dependabot-common 0.113.15 → 0.113.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 772ec9910c644e15b5ec0752b7153c0574283285974a45103aaf782dbbddbccb
-  data.tar.gz: a25b3ea64d0cf5806a80f5224e19f1ee5b03b706fc9c324f4d14cbdee043b72d
+  metadata.gz: e51134b9f6488cdad48fbfff83ec0642a6df80da5f000e782f8ce44bbe973adc
+  data.tar.gz: 3fc89575e2b712cc515d73868f41c633ed37df4b8ce15c2cd22d00d7b855c501
 SHA512:
-  metadata.gz: 25d69e529183fbf40121cc255fd00003572601480591a2b3a3060d35a8940641320b103ece52bc2b2ae4856f4c20fe390433d01e21e57e5f99e05b73fd4cacb4
-  data.tar.gz: 4cb11be66b312090c74b2b41c278cf8ddf93ebb86cf98793d499b259549d05546e6c3bfcd64f6852cb67e59084f0c38bcef422732e66e5e789194e6749380a82
+  metadata.gz: 6adc93e6d3b9d6d757c8da7bd7103aaa878eeb86878fe45b3a99ac109317fce006bf7958bb0719d50a04ca4cb1ff3f8290cf59ef158138c51ae3ebb009bd7762
+  data.tar.gz: a5f5b3c0316cee3dd602a7500f2bedc1abe63d3351cad8f9ba734bd280d6f7380980cda0f82aad1e25cfae8908ae9245b6fcdcb77f38c934482d5336095ddef8

data/lib/dependabot/file_fetchers/README.md

@@ -2,7 +2,7 @@
 
 File fetchers are used to fetch the relevant dependency files for a project
 (e.g., the `Gemfile` and `Gemfile.lock`). They are also responsible for checking
-whether a repo has an admissable set of requirement files.
+whether a repo has an admissible set of requirement files.
 
 There is a `Dependabot::FileFetchers` class for each language Dependabot
 supports.
@@ -60,6 +60,6 @@ fetcher.
 File fetchers tend to get complicated when the file requirements for an update
 to run are non-trivial - for example, for Ruby we could accept
 [`Gemfile`, `Gemfile.lock`] or [`Gemfile`, `example.gemspec`],
-but not just [`Gemfile.lock`]. When adding a new lanugage, it's normally easiest
+but not just [`Gemfile.lock`]. When adding a new language, it's normally easiest
 to pick a single case and implement it for all the update steps (parsing, update
 checking, etc.). You can then return and add other cases later.

data/lib/dependabot/pull_request_creator/codecommit.rb

@@ -55,7 +55,7 @@ module Dependabot
           branch_name,
           source.branch || default_branch,
           pr_description
-          # codecommit doesn't support PR lables
+          # codecommit doesn't support PR labels
         )
         return unless pull_request
 

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -94,7 +94,7 @@ module Dependabot
       def update_type
         return unless dependencies.any?(&:previous_version)
 
-        precison = dependencies.map do |dep|
+        precision = dependencies.map do |dep|
           new_version_parts = version(dep).split(".")
           old_version_parts = previous_version(dep)&.split(".") || []
           all_parts = new_version_parts.first(3) + old_version_parts.first(3)
@@ -105,7 +105,7 @@ module Dependabot
           3
         end.min
 
-        case precison
+        case precision
         when 0 then "non-semver"
         when 1 then "major"
         when 2 then "minor"

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -13,7 +13,24 @@ module Dependabot
           github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
           (?:issue|pull)s?/(?<number>\d+)
         }x.freeze
-        CODEBLOCK_REGEX = /(`+).*?(\1)|~~~.*?~~~/m.freeze
+        # rubocop:disable Metrics/LineLength
+        # Context:
+        # - https://github.github.com/gfm/#fenced-code-block (``` or ~~~)
+        #   (?<=\n|^)         Positive look-behind to ensure we start at a line start
+        #   (?>`{3,}|~{3,})   Atomic group marking the beginning of the block (3 or more chars)
+        #   (?>\k<fenceopen>) Atomic group marking the end of the code block (same length as opening)
+        # - https://github.github.com/gfm/#code-span
+        #   (?<codespanopen>`+)  Capturing group marking the beginning of the span (1 or more chars)
+        #   (?![^`]*?\n{2,})     Negative look-ahead to avoid empty lines inside code span
+        #   (?:.|\n)*?           Non-capturing group to consume code span content (non-eager)
+        #   (?>\k<codespanopen>) Atomic group marking the end of the code span (same length as opening)
+        # rubocop:enable Metrics/LineLength
+        CODEBLOCK_REGEX = /
+          # fenced code block
+          (?<=\n|^)(?<fenceopen>(?>`{3,}|~{3,})).*?(?>\k<fenceopen>)|
+          # code span
+          (?<codespanopen>`+)(?![^`]*?\n{2,})(?:.|\n)*?(?>\k<codespanopen>)
+        /xm.freeze
         # End of string
         EOS_REGEX = /\z/.freeze
 

data/lib/dependabot/security_advisory.rb

@@ -39,7 +39,7 @@ module Dependabot
       return false if vulnerable_versions.any?
 
       # Finally, if no vulnerable range provided, but a safe range provided,
-      # and this versions isn't included (checked earler), it's vulnerable
+      # and this versions isn't included (checked earlier), it's vulnerable
       safe_versions.any?
     end
 

data/lib/dependabot/shared_helpers.rb

@@ -170,7 +170,7 @@ module Dependabot
     def self.configure_git_credentials(credentials)
       # Then add a file-based credential store that loads a file in this repo.
       # Under the hood this uses git credential-store, but it's invoked through
-      # an wrapper binary that only allows non-mutative commands. Without this,
+      # a wrapper binary that only allows non-mutating commands. Without this,
       # whenever the credentials are deemed to be invalid, they're erased.
       credential_helper_path =
         File.join(__dir__, "../../bin/git-credential-store-immutable")

data/lib/dependabot/update_checkers/README.md

@@ -14,7 +14,7 @@ Each `Dependabot::UpdateCheckers` class implements the following methods:
 |------------------------------|-----------------------------------------------------------------------------------------------|
 | `#up_to_date?`               | Returns a boolean for whether the dependency this instance was created with is currently at the latest version. |
 | `#can_update?`               | Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable. |
-| `#updated_dependencies`      | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous valuse are stored on the instance as `previous_version` and `previous_requirements`. |
+| `#updated_dependencies`      | Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous values are stored on the instance as `previous_version` and `previous_requirements`. |
 | `#latest_version`            | See the "Writing an update checker" section. |
 | `#latest_resolvable_version` | See the "Writing an update checker" section. |
 | `#updated_requirements`      | See the "Writing an update checker" section. |

data/lib/dependabot/update_checkers/base.rb

@@ -208,7 +208,7 @@ module Dependabot
 
         # If a lockfile isn't out of date and the package has switched to a git
         # source then we'll get a numeric version switching to a git SHA. In
-        # this case we treat the verison as up-to-date so that it's ignored.
+        # this case we treat the version as up-to-date so that it's ignored.
         return true if latest_version.to_s.match?(/^[0-9a-f]{40}$/)
 
         latest_version <= version_class.new(dependency.version)

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.113.15"
+  VERSION = "0.113.16"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.113.15
+  version: 0.113.16
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-18 00:00:00.000000000 Z
+date: 2019-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit