dependabot-common 0.383.0 → 0.384.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +48 -13
- data/lib/dependabot/config/ignore_condition.rb +1 -1
- data/lib/dependabot/package/package_latest_version_finder.rb +0 -1
- data/lib/dependabot/pull_request_creator/commit_message_options.rb +70 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +6 -3
- data/lib/dependabot/pull_request_creator/message_builder/title_builder.rb +14 -10
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +14 -10
- data/lib/dependabot/version.rb +13 -0
- data/lib/dependabot.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4011821492cf0ae915acc4d9b0783f699f5522946eac07bbef8973e8692df1f9
|
|
4
|
+
data.tar.gz: 7502e7687e79b39ec94fad1c9318e1b40b7cdf7965c8c1818ebda3a7a914b8ee
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c5f9708f6197bf0fe6e6dd22b971e41522f7deb6af1963786276dd5246d3177741768e4065d437c4ad3906ff0d0d91afd10b41a0108c0e553a14be2ae1dfde5f
|
|
7
|
+
data.tar.gz: 1e9ebca6d67ec61d619f36e71cfd02cd92c1aca3d6701b47ff4a94c95f2abcdb05277de57902d4dea2b1d5bb6410cabbc027c81bb0e8884bbee84d31cd43e2f4
|
|
@@ -102,33 +102,68 @@ module Dependabot
|
|
|
102
102
|
T::Hash[String, String]
|
|
103
103
|
)
|
|
104
104
|
|
|
105
|
-
sig { params(cfg: T.nilable(T::Hash[Symbol, T.
|
|
105
|
+
sig { params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(T::Array[IgnoreCondition]) }
|
|
106
106
|
def ignore_conditions(cfg)
|
|
107
|
-
|
|
108
|
-
|
|
107
|
+
array_values(cfg&.dig(:ignore)).map do |raw|
|
|
108
|
+
ic = hash_values(raw)
|
|
109
109
|
IgnoreCondition.new(
|
|
110
|
-
dependency_name: ic[:"dependency-name"],
|
|
111
|
-
versions: ic[:versions],
|
|
112
|
-
update_types: ic[:"update-types"]
|
|
110
|
+
dependency_name: T.must(string_value(ic[:"dependency-name"])),
|
|
111
|
+
versions: string_array(ic[:versions]),
|
|
112
|
+
update_types: string_array(ic[:"update-types"])
|
|
113
113
|
)
|
|
114
114
|
end
|
|
115
115
|
end
|
|
116
116
|
|
|
117
117
|
sig do
|
|
118
|
-
params(cfg: T.nilable(T::Hash[Symbol, T.
|
|
118
|
+
params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(UpdateConfig::CommitMessageOptions)
|
|
119
119
|
end
|
|
120
120
|
def commit_message_options(cfg)
|
|
121
|
-
commit_message = cfg&.dig(:"commit-message")
|
|
121
|
+
commit_message = hash_values(cfg&.dig(:"commit-message"))
|
|
122
|
+
prefix = string_value(commit_message[:prefix])
|
|
122
123
|
UpdateConfig::CommitMessageOptions.new(
|
|
123
|
-
prefix:
|
|
124
|
-
prefix_development: commit_message[:"prefix-development"] ||
|
|
125
|
-
include: commit_message[:include]
|
|
124
|
+
prefix: prefix,
|
|
125
|
+
prefix_development: string_value(commit_message[:"prefix-development"]) || prefix,
|
|
126
|
+
include: string_value(commit_message[:include])
|
|
126
127
|
)
|
|
127
128
|
end
|
|
128
129
|
|
|
129
|
-
sig { params(cfg: T.nilable(T::Hash[Symbol, T.
|
|
130
|
+
sig { params(cfg: T.nilable(T::Hash[Symbol, T.anything])).returns(T::Array[String]) }
|
|
130
131
|
def exclude_paths(cfg)
|
|
131
|
-
|
|
132
|
+
string_array(cfg&.dig(:"exclude-paths")) || []
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
# The methods below narrow the loosely typed, parsed-YAML config values
|
|
136
|
+
# (Symbol-keyed hashes whose values are arbitrary) into the specific
|
|
137
|
+
# types the config objects expect.
|
|
138
|
+
|
|
139
|
+
sig { params(value: T.anything).returns(T.nilable(String)) }
|
|
140
|
+
def string_value(value)
|
|
141
|
+
case value
|
|
142
|
+
when String then value
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
sig { params(value: T.anything).returns(T::Hash[Symbol, T.anything]) }
|
|
147
|
+
def hash_values(value)
|
|
148
|
+
case value
|
|
149
|
+
when Hash then value
|
|
150
|
+
else {}
|
|
151
|
+
end
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
sig { params(value: T.anything).returns(T::Array[T.anything]) }
|
|
155
|
+
def array_values(value)
|
|
156
|
+
case value
|
|
157
|
+
when Array then value
|
|
158
|
+
else []
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
sig { params(value: T.anything).returns(T.nilable(T::Array[String])) }
|
|
163
|
+
def string_array(value)
|
|
164
|
+
case value
|
|
165
|
+
when Array then value.map(&:to_s)
|
|
166
|
+
end
|
|
132
167
|
end
|
|
133
168
|
end
|
|
134
169
|
end
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class PullRequestCreator
|
|
8
|
+
# Typed view over the `commit_message_options` hash threaded into the PR
|
|
9
|
+
# creator's title and prefix builders. The raw options arrive as a loosely
|
|
10
|
+
# typed hash sourced from user config, so this parses the known keys once at
|
|
11
|
+
# the boundary and lets downstream builders use typed readers instead of
|
|
12
|
+
# digging an untyped hash.
|
|
13
|
+
class CommitMessageOptions
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
16
|
+
sig { returns(T.nilable(String)) }
|
|
17
|
+
attr_reader :prefix
|
|
18
|
+
|
|
19
|
+
sig { returns(T.nilable(String)) }
|
|
20
|
+
attr_reader :prefix_development
|
|
21
|
+
|
|
22
|
+
sig { returns(T::Boolean) }
|
|
23
|
+
attr_reader :include_scope
|
|
24
|
+
|
|
25
|
+
sig do
|
|
26
|
+
params(
|
|
27
|
+
prefix: T.nilable(String),
|
|
28
|
+
prefix_development: T.nilable(String),
|
|
29
|
+
include_scope: T::Boolean
|
|
30
|
+
).void
|
|
31
|
+
end
|
|
32
|
+
def initialize(prefix: nil, prefix_development: nil, include_scope: false)
|
|
33
|
+
@prefix = prefix
|
|
34
|
+
@prefix_development = prefix_development
|
|
35
|
+
@include_scope = include_scope
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
# Parses a raw options hash. Unknown keys are ignored, and absent or
|
|
39
|
+
# non-string prefixes become nil.
|
|
40
|
+
sig { params(options: T::Hash[Symbol, T.anything]).returns(CommitMessageOptions) }
|
|
41
|
+
def self.from_hash(options)
|
|
42
|
+
new(
|
|
43
|
+
prefix: coerce_string(options[:prefix]),
|
|
44
|
+
prefix_development: coerce_string(options[:prefix_development]),
|
|
45
|
+
include_scope: options[:include_scope] ? true : false
|
|
46
|
+
)
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
sig { params(value: T.anything).returns(T.nilable(String)) }
|
|
50
|
+
def self.coerce_string(value)
|
|
51
|
+
case value
|
|
52
|
+
when String then value
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
private_class_method :coerce_string
|
|
56
|
+
|
|
57
|
+
# True when an explicit (non-nil) prefix was provided.
|
|
58
|
+
sig { returns(T::Boolean) }
|
|
59
|
+
def prefix?
|
|
60
|
+
!prefix.nil?
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# True when an explicit (non-nil) development prefix was provided.
|
|
64
|
+
sig { returns(T::Boolean) }
|
|
65
|
+
def prefix_development?
|
|
66
|
+
!prefix_development.nil?
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
@@ -247,7 +247,7 @@ module Dependabot
|
|
|
247
247
|
end
|
|
248
248
|
end
|
|
249
249
|
|
|
250
|
-
sig { params(details: T::Hash[String, T.
|
|
250
|
+
sig { params(details: T::Hash[String, T.anything]).returns(String) }
|
|
251
251
|
def vulnerability_version_range_lines(details)
|
|
252
252
|
msg = ""
|
|
253
253
|
%w(
|
|
@@ -256,9 +256,12 @@ module Dependabot
|
|
|
256
256
|
affected_versions
|
|
257
257
|
).each do |tp|
|
|
258
258
|
type = T.must(tp.split("_").first).capitalize
|
|
259
|
-
|
|
259
|
+
versions = case (value = details[tp])
|
|
260
|
+
when Array then value
|
|
261
|
+
end
|
|
262
|
+
next unless versions
|
|
260
263
|
|
|
261
|
-
versions_string =
|
|
264
|
+
versions_string = versions.any? ? versions.join("; ") : "none"
|
|
262
265
|
versions_string = versions_string.gsub(/(?<!\\)~/, '\~')
|
|
263
266
|
msg += "> #{type} versions: #{versions_string}\n"
|
|
264
267
|
end
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/dependency"
|
|
6
6
|
require "dependabot/logger"
|
|
7
|
+
require "dependabot/pull_request_creator/commit_message_options"
|
|
7
8
|
require "dependabot/pull_request_creator/pr_name_prefixer"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
@@ -25,7 +26,7 @@ module Dependabot
|
|
|
25
26
|
sig { returns(T.nilable(Dependabot::PullRequestCreator::PrNamePrefixer)) }
|
|
26
27
|
attr_reader :prefixer
|
|
27
28
|
|
|
28
|
-
sig { returns(T.nilable(
|
|
29
|
+
sig { returns(T.nilable(CommitMessageOptions)) }
|
|
29
30
|
attr_reader :commit_message_options
|
|
30
31
|
|
|
31
32
|
sig { returns(T.nilable(T::Array[Dependabot::Dependency])) }
|
|
@@ -35,14 +36,17 @@ module Dependabot
|
|
|
35
36
|
params(
|
|
36
37
|
base_title: String,
|
|
37
38
|
prefixer: T.nilable(Dependabot::PullRequestCreator::PrNamePrefixer),
|
|
38
|
-
commit_message_options: T.nilable(T::Hash[Symbol, T.
|
|
39
|
+
commit_message_options: T.nilable(T::Hash[Symbol, T.anything]),
|
|
39
40
|
dependencies: T.nilable(T::Array[Dependabot::Dependency])
|
|
40
41
|
).void
|
|
41
42
|
end
|
|
42
43
|
def initialize(base_title:, prefixer: nil, commit_message_options: nil, dependencies: nil)
|
|
43
44
|
@base_title = base_title
|
|
44
45
|
@prefixer = prefixer
|
|
45
|
-
@commit_message_options =
|
|
46
|
+
@commit_message_options = T.let(
|
|
47
|
+
commit_message_options && CommitMessageOptions.from_hash(commit_message_options),
|
|
48
|
+
T.nilable(CommitMessageOptions)
|
|
49
|
+
)
|
|
46
50
|
@dependencies = dependencies
|
|
47
51
|
end
|
|
48
52
|
|
|
@@ -85,12 +89,12 @@ module Dependabot
|
|
|
85
89
|
# but without requiring source/credentials.
|
|
86
90
|
sig { returns(String) }
|
|
87
91
|
def build_explicit_prefix
|
|
88
|
-
return "" unless commit_message_options&.
|
|
92
|
+
return "" unless commit_message_options&.prefix?
|
|
89
93
|
|
|
90
94
|
prefix = explicit_prefix_string
|
|
91
95
|
return "" if prefix.empty?
|
|
92
96
|
|
|
93
|
-
prefix += "(#{scope})" if commit_message_options&.
|
|
97
|
+
prefix += "(#{scope})" if commit_message_options&.include_scope
|
|
94
98
|
# Append colon after alphanumeric or closing bracket to follow
|
|
95
99
|
# conventional commit format (e.g., "chore: ..." or "fix(deps): ...")
|
|
96
100
|
prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
|
|
@@ -101,11 +105,11 @@ module Dependabot
|
|
|
101
105
|
sig { returns(String) }
|
|
102
106
|
def explicit_prefix_string
|
|
103
107
|
if production_dependencies?
|
|
104
|
-
commit_message_options&.
|
|
105
|
-
elsif commit_message_options&.
|
|
106
|
-
commit_message_options&.
|
|
108
|
+
commit_message_options&.prefix.to_s
|
|
109
|
+
elsif commit_message_options&.prefix_development?
|
|
110
|
+
commit_message_options&.prefix_development.to_s
|
|
107
111
|
else
|
|
108
|
-
commit_message_options&.
|
|
112
|
+
commit_message_options&.prefix.to_s
|
|
109
113
|
end
|
|
110
114
|
end
|
|
111
115
|
|
|
@@ -9,6 +9,7 @@ require "dependabot/clients/codecommit"
|
|
|
9
9
|
require "dependabot/clients/github_with_retries"
|
|
10
10
|
require "dependabot/clients/gitlab_with_retries"
|
|
11
11
|
require "dependabot/pull_request_creator"
|
|
12
|
+
require "dependabot/pull_request_creator/commit_message_options"
|
|
12
13
|
|
|
13
14
|
module Dependabot
|
|
14
15
|
class PullRequestCreator
|
|
@@ -39,7 +40,7 @@ module Dependabot
|
|
|
39
40
|
dependencies: T::Array[Dependency],
|
|
40
41
|
credentials: T::Array[Dependabot::Credential],
|
|
41
42
|
security_fix: T::Boolean,
|
|
42
|
-
commit_message_options: T.nilable(T::Hash[Symbol, T.
|
|
43
|
+
commit_message_options: T.nilable(T::Hash[Symbol, T.anything])
|
|
43
44
|
)
|
|
44
45
|
.void
|
|
45
46
|
end
|
|
@@ -54,7 +55,10 @@ module Dependabot
|
|
|
54
55
|
@source = source
|
|
55
56
|
@credentials = credentials
|
|
56
57
|
@security_fix = security_fix
|
|
57
|
-
@commit_message_options =
|
|
58
|
+
@commit_message_options = T.let(
|
|
59
|
+
commit_message_options && CommitMessageOptions.from_hash(commit_message_options),
|
|
60
|
+
T.nilable(CommitMessageOptions)
|
|
61
|
+
)
|
|
58
62
|
end
|
|
59
63
|
|
|
60
64
|
sig { returns(String) }
|
|
@@ -85,7 +89,7 @@ module Dependabot
|
|
|
85
89
|
sig { returns(T::Array[Dependabot::Credential]) }
|
|
86
90
|
attr_reader :credentials
|
|
87
91
|
|
|
88
|
-
sig { returns(T.nilable(
|
|
92
|
+
sig { returns(T.nilable(CommitMessageOptions)) }
|
|
89
93
|
attr_reader :commit_message_options
|
|
90
94
|
|
|
91
95
|
sig { returns(T::Boolean) }
|
|
@@ -96,7 +100,7 @@ module Dependabot
|
|
|
96
100
|
sig { returns(T.nilable(String)) }
|
|
97
101
|
def commit_prefix
|
|
98
102
|
# If a preferred prefix has been explicitly provided, use it
|
|
99
|
-
return prefix_from_explicitly_provided_details if commit_message_options&.
|
|
103
|
+
return prefix_from_explicitly_provided_details if commit_message_options&.prefix?
|
|
100
104
|
|
|
101
105
|
# Otherwise, if there is a previous Dependabot commit and it used a
|
|
102
106
|
# known style, use that as our model for subsequent commits
|
|
@@ -112,7 +116,7 @@ module Dependabot
|
|
|
112
116
|
prefix = explicitly_provided_prefix_string
|
|
113
117
|
return if prefix.empty?
|
|
114
118
|
|
|
115
|
-
prefix += "(#{scope})" if commit_message_options&.
|
|
119
|
+
prefix += "(#{scope})" if commit_message_options&.include_scope
|
|
116
120
|
prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
|
|
117
121
|
prefix += " " unless prefix.end_with?(" ")
|
|
118
122
|
prefix
|
|
@@ -121,14 +125,14 @@ module Dependabot
|
|
|
121
125
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
122
126
|
sig { returns(String) }
|
|
123
127
|
def explicitly_provided_prefix_string
|
|
124
|
-
raise "No explicitly provided prefix!" unless commit_message_options&.
|
|
128
|
+
raise "No explicitly provided prefix!" unless commit_message_options&.prefix?
|
|
125
129
|
|
|
126
130
|
if dependencies.any?(&:production?)
|
|
127
|
-
commit_message_options&.
|
|
128
|
-
elsif commit_message_options&.
|
|
129
|
-
commit_message_options&.
|
|
131
|
+
commit_message_options&.prefix.to_s
|
|
132
|
+
elsif commit_message_options&.prefix_development?
|
|
133
|
+
commit_message_options&.prefix_development.to_s
|
|
130
134
|
else
|
|
131
|
-
commit_message_options&.
|
|
135
|
+
commit_message_options&.prefix.to_s
|
|
132
136
|
end
|
|
133
137
|
end
|
|
134
138
|
# rubocop:enable Metrics/PerceivedComplexity
|
data/lib/dependabot/version.rb
CHANGED
|
@@ -32,6 +32,19 @@ module Dependabot
|
|
|
32
32
|
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
+
# RubyGems 4 eagerly computes a numeric sort key in Gem::Version#initialize and
|
|
36
|
+
# skips it for prereleases. Dependabot's subclasses override #prerelease? with
|
|
37
|
+
# ecosystem-specific semantics, so a version with alphabetic segments (e.g.
|
|
38
|
+
# "1.0.0.RELEASE" or "2.0.0.post1") can report prerelease? == false and reach
|
|
39
|
+
# RubyGems' radix comparison, which raises when a segment is a String. Returning
|
|
40
|
+
# nil for those versions falls back to the segment-by-segment comparison.
|
|
41
|
+
sig { override.overridable.returns(T.nilable(Integer)) }
|
|
42
|
+
def compute_sort_key
|
|
43
|
+
return if canonical_segments.any?(String)
|
|
44
|
+
|
|
45
|
+
super
|
|
46
|
+
end
|
|
47
|
+
|
|
35
48
|
sig { overridable.returns(String) }
|
|
36
49
|
def to_semver
|
|
37
50
|
@original_version
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.384.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -580,6 +580,7 @@ files:
|
|
|
580
580
|
- lib/dependabot/pull_request_creator/branch_namer/multi_ecosystem_strategy.rb
|
|
581
581
|
- lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb
|
|
582
582
|
- lib/dependabot/pull_request_creator/codecommit.rb
|
|
583
|
+
- lib/dependabot/pull_request_creator/commit_message_options.rb
|
|
583
584
|
- lib/dependabot/pull_request_creator/commit_signer.rb
|
|
584
585
|
- lib/dependabot/pull_request_creator/github.rb
|
|
585
586
|
- lib/dependabot/pull_request_creator/gitlab.rb
|
|
@@ -620,7 +621,7 @@ licenses:
|
|
|
620
621
|
- MIT
|
|
621
622
|
metadata:
|
|
622
623
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
623
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
624
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
|
|
624
625
|
rdoc_options: []
|
|
625
626
|
require_paths:
|
|
626
627
|
- lib
|
|
@@ -635,7 +636,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
635
636
|
- !ruby/object:Gem::Version
|
|
636
637
|
version: 3.3.7
|
|
637
638
|
requirements: []
|
|
638
|
-
rubygems_version:
|
|
639
|
+
rubygems_version: 4.0.14
|
|
639
640
|
specification_version: 4
|
|
640
641
|
summary: Shared code used across Dependabot Core
|
|
641
642
|
test_files: []
|