dependabot-common 0.236.0 → 0.237.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +3 -3
- data/lib/dependabot/config/file.rb +17 -6
- data/lib/dependabot/config/update_config.rb +23 -5
- data/lib/dependabot/dependency_file.rb +84 -14
- data/lib/dependabot/dependency_group.rb +29 -5
- data/lib/dependabot/errors.rb +101 -13
- data/lib/dependabot/file_fetchers/base.rb +227 -93
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +13 -6
- data/lib/dependabot/pull_request_creator/github.rb +11 -8
- data/lib/dependabot/pull_request_creator/message.rb +21 -2
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +37 -16
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +4 -2
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +10 -4
- data/lib/dependabot/shared_helpers.rb +117 -33
- data/lib/dependabot/simple_instrumentor.rb +22 -3
- data/lib/dependabot/source.rb +65 -17
- data/lib/dependabot/update_checkers/version_filters.rb +12 -1
- data/lib/dependabot/utils.rb +21 -2
- data/lib/dependabot/workspace/base.rb +42 -7
- data/lib/dependabot/workspace/change_attempt.rb +31 -3
- data/lib/dependabot/workspace/git.rb +34 -4
- data/lib/dependabot/workspace.rb +16 -2
- data/lib/dependabot.rb +1 -1
- metadata +23 -9
data/lib/dependabot/errors.rb
CHANGED
|
@@ -1,20 +1,25 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/utils"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
class DependabotError < StandardError
|
|
9
|
+
extend T::Sig
|
|
10
|
+
|
|
8
11
|
BASIC_AUTH_REGEX = %r{://(?<auth>[^:@]*:[^@%\s/]+(@|%40))}
|
|
9
12
|
# Remove any path segment from fury.io sources
|
|
10
13
|
FURY_IO_PATH_REGEX = %r{fury\.io/(?<path>.+)}
|
|
11
14
|
|
|
15
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
12
16
|
def initialize(message = nil)
|
|
13
17
|
super(sanitize_message(message))
|
|
14
18
|
end
|
|
15
19
|
|
|
16
20
|
private
|
|
17
21
|
|
|
22
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).returns(T.any(T.nilable(String), MatchData)) }
|
|
18
23
|
def sanitize_message(message)
|
|
19
24
|
return message unless message.is_a?(String)
|
|
20
25
|
|
|
@@ -26,18 +31,25 @@ module Dependabot
|
|
|
26
31
|
filter_sensitive_data(message)
|
|
27
32
|
end
|
|
28
33
|
|
|
34
|
+
sig { params(message: String).returns(String) }
|
|
29
35
|
def filter_sensitive_data(message)
|
|
30
36
|
replace_capture_groups(message, BASIC_AUTH_REGEX, "")
|
|
31
37
|
end
|
|
32
38
|
|
|
39
|
+
sig { params(source: String).returns(String) }
|
|
33
40
|
def sanitize_source(source)
|
|
34
41
|
source = filter_sensitive_data(source)
|
|
35
42
|
replace_capture_groups(source, FURY_IO_PATH_REGEX, "<redacted>")
|
|
36
43
|
end
|
|
37
44
|
|
|
45
|
+
sig do
|
|
46
|
+
params(
|
|
47
|
+
string: String,
|
|
48
|
+
regex: Regexp,
|
|
49
|
+
replacement: String
|
|
50
|
+
).returns(String)
|
|
51
|
+
end
|
|
38
52
|
def replace_capture_groups(string, regex, replacement)
|
|
39
|
-
return string unless string.is_a?(String)
|
|
40
|
-
|
|
41
53
|
string.scan(regex).flatten.compact.reduce(string) do |original_msg, match|
|
|
42
54
|
original_msg.gsub(match, replacement)
|
|
43
55
|
end
|
|
@@ -55,8 +67,12 @@ module Dependabot
|
|
|
55
67
|
#####################
|
|
56
68
|
|
|
57
69
|
class DirectoryNotFound < DependabotError
|
|
70
|
+
extend T::Sig
|
|
71
|
+
|
|
72
|
+
sig { returns(String) }
|
|
58
73
|
attr_reader :directory_name
|
|
59
74
|
|
|
75
|
+
sig { params(directory_name: String, msg: T.nilable(String)).void }
|
|
60
76
|
def initialize(directory_name, msg = nil)
|
|
61
77
|
@directory_name = directory_name
|
|
62
78
|
super(msg)
|
|
@@ -64,8 +80,12 @@ module Dependabot
|
|
|
64
80
|
end
|
|
65
81
|
|
|
66
82
|
class BranchNotFound < DependabotError
|
|
83
|
+
extend T::Sig
|
|
84
|
+
|
|
85
|
+
sig { returns(T.nilable(String)) }
|
|
67
86
|
attr_reader :branch_name
|
|
68
87
|
|
|
88
|
+
sig { params(branch_name: T.nilable(String), msg: T.nilable(String)).void }
|
|
69
89
|
def initialize(branch_name, msg = nil)
|
|
70
90
|
@branch_name = branch_name
|
|
71
91
|
super(msg)
|
|
@@ -73,8 +93,12 @@ module Dependabot
|
|
|
73
93
|
end
|
|
74
94
|
|
|
75
95
|
class RepoNotFound < DependabotError
|
|
96
|
+
extend T::Sig
|
|
97
|
+
|
|
98
|
+
sig { returns(T.any(Dependabot::Source, String)) }
|
|
76
99
|
attr_reader :source
|
|
77
100
|
|
|
101
|
+
sig { params(source: T.any(Dependabot::Source, String), msg: T.nilable(String)).void }
|
|
78
102
|
def initialize(source, msg = nil)
|
|
79
103
|
@source = source
|
|
80
104
|
super(msg)
|
|
@@ -86,8 +110,24 @@ module Dependabot
|
|
|
86
110
|
#####################
|
|
87
111
|
|
|
88
112
|
class ToolVersionNotSupported < DependabotError
|
|
89
|
-
|
|
113
|
+
extend T::Sig
|
|
90
114
|
|
|
115
|
+
sig { returns(String) }
|
|
116
|
+
attr_reader :tool_name
|
|
117
|
+
|
|
118
|
+
sig { returns(String) }
|
|
119
|
+
attr_reader :detected_version
|
|
120
|
+
|
|
121
|
+
sig { returns(String) }
|
|
122
|
+
attr_reader :supported_versions
|
|
123
|
+
|
|
124
|
+
sig do
|
|
125
|
+
params(
|
|
126
|
+
tool_name: String,
|
|
127
|
+
detected_version: String,
|
|
128
|
+
supported_versions: String
|
|
129
|
+
).void
|
|
130
|
+
end
|
|
91
131
|
def initialize(tool_name, detected_version, supported_versions)
|
|
92
132
|
@tool_name = tool_name
|
|
93
133
|
@detected_version = detected_version
|
|
@@ -100,6 +140,9 @@ module Dependabot
|
|
|
100
140
|
end
|
|
101
141
|
|
|
102
142
|
class DependencyFileNotFound < DependabotError
|
|
143
|
+
extend T::Sig
|
|
144
|
+
|
|
145
|
+
sig { returns(String) }
|
|
103
146
|
attr_reader :file_path
|
|
104
147
|
|
|
105
148
|
def initialize(file_path, msg = nil)
|
|
@@ -107,31 +150,39 @@ module Dependabot
|
|
|
107
150
|
super(msg || "#{file_path} not found")
|
|
108
151
|
end
|
|
109
152
|
|
|
153
|
+
sig { returns(String) }
|
|
110
154
|
def file_name
|
|
111
|
-
file_path.split("/").last
|
|
155
|
+
T.must(file_path.split("/").last)
|
|
112
156
|
end
|
|
113
157
|
|
|
158
|
+
sig { returns(String) }
|
|
114
159
|
def directory
|
|
115
160
|
# Directory should always start with a `/`
|
|
116
|
-
file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
|
|
161
|
+
T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
117
162
|
end
|
|
118
163
|
end
|
|
119
164
|
|
|
120
165
|
class DependencyFileNotParseable < DependabotError
|
|
166
|
+
extend T::Sig
|
|
167
|
+
|
|
168
|
+
sig { returns(String) }
|
|
121
169
|
attr_reader :file_path
|
|
122
170
|
|
|
171
|
+
sig { params(file_path: String, msg: T.nilable(String)).void }
|
|
123
172
|
def initialize(file_path, msg = nil)
|
|
124
173
|
@file_path = file_path
|
|
125
174
|
super(msg || "#{file_path} not parseable")
|
|
126
175
|
end
|
|
127
176
|
|
|
177
|
+
sig { returns(String) }
|
|
128
178
|
def file_name
|
|
129
|
-
file_path.split("/").last
|
|
179
|
+
T.must(file_path.split("/").last)
|
|
130
180
|
end
|
|
131
181
|
|
|
182
|
+
sig { returns(String) }
|
|
132
183
|
def directory
|
|
133
184
|
# Directory should always start with a `/`
|
|
134
|
-
file_path.split("/")[0..-2].join("/").sub(%r{^/*}, "/")
|
|
185
|
+
T.must(file_path.split("/")[0..-2]).join("/").sub(%r{^/*}, "/")
|
|
135
186
|
end
|
|
136
187
|
end
|
|
137
188
|
|
|
@@ -144,10 +195,13 @@ module Dependabot
|
|
|
144
195
|
#######################
|
|
145
196
|
|
|
146
197
|
class PrivateSourceAuthenticationFailure < DependabotError
|
|
198
|
+
extend T::Sig
|
|
199
|
+
|
|
200
|
+
sig { returns(String) }
|
|
147
201
|
attr_reader :source
|
|
148
202
|
|
|
149
203
|
def initialize(source)
|
|
150
|
-
@source = sanitize_source(source)
|
|
204
|
+
@source = T.let(sanitize_source(source), String)
|
|
151
205
|
msg = "The following source could not be reached as it requires " \
|
|
152
206
|
"authentication (and any provided details were invalid or lacked " \
|
|
153
207
|
"the required permissions): #{@source}"
|
|
@@ -156,26 +210,38 @@ module Dependabot
|
|
|
156
210
|
end
|
|
157
211
|
|
|
158
212
|
class PrivateSourceTimedOut < DependabotError
|
|
213
|
+
extend T::Sig
|
|
214
|
+
|
|
215
|
+
sig { returns(String) }
|
|
159
216
|
attr_reader :source
|
|
160
217
|
|
|
218
|
+
sig { params(source: String).void }
|
|
161
219
|
def initialize(source)
|
|
162
|
-
@source = sanitize_source(source)
|
|
220
|
+
@source = T.let(sanitize_source(source), String)
|
|
163
221
|
super("The following source timed out: #{@source}")
|
|
164
222
|
end
|
|
165
223
|
end
|
|
166
224
|
|
|
167
225
|
class PrivateSourceCertificateFailure < DependabotError
|
|
226
|
+
extend T::Sig
|
|
227
|
+
|
|
228
|
+
sig { returns(String) }
|
|
168
229
|
attr_reader :source
|
|
169
230
|
|
|
231
|
+
sig { params(source: String).void }
|
|
170
232
|
def initialize(source)
|
|
171
|
-
@source = sanitize_source(source)
|
|
233
|
+
@source = T.let(sanitize_source(source), String)
|
|
172
234
|
super("Could not verify the SSL certificate for #{@source}")
|
|
173
235
|
end
|
|
174
236
|
end
|
|
175
237
|
|
|
176
238
|
class MissingEnvironmentVariable < DependabotError
|
|
239
|
+
extend T::Sig
|
|
240
|
+
|
|
241
|
+
sig { returns(String) }
|
|
177
242
|
attr_reader :environment_variable
|
|
178
243
|
|
|
244
|
+
sig { params(environment_variable: String).void }
|
|
179
245
|
def initialize(environment_variable)
|
|
180
246
|
@environment_variable = environment_variable
|
|
181
247
|
super("Missing environment variable #{@environment_variable}")
|
|
@@ -191,11 +257,15 @@ module Dependabot
|
|
|
191
257
|
###########################
|
|
192
258
|
|
|
193
259
|
class GitDependenciesNotReachable < DependabotError
|
|
260
|
+
extend T::Sig
|
|
261
|
+
|
|
262
|
+
sig { returns(T::Array[String]) }
|
|
194
263
|
attr_reader :dependency_urls
|
|
195
264
|
|
|
265
|
+
sig { params(dependency_urls: T.any(String, T::Array[String])).void }
|
|
196
266
|
def initialize(*dependency_urls)
|
|
197
267
|
@dependency_urls =
|
|
198
|
-
dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
|
|
268
|
+
T.let(dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }, T::Array[String])
|
|
199
269
|
|
|
200
270
|
msg = "The following git URLs could not be retrieved: " \
|
|
201
271
|
"#{@dependency_urls.join(', ')}"
|
|
@@ -204,8 +274,12 @@ module Dependabot
|
|
|
204
274
|
end
|
|
205
275
|
|
|
206
276
|
class GitDependencyReferenceNotFound < DependabotError
|
|
277
|
+
extend T::Sig
|
|
278
|
+
|
|
279
|
+
sig { returns(String) }
|
|
207
280
|
attr_reader :dependency
|
|
208
281
|
|
|
282
|
+
sig { params(dependency: String).void }
|
|
209
283
|
def initialize(dependency)
|
|
210
284
|
@dependency = dependency
|
|
211
285
|
|
|
@@ -216,10 +290,14 @@ module Dependabot
|
|
|
216
290
|
end
|
|
217
291
|
|
|
218
292
|
class PathDependenciesNotReachable < DependabotError
|
|
293
|
+
extend T::Sig
|
|
294
|
+
|
|
295
|
+
sig { returns(T::Array[String]) }
|
|
219
296
|
attr_reader :dependencies
|
|
220
297
|
|
|
298
|
+
sig { params(dependencies: T.any(String, T::Array[String])).void }
|
|
221
299
|
def initialize(*dependencies)
|
|
222
|
-
@dependencies = dependencies.flatten
|
|
300
|
+
@dependencies = T.let(dependencies.flatten, T::Array[String])
|
|
223
301
|
msg = "The following path based dependencies could not be retrieved: " \
|
|
224
302
|
"#{@dependencies.join(', ')}"
|
|
225
303
|
super(msg)
|
|
@@ -227,8 +305,18 @@ module Dependabot
|
|
|
227
305
|
end
|
|
228
306
|
|
|
229
307
|
class GoModulePathMismatch < DependabotError
|
|
230
|
-
|
|
308
|
+
extend T::Sig
|
|
309
|
+
|
|
310
|
+
sig { returns(String) }
|
|
311
|
+
attr_reader :go_mod
|
|
312
|
+
|
|
313
|
+
sig { returns(String) }
|
|
314
|
+
attr_reader :declared_path
|
|
315
|
+
|
|
316
|
+
sig { returns(String) }
|
|
317
|
+
attr_reader :discovered_path
|
|
231
318
|
|
|
319
|
+
sig { params(go_mod: String, declared_path: String, discovered_path: String).void }
|
|
232
320
|
def initialize(go_mod, declared_path, discovered_path)
|
|
233
321
|
@go_mod = go_mod
|
|
234
322
|
@declared_path = declared_path
|