dependabot-common 0.233.0 → 0.235.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/errors.rb +10 -1
  3. data/lib/dependabot/file_fetchers/base.rb +3 -1
  4. data/lib/dependabot/file_updaters/base.rb +39 -7
  5. data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +2 -2
  6. data/lib/dependabot/pull_request_creator/message_builder.rb +2 -2
  7. data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +2 -2
  8. data/lib/dependabot.rb +1 -1
  9. data/lib/wildcard_matcher.rb +2 -0
  10. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba05ac04f06978df28a0ffbecc810d6671c19143b3269e9d4193de876c79468b
4
- data.tar.gz: 2bae619b79ec71ebc2374fb9aec7e97143b6c3feeac3cd0ebc76bf32ba3dbea9
3
+ metadata.gz: 0b22cec48025b20921f000f63975cfc9db22dac670fa8ef6710fda754c288f68
4
+ data.tar.gz: 901b6246fde924caa2adfdcba0bc19dbd86833133c6cf951967024b656f68918
5
5
  SHA512:
6
- metadata.gz: d8d4069e12c86a96b798f4ec75ecd60b86f6a48ac7062a8d26375712af2bc226539363cb4a9796d0e353b338205b01e2e926bd972a30724110ca610f7642e3aa
7
- data.tar.gz: e40dfea60323c3105a743afaa6a908637ee37e5fa5ea2fbc2d9892637e301f5aa44c489afd22ae7369739a4ba8a1510eda3614c048a35a4c4df3435720ea65a0
6
+ metadata.gz: 819445f789764166001ff2f6ce532e6bd60ecb1a644eb4bb20ec00a15c433c58608af56e3c75bbccba479c2f6b81fd415298083f9d4e74c24ba382881a35280c
7
+ data.tar.gz: 3b5f7aa169756240055ded3136f8daae04cc52129a42f0566eddc90232a302427b889ef512534f5e865609d7a7ba526f82deb7cea2b59138c4533e61fa01971a
data/lib/dependabot/errors.rb CHANGED
@@ -5,7 +5,7 @@ require "dependabot/utils"
5
5
 
6
6
  module Dependabot
7
7
  class DependabotError < StandardError
8
- BASIC_AUTH_REGEX = %r{://(?<auth>[^:]*:[^@%\s]+(@|%40))}
8
+ BASIC_AUTH_REGEX = %r{://(?<auth>[^:@]*:[^@%\s/]+(@|%40))}
9
9
  # Remove any path segment from fury.io sources
10
10
  FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}
11
11
 
@@ -54,6 +54,15 @@ module Dependabot
54
54
  # Repo level errors #
55
55
  #####################
56
56
 
57
+ class DirectoryNotFound < DependabotError
58
+ attr_reader :directory_name
59
+
60
+ def initialize(directory_name, msg = nil)
61
+ @directory_name = directory_name
62
+ super(msg)
63
+ end
64
+ end
65
+
57
66
  class BranchNotFound < DependabotError
58
67
  attr_reader :branch_name
59
68
 
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -194,7 +194,7 @@ module Dependabot
194
194
  def repo_contents(dir: ".", ignore_base_directory: false,
195
195
  raise_errors: true, fetch_submodules: false)
196
196
  dir = File.join(directory, dir) unless ignore_base_directory
197
- path = Pathname.new(File.join(dir)).cleanpath.to_path.gsub(%r{^/*}, "")
197
+ path = Pathname.new(dir).cleanpath.to_path.gsub(%r{^/*}, "")
198
198
 
199
199
  @repo_contents ||= {}
200
200
  @repo_contents[dir] ||= if repo_contents_path
@@ -309,6 +309,8 @@ module Dependabot
309
309
 
310
310
  _fetch_repo_contents_fully_specified(provider, repo, tmp_path, commit)
311
311
  rescue *CLIENT_NOT_FOUND_ERRORS
312
+ raise Dependabot::DirectoryNotFound, directory if path == directory.gsub(%r{^/*}, "")
313
+
312
314
  result = raise_errors ? -> { raise } : -> { [] }
313
315
  retrying ||= false
314
316
 
data/lib/dependabot/file_updaters/base.rb CHANGED
@@ -1,18 +1,45 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module FileUpdaters
6
8
  class Base
7
- attr_reader :dependencies, :dependency_files, :repo_contents_path,
8
- :credentials, :options
9
+ extend T::Sig
10
+ extend T::Helpers
11
+ abstract!
12
+
13
+ sig { returns(T::Array[Dependabot::Dependency]) }
14
+ attr_reader :dependencies
15
+
16
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
17
+ attr_reader :dependency_files
18
+
19
+ sig { returns(T.nilable(String)) }
20
+ attr_reader :repo_contents_path
9
21
 
22
+ sig { returns(T::Array[T::Hash[String, String]]) }
23
+ attr_reader :credentials
24
+
25
+ sig { returns(T::Hash[Symbol, T.untyped]) }
26
+ attr_reader :options
27
+
28
+ sig { overridable.returns(String) }
10
29
  def self.updated_files_regex
11
30
  raise NotImplementedError
12
31
  end
13
32
 
14
- def initialize(dependencies:, dependency_files:, repo_contents_path: nil,
15
- credentials:, options: {})
33
+ sig do
34
+ params(
35
+ dependencies: T::Array[Dependabot::Dependency],
36
+ dependency_files: T::Array[Dependabot::DependencyFile],
37
+ credentials: T::Array[T::Hash[String, String]],
38
+ repo_contents_path: T.nilable(String),
39
+ options: T::Hash[Symbol, T.untyped]
40
+ ).void
41
+ end
42
+ def initialize(dependencies:, dependency_files:, credentials:, repo_contents_path: nil, options: {})
16
43
  @dependencies = dependencies
17
44
  @dependency_files = dependency_files
18
45
  @repo_contents_path = repo_contents_path
@@ -22,31 +49,36 @@ module Dependabot
22
49
  check_required_files
23
50
  end
24
51
 
52
+ sig { overridable.returns(T::Array[::Dependabot::DependencyFile]) }
25
53
  def updated_dependency_files
26
54
  raise NotImplementedError
27
55
  end
28
56
 
29
57
  private
30
58
 
59
+ sig { overridable.void }
31
60
  def check_required_files
32
61
  raise NotImplementedError
33
62
  end
34
63
 
64
+ sig { params(filename: String).returns(T.nilable(Dependabot::DependencyFile)) }
35
65
  def get_original_file(filename)
36
66
  dependency_files.find { |f| f.name == filename }
37
67
  end
38
68
 
69
+ sig { params(file: Dependabot::DependencyFile).returns(T::Boolean) }
39
70
  def file_changed?(file)
40
71
  dependencies.any? { |dep| requirement_changed?(file, dep) }
41
72
  end
42
73
 
74
+ sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
43
75
  def requirement_changed?(file, dependency)
44
- changed_requirements =
45
- dependency.requirements - dependency.previous_requirements
76
+ changed_requirements = dependency.requirements - dependency.previous_requirements
46
77
 
47
78
  changed_requirements.any? { |f| f[:file] == file.name }
48
79
  end
49
80
 
81
+ sig { params(file: Dependabot::DependencyFile, content: String).returns(Dependabot::DependencyFile) }
50
82
  def updated_file(file:, content:)
51
83
  updated_file = file.dup
52
84
  updated_file.content = content
data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb CHANGED
@@ -62,7 +62,7 @@ module Dependabot
62
62
  def property_name
63
63
  @property_name ||= dependencies.first.requirements
64
64
  .find { |r| r.dig(:metadata, :property_name) }
65
- &.dig(:metadata, :property_name)
65
+ &.dig(:metadata, :property_name)
66
66
 
67
67
  raise "No property name!" unless @property_name
68
68
 
@@ -72,7 +72,7 @@ module Dependabot
72
72
  def dependency_set
73
73
  @dependency_set ||= dependencies.first.requirements
74
74
  .find { |r| r.dig(:metadata, :dependency_set) }
75
- &.dig(:metadata, :dependency_set)
75
+ &.dig(:metadata, :dependency_set)
76
76
 
77
77
  raise "No dependency set!" unless @dependency_set
78
78
 
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -416,7 +416,7 @@ module Dependabot
416
416
  def property_name
417
417
  @property_name ||= dependencies.first.requirements
418
418
  .find { |r| r.dig(:metadata, :property_name) }
419
- &.dig(:metadata, :property_name)
419
+ &.dig(:metadata, :property_name)
420
420
 
421
421
  raise "No property name!" unless @property_name
422
422
 
@@ -426,7 +426,7 @@ module Dependabot
426
426
  def dependency_set
427
427
  @dependency_set ||= dependencies.first.requirements
428
428
  .find { |r| r.dig(:metadata, :dependency_set) }
429
- &.dig(:metadata, :dependency_set)
429
+ &.dig(:metadata, :dependency_set)
430
430
 
431
431
  raise "No dependency set!" unless @dependency_set
432
432
 
data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb CHANGED
@@ -393,8 +393,8 @@ module Dependabot
393
393
 
394
394
  @recent_codecommit_commit_messages.commits
395
395
  .find { |c| c.author.email == dependabot_email }
396
- &.message
397
- &.strip
396
+ &.message
397
+ &.strip
398
398
  end
399
399
 
400
400
  def azure_commit_author_email(commit)
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.233.0"
5
+ VERSION = "0.235.0"
6
6
  end
data/lib/wildcard_matcher.rb CHANGED
@@ -1,6 +1,8 @@
1
1
  # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  class WildcardMatcher
5
7
  extend T::Sig
6
8
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.233.0
4
+ version: 0.235.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-06 00:00:00.000000000 Z
11
+ date: 2023-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -514,7 +514,7 @@ licenses:
514
514
  - Nonstandard
515
515
  metadata:
516
516
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
517
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.233.0
517
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
518
518
  post_install_message:
519
519
  rdoc_options: []
520
520
  require_paths: