dependabot-common 0.375.0 → 0.377.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9131ea6c1d60dcacb5910c06b15afb3c289d6ca84ed2b70633792148c37f69d3
-  data.tar.gz: 37e4b152ea03ba6cc051b89d27b89d8cdf07cde85209a9afb6e2772072f43647
+  metadata.gz: 6be97d14c40d59ea74fe9f48f02e95c13c734175d7eee00543924af96a216516
+  data.tar.gz: daf82ec144a7a3e8eb766988dec53b09e000dc34117d75c8ec220ccda7114d0f
 SHA512:
-  metadata.gz: c0603247a8e5ac0f1498e0ea4e497900792cf72f22ded37fa7039483c3d6da07372b6d413ddb25a54b4574e77e01a9ef7e68a86dfe5af87bffebb0afa213b2c7
-  data.tar.gz: ec29620b703653d8b35724d5176b9dd9c073ebba37e63805119684766e18d3fd2fb94e1536a23556ce44256a4b3b30d2327d68fcba8bc1bfa3ae8f2fb1d0fdf7
+  metadata.gz: 4cc34b89173ce3b43c688f5692a0a5c19b1bf66e3c527c5409e2e7699e7a15f7888feab422b4cda76f3c720be69463f4699fd4fba2d6491c10be5455811d194d
+  data.tar.gz: f74a92a16c5fd939ed7121f8f2a5e47fc6dbcce641bb572909cda4be83782a00ad715eb5c4d19d5e6ff7055bc1d4aab595c57a835d3f9860758844dc2d1542ba

data/lib/dependabot/dependency_file.rb

@@ -1,6 +1,7 @@
 # typed: strong
 # frozen_string_literal: true
 
+require "digest"
 require "pathname"
 require "sorbet-runtime"
 
@@ -209,6 +210,24 @@ module Dependabot
       T.must(content)
     end
 
+    # Returns the Git blob OID for this file's content,
+    # matching the value GitHub/Spokes uses for the same blob.
+    # Accepts :sha1 (default) or :sha256 to match the repository's object format.
+    sig { params(algorithm: Symbol).returns(T.nilable(String)) }
+    def blob_oid(algorithm: :sha1)
+      return nil unless content
+
+      raw = decoded_content.dup.force_encoding(Encoding::BINARY)
+      header = "blob #{raw.bytesize}\0".b
+      digest = case algorithm
+               when :sha256 then Digest::SHA256.new
+               else Digest::SHA1.new
+               end
+      digest.update(header)
+      digest.update(raw)
+      digest.hexdigest
+    end
+
     private
 
     sig { params(directory: String).returns(String) }

data/lib/dependabot/registry_client.rb

@@ -36,7 +36,7 @@ module Dependabot
         retry_interval: 5
       )
     rescue Excon::Error::Timeout, Excon::Error::Socket => e
-      cache_error(url, e)
+      cache_error(url, e) if cacheable_error?(e)
       raise e
     end
 
@@ -57,7 +57,7 @@ module Dependabot
         **SharedHelpers.excon_defaults({ headers: headers }.merge(options))
       )
     rescue Excon::Error::Timeout, Excon::Error::Socket => e
-      cache_error(url, e)
+      cache_error(url, e) if cacheable_error?(e)
       raise e
     end
 
@@ -77,5 +77,17 @@ module Dependabot
       host = URI(url).host
       @cached_errors.fetch(host, nil)
     end
+
+    sig { params(error: CachedErrorType).returns(T::Boolean) }
+    private_class_method def self.cacheable_error?(error)
+      if error.is_a?(Excon::Error::Socket)
+        case error.socket_error
+        when EOFError
+          return false
+        end
+      end
+
+      true
+    end
   end
 end

data/lib/dependabot/shared_helpers.rb

@@ -303,13 +303,20 @@ module Dependabot
       previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
       # adding a random suffix to avoid conflicts when running in parallel
       # some package managers like bundler will modify the global git config
-      git_config_global_path = File.expand_path("#{SecureRandom.hex(16)}.gitconfig", Utils::BUMP_TMP_DIR_PATH)
+      random_suffix = SecureRandom.hex(16)
+      git_config_global_path = File.expand_path("#{random_suffix}.gitconfig", Utils::BUMP_TMP_DIR_PATH)
+      git_store_path = File.join(Dir.pwd, "#{random_suffix}.git.store")
       previous_terminal_prompt = ENV.fetch("GIT_TERMINAL_PROMPT", nil)
 
       begin
         ENV["GIT_CONFIG_GLOBAL"] = git_config_global_path
         ENV["GIT_TERMINAL_PROMPT"] = "false"
-        configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
+        configure_git_to_use_https_with_credentials(
+          credentials,
+          safe_directories,
+          git_config_global_path,
+          git_store_path
+        )
         yield
       ensure
         ENV["GIT_CONFIG_GLOBAL"] = previous_config
@@ -319,6 +326,7 @@ module Dependabot
       raise Dependabot::OutOfDisk, e.message
     ensure
       FileUtils.rm_f(T.must(git_config_global_path))
+      FileUtils.rm_f(T.must(git_store_path))
     end
 
     # Handle SCP-style git URIs
@@ -339,10 +347,16 @@ module Dependabot
       params(
         credentials: T::Array[Dependabot::Credential],
         safe_directories: T::Array[String],
-        git_config_global_path: String
+        git_config_global_path: String,
+        git_store_path: String
       ).void
     end
-    def self.configure_git_to_use_https_with_credentials(credentials, safe_directories, git_config_global_path)
+    def self.configure_git_to_use_https_with_credentials(
+      credentials,
+      safe_directories,
+      git_config_global_path,
+      git_store_path
+    )
       File.open(git_config_global_path, "w") do |file|
         file << "# Generated by dependabot/dependabot-core"
       end
@@ -353,7 +367,7 @@ module Dependabot
       # whenever the credentials are deemed to be invalid, they're erased.
       run_shell_command(
         "git config --global credential.helper " \
-        "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
+        "'!#{credential_helper_path} --file #{git_store_path}'",
         allow_unsafe_shell_command: true,
         fingerprint: "git config --global credential.helper '<helper_command>'"
       )
@@ -398,7 +412,7 @@ module Dependabot
       end
 
       # Save the file
-      File.write("git.store", git_store_content)
+      File.write(git_store_path, git_store_content)
     end
     # rubocop:enable Metrics/AbcSize
     # rubocop:enable Metrics/PerceivedComplexity

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.375.0"
+  VERSION = "0.377.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.375.0
+  version: 0.377.0
 platform: ruby
 authors:
 - Dependabot
@@ -43,20 +43,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 5.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 5.0.0
 - !ruby/object:Gem::Dependency
   name: commonmarker
   requirement: !ruby/object:Gem::Requirement
@@ -147,14 +147,14 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.19'
+        version: '2.20'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.19'
+        version: '2.20'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -617,7 +617,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.375.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.377.0
 rdoc_options: []
 require_paths:
 - lib