RubyGems - dependabot-common - Versions diffs - 0.353.0 → 0.354.0 - Mend

dependabot-common 0.353.0 → 0.354.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/command_helpers.rb +6 -1
data/lib/dependabot/file_fetchers/base.rb +13 -0
data/lib/dependabot/shared_helpers.rb +16 -1
data/lib/dependabot.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67a7fe7744d8ef3f8ef01aeeb66b9a673a821c8165bcc4450d9d94b34c974e22
-  data.tar.gz: 6f0d5f8625e35b1a94be21c3e70dc0d87cfd2e7b9382b607bcf2913828f511a8
+  metadata.gz: 706b10e32381ce400b4fdd4979f30065ac2e47b42dfa7b6889b4293651688551
+  data.tar.gz: 8e9a2b06dbac39075652dd24a29ab30f3de74fe34421d328cf57df31af338f36
 SHA512:
-  metadata.gz: 5bcb903c2e83a426808e8b417c889f9f5b0c53cf3809a62c7dc9e97353445d5fa7cf4ee22f4056a919996841cdb297ce699f8eacba7556c0c90b673d0a19eda6
-  data.tar.gz: 0e310dae91c687f4d2bfb5d63ffee3720786502c3161c2fdc6a0b464877d4badcb4128e172c4b4af3fb379e91b6358b0f6fb41fcbb6f50a557ff98064f2c7465
+  metadata.gz: 3eccc4f6f6d6eae7b07e2f38f14d55fdc909433618f30b9837a970309567cd74da80afbc66086a369aacf851d264c8e1b92dfbe330aab26b298ebaac7ad5e2ff
+  data.tar.gz: 78ed07bab036f349532ced55d3e40acc08a0dd4c0e15afd94f601b64e54391e9f40efe19a2933cbb48f3ec3df61d4f6f52977e764e04109cc5a8b6acb52293af

data/lib/dependabot/command_helpers.rb CHANGED Viewed

@@ -95,7 +95,12 @@ module Dependabot
       begin
         T.unsafe(Open3).popen3(*env_cmd) do |stdin, stdout_io, stderr_io, wait_thr| # rubocop:disable Metrics/BlockLength
           pid = wait_thr.pid
-          Dependabot.logger.info("Started process PID: #{pid} with command: #{env_cmd.join(' ')}")
+          sanitized_env_cmd = if env_cmd.first.is_a?(Hash)
+                                [SharedHelpers.send(:sanitize_env_for_logging, env_cmd.first), *env_cmd[1..]]
+                              else
+                                env_cmd
+                              end
+          Dependabot.logger.info("Started process PID: #{pid} with command: #{sanitized_env_cmd.join(' ')}")
           # Write to stdin if input data is provided
           stdin&.write(stdin_data) if stdin_data

data/lib/dependabot/file_fetchers/base.rb CHANGED Viewed

@@ -109,6 +109,7 @@ module Dependabot
         @source = source
         @credentials = credentials
         @repo_contents_path = repo_contents_path
+        @update_config = T.let(update_config, T.nilable(Dependabot::Config::UpdateConfig))
         @exclude_paths = T.let(update_config&.exclude_paths || [], T::Array[String])
         @linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
         @submodules = T.let([], T::Array[T.untyped])
@@ -928,6 +929,18 @@ module Dependabot
           next path if type == DependencyFile::Mode::SUBMODULE
         end
       end
+      # Check if a dependency name matches any ignore condition patterns
+      # This is a simplified check that matches by name pattern (with wildcards)
+      # without checking version requirements
+      sig { params(dependency_name: String).returns(T::Boolean) }
+      def dependency_ignored?(dependency_name)
+        return false unless @update_config
+        @update_config.ignore_conditions.any? do |ic|
+          Dependabot::Config::UpdateConfig.wildcard_match?(ic.dependency_name, dependency_name)
+        end
+      end
     end
   end
 end

data/lib/dependabot/shared_helpers.rb CHANGED Viewed

@@ -175,7 +175,8 @@ module Dependabot
       time_taken = Time.now - start
       if ENV["DEBUG_HELPERS"] == "true"
-        puts env_cmd
+        sanitized_env_cmd = [sanitize_env_for_logging(env), cmd].compact
+        puts sanitized_env_cmd
         puts function
         puts stdout
         puts stderr
@@ -542,5 +543,19 @@ module Dependabot
       "$ cd #{Dir.pwd} && echo \"#{escaped_stdin_data}\" | #{env_keys}#{command}"
     end
     private_class_method :helper_subprocess_bash_command
+    sig { params(env: T.nilable(T::Hash[String, String])).returns(T.nilable(T::Hash[String, String])) }
+    def self.sanitize_env_for_logging(env)
+      return nil if env.nil?
+      env.transform_keys(&:to_s).each_with_object({}) do |(key, value), result|
+        # Only redact if the key contains "TOKEN" (case-insensitive)
+        result[key] = if key.match?(/TOKEN/i)
+                        "<redacted>"
+                      else
+                        value
+                      end
+      end
+    end
   end
 end

data/lib/dependabot.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.353.0"
+  VERSION = "0.354.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.353.0
+  version: 0.354.0
 platform: ruby
 authors:
 - Dependabot
@@ -629,7 +629,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.353.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.354.0
 rdoc_options: []
 require_paths:
 - lib