dependabot-common 0.362.0 → 0.364.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/codecommit.rb +3 -3
- data/lib/dependabot/command_helpers.rb +5 -1
- data/lib/dependabot/config/ignore_condition.rb +2 -2
- data/lib/dependabot/dependency_graphers/base.rb +2 -2
- data/lib/dependabot/dependency_group.rb +0 -2
- data/lib/dependabot/errors.rb +9 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +2 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +45 -0
- data/lib/dependabot/shared_helpers.rb +17 -25
- data/lib/dependabot.rb +1 -1
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6da1e661120cc32753f744c61f71c22ea49fc6f2fdcbbfd3a137631acf3103e4
|
|
4
|
+
data.tar.gz: 1c3c5a19b497c29ac3fa2853202918f514cc2c702c091b8dd4af352b186ad61f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd97c8d6b0978058bf3204aee949f1082fda7d8724ac366a7684d35c3d82d867e1d26ce0bf24e3dd97e94b08b689d3276b681cdfa86782525dfa09aeae892af5
|
|
7
|
+
data.tar.gz: 13d846c8ab332fa64643df2bdc4aa95a47250efdbf10a382a77df4e63312bf773a1f01fdaaa72390d715cd4132f1798d5a4ceec70910dca43ee271abaeca5a29
|
|
@@ -296,9 +296,9 @@ module Dependabot
|
|
|
296
296
|
title: pr_name,
|
|
297
297
|
description: pr_description,
|
|
298
298
|
targets: [
|
|
299
|
-
repository_name: source.unscoped_repo,
|
|
300
|
-
|
|
301
|
-
|
|
299
|
+
{ repository_name: source.unscoped_repo,
|
|
300
|
+
source_reference: target_branch,
|
|
301
|
+
destination_reference: source_branch }
|
|
302
302
|
]
|
|
303
303
|
)
|
|
304
304
|
end
|
|
@@ -103,7 +103,11 @@ module Dependabot
|
|
|
103
103
|
Dependabot.logger.info("Started process PID: #{pid} with command: #{sanitized_env_cmd.join(' ')}")
|
|
104
104
|
|
|
105
105
|
# Write to stdin if input data is provided
|
|
106
|
-
|
|
106
|
+
begin
|
|
107
|
+
stdin&.write(stdin_data) if stdin_data
|
|
108
|
+
rescue Errno::EPIPE
|
|
109
|
+
# Process exited before reading stdin - continue to collect output
|
|
110
|
+
end
|
|
107
111
|
stdin&.close
|
|
108
112
|
|
|
109
113
|
stdout_io.sync = true
|
|
@@ -27,8 +27,8 @@ module Dependabot
|
|
|
27
27
|
sig do
|
|
28
28
|
params(
|
|
29
29
|
dependency_name: String,
|
|
30
|
-
versions: T.
|
|
31
|
-
update_types: T.
|
|
30
|
+
versions: T.nilable(T::Array[String]),
|
|
31
|
+
update_types: T.nilable(T::Array[String])
|
|
32
32
|
).void
|
|
33
33
|
end
|
|
34
34
|
def initialize(dependency_name:, versions: nil, update_types: nil)
|
|
@@ -91,8 +91,8 @@ module Dependabot
|
|
|
91
91
|
sig { returns(T::Hash[String, Dependabot::Dependency]) }
|
|
92
92
|
def dependencies_by_name
|
|
93
93
|
@dependencies_by_name ||= T.let(
|
|
94
|
-
@dependencies.
|
|
95
|
-
|
|
94
|
+
@dependencies.to_h do |dep|
|
|
95
|
+
[dep.name, dep]
|
|
96
96
|
end,
|
|
97
97
|
T.nilable(T::Hash[String, Dependabot::Dependency])
|
|
98
98
|
)
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -52,6 +52,13 @@ module Dependabot
|
|
|
52
52
|
message: error.message
|
|
53
53
|
}
|
|
54
54
|
}
|
|
55
|
+
when Dependabot::RefNamespaceConflictError
|
|
56
|
+
{
|
|
57
|
+
"error-type": "file_fetcher_error",
|
|
58
|
+
"error-detail": {
|
|
59
|
+
message: error.message
|
|
60
|
+
}
|
|
61
|
+
}
|
|
55
62
|
when Dependabot::DirectoryNotFound
|
|
56
63
|
{
|
|
57
64
|
"error-type": "directory_not_found",
|
|
@@ -469,6 +476,8 @@ module Dependabot
|
|
|
469
476
|
|
|
470
477
|
class InvalidGitAuthToken < DependabotError; end
|
|
471
478
|
|
|
479
|
+
class RefNamespaceConflictError < DependabotError; end
|
|
480
|
+
|
|
472
481
|
#####################
|
|
473
482
|
# Repo level errors #
|
|
474
483
|
#####################
|
|
@@ -210,6 +210,8 @@ module Dependabot
|
|
|
210
210
|
dependency_file_list(ref)
|
|
211
211
|
.select { |f| f.type == "file" }
|
|
212
212
|
.reject { |f| f.name.end_with?(".sh") }
|
|
213
|
+
# JSON files are machine-readable, not useful as changelogs
|
|
214
|
+
.reject { |f| f.name.end_with?(".json") }
|
|
213
215
|
.reject { |f| f.size > 1_000_000 }
|
|
214
216
|
.reject { |f| f.size < 100 }
|
|
215
217
|
|
|
@@ -263,6 +263,8 @@ module Dependabot
|
|
|
263
263
|
|
|
264
264
|
sig { returns(String) }
|
|
265
265
|
def group_pr_name
|
|
266
|
+
return dependency_name_group_pr_name if dependency_group&.group_by_dependency_name?
|
|
267
|
+
|
|
266
268
|
if source.directories
|
|
267
269
|
grouped_directory_name
|
|
268
270
|
else
|
|
@@ -270,6 +272,20 @@ module Dependabot
|
|
|
270
272
|
end
|
|
271
273
|
end
|
|
272
274
|
|
|
275
|
+
sig { returns(String) }
|
|
276
|
+
def dependency_name_group_pr_name
|
|
277
|
+
dep = T.must(dependencies.first)
|
|
278
|
+
directories = dep.metadata[:updated_directories] || [dep.metadata[:directory]].compact
|
|
279
|
+
|
|
280
|
+
if directories.count > 1
|
|
281
|
+
"bump #{dep.name} across #{directories.count} directories"
|
|
282
|
+
elsif directories.one?
|
|
283
|
+
"bump #{dep.name} in #{directories.first}"
|
|
284
|
+
else
|
|
285
|
+
"bump #{dep.name}"
|
|
286
|
+
end
|
|
287
|
+
end
|
|
288
|
+
|
|
273
289
|
sig { returns(String) }
|
|
274
290
|
def grouped_name
|
|
275
291
|
updates = dependencies.map(&:name).uniq.count
|
|
@@ -411,6 +427,8 @@ module Dependabot
|
|
|
411
427
|
# rubocop:disable Metrics/AbcSize
|
|
412
428
|
sig { returns(String) }
|
|
413
429
|
def version_commit_message_intro
|
|
430
|
+
return dependency_name_group_intro if dependency_group&.group_by_dependency_name? && source.directories
|
|
431
|
+
|
|
414
432
|
return multi_directory_group_intro if dependency_group && source.directories
|
|
415
433
|
|
|
416
434
|
return group_intro if dependency_group
|
|
@@ -546,6 +564,33 @@ module Dependabot
|
|
|
546
564
|
end
|
|
547
565
|
# rubocop:enable Metrics/AbcSize
|
|
548
566
|
|
|
567
|
+
sig { returns(String) }
|
|
568
|
+
def dependency_name_group_intro
|
|
569
|
+
dep = T.must(dependencies.first)
|
|
570
|
+
directories = dep.metadata[:updated_directories] || [dep.metadata[:directory]].compact
|
|
571
|
+
|
|
572
|
+
msg = "Bumps #{dependency_links.first}"
|
|
573
|
+
|
|
574
|
+
if directories.count > 1
|
|
575
|
+
msg += " across #{directories.count} directories:\n\n"
|
|
576
|
+
msg += directories.map do |dir|
|
|
577
|
+
prev_version = dep.humanized_previous_version || "unknown"
|
|
578
|
+
new_version = dep.humanized_version || "unknown"
|
|
579
|
+
"- `#{dir}`: #{prev_version} → #{new_version}"
|
|
580
|
+
end.join("\n")
|
|
581
|
+
elsif directories.one?
|
|
582
|
+
msg += " in `#{directories.first}`"
|
|
583
|
+
msg += " #{from_version_msg(dep.humanized_previous_version)}"
|
|
584
|
+
msg += "to #{dep.humanized_version}."
|
|
585
|
+
else
|
|
586
|
+
msg += " #{from_version_msg(dep.humanized_previous_version)}"
|
|
587
|
+
msg += "to #{dep.humanized_version}."
|
|
588
|
+
end
|
|
589
|
+
|
|
590
|
+
msg += "\n"
|
|
591
|
+
msg
|
|
592
|
+
end
|
|
593
|
+
|
|
549
594
|
sig { returns(String) }
|
|
550
595
|
def group_intro
|
|
551
596
|
# Ensure dependencies are unique by name, from and to versions
|
|
@@ -163,15 +163,13 @@ module Dependabot
|
|
|
163
163
|
end
|
|
164
164
|
|
|
165
165
|
env_cmd = [env, cmd].compact
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
stdout, stderr, process = T.unsafe(Open3).capture3(*env_cmd, stdin_data: stdin_data)
|
|
174
|
-
end
|
|
166
|
+
raw_stdout, raw_stderr, process = CommandHelpers.capture3_with_timeout(
|
|
167
|
+
env_cmd,
|
|
168
|
+
stdin_data: stdin_data,
|
|
169
|
+
timeout: timeout
|
|
170
|
+
)
|
|
171
|
+
stdout = T.let(raw_stdout || "", String)
|
|
172
|
+
stderr = T.let(raw_stderr || "", String)
|
|
175
173
|
time_taken = Time.now - start
|
|
176
174
|
|
|
177
175
|
if ENV["DEBUG_HELPERS"] == "true"
|
|
@@ -480,22 +478,16 @@ module Dependabot
|
|
|
480
478
|
opts[:chdir] = cwd if cwd
|
|
481
479
|
|
|
482
480
|
env_cmd = [env || {}, cmd, opts].compact
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
)
|
|
494
|
-
elsif stderr_to_stdout
|
|
495
|
-
stdout, process = Open3.capture2e(env || {}, cmd, opts)
|
|
496
|
-
else
|
|
497
|
-
stdout, stderr, process = Open3.capture3(env || {}, cmd, opts)
|
|
498
|
-
end
|
|
481
|
+
kwargs = {
|
|
482
|
+
stderr_to_stdout: stderr_to_stdout,
|
|
483
|
+
timeout: timeout
|
|
484
|
+
}
|
|
485
|
+
kwargs[:output_observer] = output_observer if output_observer
|
|
486
|
+
|
|
487
|
+
stdout, stderr, process = CommandHelpers.capture3_with_timeout(
|
|
488
|
+
env_cmd,
|
|
489
|
+
**kwargs
|
|
490
|
+
)
|
|
499
491
|
|
|
500
492
|
time_taken = Time.now - start
|
|
501
493
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.364.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -133,28 +133,28 @@ dependencies:
|
|
|
133
133
|
requirements:
|
|
134
134
|
- - "~>"
|
|
135
135
|
- !ruby/object:Gem::Version
|
|
136
|
-
version: '
|
|
136
|
+
version: '6.0'
|
|
137
137
|
type: :runtime
|
|
138
138
|
prerelease: false
|
|
139
139
|
version_requirements: !ruby/object:Gem::Requirement
|
|
140
140
|
requirements:
|
|
141
141
|
- - "~>"
|
|
142
142
|
- !ruby/object:Gem::Version
|
|
143
|
-
version: '
|
|
143
|
+
version: '6.0'
|
|
144
144
|
- !ruby/object:Gem::Dependency
|
|
145
145
|
name: json
|
|
146
146
|
requirement: !ruby/object:Gem::Requirement
|
|
147
147
|
requirements:
|
|
148
148
|
- - "<"
|
|
149
149
|
- !ruby/object:Gem::Version
|
|
150
|
-
version: '2.
|
|
150
|
+
version: '2.19'
|
|
151
151
|
type: :runtime
|
|
152
152
|
prerelease: false
|
|
153
153
|
version_requirements: !ruby/object:Gem::Requirement
|
|
154
154
|
requirements:
|
|
155
155
|
- - "<"
|
|
156
156
|
- !ruby/object:Gem::Version
|
|
157
|
-
version: '2.
|
|
157
|
+
version: '2.19'
|
|
158
158
|
- !ruby/object:Gem::Dependency
|
|
159
159
|
name: nokogiri
|
|
160
160
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -175,14 +175,14 @@ dependencies:
|
|
|
175
175
|
requirements:
|
|
176
176
|
- - "~>"
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
|
-
version: '
|
|
178
|
+
version: '10.0'
|
|
179
179
|
type: :runtime
|
|
180
180
|
prerelease: false
|
|
181
181
|
version_requirements: !ruby/object:Gem::Requirement
|
|
182
182
|
requirements:
|
|
183
183
|
- - "~>"
|
|
184
184
|
- !ruby/object:Gem::Version
|
|
185
|
-
version: '
|
|
185
|
+
version: '10.0'
|
|
186
186
|
- !ruby/object:Gem::Dependency
|
|
187
187
|
name: opentelemetry-api
|
|
188
188
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -357,14 +357,14 @@ dependencies:
|
|
|
357
357
|
requirements:
|
|
358
358
|
- - "~>"
|
|
359
359
|
- !ruby/object:Gem::Version
|
|
360
|
-
version: '
|
|
360
|
+
version: '2.0'
|
|
361
361
|
type: :development
|
|
362
362
|
prerelease: false
|
|
363
363
|
version_requirements: !ruby/object:Gem::Requirement
|
|
364
364
|
requirements:
|
|
365
365
|
- - "~>"
|
|
366
366
|
- !ruby/object:Gem::Version
|
|
367
|
-
version: '
|
|
367
|
+
version: '2.0'
|
|
368
368
|
- !ruby/object:Gem::Dependency
|
|
369
369
|
name: rspec-sorbet
|
|
370
370
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -615,7 +615,7 @@ licenses:
|
|
|
615
615
|
- MIT
|
|
616
616
|
metadata:
|
|
617
617
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
618
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
618
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|
|
621
621
|
- lib
|