dependabot-common 0.251.0 → 0.252.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency.rb +6 -2
  3. data/lib/dependabot/git_commit_checker.rb +20 -0
  4. data/lib/dependabot/pull_request_creator/gitlab.rb +6 -1
  5. data/lib/dependabot/pull_request_creator/message_builder.rb +4 -2
  6. data/lib/dependabot/pull_request_updater/github.rb +16 -7
  7. data/lib/dependabot/update_checkers/base.rb +2 -2
  8. data/lib/dependabot.rb +1 -1
  9. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a434c5c00b5a51f18a1999a4a120d28c8e2cd8b52efb44146cb01e4165b2421
4
- data.tar.gz: f4c755156b9f6d3b66e6ff57d7d7c0ba417627ab74cd9aab34c28a1f9c397bbf
3
+ metadata.gz: 5386205cda5377a31b273b0a32125b9707407b93b7335e68d57a686024ff2adf
4
+ data.tar.gz: 35518f5984d6d5ca190853935dba3c70949f0d3c2ff3e4a617ba21913833a466
5
5
  SHA512:
6
- metadata.gz: 53daea6535edab5620dc074b2563858b26c27defe804cb10d8e2cc39579affd42c1993998ee65c063ec375bae2a3211770a43f126589c96ce7c1b3d95f3e66db
7
- data.tar.gz: a11371492f650794ec47e29f13db7a22b400c751d2bf6d00831f1c4c0efce11e66b3110fa38303c681570af6fc336a0510242fa20f8e5bf352fbae71b9e0ed16
6
+ metadata.gz: ccb447cd57aeada38e4bbc4fe4be171e477452427850331644c5eb683b4f3d87fac9d7861a8112cd4d980fd60a377707d61ac2154b0584e2645a211d02290a81
7
+ data.tar.gz: ccf9ccfca47cb7c42197c6ed0c982e08fd1072dee050b4c244f032da4c4304c0635978e89cf5ad67b87a9c6919cbefd28ab068673a73df10ca5cc8fe43ea161d
data/lib/dependabot/dependency.rb CHANGED
@@ -85,6 +85,8 @@ module Dependabot
85
85
  sig { returns(T::Hash[Symbol, T.untyped]) }
86
86
  attr_reader :metadata
87
87
 
88
+ # rubocop:disable Metrics/AbcSize
89
+ # rubocop:disable Metrics/PerceivedComplexity
88
90
  sig do
89
91
  params(
90
92
  name: String,
@@ -110,8 +112,10 @@ module Dependabot
110
112
  end,
111
113
  T.nilable(String)
112
114
  )
115
+ @version = nil if @version == ""
113
116
  @requirements = T.let(requirements.map { |req| symbolize_keys(req) }, T::Array[T::Hash[Symbol, T.untyped]])
114
117
  @previous_version = previous_version
118
+ @previous_version = nil if @previous_version == ""
115
119
  @previous_requirements = T.let(
116
120
  previous_requirements&.map { |req| symbolize_keys(req) },
117
121
  T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
@@ -128,6 +132,8 @@ module Dependabot
128
132
 
129
133
  check_values
130
134
  end
135
+ # rubocop:enable Metrics/AbcSize
136
+ # rubocop:enable Metrics/PerceivedComplexity
131
137
 
132
138
  sig { returns(T::Boolean) }
133
139
  def top_level?
@@ -354,8 +360,6 @@ module Dependabot
354
360
 
355
361
  sig { void }
356
362
  def check_values
357
- raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
358
-
359
363
  check_requirement_fields
360
364
  check_subdependency_metadata
361
365
  end
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -132,6 +132,13 @@ module Dependabot
132
132
  max_local_tag_for_current_precision(allowed_refs)
133
133
  end
134
134
 
135
+ sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
136
+ def local_ref_for_latest_version_lower_precision
137
+ allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
138
+
139
+ max_local_tag_for_lower_precision(allowed_refs)
140
+ end
141
+
135
142
  sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
136
143
  def local_tag_for_latest_version
137
144
  max_local_tag(allowed_version_tags)
@@ -238,6 +245,11 @@ module Dependabot
238
245
  max_local_tag(select_matching_existing_precision(tags))
239
246
  end
240
247
 
248
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
249
+ def max_local_tag_for_lower_precision(tags)
250
+ max_local_tag(select_lower_precision(tags))
251
+ end
252
+
241
253
  sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
242
254
  def max_local_tag(tags)
243
255
  max_version_tag = tags.max_by { |t| version_from_tag(t) }
@@ -253,6 +265,14 @@ module Dependabot
253
265
  tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
254
266
  end
255
267
 
268
+ # Find the latest version with a lower precision as the pinned version.
269
+ sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
270
+ def select_lower_precision(tags)
271
+ current_precision = precision(T.must(dependency.version))
272
+
273
+ tags.select { |tag| precision(scan_version(tag.name)) <= current_precision }
274
+ end
275
+
256
276
  sig { params(version: String).returns(Integer) }
257
277
  def precision(version)
258
278
  version.split(".").length
data/lib/dependabot/pull_request_creator/gitlab.rb CHANGED
@@ -172,11 +172,16 @@ module Dependabot
172
172
  def create_commit
173
173
  return create_submodule_update_commit if files.count == 1 && T.must(files.first).type == "submodule"
174
174
 
175
+ options = {}
176
+ options[:author_email] = author_details&.fetch(:email) if author_details&.key?(:email)
177
+ options[:author_name] = author_details&.fetch(:name) if author_details&.key?(:name)
178
+
175
179
  gitlab_client_for_source.create_commit(
176
180
  source.repo,
177
181
  branch_name,
178
182
  commit_message,
179
- files
183
+ files,
184
+ **options
180
185
  )
181
186
  end
182
187
 
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -516,14 +516,16 @@ module Dependabot
516
516
 
517
517
  sig { returns(String) }
518
518
  def group_intro
519
- update_count = dependencies.map(&:name).uniq.count
519
+ # Ensure dependencies are unique by name, from and to versions
520
+ unique_dependencies = dependencies.uniq { |dep| [dep.name, dep.previous_version, dep.version] }
521
+ update_count = unique_dependencies.count
520
522
 
521
523
  msg = "Bumps the #{T.must(dependency_group).name} group#{pr_name_directory} " \
522
524
  "with #{update_count} update#{update_count > 1 ? 's' : ''}:"
523
525
 
524
526
  msg += if update_count >= 5
525
527
  header = %w(Package From To)
526
- rows = dependencies.map do |dep|
528
+ rows = unique_dependencies.map do |dep|
527
529
  [
528
530
  dependency_link(dep),
529
531
  "`#{dep.humanized_previous_version}`",
data/lib/dependabot/pull_request_updater/github.rb CHANGED
@@ -213,6 +213,21 @@ module Dependabot
213
213
  )
214
214
  end
215
215
 
216
+ BRANCH_PROTECTION_ERROR_MESSAGES = T.let(
217
+ [
218
+ /protected branch/i,
219
+ /not authorized to push/i,
220
+ /must not contain merge commits/i,
221
+ /required status check/i,
222
+ /cannot force-push to this branch/i,
223
+ /pull request for this branch has been added to a merge queue/i,
224
+ # Unverified commits can be present when PR contains commits from other authors
225
+ /commits must have verified signatures/i,
226
+ /changes must be made through a pull request/i
227
+ ].freeze,
228
+ T::Array[Regexp]
229
+ )
230
+
216
231
  sig { params(commit: T.untyped).returns(T.untyped) }
217
232
  def update_branch(commit)
218
233
  T.unsafe(github_client_for_source).update_ref(
@@ -226,13 +241,7 @@ module Dependabot
226
241
  return nil if e.message.match?(/Reference does not exist/i)
227
242
  return nil if e.message.match?(/Reference cannot be updated/i)
228
243
 
229
- if e.message.match?(/protected branch/i) ||
230
- e.message.match?(/not authorized to push/i) ||
231
- e.message.include?("must not contain merge commits") ||
232
- e.message.match?(/required status check/i) ||
233
- e.message.match?(/cannot force-push to this branch/i)
234
- raise BranchProtected
235
- end
244
+ raise BranchProtected, e.message if BRANCH_PROTECTION_ERROR_MESSAGES.any? { |msg| e.message.match?(msg) }
236
245
 
237
246
  raise
238
247
  end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -224,7 +224,7 @@ module Dependabot
224
224
  sig { returns(Dependabot::Dependency) }
225
225
  def updated_dependency_without_unlock
226
226
  version = latest_resolvable_version_with_no_unlock.to_s
227
- previous_version = latest_resolvable_previous_version(version)&.to_s
227
+ previous_version = latest_resolvable_previous_version(version)
228
228
 
229
229
  Dependency.new(
230
230
  name: dependency.name,
@@ -241,7 +241,7 @@ module Dependabot
241
241
  sig { returns(Dependabot::Dependency) }
242
242
  def updated_dependency_with_own_req_unlock
243
243
  version = preferred_resolvable_version.to_s
244
- previous_version = latest_resolvable_previous_version(version)&.to_s
244
+ previous_version = latest_resolvable_previous_version(version)
245
245
 
246
246
  Dependency.new(
247
247
  name: dependency.name,
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.251.0"
5
+ VERSION = "0.252.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.251.0
4
+ version: 0.252.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-05 00:00:00.000000000 Z
11
+ date: 2024-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -583,7 +583,7 @@ licenses:
583
583
  - Nonstandard
584
584
  metadata:
585
585
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
586
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.251.0
586
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.252.0
587
587
  post_install_message:
588
588
  rdoc_options: []
589
589
  require_paths: