dependabot-common 0.230.0 → 0.232.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +4 -3
- data/lib/dependabot/clients/bitbucket.rb +4 -3
- data/lib/dependabot/clients/bitbucket_with_retries.rb +4 -3
- data/lib/dependabot/clients/codecommit.rb +6 -5
- data/lib/dependabot/clients/github_with_retries.rb +11 -10
- data/lib/dependabot/clients/gitlab_with_retries.rb +11 -10
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/config/file_fetcher.rb +1 -0
- data/lib/dependabot/config/ignore_condition.rb +1 -0
- data/lib/dependabot/config/update_config.rb +10 -9
- data/lib/dependabot/config.rb +1 -0
- data/lib/dependabot/dependency.rb +11 -10
- data/lib/dependabot/dependency_file.rb +1 -0
- data/lib/dependabot/dependency_group.rb +1 -0
- data/lib/dependabot/errors.rb +1 -0
- data/lib/dependabot/experiments.rb +1 -0
- data/lib/dependabot/file_fetchers/base.rb +27 -26
- data/lib/dependabot/file_fetchers.rb +1 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
- data/lib/dependabot/file_parsers/base.rb +1 -0
- data/lib/dependabot/file_parsers.rb +1 -0
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -0
- data/lib/dependabot/file_updaters/base.rb +1 -0
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -0
- data/lib/dependabot/file_updaters.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +22 -21
- data/lib/dependabot/git_metadata_fetcher.rb +13 -12
- data/lib/dependabot/logger.rb +1 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +26 -25
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +44 -43
- data/lib/dependabot/metadata_finders/base/release_finder.rb +25 -24
- data/lib/dependabot/metadata_finders/base.rb +3 -2
- data/lib/dependabot/metadata_finders.rb +1 -0
- data/lib/dependabot/pull_request_creator/azure.rb +1 -0
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +36 -35
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -0
- data/lib/dependabot/pull_request_creator/codecommit.rb +3 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +1 -0
- data/lib/dependabot/pull_request_creator/github.rb +23 -27
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +18 -17
- data/lib/dependabot/pull_request_creator/message.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +8 -7
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +18 -17
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +61 -60
- data/lib/dependabot/pull_request_creator.rb +7 -0
- data/lib/dependabot/pull_request_updater/azure.rb +1 -0
- data/lib/dependabot/pull_request_updater/github.rb +5 -4
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_updater.rb +1 -0
- data/lib/dependabot/registry_client.rb +1 -0
- data/lib/dependabot/security_advisory.rb +5 -4
- data/lib/dependabot/shared_helpers.rb +5 -4
- data/lib/dependabot/simple_instrumentor.rb +1 -0
- data/lib/dependabot/source.rb +5 -4
- data/lib/dependabot/update_checkers/base.rb +7 -6
- data/lib/dependabot/update_checkers/version_filters.rb +1 -0
- data/lib/dependabot/update_checkers.rb +1 -0
- data/lib/dependabot/utils.rb +1 -0
- data/lib/dependabot/version.rb +1 -0
- data/lib/dependabot/workspace/base.rb +1 -0
- data/lib/dependabot/workspace/change_attempt.rb +1 -0
- data/lib/dependabot/workspace/git.rb +1 -0
- data/lib/dependabot/workspace.rb +1 -0
- data/lib/dependabot.rb +2 -1
- data/lib/wildcard_matcher.rb +4 -3
- metadata +31 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 07f0955f06c02ad1e76f3fb987d63ad6eb391442e0bf51a66f51f20020437cf1
|
4
|
+
data.tar.gz: 660dd52a79fc8529d621dec221849c0baa09de69a3e3cef6bc71d5c3ae322387
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 42194277fe832e0590ecb48037a90d06943d33d514216f82fd028a4822215292042b6b1f0fb9dfce7728d2100e8b0ef1571b9d067fbbc7492807c0db371e860e
|
7
|
+
data.tar.gz: 5f0397b9b76dc38c1adc68c86dd8ef37c16b516ff36f6a8ef0e2f94c285ecbc5586395ede542af9133a3137e24593304a5fcc3199cc7208e93f1dada63c06519
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -28,9 +29,9 @@ module Dependabot
|
|
28
29
|
|
29
30
|
def self.for_source(source:, credentials:)
|
30
31
|
credential =
|
31
|
-
credentials
|
32
|
-
select { |cred| cred["type"] == "git_source" }
|
33
|
-
find { |cred| cred["host"] == source.hostname }
|
32
|
+
credentials
|
33
|
+
.select { |cred| cred["type"] == "git_source" }
|
34
|
+
.find { |cred| cred["host"] == source.hostname }
|
34
35
|
|
35
36
|
new(source, credential)
|
36
37
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -20,9 +21,9 @@ module Dependabot
|
|
20
21
|
|
21
22
|
def self.for_source(source:, credentials:)
|
22
23
|
credential =
|
23
|
-
credentials
|
24
|
-
select { |cred| cred["type"] == "git_source" }
|
25
|
-
find { |cred| cred["host"] == source.hostname }
|
24
|
+
credentials
|
25
|
+
.select { |cred| cred["type"] == "git_source" }
|
26
|
+
.find { |cred| cred["host"] == source.hostname }
|
26
27
|
|
27
28
|
new(credentials: credential)
|
28
29
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require_relative "bitbucket"
|
@@ -16,9 +17,9 @@ module Dependabot
|
|
16
17
|
|
17
18
|
def self.for_bitbucket_dot_org(credentials:)
|
18
19
|
credential =
|
19
|
-
credentials
|
20
|
-
select { |cred| cred["type"] == "git_source" }
|
21
|
-
find { |cred| cred["host"] == "bitbucket.org" }
|
20
|
+
credentials
|
21
|
+
.select { |cred| cred["type"] == "git_source" }
|
22
|
+
.find { |cred| cred["host"] == "bitbucket.org" }
|
22
23
|
|
23
24
|
new(credentials: credential)
|
24
25
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -13,9 +14,9 @@ module Dependabot
|
|
13
14
|
|
14
15
|
def self.for_source(source:, credentials:)
|
15
16
|
credential =
|
16
|
-
credentials
|
17
|
-
select { |cred| cred["type"] == "git_source" }
|
18
|
-
find { |cred| cred["region"] == source.hostname }
|
17
|
+
credentials
|
18
|
+
.select { |cred| cred["type"] == "git_source" }
|
19
|
+
.find { |cred| cred["region"] == source.hostname }
|
19
20
|
|
20
21
|
new(source, credential)
|
21
22
|
end
|
@@ -146,8 +147,8 @@ module Dependabot
|
|
146
147
|
pull_request_id: id
|
147
148
|
)
|
148
149
|
# only include PRs from the referenced branch
|
149
|
-
if pr_hash.pull_request.pull_request_targets[0]
|
150
|
-
|
150
|
+
if pr_hash.pull_request.pull_request_targets[0]
|
151
|
+
.source_reference.include? branch
|
151
152
|
result << pr_hash
|
152
153
|
end
|
153
154
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "octokit"
|
@@ -38,11 +39,11 @@ module Dependabot
|
|
38
39
|
|
39
40
|
def self.for_source(source:, credentials:)
|
40
41
|
access_tokens =
|
41
|
-
credentials
|
42
|
-
select { |cred| cred["type"] == "git_source" }
|
43
|
-
select { |cred| cred["host"] == source.hostname }
|
44
|
-
select { |cred| cred["password"] }
|
45
|
-
map { |cred| cred.fetch("password") }
|
42
|
+
credentials
|
43
|
+
.select { |cred| cred["type"] == "git_source" }
|
44
|
+
.select { |cred| cred["host"] == source.hostname }
|
45
|
+
.select { |cred| cred["password"] }
|
46
|
+
.map { |cred| cred.fetch("password") }
|
46
47
|
|
47
48
|
new(
|
48
49
|
access_tokens: access_tokens,
|
@@ -52,11 +53,11 @@ module Dependabot
|
|
52
53
|
|
53
54
|
def self.for_github_dot_com(credentials:)
|
54
55
|
access_tokens =
|
55
|
-
credentials
|
56
|
-
select { |cred| cred["type"] == "git_source" }
|
57
|
-
select { |cred| cred["host"] == "github.com" }
|
58
|
-
select { |cred| cred["password"] }
|
59
|
-
map { |cred| cred.fetch("password") }
|
56
|
+
credentials
|
57
|
+
.select { |cred| cred["type"] == "git_source" }
|
58
|
+
.select { |cred| cred["host"] == "github.com" }
|
59
|
+
.select { |cred| cred["password"] }
|
60
|
+
.map { |cred| cred.fetch("password") }
|
60
61
|
|
61
62
|
new(access_tokens: access_tokens)
|
62
63
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "gitlab"
|
@@ -18,11 +19,11 @@ module Dependabot
|
|
18
19
|
|
19
20
|
def self.for_source(source:, credentials:)
|
20
21
|
access_token =
|
21
|
-
credentials
|
22
|
-
select { |cred| cred["type"] == "git_source" }
|
23
|
-
select { |cred| cred["password"] }
|
24
|
-
find { |cred| cred["host"] == source.hostname }
|
25
|
-
fetch("password")
|
22
|
+
credentials
|
23
|
+
.select { |cred| cred["type"] == "git_source" }
|
24
|
+
.select { |cred| cred["password"] }
|
25
|
+
.find { |cred| cred["host"] == source.hostname }
|
26
|
+
&.fetch("password")
|
26
27
|
|
27
28
|
new(
|
28
29
|
endpoint: source.api_endpoint,
|
@@ -32,11 +33,11 @@ module Dependabot
|
|
32
33
|
|
33
34
|
def self.for_gitlab_dot_com(credentials:)
|
34
35
|
access_token =
|
35
|
-
credentials
|
36
|
-
select { |cred| cred["type"] == "git_source" }
|
37
|
-
select { |cred| cred["password"] }
|
38
|
-
find { |cred| cred["host"] == "gitlab.com" }
|
39
|
-
fetch("password")
|
36
|
+
credentials
|
37
|
+
.select { |cred| cred["type"] == "git_source" }
|
38
|
+
.select { |cred| cred["password"] }
|
39
|
+
.find { |cred| cred["host"] == "gitlab.com" }
|
40
|
+
&.fetch("password")
|
40
41
|
|
41
42
|
new(
|
42
43
|
endpoint: "https://gitlab.com/api/v4",
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/config/ignore_condition"
|
@@ -16,20 +17,20 @@ module Dependabot
|
|
16
17
|
normalizer = name_normaliser_for(dependency)
|
17
18
|
dep_name = normalizer.call(dependency.name)
|
18
19
|
|
19
|
-
@ignore_conditions
|
20
|
-
select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }
|
21
|
-
map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
22
|
-
flatten
|
23
|
-
compact
|
24
|
-
uniq
|
20
|
+
@ignore_conditions
|
21
|
+
.select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }
|
22
|
+
.map { |ic| ic.ignored_versions(dependency, security_updates_only) }
|
23
|
+
.flatten
|
24
|
+
.compact
|
25
|
+
.uniq
|
25
26
|
end
|
26
27
|
|
27
28
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
28
29
|
return false unless wildcard_string && candidate_string
|
29
30
|
|
30
|
-
regex_string = "a#{wildcard_string.downcase}a".split("*")
|
31
|
-
|
32
|
-
|
31
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*")
|
32
|
+
.map { |p| Regexp.quote(p) }
|
33
|
+
.join(".*").gsub(/^a|a$/, "")
|
33
34
|
regex = /^#{regex_string}$/
|
34
35
|
regex.match?(candidate_string.downcase)
|
35
36
|
end
|
data/lib/dependabot/config.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/version"
|
@@ -50,8 +51,8 @@ module Dependabot
|
|
50
51
|
previous_requirements&.map { |req| symbolize_keys(req) }
|
51
52
|
@package_manager = package_manager
|
52
53
|
unless top_level? || subdependency_metadata == []
|
53
|
-
@subdependency_metadata = subdependency_metadata
|
54
|
-
map { |h| symbolize_keys(h) }
|
54
|
+
@subdependency_metadata = subdependency_metadata
|
55
|
+
&.map { |h| symbolize_keys(h) }
|
55
56
|
end
|
56
57
|
@removed = removed
|
57
58
|
@metadata = symbolize_keys(metadata || {})
|
@@ -93,9 +94,9 @@ module Dependabot
|
|
93
94
|
|
94
95
|
groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
|
95
96
|
|
96
|
-
self.class
|
97
|
-
|
98
|
-
|
97
|
+
self.class
|
98
|
+
.production_check_for_package_manager(package_manager)
|
99
|
+
.call(groups)
|
99
100
|
end
|
100
101
|
|
101
102
|
def subdependency_production_check
|
@@ -148,9 +149,9 @@ module Dependabot
|
|
148
149
|
end
|
149
150
|
|
150
151
|
def docker_digest_from_reqs(requirements)
|
151
|
-
requirements
|
152
|
-
filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
|
153
|
-
first
|
152
|
+
requirements
|
153
|
+
.filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
|
154
|
+
.first
|
154
155
|
end
|
155
156
|
|
156
157
|
def previous_ref
|
@@ -259,8 +260,8 @@ module Dependabot
|
|
259
260
|
|
260
261
|
required_keys = %i(requirement file groups source)
|
261
262
|
optional_keys = %i(metadata)
|
262
|
-
unless requirement_fields.flatten
|
263
|
-
|
263
|
+
unless requirement_fields.flatten
|
264
|
+
.all? { |r| required_keys.sort == (r.keys - optional_keys).sort }
|
264
265
|
raise ArgumentError, "each requirement must have the following " \
|
265
266
|
"required keys: #{required_keys.join(', ')}." \
|
266
267
|
"Optionally, it may have the following keys: " \
|
data/lib/dependabot/errors.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "stringio"
|
@@ -125,9 +126,9 @@ module Dependabot
|
|
125
126
|
basename = File.basename(filename)
|
126
127
|
|
127
128
|
repo_includes_basename =
|
128
|
-
repo_contents(dir: dir, fetch_submodules: fetch_submodules)
|
129
|
-
reject { |f| f.type == "dir" }
|
130
|
-
map(&:name).include?(basename)
|
129
|
+
repo_contents(dir: dir, fetch_submodules: fetch_submodules)
|
130
|
+
.reject { |f| f.type == "dir" }
|
131
|
+
.map(&:name).include?(basename)
|
131
132
|
return unless repo_includes_basename
|
132
133
|
|
133
134
|
fetch_file_from_host(filename, fetch_submodules: fetch_submodules)
|
@@ -215,8 +216,8 @@ module Dependabot
|
|
215
216
|
end
|
216
217
|
|
217
218
|
def default_branch_for_repo
|
218
|
-
@default_branch_for_repo ||= client_for_provider
|
219
|
-
fetch_default_branch(repo)
|
219
|
+
@default_branch_for_repo ||= client_for_provider
|
220
|
+
.fetch_default_branch(repo)
|
220
221
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
221
222
|
raise Dependabot::RepoNotFound, source
|
222
223
|
end
|
@@ -277,22 +278,22 @@ module Dependabot
|
|
277
278
|
|
278
279
|
def azure_client
|
279
280
|
@azure_client ||=
|
280
|
-
Dependabot::Clients::Azure
|
281
|
-
for_source(source: source, credentials: credentials)
|
281
|
+
Dependabot::Clients::Azure
|
282
|
+
.for_source(source: source, credentials: credentials)
|
282
283
|
end
|
283
284
|
|
284
285
|
def bitbucket_client
|
285
286
|
# TODO: When self-hosted Bitbucket is supported this should use
|
286
287
|
# `Bitbucket.for_source`
|
287
288
|
@bitbucket_client ||=
|
288
|
-
Dependabot::Clients::BitbucketWithRetries
|
289
|
-
for_bitbucket_dot_org(credentials: credentials)
|
289
|
+
Dependabot::Clients::BitbucketWithRetries
|
290
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
290
291
|
end
|
291
292
|
|
292
293
|
def codecommit_client
|
293
294
|
@codecommit_client ||=
|
294
|
-
Dependabot::Clients::CodeCommit
|
295
|
-
for_source(source: source, credentials: credentials)
|
295
|
+
Dependabot::Clients::CodeCommit
|
296
|
+
.for_source(source: source, credentials: credentials)
|
296
297
|
end
|
297
298
|
|
298
299
|
#################################################
|
@@ -303,8 +304,8 @@ module Dependabot
|
|
303
304
|
raise_errors: true)
|
304
305
|
path = path.gsub(" ", "%20")
|
305
306
|
provider, repo, tmp_path, commit =
|
306
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
307
|
-
values_at(:provider, :repo, :path, :commit)
|
307
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
308
|
+
.values_at(:provider, :repo, :path, :commit)
|
308
309
|
|
309
310
|
_fetch_repo_contents_fully_specified(provider, repo, tmp_path, commit)
|
310
311
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
@@ -315,8 +316,8 @@ module Dependabot
|
|
315
316
|
# it's because we've found a sub-module (and are fetching them). Trigger
|
316
317
|
# a retry to get its contents.
|
317
318
|
updated_path =
|
318
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
319
|
-
fetch(:path)
|
319
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
320
|
+
.fetch(:path)
|
320
321
|
retry if updated_path != tmp_path
|
321
322
|
|
322
323
|
return result.call unless fetch_submodules && !retrying
|
@@ -392,9 +393,9 @@ module Dependabot
|
|
392
393
|
end
|
393
394
|
|
394
395
|
def _gitlab_repo_contents(repo, path, commit)
|
395
|
-
gitlab_client
|
396
|
-
repo_tree(repo, path: path, ref: commit, per_page: 100)
|
397
|
-
map do |file|
|
396
|
+
gitlab_client
|
397
|
+
.repo_tree(repo, path: path, ref: commit, per_page: 100)
|
398
|
+
.map do |file|
|
398
399
|
# GitLab API essentially returns the output from `git ls-tree`
|
399
400
|
type = case file.type
|
400
401
|
when "blob" then "file"
|
@@ -477,9 +478,9 @@ module Dependabot
|
|
477
478
|
sub_path =
|
478
479
|
path.gsub(%r{^#{Regexp.quote(_linked_dir_for(path))}(/|$)}, "")
|
479
480
|
new_path =
|
480
|
-
Pathname.new(File.join(linked_dir_details.fetch(:path), sub_path))
|
481
|
-
|
482
|
-
|
481
|
+
Pathname.new(File.join(linked_dir_details.fetch(:path), sub_path))
|
482
|
+
.cleanpath.to_path
|
483
|
+
.gsub(%r{^/}, "")
|
483
484
|
{
|
484
485
|
repo: linked_dir_details.fetch(:repo),
|
485
486
|
commit: linked_dir_details.fetch(:commit),
|
@@ -500,8 +501,8 @@ module Dependabot
|
|
500
501
|
path = path.gsub(%r{^/*}, "")
|
501
502
|
|
502
503
|
provider, repo, path, commit =
|
503
|
-
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
504
|
-
values_at(:provider, :repo, :path, :commit)
|
504
|
+
_full_specification_for(path, fetch_submodules: fetch_submodules)
|
505
|
+
.values_at(:provider, :repo, :path, :commit)
|
505
506
|
|
506
507
|
_fetch_file_content_fully_specified(provider, repo, path, commit)
|
507
508
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
@@ -596,9 +597,9 @@ module Dependabot
|
|
596
597
|
|
597
598
|
def _linked_dir_for(path)
|
598
599
|
linked_dirs = @linked_paths.keys
|
599
|
-
linked_dirs
|
600
|
-
select { |k| path.match?(%r{^#{Regexp.quote(k)}(/|$)}) }
|
601
|
-
max_by(&:length)
|
600
|
+
linked_dirs
|
601
|
+
.select { |k| path.match?(%r{^#{Regexp.quote(k)}(/|$)}) }
|
602
|
+
.max_by(&:length)
|
602
603
|
end
|
603
604
|
|
604
605
|
# rubocop:disable Metrics/AbcSize
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -188,8 +189,8 @@ module Dependabot
|
|
188
189
|
end
|
189
190
|
|
190
191
|
def most_specific_version_tag_for_sha(commit_sha)
|
191
|
-
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
192
|
-
|
192
|
+
tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
|
193
|
+
.sort_by { |t| version_class.new(t.name) }
|
193
194
|
return if tags.empty?
|
194
195
|
|
195
196
|
tags[-1].name
|
@@ -197,16 +198,16 @@ module Dependabot
|
|
197
198
|
|
198
199
|
def allowed_versions(local_tags)
|
199
200
|
tags =
|
200
|
-
local_tags
|
201
|
-
select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
202
|
-
filtered = tags
|
203
|
-
reject { |t| tag_included_in_ignore_requirements?(t) }
|
201
|
+
local_tags
|
202
|
+
.select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
203
|
+
filtered = tags
|
204
|
+
.reject { |t| tag_included_in_ignore_requirements?(t) }
|
204
205
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
|
205
206
|
raise Dependabot::AllVersionsIgnored
|
206
207
|
end
|
207
208
|
|
208
|
-
filtered
|
209
|
-
reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
209
|
+
filtered
|
210
|
+
.reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
|
210
211
|
end
|
211
212
|
|
212
213
|
def pinned_ref_in_release?(version)
|
@@ -285,15 +286,15 @@ module Dependabot
|
|
285
286
|
end
|
286
287
|
|
287
288
|
def github_commit_comparison_status(ref1, ref2)
|
288
|
-
client = Clients::GithubWithRetries
|
289
|
-
for_github_dot_com(credentials: credentials)
|
289
|
+
client = Clients::GithubWithRetries
|
290
|
+
.for_github_dot_com(credentials: credentials)
|
290
291
|
|
291
292
|
client.compare(listing_source_repo, ref1, ref2).status
|
292
293
|
end
|
293
294
|
|
294
295
|
def gitlab_commit_comparison_status(ref1, ref2)
|
295
|
-
client = Clients::GitlabWithRetries
|
296
|
-
for_gitlab_dot_com(credentials: credentials)
|
296
|
+
client = Clients::GitlabWithRetries
|
297
|
+
.for_gitlab_dot_com(credentials: credentials)
|
297
298
|
|
298
299
|
comparison = client.compare(listing_source_repo, ref1, ref2)
|
299
300
|
|
@@ -309,8 +310,8 @@ module Dependabot
|
|
309
310
|
"#{listing_source_repo}/commits/?" \
|
310
311
|
"include=#{ref2}&exclude=#{ref1}"
|
311
312
|
|
312
|
-
client = Clients::BitbucketWithRetries
|
313
|
-
for_bitbucket_dot_org(credentials: credentials)
|
313
|
+
client = Clients::BitbucketWithRetries
|
314
|
+
.for_bitbucket_dot_org(credentials: credentials)
|
314
315
|
|
315
316
|
response = client.get(url)
|
316
317
|
|
@@ -373,10 +374,10 @@ module Dependabot
|
|
373
374
|
package_manager: dependency.package_manager
|
374
375
|
)
|
375
376
|
|
376
|
-
MetadataFinders
|
377
|
-
for_package_manager(dependency.package_manager)
|
378
|
-
new(dependency: candidate_dep, credentials: credentials)
|
379
|
-
source_url
|
377
|
+
MetadataFinders
|
378
|
+
.for_package_manager(dependency.package_manager)
|
379
|
+
.new(dependency: candidate_dep, credentials: credentials)
|
380
|
+
.source_url
|
380
381
|
end
|
381
382
|
end
|
382
383
|
|
@@ -387,9 +388,9 @@ module Dependabot
|
|
387
388
|
end
|
388
389
|
|
389
390
|
def listing_tag_for_version(version)
|
390
|
-
listing_tags
|
391
|
-
find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
392
|
-
name
|
391
|
+
listing_tags
|
392
|
+
.find { |t| t.name =~ /(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/ }
|
393
|
+
&.name
|
393
394
|
end
|
394
395
|
|
395
396
|
def listing_tags
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -50,20 +51,20 @@ module Dependabot
|
|
50
51
|
# causes problems for our `sha_for_update_pack_line` logic. The format
|
51
52
|
# of this opening clause is documented at
|
52
53
|
# https://git-scm.com/docs/http-protocol#_smart_server_response
|
53
|
-
line = upload_pack.gsub(/^[0-9a-f]{4}# service=git-upload-pack/, "")
|
54
|
-
|
54
|
+
line = upload_pack.gsub(/^[0-9a-f]{4}# service=git-upload-pack/, "")
|
55
|
+
.lines.find { |l| l.include?(" HEAD") }
|
55
56
|
return sha_for_update_pack_line(line) if line
|
56
57
|
end
|
57
58
|
|
58
|
-
refs_for_upload_pack
|
59
|
-
find { |r| r.name == ref }
|
60
|
-
commit_sha
|
59
|
+
refs_for_upload_pack
|
60
|
+
.find { |r| r.name == ref }
|
61
|
+
&.commit_sha
|
61
62
|
end
|
62
63
|
|
63
64
|
def head_commit_for_ref_sha(ref)
|
64
|
-
refs_for_upload_pack
|
65
|
-
find { |r| r.ref_sha == ref }
|
66
|
-
commit_sha
|
65
|
+
refs_for_upload_pack
|
66
|
+
.find { |r| r.ref_sha == ref }
|
67
|
+
&.commit_sha
|
67
68
|
end
|
68
69
|
|
69
70
|
private
|
@@ -151,8 +152,8 @@ module Dependabot
|
|
151
152
|
# Loop through the peeled lines, updating the commit_sha for any
|
152
153
|
# matching tags in our results hash
|
153
154
|
peeled_lines.each do |line|
|
154
|
-
ref_name = line.split(%r{ refs/(tags|heads)/})
|
155
|
-
|
155
|
+
ref_name = line.split(%r{ refs/(tags|heads)/})
|
156
|
+
.last.strip.gsub(/\^{}$/, "")
|
156
157
|
next unless result[ref_name]
|
157
158
|
|
158
159
|
result[ref_name].commit_sha = sha_for_update_pack_line(line)
|
@@ -190,8 +191,8 @@ module Dependabot
|
|
190
191
|
def uri_with_auth(uri)
|
191
192
|
uri = SharedHelpers.scp_to_standard(uri)
|
192
193
|
uri = URI(uri)
|
193
|
-
cred = credentials.select { |c| c["type"] == "git_source" }
|
194
|
-
|
194
|
+
cred = credentials.select { |c| c["type"] == "git_source" }
|
195
|
+
.find { |c| uri.host == c["host"] }
|
195
196
|
|
196
197
|
uri.scheme = "https" if uri.scheme != "http"
|
197
198
|
|
data/lib/dependabot/logger.rb
CHANGED