dependabot-common 0.250.0 → 0.252.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency.rb +9 -3
- data/lib/dependabot/git_commit_checker.rb +20 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +9 -0
- data/lib/dependabot/pull_request_creator/github.rb +1 -0
- data/lib/dependabot/pull_request_creator/gitlab.rb +6 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +31 -10
- data/lib/dependabot/pull_request_updater/github.rb +16 -6
- data/lib/dependabot/update_checkers/base.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5386205cda5377a31b273b0a32125b9707407b93b7335e68d57a686024ff2adf
|
|
4
|
+
data.tar.gz: 35518f5984d6d5ca190853935dba3c70949f0d3c2ff3e4a617ba21913833a466
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ccb447cd57aeada38e4bbc4fe4be171e477452427850331644c5eb683b4f3d87fac9d7861a8112cd4d980fd60a377707d61ac2154b0584e2645a211d02290a81
|
|
7
|
+
data.tar.gz: ccf9ccfca47cb7c42197c6ed0c982e08fd1072dee050b4c244f032da4c4304c0635978e89cf5ad67b87a9c6919cbefd28ab068673a73df10ca5cc8fe43ea161d
|
|
@@ -85,6 +85,8 @@ module Dependabot
|
|
|
85
85
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
86
86
|
attr_reader :metadata
|
|
87
87
|
|
|
88
|
+
# rubocop:disable Metrics/AbcSize
|
|
89
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
88
90
|
sig do
|
|
89
91
|
params(
|
|
90
92
|
name: String,
|
|
@@ -110,8 +112,10 @@ module Dependabot
|
|
|
110
112
|
end,
|
|
111
113
|
T.nilable(String)
|
|
112
114
|
)
|
|
115
|
+
@version = nil if @version == ""
|
|
113
116
|
@requirements = T.let(requirements.map { |req| symbolize_keys(req) }, T::Array[T::Hash[Symbol, T.untyped]])
|
|
114
117
|
@previous_version = previous_version
|
|
118
|
+
@previous_version = nil if @previous_version == ""
|
|
115
119
|
@previous_requirements = T.let(
|
|
116
120
|
previous_requirements&.map { |req| symbolize_keys(req) },
|
|
117
121
|
T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
|
|
@@ -128,6 +132,8 @@ module Dependabot
|
|
|
128
132
|
|
|
129
133
|
check_values
|
|
130
134
|
end
|
|
135
|
+
# rubocop:enable Metrics/AbcSize
|
|
136
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
131
137
|
|
|
132
138
|
sig { returns(T::Boolean) }
|
|
133
139
|
def top_level?
|
|
@@ -214,7 +220,7 @@ module Dependabot
|
|
|
214
220
|
|
|
215
221
|
sig { returns(T.nilable(String)) }
|
|
216
222
|
def humanized_version
|
|
217
|
-
return if removed?
|
|
223
|
+
return "removed" if removed?
|
|
218
224
|
|
|
219
225
|
if T.must(version).match?(/^[0-9a-f]{40}/)
|
|
220
226
|
return new_ref if ref_changed? && new_ref
|
|
@@ -238,6 +244,8 @@ module Dependabot
|
|
|
238
244
|
|
|
239
245
|
sig { returns(T.nilable(String)) }
|
|
240
246
|
def previous_ref
|
|
247
|
+
return nil if previous_requirements.nil?
|
|
248
|
+
|
|
241
249
|
previous_refs = T.must(previous_requirements).filter_map do |r|
|
|
242
250
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
243
251
|
end.uniq
|
|
@@ -352,8 +360,6 @@ module Dependabot
|
|
|
352
360
|
|
|
353
361
|
sig { void }
|
|
354
362
|
def check_values
|
|
355
|
-
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
|
356
|
-
|
|
357
363
|
check_requirement_fields
|
|
358
364
|
check_subdependency_metadata
|
|
359
365
|
end
|
|
@@ -132,6 +132,13 @@ module Dependabot
|
|
|
132
132
|
max_local_tag_for_current_precision(allowed_refs)
|
|
133
133
|
end
|
|
134
134
|
|
|
135
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
136
|
+
def local_ref_for_latest_version_lower_precision
|
|
137
|
+
allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
|
|
138
|
+
|
|
139
|
+
max_local_tag_for_lower_precision(allowed_refs)
|
|
140
|
+
end
|
|
141
|
+
|
|
135
142
|
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
136
143
|
def local_tag_for_latest_version
|
|
137
144
|
max_local_tag(allowed_version_tags)
|
|
@@ -238,6 +245,11 @@ module Dependabot
|
|
|
238
245
|
max_local_tag(select_matching_existing_precision(tags))
|
|
239
246
|
end
|
|
240
247
|
|
|
248
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
249
|
+
def max_local_tag_for_lower_precision(tags)
|
|
250
|
+
max_local_tag(select_lower_precision(tags))
|
|
251
|
+
end
|
|
252
|
+
|
|
241
253
|
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
242
254
|
def max_local_tag(tags)
|
|
243
255
|
max_version_tag = tags.max_by { |t| version_from_tag(t) }
|
|
@@ -253,6 +265,14 @@ module Dependabot
|
|
|
253
265
|
tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
|
|
254
266
|
end
|
|
255
267
|
|
|
268
|
+
# Find the latest version with a lower precision as the pinned version.
|
|
269
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
270
|
+
def select_lower_precision(tags)
|
|
271
|
+
current_precision = precision(T.must(dependency.version))
|
|
272
|
+
|
|
273
|
+
tags.select { |tag| precision(scan_version(tag.name)) <= current_precision }
|
|
274
|
+
end
|
|
275
|
+
|
|
256
276
|
sig { params(version: String).returns(Integer) }
|
|
257
277
|
def precision(version)
|
|
258
278
|
version.split(".").length
|
|
@@ -128,6 +128,15 @@ module Dependabot
|
|
|
128
128
|
tmp_files = T.unsafe(suggested_source_client).contents(suggested_source&.repo, opts)
|
|
129
129
|
|
|
130
130
|
filename = T.must(T.must(suggested_changelog_url).split("/").last).split("#").first
|
|
131
|
+
|
|
132
|
+
# If the suggested source points to a specific directory
|
|
133
|
+
# then we will receive a hash for just the changelog file
|
|
134
|
+
if suggested_source&.directory && tmp_files[:name] == filename
|
|
135
|
+
return @changelog_from_suggested_url = tmp_files
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
# Otherwise we will get back an array of hashes representing the files
|
|
139
|
+
# in the root directory and we need to find the changelog
|
|
131
140
|
@changelog_from_suggested_url =
|
|
132
141
|
tmp_files.find { |f| f.name == filename }
|
|
133
142
|
rescue Octokit::NotFound, Octokit::UnavailableForLegalReasons
|
|
@@ -396,6 +396,7 @@ module Dependabot
|
|
|
396
396
|
return true if message.include?("Could not resolve to a node")
|
|
397
397
|
return true if message.include?("not a collaborator")
|
|
398
398
|
return true if message.include?("Could not add requested reviewers")
|
|
399
|
+
return true if message.include?("Review cannot be requested from pull request author")
|
|
399
400
|
|
|
400
401
|
false
|
|
401
402
|
end
|
|
@@ -172,11 +172,16 @@ module Dependabot
|
|
|
172
172
|
def create_commit
|
|
173
173
|
return create_submodule_update_commit if files.count == 1 && T.must(files.first).type == "submodule"
|
|
174
174
|
|
|
175
|
+
options = {}
|
|
176
|
+
options[:author_email] = author_details&.fetch(:email) if author_details&.key?(:email)
|
|
177
|
+
options[:author_name] = author_details&.fetch(:name) if author_details&.key?(:name)
|
|
178
|
+
|
|
175
179
|
gitlab_client_for_source.create_commit(
|
|
176
180
|
source.repo,
|
|
177
181
|
branch_name,
|
|
178
182
|
commit_message,
|
|
179
|
-
files
|
|
183
|
+
files,
|
|
184
|
+
**options
|
|
180
185
|
)
|
|
181
186
|
end
|
|
182
187
|
|
|
@@ -233,22 +233,41 @@ module Dependabot
|
|
|
233
233
|
|
|
234
234
|
sig { returns(String) }
|
|
235
235
|
def group_pr_name
|
|
236
|
+
if source.directories
|
|
237
|
+
grouped_directory_name
|
|
238
|
+
else
|
|
239
|
+
grouped_name
|
|
240
|
+
end
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
sig { returns(String) }
|
|
244
|
+
def grouped_name
|
|
245
|
+
updates = dependencies.map(&:name).uniq.count
|
|
246
|
+
if dependencies.count == 1
|
|
247
|
+
"#{solo_pr_name} in the #{T.must(dependency_group).name} group"
|
|
248
|
+
else
|
|
249
|
+
"bump the #{T.must(dependency_group).name} group#{pr_name_directory} " \
|
|
250
|
+
"with #{updates} update#{'s' if updates > 1}"
|
|
251
|
+
end
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
sig { returns(String) }
|
|
255
|
+
def grouped_directory_name
|
|
256
|
+
updates = dependencies.map(&:name).uniq.count
|
|
257
|
+
|
|
236
258
|
directories_from_dependencies = dependencies.to_set { |dep| dep.metadata[:directory] }
|
|
237
259
|
|
|
238
260
|
directories_with_updates = source.directories&.filter do |directory|
|
|
239
261
|
directories_from_dependencies.include?(directory)
|
|
240
262
|
end
|
|
241
263
|
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
264
|
+
if dependencies.count == 1
|
|
265
|
+
"#{solo_pr_name} in the #{T.must(dependency_group).name} group across " \
|
|
266
|
+
"#{T.must(directories_with_updates).count} directory"
|
|
267
|
+
else
|
|
245
268
|
"bump the #{T.must(dependency_group).name} group across #{T.must(directories_with_updates).count} " \
|
|
246
269
|
"#{T.must(directories_with_updates).count > 1 ? 'directories' : 'directory'} " \
|
|
247
270
|
"with #{updates} update#{'s' if updates > 1}"
|
|
248
|
-
else
|
|
249
|
-
"bump the #{T.must(dependency_group).name} group#{pr_name_directory} with #{updates} update#{if updates > 1
|
|
250
|
-
's'
|
|
251
|
-
end}"
|
|
252
271
|
end
|
|
253
272
|
end
|
|
254
273
|
|
|
@@ -478,7 +497,7 @@ module Dependabot
|
|
|
478
497
|
"`#{dep.humanized_version}`"
|
|
479
498
|
]
|
|
480
499
|
end
|
|
481
|
-
"\n\n#{table([header] + rows)}"
|
|
500
|
+
"\n\n#{table([header] + rows)}\n"
|
|
482
501
|
elsif update_count > 1
|
|
483
502
|
dependency_links_in_directory = dependency_links_for_directory(directory)
|
|
484
503
|
" #{T.must(T.must(dependency_links_in_directory)[0..-2]).join(', ')}" \
|
|
@@ -497,14 +516,16 @@ module Dependabot
|
|
|
497
516
|
|
|
498
517
|
sig { returns(String) }
|
|
499
518
|
def group_intro
|
|
500
|
-
|
|
519
|
+
# Ensure dependencies are unique by name, from and to versions
|
|
520
|
+
unique_dependencies = dependencies.uniq { |dep| [dep.name, dep.previous_version, dep.version] }
|
|
521
|
+
update_count = unique_dependencies.count
|
|
501
522
|
|
|
502
523
|
msg = "Bumps the #{T.must(dependency_group).name} group#{pr_name_directory} " \
|
|
503
524
|
"with #{update_count} update#{update_count > 1 ? 's' : ''}:"
|
|
504
525
|
|
|
505
526
|
msg += if update_count >= 5
|
|
506
527
|
header = %w(Package From To)
|
|
507
|
-
rows =
|
|
528
|
+
rows = unique_dependencies.map do |dep|
|
|
508
529
|
[
|
|
509
530
|
dependency_link(dep),
|
|
510
531
|
"`#{dep.humanized_previous_version}`",
|
|
@@ -213,6 +213,21 @@ module Dependabot
|
|
|
213
213
|
)
|
|
214
214
|
end
|
|
215
215
|
|
|
216
|
+
BRANCH_PROTECTION_ERROR_MESSAGES = T.let(
|
|
217
|
+
[
|
|
218
|
+
/protected branch/i,
|
|
219
|
+
/not authorized to push/i,
|
|
220
|
+
/must not contain merge commits/i,
|
|
221
|
+
/required status check/i,
|
|
222
|
+
/cannot force-push to this branch/i,
|
|
223
|
+
/pull request for this branch has been added to a merge queue/i,
|
|
224
|
+
# Unverified commits can be present when PR contains commits from other authors
|
|
225
|
+
/commits must have verified signatures/i,
|
|
226
|
+
/changes must be made through a pull request/i
|
|
227
|
+
].freeze,
|
|
228
|
+
T::Array[Regexp]
|
|
229
|
+
)
|
|
230
|
+
|
|
216
231
|
sig { params(commit: T.untyped).returns(T.untyped) }
|
|
217
232
|
def update_branch(commit)
|
|
218
233
|
T.unsafe(github_client_for_source).update_ref(
|
|
@@ -226,12 +241,7 @@ module Dependabot
|
|
|
226
241
|
return nil if e.message.match?(/Reference does not exist/i)
|
|
227
242
|
return nil if e.message.match?(/Reference cannot be updated/i)
|
|
228
243
|
|
|
229
|
-
if e.message.match?(
|
|
230
|
-
e.message.match?(/not authorized to push/i) ||
|
|
231
|
-
e.message.include?("must not contain merge commits") ||
|
|
232
|
-
e.message.match?(/required status check/i)
|
|
233
|
-
raise BranchProtected
|
|
234
|
-
end
|
|
244
|
+
raise BranchProtected, e.message if BRANCH_PROTECTION_ERROR_MESSAGES.any? { |msg| e.message.match?(msg) }
|
|
235
245
|
|
|
236
246
|
raise
|
|
237
247
|
end
|
|
@@ -224,7 +224,7 @@ module Dependabot
|
|
|
224
224
|
sig { returns(Dependabot::Dependency) }
|
|
225
225
|
def updated_dependency_without_unlock
|
|
226
226
|
version = latest_resolvable_version_with_no_unlock.to_s
|
|
227
|
-
previous_version = latest_resolvable_previous_version(version)
|
|
227
|
+
previous_version = latest_resolvable_previous_version(version)
|
|
228
228
|
|
|
229
229
|
Dependency.new(
|
|
230
230
|
name: dependency.name,
|
|
@@ -241,7 +241,7 @@ module Dependabot
|
|
|
241
241
|
sig { returns(Dependabot::Dependency) }
|
|
242
242
|
def updated_dependency_with_own_req_unlock
|
|
243
243
|
version = preferred_resolvable_version.to_s
|
|
244
|
-
previous_version = latest_resolvable_previous_version(version)
|
|
244
|
+
previous_version = latest_resolvable_previous_version(version)
|
|
245
245
|
|
|
246
246
|
Dependency.new(
|
|
247
247
|
name: dependency.name,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.252.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -583,7 +583,7 @@ licenses:
|
|
|
583
583
|
- Nonstandard
|
|
584
584
|
metadata:
|
|
585
585
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
586
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
586
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.252.0
|
|
587
587
|
post_install_message:
|
|
588
588
|
rdoc_options: []
|
|
589
589
|
require_paths:
|