dependabot-common 0.106.14 → 0.106.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/pull_request_creator/message_builder.rb +38 -28
  3. data/lib/dependabot/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b8372d215fdcc233b16421e8f620a49eb912ea5d9d126f8e338fb1f95b8a8373
4
- data.tar.gz: e82c25f7d7b5944792fb90201fad1f70fe1876db362eb9956668914cd86648e4
3
+ metadata.gz: 9a50686d41bc644c4d8f8861d717e6fe350dcfbeb888fdb0882d5ff1f4a58fc3
4
+ data.tar.gz: 0755ff3fee07b0aa233fb7bc6868d3eb6a7e2790f168e3f8d8a1f9a82b6bd9e1
5
5
  SHA512:
6
- metadata.gz: 4497ee9df4fe9fc0c72823cad89e89f53d2f30b5fea45d6e50c5b3503ebdd07295a0a8df7f3a93269fa23f0f8794a66ec031e750aed40d603ebf4caa3a5ac021
7
- data.tar.gz: 408e76967ddcc00687577764ce676a2859c71dbf16d8fd0c23d13969a423ab1cb265f4e64a6197009879bdae5af9f539378058c3eb8bdc08471e7c63c2e9b6ab
6
+ metadata.gz: bb8d58ce89384fdd34e763b4c5585fbbc7ee91c3f1b6ba1663b438a29a298f9c4942b751633696729ab9b07bb0ca2a2cc617d9179320f22ef4319a8a06e90162
7
+ data.tar.gz: 36a6084e096a9dd7b5b4b5f581189b0fb5e6dbe59961e027f2108d4ebf0179e0266590afaf71e16de3f038638630ede5511ecc52fea47482fc6aadcb3c4fac92
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -406,18 +406,18 @@ module Dependabot
406
406
  fixed_vulns = vulnerabilities_fixed[dep.name]
407
407
  return "" unless fixed_vulns&.any?
408
408
 
409
- msg = "\n<details>\n<summary>Vulnerabilities fixed</summary>\n\n"
409
+ msg = ""
410
410
  fixed_vulns.each { |v| msg += serialized_vulnerability_details(v) }
411
- msg += "</details>"
412
- sanitize_template_tags(msg)
411
+ msg = sanitize_tags(msg)
412
+
413
+ build_details_tag(summary: "Vulnerabilities fixed", body: msg)
413
414
  end
414
415
 
415
416
  def release_cascade(dep)
416
417
  return "" unless releases_text(dep) && releases_url(dep)
417
418
 
418
- msg = "\n<details>\n<summary>Release notes</summary>\n\n"
419
- msg += "*Sourced from [#{dep.display_name}'s releases]"\
420
- "(#{releases_url(dep)}).*\n\n"
419
+ msg = "*Sourced from [#{dep.display_name}'s releases]"\
420
+ "(#{releases_url(dep)}).*\n\n"
421
421
  msg +=
422
422
  begin
423
423
  release_note_lines = releases_text(dep).split("\n").first(50)
@@ -427,21 +427,21 @@ module Dependabot
427
427
  end
428
428
  release_note_lines.join
429
429
  end
430
- msg += "</details>"
431
430
  msg = link_issues(text: msg, dependency: dep)
432
431
  msg = fix_relative_links(
433
432
  text: msg,
434
433
  base_url: source_url(dep) + "/blob/HEAD/"
435
434
  )
436
- sanitize_template_tags(msg)
435
+ msg = sanitize_tags(msg)
436
+
437
+ build_details_tag(summary: "Release notes", body: msg)
437
438
  end
438
439
 
439
440
  def changelog_cascade(dep)
440
441
  return "" unless changelog_url(dep) && changelog_text(dep)
441
442
 
442
- msg = "\n<details>\n<summary>Changelog</summary>\n\n"
443
- msg += "*Sourced from "\
444
- "[#{dep.display_name}'s changelog](#{changelog_url(dep)}).*\n\n"
443
+ msg = "*Sourced from "\
444
+ "[#{dep.display_name}'s changelog](#{changelog_url(dep)}).*\n\n"
445
445
  msg +=
446
446
  begin
447
447
  changelog_lines = changelog_text(dep).split("\n").first(50)
@@ -449,19 +449,19 @@ module Dependabot
449
449
  changelog_lines << truncated_line if changelog_lines.count == 50
450
450
  changelog_lines.join
451
451
  end
452
- msg += "</details>"
453
452
  msg = link_issues(text: msg, dependency: dep)
454
453
  msg = fix_relative_links(text: msg, base_url: changelog_url(dep))
455
- sanitize_template_tags(msg)
454
+ msg = sanitize_tags(msg)
455
+
456
+ build_details_tag(summary: "Changelog", body: msg)
456
457
  end
457
458
 
458
459
  def upgrade_guide_cascade(dep)
459
460
  return "" unless upgrade_url(dep) && upgrade_text(dep)
460
461
 
461
- msg = "\n<details>\n<summary>Upgrade guide</summary>\n\n"
462
- msg += "*Sourced from "\
463
- "[#{dep.display_name}'s upgrade guide]"\
464
- "(#{upgrade_url(dep)}).*\n\n"
462
+ msg = "*Sourced from "\
463
+ "[#{dep.display_name}'s upgrade guide]"\
464
+ "(#{upgrade_url(dep)}).*\n\n"
465
465
  msg +=
466
466
  begin
467
467
  upgrade_lines = upgrade_text(dep).split("\n").first(50)
@@ -469,16 +469,17 @@ module Dependabot
469
469
  upgrade_lines << truncated_line if upgrade_lines.count == 50
470
470
  upgrade_lines.join
471
471
  end
472
- msg += "</details>"
473
472
  msg = link_issues(text: msg, dependency: dep)
474
473
  msg = fix_relative_links(text: msg, base_url: upgrade_url(dep))
475
- sanitize_template_tags(msg)
474
+ msg = sanitize_tags(msg)
475
+
476
+ build_details_tag(summary: "Upgrade guide", body: msg)
476
477
  end
477
478
 
478
479
  def commits_cascade(dep)
479
480
  return "" unless commits_url(dep) && commits(dep)
480
481
 
481
- msg = "\n<details>\n<summary>Commits</summary>\n\n"
482
+ msg = ""
482
483
 
483
484
  commits(dep).reverse.first(10).each do |commit|
484
485
  title = commit[:message].strip.split("\n").first
@@ -494,18 +495,25 @@ module Dependabot
494
495
  else
495
496
  "- See full diff in [compare view](#{commits_url(dep)})\n"
496
497
  end
497
-
498
- msg += "</details>"
499
498
  msg = link_issues(text: msg, dependency: dep)
500
- sanitize_template_tags(msg)
499
+ msg = sanitize_tags(msg)
500
+
501
+ build_details_tag(summary: "Commits", body: msg)
501
502
  end
502
503
 
503
504
  def maintainer_changes_cascade(dep)
504
505
  return "" unless maintainer_changes(dep)
505
506
 
506
- msg = "\n<details>\n<summary>Maintainer changes</summary>\n\n"
507
- msg += maintainer_changes(dep)
508
- msg + "\n</details>"
507
+ build_details_tag(
508
+ summary: "Maintainer changes",
509
+ body: maintainer_changes(dep) + "\n"
510
+ )
511
+ end
512
+
513
+ def build_details_tag(summary:, body:)
514
+ msg = "\n<details>\n<summary>#{summary}</summary>\n\n"
515
+ msg += body
516
+ msg + "</details>"
509
517
  end
510
518
 
511
519
  def serialized_vulnerability_details(details)
@@ -750,13 +758,15 @@ module Dependabot
750
758
  end
751
759
  end
752
760
 
753
- def sanitize_template_tags(text)
761
+ def sanitize_tags(text)
762
+ sanitized_tags = %w(del details ins template)
763
+
754
764
  text.gsub(/\<.*?\>/) do |tag|
755
765
  tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
756
766
 
757
767
  # Unclosed calls to some tags overflow out of the blockquote block,
758
768
  # wrecking the rest of our PRs. Other tags don't share this problem.
759
- next "\\#{tag}" if tag_contents.start_with?("template", "ins", "del")
769
+ next "\\#{tag}" if tag_contents.start_with?(*sanitized_tags)
760
770
 
761
771
  tag
762
772
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.106.14"
4
+ VERSION = "0.106.15"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.106.14
4
+ version: 0.106.15
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot