dependabot-common 0.265.0 → 0.267.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket.rb +1 -1
- data/lib/dependabot/errors.rb +78 -4
- data/lib/dependabot/git_metadata_fetcher.rb +8 -0
- data/lib/dependabot/workspace/git.rb +1 -1
- data/lib/dependabot.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 512f039f72af66c98e5211d2c8869364c65ea38055bbb88ac61ef32570d1d067
|
|
4
|
+
data.tar.gz: aedbac1ae18409d6ff6879aef2ee3ed0deb1fef070ee4ddb1c9ab36e54493755
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 88e88e819902db601884ab7d513c2cb67012d1c3fdc24537046b8772acff9a571869343877a152401d8583d05fa13f79bb04ba85573a2babaae43b2943a748d7
|
|
7
|
+
data.tar.gz: 2d420644f8c92e1586df0b15a217c46fd24fad89ddfed99e31213063cc40f59de01eec1bdbe52830d8238e6adeabe65d807c074f697129302df318086aeeed6f
|
|
@@ -142,7 +142,7 @@ module Dependabot
|
|
|
142
142
|
next_page_url = base_url + pr_path
|
|
143
143
|
pull_requests = paginate({ "next" => next_page_url })
|
|
144
144
|
|
|
145
|
-
pull_requests unless source_branch && target_branch
|
|
145
|
+
pull_requests unless source_branch && target_branch # rubocop:disable Lint/Void
|
|
146
146
|
|
|
147
147
|
pull_requests.select do |pr|
|
|
148
148
|
if source_branch.nil?
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -159,6 +159,8 @@ module Dependabot
|
|
|
159
159
|
end
|
|
160
160
|
end
|
|
161
161
|
|
|
162
|
+
# rubocop:disable Lint/RedundantCopDisableDirective
|
|
163
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
162
164
|
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
163
165
|
def self.updater_error_details(error)
|
|
164
166
|
case error
|
|
@@ -211,7 +213,8 @@ module Dependabot
|
|
|
211
213
|
{
|
|
212
214
|
"error-type": "missing_environment_variable",
|
|
213
215
|
"error-detail": {
|
|
214
|
-
"environment-variable": error.environment_variable
|
|
216
|
+
"environment-variable": error.environment_variable,
|
|
217
|
+
"error-message": error.message
|
|
215
218
|
}
|
|
216
219
|
}
|
|
217
220
|
when Dependabot::GoModulePathMismatch
|
|
@@ -223,6 +226,11 @@ module Dependabot
|
|
|
223
226
|
"go-mod": error.go_mod
|
|
224
227
|
}
|
|
225
228
|
}
|
|
229
|
+
when
|
|
230
|
+
IncompatibleCPU,
|
|
231
|
+
NetworkUnsafeHTTP
|
|
232
|
+
error.detail
|
|
233
|
+
|
|
226
234
|
when Dependabot::NotImplemented
|
|
227
235
|
{
|
|
228
236
|
"error-type": "not_implemented",
|
|
@@ -230,6 +238,11 @@ module Dependabot
|
|
|
230
238
|
message: error.message
|
|
231
239
|
}
|
|
232
240
|
}
|
|
241
|
+
when Dependabot::InvalidGitAuthToken
|
|
242
|
+
{
|
|
243
|
+
"error-type": "git_token_auth_error",
|
|
244
|
+
"error-detail": { message: error.message }
|
|
245
|
+
}
|
|
233
246
|
when *Octokit::RATE_LIMITED_ERRORS
|
|
234
247
|
# If we get a rate-limited error we let dependabot-api handle the
|
|
235
248
|
# retry by re-enqueing the update job after the reset
|
|
@@ -242,6 +255,8 @@ module Dependabot
|
|
|
242
255
|
end
|
|
243
256
|
end
|
|
244
257
|
# rubocop:enable Metrics/MethodLength
|
|
258
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
259
|
+
# rubocop:enable Lint/RedundantCopDisableDirective
|
|
245
260
|
|
|
246
261
|
class DependabotError < StandardError
|
|
247
262
|
extend T::Sig
|
|
@@ -294,12 +309,38 @@ module Dependabot
|
|
|
294
309
|
end
|
|
295
310
|
end
|
|
296
311
|
|
|
312
|
+
class TypedDependabotError < Dependabot::DependabotError
|
|
313
|
+
extend T::Sig
|
|
314
|
+
|
|
315
|
+
sig { returns(String) }
|
|
316
|
+
attr_reader :error_type
|
|
317
|
+
|
|
318
|
+
sig { params(error_type: String, message: T.any(T.nilable(String), MatchData)).void }
|
|
319
|
+
def initialize(error_type, message = nil)
|
|
320
|
+
@error_type = T.let(error_type, String)
|
|
321
|
+
|
|
322
|
+
super(message || error_type)
|
|
323
|
+
end
|
|
324
|
+
|
|
325
|
+
sig { params(hash: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Hash[Symbol, T.untyped]) }
|
|
326
|
+
def detail(hash = nil)
|
|
327
|
+
{
|
|
328
|
+
"error-type": error_type,
|
|
329
|
+
"error-detail": hash || {
|
|
330
|
+
message: message
|
|
331
|
+
}
|
|
332
|
+
}
|
|
333
|
+
end
|
|
334
|
+
end
|
|
335
|
+
|
|
297
336
|
class OutOfDisk < DependabotError; end
|
|
298
337
|
|
|
299
338
|
class OutOfMemory < DependabotError; end
|
|
300
339
|
|
|
301
340
|
class NotImplemented < DependabotError; end
|
|
302
341
|
|
|
342
|
+
class InvalidGitAuthToken < DependabotError; end
|
|
343
|
+
|
|
303
344
|
#####################
|
|
304
345
|
# Repo level errors #
|
|
305
346
|
#####################
|
|
@@ -510,10 +551,15 @@ module Dependabot
|
|
|
510
551
|
sig { returns(String) }
|
|
511
552
|
attr_reader :environment_variable
|
|
512
553
|
|
|
513
|
-
sig {
|
|
514
|
-
|
|
554
|
+
sig { returns(String) }
|
|
555
|
+
attr_reader :message
|
|
556
|
+
|
|
557
|
+
sig { params(environment_variable: String, message: String).void }
|
|
558
|
+
def initialize(environment_variable, message = "")
|
|
515
559
|
@environment_variable = environment_variable
|
|
516
|
-
|
|
560
|
+
@message = message
|
|
561
|
+
|
|
562
|
+
super("Missing environment variable #{@environment_variable}. #{@message}")
|
|
517
563
|
end
|
|
518
564
|
end
|
|
519
565
|
|
|
@@ -531,6 +577,20 @@ module Dependabot
|
|
|
531
577
|
end
|
|
532
578
|
end
|
|
533
579
|
|
|
580
|
+
class InvalidGitAuthToken < DependabotError
|
|
581
|
+
extend T::Sig
|
|
582
|
+
|
|
583
|
+
sig { returns(String) }
|
|
584
|
+
attr_reader :source
|
|
585
|
+
|
|
586
|
+
sig { params(source: String).void }
|
|
587
|
+
def initialize(source)
|
|
588
|
+
@source = T.let(sanitize_source(source), String)
|
|
589
|
+
msg = "Missing or invalid authentication token while accessing github package : #{@source}"
|
|
590
|
+
super(msg)
|
|
591
|
+
end
|
|
592
|
+
end
|
|
593
|
+
|
|
534
594
|
# Useful for JS file updaters, where the registry API sometimes returns
|
|
535
595
|
# different results to the actual update process
|
|
536
596
|
class InconsistentRegistryResponse < DependabotError; end
|
|
@@ -617,4 +677,18 @@ module Dependabot
|
|
|
617
677
|
|
|
618
678
|
# Raised by FileParser if processing may execute external code in the update context
|
|
619
679
|
class UnexpectedExternalCode < DependabotError; end
|
|
680
|
+
|
|
681
|
+
class IncompatibleCPU < TypedDependabotError
|
|
682
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
683
|
+
def initialize(message = nil)
|
|
684
|
+
super("incompatible_cpu", message)
|
|
685
|
+
end
|
|
686
|
+
end
|
|
687
|
+
|
|
688
|
+
class NetworkUnsafeHTTP < TypedDependabotError
|
|
689
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
690
|
+
def initialize(message = nil)
|
|
691
|
+
super("network_unsafe_http", message)
|
|
692
|
+
end
|
|
693
|
+
end
|
|
620
694
|
end
|
|
@@ -198,6 +198,7 @@ module Dependabot
|
|
|
198
198
|
|
|
199
199
|
sig { params(uri: String).returns(String) }
|
|
200
200
|
def service_pack_uri(uri)
|
|
201
|
+
uri = uri_sanitize(uri)
|
|
201
202
|
service_pack_uri = uri_with_auth(uri)
|
|
202
203
|
service_pack_uri = service_pack_uri.gsub(%r{/$}, "")
|
|
203
204
|
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
|
|
@@ -216,6 +217,7 @@ module Dependabot
|
|
|
216
217
|
# (GitHub, GitLab, BitBucket) work with or without the suffix.
|
|
217
218
|
# That change has other ramifications, so it'd be better if Azure started supporting ".git"
|
|
218
219
|
# like all the other providers.
|
|
220
|
+
uri = uri_sanitize(uri)
|
|
219
221
|
uri = SharedHelpers.scp_to_standard(uri)
|
|
220
222
|
uri = URI(uri)
|
|
221
223
|
hostname = uri.hostname.to_s
|
|
@@ -242,6 +244,12 @@ module Dependabot
|
|
|
242
244
|
uri.to_s
|
|
243
245
|
end
|
|
244
246
|
|
|
247
|
+
sig { params(uri: String).returns(String) }
|
|
248
|
+
def uri_sanitize(uri)
|
|
249
|
+
uri = uri.strip
|
|
250
|
+
uri.to_s
|
|
251
|
+
end
|
|
252
|
+
|
|
245
253
|
sig { params(line: String).returns(String) }
|
|
246
254
|
def sha_for_update_pack_line(line)
|
|
247
255
|
T.must(line.split.first).chars.last(40).join
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.267.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-07-
|
|
11
|
+
date: 2024-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -382,14 +382,14 @@ dependencies:
|
|
|
382
382
|
requirements:
|
|
383
383
|
- - "~>"
|
|
384
384
|
- !ruby/object:Gem::Version
|
|
385
|
-
version: 1.
|
|
385
|
+
version: 1.65.0
|
|
386
386
|
type: :development
|
|
387
387
|
prerelease: false
|
|
388
388
|
version_requirements: !ruby/object:Gem::Requirement
|
|
389
389
|
requirements:
|
|
390
390
|
- - "~>"
|
|
391
391
|
- !ruby/object:Gem::Version
|
|
392
|
-
version: 1.
|
|
392
|
+
version: 1.65.0
|
|
393
393
|
- !ruby/object:Gem::Dependency
|
|
394
394
|
name: rubocop-performance
|
|
395
395
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -597,7 +597,7 @@ licenses:
|
|
|
597
597
|
- MIT
|
|
598
598
|
metadata:
|
|
599
599
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
600
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
600
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
|
|
601
601
|
post_install_message:
|
|
602
602
|
rdoc_options: []
|
|
603
603
|
require_paths:
|