dependabot-common 0.264.0 → 0.266.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/clients/bitbucket.rb +1 -1
  3. data/lib/dependabot/errors.rb +68 -0
  4. data/lib/dependabot/git_commit_checker.rb +4 -4
  5. data/lib/dependabot/shared_helpers.rb +35 -12
  6. data/lib/dependabot/update_checkers/base.rb +2 -2
  7. data/lib/dependabot/workspace/git.rb +1 -1
  8. data/lib/dependabot.rb +1 -1
  9. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89c02cd9122ad1a2574c71155c83627af13e7975e520fe2edb0573959f719049
4
- data.tar.gz: 042f09ae791ba2420b73d3076bc716e3354b56f210bd0d14d6b5aa01b1efb216
3
+ metadata.gz: cd4978cb1971e267084db00cc1d4d4a69a0ffffa5337bd8d61039ba8240f537a
4
+ data.tar.gz: d3b2ff619afff82aade103995ff62c8e5e1111834dd186acf328071a325c4362
5
5
  SHA512:
6
- metadata.gz: 76061ba6700c3b8faa97e7699ab35890546fb5c06dd7f3113a067e76522e0bf7a3d2eecf180c7a3b94bc320cfeb51572265be90cf5df2be269e290141db0729c
7
- data.tar.gz: 79cd186ce00c0bbea7586d1c582bffaf96b165004b289b1527cfdcac669fe8aee72c4549646cabebe4c3937f9402d675fe13b7e7ca97dbdb7907651e8489f522
6
+ metadata.gz: 8d90fcd1793af90f3552a542e6176ed06d55612a40680ca30c16e1e3c508d8025ca2b162840433027d99c9946cae89e19c2637141757c58b3138a4ad053fb7e7
7
+ data.tar.gz: e9ce0c2eb12245518865405046cf403696b3acae3953936a5a93650f390396a70f5208727f0dd93ba385ae35353d0170e3ba9c05bacbee33b0539473df03a837
data/lib/dependabot/clients/bitbucket.rb CHANGED
@@ -142,7 +142,7 @@ module Dependabot
142
142
  next_page_url = base_url + pr_path
143
143
  pull_requests = paginate({ "next" => next_page_url })
144
144
 
145
- pull_requests unless source_branch && target_branch
145
+ pull_requests unless source_branch && target_branch # rubocop:disable Lint/Void
146
146
 
147
147
  pull_requests.select do |pr|
148
148
  if source_branch.nil?
data/lib/dependabot/errors.rb CHANGED
@@ -159,6 +159,8 @@ module Dependabot
159
159
  end
160
160
  end
161
161
 
162
+ # rubocop:disable Lint/RedundantCopDisableDirective
163
+ # rubocop:disable Metrics/CyclomaticComplexity
162
164
  sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
163
165
  def self.updater_error_details(error)
164
166
  case error
@@ -223,6 +225,11 @@ module Dependabot
223
225
  "go-mod": error.go_mod
224
226
  }
225
227
  }
228
+ when
229
+ IncompatibleCPU,
230
+ NetworkUnsafeHTTP
231
+ error.detail
232
+
226
233
  when Dependabot::NotImplemented
227
234
  {
228
235
  "error-type": "not_implemented",
@@ -230,6 +237,11 @@ module Dependabot
230
237
  message: error.message
231
238
  }
232
239
  }
240
+ when Dependabot::InvalidGitAuthToken
241
+ {
242
+ "error-type": "git_token_auth_error",
243
+ "error-detail": { message: error.message }
244
+ }
233
245
  when *Octokit::RATE_LIMITED_ERRORS
234
246
  # If we get a rate-limited error we let dependabot-api handle the
235
247
  # retry by re-enqueing the update job after the reset
@@ -242,6 +254,8 @@ module Dependabot
242
254
  end
243
255
  end
244
256
  # rubocop:enable Metrics/MethodLength
257
+ # rubocop:enable Metrics/CyclomaticComplexity
258
+ # rubocop:enable Lint/RedundantCopDisableDirective
245
259
 
246
260
  class DependabotError < StandardError
247
261
  extend T::Sig
@@ -294,12 +308,38 @@ module Dependabot
294
308
  end
295
309
  end
296
310
 
311
+ class TypedDependabotError < Dependabot::DependabotError
312
+ extend T::Sig
313
+
314
+ sig { returns(String) }
315
+ attr_reader :error_type
316
+
317
+ sig { params(error_type: String, message: T.any(T.nilable(String), MatchData)).void }
318
+ def initialize(error_type, message = nil)
319
+ @error_type = T.let(error_type, String)
320
+
321
+ super(message || error_type)
322
+ end
323
+
324
+ sig { params(hash: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Hash[Symbol, T.untyped]) }
325
+ def detail(hash = nil)
326
+ {
327
+ "error-type": error_type,
328
+ "error-detail": hash || {
329
+ message: message
330
+ }
331
+ }
332
+ end
333
+ end
334
+
297
335
  class OutOfDisk < DependabotError; end
298
336
 
299
337
  class OutOfMemory < DependabotError; end
300
338
 
301
339
  class NotImplemented < DependabotError; end
302
340
 
341
+ class InvalidGitAuthToken < DependabotError; end
342
+
303
343
  #####################
304
344
  # Repo level errors #
305
345
  #####################
@@ -531,6 +571,20 @@ module Dependabot
531
571
  end
532
572
  end
533
573
 
574
+ class InvalidGitAuthToken < DependabotError
575
+ extend T::Sig
576
+
577
+ sig { returns(String) }
578
+ attr_reader :source
579
+
580
+ sig { params(source: String).void }
581
+ def initialize(source)
582
+ @source = T.let(sanitize_source(source), String)
583
+ msg = "Missing or invalid authentication token while accessing github package : #{@source}"
584
+ super(msg)
585
+ end
586
+ end
587
+
534
588
  # Useful for JS file updaters, where the registry API sometimes returns
535
589
  # different results to the actual update process
536
590
  class InconsistentRegistryResponse < DependabotError; end
@@ -617,4 +671,18 @@ module Dependabot
617
671
 
618
672
  # Raised by FileParser if processing may execute external code in the update context
619
673
  class UnexpectedExternalCode < DependabotError; end
674
+
675
+ class IncompatibleCPU < TypedDependabotError
676
+ sig { params(message: T.any(T.nilable(String), MatchData)).void }
677
+ def initialize(message = nil)
678
+ super("incompatible_cpu", message)
679
+ end
680
+ end
681
+
682
+ class NetworkUnsafeHTTP < TypedDependabotError
683
+ sig { params(message: T.any(T.nilable(String), MatchData)).void }
684
+ def initialize(message = nil)
685
+ super("network_unsafe_http", message)
686
+ end
687
+ end
620
688
  end
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -144,14 +144,14 @@ module Dependabot
144
144
  max_local_tag(allowed_version_tags)
145
145
  end
146
146
 
147
- sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
147
+ sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
148
148
  def local_tags_for_allowed_versions_matching_existing_precision
149
- select_matching_existing_precision(allowed_version_tags).map { |t| to_local_tag(t) }
149
+ select_matching_existing_precision(allowed_version_tags).filter_map { |t| to_local_tag(t) }
150
150
  end
151
151
 
152
- sig { returns(T::Array[T.nilable(T::Hash[Symbol, T.untyped])]) }
152
+ sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
153
153
  def local_tags_for_allowed_versions
154
- allowed_version_tags.map { |t| to_local_tag(t) }
154
+ allowed_version_tags.filter_map { |t| to_local_tag(t) }
155
155
  end
156
156
 
157
157
  sig { returns(T::Array[Dependabot::GitRef]) }
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -134,13 +134,15 @@ module Dependabot
134
134
  args: T.any(T::Array[T.any(String, T::Array[T::Hash[String, T.untyped]])], T::Hash[Symbol, String]),
135
135
  env: T.nilable(T::Hash[String, String]),
136
136
  stderr_to_stdout: T::Boolean,
137
- allow_unsafe_shell_command: T::Boolean
137
+ allow_unsafe_shell_command: T::Boolean,
138
+ error_class: T.class_of(HelperSubprocessFailed)
138
139
  )
139
140
  .returns(T.nilable(T.any(String, T::Hash[String, T.untyped], T::Array[T::Hash[String, T.untyped]])))
140
141
  end
141
142
  def self.run_helper_subprocess(command:, function:, args:, env: nil,
142
143
  stderr_to_stdout: false,
143
- allow_unsafe_shell_command: false)
144
+ allow_unsafe_shell_command: false,
145
+ error_class: HelperSubprocessFailed)
144
146
  start = Time.now
145
147
  stdin_data = JSON.dump(function: function, args: args)
146
148
  cmd = allow_unsafe_shell_command ? command : escape_command(command)
@@ -180,33 +182,54 @@ module Dependabot
180
182
  process_termsig: process.termsig
181
183
  }
182
184
 
183
- check_out_of_memory_error(stderr, error_context)
185
+ check_out_of_memory_error(stderr, error_context, error_class)
184
186
 
185
187
  begin
186
188
  response = JSON.parse(stdout)
187
189
  return response["result"] if process.success?
188
190
 
189
- raise HelperSubprocessFailed.new(
191
+ raise error_class.new(
190
192
  message: response["error"],
191
193
  error_class: response["error_class"],
192
194
  error_context: error_context,
193
195
  trace: response["trace"]
194
196
  )
195
197
  rescue JSON::ParserError
196
- raise HelperSubprocessFailed.new(
197
- message: stdout || "No output from command",
198
- error_class: "JSON::ParserError",
199
- error_context: error_context
200
- )
198
+ raise handle_json_parse_error(stdout, stderr, error_context, error_class)
201
199
  end
202
200
  end
203
201
 
202
+ sig do
203
+ params(stdout: String, stderr: String, error_context: T::Hash[Symbol, T.untyped],
204
+ error_class: T.class_of(HelperSubprocessFailed))
205
+ .returns(HelperSubprocessFailed)
206
+ end
207
+ def self.handle_json_parse_error(stdout, stderr, error_context, error_class)
208
+ # If the JSON is invalid, the helper has likely failed
209
+ # We should raise a more helpful error message
210
+ message = if !stdout.strip.empty?
211
+ stdout
212
+ elsif !stderr.strip.empty?
213
+ stderr
214
+ else
215
+ "No output from command"
216
+ end
217
+ error_class.new(
218
+ message: message,
219
+ error_class: "JSON::ParserError",
220
+ error_context: error_context
221
+ )
222
+ end
223
+
204
224
  # rubocop:enable Metrics/MethodLength
205
- sig { params(stderr: T.nilable(String), error_context: T::Hash[Symbol, String]).void }
206
- def self.check_out_of_memory_error(stderr, error_context)
225
+ sig do
226
+ params(stderr: T.nilable(String), error_context: T::Hash[Symbol, String],
227
+ error_class: T.class_of(HelperSubprocessFailed)).void
228
+ end
229
+ def self.check_out_of_memory_error(stderr, error_context, error_class)
207
230
  return unless stderr&.include?("JavaScript heap out of memory")
208
231
 
209
- raise HelperSubprocessFailed.new(
232
+ raise error_class.new(
210
233
  message: "JavaScript heap out of memory",
211
234
  error_class: "Dependabot::OutOfMemoryError",
212
235
  error_context: error_context
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -136,7 +136,7 @@ module Dependabot
136
136
 
137
137
  # Lowest available security fix version not checking resolvability
138
138
  # @return [Dependabot::<package manager>::Version, #to_s] version class
139
- sig { overridable.returns(Dependabot::Version) }
139
+ sig { overridable.returns(T.nilable(Dependabot::Version)) }
140
140
  def lowest_security_fix_version
141
141
  raise NotImplementedError, "#{self.class} must implement #lowest_security_fix_version"
142
142
  end
@@ -363,7 +363,7 @@ module Dependabot
363
363
  end
364
364
 
365
365
  # TODO: Should this return Dependabot::Version?
366
- sig { returns(T.nilable(Gem::Version)) }
366
+ sig { returns(T.nilable(Dependabot::Version)) }
367
367
  def current_version
368
368
  @current_version ||=
369
369
  T.let(
data/lib/dependabot/workspace/git.rb CHANGED
@@ -19,7 +19,7 @@ module Dependabot
19
19
 
20
20
  sig { params(path: T.any(Pathname, String)).void }
21
21
  def initialize(path)
22
- super(path)
22
+ super
23
23
  @initial_head_sha = T.let(head_sha, String)
24
24
  configure_git
25
25
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.264.0"
5
+ VERSION = "0.266.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.264.0
4
+ version: 0.266.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-05 00:00:00.000000000 Z
11
+ date: 2024-07-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -382,14 +382,14 @@ dependencies:
382
382
  requirements:
383
383
  - - "~>"
384
384
  - !ruby/object:Gem::Version
385
- version: 1.63.2
385
+ version: 1.65.0
386
386
  type: :development
387
387
  prerelease: false
388
388
  version_requirements: !ruby/object:Gem::Requirement
389
389
  requirements:
390
390
  - - "~>"
391
391
  - !ruby/object:Gem::Version
392
- version: 1.63.2
392
+ version: 1.65.0
393
393
  - !ruby/object:Gem::Dependency
394
394
  name: rubocop-performance
395
395
  requirement: !ruby/object:Gem::Requirement
@@ -597,7 +597,7 @@ licenses:
597
597
  - MIT
598
598
  metadata:
599
599
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
600
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
600
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
601
601
  post_install_message:
602
602
  rdoc_options: []
603
603
  require_paths: