
|
247
248
|
return last_dependabot_commit_message&.start_with?(/[A-Z]/) if semantic_messages.none?
|
|
248
249
|
|
|
249
|
-
capitalized_msgs = semantic_messages
|
|
250
|
-
select { |m| m.start_with?(/[A-Z]/) }
|
|
250
|
+
capitalized_msgs = semantic_messages
|
|
251
|
+
.select { |m| m.start_with?(/[A-Z]/) }
|
|
251
252
|
capitalized_msgs.count.to_f / semantic_messages.count > 0.5
|
|
252
253
|
end
|
|
253
254
|
|
|
@@ -255,8 +256,8 @@ module Dependabot
|
|
|
255
256
|
return false unless recent_commit_messages.any?
|
|
256
257
|
|
|
257
258
|
gitmoji_messages =
|
|
258
|
-
recent_commit_messages
|
|
259
|
-
select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
|
|
259
|
+
recent_commit_messages
|
|
260
|
+
.select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
|
|
260
261
|
|
|
261
262
|
gitmoji_messages.count / recent_commit_messages.count.to_f > 0.3
|
|
262
263
|
end
|
|
@@ -277,55 +278,55 @@ module Dependabot
|
|
|
277
278
|
end
|
|
278
279
|
|
|
279
280
|
def recent_github_commit_messages
|
|
280
|
-
recent_github_commits
|
|
281
|
-
reject { |c| c.author&.type == "Bot" }
|
|
282
|
-
reject { |c| c.commit&.message&.start_with?("Merge") }
|
|
283
|
-
map(&:commit)
|
|
284
|
-
filter_map(&:message)
|
|
285
|
-
map(&:strip)
|
|
281
|
+
recent_github_commits
|
|
282
|
+
.reject { |c| c.author&.type == "Bot" }
|
|
283
|
+
.reject { |c| c.commit&.message&.start_with?("Merge") }
|
|
284
|
+
.map(&:commit)
|
|
285
|
+
.filter_map(&:message)
|
|
286
|
+
.map(&:strip)
|
|
286
287
|
end
|
|
287
288
|
|
|
288
289
|
def recent_gitlab_commit_messages
|
|
289
290
|
@recent_gitlab_commit_messages ||=
|
|
290
291
|
gitlab_client_for_source.commits(source.repo)
|
|
291
292
|
|
|
292
|
-
@recent_gitlab_commit_messages
|
|
293
|
-
reject { |c| c.author_email == dependabot_email }
|
|
294
|
-
reject { |c| c.message&.start_with?("merge !") }
|
|
295
|
-
filter_map(&:message)
|
|
296
|
-
map(&:strip)
|
|
293
|
+
@recent_gitlab_commit_messages
|
|
294
|
+
.reject { |c| c.author_email == dependabot_email }
|
|
295
|
+
.reject { |c| c.message&.start_with?("merge !") }
|
|
296
|
+
.filter_map(&:message)
|
|
297
|
+
.map(&:strip)
|
|
297
298
|
end
|
|
298
299
|
|
|
299
300
|
def recent_azure_commit_messages
|
|
300
301
|
@recent_azure_commit_messages ||=
|
|
301
302
|
azure_client_for_source.commits
|
|
302
303
|
|
|
303
|
-
@recent_azure_commit_messages
|
|
304
|
-
reject { |c| azure_commit_author_email(c) == dependabot_email }
|
|
305
|
-
reject { |c| c.fetch("comment")&.start_with?("Merge") }
|
|
306
|
-
filter_map { |c| c.fetch("comment") }
|
|
307
|
-
map(&:strip)
|
|
304
|
+
@recent_azure_commit_messages
|
|
305
|
+
.reject { |c| azure_commit_author_email(c) == dependabot_email }
|
|
306
|
+
.reject { |c| c.fetch("comment")&.start_with?("Merge") }
|
|
307
|
+
.filter_map { |c| c.fetch("comment") }
|
|
308
|
+
.map(&:strip)
|
|
308
309
|
end
|
|
309
310
|
|
|
310
311
|
def recent_bitbucket_commit_messages
|
|
311
312
|
@recent_bitbucket_commit_messages ||=
|
|
312
313
|
bitbucket_client_for_source.commits(source.repo)
|
|
313
314
|
|
|
314
|
-
@recent_bitbucket_commit_messages
|
|
315
|
-
reject { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
|
316
|
-
filter_map { |c| c.fetch("message", nil) }
|
|
317
|
-
reject { |m| m.start_with?("Merge") }
|
|
318
|
-
map(&:strip)
|
|
315
|
+
@recent_bitbucket_commit_messages
|
|
316
|
+
.reject { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
|
317
|
+
.filter_map { |c| c.fetch("message", nil) }
|
|
318
|
+
.reject { |m| m.start_with?("Merge") }
|
|
319
|
+
.map(&:strip)
|
|
319
320
|
end
|
|
320
321
|
|
|
321
322
|
def recent_codecommit_commit_messages
|
|
322
323
|
@recent_codecommit_commit_messages ||=
|
|
323
324
|
codecommit_client_for_source.commits
|
|
324
|
-
@recent_codecommit_commit_messages.commits
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
325
|
+
@recent_codecommit_commit_messages.commits
|
|
326
|
+
.reject { |c| c.author.email == dependabot_email }
|
|
327
|
+
.reject { |c| c.message&.start_with?("Merge") }
|
|
328
|
+
.filter_map(&:message)
|
|
329
|
+
.map(&:strip)
|
|
329
330
|
end
|
|
330
331
|
|
|
331
332
|
def last_dependabot_commit_message
|
|
@@ -341,12 +342,12 @@ module Dependabot
|
|
|
341
342
|
end
|
|
342
343
|
|
|
343
344
|
def last_github_dependabot_commit_message
|
|
344
|
-
recent_github_commits
|
|
345
|
-
reject { |c| c.commit&.message&.start_with?("Merge") }
|
|
346
|
-
find { |c| c.commit.author&.name&.include?("dependabot") }
|
|
347
|
-
commit
|
|
348
|
-
message
|
|
349
|
-
strip
|
|
345
|
+
recent_github_commits
|
|
346
|
+
.reject { |c| c.commit&.message&.start_with?("Merge") }
|
|
347
|
+
.find { |c| c.commit.author&.name&.include?("dependabot") }
|
|
348
|
+
&.commit
|
|
349
|
+
&.message
|
|
350
|
+
&.strip
|
|
350
351
|
end
|
|
351
352
|
|
|
352
353
|
def recent_github_commits
|
|
@@ -360,40 +361,40 @@ module Dependabot
|
|
|
360
361
|
@recent_gitlab_commit_messages ||=
|
|
361
362
|
gitlab_client_for_source.commits(source.repo)
|
|
362
363
|
|
|
363
|
-
@recent_gitlab_commit_messages
|
|
364
|
-
find { |c| c.author_email == dependabot_email }
|
|
365
|
-
message
|
|
366
|
-
strip
|
|
364
|
+
@recent_gitlab_commit_messages
|
|
365
|
+
.find { |c| c.author_email == dependabot_email }
|
|
366
|
+
&.message
|
|
367
|
+
&.strip
|
|
367
368
|
end
|
|
368
369
|
|
|
369
370
|
def last_azure_dependabot_commit_message
|
|
370
371
|
@recent_azure_commit_messages ||=
|
|
371
372
|
azure_client_for_source.commits
|
|
372
373
|
|
|
373
|
-
@recent_azure_commit_messages
|
|
374
|
-
find { |c| azure_commit_author_email(c) == dependabot_email }
|
|
375
|
-
message
|
|
376
|
-
strip
|
|
374
|
+
@recent_azure_commit_messages
|
|
375
|
+
.find { |c| azure_commit_author_email(c) == dependabot_email }
|
|
376
|
+
&.message
|
|
377
|
+
&.strip
|
|
377
378
|
end
|
|
378
379
|
|
|
379
380
|
def last_bitbucket_dependabot_commit_message
|
|
380
381
|
@recent_bitbucket_commit_messages ||=
|
|
381
382
|
bitbucket_client_for_source.commits(source.repo)
|
|
382
383
|
|
|
383
|
-
@recent_bitbucket_commit_messages
|
|
384
|
-
find { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
|
385
|
-
fetch("message", nil)
|
|
386
|
-
strip
|
|
384
|
+
@recent_bitbucket_commit_messages
|
|
385
|
+
.find { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
|
386
|
+
&.fetch("message", nil)
|
|
387
|
+
&.strip
|
|
387
388
|
end
|
|
388
389
|
|
|
389
390
|
def last_codecommit_dependabot_commit_message
|
|
390
391
|
@recent_codecommit_commit_messages ||=
|
|
391
392
|
codecommit_client_for_source.commits(source.repo)
|
|
392
393
|
|
|
393
|
-
@recent_codecommit_commit_messages.commits
|
|
394
|
-
|
|
395
|
-
message
|
|
396
|
-
strip
|
|
394
|
+
@recent_codecommit_commit_messages.commits
|
|
395
|
+
.find { |c| c.author.email == dependabot_email }
|
|
396
|
+
&.message
|
|
397
|
+
&.strip
|
|
397
398
|
end
|
|
398
399
|
|
|
399
400
|
def azure_commit_author_email(commit)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/metadata_finders"
|
|
@@ -33,6 +34,12 @@ module Dependabot
|
|
|
33
34
|
|
|
34
35
|
class NoHistoryInCommon < StandardError; end
|
|
35
36
|
|
|
37
|
+
class UnmergedPRExists < StandardError; end
|
|
38
|
+
|
|
39
|
+
class BaseCommitNotUpToDate < StandardError; end
|
|
40
|
+
|
|
41
|
+
class UnexpectedError < StandardError; end
|
|
42
|
+
|
|
36
43
|
# AnnotationError is raised if a PR was created, but failed annotation
|
|
37
44
|
class AnnotationError < StandardError
|
|
38
45
|
attr_reader :cause, :pull_request
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "octokit"
|
|
@@ -197,12 +198,12 @@ module Dependabot
|
|
|
197
198
|
|
|
198
199
|
@commit_being_updated =
|
|
199
200
|
if pull_request.commits == 1
|
|
200
|
-
github_client_for_source
|
|
201
|
-
git_commit(source.repo, pull_request.head.sha)
|
|
201
|
+
github_client_for_source
|
|
202
|
+
.git_commit(source.repo, pull_request.head.sha)
|
|
202
203
|
else
|
|
203
204
|
commits =
|
|
204
|
-
github_client_for_source
|
|
205
|
-
pull_request_commits(source.repo, pull_request_number)
|
|
205
|
+
github_client_for_source
|
|
206
|
+
.pull_request_commits(source.repo, pull_request_number)
|
|
206
207
|
|
|
207
208
|
commit = commits.find { |c| c.sha == old_commit }
|
|
208
209
|
commit&.commit
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/version"
|
|
@@ -25,14 +26,14 @@ module Dependabot
|
|
|
25
26
|
raise ArgumentError, "must be a #{version_class}"
|
|
26
27
|
end
|
|
27
28
|
|
|
28
|
-
in_safe_range = safe_versions
|
|
29
|
-
any? { |r| r.satisfied_by?(version) }
|
|
29
|
+
in_safe_range = safe_versions
|
|
30
|
+
.any? { |r| r.satisfied_by?(version) }
|
|
30
31
|
|
|
31
32
|
# If version is known safe for this advisory, it's not vulnerable
|
|
32
33
|
return false if in_safe_range
|
|
33
34
|
|
|
34
|
-
in_vulnerable_range = vulnerable_versions
|
|
35
|
-
any? { |r| r.satisfied_by?(version) }
|
|
35
|
+
in_vulnerable_range = vulnerable_versions
|
|
36
|
+
.any? { |r| r.satisfied_by?(version) }
|
|
36
37
|
|
|
37
38
|
# If in the vulnerable range and not known safe, it's vulnerable
|
|
38
39
|
return true if in_vulnerable_range
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "digest"
|
|
@@ -235,10 +236,10 @@ module Dependabot
|
|
|
235
236
|
run_shell_command("git config --global --add safe.directory #{path}")
|
|
236
237
|
end
|
|
237
238
|
|
|
238
|
-
github_credentials = credentials
|
|
239
|
-
select { |c| c["type"] == "git_source" }
|
|
240
|
-
select { |c| c["host"] == "github.com" }
|
|
241
|
-
select { |c| c["password"] && c["username"] }
|
|
239
|
+
github_credentials = credentials
|
|
240
|
+
.select { |c| c["type"] == "git_source" }
|
|
241
|
+
.select { |c| c["host"] == "github.com" }
|
|
242
|
+
.select { |c| c["password"] && c["username"] }
|
|
242
243
|
|
|
243
244
|
# If multiple credentials are specified for github.com, pick the one that
|
|
244
245
|
# *isn't* just an app token (since it must have been added deliberately)
|