dependabot-common 0.115.1 → 0.115.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d7196b4b5c1f3063bc3dd7f21d5155c09ced32409935b5c67a036935c96a8ded
4
- data.tar.gz: e5905c9c2cf7c06791f3ec8a85aeaf679c2eb56f92924a3a34b266fce2de75c1
3
+ metadata.gz: ab043ac61d68f051ee37b932fd0c13abdab6570877a3daf992c92de594838877
4
+ data.tar.gz: cab7b77dabfc106e699da58f2c4ddf304a76e60823a3172da2958bcac38f633c
5
5
  SHA512:
6
- metadata.gz: 3af572658b380f0dac66a9bcc43ac10be22be37f6e7d8e8f05db839598cbfbadae0dd80b71c3d5dc486a2591183d2c3d6127e15500b110b259bc334e753f8913
7
- data.tar.gz: e5f07f144b18ae7fe22821bba1181414b95530f7f20b9fdfc351f8a9e03d0ba26b1d3c8d65710fff37d8186a466cfaa3e4173c7c72bdd4db1dbe37914ba50fe5
6
+ metadata.gz: 98cfd039b43f695b37c5466925271c39960b445f43349a9202348b8ee7a334653997cd3b47299fcc463a4bc7f3424e27f0057411cdb4775e94378f306d15025e
7
+ data.tar.gz: f16086153e97711f3adba45dda4745229d2b712a4a4802053bc0a17daebcec23858dbf79ddfaa41723030c672f3f9410854ccd618e0c3296fe81b8ed1f7abd60
@@ -351,7 +351,6 @@ module Dependabot
351
351
  end
352
352
 
353
353
  # rubocop:disable Metrics/AbcSize
354
- # rubocop:disable Metrics/MethodLength
355
354
  def _fetch_file_content_from_github(path, repo, commit)
356
355
  tmp = github_client.contents(repo, path: path, ref: commit)
357
356
 
@@ -388,7 +387,6 @@ module Dependabot
388
387
  Base64.decode64(tmp.content).force_encoding("UTF-8").encode
389
388
  end
390
389
  # rubocop:enable Metrics/AbcSize
391
- # rubocop:enable Metrics/MethodLength
392
390
 
393
391
  def default_branch_for_repo
394
392
  @default_branch_for_repo ||= client_for_provider.
@@ -60,8 +60,6 @@ module Dependabot
60
60
  dependencies.find { |d| d.name&.downcase == name&.downcase }
61
61
  end
62
62
 
63
- # rubocop:disable Metrics/AbcSize
64
- # rubocop:disable Metrics/CyclomaticComplexity
65
63
  # rubocop:disable Metrics/PerceivedComplexity
66
64
  def combined_dependency(old_dep, new_dep)
67
65
  package_manager = old_dep.package_manager
@@ -91,8 +89,7 @@ module Dependabot
91
89
  subdependency_metadata: subdependency_metadata
92
90
  )
93
91
  end
94
- # rubocop:enable Metrics/AbcSize
95
- # rubocop:enable Metrics/CyclomaticComplexity
92
+
96
93
  # rubocop:enable Metrics/PerceivedComplexity
97
94
  end
98
95
  end
@@ -11,8 +11,6 @@ require "dependabot/utils"
11
11
  require "dependabot/source"
12
12
  require "dependabot/dependency"
13
13
  require "dependabot/git_metadata_fetcher"
14
-
15
- # rubocop:disable Metrics/ClassLength
16
14
  module Dependabot
17
15
  class GitCommitChecker
18
16
  VERSION_REGEX = /
@@ -362,4 +360,3 @@ module Dependabot
362
360
  end
363
361
  end
364
362
  end
365
- # rubocop:enable Metrics/ClassLength
@@ -8,8 +8,6 @@ require "dependabot/clients/gitlab_with_retries"
8
8
  require "dependabot/clients/bitbucket_with_retries"
9
9
  require "dependabot/shared_helpers"
10
10
  require "dependabot/metadata_finders/base"
11
-
12
- # rubocop:disable Metrics/ClassLength
13
11
  module Dependabot
14
12
  module MetadataFinders
15
13
  class Base
@@ -382,4 +380,3 @@ module Dependabot
382
380
  end
383
381
  end
384
382
  end
385
- # rubocop:enable Metrics/ClassLength
@@ -22,7 +22,6 @@ module Dependabot
22
22
  end
23
23
 
24
24
  # rubocop:disable Metrics/PerceivedComplexity
25
- # rubocop:disable Metrics/CyclomaticComplexity
26
25
  def pruned_text
27
26
  changelog_lines = changelog_text.split("\n")
28
27
 
@@ -53,7 +52,6 @@ module Dependabot
53
52
  changelog_lines.slice(slice_range).join("\n").sub(/\n*\z/, "")
54
53
  end
55
54
  # rubocop:enable Metrics/PerceivedComplexity
56
- # rubocop:enable Metrics/CyclomaticComplexity
57
55
 
58
56
  private
59
57
 
@@ -70,7 +68,6 @@ module Dependabot
70
68
  changelog_line_for_version(new_version)
71
69
  end
72
70
 
73
- # rubocop:disable Metrics/CyclomaticComplexity
74
71
  # rubocop:disable Metrics/PerceivedComplexity
75
72
  def changelog_line_for_version(version)
76
73
  raise "No changelog text" unless changelog_text
@@ -93,7 +90,7 @@ module Dependabot
93
90
  false
94
91
  end
95
92
  end
96
- # rubocop:enable Metrics/CyclomaticComplexity
93
+
97
94
  # rubocop:enable Metrics/PerceivedComplexity
98
95
 
99
96
  def changelog_contains_relevant_versions?
@@ -35,7 +35,6 @@ module Dependabot
35
35
  "#{source.url}/#{path}"
36
36
  end
37
37
 
38
- # rubocop:disable Metrics/CyclomaticComplexity
39
38
  def commits
40
39
  return [] unless source
41
40
  return [] unless new_tag && previous_tag
@@ -48,7 +47,6 @@ module Dependabot
48
47
  else raise "Unexpected source provider '#{source.provider}'"
49
48
  end
50
49
  end
51
- # rubocop:enable Metrics/CyclomaticComplexity
52
50
 
53
51
  def new_tag
54
52
  new_version = dependency.version
@@ -68,7 +66,6 @@ module Dependabot
68
66
 
69
67
  private
70
68
 
71
- # rubocop:disable Metrics/CyclomaticComplexity
72
69
  # rubocop:disable Metrics/PerceivedComplexity
73
70
  def previous_tag
74
71
  previous_version = dependency.previous_version
@@ -88,7 +85,7 @@ module Dependabot
88
85
  lowest_tag_satisfying_previous_requirements
89
86
  end
90
87
  end
91
- # rubocop:enable Metrics/CyclomaticComplexity
88
+
92
89
  # rubocop:enable Metrics/PerceivedComplexity
93
90
 
94
91
  def lowest_tag_satisfying_previous_requirements
@@ -17,9 +17,7 @@ module Dependabot
17
17
  @prefix = prefix
18
18
  end
19
19
 
20
- # rubocop:disable Metrics/AbcSize
21
20
  # rubocop:disable Metrics/PerceivedComplexity
22
- # rubocop:disable Metrics/CyclomaticComplexity
23
21
  def new_branch_name
24
22
  @name ||=
25
23
  begin
@@ -50,9 +48,8 @@ module Dependabot
50
48
  # Some users need branch names without slashes
51
49
  branch_name.gsub("/", separator)
52
50
  end
53
- # rubocop:enable Metrics/AbcSize
51
+
54
52
  # rubocop:enable Metrics/PerceivedComplexity
55
- # rubocop:enable Metrics/CyclomaticComplexity
56
53
 
57
54
  private
58
55
 
@@ -5,8 +5,6 @@ require "securerandom"
5
5
  require "dependabot/clients/github_with_retries"
6
6
  require "dependabot/pull_request_creator"
7
7
  require "dependabot/pull_request_creator/commit_signer"
8
-
9
- # rubocop:disable Metrics/ClassLength
10
8
  module Dependabot
11
9
  class PullRequestCreator
12
10
  class Github
@@ -405,7 +403,6 @@ module Dependabot
405
403
  )
406
404
  end
407
405
 
408
- # rubocop:disable Metrics/CyclomaticComplexity
409
406
  def handle_error(err)
410
407
  case err
411
408
  when Octokit::Forbidden
@@ -425,8 +422,6 @@ module Dependabot
425
422
  raise err
426
423
  end
427
424
  end
428
- # rubocop:enable Metrics/CyclomaticComplexity
429
425
  end
430
426
  end
431
427
  end
432
- # rubocop:enable Metrics/ClassLength
@@ -2,8 +2,6 @@
2
2
 
3
3
  require "octokit"
4
4
  require "dependabot/pull_request_creator"
5
-
6
- # rubocop:disable Metrics/ClassLength
7
5
  module Dependabot
8
6
  class PullRequestCreator
9
7
  class Labeler
@@ -89,7 +87,6 @@ module Dependabot
89
87
  @automerge_candidate
90
88
  end
91
89
 
92
- # rubocop:disable Metrics/CyclomaticComplexity
93
90
  # rubocop:disable Metrics/PerceivedComplexity
94
91
  def update_type
95
92
  return unless dependencies.any?(&:previous_version)
@@ -112,7 +109,7 @@ module Dependabot
112
109
  when 3 then "patch"
113
110
  end
114
111
  end
115
- # rubocop:enable Metrics/CyclomaticComplexity
112
+
116
113
  # rubocop:enable Metrics/PerceivedComplexity
117
114
 
118
115
  def version(dep)
@@ -394,4 +391,3 @@ module Dependabot
394
391
  end
395
392
  end
396
393
  end
397
- # rubocop:enable Metrics/ClassLength
@@ -72,7 +72,6 @@ module Dependabot
72
72
  end
73
73
  end
74
74
 
75
- # rubocop:disable Metrics/AbcSize
76
75
  def application_pr_name
77
76
  pr_name = "bump "
78
77
  pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
@@ -96,7 +95,6 @@ module Dependabot
96
95
  "#{names[0..-2].join(', ')} and #{names[-1]}"
97
96
  end
98
97
  end
99
- # rubocop:enable Metrics/AbcSize
100
98
 
101
99
  def pr_name_prefix
102
100
  pr_name_prefixer.pr_name_prefix
@@ -166,7 +164,6 @@ module Dependabot
166
164
  msg + "to permit the latest version."
167
165
  end
168
166
 
169
- # rubocop:disable Metrics/CyclomaticComplexity
170
167
  # rubocop:disable Metrics/PerceivedComplexity
171
168
  def version_commit_message_intro
172
169
  if dependencies.count > 1 && updating_a_property?
@@ -196,7 +193,7 @@ module Dependabot
196
193
 
197
194
  msg
198
195
  end
199
- # rubocop:enable Metrics/CyclomaticComplexity
196
+
200
197
  # rubocop:enable Metrics/PerceivedComplexity
201
198
 
202
199
  def multidependency_property_intro
@@ -14,21 +14,16 @@ module Dependabot
14
14
  github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
15
15
  (?:issue|pull)s?/(?<number>\d+)
16
16
  }x.freeze
17
- # rubocop:disable Metrics/LineLength
18
- # Context:
19
- # - https://github.github.com/gfm/#fenced-code-block (``` or ~~~)
20
- # (?<=\n|^) Positive look-behind to ensure we start at a line start
21
- # (?>`{3,}|~{3,}) Atomic group marking the beginning of the block (3 or more chars)
22
- # (?>\k<fenceopen>) Atomic group marking the end of the code block (same length as opening)
23
- # - https://github.github.com/gfm/#code-span
24
- # (?<codespanopen>`+) Capturing group marking the beginning of the span (1 or more chars)
25
- # (?![^`]*?\n{2,}) Negative look-ahead to avoid empty lines inside code span
26
- # (?:.|\n)*? Non-capturing group to consume code span content (non-eager)
27
- # (?>\k<codespanopen>) Atomic group marking the end of the code span (same length as opening)
28
- # rubocop:enable Metrics/LineLength
29
- CODEBLOCK_REGEX = /```|~~~/.freeze
17
+ MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
30
18
  # End of string
31
19
  EOS_REGEX = /\z/.freeze
20
+ # We rely on GitHub to do the HTML sanitization
21
+ COMMONMARKER_OPTIONS = %i(
22
+ UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING
23
+ ).freeze
24
+ COMMONMARKER_EXTENSIONS = %i(
25
+ table tasklist strikethrough autolink tagfilter
26
+ ).freeze
32
27
 
33
28
  attr_reader :github_redirection_service
34
29
 
@@ -37,49 +32,33 @@ module Dependabot
37
32
  end
38
33
 
39
34
  def sanitize_links_and_mentions(text:)
40
- # We don't want to sanitize any links or mentions that are contained
41
- # within code blocks, so we split the text on "```" or "~~~"
42
- lines = []
43
- scan = StringScanner.new(text)
44
- until scan.eos?
45
- line = scan.scan_until(CODEBLOCK_REGEX) ||
46
- scan.scan_until(EOS_REGEX)
47
- delimiter = line.match(CODEBLOCK_REGEX)&.to_s
48
- unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
49
- line = sanitize_mentions(line)
50
- end
51
- lines << line
52
- end
35
+ doc = CommonMarker.render_doc(
36
+ text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
37
+ )
53
38
 
54
- sanitize_links(lines.join)
39
+ sanitize_mentions(doc)
40
+ sanitize_links(doc)
41
+ doc.to_html(COMMONMARKER_OPTIONS, COMMONMARKER_EXTENSIONS)
55
42
  end
56
43
 
57
44
  private
58
45
 
59
- def sanitize_mentions(text)
60
- text.gsub(%r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}) do |mention|
61
- next mention if mention.end_with?("/")
46
+ def sanitize_mentions(doc)
47
+ doc.walk do |node|
48
+ if !parent_node_link?(node) && node.type == :text &&
49
+ node.string_content.match?(MENTION_REGEX)
50
+ nodes = build_mention_nodes(node.string_content)
62
51
 
63
- last_match = Regexp.last_match
64
- sanitized_mention = mention.gsub("@", "@&#8203;")
52
+ nodes.each do |n|
53
+ node.insert_before(n)
54
+ end
65
55
 
66
- if last_match.pre_match.chars.last == "[" &&
67
- last_match.post_match.chars.first == "]"
68
- sanitized_mention
69
- else
70
- "[#{sanitized_mention}]"\
71
- "(https://github.com/#{mention.tr('@', '')})"
56
+ node.delete
72
57
  end
73
58
  end
74
59
  end
75
60
 
76
- def sanitize_links(text)
77
- # We rely on GitHub to do the HTML sanitization
78
- options = %i(UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING)
79
- extensions = %i(table tasklist strikethrough autolink tagfilter)
80
-
81
- doc = CommonMarker.render_doc(text, :LIBERAL_HTML_TAG, extensions)
82
-
61
+ def sanitize_links(doc)
83
62
  doc.walk do |node|
84
63
  if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
85
64
  node.each do |subnode|
@@ -96,8 +75,45 @@ module Dependabot
96
75
  )
97
76
  end
98
77
  end
78
+ end
79
+
80
+ def build_mention_nodes(text)
81
+ nodes = []
82
+ scan = StringScanner.new(text)
83
+
84
+ until scan.eos?
85
+ line = scan.scan_until(MENTION_REGEX) ||
86
+ scan.scan_until(EOS_REGEX)
87
+ line_match = line.match(MENTION_REGEX)
88
+ mention = line_match&.to_s
89
+ text_node = CommonMarker::Node.new(:text)
90
+
91
+ if mention && !mention.end_with?("/")
92
+ text_node.string_content = line_match.pre_match
93
+ nodes << text_node
94
+ nodes << create_link_node(
95
+ "https://github.com/#{mention.tr('@', '')}", mention.to_s
96
+ )
97
+ else
98
+ text_node.string_content = line
99
+ nodes << text_node
100
+ end
101
+ end
102
+
103
+ nodes
104
+ end
105
+
106
+ def create_link_node(url, text)
107
+ link_node = CommonMarker::Node.new(:link)
108
+ text_node = CommonMarker::Node.new(:text)
109
+ link_node.url = url
110
+ text_node.string_content = text
111
+ link_node.append_child(text_node)
112
+ link_node
113
+ end
99
114
 
100
- doc.to_html(options, extensions)
115
+ def parent_node_link?(node)
116
+ node.type == :link || node.parent && parent_node_link?(node.parent)
101
117
  end
102
118
  end
103
119
  end
@@ -5,8 +5,6 @@ require "dependabot/clients/codecommit"
5
5
  require "dependabot/clients/github_with_retries"
6
6
  require "dependabot/clients/gitlab_with_retries"
7
7
  require "dependabot/pull_request_creator"
8
-
9
- # rubocop:disable Metrics/ClassLength
10
8
  module Dependabot
11
9
  class PullRequestCreator
12
10
  class PrNamePrefixer
@@ -429,4 +427,3 @@ module Dependabot
429
427
  end
430
428
  end
431
429
  end
432
- # rubocop:enable Metrics/ClassLength
@@ -81,7 +81,6 @@ module Dependabot
81
81
  Shellwords.join(command_parts)
82
82
  end
83
83
 
84
- # rubocop:disable Metrics/MethodLength
85
84
  def self.run_helper_subprocess(command:, function:, args:, env: nil,
86
85
  stderr_to_stdout: false,
87
86
  escape_command_str: true)
@@ -119,7 +118,6 @@ module Dependabot
119
118
  error_context: error_context
120
119
  )
121
120
  end
122
- # rubocop:enable Metrics/MethodLength
123
121
 
124
122
  def self.excon_middleware
125
123
  Excon.defaults[:middlewares] +
@@ -167,8 +165,6 @@ module Dependabot
167
165
  )
168
166
  end
169
167
 
170
- # rubocop:disable Metrics/AbcSize
171
- # rubocop:disable Metrics/MethodLength
172
168
  def self.configure_git_credentials(credentials)
173
169
  # Then add a file-based credential store that loads a file in this repo.
174
170
  # Under the hood this uses git credential-store, but it's invoked through
@@ -212,8 +208,6 @@ module Dependabot
212
208
  # Save the file
213
209
  File.write("git.store", git_store_content)
214
210
  end
215
- # rubocop:enable Metrics/AbcSize
216
- # rubocop:enable Metrics/MethodLength
217
211
 
218
212
  def self.stash_global_git_config
219
213
  return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
@@ -74,7 +74,6 @@ module Dependabot
74
74
  "https://" + hostname + "/" + repo
75
75
  end
76
76
 
77
- # rubocop:disable Metrics/CyclomaticComplexity
78
77
  def url_with_directory
79
78
  return url if [nil, ".", "/"].include?(directory)
80
79
 
@@ -94,7 +93,6 @@ module Dependabot
94
93
  else raise "Unexpected repo provider '#{provider}'"
95
94
  end
96
95
  end
97
- # rubocop:enable Metrics/CyclomaticComplexity
98
96
 
99
97
  def organization
100
98
  repo.split("/").first
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.115.1"
4
+ VERSION = "0.115.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.115.1
4
+ version: 0.115.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-12-19 00:00:00.000000000 Z
11
+ date: 2019-12-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -112,14 +112,14 @@ dependencies:
112
112
  requirements:
113
113
  - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: '4.12'
115
+ version: 4.13.1
116
116
  type: :runtime
117
117
  prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: '4.12'
122
+ version: 4.13.1
123
123
  - !ruby/object:Gem::Dependency
124
124
  name: nokogiri
125
125
  requirement: !ruby/object:Gem::Requirement