dependabot-common 0.114.1 → 0.115.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ca4c300e6913173c89d9d025b5bcd1e78c0b68fed9fe9471ab0d2c7dc730b60
|
4
|
+
data.tar.gz: 7b071b023ae3be15e218dccbc723e5dd3b302859818117faa1ed5be43bbdfee3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00f07caa0d24f1418c94449654b9c9e51f535297db7c38cf4d65a9163d9fd205780a0976bdb92aa14c8e7790f9c5e2c5f75936880f29b16e421c256e9484a454
|
7
|
+
data.tar.gz: b90acfa364d72c9e6892fdbc7203b6c1e2003929efb89428c21482bd395ed187e92e24efdef09c7e360667191ce2dbb1ba6cb6c90106f302e33f2a504c9dd988
|
@@ -292,7 +292,7 @@ module Dependabot
|
|
292
292
|
end
|
293
293
|
|
294
294
|
dependencies.map do |dep|
|
295
|
-
msg = "\
|
295
|
+
msg = "\nUpdates `#{dep.display_name}` from "\
|
296
296
|
"#{previous_version(dep)} to #{new_version(dep)}"
|
297
297
|
|
298
298
|
if vulnerabilities_fixed[dep.name]&.one?
|
@@ -314,7 +314,7 @@ module Dependabot
|
|
314
314
|
msg += commits_cascade(dep)
|
315
315
|
msg += maintainer_changes_cascade(dep)
|
316
316
|
msg += "\n<br />" unless msg == ""
|
317
|
-
sanitize_links_and_mentions(msg)
|
317
|
+
"\n" + sanitize_links_and_mentions(msg)
|
318
318
|
end
|
319
319
|
|
320
320
|
def vulnerabilities_cascade(dep)
|
@@ -438,9 +438,9 @@ module Dependabot
|
|
438
438
|
if source.provider == ("azure" || "codecommit")
|
439
439
|
"\n\##{summary}\n\n#{body}"
|
440
440
|
else
|
441
|
-
msg = "
|
441
|
+
msg = "<details>\n<summary>#{summary}</summary>\n\n"
|
442
442
|
msg += body
|
443
|
-
msg + "</details
|
443
|
+
msg + "</details>\n"
|
444
444
|
end
|
445
445
|
end
|
446
446
|
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "commonmarker"
|
3
4
|
require "strscan"
|
4
5
|
require "dependabot/pull_request_creator/message_builder"
|
5
6
|
|
@@ -46,11 +47,11 @@ module Dependabot
|
|
46
47
|
delimiter = line.match(CODEBLOCK_REGEX)&.to_s
|
47
48
|
unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
|
48
49
|
line = sanitize_mentions(line)
|
49
|
-
line = sanitize_links(line)
|
50
50
|
end
|
51
51
|
lines << line
|
52
52
|
end
|
53
|
-
|
53
|
+
|
54
|
+
sanitize_links(lines.join)
|
54
55
|
end
|
55
56
|
|
56
57
|
private
|
@@ -60,8 +61,8 @@ module Dependabot
|
|
60
61
|
next mention if mention.end_with?("/")
|
61
62
|
|
62
63
|
last_match = Regexp.last_match
|
63
|
-
|
64
64
|
sanitized_mention = mention.gsub("@", "@​")
|
65
|
+
|
65
66
|
if last_match.pre_match.chars.last == "[" &&
|
66
67
|
last_match.post_match.chars.first == "]"
|
67
68
|
sanitized_mention
|
@@ -73,23 +74,30 @@ module Dependabot
|
|
73
74
|
end
|
74
75
|
|
75
76
|
def sanitize_links(text)
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
if
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
77
|
+
# We rely on GitHub to do the HTML sanitization
|
78
|
+
options = %i(UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING)
|
79
|
+
extensions = %i(table tasklist strikethrough autolink tagfilter)
|
80
|
+
|
81
|
+
doc = CommonMarker.render_doc(text, :LIBERAL_HTML_TAG, extensions)
|
82
|
+
|
83
|
+
doc.walk do |node|
|
84
|
+
if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
|
85
|
+
node.each do |subnode|
|
86
|
+
last_match = subnode.string_content.match(GITHUB_REF_REGEX)
|
87
|
+
next unless subnode.type == :text && last_match
|
88
|
+
|
89
|
+
number = last_match.named_captures.fetch("number")
|
90
|
+
repo = last_match.named_captures.fetch("repo")
|
91
|
+
subnode.string_content = "#{repo}##{number}"
|
92
|
+
end
|
93
|
+
|
94
|
+
node.url = node.url.gsub(
|
95
|
+
"github.com", github_redirection_service || "github.com"
|
96
|
+
)
|
91
97
|
end
|
92
98
|
end
|
99
|
+
|
100
|
+
doc.to_html(options, extensions)
|
93
101
|
end
|
94
102
|
end
|
95
103
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.115.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-12-
|
11
|
+
date: 2019-12-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -58,6 +58,20 @@ dependencies:
|
|
58
58
|
- - "<"
|
59
59
|
- !ruby/object:Gem::Version
|
60
60
|
version: 3.0.0
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: commonmarker
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - "~>"
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: 0.20.1
|
68
|
+
type: :runtime
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - "~>"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: 0.20.1
|
61
75
|
- !ruby/object:Gem::Dependency
|
62
76
|
name: docker_registry2
|
63
77
|
requirement: !ruby/object:Gem::Requirement
|