dependabot-common 0.262.0 → 0.264.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/errors.rb +20 -0
  3. data/lib/dependabot/file_fetchers/base.rb +7 -6
  4. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +12 -2
  5. data/lib/dependabot/requirements_update_strategy.rb +7 -0
  6. data/lib/dependabot/shared_helpers.rb +4 -1
  7. data/lib/dependabot.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '08b81e6c1e571457e794fa62147845a9e154ff6ea8a9f0d7fbab11b2c9bbb476'
4
- data.tar.gz: aeffcec5729d490fea8e7048c4b359befd8cd800ca97b9ac5a6a0751c7b47435
3
+ metadata.gz: 89c02cd9122ad1a2574c71155c83627af13e7975e520fe2edb0573959f719049
4
+ data.tar.gz: 042f09ae791ba2420b73d3076bc716e3354b56f210bd0d14d6b5aa01b1efb216
5
5
  SHA512:
6
- metadata.gz: 1f7687bb71080b85780d5d0672de40730c590076da5511cc17295271258f80965645a6e468e5254e5eea1d0188f5c76be592c760d617b9688d8d3c321b5b2e40
7
- data.tar.gz: 9dc8d8c488bb81d85a16db553d2acae1b6fba9fef1543a763aa6850fff23a94923118f773164a991a05b02f1a935fe61ca1e2c772397a090abbec5aef015473e
6
+ metadata.gz: 76061ba6700c3b8faa97e7699ab35890546fb5c06dd7f3113a067e76522e0bf7a3d2eecf180c7a3b94bc320cfeb51572265be90cf5df2be269e290141db0729c
7
+ data.tar.gz: 79cd186ce00c0bbea7586d1c582bffaf96b165004b289b1527cfdcac669fe8aee72c4549646cabebe4c3937f9402d675fe13b7e7ca97dbdb7907651e8489f522
data/lib/dependabot/errors.rb CHANGED
@@ -17,6 +17,7 @@ module Dependabot
17
17
  DEPENDENCY_GROUPS = "job-dependency-groups"
18
18
  JOB_ID = "job-id"
19
19
  PACKAGE_MANAGER = "package-manager"
20
+ SECURITY_UPDATE = "security-update"
20
21
  end
21
22
 
22
23
  # rubocop:disable Metrics/MethodLength
@@ -191,6 +192,11 @@ module Dependabot
191
192
  "error-type": "private_source_authentication_failure",
192
193
  "error-detail": { source: error.source }
193
194
  }
195
+ when Dependabot::DependencyNotFound
196
+ {
197
+ "error-type": "dependency_not_found",
198
+ "error-detail": { source: error.source }
199
+ }
194
200
  when Dependabot::PrivateSourceTimedOut
195
201
  {
196
202
  "error-type": "private_source_timed_out",
@@ -511,6 +517,20 @@ module Dependabot
511
517
  end
512
518
  end
513
519
 
520
+ class DependencyNotFound < DependabotError
521
+ extend T::Sig
522
+
523
+ sig { returns(String) }
524
+ attr_reader :source
525
+
526
+ sig { params(source: T.nilable(String)).void }
527
+ def initialize(source)
528
+ @source = T.let(sanitize_source(T.must(source)), String)
529
+ msg = "The following dependency could not be found : #{@source}"
530
+ super(msg)
531
+ end
532
+ end
533
+
514
534
  # Useful for JS file updaters, where the registry API sometimes returns
515
535
  # different results to the actual update process
516
536
  class InconsistentRegistryResponse < DependabotError; end
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -93,12 +93,13 @@ module Dependabot
93
93
  #
94
94
  # options supports custom feature enablement
95
95
  sig do
96
- params(
97
- source: Dependabot::Source,
98
- credentials: T::Array[Dependabot::Credential],
99
- repo_contents_path: T.nilable(String),
100
- options: T::Hash[String, String]
101
- )
96
+ overridable
97
+ .params(
98
+ source: Dependabot::Source,
99
+ credentials: T::Array[Dependabot::Credential],
100
+ repo_contents_path: T.nilable(String),
101
+ options: T::Hash[String, String]
102
+ )
102
103
  .void
103
104
  end
104
105
  def initialize(source:, credentials:, repo_contents_path: nil, options: {})
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED
@@ -25,6 +25,10 @@ module Dependabot
25
25
  TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}
26
26
  # End of string
27
27
  EOS_REGEX = /\z/
28
+
29
+ # regex to match markdown headers or links
30
+ MARKDOWN_REGEX = /\[(.+?)\]\(([^)]+)\)|\[(.+?)\]|\A#+\s+([^\s].*)/
31
+
28
32
  COMMONMARKER_OPTIONS = T.let(
29
33
  %i(GITHUB_PRE_LANG FULL_INFO_STRING).freeze,
30
34
  T::Array[Symbol]
@@ -53,10 +57,16 @@ module Dependabot
53
57
  sanitize_links(doc)
54
58
  sanitize_nwo_text(doc)
55
59
 
60
+ render_options = if text.match?(MARKDOWN_REGEX)
61
+ COMMONMARKER_OPTIONS
62
+ else
63
+ COMMONMARKER_OPTIONS + [:HARDBREAKS]
64
+ end
65
+
56
66
  mode = unsafe ? :UNSAFE : :DEFAULT
57
- return doc.to_commonmark([mode] + COMMONMARKER_OPTIONS) unless format_html
67
+ return doc.to_commonmark([mode] + render_options) unless format_html
58
68
 
59
- doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
69
+ doc.to_html(([mode] + render_options), COMMONMARKER_EXTENSIONS)
60
70
  end
61
71
 
62
72
  private
data/lib/dependabot/requirements_update_strategy.rb CHANGED
@@ -9,5 +9,12 @@ module Dependabot
9
9
  LockfileOnly = new("lockfile_only")
10
10
  WidenRanges = new("widen_ranges")
11
11
  end
12
+
13
+ extend T::Sig
14
+
15
+ sig { returns(T::Boolean) }
16
+ def lockfile_only?
17
+ self == LockfileOnly
18
+ end
12
19
  end
13
20
  end
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -131,7 +131,7 @@ module Dependabot
131
131
  params(
132
132
  command: String,
133
133
  function: String,
134
- args: T.any(T::Array[String], T::Hash[Symbol, String]),
134
+ args: T.any(T::Array[T.any(String, T::Array[T::Hash[String, T.untyped]])], T::Hash[Symbol, String]),
135
135
  env: T.nilable(T::Hash[String, String]),
136
136
  stderr_to_stdout: T::Boolean,
137
137
  allow_unsafe_shell_command: T::Boolean
@@ -258,13 +258,16 @@ module Dependabot
258
258
  FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
259
259
 
260
260
  previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
261
+ previous_terminal_prompt = ENV.fetch("GIT_TERMINAL_PROMPT", nil)
261
262
 
262
263
  begin
263
264
  ENV["GIT_CONFIG_GLOBAL"] = GIT_CONFIG_GLOBAL_PATH
265
+ ENV["GIT_TERMINAL_PROMPT"] = "false"
264
266
  configure_git_to_use_https_with_credentials(credentials, safe_directories)
265
267
  yield
266
268
  ensure
267
269
  ENV["GIT_CONFIG_GLOBAL"] = previous_config
270
+ ENV["GIT_TERMINAL_PROMPT"] = previous_terminal_prompt
268
271
  end
269
272
  rescue Errno::ENOSPC => e
270
273
  raise Dependabot::OutOfDisk, e.message
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.262.0"
5
+ VERSION = "0.264.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.262.0
4
+ version: 0.264.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-20 00:00:00.000000000 Z
11
+ date: 2024-07-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -597,7 +597,7 @@ licenses:
597
597
  - MIT
598
598
  metadata:
599
599
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
600
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.262.0
600
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
601
601
  post_install_message:
602
602
  rdoc_options: []
603
603
  require_paths: