dependabot-common 0.262.0 → 0.264.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/errors.rb +20 -0
  3. data/lib/dependabot/file_fetchers/base.rb +7 -6
  4. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +12 -2
  5. data/lib/dependabot/requirements_update_strategy.rb +7 -0
  6. data/lib/dependabot/shared_helpers.rb +4 -1
  7. data/lib/dependabot.rb +1 -1
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '08b81e6c1e571457e794fa62147845a9e154ff6ea8a9f0d7fbab11b2c9bbb476'
4
- data.tar.gz: aeffcec5729d490fea8e7048c4b359befd8cd800ca97b9ac5a6a0751c7b47435
3
+ metadata.gz: 89c02cd9122ad1a2574c71155c83627af13e7975e520fe2edb0573959f719049
4
+ data.tar.gz: 042f09ae791ba2420b73d3076bc716e3354b56f210bd0d14d6b5aa01b1efb216
5
5
  SHA512:
6
- metadata.gz: 1f7687bb71080b85780d5d0672de40730c590076da5511cc17295271258f80965645a6e468e5254e5eea1d0188f5c76be592c760d617b9688d8d3c321b5b2e40
7
- data.tar.gz: 9dc8d8c488bb81d85a16db553d2acae1b6fba9fef1543a763aa6850fff23a94923118f773164a991a05b02f1a935fe61ca1e2c772397a090abbec5aef015473e
6
+ metadata.gz: 76061ba6700c3b8faa97e7699ab35890546fb5c06dd7f3113a067e76522e0bf7a3d2eecf180c7a3b94bc320cfeb51572265be90cf5df2be269e290141db0729c
7
+ data.tar.gz: 79cd186ce00c0bbea7586d1c582bffaf96b165004b289b1527cfdcac669fe8aee72c4549646cabebe4c3937f9402d675fe13b7e7ca97dbdb7907651e8489f522
data/lib/dependabot/errors.rb CHANGED
@@ -17,6 +17,7 @@ module Dependabot
17
17
  DEPENDENCY_GROUPS = "job-dependency-groups"
18
18
  JOB_ID = "job-id"
19
19
  PACKAGE_MANAGER = "package-manager"
20
+ SECURITY_UPDATE = "security-update"
20
21
  end
21
22
 
22
23
  # rubocop:disable Metrics/MethodLength
@@ -191,6 +192,11 @@ module Dependabot
191
192
  "error-type": "private_source_authentication_failure",
192
193
  "error-detail": { source: error.source }
193
194
  }
195
+ when Dependabot::DependencyNotFound
196
+ {
197
+ "error-type": "dependency_not_found",
198
+ "error-detail": { source: error.source }
199
+ }
194
200
  when Dependabot::PrivateSourceTimedOut
195
201
  {
196
202
  "error-type": "private_source_timed_out",
@@ -511,6 +517,20 @@ module Dependabot
511
517
  end
512
518
  end
513
519
 
520
+ class DependencyNotFound < DependabotError
521
+ extend T::Sig
522
+
523
+ sig { returns(String) }
524
+ attr_reader :source
525
+
526
+ sig { params(source: T.nilable(String)).void }
527
+ def initialize(source)
528
+ @source = T.let(sanitize_source(T.must(source)), String)
529
+ msg = "The following dependency could not be found : #{@source}"
530
+ super(msg)
531
+ end
532
+ end
533
+
514
534
  # Useful for JS file updaters, where the registry API sometimes returns
515
535
  # different results to the actual update process
516
536
  class InconsistentRegistryResponse < DependabotError; end
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -93,12 +93,13 @@ module Dependabot
93
93
  #
94
94
  # options supports custom feature enablement
95
95
  sig do
96
- params(
97
- source: Dependabot::Source,
98
- credentials: T::Array[Dependabot::Credential],
99
- repo_contents_path: T.nilable(String),
100
- options: T::Hash[String, String]
101
- )
96
+ overridable
97
+ .params(
98
+ source: Dependabot::Source,
99
+ credentials: T::Array[Dependabot::Credential],
100
+ repo_contents_path: T.nilable(String),
101
+ options: T::Hash[String, String]
102
+ )
102
103
  .void
103
104
  end
104
105
  def initialize(source:, credentials:, repo_contents_path: nil, options: {})
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED
@@ -25,6 +25,10 @@ module Dependabot
25
25
  TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}
26
26
  # End of string
27
27
  EOS_REGEX = /\z/
28
+
29
+ # regex to match markdown headers or links
30
+ MARKDOWN_REGEX = /\[(.+?)\]\(([^)]+)\)|\[(.+?)\]|\A#+\s+([^\s].*)/
31
+
28
32
  COMMONMARKER_OPTIONS = T.let(
29
33
  %i(GITHUB_PRE_LANG FULL_INFO_STRING).freeze,
30
34
  T::Array[Symbol]
@@ -53,10 +57,16 @@ module Dependabot
53
57
  sanitize_links(doc)
54
58
  sanitize_nwo_text(doc)
55
59
 
60
+ render_options = if text.match?(MARKDOWN_REGEX)
61
+ COMMONMARKER_OPTIONS
62
+ else
63
+ COMMONMARKER_OPTIONS + [:HARDBREAKS]
64
+ end
65
+
56
66
  mode = unsafe ? :UNSAFE : :DEFAULT
57
- return doc.to_commonmark([mode] + COMMONMARKER_OPTIONS) unless format_html
67
+ return doc.to_commonmark([mode] + render_options) unless format_html
58
68
 
59
- doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
69
+ doc.to_html(([mode] + render_options), COMMONMARKER_EXTENSIONS)
60
70
  end
61
71
 
62
72
  private
data/lib/dependabot/requirements_update_strategy.rb CHANGED
@@ -9,5 +9,12 @@ module Dependabot
9
9
  LockfileOnly = new("lockfile_only")
10
10
  WidenRanges = new("widen_ranges")
11
11
  end
12
+
13
+ extend T::Sig
14
+
15
+ sig { returns(T::Boolean) }
16
+ def lockfile_only?
17
+ self == LockfileOnly
18
+ end
12
19
  end
13
20
  end
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -131,7 +131,7 @@ module Dependabot
131
131
  params(
132
132
  command: String,
133
133
  function: String,
134
- args: T.any(T::Array[String], T::Hash[Symbol, String]),
134
+ args: T.any(T::Array[T.any(String, T::Array[T::Hash[String, T.untyped]])], T::Hash[Symbol, String]),
135
135
  env: T.nilable(T::Hash[String, String]),
136
136
  stderr_to_stdout: T::Boolean,
137
137
  allow_unsafe_shell_command: T::Boolean
@@ -258,13 +258,16 @@ module Dependabot
258
258
  FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
259
259
 
260
260
  previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
261
+ previous_terminal_prompt = ENV.fetch("GIT_TERMINAL_PROMPT", nil)
261
262
 
262
263
  begin
263
264
  ENV["GIT_CONFIG_GLOBAL"] = GIT_CONFIG_GLOBAL_PATH
265
+ ENV["GIT_TERMINAL_PROMPT"] = "false"
264
266
  configure_git_to_use_https_with_credentials(credentials, safe_directories)
265
267
  yield
266
268
  ensure
267
269
  ENV["GIT_CONFIG_GLOBAL"] = previous_config
270
+ ENV["GIT_TERMINAL_PROMPT"] = previous_terminal_prompt
268
271
  end
269
272
  rescue Errno::ENOSPC => e
270
273
  raise Dependabot::OutOfDisk, e.message
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.262.0"
5
+ VERSION = "0.264.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.262.0
4
+ version: 0.264.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-20 00:00:00.000000000 Z
11
+ date: 2024-07-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -597,7 +597,7 @@ licenses:
597
597
  - MIT
598
598
  metadata:
599
599
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
600
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.262.0
600
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
601
601
  post_install_message:
602
602
  rdoc_options: []
603
603
  require_paths: