dependabot-common 0.113.8 → 0.113.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e237dcfe1f60fe9dc9e264f5119d916c6498bf11180ab832067f8f50e40053c4
-  data.tar.gz: 739ba909c900ebc9635ff04f312237e6c3e3f9a66e651da9194c66df83bda86e
+  metadata.gz: 60e3f6c2910095cf1e21ab00b6d1336c09c21cc90b570726e78c9960247c3967
+  data.tar.gz: 455b12c4441a1f7fb9c02cbbb2f09c97ed6062f469a65fef0f3f14cd22c5896f
 SHA512:
-  metadata.gz: a2e013639daedfa94637e55ad67e54c6e1be464ea6e2bc4074831cc939e311ed71c8b8aa86502770f0762d311b2fdefb9618b5a59ab57e2e0113a7a6d0a5296d
-  data.tar.gz: 51ba82962b4df0eeb9700c80763d791315ceb4f09fcaed69cc5d4d7921a6564ffef716fd2dc01fc69d177c15bd956516f766d1f6ee77a22d802323dc1b8a4859
+  metadata.gz: cdd202276dd4fd64fde6eefb90cba469cd6664b3fc08980034aff0ee0c6c9e0b9d979ef0e8df321034a818c768b94a03c8dde71762919f062f2a3df2a71d6692
+  data.tar.gz: 8948467061cc76c797e9ca2697d26cb143766eee9f54aed8a0e5adefa7e61296148943987ddcbf9f9d01f6d9436aa8392bce189ea52481827fa19ad15fc503c2

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "strscan"
 require "dependabot/pull_request_creator/message_builder"
 
 module Dependabot
@@ -12,18 +13,9 @@ module Dependabot
           github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
           (?:issue|pull)s?/(?<number>\d+)
         }x.freeze
-
-        # Note that we're being deliberately careful about not matching
-        # different length strings of what look like code block quotes. By
-        # doing so we err on the side of sanitizing, which is *much* better
-        # than accidentally not sanitizing.
-        #
-        # rubocop:disable Style/RegexpLiteral
-        CODEBLOCK_REGEX = %r{
-          (?=[\s]`{3}[^`])|(?=[\s]`{3}\Z)|(?=\A`{3}[^`])|
-          (?=[\s]~{3}[^~])|(?=[\s]~{3}\Z)|(?=\A~{3}[^~])
-        }x.freeze
-        # rubocop:enable Style/RegexpLiteral
+        CODEBLOCK_REGEX = /```|~~~/.freeze
+        # End of string
+        EOS_REGEX = /\z/.freeze
 
         attr_reader :github_redirection_service
 
@@ -33,18 +25,20 @@ module Dependabot
 
         def sanitize_links_and_mentions(text:)
           # We don't want to sanitize any links or mentions that are contained
-          # within code blocks, so we split the text on "```"
-          snippets = text.split(CODEBLOCK_REGEX)
-          if snippets.first&.start_with?(CODEBLOCK_REGEX)
-            snippets = ["", *snippets]
+          # within code blocks, so we split the text on "```" or "~~~"
+          lines = []
+          scan = StringScanner.new(text)
+          until scan.eos?
+            line = scan.scan_until(CODEBLOCK_REGEX) ||
+                   scan.scan_until(EOS_REGEX)
+            delimiter = line.match(CODEBLOCK_REGEX)&.to_s
+            unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
+              line = sanitize_mentions(line)
+              line = sanitize_links(line)
+            end
+            lines << line
           end
-
-          snippets.map.with_index do |snippet, index|
-            next snippet if index.odd?
-
-            snippet = sanitize_mentions(snippet)
-            sanitize_links(snippet)
-          end.join
+          lines.join
         end
 
         private

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.113.8"
+  VERSION = "0.113.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.113.8
+  version: 0.113.9
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-02 00:00:00.000000000 Z
+date: 2019-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit