dependabot-common 0.114.1 → 0.115.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0ca4c300e6913173c89d9d025b5bcd1e78c0b68fed9fe9471ab0d2c7dc730b60
|
|
4
|
+
data.tar.gz: 7b071b023ae3be15e218dccbc723e5dd3b302859818117faa1ed5be43bbdfee3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 00f07caa0d24f1418c94449654b9c9e51f535297db7c38cf4d65a9163d9fd205780a0976bdb92aa14c8e7790f9c5e2c5f75936880f29b16e421c256e9484a454
|
|
7
|
+
data.tar.gz: b90acfa364d72c9e6892fdbc7203b6c1e2003929efb89428c21482bd395ed187e92e24efdef09c7e360667191ce2dbb1ba6cb6c90106f302e33f2a504c9dd988
|
|
@@ -292,7 +292,7 @@ module Dependabot
|
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
dependencies.map do |dep|
|
|
295
|
-
msg = "\
|
|
295
|
+
msg = "\nUpdates `#{dep.display_name}` from "\
|
|
296
296
|
"#{previous_version(dep)} to #{new_version(dep)}"
|
|
297
297
|
|
|
298
298
|
if vulnerabilities_fixed[dep.name]&.one?
|
|
@@ -314,7 +314,7 @@ module Dependabot
|
|
|
314
314
|
msg += commits_cascade(dep)
|
|
315
315
|
msg += maintainer_changes_cascade(dep)
|
|
316
316
|
msg += "\n<br />" unless msg == ""
|
|
317
|
-
sanitize_links_and_mentions(msg)
|
|
317
|
+
"\n" + sanitize_links_and_mentions(msg)
|
|
318
318
|
end
|
|
319
319
|
|
|
320
320
|
def vulnerabilities_cascade(dep)
|
|
@@ -438,9 +438,9 @@ module Dependabot
|
|
|
438
438
|
if source.provider == ("azure" || "codecommit")
|
|
439
439
|
"\n\##{summary}\n\n#{body}"
|
|
440
440
|
else
|
|
441
|
-
msg = "
|
|
441
|
+
msg = "<details>\n<summary>#{summary}</summary>\n\n"
|
|
442
442
|
msg += body
|
|
443
|
-
msg + "</details
|
|
443
|
+
msg + "</details>\n"
|
|
444
444
|
end
|
|
445
445
|
end
|
|
446
446
|
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "commonmarker"
|
|
3
4
|
require "strscan"
|
|
4
5
|
require "dependabot/pull_request_creator/message_builder"
|
|
5
6
|
|
|
@@ -46,11 +47,11 @@ module Dependabot
|
|
|
46
47
|
delimiter = line.match(CODEBLOCK_REGEX)&.to_s
|
|
47
48
|
unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
|
|
48
49
|
line = sanitize_mentions(line)
|
|
49
|
-
line = sanitize_links(line)
|
|
50
50
|
end
|
|
51
51
|
lines << line
|
|
52
52
|
end
|
|
53
|
-
|
|
53
|
+
|
|
54
|
+
sanitize_links(lines.join)
|
|
54
55
|
end
|
|
55
56
|
|
|
56
57
|
private
|
|
@@ -60,8 +61,8 @@ module Dependabot
|
|
|
60
61
|
next mention if mention.end_with?("/")
|
|
61
62
|
|
|
62
63
|
last_match = Regexp.last_match
|
|
63
|
-
|
|
64
64
|
sanitized_mention = mention.gsub("@", "@​")
|
|
65
|
+
|
|
65
66
|
if last_match.pre_match.chars.last == "[" &&
|
|
66
67
|
last_match.post_match.chars.first == "]"
|
|
67
68
|
sanitized_mention
|
|
@@ -73,23 +74,30 @@ module Dependabot
|
|
|
73
74
|
end
|
|
74
75
|
|
|
75
76
|
def sanitize_links(text)
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
if
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
77
|
+
# We rely on GitHub to do the HTML sanitization
|
|
78
|
+
options = %i(UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING)
|
|
79
|
+
extensions = %i(table tasklist strikethrough autolink tagfilter)
|
|
80
|
+
|
|
81
|
+
doc = CommonMarker.render_doc(text, :LIBERAL_HTML_TAG, extensions)
|
|
82
|
+
|
|
83
|
+
doc.walk do |node|
|
|
84
|
+
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
|
85
|
+
node.each do |subnode|
|
|
86
|
+
last_match = subnode.string_content.match(GITHUB_REF_REGEX)
|
|
87
|
+
next unless subnode.type == :text && last_match
|
|
88
|
+
|
|
89
|
+
number = last_match.named_captures.fetch("number")
|
|
90
|
+
repo = last_match.named_captures.fetch("repo")
|
|
91
|
+
subnode.string_content = "#{repo}##{number}"
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
node.url = node.url.gsub(
|
|
95
|
+
"github.com", github_redirection_service || "github.com"
|
|
96
|
+
)
|
|
91
97
|
end
|
|
92
98
|
end
|
|
99
|
+
|
|
100
|
+
doc.to_html(options, extensions)
|
|
93
101
|
end
|
|
94
102
|
end
|
|
95
103
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.115.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-12-
|
|
11
|
+
date: 2019-12-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -58,6 +58,20 @@ dependencies:
|
|
|
58
58
|
- - "<"
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: 3.0.0
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
name: commonmarker
|
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - "~>"
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: 0.20.1
|
|
68
|
+
type: :runtime
|
|
69
|
+
prerelease: false
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - "~>"
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: 0.20.1
|
|
61
75
|
- !ruby/object:Gem::Dependency
|
|
62
76
|
name: docker_registry2
|
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|