dependabot-common 0.251.0 → 0.252.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency.rb +6 -2
- data/lib/dependabot/git_commit_checker.rb +20 -0
- data/lib/dependabot/pull_request_creator/gitlab.rb +6 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +4 -2
- data/lib/dependabot/pull_request_updater/github.rb +16 -7
- data/lib/dependabot/update_checkers/base.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5386205cda5377a31b273b0a32125b9707407b93b7335e68d57a686024ff2adf
|
|
4
|
+
data.tar.gz: 35518f5984d6d5ca190853935dba3c70949f0d3c2ff3e4a617ba21913833a466
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ccb447cd57aeada38e4bbc4fe4be171e477452427850331644c5eb683b4f3d87fac9d7861a8112cd4d980fd60a377707d61ac2154b0584e2645a211d02290a81
|
|
7
|
+
data.tar.gz: ccf9ccfca47cb7c42197c6ed0c982e08fd1072dee050b4c244f032da4c4304c0635978e89cf5ad67b87a9c6919cbefd28ab068673a73df10ca5cc8fe43ea161d
|
|
@@ -85,6 +85,8 @@ module Dependabot
|
|
|
85
85
|
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
86
86
|
attr_reader :metadata
|
|
87
87
|
|
|
88
|
+
# rubocop:disable Metrics/AbcSize
|
|
89
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
88
90
|
sig do
|
|
89
91
|
params(
|
|
90
92
|
name: String,
|
|
@@ -110,8 +112,10 @@ module Dependabot
|
|
|
110
112
|
end,
|
|
111
113
|
T.nilable(String)
|
|
112
114
|
)
|
|
115
|
+
@version = nil if @version == ""
|
|
113
116
|
@requirements = T.let(requirements.map { |req| symbolize_keys(req) }, T::Array[T::Hash[Symbol, T.untyped]])
|
|
114
117
|
@previous_version = previous_version
|
|
118
|
+
@previous_version = nil if @previous_version == ""
|
|
115
119
|
@previous_requirements = T.let(
|
|
116
120
|
previous_requirements&.map { |req| symbolize_keys(req) },
|
|
117
121
|
T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
|
|
@@ -128,6 +132,8 @@ module Dependabot
|
|
|
128
132
|
|
|
129
133
|
check_values
|
|
130
134
|
end
|
|
135
|
+
# rubocop:enable Metrics/AbcSize
|
|
136
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
131
137
|
|
|
132
138
|
sig { returns(T::Boolean) }
|
|
133
139
|
def top_level?
|
|
@@ -354,8 +360,6 @@ module Dependabot
|
|
|
354
360
|
|
|
355
361
|
sig { void }
|
|
356
362
|
def check_values
|
|
357
|
-
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
|
358
|
-
|
|
359
363
|
check_requirement_fields
|
|
360
364
|
check_subdependency_metadata
|
|
361
365
|
end
|
|
@@ -132,6 +132,13 @@ module Dependabot
|
|
|
132
132
|
max_local_tag_for_current_precision(allowed_refs)
|
|
133
133
|
end
|
|
134
134
|
|
|
135
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
136
|
+
def local_ref_for_latest_version_lower_precision
|
|
137
|
+
allowed_refs = local_tag_for_pinned_sha ? allowed_version_tags : allowed_version_refs
|
|
138
|
+
|
|
139
|
+
max_local_tag_for_lower_precision(allowed_refs)
|
|
140
|
+
end
|
|
141
|
+
|
|
135
142
|
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
136
143
|
def local_tag_for_latest_version
|
|
137
144
|
max_local_tag(allowed_version_tags)
|
|
@@ -238,6 +245,11 @@ module Dependabot
|
|
|
238
245
|
max_local_tag(select_matching_existing_precision(tags))
|
|
239
246
|
end
|
|
240
247
|
|
|
248
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
249
|
+
def max_local_tag_for_lower_precision(tags)
|
|
250
|
+
max_local_tag(select_lower_precision(tags))
|
|
251
|
+
end
|
|
252
|
+
|
|
241
253
|
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
242
254
|
def max_local_tag(tags)
|
|
243
255
|
max_version_tag = tags.max_by { |t| version_from_tag(t) }
|
|
@@ -253,6 +265,14 @@ module Dependabot
|
|
|
253
265
|
tags.select { |tag| precision(scan_version(tag.name)) == current_precision }
|
|
254
266
|
end
|
|
255
267
|
|
|
268
|
+
# Find the latest version with a lower precision as the pinned version.
|
|
269
|
+
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
270
|
+
def select_lower_precision(tags)
|
|
271
|
+
current_precision = precision(T.must(dependency.version))
|
|
272
|
+
|
|
273
|
+
tags.select { |tag| precision(scan_version(tag.name)) <= current_precision }
|
|
274
|
+
end
|
|
275
|
+
|
|
256
276
|
sig { params(version: String).returns(Integer) }
|
|
257
277
|
def precision(version)
|
|
258
278
|
version.split(".").length
|
|
@@ -172,11 +172,16 @@ module Dependabot
|
|
|
172
172
|
def create_commit
|
|
173
173
|
return create_submodule_update_commit if files.count == 1 && T.must(files.first).type == "submodule"
|
|
174
174
|
|
|
175
|
+
options = {}
|
|
176
|
+
options[:author_email] = author_details&.fetch(:email) if author_details&.key?(:email)
|
|
177
|
+
options[:author_name] = author_details&.fetch(:name) if author_details&.key?(:name)
|
|
178
|
+
|
|
175
179
|
gitlab_client_for_source.create_commit(
|
|
176
180
|
source.repo,
|
|
177
181
|
branch_name,
|
|
178
182
|
commit_message,
|
|
179
|
-
files
|
|
183
|
+
files,
|
|
184
|
+
**options
|
|
180
185
|
)
|
|
181
186
|
end
|
|
182
187
|
|
|
@@ -516,14 +516,16 @@ module Dependabot
|
|
|
516
516
|
|
|
517
517
|
sig { returns(String) }
|
|
518
518
|
def group_intro
|
|
519
|
-
|
|
519
|
+
# Ensure dependencies are unique by name, from and to versions
|
|
520
|
+
unique_dependencies = dependencies.uniq { |dep| [dep.name, dep.previous_version, dep.version] }
|
|
521
|
+
update_count = unique_dependencies.count
|
|
520
522
|
|
|
521
523
|
msg = "Bumps the #{T.must(dependency_group).name} group#{pr_name_directory} " \
|
|
522
524
|
"with #{update_count} update#{update_count > 1 ? 's' : ''}:"
|
|
523
525
|
|
|
524
526
|
msg += if update_count >= 5
|
|
525
527
|
header = %w(Package From To)
|
|
526
|
-
rows =
|
|
528
|
+
rows = unique_dependencies.map do |dep|
|
|
527
529
|
[
|
|
528
530
|
dependency_link(dep),
|
|
529
531
|
"`#{dep.humanized_previous_version}`",
|
|
@@ -213,6 +213,21 @@ module Dependabot
|
|
|
213
213
|
)
|
|
214
214
|
end
|
|
215
215
|
|
|
216
|
+
BRANCH_PROTECTION_ERROR_MESSAGES = T.let(
|
|
217
|
+
[
|
|
218
|
+
/protected branch/i,
|
|
219
|
+
/not authorized to push/i,
|
|
220
|
+
/must not contain merge commits/i,
|
|
221
|
+
/required status check/i,
|
|
222
|
+
/cannot force-push to this branch/i,
|
|
223
|
+
/pull request for this branch has been added to a merge queue/i,
|
|
224
|
+
# Unverified commits can be present when PR contains commits from other authors
|
|
225
|
+
/commits must have verified signatures/i,
|
|
226
|
+
/changes must be made through a pull request/i
|
|
227
|
+
].freeze,
|
|
228
|
+
T::Array[Regexp]
|
|
229
|
+
)
|
|
230
|
+
|
|
216
231
|
sig { params(commit: T.untyped).returns(T.untyped) }
|
|
217
232
|
def update_branch(commit)
|
|
218
233
|
T.unsafe(github_client_for_source).update_ref(
|
|
@@ -226,13 +241,7 @@ module Dependabot
|
|
|
226
241
|
return nil if e.message.match?(/Reference does not exist/i)
|
|
227
242
|
return nil if e.message.match?(/Reference cannot be updated/i)
|
|
228
243
|
|
|
229
|
-
if e.message.match?(
|
|
230
|
-
e.message.match?(/not authorized to push/i) ||
|
|
231
|
-
e.message.include?("must not contain merge commits") ||
|
|
232
|
-
e.message.match?(/required status check/i) ||
|
|
233
|
-
e.message.match?(/cannot force-push to this branch/i)
|
|
234
|
-
raise BranchProtected
|
|
235
|
-
end
|
|
244
|
+
raise BranchProtected, e.message if BRANCH_PROTECTION_ERROR_MESSAGES.any? { |msg| e.message.match?(msg) }
|
|
236
245
|
|
|
237
246
|
raise
|
|
238
247
|
end
|
|
@@ -224,7 +224,7 @@ module Dependabot
|
|
|
224
224
|
sig { returns(Dependabot::Dependency) }
|
|
225
225
|
def updated_dependency_without_unlock
|
|
226
226
|
version = latest_resolvable_version_with_no_unlock.to_s
|
|
227
|
-
previous_version = latest_resolvable_previous_version(version)
|
|
227
|
+
previous_version = latest_resolvable_previous_version(version)
|
|
228
228
|
|
|
229
229
|
Dependency.new(
|
|
230
230
|
name: dependency.name,
|
|
@@ -241,7 +241,7 @@ module Dependabot
|
|
|
241
241
|
sig { returns(Dependabot::Dependency) }
|
|
242
242
|
def updated_dependency_with_own_req_unlock
|
|
243
243
|
version = preferred_resolvable_version.to_s
|
|
244
|
-
previous_version = latest_resolvable_previous_version(version)
|
|
244
|
+
previous_version = latest_resolvable_previous_version(version)
|
|
245
245
|
|
|
246
246
|
Dependency.new(
|
|
247
247
|
name: dependency.name,
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.252.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -583,7 +583,7 @@ licenses:
|
|
|
583
583
|
- Nonstandard
|
|
584
584
|
metadata:
|
|
585
585
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
586
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
586
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.252.0
|
|
587
587
|
post_install_message:
|
|
588
588
|
rdoc_options: []
|
|
589
589
|
require_paths:
|