dependabot-common 0.235.0 → 0.237.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/azure.rb +3 -3
  3. data/lib/dependabot/config/file.rb +32 -9
  4. data/lib/dependabot/config/file_fetcher.rb +3 -3
  5. data/lib/dependabot/config/ignore_condition.rb +34 -8
  6. data/lib/dependabot/config/update_config.rb +42 -6
  7. data/lib/dependabot/config.rb +1 -1
  8. data/lib/dependabot/dependency_file.rb +89 -14
  9. data/lib/dependabot/dependency_group.rb +29 -5
  10. data/lib/dependabot/errors.rb +101 -13
  11. data/lib/dependabot/file_fetchers/base.rb +250 -93
  12. data/lib/dependabot/file_updaters/artifact_updater.rb +37 -10
  13. data/lib/dependabot/file_updaters/vendor_updater.rb +13 -3
  14. data/lib/dependabot/logger.rb +7 -2
  15. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +13 -6
  16. data/lib/dependabot/pull_request_creator/commit_signer.rb +33 -7
  17. data/lib/dependabot/pull_request_creator/github.rb +13 -10
  18. data/lib/dependabot/pull_request_creator/message.rb +21 -2
  19. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +37 -16
  20. data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +5 -3
  21. data/lib/dependabot/pull_request_creator/message_builder.rb +5 -18
  22. data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +10 -4
  23. data/lib/dependabot/pull_request_updater/github.rb +2 -2
  24. data/lib/dependabot/shared_helpers.rb +117 -33
  25. data/lib/dependabot/simple_instrumentor.rb +22 -3
  26. data/lib/dependabot/source.rb +65 -17
  27. data/lib/dependabot/update_checkers/version_filters.rb +12 -1
  28. data/lib/dependabot/utils.rb +21 -2
  29. data/lib/dependabot/workspace/base.rb +42 -7
  30. data/lib/dependabot/workspace/change_attempt.rb +31 -3
  31. data/lib/dependabot/workspace/git.rb +34 -4
  32. data/lib/dependabot/workspace.rb +16 -2
  33. data/lib/dependabot.rb +1 -1
  34. metadata +37 -9
@@ -1,20 +1,25 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/utils"
5
6
 
6
7
  module Dependabot
7
8
  class DependabotError < StandardError
9
+ extend T::Sig
10
+
8
11
  BASIC_AUTH_REGEX = %r{://(?<auth>[^:@]*:[^@%\s/]+(@|%40))}
9
12
  # Remove any path segment from fury.io sources
10
13
  FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}
11
14
 
15
+ sig { params(message: T.any(T.nilable(String), MatchData)).void }
12
16
  def initialize(message = nil)
13
17
  super(sanitize_message(message))
14
18
  end
15
19
 
16
20
  private
17
21
 
22
+ sig { params(message: T.any(T.nilable(String), MatchData)).returns(T.any(T.nilable(String), MatchData)) }
18
23
  def sanitize_message(message)
19
24
  return message unless message.is_a?(String)
20
25
 
@@ -26,18 +31,25 @@ module Dependabot
26
31
  filter_sensitive_data(message)
27
32
  end
28
33
 
34
+ sig { params(message: String).returns(String) }
29
35
  def filter_sensitive_data(message)
30
36
  replace_capture_groups(message, BASIC_AUTH_REGEX, "")
31
37
  end
32
38
 
39
+ sig { params(source: String).returns(String) }
33
40
  def sanitize_source(source)
34
41
  source = filter_sensitive_data(source)
35
42
  replace_capture_groups(source, FURY_IO_PATH_REGEX, "<redacted>")
36
43
  end
37
44
 
45
+ sig do
46
+ params(
47
+ string: String,
48
+ regex: Regexp,
49
+ replacement: String
50
+ ).returns(String)
51
+ end
38
52
  def replace_capture_groups(string, regex, replacement)
39
- return string unless string.is_a?(String)
40
-
41
53
  string.scan(regex).flatten.compact.reduce(string) do |original_msg, match|
42
54
  original_msg.gsub(match, replacement)
43
55
  end
@@ -55,8 +67,12 @@ module Dependabot
55
67
  #####################
56
68
 
57
69
  class DirectoryNotFound < DependabotError
70
+ extend T::Sig
71
+
72
+ sig { returns(String) }
58
73
  attr_reader :directory_name
59
74
 
75
+ sig { params(directory_name: String, msg: T.nilable(String)).void }
60
76
  def initialize(directory_name, msg = nil)
61
77
  @directory_name = directory_name
62
78
  super(msg)
@@ -64,8 +80,12 @@ module Dependabot
64
80
  end
65
81
 
66
82
  class BranchNotFound < DependabotError
83
+ extend T::Sig
84
+
85
+ sig { returns(T.nilable(String)) }
67
86
  attr_reader :branch_name
68
87
 
88
+ sig { params(branch_name: T.nilable(String), msg: T.nilable(String)).void }
69
89
  def initialize(branch_name, msg = nil)
70
90
  @branch_name = branch_name
71
91
  super(msg)
@@ -73,8 +93,12 @@ module Dependabot
73
93
  end
74
94
 
75
95
  class RepoNotFound < DependabotError
96
+ extend T::Sig
97
+
98
+ sig { returns(T.any(Dependabot::Source, String)) }
76
99
  attr_reader :source
77
100
 
101
+ sig { params(source: T.any(Dependabot::Source, String), msg: T.nilable(String)).void }
78
102
  def initialize(source, msg = nil)
79
103
  @source = source
80
104
  super(msg)
@@ -86,8 +110,24 @@ module Dependabot
86
110
  #####################
87
111
 
88
112
  class ToolVersionNotSupported < DependabotError
89
- attr_reader :tool_name, :detected_version, :supported_versions
113
+ extend T::Sig
90
114
 
115
+ sig { returns(String) }
116
+ attr_reader :tool_name
117
+
118
+ sig { returns(String) }
119
+ attr_reader :detected_version
120
+
121
+ sig { returns(String) }
122
+ attr_reader :supported_versions
123
+
124
+ sig do
125
+ params(
126
+ tool_name: String,
127
+ detected_version: String,
128
+ supported_versions: String
129
+ ).void
130
+ end
91
131
  def initialize(tool_name, detected_version, supported_versions)
92
132
  @tool_name = tool_name
93
133
  @detected_version = detected_version
@@ -100,6 +140,9 @@ module Dependabot
100
140
  end
101
141
 
102
142
  class DependencyFileNotFound < DependabotError
143
+ extend T::Sig
144
+
145
+ sig { returns(String) }
103
146
  attr_reader :file_path
104
147
 
105
148
  def initialize(file_path, msg = nil)
@@ -107,31 +150,39 @@ module Dependabot
107
150
  super(msg || "#{file_path} not found")
108
151
  end
109
152
 
153
+ sig { returns(String) }
110
154
  def file_name
111
- file_path.split("/").last
155
+ T.must(file_path.split("/").last)
112
156
  end
113
157
 
158
+ sig { returns(String) }
114
159
  def directory
115
160
  # Directory should always start with a `/`
116
- file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
161
+ T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
117
162
  end
118
163
  end
119
164
 
120
165
  class DependencyFileNotParseable < DependabotError
166
+ extend T::Sig
167
+
168
+ sig { returns(String) }
121
169
  attr_reader :file_path
122
170
 
171
+ sig { params(file_path: String, msg: T.nilable(String)).void }
123
172
  def initialize(file_path, msg = nil)
124
173
  @file_path = file_path
125
174
  super(msg || "#{file_path} not parseable")
126
175
  end
127
176
 
177
+ sig { returns(String) }
128
178
  def file_name
129
- file_path.split("/").last
179
+ T.must(file_path.split("/").last)
130
180
  end
131
181
 
182
+ sig { returns(String) }
132
183
  def directory
133
184
  # Directory should always start with a `/`
134
- file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
185
+ T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
135
186
  end
136
187
  end
137
188
 
@@ -144,10 +195,13 @@ module Dependabot
144
195
  #######################
145
196
 
146
197
  class PrivateSourceAuthenticationFailure < DependabotError
198
+ extend T::Sig
199
+
200
+ sig { returns(String) }
147
201
  attr_reader :source
148
202
 
149
203
  def initialize(source)
150
- @source = sanitize_source(source)
204
+ @source = T.let(sanitize_source(source), String)
151
205
  msg = "The following source could not be reached as it requires " \
152
206
  "authentication (and any provided details were invalid or lacked " \
153
207
  "the required permissions): #{@source}"
@@ -156,26 +210,38 @@ module Dependabot
156
210
  end
157
211
 
158
212
  class PrivateSourceTimedOut < DependabotError
213
+ extend T::Sig
214
+
215
+ sig { returns(String) }
159
216
  attr_reader :source
160
217
 
218
+ sig { params(source: String).void }
161
219
  def initialize(source)
162
- @source = sanitize_source(source)
220
+ @source = T.let(sanitize_source(source), String)
163
221
  super("The following source timed out: #{@source}")
164
222
  end
165
223
  end
166
224
 
167
225
  class PrivateSourceCertificateFailure < DependabotError
226
+ extend T::Sig
227
+
228
+ sig { returns(String) }
168
229
  attr_reader :source
169
230
 
231
+ sig { params(source: String).void }
170
232
  def initialize(source)
171
- @source = sanitize_source(source)
233
+ @source = T.let(sanitize_source(source), String)
172
234
  super("Could not verify the SSL certificate for #{@source}")
173
235
  end
174
236
  end
175
237
 
176
238
  class MissingEnvironmentVariable < DependabotError
239
+ extend T::Sig
240
+
241
+ sig { returns(String) }
177
242
  attr_reader :environment_variable
178
243
 
244
+ sig { params(environment_variable: String).void }
179
245
  def initialize(environment_variable)
180
246
  @environment_variable = environment_variable
181
247
  super("Missing environment variable #{@environment_variable}")
@@ -191,11 +257,15 @@ module Dependabot
191
257
  ###########################
192
258
 
193
259
  class GitDependenciesNotReachable < DependabotError
260
+ extend T::Sig
261
+
262
+ sig { returns(T::Array[String]) }
194
263
  attr_reader :dependency_urls
195
264
 
265
+ sig { params(dependency_urls: T.any(String, T::Array[String])).void }
196
266
  def initialize(*dependency_urls)
197
267
  @dependency_urls =
198
- dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
268
+ T.let(dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }, T::Array[String])
199
269
 
200
270
  msg = "The following git URLs could not be retrieved: " \
201
271
  "#{@dependency_urls.join(', ')}"
@@ -204,8 +274,12 @@ module Dependabot
204
274
  end
205
275
 
206
276
  class GitDependencyReferenceNotFound < DependabotError
277
+ extend T::Sig
278
+
279
+ sig { returns(String) }
207
280
  attr_reader :dependency
208
281
 
282
+ sig { params(dependency: String).void }
209
283
  def initialize(dependency)
210
284
  @dependency = dependency
211
285
 
@@ -216,10 +290,14 @@ module Dependabot
216
290
  end
217
291
 
218
292
  class PathDependenciesNotReachable < DependabotError
293
+ extend T::Sig
294
+
295
+ sig { returns(T::Array[String]) }
219
296
  attr_reader :dependencies
220
297
 
298
+ sig { params(dependencies: T.any(String, T::Array[String])).void }
221
299
  def initialize(*dependencies)
222
- @dependencies = dependencies.flatten
300
+ @dependencies = T.let(dependencies.flatten, T::Array[String])
223
301
  msg = "The following path based dependencies could not be retrieved: " \
224
302
  "#{@dependencies.join(', ')}"
225
303
  super(msg)
@@ -227,8 +305,18 @@ module Dependabot
227
305
  end
228
306
 
229
307
  class GoModulePathMismatch < DependabotError
230
- attr_reader :go_mod, :declared_path, :discovered_path
308
+ extend T::Sig
309
+
310
+ sig { returns(String) }
311
+ attr_reader :go_mod
312
+
313
+ sig { returns(String) }
314
+ attr_reader :declared_path
315
+
316
+ sig { returns(String) }
317
+ attr_reader :discovered_path
231
318
 
319
+ sig { params(go_mod: String, declared_path: String, discovered_path: String).void }
232
320
  def initialize(go_mod, declared_path, discovered_path)
233
321
  @go_mod = go_mod
234
322
  @declared_path = declared_path