dependabot-common 0.265.0 → 0.267.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket.rb +1 -1
- data/lib/dependabot/errors.rb +78 -4
- data/lib/dependabot/git_metadata_fetcher.rb +8 -0
- data/lib/dependabot/workspace/git.rb +1 -1
- data/lib/dependabot.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 512f039f72af66c98e5211d2c8869364c65ea38055bbb88ac61ef32570d1d067
|
|
4
|
+
data.tar.gz: aedbac1ae18409d6ff6879aef2ee3ed0deb1fef070ee4ddb1c9ab36e54493755
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 88e88e819902db601884ab7d513c2cb67012d1c3fdc24537046b8772acff9a571869343877a152401d8583d05fa13f79bb04ba85573a2babaae43b2943a748d7
|
|
7
|
+
data.tar.gz: 2d420644f8c92e1586df0b15a217c46fd24fad89ddfed99e31213063cc40f59de01eec1bdbe52830d8238e6adeabe65d807c074f697129302df318086aeeed6f
|
|
@@ -142,7 +142,7 @@ module Dependabot
|
|
|
142
142
|
next_page_url = base_url + pr_path
|
|
143
143
|
pull_requests = paginate({ "next" => next_page_url })
|
|
144
144
|
|
|
145
|
-
pull_requests unless source_branch && target_branch
|
|
145
|
+
pull_requests unless source_branch && target_branch # rubocop:disable Lint/Void
|
|
146
146
|
|
|
147
147
|
pull_requests.select do |pr|
|
|
148
148
|
if source_branch.nil?
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -159,6 +159,8 @@ module Dependabot
|
|
|
159
159
|
end
|
|
160
160
|
end
|
|
161
161
|
|
|
162
|
+
# rubocop:disable Lint/RedundantCopDisableDirective
|
|
163
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
162
164
|
sig { params(error: StandardError).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
163
165
|
def self.updater_error_details(error)
|
|
164
166
|
case error
|
|
@@ -211,7 +213,8 @@ module Dependabot
|
|
|
211
213
|
{
|
|
212
214
|
"error-type": "missing_environment_variable",
|
|
213
215
|
"error-detail": {
|
|
214
|
-
"environment-variable": error.environment_variable
|
|
216
|
+
"environment-variable": error.environment_variable,
|
|
217
|
+
"error-message": error.message
|
|
215
218
|
}
|
|
216
219
|
}
|
|
217
220
|
when Dependabot::GoModulePathMismatch
|
|
@@ -223,6 +226,11 @@ module Dependabot
|
|
|
223
226
|
"go-mod": error.go_mod
|
|
224
227
|
}
|
|
225
228
|
}
|
|
229
|
+
when
|
|
230
|
+
IncompatibleCPU,
|
|
231
|
+
NetworkUnsafeHTTP
|
|
232
|
+
error.detail
|
|
233
|
+
|
|
226
234
|
when Dependabot::NotImplemented
|
|
227
235
|
{
|
|
228
236
|
"error-type": "not_implemented",
|
|
@@ -230,6 +238,11 @@ module Dependabot
|
|
|
230
238
|
message: error.message
|
|
231
239
|
}
|
|
232
240
|
}
|
|
241
|
+
when Dependabot::InvalidGitAuthToken
|
|
242
|
+
{
|
|
243
|
+
"error-type": "git_token_auth_error",
|
|
244
|
+
"error-detail": { message: error.message }
|
|
245
|
+
}
|
|
233
246
|
when *Octokit::RATE_LIMITED_ERRORS
|
|
234
247
|
# If we get a rate-limited error we let dependabot-api handle the
|
|
235
248
|
# retry by re-enqueing the update job after the reset
|
|
@@ -242,6 +255,8 @@ module Dependabot
|
|
|
242
255
|
end
|
|
243
256
|
end
|
|
244
257
|
# rubocop:enable Metrics/MethodLength
|
|
258
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
259
|
+
# rubocop:enable Lint/RedundantCopDisableDirective
|
|
245
260
|
|
|
246
261
|
class DependabotError < StandardError
|
|
247
262
|
extend T::Sig
|
|
@@ -294,12 +309,38 @@ module Dependabot
|
|
|
294
309
|
end
|
|
295
310
|
end
|
|
296
311
|
|
|
312
|
+
class TypedDependabotError < Dependabot::DependabotError
|
|
313
|
+
extend T::Sig
|
|
314
|
+
|
|
315
|
+
sig { returns(String) }
|
|
316
|
+
attr_reader :error_type
|
|
317
|
+
|
|
318
|
+
sig { params(error_type: String, message: T.any(T.nilable(String), MatchData)).void }
|
|
319
|
+
def initialize(error_type, message = nil)
|
|
320
|
+
@error_type = T.let(error_type, String)
|
|
321
|
+
|
|
322
|
+
super(message || error_type)
|
|
323
|
+
end
|
|
324
|
+
|
|
325
|
+
sig { params(hash: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Hash[Symbol, T.untyped]) }
|
|
326
|
+
def detail(hash = nil)
|
|
327
|
+
{
|
|
328
|
+
"error-type": error_type,
|
|
329
|
+
"error-detail": hash || {
|
|
330
|
+
message: message
|
|
331
|
+
}
|
|
332
|
+
}
|
|
333
|
+
end
|
|
334
|
+
end
|
|
335
|
+
|
|
297
336
|
class OutOfDisk < DependabotError; end
|
|
298
337
|
|
|
299
338
|
class OutOfMemory < DependabotError; end
|
|
300
339
|
|
|
301
340
|
class NotImplemented < DependabotError; end
|
|
302
341
|
|
|
342
|
+
class InvalidGitAuthToken < DependabotError; end
|
|
343
|
+
|
|
303
344
|
#####################
|
|
304
345
|
# Repo level errors #
|
|
305
346
|
#####################
|
|
@@ -510,10 +551,15 @@ module Dependabot
|
|
|
510
551
|
sig { returns(String) }
|
|
511
552
|
attr_reader :environment_variable
|
|
512
553
|
|
|
513
|
-
sig {
|
|
514
|
-
|
|
554
|
+
sig { returns(String) }
|
|
555
|
+
attr_reader :message
|
|
556
|
+
|
|
557
|
+
sig { params(environment_variable: String, message: String).void }
|
|
558
|
+
def initialize(environment_variable, message = "")
|
|
515
559
|
@environment_variable = environment_variable
|
|
516
|
-
|
|
560
|
+
@message = message
|
|
561
|
+
|
|
562
|
+
super("Missing environment variable #{@environment_variable}. #{@message}")
|
|
517
563
|
end
|
|
518
564
|
end
|
|
519
565
|
|
|
@@ -531,6 +577,20 @@ module Dependabot
|
|
|
531
577
|
end
|
|
532
578
|
end
|
|
533
579
|
|
|
580
|
+
class InvalidGitAuthToken < DependabotError
|
|
581
|
+
extend T::Sig
|
|
582
|
+
|
|
583
|
+
sig { returns(String) }
|
|
584
|
+
attr_reader :source
|
|
585
|
+
|
|
586
|
+
sig { params(source: String).void }
|
|
587
|
+
def initialize(source)
|
|
588
|
+
@source = T.let(sanitize_source(source), String)
|
|
589
|
+
msg = "Missing or invalid authentication token while accessing github package : #{@source}"
|
|
590
|
+
super(msg)
|
|
591
|
+
end
|
|
592
|
+
end
|
|
593
|
+
|
|
534
594
|
# Useful for JS file updaters, where the registry API sometimes returns
|
|
535
595
|
# different results to the actual update process
|
|
536
596
|
class InconsistentRegistryResponse < DependabotError; end
|
|
@@ -617,4 +677,18 @@ module Dependabot
|
|
|
617
677
|
|
|
618
678
|
# Raised by FileParser if processing may execute external code in the update context
|
|
619
679
|
class UnexpectedExternalCode < DependabotError; end
|
|
680
|
+
|
|
681
|
+
class IncompatibleCPU < TypedDependabotError
|
|
682
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
683
|
+
def initialize(message = nil)
|
|
684
|
+
super("incompatible_cpu", message)
|
|
685
|
+
end
|
|
686
|
+
end
|
|
687
|
+
|
|
688
|
+
class NetworkUnsafeHTTP < TypedDependabotError
|
|
689
|
+
sig { params(message: T.any(T.nilable(String), MatchData)).void }
|
|
690
|
+
def initialize(message = nil)
|
|
691
|
+
super("network_unsafe_http", message)
|
|
692
|
+
end
|
|
693
|
+
end
|
|
620
694
|
end
|
|
@@ -198,6 +198,7 @@ module Dependabot
|
|
|
198
198
|
|
|
199
199
|
sig { params(uri: String).returns(String) }
|
|
200
200
|
def service_pack_uri(uri)
|
|
201
|
+
uri = uri_sanitize(uri)
|
|
201
202
|
service_pack_uri = uri_with_auth(uri)
|
|
202
203
|
service_pack_uri = service_pack_uri.gsub(%r{/$}, "")
|
|
203
204
|
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
|
|
@@ -216,6 +217,7 @@ module Dependabot
|
|
|
216
217
|
# (GitHub, GitLab, BitBucket) work with or without the suffix.
|
|
217
218
|
# That change has other ramifications, so it'd be better if Azure started supporting ".git"
|
|
218
219
|
# like all the other providers.
|
|
220
|
+
uri = uri_sanitize(uri)
|
|
219
221
|
uri = SharedHelpers.scp_to_standard(uri)
|
|
220
222
|
uri = URI(uri)
|
|
221
223
|
hostname = uri.hostname.to_s
|
|
@@ -242,6 +244,12 @@ module Dependabot
|
|
|
242
244
|
uri.to_s
|
|
243
245
|
end
|
|
244
246
|
|
|
247
|
+
sig { params(uri: String).returns(String) }
|
|
248
|
+
def uri_sanitize(uri)
|
|
249
|
+
uri = uri.strip
|
|
250
|
+
uri.to_s
|
|
251
|
+
end
|
|
252
|
+
|
|
245
253
|
sig { params(line: String).returns(String) }
|
|
246
254
|
def sha_for_update_pack_line(line)
|
|
247
255
|
T.must(line.split.first).chars.last(40).join
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.267.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-07-
|
|
11
|
+
date: 2024-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -382,14 +382,14 @@ dependencies:
|
|
|
382
382
|
requirements:
|
|
383
383
|
- - "~>"
|
|
384
384
|
- !ruby/object:Gem::Version
|
|
385
|
-
version: 1.
|
|
385
|
+
version: 1.65.0
|
|
386
386
|
type: :development
|
|
387
387
|
prerelease: false
|
|
388
388
|
version_requirements: !ruby/object:Gem::Requirement
|
|
389
389
|
requirements:
|
|
390
390
|
- - "~>"
|
|
391
391
|
- !ruby/object:Gem::Version
|
|
392
|
-
version: 1.
|
|
392
|
+
version: 1.65.0
|
|
393
393
|
- !ruby/object:Gem::Dependency
|
|
394
394
|
name: rubocop-performance
|
|
395
395
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -597,7 +597,7 @@ licenses:
|
|
|
597
597
|
- MIT
|
|
598
598
|
metadata:
|
|
599
599
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
600
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
600
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
|
|
601
601
|
post_install_message:
|
|
602
602
|
rdoc_options: []
|
|
603
603
|
require_paths:
|