dependabot-common 0.235.0 → 0.237.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +3 -3
- data/lib/dependabot/config/file.rb +32 -9
- data/lib/dependabot/config/file_fetcher.rb +3 -3
- data/lib/dependabot/config/ignore_condition.rb +34 -8
- data/lib/dependabot/config/update_config.rb +42 -6
- data/lib/dependabot/config.rb +1 -1
- data/lib/dependabot/dependency_file.rb +89 -14
- data/lib/dependabot/dependency_group.rb +29 -5
- data/lib/dependabot/errors.rb +101 -13
- data/lib/dependabot/file_fetchers/base.rb +250 -93
- data/lib/dependabot/file_updaters/artifact_updater.rb +37 -10
- data/lib/dependabot/file_updaters/vendor_updater.rb +13 -3
- data/lib/dependabot/logger.rb +7 -2
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +13 -6
- data/lib/dependabot/pull_request_creator/commit_signer.rb +33 -7
- data/lib/dependabot/pull_request_creator/github.rb +13 -10
- data/lib/dependabot/pull_request_creator/message.rb +21 -2
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +37 -16
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +5 -3
- data/lib/dependabot/pull_request_creator/message_builder.rb +5 -18
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +10 -4
- data/lib/dependabot/pull_request_updater/github.rb +2 -2
- data/lib/dependabot/shared_helpers.rb +117 -33
- data/lib/dependabot/simple_instrumentor.rb +22 -3
- data/lib/dependabot/source.rb +65 -17
- data/lib/dependabot/update_checkers/version_filters.rb +12 -1
- data/lib/dependabot/utils.rb +21 -2
- data/lib/dependabot/workspace/base.rb +42 -7
- data/lib/dependabot/workspace/change_attempt.rb +31 -3
- data/lib/dependabot/workspace/git.rb +34 -4
- data/lib/dependabot/workspace.rb +16 -2
- data/lib/dependabot.rb +1 -1
- metadata +37 -9
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,20 +1,25 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/utils"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
class DependabotError < StandardError
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
8
11
|
BASIC_AUTH_REGEX = %r{://(?<auth>[^:@]*:[^@%\s/]+(@|%40))}
|
|
9
12
|
# Remove any path segment from fury.io sources
|
|
10
13
|
FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}
|
|
11
14
|
|
|
15
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
12
16
|
def initialize(message = nil)
|
|
13
17
|
super(sanitize_message(message))
|
|
14
18
|
end
|
|
15
19
|
|
|
16
20
|
private
|
|
17
21
|
|
|
22
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).returns(T.any(T.nilable(String), MatchData)) }
|
|
18
23
|
def sanitize_message(message)
|
|
19
24
|
return message unless message.is_a?(String)
|
|
20
25
|
|
|
@@ -26,18 +31,25 @@ module Dependabot
|
|
|
26
31
|
filter_sensitive_data(message)
|
|
27
32
|
end
|
|
28
33
|
|
|
34
|
+
sig { params(message: String).returns(String) }
|
|
29
35
|
def filter_sensitive_data(message)
|
|
30
36
|
replace_capture_groups(message, BASIC_AUTH_REGEX, "")
|
|
31
37
|
end
|
|
32
38
|
|
|
39
|
+
sig { params(source: String).returns(String) }
|
|
33
40
|
def sanitize_source(source)
|
|
34
41
|
source = filter_sensitive_data(source)
|
|
35
42
|
replace_capture_groups(source, FURY_IO_PATH_REGEX, "<redacted>")
|
|
36
43
|
end
|
|
37
44
|
|
|
45
|
+
sig do
|
|
46
|
+
params(
|
|
47
|
+
string: String,
|
|
48
|
+
regex: Regexp,
|
|
49
|
+
replacement: String
|
|
50
|
+
).returns(String)
|
|
51
|
+
end
|
|
38
52
|
def replace_capture_groups(string, regex, replacement)
|
|
39
|
-
return string unless string.is_a?(String)
|
|
40
|
-
|
|
41
53
|
string.scan(regex).flatten.compact.reduce(string) do |original_msg, match|
|
|
42
54
|
original_msg.gsub(match, replacement)
|
|
43
55
|
end
|
|
@@ -55,8 +67,12 @@ module Dependabot
|
|
|
55
67
|
#####################
|
|
56
68
|
|
|
57
69
|
class DirectoryNotFound < DependabotError
|
|
70
|
+
extend T::Sig
|
|
71
|
+
|
|
72
|
+
sig { returns(String) }
|
|
58
73
|
attr_reader :directory_name
|
|
59
74
|
|
|
75
|
+
sig { params(directory_name: String, msg: T.nilable(String)).void }
|
|
60
76
|
def initialize(directory_name, msg = nil)
|
|
61
77
|
@directory_name = directory_name
|
|
62
78
|
super(msg)
|
|
@@ -64,8 +80,12 @@ module Dependabot
|
|
|
64
80
|
end
|
|
65
81
|
|
|
66
82
|
class BranchNotFound < DependabotError
|
|
83
|
+
extend T::Sig
|
|
84
|
+
|
|
85
|
+
sig { returns(T.nilable(String)) }
|
|
67
86
|
attr_reader :branch_name
|
|
68
87
|
|
|
88
|
+
sig { params(branch_name: T.nilable(String), msg: T.nilable(String)).void }
|
|
69
89
|
def initialize(branch_name, msg = nil)
|
|
70
90
|
@branch_name = branch_name
|
|
71
91
|
super(msg)
|
|
@@ -73,8 +93,12 @@ module Dependabot
|
|
|
73
93
|
end
|
|
74
94
|
|
|
75
95
|
class RepoNotFound < DependabotError
|
|
96
|
+
extend T::Sig
|
|
97
|
+
|
|
98
|
+
sig { returns(T.any(Dependabot::Source, String)) }
|
|
76
99
|
attr_reader :source
|
|
77
100
|
|
|
101
|
+
sig { params(source: T.any(Dependabot::Source, String), msg: T.nilable(String)).void }
|
|
78
102
|
def initialize(source, msg = nil)
|
|
79
103
|
@source = source
|
|
80
104
|
super(msg)
|
|
@@ -86,8 +110,24 @@ module Dependabot
|
|
|
86
110
|
#####################
|
|
87
111
|
|
|
88
112
|
class ToolVersionNotSupported < DependabotError
|
|
89
|
-
|
|
113
|
+
extend T::Sig
|
|
90
114
|
|
|
115
|
+
sig { returns(String) }
|
|
116
|
+
attr_reader :tool_name
|
|
117
|
+
|
|
118
|
+
sig { returns(String) }
|
|
119
|
+
attr_reader :detected_version
|
|
120
|
+
|
|
121
|
+
sig { returns(String) }
|
|
122
|
+
attr_reader :supported_versions
|
|
123
|
+
|
|
124
|
+
sig do
|
|
125
|
+
params(
|
|
126
|
+
tool_name: String,
|
|
127
|
+
detected_version: String,
|
|
128
|
+
supported_versions: String
|
|
129
|
+
).void
|
|
130
|
+
end
|
|
91
131
|
def initialize(tool_name, detected_version, supported_versions)
|
|
92
132
|
@tool_name = tool_name
|
|
93
133
|
@detected_version = detected_version
|
|
@@ -100,6 +140,9 @@ module Dependabot
|
|
|
100
140
|
end
|
|
101
141
|
|
|
102
142
|
class DependencyFileNotFound < DependabotError
|
|
143
|
+
extend T::Sig
|
|
144
|
+
|
|
145
|
+
sig { returns(String) }
|
|
103
146
|
attr_reader :file_path
|
|
104
147
|
|
|
105
148
|
def initialize(file_path, msg = nil)
|
|
@@ -107,31 +150,39 @@ module Dependabot
|
|
|
107
150
|
super(msg || "#{file_path} not found")
|
|
108
151
|
end
|
|
109
152
|
|
|
153
|
+
sig { returns(String) }
|
|
110
154
|
def file_name
|
|
111
|
-
file_path.split("/").last
|
|
155
|
+
T.must(file_path.split("/").last)
|
|
112
156
|
end
|
|
113
157
|
|
|
158
|
+
sig { returns(String) }
|
|
114
159
|
def directory
|
|
115
160
|
# Directory should always start with a `/`
|
|
116
|
-
file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
|
|
161
|
+
T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
117
162
|
end
|
|
118
163
|
end
|
|
119
164
|
|
|
120
165
|
class DependencyFileNotParseable < DependabotError
|
|
166
|
+
extend T::Sig
|
|
167
|
+
|
|
168
|
+
sig { returns(String) }
|
|
121
169
|
attr_reader :file_path
|
|
122
170
|
|
|
171
|
+
sig { params(file_path: String, msg: T.nilable(String)).void }
|
|
123
172
|
def initialize(file_path, msg = nil)
|
|
124
173
|
@file_path = file_path
|
|
125
174
|
super(msg || "#{file_path} not parseable")
|
|
126
175
|
end
|
|
127
176
|
|
|
177
|
+
sig { returns(String) }
|
|
128
178
|
def file_name
|
|
129
|
-
file_path.split("/").last
|
|
179
|
+
T.must(file_path.split("/").last)
|
|
130
180
|
end
|
|
131
181
|
|
|
182
|
+
sig { returns(String) }
|
|
132
183
|
def directory
|
|
133
184
|
# Directory should always start with a `/`
|
|
134
|
-
file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
|
|
185
|
+
T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
135
186
|
end
|
|
136
187
|
end
|
|
137
188
|
|
|
@@ -144,10 +195,13 @@ module Dependabot
|
|
|
144
195
|
#######################
|
|
145
196
|
|
|
146
197
|
class PrivateSourceAuthenticationFailure < DependabotError
|
|
198
|
+
extend T::Sig
|
|
199
|
+
|
|
200
|
+
sig { returns(String) }
|
|
147
201
|
attr_reader :source
|
|
148
202
|
|
|
149
203
|
def initialize(source)
|
|
150
|
-
@source = sanitize_source(source)
|
|
204
|
+
@source = T.let(sanitize_source(source), String)
|
|
151
205
|
msg = "The following source could not be reached as it requires " \
|
|
152
206
|
"authentication (and any provided details were invalid or lacked " \
|
|
153
207
|
"the required permissions): #{@source}"
|
|
@@ -156,26 +210,38 @@ module Dependabot
|
|
|
156
210
|
end
|
|
157
211
|
|
|
158
212
|
class PrivateSourceTimedOut < DependabotError
|
|
213
|
+
extend T::Sig
|
|
214
|
+
|
|
215
|
+
sig { returns(String) }
|
|
159
216
|
attr_reader :source
|
|
160
217
|
|
|
218
|
+
sig { params(source: String).void }
|
|
161
219
|
def initialize(source)
|
|
162
|
-
@source = sanitize_source(source)
|
|
220
|
+
@source = T.let(sanitize_source(source), String)
|
|
163
221
|
super("The following source timed out: #{@source}")
|
|
164
222
|
end
|
|
165
223
|
end
|
|
166
224
|
|
|
167
225
|
class PrivateSourceCertificateFailure < DependabotError
|
|
226
|
+
extend T::Sig
|
|
227
|
+
|
|
228
|
+
sig { returns(String) }
|
|
168
229
|
attr_reader :source
|
|
169
230
|
|
|
231
|
+
sig { params(source: String).void }
|
|
170
232
|
def initialize(source)
|
|
171
|
-
@source = sanitize_source(source)
|
|
233
|
+
@source = T.let(sanitize_source(source), String)
|
|
172
234
|
super("Could not verify the SSL certificate for #{@source}")
|
|
173
235
|
end
|
|
174
236
|
end
|
|
175
237
|
|
|
176
238
|
class MissingEnvironmentVariable < DependabotError
|
|
239
|
+
extend T::Sig
|
|
240
|
+
|
|
241
|
+
sig { returns(String) }
|
|
177
242
|
attr_reader :environment_variable
|
|
178
243
|
|
|
244
|
+
sig { params(environment_variable: String).void }
|
|
179
245
|
def initialize(environment_variable)
|
|
180
246
|
@environment_variable = environment_variable
|
|
181
247
|
super("Missing environment variable #{@environment_variable}")
|
|
@@ -191,11 +257,15 @@ module Dependabot
|
|
|
191
257
|
###########################
|
|
192
258
|
|
|
193
259
|
class GitDependenciesNotReachable < DependabotError
|
|
260
|
+
extend T::Sig
|
|
261
|
+
|
|
262
|
+
sig { returns(T::Array[String]) }
|
|
194
263
|
attr_reader :dependency_urls
|
|
195
264
|
|
|
265
|
+
sig { params(dependency_urls: T.any(String, T::Array[String])).void }
|
|
196
266
|
def initialize(*dependency_urls)
|
|
197
267
|
@dependency_urls =
|
|
198
|
-
dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
|
|
268
|
+
T.let(dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }, T::Array[String])
|
|
199
269
|
|
|
200
270
|
msg = "The following git URLs could not be retrieved: " \
|
|
201
271
|
"#{@dependency_urls.join(', ')}"
|
|
@@ -204,8 +274,12 @@ module Dependabot
|
|
|
204
274
|
end
|
|
205
275
|
|
|
206
276
|
class GitDependencyReferenceNotFound < DependabotError
|
|
277
|
+
extend T::Sig
|
|
278
|
+
|
|
279
|
+
sig { returns(String) }
|
|
207
280
|
attr_reader :dependency
|
|
208
281
|
|
|
282
|
+
sig { params(dependency: String).void }
|
|
209
283
|
def initialize(dependency)
|
|
210
284
|
@dependency = dependency
|
|
211
285
|
|
|
@@ -216,10 +290,14 @@ module Dependabot
|
|
|
216
290
|
end
|
|
217
291
|
|
|
218
292
|
class PathDependenciesNotReachable < DependabotError
|
|
293
|
+
extend T::Sig
|
|
294
|
+
|
|
295
|
+
sig { returns(T::Array[String]) }
|
|
219
296
|
attr_reader :dependencies
|
|
220
297
|
|
|
298
|
+
sig { params(dependencies: T.any(String, T::Array[String])).void }
|
|
221
299
|
def initialize(*dependencies)
|
|
222
|
-
@dependencies = dependencies.flatten
|
|
300
|
+
@dependencies = T.let(dependencies.flatten, T::Array[String])
|
|
223
301
|
msg = "The following path based dependencies could not be retrieved: " \
|
|
224
302
|
"#{@dependencies.join(', ')}"
|
|
225
303
|
super(msg)
|
|
@@ -227,8 +305,18 @@ module Dependabot
|
|
|
227
305
|
end
|
|
228
306
|
|
|
229
307
|
class GoModulePathMismatch < DependabotError
|
|
230
|
-
|
|
308
|
+
extend T::Sig
|
|
309
|
+
|
|
310
|
+
sig { returns(String) }
|
|
311
|
+
attr_reader :go_mod
|
|
312
|
+
|
|
313
|
+
sig { returns(String) }
|
|
314
|
+
attr_reader :declared_path
|
|
315
|
+
|
|
316
|
+
sig { returns(String) }
|
|
317
|
+
attr_reader :discovered_path
|
|
231
318
|
|
|
319
|
+
sig { params(go_mod: String, declared_path: String, discovered_path: String).void }
|
|
232
320
|
def initialize(go_mod, declared_path, discovered_path)
|
|
233
321
|
@go_mod = go_mod
|
|
234
322
|
@declared_path = declared_path
|