dependabot-common 0.117.1 → 0.117.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/pull_request_creator/message_builder.rb +12 -4
  3. data/lib/dependabot/update_checkers/base.rb +17 -9
  4. data/lib/dependabot/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da31cdf9fa8f40313defdb4b84d5806562865aa98df2eb6c44b5fbd06543defa
4
- data.tar.gz: 68452781baab5abaf742e37c033088d1aabba5b5edbd53088ad3d8bb3c666ff8
3
+ metadata.gz: 14cdb8046ea54f46ad93439ad3f67cd803f00b6905ecce3d8edf26fa0857c686
4
+ data.tar.gz: 5b9174ab20e524e54eddb09bc48151ea1a8fea0912bf0b5c47e3a7b50c25762b
5
5
  SHA512:
6
- metadata.gz: cb01ed587b5f7732ab9dc581069ccb26145c3375bc599cd6eb4df6710951f27c94f69de1ddb483da6f03024de0180a575fa0bd43bb68d2cb5009109a9c4d6958
7
- data.tar.gz: 7c78d34e24431ff63ccab09957a91c61db07faaeb647809a26171df065e1349780e2449908b2d40bf70f4a3b13c3b77ea969b6e653eff4368edb73d91d2a0a0f
6
+ metadata.gz: 0312a8c36d969f3936ec0bd938b310aaa736ee59bb8be3c3200c59f6bf4ec2a9fbf1da60f468143d46ef682ae1a2d7092b4523f26d51e4ba786db7196c6ac1a9
7
+ data.tar.gz: c303d8bc132a106dacbce6a77e9b473c0e3a08cb2f1cdd3b0c967ffa62720f404aa1e54e1e49e627c43e592f3c4971b729dc3c166a989e4cc7beb2f77c9fb932
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -303,6 +303,8 @@ module Dependabot
303
303
  end
304
304
 
305
305
  def metadata_cascades_for_dep(dep)
306
+ break_tag = source_provider_supports_html? ? "\n<br />" : "\n\n"
307
+
306
308
  msg = ""
307
309
  msg += vulnerabilities_cascade(dep)
308
310
  msg += release_cascade(dep)
@@ -310,7 +312,7 @@ module Dependabot
310
312
  msg += upgrade_guide_cascade(dep)
311
313
  msg += commits_cascade(dep)
312
314
  msg += maintainer_changes_cascade(dep)
313
- msg += "\n<br />" unless msg == ""
315
+ msg += break_tag unless msg == ""
314
316
  "\n" + sanitize_links_and_mentions(msg)
315
317
  end
316
318
 
@@ -432,15 +434,19 @@ module Dependabot
432
434
  def build_details_tag(summary:, body:)
433
435
  # Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
434
436
  # CodeCommit does not support the <details> tag (no url available)
435
- if source.provider == ("azure" || "codecommit")
436
- "\n\##{summary}\n\n#{body}"
437
- else
437
+ if source_provider_supports_html?
438
438
  msg = "<details>\n<summary>#{summary}</summary>\n\n"
439
439
  msg += body
440
440
  msg + "</details>\n"
441
+ else
442
+ "\n\##{summary}\n\n#{body}"
441
443
  end
442
444
  end
443
445
 
446
+ def source_provider_supports_html?
447
+ !%w(azure codecommit).include?(source.provider)
448
+ end
449
+
444
450
  def serialized_vulnerability_details(details)
445
451
  msg = vulnerability_source_line(details)
446
452
 
@@ -659,6 +665,8 @@ module Dependabot
659
665
  end
660
666
 
661
667
  def sanitize_links_and_mentions(text)
668
+ return text unless source.provider == "github"
669
+
662
670
  LinkAndMentionSanitizer.
663
671
  new(github_redirection_service: github_redirection_service).
664
672
  sanitize_links_and_mentions(text: text)
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -243,12 +243,22 @@ module Dependabot
243
243
  end
244
244
 
245
245
  def requirements_up_to_date?
246
- return true if (updated_requirements - dependency.requirements).none?
247
- return false unless latest_version
248
- return false unless version_class.correct?(latest_version.to_s)
249
- return false unless version_from_requirements
246
+ if can_compare_requirements?
247
+ return (version_from_requirements >=
248
+ version_class.new(latest_version.to_s))
249
+ end
250
+
251
+ changed_requirements.none?
252
+ end
250
253
 
251
- version_from_requirements >= version_class.new(latest_version.to_s)
254
+ def can_compare_requirements?
255
+ version_from_requirements &&
256
+ latest_version &&
257
+ version_class.correct?(latest_version.to_s)
258
+ end
259
+
260
+ def changed_requirements
261
+ (updated_requirements - dependency.requirements)
252
262
  end
253
263
 
254
264
  def version_from_requirements
@@ -262,11 +272,9 @@ module Dependabot
262
272
  end
263
273
 
264
274
  def requirements_can_update?
265
- changed_reqs = updated_requirements - dependency.requirements
266
-
267
- return false if changed_reqs.none?
275
+ return false if changed_requirements.none?
268
276
 
269
- changed_reqs.none? { |r| r[:requirement] == :unfixable }
277
+ changed_requirements.none? { |r| r[:requirement] == :unfixable }
270
278
  end
271
279
 
272
280
  def ignore_reqs
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.117.1"
4
+ VERSION = "0.117.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.1
4
+ version: 0.117.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-03-05 00:00:00.000000000 Z
11
+ date: 2020-03-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit