dependabot-common 0.108.25 → 0.109.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/bitbucket_with_retries.rb +0 -2
- data/lib/dependabot/clients/github_with_retries.rb +0 -2
- data/lib/dependabot/clients/gitlab_with_retries.rb +0 -2
- data/lib/dependabot/file_fetchers/base.rb +0 -12
- data/lib/dependabot/pull_request_creator.rb +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +7 -4
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +78 -32
- data/lib/dependabot/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 958e2831cb2d5ddd319e55c1e66944ad7d1ded3c1aa8992508f9d4a6ea5f8f2d
|
|
4
|
+
data.tar.gz: 42ac5477caabdcd19a606b82872169b3e7860e26f2e2435788c986d7eab6f015
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 45eb816d0cb4a8950699534d8deac680db71666ff3702d6d047e2e7f86ce8914ca60dd1fbcbf2d2e4db7aef7ab9d5495f620a15f010a3d4eb660d838bd0e8055
|
|
7
|
+
data.tar.gz: 93987f39728087398cf50409b1bffd41df56d02e9dbc853b6b02bd7bd4a54903ef49559f7c1851382aae3038ce174b150dd4579355feb8df371cf6a3cc0ca058
|
|
@@ -47,7 +47,6 @@ module Dependabot
|
|
|
47
47
|
@client.respond_to?(method_name) || super
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
51
50
|
def retry_connection_failures
|
|
52
51
|
retry_attempt = 0
|
|
53
52
|
|
|
@@ -58,7 +57,6 @@ module Dependabot
|
|
|
58
57
|
retry_attempt <= @max_retries ? retry : raise
|
|
59
58
|
end
|
|
60
59
|
end
|
|
61
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
62
60
|
end
|
|
63
61
|
end
|
|
64
62
|
end
|
|
@@ -108,7 +108,6 @@ module Dependabot
|
|
|
108
108
|
@clients.first.respond_to?(method_name) || super
|
|
109
109
|
end
|
|
110
110
|
|
|
111
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
112
111
|
def retry_connection_failures
|
|
113
112
|
retry_attempt = 0
|
|
114
113
|
|
|
@@ -119,7 +118,6 @@ module Dependabot
|
|
|
119
118
|
retry_attempt <= @max_retries ? retry : raise
|
|
120
119
|
end
|
|
121
120
|
end
|
|
122
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
123
121
|
end
|
|
124
122
|
end
|
|
125
123
|
end
|
|
@@ -75,7 +75,6 @@ module Dependabot
|
|
|
75
75
|
@client.respond_to?(method_name) || super
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
79
78
|
def retry_connection_failures
|
|
80
79
|
retry_attempt = 0
|
|
81
80
|
|
|
@@ -86,7 +85,6 @@ module Dependabot
|
|
|
86
85
|
retry_attempt <= @max_retries ? retry : raise
|
|
87
86
|
end
|
|
88
87
|
end
|
|
89
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
90
88
|
end
|
|
91
89
|
end
|
|
92
90
|
end
|
|
@@ -51,7 +51,6 @@ module Dependabot
|
|
|
51
51
|
@files ||= fetch_files
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
55
54
|
def commit
|
|
56
55
|
branch = target_branch || default_branch_for_repo
|
|
57
56
|
|
|
@@ -61,11 +60,9 @@ module Dependabot
|
|
|
61
60
|
rescue Octokit::Conflict => e
|
|
62
61
|
raise unless e.message.include?("Repository is empty")
|
|
63
62
|
end
|
|
64
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
65
63
|
|
|
66
64
|
private
|
|
67
65
|
|
|
68
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
69
66
|
def fetch_file_if_present(filename, fetch_submodules: false)
|
|
70
67
|
dir = File.dirname(filename)
|
|
71
68
|
basename = File.basename(filename)
|
|
@@ -81,9 +78,7 @@ module Dependabot
|
|
|
81
78
|
path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
|
|
82
79
|
raise Dependabot::DependencyFileNotFound, path
|
|
83
80
|
end
|
|
84
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
85
81
|
|
|
86
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
87
82
|
def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
|
|
88
83
|
path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
|
|
89
84
|
|
|
@@ -96,7 +91,6 @@ module Dependabot
|
|
|
96
91
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
|
97
92
|
raise Dependabot::DependencyFileNotFound, path
|
|
98
93
|
end
|
|
99
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
100
94
|
|
|
101
95
|
def repo_contents(dir: ".", ignore_base_directory: false,
|
|
102
96
|
raise_errors: true, fetch_submodules: false)
|
|
@@ -115,7 +109,6 @@ module Dependabot
|
|
|
115
109
|
# INTERNAL METHODS (not for use by sub-classes) #
|
|
116
110
|
#################################################
|
|
117
111
|
|
|
118
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
119
112
|
def _fetch_repo_contents(path, fetch_submodules: false,
|
|
120
113
|
raise_errors: true)
|
|
121
114
|
path = path.gsub(" ", "%20")
|
|
@@ -144,7 +137,6 @@ module Dependabot
|
|
|
144
137
|
retrying = true
|
|
145
138
|
retry
|
|
146
139
|
end
|
|
147
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
148
140
|
|
|
149
141
|
def _fetch_repo_contents_fully_specified(provider, repo, path, commit)
|
|
150
142
|
case provider
|
|
@@ -270,7 +262,6 @@ module Dependabot
|
|
|
270
262
|
end
|
|
271
263
|
end
|
|
272
264
|
|
|
273
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
274
265
|
def _fetch_file_content(path, fetch_submodules: false)
|
|
275
266
|
path = path.gsub(%r{^/*}, "")
|
|
276
267
|
|
|
@@ -290,7 +281,6 @@ module Dependabot
|
|
|
290
281
|
retrying = true
|
|
291
282
|
retry
|
|
292
283
|
end
|
|
293
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
294
284
|
|
|
295
285
|
def _fetch_file_content_fully_specified(provider, repo, path, commit)
|
|
296
286
|
case provider
|
|
@@ -337,14 +327,12 @@ module Dependabot
|
|
|
337
327
|
end
|
|
338
328
|
# rubocop:enable Metrics/AbcSize
|
|
339
329
|
|
|
340
|
-
# rubocop:disable Naming/RescuedExceptionsVariableName
|
|
341
330
|
def default_branch_for_repo
|
|
342
331
|
@default_branch_for_repo ||= client_for_provider.
|
|
343
332
|
fetch_default_branch(repo)
|
|
344
333
|
rescue *CLIENT_NOT_FOUND_ERRORS
|
|
345
334
|
raise Dependabot::RepoNotFound, source
|
|
346
335
|
end
|
|
347
|
-
# rubocop:enable Naming/RescuedExceptionsVariableName
|
|
348
336
|
|
|
349
337
|
# Update the @linked_paths hash by exploiting a side-effect of
|
|
350
338
|
# recursively calling `repo_contents` for each directory up the tree
|
|
@@ -16,7 +16,7 @@ module Dependabot
|
|
|
16
16
|
|
|
17
17
|
attr_reader :source, :dependencies, :files, :base_commit,
|
|
18
18
|
:credentials, :pr_message_footer, :custom_labels,
|
|
19
|
-
:author_details, :signature_key, :
|
|
19
|
+
:author_details, :signature_key, :commit_message_options,
|
|
20
20
|
:vulnerabilities_fixed,
|
|
21
21
|
:reviewers, :assignees, :milestone, :branch_name_separator,
|
|
22
22
|
:branch_name_prefix, :github_redirection_service,
|
|
@@ -25,7 +25,7 @@ module Dependabot
|
|
|
25
25
|
def initialize(source:, base_commit:, dependencies:, files:, credentials:,
|
|
26
26
|
pr_message_footer: nil, custom_labels: nil,
|
|
27
27
|
author_details: nil, signature_key: nil,
|
|
28
|
-
|
|
28
|
+
commit_message_options: {},
|
|
29
29
|
reviewers: nil, assignees: nil, milestone: nil,
|
|
30
30
|
vulnerabilities_fixed: {}, branch_name_separator: "/",
|
|
31
31
|
branch_name_prefix: "dependabot",
|
|
@@ -40,7 +40,7 @@ module Dependabot
|
|
|
40
40
|
@pr_message_footer = pr_message_footer
|
|
41
41
|
@author_details = author_details
|
|
42
42
|
@signature_key = signature_key
|
|
43
|
-
@
|
|
43
|
+
@commit_message_options = commit_message_options
|
|
44
44
|
@custom_labels = custom_labels
|
|
45
45
|
@reviewers = reviewers
|
|
46
46
|
@assignees = assignees
|
|
@@ -127,7 +127,7 @@ module Dependabot
|
|
|
127
127
|
dependencies: dependencies,
|
|
128
128
|
files: files,
|
|
129
129
|
credentials: credentials,
|
|
130
|
-
|
|
130
|
+
commit_message_options: commit_message_options,
|
|
131
131
|
pr_message_footer: pr_message_footer,
|
|
132
132
|
vulnerabilities_fixed: vulnerabilities_fixed,
|
|
133
133
|
github_redirection_service: github_redirection_service
|
|
@@ -15,18 +15,18 @@ module Dependabot
|
|
|
15
15
|
require_relative "pr_name_prefixer"
|
|
16
16
|
|
|
17
17
|
attr_reader :source, :dependencies, :files, :credentials,
|
|
18
|
-
:pr_message_footer, :
|
|
19
|
-
:github_redirection_service
|
|
18
|
+
:pr_message_footer, :commit_message_options,
|
|
19
|
+
:vulnerabilities_fixed, :github_redirection_service
|
|
20
20
|
|
|
21
21
|
def initialize(source:, dependencies:, files:, credentials:,
|
|
22
|
-
pr_message_footer: nil,
|
|
22
|
+
pr_message_footer: nil, commit_message_options: {},
|
|
23
23
|
vulnerabilities_fixed: {}, github_redirection_service: nil)
|
|
24
24
|
@dependencies = dependencies
|
|
25
25
|
@files = files
|
|
26
26
|
@source = source
|
|
27
27
|
@credentials = credentials
|
|
28
28
|
@pr_message_footer = pr_message_footer
|
|
29
|
-
@
|
|
29
|
+
@commit_message_options = commit_message_options
|
|
30
30
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
|
31
31
|
@github_redirection_service = github_redirection_service
|
|
32
32
|
end
|
|
@@ -127,6 +127,7 @@ module Dependabot
|
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
def signoff_message
|
|
130
|
+
signoff_details = commit_message_options[:signoff_details]
|
|
130
131
|
return unless signoff_details.is_a?(Hash)
|
|
131
132
|
return unless signoff_details[:name] && signoff_details[:email]
|
|
132
133
|
|
|
@@ -134,6 +135,7 @@ module Dependabot
|
|
|
134
135
|
end
|
|
135
136
|
|
|
136
137
|
def on_behalf_of_message
|
|
138
|
+
signoff_details = commit_message_options[:signoff_details]
|
|
137
139
|
return unless signoff_details.is_a?(Hash)
|
|
138
140
|
return unless signoff_details[:org_name] && signoff_details[:org_email]
|
|
139
141
|
|
|
@@ -525,6 +527,7 @@ module Dependabot
|
|
|
525
527
|
source: source,
|
|
526
528
|
dependencies: dependencies,
|
|
527
529
|
credentials: credentials,
|
|
530
|
+
commit_message_options: commit_message_options,
|
|
528
531
|
security_fix: vulnerabilities_fixed.values.flatten.any?
|
|
529
532
|
)
|
|
530
533
|
end
|
|
@@ -4,6 +4,7 @@ require "dependabot/clients/github_with_retries"
|
|
|
4
4
|
require "dependabot/clients/gitlab_with_retries"
|
|
5
5
|
require "dependabot/pull_request_creator"
|
|
6
6
|
|
|
7
|
+
# rubocop:disable Metrics/ClassLength
|
|
7
8
|
module Dependabot
|
|
8
9
|
class PullRequestCreator
|
|
9
10
|
class PrNamePrefixer
|
|
@@ -25,11 +26,13 @@ module Dependabot
|
|
|
25
26
|
twisted_rightwards_arrows whale wheelchair
|
|
26
27
|
white_check_mark wrench zap).freeze
|
|
27
28
|
|
|
28
|
-
def initialize(source:, dependencies:, credentials:, security_fix: false
|
|
29
|
-
|
|
30
|
-
@
|
|
31
|
-
@
|
|
32
|
-
@
|
|
29
|
+
def initialize(source:, dependencies:, credentials:, security_fix: false,
|
|
30
|
+
commit_message_options: {})
|
|
31
|
+
@dependencies = dependencies
|
|
32
|
+
@source = source
|
|
33
|
+
@credentials = credentials
|
|
34
|
+
@security_fix = security_fix
|
|
35
|
+
@commit_message_options = commit_message_options
|
|
33
36
|
end
|
|
34
37
|
|
|
35
38
|
def pr_name_prefix
|
|
@@ -39,45 +42,63 @@ module Dependabot
|
|
|
39
42
|
end
|
|
40
43
|
|
|
41
44
|
def capitalize_first_word?
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
last_dependabot_commit_message.match?(/: (\[Security\] )?(B|U)/)
|
|
46
|
-
else
|
|
47
|
-
if using_angular_commit_messages? || using_eslint_commit_messages?
|
|
48
|
-
prefixes = ANGULAR_PREFIXES + ESLINT_PREFIXES
|
|
49
|
-
semantic_msgs = recent_commit_messages.select do |message|
|
|
50
|
-
prefixes.any? { |pre| message.match?(/#{pre}[:(]/i) }
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
return true if semantic_msgs.all? { |m| m.match?(/:\s+\[?[A-Z]/) }
|
|
54
|
-
return false if semantic_msgs.all? { |m| m.match?(/:\s+\[?[a-z]/) }
|
|
55
|
-
end
|
|
45
|
+
if commit_message_options.key?(:prefix)
|
|
46
|
+
return !commit_message_options[:prefix]&.strip&.match?(/\A[a-z]/)
|
|
47
|
+
end
|
|
56
48
|
|
|
57
|
-
|
|
49
|
+
if last_dependabot_commit_style
|
|
50
|
+
return capitalise_first_word_from_last_dependabot_commit_style
|
|
58
51
|
end
|
|
52
|
+
|
|
53
|
+
capitalise_first_word_from_previous_commits
|
|
59
54
|
end
|
|
60
55
|
|
|
61
56
|
private
|
|
62
57
|
|
|
63
|
-
attr_reader :source, :dependencies, :credentials
|
|
58
|
+
attr_reader :source, :dependencies, :credentials, :commit_message_options
|
|
64
59
|
|
|
65
60
|
def security_fix?
|
|
66
61
|
@security_fix
|
|
67
62
|
end
|
|
68
63
|
|
|
69
64
|
def commit_prefix
|
|
70
|
-
# If
|
|
71
|
-
|
|
65
|
+
# If a preferred prefix has been explicitly provided, use it
|
|
66
|
+
if commit_message_options.key?(:prefix)
|
|
67
|
+
return prefix_from_explicitly_provided_details
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
# Otherwise, if there is a previous Dependabot commit and it used a
|
|
71
|
+
# known style, use that as our model for subsequent commits
|
|
72
|
+
if last_dependabot_commit_style
|
|
73
|
+
return prefix_for_last_dependabot_commit_style
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# Otherwise we need to detect the user's preferred style from the
|
|
77
|
+
# existing commits on their repo
|
|
78
|
+
build_commit_prefix_from_previous_commits
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def prefix_from_explicitly_provided_details
|
|
82
|
+
unless commit_message_options.key?(:prefix)
|
|
83
|
+
raise "No explicitly provided prefix!"
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
prefix = commit_message_options[:prefix].to_s
|
|
87
|
+
return if prefix.empty?
|
|
88
|
+
|
|
89
|
+
prefix += "(#{scope})" if commit_message_options[:include_scope]
|
|
90
|
+
prefix += ":" if prefix.match?(/[A-Za-z0-9\)\]]\Z/)
|
|
91
|
+
prefix += " " unless prefix.end_with?(" ")
|
|
92
|
+
prefix
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def prefix_for_last_dependabot_commit_style
|
|
72
96
|
case last_dependabot_commit_style
|
|
73
97
|
when :gitmoji then "⬆️ "
|
|
74
98
|
when :conventional_prefix then "#{last_dependabot_commit_prefix}: "
|
|
75
99
|
when :conventional_prefix_with_scope
|
|
76
100
|
"#{last_dependabot_commit_prefix}(#{scope}): "
|
|
77
|
-
else
|
|
78
|
-
# Otherwise we need to detect the user's preferred style from the
|
|
79
|
-
# existing commits on their repo
|
|
80
|
-
build_commit_prefix_from_previous_commits
|
|
101
|
+
else raise "Unknown commit style #{last_dependabot_commit_style}"
|
|
81
102
|
end
|
|
82
103
|
end
|
|
83
104
|
|
|
@@ -104,6 +125,29 @@ module Dependabot
|
|
|
104
125
|
dependencies.any?(&:production?) ? "deps" : "deps-dev"
|
|
105
126
|
end
|
|
106
127
|
|
|
128
|
+
def capitalise_first_word_from_last_dependabot_commit_style
|
|
129
|
+
case last_dependabot_commit_style
|
|
130
|
+
when :gitmoji then true
|
|
131
|
+
when :conventional_prefix, :conventional_prefix_with_scope
|
|
132
|
+
last_dependabot_commit_message.match?(/: (\[[Ss]ecurity\] )?(B|U)/)
|
|
133
|
+
else raise "Unknown commit style #{last_dependabot_commit_style}"
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def capitalise_first_word_from_previous_commits
|
|
138
|
+
if using_angular_commit_messages? || using_eslint_commit_messages?
|
|
139
|
+
prefixes = ANGULAR_PREFIXES + ESLINT_PREFIXES
|
|
140
|
+
semantic_msgs = recent_commit_messages.select do |message|
|
|
141
|
+
prefixes.any? { |pre| message.match?(/#{pre}[:(]/i) }
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
return true if semantic_msgs.all? { |m| m.match?(/:\s+\[?[A-Z]/) }
|
|
145
|
+
return false if semantic_msgs.all? { |m| m.match?(/:\s+\[?[a-z]/) }
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
!commit_prefix&.match(/\A[a-z]/)
|
|
149
|
+
end
|
|
150
|
+
|
|
107
151
|
def last_dependabot_commit_style
|
|
108
152
|
return unless (msg = last_dependabot_commit_message)
|
|
109
153
|
|
|
@@ -250,11 +294,12 @@ module Dependabot
|
|
|
250
294
|
end
|
|
251
295
|
|
|
252
296
|
def last_dependabot_commit_message
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
297
|
+
@last_dependabot_commit_message ||=
|
|
298
|
+
case source.provider
|
|
299
|
+
when "github" then last_github_dependabot_commit_message
|
|
300
|
+
when "gitlab" then last_gitlab_dependabot_commit_message
|
|
301
|
+
else raise "Unsupported provider: #{source.provider}"
|
|
302
|
+
end
|
|
258
303
|
end
|
|
259
304
|
|
|
260
305
|
def last_github_dependabot_commit_message
|
|
@@ -305,3 +350,4 @@ module Dependabot
|
|
|
305
350
|
end
|
|
306
351
|
end
|
|
307
352
|
end
|
|
353
|
+
# rubocop:enable Metrics/ClassLength
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.109.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-06-
|
|
11
|
+
date: 2019-06-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|
|
@@ -266,14 +266,14 @@ dependencies:
|
|
|
266
266
|
requirements:
|
|
267
267
|
- - "~>"
|
|
268
268
|
- !ruby/object:Gem::Version
|
|
269
|
-
version: 0.
|
|
269
|
+
version: 0.72.0
|
|
270
270
|
type: :development
|
|
271
271
|
prerelease: false
|
|
272
272
|
version_requirements: !ruby/object:Gem::Requirement
|
|
273
273
|
requirements:
|
|
274
274
|
- - "~>"
|
|
275
275
|
- !ruby/object:Gem::Version
|
|
276
|
-
version: 0.
|
|
276
|
+
version: 0.72.0
|
|
277
277
|
- !ruby/object:Gem::Dependency
|
|
278
278
|
name: vcr
|
|
279
279
|
requirement: !ruby/object:Gem::Requirement
|