dependabot-common 0.264.0 → 0.266.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89c02cd9122ad1a2574c71155c83627af13e7975e520fe2edb0573959f719049
-  data.tar.gz: 042f09ae791ba2420b73d3076bc716e3354b56f210bd0d14d6b5aa01b1efb216
+  metadata.gz: cd4978cb1971e267084db00cc1d4d4a69a0ffffa5337bd8d61039ba8240f537a
+  data.tar.gz: d3b2ff619afff82aade103995ff62c8e5e1111834dd186acf328071a325c4362
 SHA512:
-  metadata.gz: 76061ba6700c3b8faa97e7699ab35890546fb5c06dd7f3113a067e76522e0bf7a3d2eecf180c7a3b94bc320cfeb51572265be90cf5df2be269e290141db0729c
-  data.tar.gz: 79cd186ce00c0bbea7586d1c582bffaf96b165004b289b1527cfdcac669fe8aee72c4549646cabebe4c3937f9402d675fe13b7e7ca97dbdb7907651e8489f522
+  metadata.gz: 8d90fcd1793af90f3552a542e6176ed06d55612a40680ca30c16e1e3c508d8025ca2b162840433027d99c9946cae89e19c2637141757c58b3138a4ad053fb7e7
+  data.tar.gz: e9ce0c2eb12245518865405046cf403696b3acae3953936a5a93650f390396a70f5208727f0dd93ba385ae35353d0170e3ba9c05bacbee33b0539473df03a837

data/lib/dependabot/clients/bitbucket.rb

@@ -142,7 +142,7 @@ module Dependabot
         next_page_url = base_url + pr_path
         pull_requests = paginate({ "next" => next_page_url })
 
-        pull_requests unless source_branch && target_branch
+        pull_requests unless source_branch && target_branch # rubocop:disable Lint/Void
 
         pull_requests.select do |pr|
           if source_branch.nil?

data/lib/dependabot/errors.rb

@@ -159,6 +159,8 @@ module Dependabot
     end
   end
 
+  # rubocop:disable Lint/RedundantCopDisableDirective
+  # rubocop:disable Metrics/CyclomaticComplexity
   sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
   def self.updater_error_details(error)
     case error
@@ -223,6 +225,11 @@ module Dependabot
           "go-mod": error.go_mod
         }
       }
+    when
+      IncompatibleCPU,
+      NetworkUnsafeHTTP
+      error.detail
+
     when Dependabot::NotImplemented
       {
         "error-type": "not_implemented",
@@ -230,6 +237,11 @@ module Dependabot
           message: error.message
         }
       }
+    when Dependabot::InvalidGitAuthToken
+      {
+        "error-type": "git_token_auth_error",
+        "error-detail": { message: error.message }
+      }
     when *Octokit::RATE_LIMITED_ERRORS
       # If we get a rate-limited error we let dependabot-api handle the
       # retry by re-enqueing the update job after the reset
@@ -242,6 +254,8 @@ module Dependabot
     end
   end
   # rubocop:enable Metrics/MethodLength
+  # rubocop:enable Metrics/CyclomaticComplexity
+  # rubocop:enable Lint/RedundantCopDisableDirective
 
   class DependabotError < StandardError
     extend T::Sig
@@ -294,12 +308,38 @@ module Dependabot
     end
   end
 
+  class TypedDependabotError < Dependabot::DependabotError
+    extend T::Sig
+
+    sig { returns(String) }
+    attr_reader :error_type
+
+    sig { params(error_type: String, message: T.any(T.nilable(String), MatchData)).void }
+    def initialize(error_type, message = nil)
+      @error_type = T.let(error_type, String)
+
+      super(message || error_type)
+    end
+
+    sig { params(hash: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Hash[Symbol, T.untyped]) }
+    def detail(hash = nil)
+      {
+        "error-type": error_type,
+        "error-detail": hash || {
+          message: message
+        }
+      }
+    end
+  end
+
   class OutOfDisk < DependabotError; end
 
   class OutOfMemory < DependabotError; end
 
   class NotImplemented < DependabotError; end
 
+  class InvalidGitAuthToken < DependabotError; end
+
   #####################
   # Repo level errors #
   #####################
@@ -531,6 +571,20 @@ module Dependabot
     end
   end
 
+  class InvalidGitAuthToken < DependabotError
+    extend T::Sig
+
+    sig { returns(String) }
+    attr_reader :source
+
+    sig { params(source: String).void }
+    def initialize(source)
+      @source = T.let(sanitize_source(source), String)
+      msg = "Missing or invalid authentication token while accessing github package : #{@source}"
+      super(msg)
+    end
+  end
+
   # Useful for JS file updaters, where the registry API sometimes returns
   # different results to the actual update process
   class InconsistentRegistryResponse < DependabotError; end
@@ -617,4 +671,18 @@ module Dependabot
 
   # Raised by FileParser if processing may execute external code in the update context
   class UnexpectedExternalCode < DependabotError; end
+
+  class IncompatibleCPU < TypedDependabotError
+    sig { params(message: T.any(T.nilable(String), MatchData)).void }
+    def initialize(message = nil)
+      super("incompatible_cpu", message)
+    end
+  end
+
+  class NetworkUnsafeHTTP < TypedDependabotError
+    sig { params(message: T.any(T.nilable(String), MatchData)).void }
+    def initialize(message = nil)
+      super("network_unsafe_http", message)
+    end
+  end
 end

data/lib/dependabot/git_commit_checker.rb

@@ -144,14 +144,14 @@ module Dependabot
       max_local_tag(allowed_version_tags)
     end
 
-    sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
+    sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
     def local_tags_for_allowed_versions_matching_existing_precision
-      select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
+      select_matching_existing_precision(allowed_version_tags).filter_map { |t| to_local_tag(t) }
     end
 
-    sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
+    sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
     def local_tags_for_allowed_versions
-      allowed_version_tags.map { |t| to_local_tag(t) }
+      allowed_version_tags.filter_map { |t| to_local_tag(t) }
     end
 
     sig { returns(T::Array[Dependabot::GitRef]) }

data/lib/dependabot/shared_helpers.rb

@@ -134,13 +134,15 @@ module Dependabot
         args: T.any(T::Array[T.any(String, T::Array[T::Hash[String, T.untyped]])], T::Hash[Symbol, String]),
         env: T.nilable(T::Hash[String, String]),
         stderr_to_stdout: T::Boolean,
-        allow_unsafe_shell_command: T::Boolean
+        allow_unsafe_shell_command: T::Boolean,
+        error_class: T.class_of(HelperSubprocessFailed)
       )
         .returns(T.nilable(T.any(String, T::Hash[String, T.untyped], T::Array[T::Hash[String, T.untyped]])))
     end
     def self.run_helper_subprocess(command:, function:, args:, env: nil,
                                    stderr_to_stdout: false,
-                                   allow_unsafe_shell_command: false)
+                                   allow_unsafe_shell_command: false,
+                                   error_class: HelperSubprocessFailed)
       start = Time.now
       stdin_data = JSON.dump(function: function, args: args)
       cmd = allow_unsafe_shell_command ? command : escape_command(command)
@@ -180,33 +182,54 @@ module Dependabot
         process_termsig: process.termsig
       }
 
-      check_out_of_memory_error(stderr, error_context)
+      check_out_of_memory_error(stderr, error_context, error_class)
 
       begin
         response = JSON.parse(stdout)
         return response["result"] if process.success?
 
-        raise HelperSubprocessFailed.new(
+        raise error_class.new(
           message: response["error"],
           error_class: response["error_class"],
           error_context: error_context,
           trace: response["trace"]
         )
       rescue JSON::ParserError
-        raise HelperSubprocessFailed.new(
-          message: stdout || "No output from command",
-          error_class: "JSON::ParserError",
-          error_context: error_context
-        )
+        raise handle_json_parse_error(stdout, stderr, error_context, error_class)
       end
     end
 
+    sig do
+      params(stdout: String, stderr: String, error_context: T::Hash[Symbol, T.untyped],
+             error_class: T.class_of(HelperSubprocessFailed))
+        .returns(HelperSubprocessFailed)
+    end
+    def self.handle_json_parse_error(stdout, stderr, error_context, error_class)
+      # If the JSON is invalid, the helper has likely failed
+      # We should raise a more helpful error message
+      message = if !stdout.strip.empty?
+                  stdout
+                elsif !stderr.strip.empty?
+                  stderr
+                else
+                  "No output from command"
+                end
+      error_class.new(
+        message: message,
+        error_class: "JSON::ParserError",
+        error_context: error_context
+      )
+    end
+
     # rubocop:enable Metrics/MethodLength
-    sig { params(stderr: T.nilable(String), error_context: T::Hash[Symbol, String]).void }
-    def self.check_out_of_memory_error(stderr, error_context)
+    sig do
+      params(stderr: T.nilable(String), error_context: T::Hash[Symbol, String],
+             error_class: T.class_of(HelperSubprocessFailed)).void
+    end
+    def self.check_out_of_memory_error(stderr, error_context, error_class)
       return unless stderr&.include?("JavaScript heap out of memory")
 
-      raise HelperSubprocessFailed.new(
+      raise error_class.new(
         message: "JavaScript heap out of memory",
         error_class: "Dependabot::OutOfMemoryError",
         error_context: error_context

data/lib/dependabot/update_checkers/base.rb

@@ -136,7 +136,7 @@ module Dependabot
 
       # Lowest available security fix version not checking resolvability
       # @return [Dependabot::<package manager>::Version, #to_s] version class
-      sig { overridable.returns(Dependabot::Version) }
+      sig { overridable.returns(T.nilable(Dependabot::Version)) }
       def lowest_security_fix_version
         raise NotImplementedError, "#{self.class} must implement #lowest_security_fix_version"
       end
@@ -363,7 +363,7 @@ module Dependabot
       end
 
       # TODO: Should this return Dependabot::Version?
-      sig { returns(T.nilable(Gem::Version)) }
+      sig { returns(T.nilable(Dependabot::Version)) }
       def current_version
         @current_version ||=
           T.let(

data/lib/dependabot/workspace/git.rb

@@ -19,7 +19,7 @@ module Dependabot
 
       sig { params(path: T.any(Pathname, String)).void }
       def initialize(path)
-        super(path)
+        super
         @initial_head_sha = T.let(head_sha, String)
         configure_git
       end

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.264.0"
+  VERSION = "0.266.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.264.0
+  version: 0.266.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-07-05 00:00:00.000000000 Z
+date: 2024-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -382,14 +382,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.63.2
+        version: 1.65.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.63.2
+        version: 1.65.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -597,7 +597,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
 post_install_message: 
 rdoc_options: []
 require_paths: