dependabot-common 0.115.1 → 0.115.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d7196b4b5c1f3063bc3dd7f21d5155c09ced32409935b5c67a036935c96a8ded
-  data.tar.gz: e5905c9c2cf7c06791f3ec8a85aeaf679c2eb56f92924a3a34b266fce2de75c1
+  metadata.gz: ab043ac61d68f051ee37b932fd0c13abdab6570877a3daf992c92de594838877
+  data.tar.gz: cab7b77dabfc106e699da58f2c4ddf304a76e60823a3172da2958bcac38f633c
 SHA512:
-  metadata.gz: 3af572658b380f0dac66a9bcc43ac10be22be37f6e7d8e8f05db839598cbfbadae0dd80b71c3d5dc486a2591183d2c3d6127e15500b110b259bc334e753f8913
-  data.tar.gz: e5f07f144b18ae7fe22821bba1181414b95530f7f20b9fdfc351f8a9e03d0ba26b1d3c8d65710fff37d8186a466cfaa3e4173c7c72bdd4db1dbe37914ba50fe5
+  metadata.gz: 98cfd039b43f695b37c5466925271c39960b445f43349a9202348b8ee7a334653997cd3b47299fcc463a4bc7f3424e27f0057411cdb4775e94378f306d15025e
+  data.tar.gz: f16086153e97711f3adba45dda4745229d2b712a4a4802053bc0a17daebcec23858dbf79ddfaa41723030c672f3f9410854ccd618e0c3296fe81b8ed1f7abd60

data/lib/dependabot/file_fetchers/base.rb

@@ -351,7 +351,6 @@ module Dependabot
       end
 
       # rubocop:disable Metrics/AbcSize
-      # rubocop:disable Metrics/MethodLength
       def _fetch_file_content_from_github(path, repo, commit)
         tmp = github_client.contents(repo, path: path, ref: commit)
 
@@ -388,7 +387,6 @@ module Dependabot
         Base64.decode64(tmp.content).force_encoding("UTF-8").encode
       end
       # rubocop:enable Metrics/AbcSize
-      # rubocop:enable Metrics/MethodLength
 
       def default_branch_for_repo
         @default_branch_for_repo ||= client_for_provider.

data/lib/dependabot/file_parsers/base/dependency_set.rb

@@ -60,8 +60,6 @@ module Dependabot
           dependencies.find { |d| d.name&.downcase == name&.downcase }
         end
 
-        # rubocop:disable Metrics/AbcSize
-        # rubocop:disable Metrics/CyclomaticComplexity
         # rubocop:disable Metrics/PerceivedComplexity
         def combined_dependency(old_dep, new_dep)
           package_manager = old_dep.package_manager
@@ -91,8 +89,7 @@ module Dependabot
             subdependency_metadata: subdependency_metadata
           )
         end
-        # rubocop:enable Metrics/AbcSize
-        # rubocop:enable Metrics/CyclomaticComplexity
+
         # rubocop:enable Metrics/PerceivedComplexity
       end
     end

data/lib/dependabot/git_commit_checker.rb

@@ -11,8 +11,6 @@ require "dependabot/utils"
 require "dependabot/source"
 require "dependabot/dependency"
 require "dependabot/git_metadata_fetcher"
-
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   class GitCommitChecker
     VERSION_REGEX = /
@@ -362,4 +360,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/metadata_finders/base/changelog_finder.rb

@@ -8,8 +8,6 @@ require "dependabot/clients/gitlab_with_retries"
 require "dependabot/clients/bitbucket_with_retries"
 require "dependabot/shared_helpers"
 require "dependabot/metadata_finders/base"
-
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   module MetadataFinders
     class Base
@@ -382,4 +380,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/metadata_finders/base/changelog_pruner.rb

@@ -22,7 +22,6 @@ module Dependabot
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
-        # rubocop:disable Metrics/CyclomaticComplexity
         def pruned_text
           changelog_lines = changelog_text.split("\n")
 
@@ -53,7 +52,6 @@ module Dependabot
           changelog_lines.slice(slice_range).join("\n").sub(/\n*\z/, "")
         end
         # rubocop:enable Metrics/PerceivedComplexity
-        # rubocop:enable Metrics/CyclomaticComplexity
 
         private
 
@@ -70,7 +68,6 @@ module Dependabot
           changelog_line_for_version(new_version)
         end
 
-        # rubocop:disable Metrics/CyclomaticComplexity
         # rubocop:disable Metrics/PerceivedComplexity
         def changelog_line_for_version(version)
           raise "No changelog text" unless changelog_text
@@ -93,7 +90,7 @@ module Dependabot
             false
           end
         end
-        # rubocop:enable Metrics/CyclomaticComplexity
+
         # rubocop:enable Metrics/PerceivedComplexity
 
         def changelog_contains_relevant_versions?

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -35,7 +35,6 @@ module Dependabot
           "#{source.url}/#{path}"
         end
 
-        # rubocop:disable Metrics/CyclomaticComplexity
         def commits
           return [] unless source
           return [] unless new_tag && previous_tag
@@ -48,7 +47,6 @@ module Dependabot
           else raise "Unexpected source provider '#{source.provider}'"
           end
         end
-        # rubocop:enable Metrics/CyclomaticComplexity
 
         def new_tag
           new_version = dependency.version
@@ -68,7 +66,6 @@ module Dependabot
 
         private
 
-        # rubocop:disable Metrics/CyclomaticComplexity
         # rubocop:disable Metrics/PerceivedComplexity
         def previous_tag
           previous_version = dependency.previous_version
@@ -88,7 +85,7 @@ module Dependabot
             lowest_tag_satisfying_previous_requirements
           end
         end
-        # rubocop:enable Metrics/CyclomaticComplexity
+
         # rubocop:enable Metrics/PerceivedComplexity
 
         def lowest_tag_satisfying_previous_requirements

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -17,9 +17,7 @@ module Dependabot
         @prefix        = prefix
       end
 
-      # rubocop:disable Metrics/AbcSize
       # rubocop:disable Metrics/PerceivedComplexity
-      # rubocop:disable Metrics/CyclomaticComplexity
       def new_branch_name
         @name ||=
           begin
@@ -50,9 +48,8 @@ module Dependabot
         # Some users need branch names without slashes
         branch_name.gsub("/", separator)
       end
-      # rubocop:enable Metrics/AbcSize
+
       # rubocop:enable Metrics/PerceivedComplexity
-      # rubocop:enable Metrics/CyclomaticComplexity
 
       private
 

data/lib/dependabot/pull_request_creator/github.rb

@@ -5,8 +5,6 @@ require "securerandom"
 require "dependabot/clients/github_with_retries"
 require "dependabot/pull_request_creator"
 require "dependabot/pull_request_creator/commit_signer"
-
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   class PullRequestCreator
     class Github
@@ -405,7 +403,6 @@ module Dependabot
           )
       end
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       def handle_error(err)
         case err
         when Octokit::Forbidden
@@ -425,8 +422,6 @@ module Dependabot
           raise err
         end
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/pull_request_creator/labeler.rb

@@ -2,8 +2,6 @@
 
 require "octokit"
 require "dependabot/pull_request_creator"
-
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   class PullRequestCreator
     class Labeler
@@ -89,7 +87,6 @@ module Dependabot
         @automerge_candidate
       end
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
       def update_type
         return unless dependencies.any?(&:previous_version)
@@ -112,7 +109,7 @@ module Dependabot
         when 3 then "patch"
         end
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
+
       # rubocop:enable Metrics/PerceivedComplexity
 
       def version(dep)
@@ -394,4 +391,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -72,7 +72,6 @@ module Dependabot
           end
       end
 
-      # rubocop:disable Metrics/AbcSize
       def application_pr_name
         pr_name = "bump "
         pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
@@ -96,7 +95,6 @@ module Dependabot
             "#{names[0..-2].join(', ')} and #{names[-1]}"
           end
       end
-      # rubocop:enable Metrics/AbcSize
 
       def pr_name_prefix
         pr_name_prefixer.pr_name_prefix
@@ -166,7 +164,6 @@ module Dependabot
         msg + "to permit the latest version."
       end
 
-      # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
       def version_commit_message_intro
         if dependencies.count > 1 && updating_a_property?
@@ -196,7 +193,7 @@ module Dependabot
 
         msg
       end
-      # rubocop:enable Metrics/CyclomaticComplexity
+
       # rubocop:enable Metrics/PerceivedComplexity
 
       def multidependency_property_intro

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -14,21 +14,16 @@ module Dependabot
           github\.com/(?<repo>#{GITHUB_USERNAME}/[^/\s]+)/
           (?:issue|pull)s?/(?<number>\d+)
         }x.freeze
-        # rubocop:disable Metrics/LineLength
-        # Context:
-        # - https://github.github.com/gfm/#fenced-code-block (``` or ~~~)
-        #   (?<=\n|^)         Positive look-behind to ensure we start at a line start
-        #   (?>`{3,}|~{3,})   Atomic group marking the beginning of the block (3 or more chars)
-        #   (?>\k<fenceopen>) Atomic group marking the end of the code block (same length as opening)
-        # - https://github.github.com/gfm/#code-span
-        #   (?<codespanopen>`+)  Capturing group marking the beginning of the span (1 or more chars)
-        #   (?![^`]*?\n{2,})     Negative look-ahead to avoid empty lines inside code span
-        #   (?:.|\n)*?           Non-capturing group to consume code span content (non-eager)
-        #   (?>\k<codespanopen>) Atomic group marking the end of the code span (same length as opening)
-        # rubocop:enable Metrics/LineLength
-        CODEBLOCK_REGEX = /```|~~~/.freeze
+        MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
         # End of string
         EOS_REGEX = /\z/.freeze
+        # We rely on GitHub to do the HTML sanitization
+        COMMONMARKER_OPTIONS = %i(
+          UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING
+        ).freeze
+        COMMONMARKER_EXTENSIONS = %i(
+          table tasklist strikethrough autolink tagfilter
+        ).freeze
 
         attr_reader :github_redirection_service
 
@@ -37,49 +32,33 @@ module Dependabot
         end
 
         def sanitize_links_and_mentions(text:)
-          # We don't want to sanitize any links or mentions that are contained
-          # within code blocks, so we split the text on "```" or "~~~"
-          lines = []
-          scan = StringScanner.new(text)
-          until scan.eos?
-            line = scan.scan_until(CODEBLOCK_REGEX) ||
-                   scan.scan_until(EOS_REGEX)
-            delimiter = line.match(CODEBLOCK_REGEX)&.to_s
-            unless delimiter && lines.count { |l| l.include?(delimiter) }.odd?
-              line = sanitize_mentions(line)
-            end
-            lines << line
-          end
+          doc = CommonMarker.render_doc(
+            text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
+          )
 
-          sanitize_links(lines.join)
+          sanitize_mentions(doc)
+          sanitize_links(doc)
+          doc.to_html(COMMONMARKER_OPTIONS, COMMONMARKER_EXTENSIONS)
         end
 
         private
 
-        def sanitize_mentions(text)
-          text.gsub(%r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}) do |mention|
-            next mention if mention.end_with?("/")
+        def sanitize_mentions(doc)
+          doc.walk do |node|
+            if !parent_node_link?(node) && node.type == :text &&
+               node.string_content.match?(MENTION_REGEX)
+              nodes = build_mention_nodes(node.string_content)
 
-            last_match = Regexp.last_match
-            sanitized_mention = mention.gsub("@", "@&#8203;")
+              nodes.each do |n|
+                node.insert_before(n)
+              end
 
-            if last_match.pre_match.chars.last == "[" &&
-               last_match.post_match.chars.first == "]"
-              sanitized_mention
-            else
-              "[#{sanitized_mention}]"\
-              "(https://github.com/#{mention.tr('@', '')})"
+              node.delete
             end
           end
         end
 
-        def sanitize_links(text)
-          # We rely on GitHub to do the HTML sanitization
-          options = %i(UNSAFE GITHUB_PRE_LANG FULL_INFO_STRING)
-          extensions = %i(table tasklist strikethrough autolink tagfilter)
-
-          doc = CommonMarker.render_doc(text, :LIBERAL_HTML_TAG, extensions)
-
+        def sanitize_links(doc)
           doc.walk do |node|
             if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
               node.each do |subnode|
@@ -96,8 +75,45 @@ module Dependabot
               )
             end
           end
+        end
+
+        def build_mention_nodes(text)
+          nodes = []
+          scan = StringScanner.new(text)
+
+          until scan.eos?
+            line = scan.scan_until(MENTION_REGEX) ||
+                   scan.scan_until(EOS_REGEX)
+            line_match = line.match(MENTION_REGEX)
+            mention = line_match&.to_s
+            text_node = CommonMarker::Node.new(:text)
+
+            if mention && !mention.end_with?("/")
+              text_node.string_content = line_match.pre_match
+              nodes << text_node
+              nodes << create_link_node(
+                "https://github.com/#{mention.tr('@', '')}", mention.to_s
+              )
+            else
+              text_node.string_content = line
+              nodes << text_node
+            end
+          end
+
+          nodes
+        end
+
+        def create_link_node(url, text)
+          link_node = CommonMarker::Node.new(:link)
+          text_node = CommonMarker::Node.new(:text)
+          link_node.url = url
+          text_node.string_content = text
+          link_node.append_child(text_node)
+          link_node
+        end
 
-          doc.to_html(options, extensions)
+        def parent_node_link?(node)
+          node.type == :link || node.parent && parent_node_link?(node.parent)
         end
       end
     end

data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb

@@ -5,8 +5,6 @@ require "dependabot/clients/codecommit"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
 require "dependabot/pull_request_creator"
-
-# rubocop:disable Metrics/ClassLength
 module Dependabot
   class PullRequestCreator
     class PrNamePrefixer
@@ -429,4 +427,3 @@ module Dependabot
     end
   end
 end
-# rubocop:enable Metrics/ClassLength

data/lib/dependabot/shared_helpers.rb

@@ -81,7 +81,6 @@ module Dependabot
       Shellwords.join(command_parts)
     end
 
-    # rubocop:disable Metrics/MethodLength
     def self.run_helper_subprocess(command:, function:, args:, env: nil,
                                    stderr_to_stdout: false,
                                    escape_command_str: true)
@@ -119,7 +118,6 @@ module Dependabot
         error_context: error_context
       )
     end
-    # rubocop:enable Metrics/MethodLength
 
     def self.excon_middleware
       Excon.defaults[:middlewares] +
@@ -167,8 +165,6 @@ module Dependabot
       )
     end
 
-    # rubocop:disable Metrics/AbcSize
-    # rubocop:disable Metrics/MethodLength
     def self.configure_git_credentials(credentials)
       # Then add a file-based credential store that loads a file in this repo.
       # Under the hood this uses git credential-store, but it's invoked through
@@ -212,8 +208,6 @@ module Dependabot
       # Save the file
       File.write("git.store", git_store_content)
     end
-    # rubocop:enable Metrics/AbcSize
-    # rubocop:enable Metrics/MethodLength
 
     def self.stash_global_git_config
       return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)

data/lib/dependabot/source.rb

@@ -74,7 +74,6 @@ module Dependabot
       "https://" + hostname + "/" + repo
     end
 
-    # rubocop:disable Metrics/CyclomaticComplexity
     def url_with_directory
       return url if [nil, ".", "/"].include?(directory)
 
@@ -94,7 +93,6 @@ module Dependabot
       else raise "Unexpected repo provider '#{provider}'"
       end
     end
-    # rubocop:enable Metrics/CyclomaticComplexity
 
     def organization
       repo.split("/").first

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.115.1"
+  VERSION = "0.115.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.115.1
+  version: 0.115.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-19 00:00:00.000000000 Z
+date: 2019-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -112,14 +112,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '4.12'
+        version: 4.13.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '4.12'
+        version: 4.13.1
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement