dependabot-common 0.230.0 → 0.232.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +4 -3
- data/lib/dependabot/clients/bitbucket.rb +4 -3
- data/lib/dependabot/clients/bitbucket_with_retries.rb +4 -3
- data/lib/dependabot/clients/codecommit.rb +6 -5
- data/lib/dependabot/clients/github_with_retries.rb +11 -10
- data/lib/dependabot/clients/gitlab_with_retries.rb +11 -10
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/config/file_fetcher.rb +1 -0
- data/lib/dependabot/config/ignore_condition.rb +1 -0
- data/lib/dependabot/config/update_config.rb +10 -9
- data/lib/dependabot/config.rb +1 -0
- data/lib/dependabot/dependency.rb +11 -10
- data/lib/dependabot/dependency_file.rb +1 -0
- data/lib/dependabot/dependency_group.rb +1 -0
- data/lib/dependabot/errors.rb +1 -0
- data/lib/dependabot/experiments.rb +1 -0
- data/lib/dependabot/file_fetchers/base.rb +27 -26
- data/lib/dependabot/file_fetchers.rb +1 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
- data/lib/dependabot/file_parsers/base.rb +1 -0
- data/lib/dependabot/file_parsers.rb +1 -0
- data/lib/dependabot/file_updaters/artifact_updater.rb +1 -0
- data/lib/dependabot/file_updaters/base.rb +1 -0
- data/lib/dependabot/file_updaters/vendor_updater.rb +1 -0
- data/lib/dependabot/file_updaters.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +22 -21
- data/lib/dependabot/git_metadata_fetcher.rb +13 -12
- data/lib/dependabot/logger.rb +1 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +26 -25
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +44 -43
- data/lib/dependabot/metadata_finders/base/release_finder.rb +25 -24
- data/lib/dependabot/metadata_finders/base.rb +3 -2
- data/lib/dependabot/metadata_finders.rb +1 -0
- data/lib/dependabot/pull_request_creator/azure.rb +1 -0
- data/lib/dependabot/pull_request_creator/bitbucket.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/base.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +1 -0
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +36 -35
- data/lib/dependabot/pull_request_creator/branch_namer.rb +1 -0
- data/lib/dependabot/pull_request_creator/codecommit.rb +3 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +1 -0
- data/lib/dependabot/pull_request_creator/github.rb +23 -27
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +18 -17
- data/lib/dependabot/pull_request_creator/message.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +8 -7
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +7 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +18 -17
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +61 -60
- data/lib/dependabot/pull_request_creator.rb +7 -0
- data/lib/dependabot/pull_request_updater/azure.rb +1 -0
- data/lib/dependabot/pull_request_updater/github.rb +5 -4
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -0
- data/lib/dependabot/pull_request_updater.rb +1 -0
- data/lib/dependabot/registry_client.rb +1 -0
- data/lib/dependabot/security_advisory.rb +5 -4
- data/lib/dependabot/shared_helpers.rb +5 -4
- data/lib/dependabot/simple_instrumentor.rb +1 -0
- data/lib/dependabot/source.rb +5 -4
- data/lib/dependabot/update_checkers/base.rb +7 -6
- data/lib/dependabot/update_checkers/version_filters.rb +1 -0
- data/lib/dependabot/update_checkers.rb +1 -0
- data/lib/dependabot/utils.rb +1 -0
- data/lib/dependabot/version.rb +1 -0
- data/lib/dependabot/workspace/base.rb +1 -0
- data/lib/dependabot/workspace/change_attempt.rb +1 -0
- data/lib/dependabot/workspace/git.rb +1 -0
- data/lib/dependabot/workspace.rb +1 -0
- data/lib/dependabot.rb +2 -1
- data/lib/wildcard_matcher.rb +4 -3
- metadata +31 -3
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "octokit"
|
@@ -42,8 +43,12 @@ module Dependabot
|
|
42
43
|
end
|
43
44
|
|
44
45
|
def create
|
45
|
-
|
46
|
-
|
46
|
+
if branch_exists?(branch_name) && unmerged_pull_request_exists?
|
47
|
+
raise UnmergedPRExists, "PR ##{unmerged_pull_requests.first.number} already exists"
|
48
|
+
end
|
49
|
+
if require_up_to_date_base? && !base_commit_is_up_to_date?
|
50
|
+
raise BaseCommitNotUpToDate, "HEAD #{head_commit} does not match base #{base_commit}"
|
51
|
+
end
|
47
52
|
|
48
53
|
create_annotated_pull_request
|
49
54
|
rescue AnnotationError, Octokit::Error => e
|
@@ -75,7 +80,11 @@ module Dependabot
|
|
75
80
|
# rubocop:enable Metrics/PerceivedComplexity
|
76
81
|
|
77
82
|
def unmerged_pull_request_exists?
|
78
|
-
|
83
|
+
unmerged_pull_requests.any?
|
84
|
+
end
|
85
|
+
|
86
|
+
def unmerged_pull_requests
|
87
|
+
pull_requests_for_branch.reject(&:merged)
|
79
88
|
end
|
80
89
|
|
81
90
|
def pull_requests_for_branch
|
@@ -105,16 +114,20 @@ module Dependabot
|
|
105
114
|
end
|
106
115
|
|
107
116
|
def base_commit_is_up_to_date?
|
108
|
-
|
117
|
+
head_commit == base_commit
|
118
|
+
end
|
119
|
+
|
120
|
+
def head_commit
|
121
|
+
@head_commit ||= git_metadata_fetcher.head_commit_for_ref(target_branch)
|
109
122
|
end
|
110
123
|
|
111
124
|
def create_annotated_pull_request
|
112
125
|
commit = create_commit
|
113
126
|
branch = create_or_update_branch(commit)
|
114
|
-
|
127
|
+
raise UnexpectedError, "Branch not created" unless branch
|
115
128
|
|
116
129
|
pull_request = create_pull_request
|
117
|
-
|
130
|
+
raise UnexpectedError, "PR not created" unless pull_request
|
118
131
|
|
119
132
|
begin
|
120
133
|
annotate_pull_request(pull_request)
|
@@ -219,10 +232,7 @@ module Dependabot
|
|
219
232
|
# A race condition may cause GitHub to fail here, in which case we retry
|
220
233
|
retry_count ||= 0
|
221
234
|
retry_count += 1
|
222
|
-
if retry_count > 10
|
223
|
-
raise "Repeatedly failed to create or update branch #{branch_name} " \
|
224
|
-
"with commit #{commit.sha}."
|
225
|
-
end
|
235
|
+
raise if retry_count > 10
|
226
236
|
|
227
237
|
sleep(rand(1..1.99))
|
228
238
|
retry
|
@@ -303,8 +313,8 @@ module Dependabot
|
|
303
313
|
reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
|
304
314
|
reviewers = []
|
305
315
|
reviewers += reviewers_hash[:reviewers] || []
|
306
|
-
reviewers += (reviewers_hash[:team_reviewers] || [])
|
307
|
-
map { |rv| "#{source.repo.split('/').first}/#{rv}" }
|
316
|
+
reviewers += (reviewers_hash[:team_reviewers] || [])
|
317
|
+
.map { |rv| "#{source.repo.split('/').first}/#{rv}" }
|
308
318
|
|
309
319
|
reviewers_string =
|
310
320
|
if reviewers.count == 1
|
@@ -358,9 +368,7 @@ module Dependabot
|
|
358
368
|
pr_description,
|
359
369
|
headers: custom_headers || {}
|
360
370
|
)
|
361
|
-
rescue Octokit::UnprocessableEntity
|
362
|
-
return handle_pr_creation_error(e) if e.message.include? "Error summary"
|
363
|
-
|
371
|
+
rescue Octokit::UnprocessableEntity
|
364
372
|
# Sometimes PR creation fails with no details (presumably because the
|
365
373
|
# details are internal). It doesn't hurt to retry in these cases, in
|
366
374
|
# case the cause is a race.
|
@@ -371,18 +379,6 @@ module Dependabot
|
|
371
379
|
retry
|
372
380
|
end
|
373
381
|
|
374
|
-
def handle_pr_creation_error(error)
|
375
|
-
# Ignore races that we lose
|
376
|
-
return if error.message.include?("pull request already exists")
|
377
|
-
|
378
|
-
# Ignore cases where the target branch has been deleted
|
379
|
-
return if error.message.include?("field: base") &&
|
380
|
-
source.branch &&
|
381
|
-
!branch_exists?(source.branch)
|
382
|
-
|
383
|
-
raise
|
384
|
-
end
|
385
|
-
|
386
382
|
def target_branch
|
387
383
|
source.branch || default_branch
|
388
384
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "octokit"
|
@@ -137,8 +138,8 @@ module Dependabot
|
|
137
138
|
version_str = dep.previous_version
|
138
139
|
return version_str if version_class.correct?(version_str)
|
139
140
|
|
140
|
-
source = dep.previous_requirements
|
141
|
-
|
141
|
+
source = dep.previous_requirements
|
142
|
+
.find { |r| r.fetch(:source) }&.fetch(:source)
|
142
143
|
type = source&.fetch("type", nil) || source&.fetch(:type)
|
143
144
|
return version_str unless type == "git"
|
144
145
|
|
@@ -233,8 +234,8 @@ module Dependabot
|
|
233
234
|
|
234
235
|
def language_label
|
235
236
|
label_name =
|
236
|
-
self.class.label_details_for_package_manager(package_manager)
|
237
|
-
|
237
|
+
self.class.label_details_for_package_manager(package_manager)
|
238
|
+
.fetch(:name)
|
238
239
|
labels.find { |l| l.casecmp(label_name).zero? }
|
239
240
|
end
|
240
241
|
|
@@ -252,9 +253,9 @@ module Dependabot
|
|
252
253
|
client = github_client_for_source
|
253
254
|
|
254
255
|
labels =
|
255
|
-
client
|
256
|
-
labels(source.repo, per_page: 100)
|
257
|
-
map(&:name)
|
256
|
+
client
|
257
|
+
.labels(source.repo, per_page: 100)
|
258
|
+
.map(&:name)
|
258
259
|
|
259
260
|
next_link = client.last_response.rels[:next]
|
260
261
|
|
@@ -268,16 +269,16 @@ module Dependabot
|
|
268
269
|
end
|
269
270
|
|
270
271
|
def fetch_gitlab_labels
|
271
|
-
gitlab_client_for_source
|
272
|
-
labels(source.repo, per_page: 100)
|
273
|
-
auto_paginate
|
274
|
-
map(&:name)
|
272
|
+
gitlab_client_for_source
|
273
|
+
.labels(source.repo, per_page: 100)
|
274
|
+
.auto_paginate
|
275
|
+
.map(&:name)
|
275
276
|
end
|
276
277
|
|
277
278
|
def fetch_azure_labels
|
278
279
|
language_name =
|
279
|
-
self.class.label_details_for_package_manager(package_manager)
|
280
|
-
|
280
|
+
self.class.label_details_for_package_manager(package_manager)
|
281
|
+
.fetch(:name)
|
281
282
|
|
282
283
|
@labels = [
|
283
284
|
*@labels,
|
@@ -379,13 +380,13 @@ module Dependabot
|
|
379
380
|
|
380
381
|
def create_gitlab_language_label
|
381
382
|
language_name =
|
382
|
-
self.class.label_details_for_package_manager(package_manager)
|
383
|
-
|
383
|
+
self.class.label_details_for_package_manager(package_manager)
|
384
|
+
.fetch(:name)
|
384
385
|
gitlab_client_for_source.create_label(
|
385
386
|
source.repo,
|
386
387
|
language_name,
|
387
|
-
"#" + self.class.label_details_for_package_manager(package_manager)
|
388
|
-
fetch(:colour)
|
388
|
+
"#" + self.class.label_details_for_package_manager(package_manager)
|
389
|
+
.fetch(:colour)
|
389
390
|
)
|
390
391
|
@labels = [*@labels, language_name].uniq
|
391
392
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/pull_request_creator/message_builder"
|
@@ -28,15 +29,15 @@ module Dependabot
|
|
28
29
|
# of them with an absolute link that uses the source URL
|
29
30
|
ISSUE_LINK_REGEXS.reduce(text) do |updated_text, regex|
|
30
31
|
updated_text.gsub(regex) do |issue_link|
|
31
|
-
tag = issue_link
|
32
|
-
match(/(?<tag>(?:\#|GH-)?\d+)/i)
|
33
|
-
named_captures.fetch("tag")
|
32
|
+
tag = issue_link
|
33
|
+
.match(/(?<tag>(?:\#|GH-)?\d+)/i)
|
34
|
+
.named_captures.fetch("tag")
|
34
35
|
number = tag.match(/\d+/).to_s
|
35
36
|
|
36
|
-
repo = issue_link
|
37
|
-
match("#{REPO_REGEX}#{TAG_REGEX}")
|
38
|
-
named_captures
|
39
|
-
fetch("repo", nil)
|
37
|
+
repo = issue_link
|
38
|
+
.match("#{REPO_REGEX}#{TAG_REGEX}")
|
39
|
+
&.named_captures
|
40
|
+
&.fetch("repo", nil)
|
40
41
|
source = repo ? "https://github.com/#{repo}" : source_url
|
41
42
|
|
42
43
|
"[#{repo ? (repo + tag) : tag}](#{source}/issues/#{number})"
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/pull_request_creator/message_builder"
|
@@ -202,9 +203,9 @@ module Dependabot
|
|
202
203
|
end
|
203
204
|
|
204
205
|
def link_issues(text:)
|
205
|
-
IssueLinker
|
206
|
-
new(source_url: source_url)
|
207
|
-
link_issues(text: text)
|
206
|
+
IssueLinker
|
207
|
+
.new(source_url: source_url)
|
208
|
+
.link_issues(text: text)
|
208
209
|
end
|
209
210
|
|
210
211
|
def fix_relative_links(text:, base_url:)
|
@@ -245,9 +246,9 @@ module Dependabot
|
|
245
246
|
end
|
246
247
|
|
247
248
|
def sanitize_links_and_mentions(text, unsafe: false)
|
248
|
-
LinkAndMentionSanitizer
|
249
|
-
new(github_redirection_service: github_redirection_service)
|
250
|
-
sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
|
249
|
+
LinkAndMentionSanitizer
|
250
|
+
.new(github_redirection_service: github_redirection_service)
|
251
|
+
.sanitize_links_and_mentions(text: text, unsafe: unsafe, format_html: source_provider_supports_html?)
|
251
252
|
end
|
252
253
|
|
253
254
|
def sanitize_template_tags(text)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "pathname"
|
@@ -392,15 +393,15 @@ module Dependabot
|
|
392
393
|
end
|
393
394
|
|
394
395
|
def updating_a_property?
|
395
|
-
dependencies.first
|
396
|
-
|
397
|
-
|
396
|
+
dependencies.first
|
397
|
+
.requirements
|
398
|
+
.any? { |r| r.dig(:metadata, :property_name) }
|
398
399
|
end
|
399
400
|
|
400
401
|
def updating_a_dependency_set?
|
401
|
-
dependencies.first
|
402
|
-
|
403
|
-
|
402
|
+
dependencies.first
|
403
|
+
.requirements
|
404
|
+
.any? { |r| r.dig(:metadata, :dependency_set) }
|
404
405
|
end
|
405
406
|
|
406
407
|
def removing_a_transitive_dependency?
|
@@ -413,9 +414,9 @@ module Dependabot
|
|
413
414
|
end
|
414
415
|
|
415
416
|
def property_name
|
416
|
-
@property_name ||= dependencies.first.requirements
|
417
|
-
|
418
|
-
dig(:metadata, :property_name)
|
417
|
+
@property_name ||= dependencies.first.requirements
|
418
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
419
|
+
&.dig(:metadata, :property_name)
|
419
420
|
|
420
421
|
raise "No property name!" unless @property_name
|
421
422
|
|
@@ -423,9 +424,9 @@ module Dependabot
|
|
423
424
|
end
|
424
425
|
|
425
426
|
def dependency_set
|
426
|
-
@dependency_set ||= dependencies.first.requirements
|
427
|
-
|
428
|
-
dig(:metadata, :dependency_set)
|
427
|
+
@dependency_set ||= dependencies.first.requirements
|
428
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
429
|
+
&.dig(:metadata, :dependency_set)
|
429
430
|
|
430
431
|
raise "No dependency set!" unless @dependency_set
|
431
432
|
|
@@ -596,9 +597,9 @@ module Dependabot
|
|
596
597
|
def metadata_finder(dependency)
|
597
598
|
@metadata_finder ||= {}
|
598
599
|
@metadata_finder[dependency.name] ||=
|
599
|
-
MetadataFinders
|
600
|
-
for_package_manager(dependency.package_manager)
|
601
|
-
new(dependency: dependency, credentials: credentials)
|
600
|
+
MetadataFinders
|
601
|
+
.for_package_manager(dependency.package_manager)
|
602
|
+
.new(dependency: dependency, credentials: credentials)
|
602
603
|
end
|
603
604
|
|
604
605
|
def pr_name_prefixer
|
@@ -648,8 +649,8 @@ module Dependabot
|
|
648
649
|
# TODO re-use in BranchNamer
|
649
650
|
def library?
|
650
651
|
# Reject any nested child gemspecs/vendored git dependencies
|
651
|
-
root_files = files.map(&:name)
|
652
|
-
|
652
|
+
root_files = files.map(&:name)
|
653
|
+
.select { |p| Pathname.new(p).dirname.to_s == "." }
|
653
654
|
return true if root_files.any? { |nm| nm.end_with?(".gemspec") }
|
654
655
|
|
655
656
|
dependencies.any? { |d| d.humanized_previous_version.nil? }
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/clients/azure"
|
@@ -179,12 +180,12 @@ module Dependabot
|
|
179
180
|
angular_only_pres = ANGULAR_PREFIXES - ESLINT_PREFIXES.map(&:downcase)
|
180
181
|
|
181
182
|
uses_eslint_only_pres =
|
182
|
-
recent_commit_messages
|
183
|
-
any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
183
|
+
recent_commit_messages
|
184
|
+
.any? { |m| eslint_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
184
185
|
|
185
186
|
uses_angular_only_pres =
|
186
|
-
recent_commit_messages
|
187
|
-
any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
187
|
+
recent_commit_messages
|
188
|
+
.any? { |m| angular_only_pres.any? { |pre| m.match?(/#{pre}[:(]/i) } }
|
188
189
|
|
189
190
|
# If using any angular-only prefixes, return true
|
190
191
|
# (i.e., we assume Angular over ESLint when both are present)
|
@@ -220,12 +221,12 @@ module Dependabot
|
|
220
221
|
raise "Not using angular commits!" unless using_angular_commit_messages?
|
221
222
|
|
222
223
|
recent_commits_using_chore =
|
223
|
-
recent_commit_messages
|
224
|
-
any? { |msg| msg.start_with?("chore", "Chore") }
|
224
|
+
recent_commit_messages
|
225
|
+
.any? { |msg| msg.start_with?("chore", "Chore") }
|
225
226
|
|
226
227
|
recent_commits_using_build =
|
227
|
-
recent_commit_messages
|
228
|
-
any? { |msg| msg.start_with?("build", "Build") }
|
228
|
+
recent_commit_messages
|
229
|
+
.any? { |msg| msg.start_with?("build", "Build") }
|
229
230
|
|
230
231
|
commit_prefix =
|
231
232
|
if recent_commits_using_chore && !recent_commits_using_build
|
@@ -246,8 +247,8 @@ module Dependabot
|
|
246
247
|
|
247
248
|
return last_dependabot_commit_message&.start_with?(/[A-Z]/) if semantic_messages.none?
|
248
249
|
|
249
|
-
capitalized_msgs = semantic_messages
|
250
|
-
select { |m| m.start_with?(/[A-Z]/) }
|
250
|
+
capitalized_msgs = semantic_messages
|
251
|
+
.select { |m| m.start_with?(/[A-Z]/) }
|
251
252
|
capitalized_msgs.count.to_f / semantic_messages.count > 0.5
|
252
253
|
end
|
253
254
|
|
@@ -255,8 +256,8 @@ module Dependabot
|
|
255
256
|
return false unless recent_commit_messages.any?
|
256
257
|
|
257
258
|
gitmoji_messages =
|
258
|
-
recent_commit_messages
|
259
|
-
select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
|
259
|
+
recent_commit_messages
|
260
|
+
.select { |m| GITMOJI_PREFIXES.any? { |pre| m.match?(/:#{pre}:/i) } }
|
260
261
|
|
261
262
|
gitmoji_messages.count / recent_commit_messages.count.to_f > 0.3
|
262
263
|
end
|
@@ -277,55 +278,55 @@ module Dependabot
|
|
277
278
|
end
|
278
279
|
|
279
280
|
def recent_github_commit_messages
|
280
|
-
recent_github_commits
|
281
|
-
reject { |c| c.author&.type == "Bot" }
|
282
|
-
reject { |c| c.commit&.message&.start_with?("Merge") }
|
283
|
-
map(&:commit)
|
284
|
-
filter_map(&:message)
|
285
|
-
map(&:strip)
|
281
|
+
recent_github_commits
|
282
|
+
.reject { |c| c.author&.type == "Bot" }
|
283
|
+
.reject { |c| c.commit&.message&.start_with?("Merge") }
|
284
|
+
.map(&:commit)
|
285
|
+
.filter_map(&:message)
|
286
|
+
.map(&:strip)
|
286
287
|
end
|
287
288
|
|
288
289
|
def recent_gitlab_commit_messages
|
289
290
|
@recent_gitlab_commit_messages ||=
|
290
291
|
gitlab_client_for_source.commits(source.repo)
|
291
292
|
|
292
|
-
@recent_gitlab_commit_messages
|
293
|
-
reject { |c| c.author_email == dependabot_email }
|
294
|
-
reject { |c| c.message&.start_with?("merge !") }
|
295
|
-
filter_map(&:message)
|
296
|
-
map(&:strip)
|
293
|
+
@recent_gitlab_commit_messages
|
294
|
+
.reject { |c| c.author_email == dependabot_email }
|
295
|
+
.reject { |c| c.message&.start_with?("merge !") }
|
296
|
+
.filter_map(&:message)
|
297
|
+
.map(&:strip)
|
297
298
|
end
|
298
299
|
|
299
300
|
def recent_azure_commit_messages
|
300
301
|
@recent_azure_commit_messages ||=
|
301
302
|
azure_client_for_source.commits
|
302
303
|
|
303
|
-
@recent_azure_commit_messages
|
304
|
-
reject { |c| azure_commit_author_email(c) == dependabot_email }
|
305
|
-
reject { |c| c.fetch("comment")&.start_with?("Merge") }
|
306
|
-
filter_map { |c| c.fetch("comment") }
|
307
|
-
map(&:strip)
|
304
|
+
@recent_azure_commit_messages
|
305
|
+
.reject { |c| azure_commit_author_email(c) == dependabot_email }
|
306
|
+
.reject { |c| c.fetch("comment")&.start_with?("Merge") }
|
307
|
+
.filter_map { |c| c.fetch("comment") }
|
308
|
+
.map(&:strip)
|
308
309
|
end
|
309
310
|
|
310
311
|
def recent_bitbucket_commit_messages
|
311
312
|
@recent_bitbucket_commit_messages ||=
|
312
313
|
bitbucket_client_for_source.commits(source.repo)
|
313
314
|
|
314
|
-
@recent_bitbucket_commit_messages
|
315
|
-
reject { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
316
|
-
filter_map { |c| c.fetch("message", nil) }
|
317
|
-
reject { |m| m.start_with?("Merge") }
|
318
|
-
map(&:strip)
|
315
|
+
@recent_bitbucket_commit_messages
|
316
|
+
.reject { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
317
|
+
.filter_map { |c| c.fetch("message", nil) }
|
318
|
+
.reject { |m| m.start_with?("Merge") }
|
319
|
+
.map(&:strip)
|
319
320
|
end
|
320
321
|
|
321
322
|
def recent_codecommit_commit_messages
|
322
323
|
@recent_codecommit_commit_messages ||=
|
323
324
|
codecommit_client_for_source.commits
|
324
|
-
@recent_codecommit_commit_messages.commits
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
325
|
+
@recent_codecommit_commit_messages.commits
|
326
|
+
.reject { |c| c.author.email == dependabot_email }
|
327
|
+
.reject { |c| c.message&.start_with?("Merge") }
|
328
|
+
.filter_map(&:message)
|
329
|
+
.map(&:strip)
|
329
330
|
end
|
330
331
|
|
331
332
|
def last_dependabot_commit_message
|
@@ -341,12 +342,12 @@ module Dependabot
|
|
341
342
|
end
|
342
343
|
|
343
344
|
def last_github_dependabot_commit_message
|
344
|
-
recent_github_commits
|
345
|
-
reject { |c| c.commit&.message&.start_with?("Merge") }
|
346
|
-
find { |c| c.commit.author&.name&.include?("dependabot") }
|
347
|
-
commit
|
348
|
-
message
|
349
|
-
strip
|
345
|
+
recent_github_commits
|
346
|
+
.reject { |c| c.commit&.message&.start_with?("Merge") }
|
347
|
+
.find { |c| c.commit.author&.name&.include?("dependabot") }
|
348
|
+
&.commit
|
349
|
+
&.message
|
350
|
+
&.strip
|
350
351
|
end
|
351
352
|
|
352
353
|
def recent_github_commits
|
@@ -360,40 +361,40 @@ module Dependabot
|
|
360
361
|
@recent_gitlab_commit_messages ||=
|
361
362
|
gitlab_client_for_source.commits(source.repo)
|
362
363
|
|
363
|
-
@recent_gitlab_commit_messages
|
364
|
-
find { |c| c.author_email == dependabot_email }
|
365
|
-
message
|
366
|
-
strip
|
364
|
+
@recent_gitlab_commit_messages
|
365
|
+
.find { |c| c.author_email == dependabot_email }
|
366
|
+
&.message
|
367
|
+
&.strip
|
367
368
|
end
|
368
369
|
|
369
370
|
def last_azure_dependabot_commit_message
|
370
371
|
@recent_azure_commit_messages ||=
|
371
372
|
azure_client_for_source.commits
|
372
373
|
|
373
|
-
@recent_azure_commit_messages
|
374
|
-
find { |c| azure_commit_author_email(c) == dependabot_email }
|
375
|
-
message
|
376
|
-
strip
|
374
|
+
@recent_azure_commit_messages
|
375
|
+
.find { |c| azure_commit_author_email(c) == dependabot_email }
|
376
|
+
&.message
|
377
|
+
&.strip
|
377
378
|
end
|
378
379
|
|
379
380
|
def last_bitbucket_dependabot_commit_message
|
380
381
|
@recent_bitbucket_commit_messages ||=
|
381
382
|
bitbucket_client_for_source.commits(source.repo)
|
382
383
|
|
383
|
-
@recent_bitbucket_commit_messages
|
384
|
-
find { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
385
|
-
fetch("message", nil)
|
386
|
-
strip
|
384
|
+
@recent_bitbucket_commit_messages
|
385
|
+
.find { |c| bitbucket_commit_author_email(c) == dependabot_email }
|
386
|
+
&.fetch("message", nil)
|
387
|
+
&.strip
|
387
388
|
end
|
388
389
|
|
389
390
|
def last_codecommit_dependabot_commit_message
|
390
391
|
@recent_codecommit_commit_messages ||=
|
391
392
|
codecommit_client_for_source.commits(source.repo)
|
392
393
|
|
393
|
-
@recent_codecommit_commit_messages.commits
|
394
|
-
|
395
|
-
message
|
396
|
-
strip
|
394
|
+
@recent_codecommit_commit_messages.commits
|
395
|
+
.find { |c| c.author.email == dependabot_email }
|
396
|
+
&.message
|
397
|
+
&.strip
|
397
398
|
end
|
398
399
|
|
399
400
|
def azure_commit_author_email(commit)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/metadata_finders"
|
@@ -33,6 +34,12 @@ module Dependabot
|
|
33
34
|
|
34
35
|
class NoHistoryInCommon < StandardError; end
|
35
36
|
|
37
|
+
class UnmergedPRExists < StandardError; end
|
38
|
+
|
39
|
+
class BaseCommitNotUpToDate < StandardError; end
|
40
|
+
|
41
|
+
class UnexpectedError < StandardError; end
|
42
|
+
|
36
43
|
# AnnotationError is raised if a PR was created, but failed annotation
|
37
44
|
class AnnotationError < StandardError
|
38
45
|
attr_reader :cause, :pull_request
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "octokit"
|
@@ -197,12 +198,12 @@ module Dependabot
|
|
197
198
|
|
198
199
|
@commit_being_updated =
|
199
200
|
if pull_request.commits == 1
|
200
|
-
github_client_for_source
|
201
|
-
git_commit(source.repo, pull_request.head.sha)
|
201
|
+
github_client_for_source
|
202
|
+
.git_commit(source.repo, pull_request.head.sha)
|
202
203
|
else
|
203
204
|
commits =
|
204
|
-
github_client_for_source
|
205
|
-
pull_request_commits(source.repo, pull_request_number)
|
205
|
+
github_client_for_source
|
206
|
+
.pull_request_commits(source.repo, pull_request_number)
|
206
207
|
|
207
208
|
commit = commits.find { |c| c.sha == old_commit }
|
208
209
|
commit&.commit
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: true
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/version"
|
@@ -25,14 +26,14 @@ module Dependabot
|
|
25
26
|
raise ArgumentError, "must be a #{version_class}"
|
26
27
|
end
|
27
28
|
|
28
|
-
in_safe_range = safe_versions
|
29
|
-
any? { |r| r.satisfied_by?(version) }
|
29
|
+
in_safe_range = safe_versions
|
30
|
+
.any? { |r| r.satisfied_by?(version) }
|
30
31
|
|
31
32
|
# If version is known safe for this advisory, it's not vulnerable
|
32
33
|
return false if in_safe_range
|
33
34
|
|
34
|
-
in_vulnerable_range = vulnerable_versions
|
35
|
-
any? { |r| r.satisfied_by?(version) }
|
35
|
+
in_vulnerable_range = vulnerable_versions
|
36
|
+
.any? { |r| r.satisfied_by?(version) }
|
36
37
|
|
37
38
|
# If in the vulnerable range and not known safe, it's vulnerable
|
38
39
|
return true if in_vulnerable_range
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "digest"
|
@@ -235,10 +236,10 @@ module Dependabot
|
|
235
236
|
run_shell_command("git config --global --add safe.directory #{path}")
|
236
237
|
end
|
237
238
|
|
238
|
-
github_credentials = credentials
|
239
|
-
select { |c| c["type"] == "git_source" }
|
240
|
-
select { |c| c["host"] == "github.com" }
|
241
|
-
select { |c| c["password"] && c["username"] }
|
239
|
+
github_credentials = credentials
|
240
|
+
.select { |c| c["type"] == "git_source" }
|
241
|
+
.select { |c| c["host"] == "github.com" }
|
242
|
+
.select { |c| c["password"] && c["username"] }
|
242
243
|
|
243
244
|
# If multiple credentials are specified for github.com, pick the one that
|
244
245
|
# *isn't* just an app token (since it must have been added deliberately)
|