dependabot-common 0.106.15 → 0.106.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +9 -10
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 144baf835971a7e5f18ba4b93f83d3a03626a2173c52825f9b39ae6a59f0fa33
|
4
|
+
data.tar.gz: 62a946ed6499692203709bce5cfc20e5a5e77da8e34bc492b8912f759ddede00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0ada47028ee4319c1eaeaf6267784064f28b7261639026a836f68780370f470e9d3b8c90d2d1e023be57663a6fa8257d93481bd89c8081fc1aa50a7e5ed770d
|
7
|
+
data.tar.gz: 5ac228997f11270d23041e58af21d976e7961e33e2a3d3cb3fb961bdc043cdb313bc20e0e13a5a0bf6757e3e9b59e9285121ed94d456ff631413ececba8849a3
|
@@ -408,7 +408,7 @@ module Dependabot
|
|
408
408
|
|
409
409
|
msg = ""
|
410
410
|
fixed_vulns.each { |v| msg += serialized_vulnerability_details(v) }
|
411
|
-
msg =
|
411
|
+
msg = sanitize_template_tags(msg)
|
412
412
|
|
413
413
|
build_details_tag(summary: "Vulnerabilities fixed", body: msg)
|
414
414
|
end
|
@@ -432,7 +432,7 @@ module Dependabot
|
|
432
432
|
text: msg,
|
433
433
|
base_url: source_url(dep) + "/blob/HEAD/"
|
434
434
|
)
|
435
|
-
msg =
|
435
|
+
msg = sanitize_template_tags(msg)
|
436
436
|
|
437
437
|
build_details_tag(summary: "Release notes", body: msg)
|
438
438
|
end
|
@@ -451,7 +451,7 @@ module Dependabot
|
|
451
451
|
end
|
452
452
|
msg = link_issues(text: msg, dependency: dep)
|
453
453
|
msg = fix_relative_links(text: msg, base_url: changelog_url(dep))
|
454
|
-
msg =
|
454
|
+
msg = sanitize_template_tags(msg)
|
455
455
|
|
456
456
|
build_details_tag(summary: "Changelog", body: msg)
|
457
457
|
end
|
@@ -471,7 +471,7 @@ module Dependabot
|
|
471
471
|
end
|
472
472
|
msg = link_issues(text: msg, dependency: dep)
|
473
473
|
msg = fix_relative_links(text: msg, base_url: upgrade_url(dep))
|
474
|
-
msg =
|
474
|
+
msg = sanitize_template_tags(msg)
|
475
475
|
|
476
476
|
build_details_tag(summary: "Upgrade guide", body: msg)
|
477
477
|
end
|
@@ -488,6 +488,8 @@ module Dependabot
|
|
488
488
|
msg += "- [`#{sha}`](#{commit[:html_url]}) #{title}\n"
|
489
489
|
end
|
490
490
|
|
491
|
+
msg = msg.gsub(/\<.*?\>/) { |tag| "\\#{tag}" }
|
492
|
+
|
491
493
|
msg +=
|
492
494
|
if commits(dep).count > 10
|
493
495
|
"- Additional commits viewable in "\
|
@@ -496,7 +498,6 @@ module Dependabot
|
|
496
498
|
"- See full diff in [compare view](#{commits_url(dep)})\n"
|
497
499
|
end
|
498
500
|
msg = link_issues(text: msg, dependency: dep)
|
499
|
-
msg = sanitize_tags(msg)
|
500
501
|
|
501
502
|
build_details_tag(summary: "Commits", body: msg)
|
502
503
|
end
|
@@ -758,15 +759,13 @@ module Dependabot
|
|
758
759
|
end
|
759
760
|
end
|
760
761
|
|
761
|
-
def
|
762
|
-
sanitized_tags = %w(del details ins template)
|
763
|
-
|
762
|
+
def sanitize_template_tags(text)
|
764
763
|
text.gsub(/\<.*?\>/) do |tag|
|
765
764
|
tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
|
766
765
|
|
767
|
-
# Unclosed calls to
|
766
|
+
# Unclosed calls to template overflow out of the blockquote block,
|
768
767
|
# wrecking the rest of our PRs. Other tags don't share this problem.
|
769
|
-
next "\\#{tag}" if tag_contents.start_with?(
|
768
|
+
next "\\#{tag}" if tag_contents.start_with?("template")
|
770
769
|
|
771
770
|
tag
|
772
771
|
end
|
data/lib/dependabot/version.rb
CHANGED