dependabot-common 0.235.0 → 0.236.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/file.rb +15 -3
  3. data/lib/dependabot/config/file_fetcher.rb +3 -3
  4. data/lib/dependabot/config/ignore_condition.rb +34 -8
  5. data/lib/dependabot/config/update_config.rb +19 -1
  6. data/lib/dependabot/config.rb +1 -1
  7. data/lib/dependabot/dependency_file.rb +5 -0
  8. data/lib/dependabot/file_fetchers/base.rb +25 -2
  9. data/lib/dependabot/file_updaters/artifact_updater.rb +37 -10
  10. data/lib/dependabot/file_updaters/vendor_updater.rb +13 -3
  11. data/lib/dependabot/logger.rb +7 -2
  12. data/lib/dependabot/pull_request_creator/commit_signer.rb +33 -7
  13. data/lib/dependabot/pull_request_creator/github.rb +2 -2
  14. data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -1
  15. data/lib/dependabot/pull_request_creator/message_builder.rb +5 -18
  16. data/lib/dependabot/pull_request_updater/github.rb +2 -2
  17. data/lib/dependabot.rb +1 -1
  18. metadata +17 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0b22cec48025b20921f000f63975cfc9db22dac670fa8ef6710fda754c288f68
4
- data.tar.gz: 901b6246fde924caa2adfdcba0bc19dbd86833133c6cf951967024b656f68918
3
+ metadata.gz: 945c135096f005a7d416b56d1e8f9e6b91e1a02b0590758887eba5a110fb5b19
4
+ data.tar.gz: 0cc101754418b3b1aa682c273e5c6ed2fa72b796d72a9b4d30b3c0f0aa41c39b
5
5
  SHA512:
6
- metadata.gz: 819445f789764166001ff2f6ce532e6bd60ecb1a644eb4bb20ec00a15c433c58608af56e3c75bbccba479c2f6b81fd415298083f9d4e74c24ba382881a35280c
7
- data.tar.gz: 3b5f7aa169756240055ded3136f8daae04cc52129a42f0566eddc90232a302427b889ef512534f5e865609d7a7ba526f82deb7cea2b59138c4533e61fa01971a
6
+ metadata.gz: 76e41c5707a11e8a5b17df8fa71fc81a4ebbf1a3fd71469931d84cebe1573588afa6605751af2a65c849884bcdf0dd79b5bc4a1d63b9ac69d39466cf8a4b952e
7
+ data.tar.gz: 53204ad41f102502301e483b3175280673849b0ab0d530b8458aa77289251dfaf287f9ee051e90bd5b39722a7b25a2993e8a49aa15c03982e82990df475fd9dd
data/lib/dependabot/config/file.rb CHANGED
@@ -2,11 +2,14 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/config/update_config"
5
+ require "sorbet-runtime"
5
6
 
6
7
  module Dependabot
7
8
  module Config
8
9
  # Configuration for the repository, a parsed dependabot.yaml.
9
10
  class File
11
+ extend T::Sig
12
+
10
13
  attr_reader :updates, :registries
11
14
 
12
15
  def initialize(updates:, registries: nil)
@@ -14,6 +17,10 @@ module Dependabot
14
17
  @registries = registries || []
15
18
  end
16
19
 
20
+ sig do
21
+ params(package_manager: String, directory: T.nilable(String), target_branch: T.nilable(String))
22
+ .returns(UpdateConfig)
23
+ end
17
24
  def update_config(package_manager, directory: nil, target_branch: nil)
18
25
  dir = directory || "/"
19
26
  package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
@@ -21,13 +28,14 @@ module Dependabot
21
28
  u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
22
29
  (target_branch.nil? || u[:"target-branch"] == target_branch)
23
30
  end
24
- Dependabot::Config::UpdateConfig.new(
31
+ UpdateConfig.new(
25
32
  ignore_conditions: ignore_conditions(cfg),
26
33
  commit_message_options: commit_message_options(cfg)
27
34
  )
28
35
  end
29
36
 
30
37
  # Parse the YAML config file
38
+ sig { params(config: String).returns(File) }
31
39
  def self.parse(config)
32
40
  parsed = YAML.safe_load(config, symbolize_names: true)
33
41
  version = parsed[:version]
@@ -58,10 +66,11 @@ module Dependabot
58
66
  "terraform" => "terraform"
59
67
  }.freeze
60
68
 
69
+ sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[IgnoreCondition]) }
61
70
  def ignore_conditions(cfg)
62
71
  ignores = cfg&.dig(:ignore) || []
63
72
  ignores.map do |ic|
64
- Dependabot::Config::IgnoreCondition.new(
73
+ IgnoreCondition.new(
65
74
  dependency_name: ic[:"dependency-name"],
66
75
  versions: ic[:versions],
67
76
  update_types: ic[:"update-types"]
@@ -69,9 +78,12 @@ module Dependabot
69
78
  end
70
79
  end
71
80
 
81
+ sig do
82
+ params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(UpdateConfig::CommitMessageOptions)
83
+ end
72
84
  def commit_message_options(cfg)
73
85
  commit_message = cfg&.dig(:"commit-message") || {}
74
- Dependabot::Config::UpdateConfig::CommitMessageOptions.new(
86
+ UpdateConfig::CommitMessageOptions.new(
75
87
  prefix: commit_message[:prefix],
76
88
  prefix_development: commit_message[:"prefix-development"] || commit_message[:prefix],
77
89
  include: commit_message[:include]
data/lib/dependabot/config/file_fetcher.rb CHANGED
@@ -6,7 +6,7 @@ require "dependabot/config/file"
6
6
 
7
7
  module Dependabot
8
8
  module Config
9
- class FileFetcher < Dependabot::FileFetchers::Base
9
+ class FileFetcher < FileFetchers::Base
10
10
  CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
11
11
 
12
12
  def self.required_files_in?(filenames)
@@ -35,13 +35,13 @@ module Dependabot
35
35
  fetched_files << config_file
36
36
  break
37
37
  end
38
- rescue Dependabot::DependencyFileNotFound
38
+ rescue DependencyFileNotFound
39
39
  next
40
40
  end
41
41
  end
42
42
 
43
43
  unless self.class.required_files_in?(fetched_files.map(&:name))
44
- raise Dependabot::DependencyFileNotFound.new(nil, self.class.required_files_message)
44
+ raise DependencyFileNotFound.new(nil, self.class.required_files_message)
45
45
  end
46
46
 
47
47
  fetched_files
data/lib/dependabot/config/ignore_condition.rb CHANGED
@@ -1,24 +1,43 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Config
6
8
  # Filters versions that should not be considered for dependency updates
7
9
  class IgnoreCondition
10
+ extend T::Sig
11
+
8
12
  PATCH_VERSION_TYPE = "version-update:semver-patch"
9
13
  MINOR_VERSION_TYPE = "version-update:semver-minor"
10
14
  MAJOR_VERSION_TYPE = "version-update:semver-major"
11
15
 
12
16
  ALL_VERSIONS = ">= 0"
13
17
 
14
- attr_reader :dependency_name, :versions, :update_types
18
+ sig { returns(String) }
19
+ attr_reader :dependency_name
20
+
21
+ sig { returns(T::Array[String]) }
22
+ attr_reader :versions
15
23
 
24
+ sig { returns(T::Array[String]) }
25
+ attr_reader :update_types
26
+
27
+ sig do
28
+ params(
29
+ dependency_name: String,
30
+ versions: T.any(NilClass, T::Array[String]),
31
+ update_types: T.any(NilClass, T::Array[String])
32
+ ).void
33
+ end
16
34
  def initialize(dependency_name:, versions: nil, update_types: nil)
17
- @dependency_name = dependency_name
18
- @versions = versions || []
19
- @update_types = update_types || []
35
+ @dependency_name = T.let(dependency_name, String)
36
+ @versions = T.let(versions || [], T::Array[String])
37
+ @update_types = T.let(update_types || [], T::Array[String])
20
38
  end
21
39
 
40
+ sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
22
41
  def ignored_versions(dependency, security_updates_only)
23
42
  return versions if security_updates_only
24
43
  return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
@@ -28,10 +47,12 @@ module Dependabot
28
47
 
29
48
  private
30
49
 
50
+ sig { returns(T::Array[String]) }
31
51
  def transformed_update_types
32
52
  update_types.map(&:downcase).filter_map(&:strip)
33
53
  end
34
54
 
55
+ sig { params(dependency: Dependency).returns(T::Array[T.untyped]) }
35
56
  def versions_by_type(dependency)
36
57
  version = correct_version_for(dependency)
37
58
  return [] unless version
@@ -52,9 +73,10 @@ module Dependabot
52
73
  end.compact
53
74
  end
54
75
 
76
+ sig { params(version: String).returns(T::Array[String]) }
55
77
  def ignore_patch(version)
56
78
  parts = version.split(".")
57
- version_parts = parts.fill(0, parts.length...2)
79
+ version_parts = parts.fill("0", parts.length...2)
58
80
  upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
59
81
  lower_bound = "> #{version}"
60
82
  upper_bound = "< #{upper_parts.join('.')}"
@@ -62,9 +84,10 @@ module Dependabot
62
84
  ["#{lower_bound}, #{upper_bound}"]
63
85
  end
64
86
 
87
+ sig { params(version: String).returns(T::Array[String]) }
65
88
  def ignore_minor(version)
66
89
  parts = version.split(".")
67
- version_parts = parts.fill(0, parts.length...2)
90
+ version_parts = parts.fill("0", parts.length...2)
68
91
  lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
69
92
  upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
70
93
  lower_bound = ">= #{lower_parts.join('.')}"
@@ -73,6 +96,7 @@ module Dependabot
73
96
  ["#{lower_bound}, #{upper_bound}"]
74
97
  end
75
98
 
99
+ sig { params(version: String).returns(T::Array[String]) }
76
100
  def ignore_major(version)
77
101
  version_parts = version.split(".")
78
102
  lower_parts = [version_parts[0].to_i + 1] + ["a"]
@@ -81,6 +105,7 @@ module Dependabot
81
105
  [lower_bound]
82
106
  end
83
107
 
108
+ sig { params(dependency: Dependency).returns(T.nilable(Version)) }
84
109
  def correct_version_for(dependency)
85
110
  version = dependency.version
86
111
  return if version.nil? || version.empty?
@@ -91,10 +116,11 @@ module Dependabot
91
116
  version_class.new(version)
92
117
  end
93
118
 
119
+ sig { params(package_manager: String).returns(T.class_of(Version)) }
94
120
  def version_class_for(package_manager)
95
121
  Utils.version_class_for_package_manager(package_manager)
96
122
  rescue StandardError
97
- Dependabot::Version
123
+ Version
98
124
  end
99
125
  end
100
126
  end
data/lib/dependabot/config/update_config.rb CHANGED
@@ -2,17 +2,32 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/config/ignore_condition"
5
+ require "sorbet-runtime"
5
6
 
6
7
  module Dependabot
7
8
  module Config
8
9
  # Configuration for a single ecosystem
9
10
  class UpdateConfig
10
- attr_reader :commit_message_options, :ignore_conditions
11
+ extend T::Sig
12
+
13
+ sig { returns(T.nilable(CommitMessageOptions)) }
14
+ attr_reader :commit_message_options
15
+
16
+ sig { returns(T::Array[IgnoreCondition]) }
17
+ attr_reader :ignore_conditions
18
+
19
+ sig do
20
+ params(
21
+ ignore_conditions: T.nilable(T::Array[IgnoreCondition]),
22
+ commit_message_options: T.nilable(CommitMessageOptions)
23
+ ).void
24
+ end
11
25
  def initialize(ignore_conditions: nil, commit_message_options: nil)
12
26
  @ignore_conditions = ignore_conditions || []
13
27
  @commit_message_options = commit_message_options
14
28
  end
15
29
 
30
+ sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
16
31
  def ignored_versions_for(dependency, security_updates_only: false)
17
32
  normalizer = name_normaliser_for(dependency)
18
33
  dep_name = normalizer.call(dependency.name)
@@ -25,6 +40,7 @@ module Dependabot
25
40
  .uniq
26
41
  end
27
42
 
43
+ sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
28
44
  def self.wildcard_match?(wildcard_string, candidate_string)
29
45
  return false unless wildcard_string && candidate_string
30
46
 
@@ -43,6 +59,8 @@ module Dependabot
43
59
  end
44
60
 
45
61
  class CommitMessageOptions
62
+ extend T::Sig
63
+
46
64
  attr_reader :prefix, :prefix_development, :include
47
65
 
48
66
  def initialize(prefix:, prefix_development:, include:)
data/lib/dependabot/config.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
data/lib/dependabot/dependency_file.rb CHANGED
@@ -20,6 +20,11 @@ module Dependabot
20
20
  DELETE = "delete"
21
21
  end
22
22
 
23
+ class Mode
24
+ FILE = "100644"
25
+ SUBMODULE = "160000"
26
+ end
27
+
23
28
  def initialize(name:, content:, directory: "/", type: "file",
24
29
  support_file: false, vendored_file: false, symlink_target: nil,
25
30
  content_encoding: ContentEncoding::UTF_8, deleted: false,
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -57,6 +57,7 @@ module Dependabot
57
57
  @credentials = credentials
58
58
  @repo_contents_path = repo_contents_path
59
59
  @linked_paths = {}
60
+ @submodules = []
60
61
  @options = options
61
62
  end
62
63
 
@@ -100,7 +101,7 @@ module Dependabot
100
101
  raise Dependabot::OutOfDisk
101
102
  end
102
103
 
103
- raise Dependabot::RepoNotFound, source
104
+ raise Dependabot::RepoNotFound.new(source, e.message)
104
105
  end
105
106
 
106
107
  def ecosystem_versions
@@ -154,7 +155,8 @@ module Dependabot
154
155
  directory: directory,
155
156
  type: type,
156
157
  content: content,
157
- symlink_target: symlink_target
158
+ symlink_target: symlink_target,
159
+ support_file: in_submodule?(path)
158
160
  )
159
161
  end
160
162
 
@@ -185,6 +187,10 @@ module Dependabot
185
187
  subpaths(path).find { |subpath| @linked_paths.key?(subpath) }
186
188
  end
187
189
 
190
+ def in_submodule?(path)
191
+ subpaths(path.delete_prefix("/")).any? { |subpath| @submodules.include?(subpath) }
192
+ end
193
+
188
194
  # Given a "foo/bar/baz" path, returns ["foo", "foo/bar", "foo/bar/baz"]
189
195
  def subpaths(path)
190
196
  components = path.split("/")
@@ -633,6 +639,8 @@ module Dependabot
633
639
  git clone #{clone_options.string} #{source.url} #{path}
634
640
  CMD
635
641
  )
642
+
643
+ @submodules = find_submodules(path) if recurse_submodules_when_cloning?
636
644
  rescue SharedHelpers::HelperSubprocessFailed => e
637
645
  raise unless e.message.match(GIT_SUBMODULE_ERROR_REGEX) && e.message.downcase.include?("submodule")
638
646
 
@@ -684,6 +692,21 @@ module Dependabot
684
692
  bom = (+"\xEF\xBB\xBF").force_encoding(Encoding::BINARY)
685
693
  Base64.decode64(str).delete_prefix(bom).force_encoding("UTF-8").encode
686
694
  end
695
+
696
+ def find_submodules(path)
697
+ SharedHelpers.run_shell_command(
698
+ <<~CMD
699
+ git -C #{path} ls-files --stage
700
+ CMD
701
+ ).split("\n").filter_map do |line|
702
+ info = line.split
703
+
704
+ type = info.first
705
+ path = info.last
706
+
707
+ next path if type == DependencyFile::Mode::SUBMODULE
708
+ end
709
+ end
687
710
  end
688
711
  end
689
712
  end
data/lib/dependabot/file_updaters/artifact_updater.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/dependency_file"
5
6
 
6
7
  # This class provides a utility to check for arbitary modified files within a
@@ -9,8 +10,12 @@ require "dependabot/dependency_file"
9
10
  module Dependabot
10
11
  module FileUpdaters
11
12
  class ArtifactUpdater
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
12
16
  # @param repo_contents_path [String, nil] the path we cloned the repository into
13
17
  # @param target_directory [String, nil] the path within a project directory we should inspect for changes
18
+ sig { params(repo_contents_path: T.nilable(String), target_directory: T.nilable(String)).void }
14
19
  def initialize(repo_contents_path:, target_directory:)
15
20
  @repo_contents_path = repo_contents_path
16
21
  @target_directory = target_directory
@@ -23,17 +28,24 @@ module Dependabot
23
28
  # @param only_paths [Array<String>, nil] An optional list of specific paths to check, if this is nil we will
24
29
  # return every change we find within the `base_directory`
25
30
  # @return [Array<Dependabot::DependencyFile>]
31
+ sig do
32
+ params(base_directory: String, only_paths: T.nilable(T::Array[String]))
33
+ .returns(T::Array[Dependabot::DependencyFile])
34
+ end
26
35
  def updated_files(base_directory:, only_paths: nil)
27
36
  return [] unless repo_contents_path && target_directory
28
37
 
29
- Dir.chdir(repo_contents_path) do
38
+ Dir.chdir(T.must(repo_contents_path)) do
30
39
  # rubocop:disable Performance/DeletePrefix
31
- relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(target_directory)
40
+ relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(T.must(target_directory))
32
41
  # rubocop:enable Performance/DeletePrefix
33
42
 
34
- status = SharedHelpers.run_shell_command(
35
- "git status --untracked-files all --porcelain v1 #{relative_dir}",
36
- fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
43
+ status = T.let(
44
+ SharedHelpers.run_shell_command(
45
+ "git status --untracked-files all --porcelain v1 #{relative_dir}",
46
+ fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
47
+ ),
48
+ String
37
49
  )
38
50
  changed_paths = status.split("\n").map(&:split)
39
51
  changed_paths.filter_map do |type, path|
@@ -51,7 +63,7 @@ module Dependabot
51
63
  operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
52
64
  operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
53
65
 
54
- encoded_content, encoding = get_encoded_file_contents(path, operation)
66
+ encoded_content, encoding = get_encoded_file_contents(T.must(path), operation)
55
67
 
56
68
  create_dependency_file(
57
69
  name: file_path.to_s,
@@ -66,10 +78,19 @@ module Dependabot
66
78
 
67
79
  private
68
80
 
69
- TEXT_ENCODINGS = %w(us-ascii utf-8).freeze
81
+ TEXT_ENCODINGS = T.let(%w(us-ascii utf-8).freeze, T::Array[String])
70
82
 
71
- attr_reader :repo_contents_path, :target_directory
83
+ sig { returns(T.nilable(String)) }
84
+ attr_reader :repo_contents_path
85
+ sig { returns(T.nilable(String)) }
86
+ attr_reader :target_directory
72
87
 
88
+ sig do
89
+ params(
90
+ path: String,
91
+ operation: String
92
+ ).returns([T.nilable(String), String])
93
+ end
73
94
  def get_encoded_file_contents(path, operation)
74
95
  encoded_content = nil
75
96
  encoding = ""
@@ -86,6 +107,7 @@ module Dependabot
86
107
  [encoded_content, encoding]
87
108
  end
88
109
 
110
+ sig { params(path: String).returns(T::Boolean) }
89
111
  def binary_file?(path)
90
112
  return false unless File.exist?(path)
91
113
 
@@ -95,8 +117,13 @@ module Dependabot
95
117
  !TEXT_ENCODINGS.include?(encoding)
96
118
  end
97
119
 
120
+ sig do
121
+ overridable
122
+ .params(parameters: T::Hash[Symbol, T.untyped])
123
+ .returns(Dependabot::DependencyFile)
124
+ end
98
125
  def create_dependency_file(parameters)
99
- Dependabot::DependencyFile.new(**parameters)
126
+ Dependabot::DependencyFile.new(**T.unsafe(parameters))
100
127
  end
101
128
  end
102
129
  end
data/lib/dependabot/file_updaters/vendor_updater.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/dependency_file"
5
6
  require "dependabot/file_updaters/artifact_updater"
6
7
 
@@ -13,21 +14,30 @@ require "dependabot/file_updaters/artifact_updater"
13
14
  module Dependabot
14
15
  module FileUpdaters
15
16
  class VendorUpdater < ArtifactUpdater
17
+ extend T::Sig
18
+ extend T::Helpers
19
+
16
20
  # This provides backwards compatability for anyone who used this class
17
21
  # before the base ArtifactUpdater class was introduced and aligns the
18
22
  # method's public signatures with it's special-case domain.
23
+ sig { params(repo_contents_path: T.nilable(String), vendor_dir: T.nilable(String)).void }
19
24
  def initialize(repo_contents_path:, vendor_dir:)
20
25
  @repo_contents_path = repo_contents_path
21
26
  @vendor_dir = vendor_dir
22
27
  super(repo_contents_path: @repo_contents_path, target_directory: @vendor_dir)
23
28
  end
24
29
 
25
- alias updated_vendor_cache_files updated_files
30
+ T.unsafe(self).alias_method :updated_vendor_cache_files, :updated_files
26
31
 
27
32
  private
28
33
 
34
+ sig do
35
+ override
36
+ .params(parameters: T::Hash[Symbol, T.untyped])
37
+ .returns(Dependabot::DependencyFile)
38
+ end
29
39
  def create_dependency_file(parameters)
30
- Dependabot::DependencyFile.new(**parameters.merge({ vendored_file: true }))
40
+ Dependabot::DependencyFile.new(**T.unsafe({ **parameters.merge({ vendored_file: true }) }))
31
41
  end
32
42
  end
33
43
  end
data/lib/dependabot/logger.rb CHANGED
@@ -1,13 +1,18 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "logger"
5
+ require "sorbet-runtime"
5
6
 
6
7
  module Dependabot
8
+ extend T::Sig
9
+
10
+ sig { returns(::Logger) }
7
11
  def self.logger
8
- @logger ||= Logger.new(nil)
12
+ @logger ||= T.let(::Logger.new(nil), T.nilable(::Logger))
9
13
  end
10
14
 
15
+ sig { params(logger: ::Logger).void }
11
16
  def self.logger=(logger)
12
17
  @logger = logger
13
18
  end
data/lib/dependabot/pull_request_creator/commit_signer.rb CHANGED
@@ -1,16 +1,40 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "time"
5
5
  require "tmpdir"
6
+ require "sorbet-runtime"
6
7
  require "dependabot/pull_request_creator"
7
8
 
8
9
  module Dependabot
9
10
  class PullRequestCreator
10
11
  class CommitSigner
11
- attr_reader :author_details, :commit_message, :tree_sha, :parent_sha,
12
- :signature_key
12
+ extend T::Sig
13
13
 
14
+ sig { returns(T::Hash[Symbol, String]) }
15
+ attr_reader :author_details
16
+
17
+ sig { returns(String) }
18
+ attr_reader :commit_message
19
+
20
+ sig { returns(String) }
21
+ attr_reader :tree_sha
22
+
23
+ sig { returns(String) }
24
+ attr_reader :parent_sha
25
+
26
+ sig { returns(String) }
27
+ attr_reader :signature_key
28
+
29
+ sig do
30
+ params(
31
+ author_details: T::Hash[Symbol, String],
32
+ commit_message: String,
33
+ tree_sha: String,
34
+ parent_sha: String,
35
+ signature_key: String
36
+ ).void
37
+ end
14
38
  def initialize(author_details:, commit_message:, tree_sha:, parent_sha:,
15
39
  signature_key:)
16
40
  @author_details = author_details
@@ -20,6 +44,7 @@ module Dependabot
20
44
  @signature_key = signature_key
21
45
  end
22
46
 
47
+ sig { returns(String) }
23
48
  def signature
24
49
  begin
25
50
  require "gpgme"
@@ -39,20 +64,21 @@ module Dependabot
39
64
  opts = { mode: GPGME::SIG_MODE_DETACH, signer: email }
40
65
  crypto.sign(commit_object, opts).to_s
41
66
  rescue Errno::ENOTEMPTY
42
- FileUtils.remove_entry(dir, true)
67
+ FileUtils.remove_entry(T.must(dir), true)
43
68
  # This appears to be a Ruby bug which occurs very rarely
44
69
  raise if @retrying
45
70
 
46
- @retrying = true
71
+ @retrying = T.let(true, T.nilable(T::Boolean))
47
72
  retry
48
73
  ensure
49
- FileUtils.remove_entry(dir, true)
74
+ FileUtils.remove_entry(T.must(dir), true)
50
75
  end
51
76
 
52
77
  private
53
78
 
79
+ sig { returns(String) }
54
80
  def commit_object
55
- time_str = Time.parse(author_details[:date]).strftime("%s %z")
81
+ time_str = Time.parse(T.must(author_details[:date])).strftime("%s %z")
56
82
  name = author_details[:name]
57
83
  email = author_details[:email]
58
84
 
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -189,7 +189,7 @@ module Dependabot
189
189
  if file.type == "submodule"
190
190
  {
191
191
  path: file.path.sub(%r{^/}, ""),
192
- mode: "160000",
192
+ mode: Dependabot::DependencyFile::Mode::SUBMODULE,
193
193
  type: "commit",
194
194
  sha: file.content
195
195
  }
@@ -207,7 +207,7 @@ module Dependabot
207
207
 
208
208
  {
209
209
  path: file.realpath,
210
- mode: (file.mode || "100644"),
210
+ mode: (file.mode || Dependabot::DependencyFile::Mode::FILE),
211
211
  type: "blob"
212
212
  }.merge(content)
213
213
  end
data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb CHANGED
@@ -154,7 +154,7 @@ module Dependabot
154
154
  msg += body
155
155
  msg + "</details>\n"
156
156
  else
157
- "\n##{summary}\n\n#{body}"
157
+ "\n# #{summary}\n\n#{body}"
158
158
  end
159
159
  end
160
160
 
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -59,20 +59,11 @@ module Dependabot
59
59
  end
60
60
 
61
61
  def pr_message
62
- # TODO: Remove unignore_commands? feature flag once we are confident
63
- # that it is working as expected
64
- msg = if unignore_commands?
65
- "#{suffixed_pr_message_header}" \
66
- "#{commit_message_intro}" \
67
- "#{metadata_cascades}" \
68
- "#{ignore_conditions_table}" \
69
- "#{prefixed_pr_message_footer}"
70
- else
71
- "#{suffixed_pr_message_header}" \
72
- "#{commit_message_intro}" \
73
- "#{metadata_cascades}" \
74
- "#{prefixed_pr_message_footer}"
75
- end
62
+ msg = "#{suffixed_pr_message_header}" \
63
+ "#{commit_message_intro}" \
64
+ "#{metadata_cascades}" \
65
+ "#{ignore_conditions_table}" \
66
+ "#{prefixed_pr_message_footer}"
76
67
 
77
68
  truncate_pr_message(msg)
78
69
  rescue StandardError => e
@@ -80,10 +71,6 @@ module Dependabot
80
71
  suffixed_pr_message_header + prefixed_pr_message_footer
81
72
  end
82
73
 
83
- def unignore_commands?
84
- Experiments.enabled?(:unignore_commands)
85
- end
86
-
87
74
  # Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
88
75
  # The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
89
76
  def truncate_pr_message(msg)
data/lib/dependabot/pull_request_updater/github.rb CHANGED
@@ -128,7 +128,7 @@ module Dependabot
128
128
  if file.type == "submodule"
129
129
  {
130
130
  path: file.path.sub(%r{^/}, ""),
131
- mode: "160000",
131
+ mode: Dependabot::DependencyFile::Mode::SUBMODULE,
132
132
  type: "commit",
133
133
  sha: file.content
134
134
  }
@@ -146,7 +146,7 @@ module Dependabot
146
146
 
147
147
  {
148
148
  path: file.realpath,
149
- mode: "100644",
149
+ mode: Dependabot::DependencyFile::Mode::FILE,
150
150
  type: "blob"
151
151
  }.merge(content)
152
152
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.235.0"
5
+ VERSION = "0.236.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.235.0
4
+ version: 0.236.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-19 00:00:00.000000000 Z
11
+ date: 2023-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -188,6 +188,20 @@ dependencies:
188
188
  - - "<"
189
189
  - !ruby/object:Gem::Version
190
190
  version: '7.0'
191
+ - !ruby/object:Gem::Dependency
192
+ name: opentelemetry-sdk
193
+ requirement: !ruby/object:Gem::Requirement
194
+ requirements:
195
+ - - "~>"
196
+ - !ruby/object:Gem::Version
197
+ version: '1.3'
198
+ type: :runtime
199
+ prerelease: false
200
+ version_requirements: !ruby/object:Gem::Requirement
201
+ requirements:
202
+ - - "~>"
203
+ - !ruby/object:Gem::Version
204
+ version: '1.3'
191
205
  - !ruby/object:Gem::Dependency
192
206
  name: parser
193
207
  requirement: !ruby/object:Gem::Requirement
@@ -514,7 +528,7 @@ licenses:
514
528
  - Nonstandard
515
529
  metadata:
516
530
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
517
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.235.0
531
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
518
532
  post_install_message:
519
533
  rdoc_options: []
520
534
  require_paths: