dependabot-common 0.106.14 → 0.106.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +38 -28
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9a50686d41bc644c4d8f8861d717e6fe350dcfbeb888fdb0882d5ff1f4a58fc3
|
4
|
+
data.tar.gz: 0755ff3fee07b0aa233fb7bc6868d3eb6a7e2790f168e3f8d8a1f9a82b6bd9e1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb8d58ce89384fdd34e763b4c5585fbbc7ee91c3f1b6ba1663b438a29a298f9c4942b751633696729ab9b07bb0ca2a2cc617d9179320f22ef4319a8a06e90162
|
7
|
+
data.tar.gz: 36a6084e096a9dd7b5b4b5f581189b0fb5e6dbe59961e027f2108d4ebf0179e0266590afaf71e16de3f038638630ede5511ecc52fea47482fc6aadcb3c4fac92
|
@@ -406,18 +406,18 @@ module Dependabot
|
|
406
406
|
fixed_vulns = vulnerabilities_fixed[dep.name]
|
407
407
|
return "" unless fixed_vulns&.any?
|
408
408
|
|
409
|
-
msg = "
|
409
|
+
msg = ""
|
410
410
|
fixed_vulns.each { |v| msg += serialized_vulnerability_details(v) }
|
411
|
-
msg
|
412
|
-
|
411
|
+
msg = sanitize_tags(msg)
|
412
|
+
|
413
|
+
build_details_tag(summary: "Vulnerabilities fixed", body: msg)
|
413
414
|
end
|
414
415
|
|
415
416
|
def release_cascade(dep)
|
416
417
|
return "" unless releases_text(dep) && releases_url(dep)
|
417
418
|
|
418
|
-
msg = "
|
419
|
-
|
420
|
-
"(#{releases_url(dep)}).*\n\n"
|
419
|
+
msg = "*Sourced from [#{dep.display_name}'s releases]"\
|
420
|
+
"(#{releases_url(dep)}).*\n\n"
|
421
421
|
msg +=
|
422
422
|
begin
|
423
423
|
release_note_lines = releases_text(dep).split("\n").first(50)
|
@@ -427,21 +427,21 @@ module Dependabot
|
|
427
427
|
end
|
428
428
|
release_note_lines.join
|
429
429
|
end
|
430
|
-
msg += "</details>"
|
431
430
|
msg = link_issues(text: msg, dependency: dep)
|
432
431
|
msg = fix_relative_links(
|
433
432
|
text: msg,
|
434
433
|
base_url: source_url(dep) + "/blob/HEAD/"
|
435
434
|
)
|
436
|
-
|
435
|
+
msg = sanitize_tags(msg)
|
436
|
+
|
437
|
+
build_details_tag(summary: "Release notes", body: msg)
|
437
438
|
end
|
438
439
|
|
439
440
|
def changelog_cascade(dep)
|
440
441
|
return "" unless changelog_url(dep) && changelog_text(dep)
|
441
442
|
|
442
|
-
msg = "\
|
443
|
-
|
444
|
-
"[#{dep.display_name}'s changelog](#{changelog_url(dep)}).*\n\n"
|
443
|
+
msg = "*Sourced from "\
|
444
|
+
"[#{dep.display_name}'s changelog](#{changelog_url(dep)}).*\n\n"
|
445
445
|
msg +=
|
446
446
|
begin
|
447
447
|
changelog_lines = changelog_text(dep).split("\n").first(50)
|
@@ -449,19 +449,19 @@ module Dependabot
|
|
449
449
|
changelog_lines << truncated_line if changelog_lines.count == 50
|
450
450
|
changelog_lines.join
|
451
451
|
end
|
452
|
-
msg += "</details>"
|
453
452
|
msg = link_issues(text: msg, dependency: dep)
|
454
453
|
msg = fix_relative_links(text: msg, base_url: changelog_url(dep))
|
455
|
-
|
454
|
+
msg = sanitize_tags(msg)
|
455
|
+
|
456
|
+
build_details_tag(summary: "Changelog", body: msg)
|
456
457
|
end
|
457
458
|
|
458
459
|
def upgrade_guide_cascade(dep)
|
459
460
|
return "" unless upgrade_url(dep) && upgrade_text(dep)
|
460
461
|
|
461
|
-
msg = "
|
462
|
-
|
463
|
-
|
464
|
-
"(#{upgrade_url(dep)}).*\n\n"
|
462
|
+
msg = "*Sourced from "\
|
463
|
+
"[#{dep.display_name}'s upgrade guide]"\
|
464
|
+
"(#{upgrade_url(dep)}).*\n\n"
|
465
465
|
msg +=
|
466
466
|
begin
|
467
467
|
upgrade_lines = upgrade_text(dep).split("\n").first(50)
|
@@ -469,16 +469,17 @@ module Dependabot
|
|
469
469
|
upgrade_lines << truncated_line if upgrade_lines.count == 50
|
470
470
|
upgrade_lines.join
|
471
471
|
end
|
472
|
-
msg += "</details>"
|
473
472
|
msg = link_issues(text: msg, dependency: dep)
|
474
473
|
msg = fix_relative_links(text: msg, base_url: upgrade_url(dep))
|
475
|
-
|
474
|
+
msg = sanitize_tags(msg)
|
475
|
+
|
476
|
+
build_details_tag(summary: "Upgrade guide", body: msg)
|
476
477
|
end
|
477
478
|
|
478
479
|
def commits_cascade(dep)
|
479
480
|
return "" unless commits_url(dep) && commits(dep)
|
480
481
|
|
481
|
-
msg = "
|
482
|
+
msg = ""
|
482
483
|
|
483
484
|
commits(dep).reverse.first(10).each do |commit|
|
484
485
|
title = commit[:message].strip.split("\n").first
|
@@ -494,18 +495,25 @@ module Dependabot
|
|
494
495
|
else
|
495
496
|
"- See full diff in [compare view](#{commits_url(dep)})\n"
|
496
497
|
end
|
497
|
-
|
498
|
-
msg += "</details>"
|
499
498
|
msg = link_issues(text: msg, dependency: dep)
|
500
|
-
|
499
|
+
msg = sanitize_tags(msg)
|
500
|
+
|
501
|
+
build_details_tag(summary: "Commits", body: msg)
|
501
502
|
end
|
502
503
|
|
503
504
|
def maintainer_changes_cascade(dep)
|
504
505
|
return "" unless maintainer_changes(dep)
|
505
506
|
|
506
|
-
|
507
|
-
|
508
|
-
|
507
|
+
build_details_tag(
|
508
|
+
summary: "Maintainer changes",
|
509
|
+
body: maintainer_changes(dep) + "\n"
|
510
|
+
)
|
511
|
+
end
|
512
|
+
|
513
|
+
def build_details_tag(summary:, body:)
|
514
|
+
msg = "\n<details>\n<summary>#{summary}</summary>\n\n"
|
515
|
+
msg += body
|
516
|
+
msg + "</details>"
|
509
517
|
end
|
510
518
|
|
511
519
|
def serialized_vulnerability_details(details)
|
@@ -750,13 +758,15 @@ module Dependabot
|
|
750
758
|
end
|
751
759
|
end
|
752
760
|
|
753
|
-
def
|
761
|
+
def sanitize_tags(text)
|
762
|
+
sanitized_tags = %w(del details ins template)
|
763
|
+
|
754
764
|
text.gsub(/\<.*?\>/) do |tag|
|
755
765
|
tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
|
756
766
|
|
757
767
|
# Unclosed calls to some tags overflow out of the blockquote block,
|
758
768
|
# wrecking the rest of our PRs. Other tags don't share this problem.
|
759
|
-
next "\\#{tag}" if tag_contents.start_with?(
|
769
|
+
next "\\#{tag}" if tag_contents.start_with?(*sanitized_tags)
|
760
770
|
|
761
771
|
tag
|
762
772
|
end
|
data/lib/dependabot/version.rb
CHANGED