dependabot-common 0.235.0 → 0.236.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +15 -3
- data/lib/dependabot/config/file_fetcher.rb +3 -3
- data/lib/dependabot/config/ignore_condition.rb +34 -8
- data/lib/dependabot/config/update_config.rb +19 -1
- data/lib/dependabot/config.rb +1 -1
- data/lib/dependabot/dependency_file.rb +5 -0
- data/lib/dependabot/file_fetchers/base.rb +25 -2
- data/lib/dependabot/file_updaters/artifact_updater.rb +37 -10
- data/lib/dependabot/file_updaters/vendor_updater.rb +13 -3
- data/lib/dependabot/logger.rb +7 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +33 -7
- data/lib/dependabot/pull_request_creator/github.rb +2 -2
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +5 -18
- data/lib/dependabot/pull_request_updater/github.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 945c135096f005a7d416b56d1e8f9e6b91e1a02b0590758887eba5a110fb5b19
|
|
4
|
+
data.tar.gz: 0cc101754418b3b1aa682c273e5c6ed2fa72b796d72a9b4d30b3c0f0aa41c39b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 76e41c5707a11e8a5b17df8fa71fc81a4ebbf1a3fd71469931d84cebe1573588afa6605751af2a65c849884bcdf0dd79b5bc4a1d63b9ac69d39466cf8a4b952e
|
|
7
|
+
data.tar.gz: 53204ad41f102502301e483b3175280673849b0ab0d530b8458aa77289251dfaf287f9ee051e90bd5b39722a7b25a2993e8a49aa15c03982e82990df475fd9dd
|
|
@@ -2,11 +2,14 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/config/update_config"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Config
|
|
8
9
|
# Configuration for the repository, a parsed dependabot.yaml.
|
|
9
10
|
class File
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
10
13
|
attr_reader :updates, :registries
|
|
11
14
|
|
|
12
15
|
def initialize(updates:, registries: nil)
|
|
@@ -14,6 +17,10 @@ module Dependabot
|
|
|
14
17
|
@registries = registries || []
|
|
15
18
|
end
|
|
16
19
|
|
|
20
|
+
sig do
|
|
21
|
+
params(package_manager: String, directory: T.nilable(String), target_branch: T.nilable(String))
|
|
22
|
+
.returns(UpdateConfig)
|
|
23
|
+
end
|
|
17
24
|
def update_config(package_manager, directory: nil, target_branch: nil)
|
|
18
25
|
dir = directory || "/"
|
|
19
26
|
package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
|
|
@@ -21,13 +28,14 @@ module Dependabot
|
|
|
21
28
|
u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
|
|
22
29
|
(target_branch.nil? || u[:"target-branch"] == target_branch)
|
|
23
30
|
end
|
|
24
|
-
|
|
31
|
+
UpdateConfig.new(
|
|
25
32
|
ignore_conditions: ignore_conditions(cfg),
|
|
26
33
|
commit_message_options: commit_message_options(cfg)
|
|
27
34
|
)
|
|
28
35
|
end
|
|
29
36
|
|
|
30
37
|
# Parse the YAML config file
|
|
38
|
+
sig { params(config: String).returns(File) }
|
|
31
39
|
def self.parse(config)
|
|
32
40
|
parsed = YAML.safe_load(config, symbolize_names: true)
|
|
33
41
|
version = parsed[:version]
|
|
@@ -58,10 +66,11 @@ module Dependabot
|
|
|
58
66
|
"terraform" => "terraform"
|
|
59
67
|
}.freeze
|
|
60
68
|
|
|
69
|
+
sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[IgnoreCondition]) }
|
|
61
70
|
def ignore_conditions(cfg)
|
|
62
71
|
ignores = cfg&.dig(:ignore) || []
|
|
63
72
|
ignores.map do |ic|
|
|
64
|
-
|
|
73
|
+
IgnoreCondition.new(
|
|
65
74
|
dependency_name: ic[:"dependency-name"],
|
|
66
75
|
versions: ic[:versions],
|
|
67
76
|
update_types: ic[:"update-types"]
|
|
@@ -69,9 +78,12 @@ module Dependabot
|
|
|
69
78
|
end
|
|
70
79
|
end
|
|
71
80
|
|
|
81
|
+
sig do
|
|
82
|
+
params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(UpdateConfig::CommitMessageOptions)
|
|
83
|
+
end
|
|
72
84
|
def commit_message_options(cfg)
|
|
73
85
|
commit_message = cfg&.dig(:"commit-message") || {}
|
|
74
|
-
|
|
86
|
+
UpdateConfig::CommitMessageOptions.new(
|
|
75
87
|
prefix: commit_message[:prefix],
|
|
76
88
|
prefix_development: commit_message[:"prefix-development"] || commit_message[:prefix],
|
|
77
89
|
include: commit_message[:include]
|
|
@@ -6,7 +6,7 @@ require "dependabot/config/file"
|
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
8
|
module Config
|
|
9
|
-
class FileFetcher <
|
|
9
|
+
class FileFetcher < FileFetchers::Base
|
|
10
10
|
CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
|
|
11
11
|
|
|
12
12
|
def self.required_files_in?(filenames)
|
|
@@ -35,13 +35,13 @@ module Dependabot
|
|
|
35
35
|
fetched_files << config_file
|
|
36
36
|
break
|
|
37
37
|
end
|
|
38
|
-
rescue
|
|
38
|
+
rescue DependencyFileNotFound
|
|
39
39
|
next
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
unless self.class.required_files_in?(fetched_files.map(&:name))
|
|
44
|
-
raise
|
|
44
|
+
raise DependencyFileNotFound.new(nil, self.class.required_files_message)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
fetched_files
|
|
@@ -1,24 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module Config
|
|
6
8
|
# Filters versions that should not be considered for dependency updates
|
|
7
9
|
class IgnoreCondition
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
8
12
|
PATCH_VERSION_TYPE = "version-update:semver-patch"
|
|
9
13
|
MINOR_VERSION_TYPE = "version-update:semver-minor"
|
|
10
14
|
MAJOR_VERSION_TYPE = "version-update:semver-major"
|
|
11
15
|
|
|
12
16
|
ALL_VERSIONS = ">= 0"
|
|
13
17
|
|
|
14
|
-
|
|
18
|
+
sig { returns(String) }
|
|
19
|
+
attr_reader :dependency_name
|
|
20
|
+
|
|
21
|
+
sig { returns(T::Array[String]) }
|
|
22
|
+
attr_reader :versions
|
|
15
23
|
|
|
24
|
+
sig { returns(T::Array[String]) }
|
|
25
|
+
attr_reader :update_types
|
|
26
|
+
|
|
27
|
+
sig do
|
|
28
|
+
params(
|
|
29
|
+
dependency_name: String,
|
|
30
|
+
versions: T.any(NilClass, T::Array[String]),
|
|
31
|
+
update_types: T.any(NilClass, T::Array[String])
|
|
32
|
+
).void
|
|
33
|
+
end
|
|
16
34
|
def initialize(dependency_name:, versions: nil, update_types: nil)
|
|
17
|
-
@dependency_name = dependency_name
|
|
18
|
-
@versions = versions || []
|
|
19
|
-
@update_types = update_types || []
|
|
35
|
+
@dependency_name = T.let(dependency_name, String)
|
|
36
|
+
@versions = T.let(versions || [], T::Array[String])
|
|
37
|
+
@update_types = T.let(update_types || [], T::Array[String])
|
|
20
38
|
end
|
|
21
39
|
|
|
40
|
+
sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
|
|
22
41
|
def ignored_versions(dependency, security_updates_only)
|
|
23
42
|
return versions if security_updates_only
|
|
24
43
|
return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
|
|
@@ -28,10 +47,12 @@ module Dependabot
|
|
|
28
47
|
|
|
29
48
|
private
|
|
30
49
|
|
|
50
|
+
sig { returns(T::Array[String]) }
|
|
31
51
|
def transformed_update_types
|
|
32
52
|
update_types.map(&:downcase).filter_map(&:strip)
|
|
33
53
|
end
|
|
34
54
|
|
|
55
|
+
sig { params(dependency: Dependency).returns(T::Array[T.untyped]) }
|
|
35
56
|
def versions_by_type(dependency)
|
|
36
57
|
version = correct_version_for(dependency)
|
|
37
58
|
return [] unless version
|
|
@@ -52,9 +73,10 @@ module Dependabot
|
|
|
52
73
|
end.compact
|
|
53
74
|
end
|
|
54
75
|
|
|
76
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
55
77
|
def ignore_patch(version)
|
|
56
78
|
parts = version.split(".")
|
|
57
|
-
version_parts = parts.fill(0, parts.length...2)
|
|
79
|
+
version_parts = parts.fill("0", parts.length...2)
|
|
58
80
|
upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
|
|
59
81
|
lower_bound = "> #{version}"
|
|
60
82
|
upper_bound = "< #{upper_parts.join('.')}"
|
|
@@ -62,9 +84,10 @@ module Dependabot
|
|
|
62
84
|
["#{lower_bound}, #{upper_bound}"]
|
|
63
85
|
end
|
|
64
86
|
|
|
87
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
65
88
|
def ignore_minor(version)
|
|
66
89
|
parts = version.split(".")
|
|
67
|
-
version_parts = parts.fill(0, parts.length...2)
|
|
90
|
+
version_parts = parts.fill("0", parts.length...2)
|
|
68
91
|
lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
|
|
69
92
|
upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
|
|
70
93
|
lower_bound = ">= #{lower_parts.join('.')}"
|
|
@@ -73,6 +96,7 @@ module Dependabot
|
|
|
73
96
|
["#{lower_bound}, #{upper_bound}"]
|
|
74
97
|
end
|
|
75
98
|
|
|
99
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
76
100
|
def ignore_major(version)
|
|
77
101
|
version_parts = version.split(".")
|
|
78
102
|
lower_parts = [version_parts[0].to_i + 1] + ["a"]
|
|
@@ -81,6 +105,7 @@ module Dependabot
|
|
|
81
105
|
[lower_bound]
|
|
82
106
|
end
|
|
83
107
|
|
|
108
|
+
sig { params(dependency: Dependency).returns(T.nilable(Version)) }
|
|
84
109
|
def correct_version_for(dependency)
|
|
85
110
|
version = dependency.version
|
|
86
111
|
return if version.nil? || version.empty?
|
|
@@ -91,10 +116,11 @@ module Dependabot
|
|
|
91
116
|
version_class.new(version)
|
|
92
117
|
end
|
|
93
118
|
|
|
119
|
+
sig { params(package_manager: String).returns(T.class_of(Version)) }
|
|
94
120
|
def version_class_for(package_manager)
|
|
95
121
|
Utils.version_class_for_package_manager(package_manager)
|
|
96
122
|
rescue StandardError
|
|
97
|
-
|
|
123
|
+
Version
|
|
98
124
|
end
|
|
99
125
|
end
|
|
100
126
|
end
|
|
@@ -2,17 +2,32 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/config/ignore_condition"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Config
|
|
8
9
|
# Configuration for a single ecosystem
|
|
9
10
|
class UpdateConfig
|
|
10
|
-
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
sig { returns(T.nilable(CommitMessageOptions)) }
|
|
14
|
+
attr_reader :commit_message_options
|
|
15
|
+
|
|
16
|
+
sig { returns(T::Array[IgnoreCondition]) }
|
|
17
|
+
attr_reader :ignore_conditions
|
|
18
|
+
|
|
19
|
+
sig do
|
|
20
|
+
params(
|
|
21
|
+
ignore_conditions: T.nilable(T::Array[IgnoreCondition]),
|
|
22
|
+
commit_message_options: T.nilable(CommitMessageOptions)
|
|
23
|
+
).void
|
|
24
|
+
end
|
|
11
25
|
def initialize(ignore_conditions: nil, commit_message_options: nil)
|
|
12
26
|
@ignore_conditions = ignore_conditions || []
|
|
13
27
|
@commit_message_options = commit_message_options
|
|
14
28
|
end
|
|
15
29
|
|
|
30
|
+
sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
|
|
16
31
|
def ignored_versions_for(dependency, security_updates_only: false)
|
|
17
32
|
normalizer = name_normaliser_for(dependency)
|
|
18
33
|
dep_name = normalizer.call(dependency.name)
|
|
@@ -25,6 +40,7 @@ module Dependabot
|
|
|
25
40
|
.uniq
|
|
26
41
|
end
|
|
27
42
|
|
|
43
|
+
sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
|
|
28
44
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
29
45
|
return false unless wildcard_string && candidate_string
|
|
30
46
|
|
|
@@ -43,6 +59,8 @@ module Dependabot
|
|
|
43
59
|
end
|
|
44
60
|
|
|
45
61
|
class CommitMessageOptions
|
|
62
|
+
extend T::Sig
|
|
63
|
+
|
|
46
64
|
attr_reader :prefix, :prefix_development, :include
|
|
47
65
|
|
|
48
66
|
def initialize(prefix:, prefix_development:, include:)
|
data/lib/dependabot/config.rb
CHANGED
|
@@ -20,6 +20,11 @@ module Dependabot
|
|
|
20
20
|
DELETE = "delete"
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
class Mode
|
|
24
|
+
FILE = "100644"
|
|
25
|
+
SUBMODULE = "160000"
|
|
26
|
+
end
|
|
27
|
+
|
|
23
28
|
def initialize(name:, content:, directory: "/", type: "file",
|
|
24
29
|
support_file: false, vendored_file: false, symlink_target: nil,
|
|
25
30
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
|
@@ -57,6 +57,7 @@ module Dependabot
|
|
|
57
57
|
@credentials = credentials
|
|
58
58
|
@repo_contents_path = repo_contents_path
|
|
59
59
|
@linked_paths = {}
|
|
60
|
+
@submodules = []
|
|
60
61
|
@options = options
|
|
61
62
|
end
|
|
62
63
|
|
|
@@ -100,7 +101,7 @@ module Dependabot
|
|
|
100
101
|
raise Dependabot::OutOfDisk
|
|
101
102
|
end
|
|
102
103
|
|
|
103
|
-
raise Dependabot::RepoNotFound,
|
|
104
|
+
raise Dependabot::RepoNotFound.new(source, e.message)
|
|
104
105
|
end
|
|
105
106
|
|
|
106
107
|
def ecosystem_versions
|
|
@@ -154,7 +155,8 @@ module Dependabot
|
|
|
154
155
|
directory: directory,
|
|
155
156
|
type: type,
|
|
156
157
|
content: content,
|
|
157
|
-
symlink_target: symlink_target
|
|
158
|
+
symlink_target: symlink_target,
|
|
159
|
+
support_file: in_submodule?(path)
|
|
158
160
|
)
|
|
159
161
|
end
|
|
160
162
|
|
|
@@ -185,6 +187,10 @@ module Dependabot
|
|
|
185
187
|
subpaths(path).find { |subpath| @linked_paths.key?(subpath) }
|
|
186
188
|
end
|
|
187
189
|
|
|
190
|
+
def in_submodule?(path)
|
|
191
|
+
subpaths(path.delete_prefix("/")).any? { |subpath| @submodules.include?(subpath) }
|
|
192
|
+
end
|
|
193
|
+
|
|
188
194
|
# Given a "foo/bar/baz" path, returns ["foo", "foo/bar", "foo/bar/baz"]
|
|
189
195
|
def subpaths(path)
|
|
190
196
|
components = path.split("/")
|
|
@@ -633,6 +639,8 @@ module Dependabot
|
|
|
633
639
|
git clone #{clone_options.string} #{source.url} #{path}
|
|
634
640
|
CMD
|
|
635
641
|
)
|
|
642
|
+
|
|
643
|
+
@submodules = find_submodules(path) if recurse_submodules_when_cloning?
|
|
636
644
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
637
645
|
raise unless e.message.match(GIT_SUBMODULE_ERROR_REGEX) && e.message.downcase.include?("submodule")
|
|
638
646
|
|
|
@@ -684,6 +692,21 @@ module Dependabot
|
|
|
684
692
|
bom = (+"\xEF\xBB\xBF").force_encoding(Encoding::BINARY)
|
|
685
693
|
Base64.decode64(str).delete_prefix(bom).force_encoding("UTF-8").encode
|
|
686
694
|
end
|
|
695
|
+
|
|
696
|
+
def find_submodules(path)
|
|
697
|
+
SharedHelpers.run_shell_command(
|
|
698
|
+
<<~CMD
|
|
699
|
+
git -C #{path} ls-files --stage
|
|
700
|
+
CMD
|
|
701
|
+
).split("\n").filter_map do |line|
|
|
702
|
+
info = line.split
|
|
703
|
+
|
|
704
|
+
type = info.first
|
|
705
|
+
path = info.last
|
|
706
|
+
|
|
707
|
+
next path if type == DependencyFile::Mode::SUBMODULE
|
|
708
|
+
end
|
|
709
|
+
end
|
|
687
710
|
end
|
|
688
711
|
end
|
|
689
712
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/dependency_file"
|
|
5
6
|
|
|
6
7
|
# This class provides a utility to check for arbitary modified files within a
|
|
@@ -9,8 +10,12 @@ require "dependabot/dependency_file"
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module FileUpdaters
|
|
11
12
|
class ArtifactUpdater
|
|
13
|
+
extend T::Sig
|
|
14
|
+
extend T::Helpers
|
|
15
|
+
|
|
12
16
|
# @param repo_contents_path [String, nil] the path we cloned the repository into
|
|
13
17
|
# @param target_directory [String, nil] the path within a project directory we should inspect for changes
|
|
18
|
+
sig { params(repo_contents_path: T.nilable(String), target_directory: T.nilable(String)).void }
|
|
14
19
|
def initialize(repo_contents_path:, target_directory:)
|
|
15
20
|
@repo_contents_path = repo_contents_path
|
|
16
21
|
@target_directory = target_directory
|
|
@@ -23,17 +28,24 @@ module Dependabot
|
|
|
23
28
|
# @param only_paths [Array<String>, nil] An optional list of specific paths to check, if this is nil we will
|
|
24
29
|
# return every change we find within the `base_directory`
|
|
25
30
|
# @return [Array<Dependabot::DependencyFile>]
|
|
31
|
+
sig do
|
|
32
|
+
params(base_directory: String, only_paths: T.nilable(T::Array[String]))
|
|
33
|
+
.returns(T::Array[Dependabot::DependencyFile])
|
|
34
|
+
end
|
|
26
35
|
def updated_files(base_directory:, only_paths: nil)
|
|
27
36
|
return [] unless repo_contents_path && target_directory
|
|
28
37
|
|
|
29
|
-
Dir.chdir(repo_contents_path) do
|
|
38
|
+
Dir.chdir(T.must(repo_contents_path)) do
|
|
30
39
|
# rubocop:disable Performance/DeletePrefix
|
|
31
|
-
relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(target_directory)
|
|
40
|
+
relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(T.must(target_directory))
|
|
32
41
|
# rubocop:enable Performance/DeletePrefix
|
|
33
42
|
|
|
34
|
-
status =
|
|
35
|
-
|
|
36
|
-
|
|
43
|
+
status = T.let(
|
|
44
|
+
SharedHelpers.run_shell_command(
|
|
45
|
+
"git status --untracked-files all --porcelain v1 #{relative_dir}",
|
|
46
|
+
fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
|
|
47
|
+
),
|
|
48
|
+
String
|
|
37
49
|
)
|
|
38
50
|
changed_paths = status.split("\n").map(&:split)
|
|
39
51
|
changed_paths.filter_map do |type, path|
|
|
@@ -51,7 +63,7 @@ module Dependabot
|
|
|
51
63
|
operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
|
|
52
64
|
operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
|
|
53
65
|
|
|
54
|
-
encoded_content, encoding = get_encoded_file_contents(path, operation)
|
|
66
|
+
encoded_content, encoding = get_encoded_file_contents(T.must(path), operation)
|
|
55
67
|
|
|
56
68
|
create_dependency_file(
|
|
57
69
|
name: file_path.to_s,
|
|
@@ -66,10 +78,19 @@ module Dependabot
|
|
|
66
78
|
|
|
67
79
|
private
|
|
68
80
|
|
|
69
|
-
TEXT_ENCODINGS = %w(us-ascii utf-8).freeze
|
|
81
|
+
TEXT_ENCODINGS = T.let(%w(us-ascii utf-8).freeze, T::Array[String])
|
|
70
82
|
|
|
71
|
-
|
|
83
|
+
sig { returns(T.nilable(String)) }
|
|
84
|
+
attr_reader :repo_contents_path
|
|
85
|
+
sig { returns(T.nilable(String)) }
|
|
86
|
+
attr_reader :target_directory
|
|
72
87
|
|
|
88
|
+
sig do
|
|
89
|
+
params(
|
|
90
|
+
path: String,
|
|
91
|
+
operation: String
|
|
92
|
+
).returns([T.nilable(String), String])
|
|
93
|
+
end
|
|
73
94
|
def get_encoded_file_contents(path, operation)
|
|
74
95
|
encoded_content = nil
|
|
75
96
|
encoding = ""
|
|
@@ -86,6 +107,7 @@ module Dependabot
|
|
|
86
107
|
[encoded_content, encoding]
|
|
87
108
|
end
|
|
88
109
|
|
|
110
|
+
sig { params(path: String).returns(T::Boolean) }
|
|
89
111
|
def binary_file?(path)
|
|
90
112
|
return false unless File.exist?(path)
|
|
91
113
|
|
|
@@ -95,8 +117,13 @@ module Dependabot
|
|
|
95
117
|
!TEXT_ENCODINGS.include?(encoding)
|
|
96
118
|
end
|
|
97
119
|
|
|
120
|
+
sig do
|
|
121
|
+
overridable
|
|
122
|
+
.params(parameters: T::Hash[Symbol, T.untyped])
|
|
123
|
+
.returns(Dependabot::DependencyFile)
|
|
124
|
+
end
|
|
98
125
|
def create_dependency_file(parameters)
|
|
99
|
-
Dependabot::DependencyFile.new(**parameters)
|
|
126
|
+
Dependabot::DependencyFile.new(**T.unsafe(parameters))
|
|
100
127
|
end
|
|
101
128
|
end
|
|
102
129
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/dependency_file"
|
|
5
6
|
require "dependabot/file_updaters/artifact_updater"
|
|
6
7
|
|
|
@@ -13,21 +14,30 @@ require "dependabot/file_updaters/artifact_updater"
|
|
|
13
14
|
module Dependabot
|
|
14
15
|
module FileUpdaters
|
|
15
16
|
class VendorUpdater < ArtifactUpdater
|
|
17
|
+
extend T::Sig
|
|
18
|
+
extend T::Helpers
|
|
19
|
+
|
|
16
20
|
# This provides backwards compatability for anyone who used this class
|
|
17
21
|
# before the base ArtifactUpdater class was introduced and aligns the
|
|
18
22
|
# method's public signatures with it's special-case domain.
|
|
23
|
+
sig { params(repo_contents_path: T.nilable(String), vendor_dir: T.nilable(String)).void }
|
|
19
24
|
def initialize(repo_contents_path:, vendor_dir:)
|
|
20
25
|
@repo_contents_path = repo_contents_path
|
|
21
26
|
@vendor_dir = vendor_dir
|
|
22
27
|
super(repo_contents_path: @repo_contents_path, target_directory: @vendor_dir)
|
|
23
28
|
end
|
|
24
29
|
|
|
25
|
-
|
|
30
|
+
T.unsafe(self).alias_method :updated_vendor_cache_files, :updated_files
|
|
26
31
|
|
|
27
32
|
private
|
|
28
33
|
|
|
34
|
+
sig do
|
|
35
|
+
override
|
|
36
|
+
.params(parameters: T::Hash[Symbol, T.untyped])
|
|
37
|
+
.returns(Dependabot::DependencyFile)
|
|
38
|
+
end
|
|
29
39
|
def create_dependency_file(parameters)
|
|
30
|
-
Dependabot::DependencyFile.new(**parameters.merge({ vendored_file: true }))
|
|
40
|
+
Dependabot::DependencyFile.new(**T.unsafe({ **parameters.merge({ vendored_file: true }) }))
|
|
31
41
|
end
|
|
32
42
|
end
|
|
33
43
|
end
|
data/lib/dependabot/logger.rb
CHANGED
|
@@ -1,13 +1,18 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "logger"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
10
|
+
sig { returns(::Logger) }
|
|
7
11
|
def self.logger
|
|
8
|
-
@logger ||= Logger.new(nil)
|
|
12
|
+
@logger ||= T.let(::Logger.new(nil), T.nilable(::Logger))
|
|
9
13
|
end
|
|
10
14
|
|
|
15
|
+
sig { params(logger: ::Logger).void }
|
|
11
16
|
def self.logger=(logger)
|
|
12
17
|
@logger = logger
|
|
13
18
|
end
|
|
@@ -1,16 +1,40 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "time"
|
|
5
5
|
require "tmpdir"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
require "dependabot/pull_request_creator"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
class PullRequestCreator
|
|
10
11
|
class CommitSigner
|
|
11
|
-
|
|
12
|
-
:signature_key
|
|
12
|
+
extend T::Sig
|
|
13
13
|
|
|
14
|
+
sig { returns(T::Hash[Symbol, String]) }
|
|
15
|
+
attr_reader :author_details
|
|
16
|
+
|
|
17
|
+
sig { returns(String) }
|
|
18
|
+
attr_reader :commit_message
|
|
19
|
+
|
|
20
|
+
sig { returns(String) }
|
|
21
|
+
attr_reader :tree_sha
|
|
22
|
+
|
|
23
|
+
sig { returns(String) }
|
|
24
|
+
attr_reader :parent_sha
|
|
25
|
+
|
|
26
|
+
sig { returns(String) }
|
|
27
|
+
attr_reader :signature_key
|
|
28
|
+
|
|
29
|
+
sig do
|
|
30
|
+
params(
|
|
31
|
+
author_details: T::Hash[Symbol, String],
|
|
32
|
+
commit_message: String,
|
|
33
|
+
tree_sha: String,
|
|
34
|
+
parent_sha: String,
|
|
35
|
+
signature_key: String
|
|
36
|
+
).void
|
|
37
|
+
end
|
|
14
38
|
def initialize(author_details:, commit_message:, tree_sha:, parent_sha:,
|
|
15
39
|
signature_key:)
|
|
16
40
|
@author_details = author_details
|
|
@@ -20,6 +44,7 @@ module Dependabot
|
|
|
20
44
|
@signature_key = signature_key
|
|
21
45
|
end
|
|
22
46
|
|
|
47
|
+
sig { returns(String) }
|
|
23
48
|
def signature
|
|
24
49
|
begin
|
|
25
50
|
require "gpgme"
|
|
@@ -39,20 +64,21 @@ module Dependabot
|
|
|
39
64
|
opts = { mode: GPGME::SIG_MODE_DETACH, signer: email }
|
|
40
65
|
crypto.sign(commit_object, opts).to_s
|
|
41
66
|
rescue Errno::ENOTEMPTY
|
|
42
|
-
FileUtils.remove_entry(dir, true)
|
|
67
|
+
FileUtils.remove_entry(T.must(dir), true)
|
|
43
68
|
# This appears to be a Ruby bug which occurs very rarely
|
|
44
69
|
raise if @retrying
|
|
45
70
|
|
|
46
|
-
@retrying = true
|
|
71
|
+
@retrying = T.let(true, T.nilable(T::Boolean))
|
|
47
72
|
retry
|
|
48
73
|
ensure
|
|
49
|
-
FileUtils.remove_entry(dir, true)
|
|
74
|
+
FileUtils.remove_entry(T.must(dir), true)
|
|
50
75
|
end
|
|
51
76
|
|
|
52
77
|
private
|
|
53
78
|
|
|
79
|
+
sig { returns(String) }
|
|
54
80
|
def commit_object
|
|
55
|
-
time_str = Time.parse(author_details[:date]).strftime("%s %z")
|
|
81
|
+
time_str = Time.parse(T.must(author_details[:date])).strftime("%s %z")
|
|
56
82
|
name = author_details[:name]
|
|
57
83
|
email = author_details[:email]
|
|
58
84
|
|
|
@@ -189,7 +189,7 @@ module Dependabot
|
|
|
189
189
|
if file.type == "submodule"
|
|
190
190
|
{
|
|
191
191
|
path: file.path.sub(%r{^/}, ""),
|
|
192
|
-
mode:
|
|
192
|
+
mode: Dependabot::DependencyFile::Mode::SUBMODULE,
|
|
193
193
|
type: "commit",
|
|
194
194
|
sha: file.content
|
|
195
195
|
}
|
|
@@ -207,7 +207,7 @@ module Dependabot
|
|
|
207
207
|
|
|
208
208
|
{
|
|
209
209
|
path: file.realpath,
|
|
210
|
-
mode: (file.mode ||
|
|
210
|
+
mode: (file.mode || Dependabot::DependencyFile::Mode::FILE),
|
|
211
211
|
type: "blob"
|
|
212
212
|
}.merge(content)
|
|
213
213
|
end
|
|
@@ -59,20 +59,11 @@ module Dependabot
|
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def pr_message
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
"#{metadata_cascades}" \
|
|
68
|
-
"#{ignore_conditions_table}" \
|
|
69
|
-
"#{prefixed_pr_message_footer}"
|
|
70
|
-
else
|
|
71
|
-
"#{suffixed_pr_message_header}" \
|
|
72
|
-
"#{commit_message_intro}" \
|
|
73
|
-
"#{metadata_cascades}" \
|
|
74
|
-
"#{prefixed_pr_message_footer}"
|
|
75
|
-
end
|
|
62
|
+
msg = "#{suffixed_pr_message_header}" \
|
|
63
|
+
"#{commit_message_intro}" \
|
|
64
|
+
"#{metadata_cascades}" \
|
|
65
|
+
"#{ignore_conditions_table}" \
|
|
66
|
+
"#{prefixed_pr_message_footer}"
|
|
76
67
|
|
|
77
68
|
truncate_pr_message(msg)
|
|
78
69
|
rescue StandardError => e
|
|
@@ -80,10 +71,6 @@ module Dependabot
|
|
|
80
71
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
|
81
72
|
end
|
|
82
73
|
|
|
83
|
-
def unignore_commands?
|
|
84
|
-
Experiments.enabled?(:unignore_commands)
|
|
85
|
-
end
|
|
86
|
-
|
|
87
74
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
|
88
75
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
|
89
76
|
def truncate_pr_message(msg)
|
|
@@ -128,7 +128,7 @@ module Dependabot
|
|
|
128
128
|
if file.type == "submodule"
|
|
129
129
|
{
|
|
130
130
|
path: file.path.sub(%r{^/}, ""),
|
|
131
|
-
mode:
|
|
131
|
+
mode: Dependabot::DependencyFile::Mode::SUBMODULE,
|
|
132
132
|
type: "commit",
|
|
133
133
|
sha: file.content
|
|
134
134
|
}
|
|
@@ -146,7 +146,7 @@ module Dependabot
|
|
|
146
146
|
|
|
147
147
|
{
|
|
148
148
|
path: file.realpath,
|
|
149
|
-
mode:
|
|
149
|
+
mode: Dependabot::DependencyFile::Mode::FILE,
|
|
150
150
|
type: "blob"
|
|
151
151
|
}.merge(content)
|
|
152
152
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.236.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-10-
|
|
11
|
+
date: 2023-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -188,6 +188,20 @@ dependencies:
|
|
|
188
188
|
- - "<"
|
|
189
189
|
- !ruby/object:Gem::Version
|
|
190
190
|
version: '7.0'
|
|
191
|
+
- !ruby/object:Gem::Dependency
|
|
192
|
+
name: opentelemetry-sdk
|
|
193
|
+
requirement: !ruby/object:Gem::Requirement
|
|
194
|
+
requirements:
|
|
195
|
+
- - "~>"
|
|
196
|
+
- !ruby/object:Gem::Version
|
|
197
|
+
version: '1.3'
|
|
198
|
+
type: :runtime
|
|
199
|
+
prerelease: false
|
|
200
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
201
|
+
requirements:
|
|
202
|
+
- - "~>"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: '1.3'
|
|
191
205
|
- !ruby/object:Gem::Dependency
|
|
192
206
|
name: parser
|
|
193
207
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -514,7 +528,7 @@ licenses:
|
|
|
514
528
|
- Nonstandard
|
|
515
529
|
metadata:
|
|
516
530
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
517
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
531
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
|
|
518
532
|
post_install_message:
|
|
519
533
|
rdoc_options: []
|
|
520
534
|
require_paths:
|