dependabot-common 0.372.0 → 0.373.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/command_helpers.rb +29 -4
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/dependency_graphers/base.rb +21 -2
- data/lib/dependabot/file_fetchers/base.rb +2 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +1 -0
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +5 -3
- data/lib/dependabot.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3813dcd4d0293e11d9da8b1425d9c800f4c94552e38bf8765d912b51b7c2643c
|
|
4
|
+
data.tar.gz: bb7a4005a51cbb9ecb432a1cd25c67f664cea48dad9f900de65de30f99d9dbcd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3cb91b2676a6722670b020f805de186af35e79f73640771927070b103549a74b40fc3696890a4062b5a0045e9ad3f4ab43ddff89a46357f0113b2bd8861f4935
|
|
7
|
+
data.tar.gz: d70c62d66ea75085d88834d51d01504c412e6cd4676aba9c05e779d031ca916e614acacf021f9d71e593c7f976748096878d8aa00aa1c5a9b885c6da9165d1f4
|
|
@@ -23,6 +23,13 @@ module Dependabot
|
|
|
23
23
|
T.nilable(T.proc.params(data: String).returns(T::Hash[Symbol, T.untyped]))
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
EnvCmdItem = T.type_alias do
|
|
27
|
+
T.any(
|
|
28
|
+
String,
|
|
29
|
+
T::Hash[T.any(String, Symbol), T.untyped]
|
|
30
|
+
)
|
|
31
|
+
end
|
|
32
|
+
|
|
26
33
|
class ProcessStatus
|
|
27
34
|
extend T::Sig
|
|
28
35
|
|
|
@@ -72,7 +79,7 @@ module Dependabot
|
|
|
72
79
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
73
80
|
sig do
|
|
74
81
|
params(
|
|
75
|
-
env_cmd: T::Array[
|
|
82
|
+
env_cmd: T::Array[EnvCmdItem],
|
|
76
83
|
stdin_data: T.nilable(String),
|
|
77
84
|
stderr_to_stdout: T::Boolean,
|
|
78
85
|
timeout: Integer,
|
|
@@ -95,12 +102,15 @@ module Dependabot
|
|
|
95
102
|
begin
|
|
96
103
|
T.unsafe(Open3).popen3(*env_cmd) do |stdin, stdout_io, stderr_io, wait_thr| # rubocop:disable Metrics/BlockLength
|
|
97
104
|
pid = wait_thr.pid
|
|
105
|
+
command_string = command_string_for_logging(env_cmd)
|
|
106
|
+
log_level = short_git_config_command?(command_string) ? :debug : :info
|
|
98
107
|
sanitized_env_cmd = if env_cmd.first.is_a?(Hash)
|
|
99
108
|
[SharedHelpers.send(:sanitize_env_for_logging, env_cmd.first), *env_cmd[1..]]
|
|
100
109
|
else
|
|
101
110
|
env_cmd
|
|
102
111
|
end
|
|
103
|
-
|
|
112
|
+
command_for_log = sanitized_env_cmd.join(" ")
|
|
113
|
+
Dependabot.logger.public_send(log_level, "Started process PID: #{pid} with command: #{command_for_log}")
|
|
104
114
|
|
|
105
115
|
# Write to stdin if input data is provided
|
|
106
116
|
begin
|
|
@@ -179,7 +189,7 @@ module Dependabot
|
|
|
179
189
|
end
|
|
180
190
|
|
|
181
191
|
status = ProcessStatus.new(wait_thr.value)
|
|
182
|
-
Dependabot.logger.
|
|
192
|
+
Dependabot.logger.public_send(log_level, "Process PID: #{pid} completed with status: #{status}")
|
|
183
193
|
end
|
|
184
194
|
rescue Timeout::Error => e
|
|
185
195
|
Dependabot.logger.error("Process PID: #{pid} failed due to timeout: #{e.message}")
|
|
@@ -195,7 +205,8 @@ module Dependabot
|
|
|
195
205
|
end
|
|
196
206
|
|
|
197
207
|
elapsed_time = Time.now - start_time
|
|
198
|
-
|
|
208
|
+
log_level = short_git_config_command?(command_string_for_logging(env_cmd)) ? :debug : :info
|
|
209
|
+
Dependabot.logger.public_send(log_level, "Total execution time: #{elapsed_time.round(2)} seconds")
|
|
199
210
|
[stdout, stderr, status, elapsed_time]
|
|
200
211
|
end
|
|
201
212
|
# rubocop:enable Metrics/AbcSize
|
|
@@ -249,5 +260,19 @@ module Dependabot
|
|
|
249
260
|
command_parts = command.split.map(&:strip).reject(&:empty?)
|
|
250
261
|
Shellwords.join(command_parts)
|
|
251
262
|
end
|
|
263
|
+
|
|
264
|
+
sig { params(env_cmd: T::Array[EnvCmdItem]).returns(T.nilable(String)) }
|
|
265
|
+
def self.command_string_for_logging(env_cmd)
|
|
266
|
+
T.cast(env_cmd.find { |item| item.is_a?(String) }, T.nilable(String))
|
|
267
|
+
end
|
|
268
|
+
private_class_method :command_string_for_logging
|
|
269
|
+
|
|
270
|
+
sig { params(command: T.nilable(String)).returns(T::Boolean) }
|
|
271
|
+
def self.short_git_config_command?(command)
|
|
272
|
+
return false if command.nil?
|
|
273
|
+
|
|
274
|
+
command.start_with?("git config --global ")
|
|
275
|
+
end
|
|
276
|
+
private_class_method :short_git_config_command?
|
|
252
277
|
end
|
|
253
278
|
end
|
|
@@ -100,18 +100,37 @@ module Dependabot
|
|
|
100
100
|
|
|
101
101
|
sig { params(dependency: Dependabot::Dependency).returns(T::Array[Dependabot::Dependency]) }
|
|
102
102
|
def safe_fetch_subdependencies(dependency)
|
|
103
|
-
return [] if
|
|
103
|
+
return [] if errored_fetching_subdependencies
|
|
104
104
|
|
|
105
105
|
fetch_subdependencies(dependency).filter_map do |dependency_name|
|
|
106
106
|
dependencies_by_name[dependency_name]
|
|
107
107
|
end
|
|
108
108
|
rescue StandardError => e
|
|
109
|
-
|
|
109
|
+
errored_fetching_subdependencies!
|
|
110
110
|
@subdependency_error = T.let(e, T.nilable(StandardError))
|
|
111
111
|
Dependabot.logger.error("Error fetching subdependencies: #{e.message}")
|
|
112
112
|
[]
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
+
# TODO(brrygrdn): Replace this with a `degraded` flag and a `reason` string/enum
|
|
116
|
+
#
|
|
117
|
+
# Nearly all failure modes we have so far amount to 'we couldn't get the full tree for some reason' which is
|
|
118
|
+
# semantically the same as failing to fetch subdependencies, but it is elides some specific information we
|
|
119
|
+
# could use to improve user-facing errors in future, e.g.
|
|
120
|
+
# - Auth failure doing a necessary operation; fix your auth please
|
|
121
|
+
# - Auth failure generating an ephemeral lockfile; fix your auth -or- check in your lockfile
|
|
122
|
+
#
|
|
123
|
+
# The reason this isn't precise enough is that in some ecosystems, the degradation from an ephemeral lockfile
|
|
124
|
+
# goes further and we cannot actually tell versions of top-level dependencies either.
|
|
125
|
+
#
|
|
126
|
+
# To reflect this properly as we expand our ecosystems, setting a generic degraded flag along with user
|
|
127
|
+
# guidance from the ecosystem-specific implementation will allow us to be clearer on remediation in UIs
|
|
128
|
+
# in addition to the job logs.
|
|
129
|
+
sig { void }
|
|
130
|
+
def errored_fetching_subdependencies!
|
|
131
|
+
@errored_fetching_subdependencies = true
|
|
132
|
+
end
|
|
133
|
+
|
|
115
134
|
# Each grapher is expected to implement a method to look up the parents of a given dependency.
|
|
116
135
|
#
|
|
117
136
|
# The strategy that should be used is highly dependent on the ecosystem, in some cases the parser
|
|
@@ -196,7 +196,8 @@ module Dependabot
|
|
|
196
196
|
|
|
197
197
|
sig { returns(T.nilable(String)) }
|
|
198
198
|
def commit
|
|
199
|
-
|
|
199
|
+
resolved_cloned_commit = cloned_commit
|
|
200
|
+
return resolved_cloned_commit if resolved_cloned_commit
|
|
200
201
|
return T.must(source.commit) if source.commit
|
|
201
202
|
|
|
202
203
|
branch = target_branch || default_branch_for_repo
|
|
@@ -214,6 +214,7 @@ module Dependabot
|
|
|
214
214
|
sig { returns(String) }
|
|
215
215
|
def solo_pr_name
|
|
216
216
|
name = library? ? library_pr_name : application_pr_name
|
|
217
|
+
name += " (via audit fix)" if dependencies.any? { |dep| dep.metadata[:audit_fix_used] }
|
|
217
218
|
"#{name}#{pr_name_directory}"
|
|
218
219
|
end
|
|
219
220
|
|
|
@@ -200,10 +200,12 @@ module Dependabot
|
|
|
200
200
|
return unless (msg = last_dependabot_commit_title)
|
|
201
201
|
|
|
202
202
|
return :gitmoji if msg.start_with?("⬆️")
|
|
203
|
-
return :conventional_prefix if msg.match?(/\A(chore|build|upgrade):/i)
|
|
204
|
-
return unless msg.match?(/\A(chore|build|upgrade)\(/i)
|
|
205
203
|
|
|
206
|
-
|
|
204
|
+
prefixes = (ANGULAR_PREFIXES + ESLINT_PREFIXES).uniq(&:downcase).join("|")
|
|
205
|
+
return :conventional_prefix if msg.match?(/\A(#{prefixes}):/i)
|
|
206
|
+
return :conventional_prefix_with_scope if msg.match?(/\A(#{prefixes})\(/i)
|
|
207
|
+
|
|
208
|
+
nil
|
|
207
209
|
end
|
|
208
210
|
|
|
209
211
|
sig { returns(T.nilable(String)) }
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.373.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -617,7 +617,7 @@ licenses:
|
|
|
617
617
|
- MIT
|
|
618
618
|
metadata:
|
|
619
619
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
620
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
620
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.373.0
|
|
621
621
|
rdoc_options: []
|
|
622
622
|
require_paths:
|
|
623
623
|
- lib
|