dependabot-common 0.119.4 → 0.119.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dependabot-common might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ac20c5d159264edb3113a4e495d02e6c32f5e6aadb5cda883587aeabae475dde
|
4
|
+
data.tar.gz: d5086bb6a7669add859859632b19b2d4e8ddddc9d637f63a2fb101bcb30d92ef
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5c1cfdfdba4439500593adc35ca3bca20f32d55c0cf4e7436f09caa1b443cca135eee7607ef8c7dc7e5d385b66556d8f1698b80568f2e6068888faa8a76acc79
|
7
|
+
data.tar.gz: bb518e222b1fd04d0bccd69951ac5d7b58220ef1ed6ed8c7ad29825138f39632b4f605ec314776b14bce59e51025048cdd965aebf33445a9e0419f32b399d2d2
|
@@ -10,6 +10,7 @@ require "dependabot/pull_request_creator"
|
|
10
10
|
module Dependabot
|
11
11
|
class PullRequestCreator
|
12
12
|
class MessageBuilder
|
13
|
+
require_relative "message_builder/metadata_presenter"
|
13
14
|
require_relative "message_builder/issue_linker"
|
14
15
|
require_relative "message_builder/link_and_mention_sanitizer"
|
15
16
|
require_relative "pr_name_prefixer"
|
@@ -312,242 +313,20 @@ module Dependabot
|
|
312
313
|
end.join
|
313
314
|
end
|
314
315
|
|
315
|
-
def metadata_cascades_for_dep(
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
msg += commits_cascade(dep)
|
324
|
-
msg += maintainer_changes_cascade(dep)
|
325
|
-
msg += break_tag unless msg == ""
|
326
|
-
"\n" + sanitize_links_and_mentions(msg, unsafe: true)
|
327
|
-
end
|
328
|
-
|
329
|
-
def vulnerabilities_cascade(dep)
|
330
|
-
fixed_vulns = vulnerabilities_fixed[dep.name]
|
331
|
-
return "" unless fixed_vulns&.any?
|
332
|
-
|
333
|
-
msg = ""
|
334
|
-
fixed_vulns.each { |v| msg += serialized_vulnerability_details(v) }
|
335
|
-
msg = sanitize_template_tags(msg)
|
336
|
-
msg = sanitize_links_and_mentions(msg)
|
337
|
-
|
338
|
-
build_details_tag(summary: "Vulnerabilities fixed", body: msg)
|
339
|
-
end
|
340
|
-
|
341
|
-
def release_cascade(dep)
|
342
|
-
return "" unless releases_text(dep) && releases_url(dep)
|
343
|
-
|
344
|
-
msg = "*Sourced from [#{dep.display_name}'s releases]"\
|
345
|
-
"(#{releases_url(dep)}).*\n\n"
|
346
|
-
msg +=
|
347
|
-
begin
|
348
|
-
release_note_lines = releases_text(dep).split("\n").first(50)
|
349
|
-
release_note_lines = release_note_lines.map { |line| "> #{line}\n" }
|
350
|
-
if release_note_lines.count == 50
|
351
|
-
release_note_lines << truncated_line
|
352
|
-
end
|
353
|
-
release_note_lines.join
|
354
|
-
end
|
355
|
-
msg = link_issues(text: msg, dependency: dep)
|
356
|
-
msg = fix_relative_links(
|
357
|
-
text: msg,
|
358
|
-
base_url: source_url(dep) + "/blob/HEAD/"
|
359
|
-
)
|
360
|
-
msg = sanitize_template_tags(msg)
|
361
|
-
msg = sanitize_links_and_mentions(msg)
|
362
|
-
|
363
|
-
build_details_tag(summary: "Release notes", body: msg)
|
364
|
-
end
|
365
|
-
|
366
|
-
def changelog_cascade(dep)
|
367
|
-
return "" unless changelog_url(dep) && changelog_text(dep)
|
368
|
-
|
369
|
-
msg = "*Sourced from "\
|
370
|
-
"[#{dep.display_name}'s changelog](#{changelog_url(dep)}).*\n\n"
|
371
|
-
msg +=
|
372
|
-
begin
|
373
|
-
changelog_lines = changelog_text(dep).split("\n").first(50)
|
374
|
-
changelog_lines = changelog_lines.map { |line| "> #{line}\n" }
|
375
|
-
changelog_lines << truncated_line if changelog_lines.count == 50
|
376
|
-
changelog_lines.join
|
377
|
-
end
|
378
|
-
msg = link_issues(text: msg, dependency: dep)
|
379
|
-
msg = fix_relative_links(text: msg, base_url: changelog_url(dep))
|
380
|
-
msg = sanitize_template_tags(msg)
|
381
|
-
msg = sanitize_links_and_mentions(msg)
|
382
|
-
|
383
|
-
build_details_tag(summary: "Changelog", body: msg)
|
384
|
-
end
|
385
|
-
|
386
|
-
def upgrade_guide_cascade(dep)
|
387
|
-
return "" unless upgrade_url(dep) && upgrade_text(dep)
|
388
|
-
|
389
|
-
msg = "*Sourced from "\
|
390
|
-
"[#{dep.display_name}'s upgrade guide]"\
|
391
|
-
"(#{upgrade_url(dep)}).*\n\n"
|
392
|
-
msg +=
|
393
|
-
begin
|
394
|
-
upgrade_lines = upgrade_text(dep).split("\n").first(50)
|
395
|
-
upgrade_lines = upgrade_lines.map { |line| "> #{line}\n" }
|
396
|
-
upgrade_lines << truncated_line if upgrade_lines.count == 50
|
397
|
-
upgrade_lines.join
|
398
|
-
end
|
399
|
-
msg = link_issues(text: msg, dependency: dep)
|
400
|
-
msg = fix_relative_links(text: msg, base_url: upgrade_url(dep))
|
401
|
-
msg = sanitize_template_tags(msg)
|
402
|
-
msg = sanitize_links_and_mentions(msg)
|
403
|
-
|
404
|
-
build_details_tag(summary: "Upgrade guide", body: msg)
|
405
|
-
end
|
406
|
-
|
407
|
-
def commits_cascade(dep)
|
408
|
-
return "" unless commits_url(dep) && commits(dep)
|
409
|
-
|
410
|
-
msg = ""
|
411
|
-
|
412
|
-
commits(dep).reverse.first(10).each do |commit|
|
413
|
-
title = commit[:message].strip.split("\n").first
|
414
|
-
title = title.slice(0..76) + "..." if title && title.length > 80
|
415
|
-
title = title&.gsub(/(?<=[^\w.-])([_*`~])/, '\\1')
|
416
|
-
sha = commit[:sha][0, 7]
|
417
|
-
msg += "- [`#{sha}`](#{commit[:html_url]}) #{title}\n"
|
418
|
-
end
|
419
|
-
|
420
|
-
msg = msg.gsub(/\<.*?\>/) { |tag| "\\#{tag}" }
|
421
|
-
|
422
|
-
msg +=
|
423
|
-
if commits(dep).count > 10
|
424
|
-
"- Additional commits viewable in "\
|
425
|
-
"[compare view](#{commits_url(dep)})\n"
|
426
|
-
else
|
427
|
-
"- See full diff in [compare view](#{commits_url(dep)})\n"
|
428
|
-
end
|
429
|
-
msg = link_issues(text: msg, dependency: dep)
|
430
|
-
msg = sanitize_links_and_mentions(msg)
|
431
|
-
|
432
|
-
build_details_tag(summary: "Commits", body: msg)
|
433
|
-
end
|
434
|
-
|
435
|
-
def maintainer_changes_cascade(dep)
|
436
|
-
return "" unless maintainer_changes(dep)
|
437
|
-
|
438
|
-
build_details_tag(
|
439
|
-
summary: "Maintainer changes",
|
440
|
-
body: sanitize_links_and_mentions(maintainer_changes(dep)) + "\n"
|
441
|
-
)
|
442
|
-
end
|
443
|
-
|
444
|
-
def build_details_tag(summary:, body:)
|
445
|
-
# Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
|
446
|
-
# CodeCommit does not support the <details> tag (no url available)
|
447
|
-
if source_provider_supports_html?
|
448
|
-
msg = "<details>\n<summary>#{summary}</summary>\n\n"
|
449
|
-
msg += body
|
450
|
-
msg + "</details>\n"
|
451
|
-
else
|
452
|
-
"\n\##{summary}\n\n#{body}"
|
453
|
-
end
|
454
|
-
end
|
455
|
-
|
456
|
-
def source_provider_supports_html?
|
457
|
-
!%w(azure codecommit).include?(source.provider)
|
458
|
-
end
|
459
|
-
|
460
|
-
def serialized_vulnerability_details(details)
|
461
|
-
msg = vulnerability_source_line(details)
|
462
|
-
|
463
|
-
if details["title"]
|
464
|
-
msg += "> **#{details['title'].lines.map(&:strip).join(' ')}**\n"
|
465
|
-
end
|
466
|
-
|
467
|
-
if (description = details["description"])
|
468
|
-
description.strip.lines.first(20).each { |line| msg += "> #{line}" }
|
469
|
-
msg += truncated_line if description.strip.lines.count > 20
|
470
|
-
end
|
471
|
-
|
472
|
-
msg += "\n" unless msg.end_with?("\n")
|
473
|
-
msg += "> \n"
|
474
|
-
msg += vulnerability_version_range_lines(details)
|
475
|
-
msg + "\n"
|
476
|
-
end
|
477
|
-
|
478
|
-
def vulnerability_source_line(details)
|
479
|
-
if details["source_url"] && details["source_name"]
|
480
|
-
"*Sourced from [#{details['source_name']}]"\
|
481
|
-
"(#{details['source_url']}).*\n\n"
|
482
|
-
elsif details["source_name"]
|
483
|
-
"*Sourced from #{details['source_name']}.*\n\n"
|
484
|
-
else
|
485
|
-
""
|
486
|
-
end
|
487
|
-
end
|
488
|
-
|
489
|
-
def vulnerability_version_range_lines(details)
|
490
|
-
msg = ""
|
491
|
-
%w(patched_versions unaffected_versions affected_versions).each do |tp|
|
492
|
-
type = tp.split("_").first.capitalize
|
493
|
-
next unless details[tp]
|
494
|
-
|
495
|
-
versions_string = details[tp].any? ? details[tp].join("; ") : "none"
|
496
|
-
versions_string = versions_string.gsub(/(?<!\\)~/, '\~')
|
497
|
-
msg += "> #{type} versions: #{versions_string}\n"
|
498
|
-
end
|
499
|
-
msg
|
500
|
-
end
|
501
|
-
|
502
|
-
def truncated_line
|
503
|
-
# Tables can spill out of truncated details, so we close them
|
504
|
-
"></tr></table> ... (truncated)\n"
|
505
|
-
end
|
506
|
-
|
507
|
-
def releases_url(dependency)
|
508
|
-
metadata_finder(dependency).releases_url
|
509
|
-
end
|
510
|
-
|
511
|
-
def releases_text(dependency)
|
512
|
-
metadata_finder(dependency).releases_text
|
513
|
-
end
|
514
|
-
|
515
|
-
def changelog_url(dependency)
|
516
|
-
metadata_finder(dependency).changelog_url
|
517
|
-
end
|
518
|
-
|
519
|
-
def changelog_text(dependency)
|
520
|
-
metadata_finder(dependency).changelog_text
|
521
|
-
end
|
522
|
-
|
523
|
-
def upgrade_url(dependency)
|
524
|
-
metadata_finder(dependency).upgrade_guide_url
|
525
|
-
end
|
526
|
-
|
527
|
-
def upgrade_text(dependency)
|
528
|
-
metadata_finder(dependency).upgrade_guide_text
|
529
|
-
end
|
530
|
-
|
531
|
-
def commits_url(dependency)
|
532
|
-
metadata_finder(dependency).commits_url
|
533
|
-
end
|
534
|
-
|
535
|
-
def commits(dependency)
|
536
|
-
metadata_finder(dependency).commits
|
537
|
-
end
|
538
|
-
|
539
|
-
def maintainer_changes(dependency)
|
540
|
-
metadata_finder(dependency).maintainer_changes
|
316
|
+
def metadata_cascades_for_dep(dependency)
|
317
|
+
MetadataPresenter.new(
|
318
|
+
dependency: dependency,
|
319
|
+
source: source,
|
320
|
+
metadata_finder: metadata_finder(dependency),
|
321
|
+
vulnerabilities_fixed: vulnerabilities_fixed[dependency.name],
|
322
|
+
github_redirection_service: github_redirection_service
|
323
|
+
).to_s
|
541
324
|
end
|
542
325
|
|
543
326
|
def source_url(dependency)
|
544
327
|
metadata_finder(dependency).source_url
|
545
328
|
end
|
546
329
|
|
547
|
-
def homepage_url(dependency)
|
548
|
-
metadata_finder(dependency).homepage_url
|
549
|
-
end
|
550
|
-
|
551
330
|
def metadata_finder(dependency)
|
552
331
|
@metadata_finder ||= {}
|
553
332
|
@metadata_finder[dependency.name] ||=
|
@@ -656,48 +435,6 @@ module Dependabot
|
|
656
435
|
raise "No new requirement!"
|
657
436
|
end
|
658
437
|
|
659
|
-
def link_issues(text:, dependency:)
|
660
|
-
IssueLinker.
|
661
|
-
new(source_url: source_url(dependency)).
|
662
|
-
link_issues(text: text)
|
663
|
-
end
|
664
|
-
|
665
|
-
def fix_relative_links(text:, base_url:)
|
666
|
-
text.gsub(/\[.*?\]\([^)]+\)/) do |link|
|
667
|
-
next link if link.include?("://")
|
668
|
-
|
669
|
-
relative_path = link.match(/\((.*?)\)/).captures.last
|
670
|
-
base = base_url.split("://").last.gsub(%r{[^/]*$}, "")
|
671
|
-
path = File.join(base, relative_path)
|
672
|
-
absolute_path =
|
673
|
-
base_url.sub(
|
674
|
-
%r{(?<=://).*$},
|
675
|
-
Pathname.new(path).cleanpath.to_s
|
676
|
-
)
|
677
|
-
link.gsub(relative_path, absolute_path)
|
678
|
-
end
|
679
|
-
end
|
680
|
-
|
681
|
-
def sanitize_links_and_mentions(text, unsafe: false)
|
682
|
-
return text unless source.provider == "github"
|
683
|
-
|
684
|
-
LinkAndMentionSanitizer.
|
685
|
-
new(github_redirection_service: github_redirection_service).
|
686
|
-
sanitize_links_and_mentions(text: text, unsafe: unsafe)
|
687
|
-
end
|
688
|
-
|
689
|
-
def sanitize_template_tags(text)
|
690
|
-
text.gsub(/\<.*?\>/) do |tag|
|
691
|
-
tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
|
692
|
-
|
693
|
-
# Unclosed calls to template overflow out of the blockquote block,
|
694
|
-
# wrecking the rest of our PRs. Other tags don't share this problem.
|
695
|
-
next "\\#{tag}" if tag_contents.start_with?("template")
|
696
|
-
|
697
|
-
tag
|
698
|
-
end
|
699
|
-
end
|
700
|
-
|
701
438
|
def ref_changed?(dependency)
|
702
439
|
previous_ref(dependency) != new_ref(dependency)
|
703
440
|
end
|
@@ -0,0 +1,283 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "dependabot/pull_request_creator/message_builder"
|
4
|
+
|
5
|
+
module Dependabot
|
6
|
+
class PullRequestCreator
|
7
|
+
class MessageBuilder
|
8
|
+
class MetadataPresenter
|
9
|
+
extend Forwardable
|
10
|
+
|
11
|
+
attr_reader :dependency, :source, :metadata_finder,
|
12
|
+
:vulnerabilities_fixed, :github_redirection_service
|
13
|
+
|
14
|
+
def_delegators :metadata_finder,
|
15
|
+
:changelog_url,
|
16
|
+
:changelog_text,
|
17
|
+
:commits_url,
|
18
|
+
:commits,
|
19
|
+
:maintainer_changes,
|
20
|
+
:releases_url,
|
21
|
+
:releases_text,
|
22
|
+
:source_url,
|
23
|
+
:upgrade_guide_url,
|
24
|
+
:upgrade_guide_text
|
25
|
+
|
26
|
+
def initialize(dependency:, source:, metadata_finder:,
|
27
|
+
vulnerabilities_fixed:, github_redirection_service:)
|
28
|
+
@dependency = dependency
|
29
|
+
@source = source
|
30
|
+
@metadata_finder = metadata_finder
|
31
|
+
@vulnerabilities_fixed = vulnerabilities_fixed
|
32
|
+
@github_redirection_service = github_redirection_service
|
33
|
+
end
|
34
|
+
|
35
|
+
def to_s
|
36
|
+
msg = ""
|
37
|
+
msg += vulnerabilities_cascade
|
38
|
+
msg += release_cascade
|
39
|
+
msg += changelog_cascade
|
40
|
+
msg += upgrade_guide_cascade
|
41
|
+
msg += commits_cascade
|
42
|
+
msg += maintainer_changes_cascade
|
43
|
+
msg += break_tag unless msg == ""
|
44
|
+
"\n" + sanitize_links_and_mentions(msg, unsafe: true)
|
45
|
+
end
|
46
|
+
|
47
|
+
private
|
48
|
+
|
49
|
+
def vulnerabilities_cascade
|
50
|
+
return "" unless vulnerabilities_fixed&.any?
|
51
|
+
|
52
|
+
msg = ""
|
53
|
+
vulnerabilities_fixed.each do |v|
|
54
|
+
msg += serialized_vulnerability_details(v)
|
55
|
+
end
|
56
|
+
|
57
|
+
msg = sanitize_template_tags(msg)
|
58
|
+
msg = sanitize_links_and_mentions(msg)
|
59
|
+
|
60
|
+
build_details_tag(summary: "Vulnerabilities fixed", body: msg)
|
61
|
+
end
|
62
|
+
|
63
|
+
def release_cascade
|
64
|
+
return "" unless releases_text && releases_url
|
65
|
+
|
66
|
+
msg = "*Sourced from [#{dependency.display_name}'s releases]"\
|
67
|
+
"(#{releases_url}).*\n\n"
|
68
|
+
msg +=
|
69
|
+
begin
|
70
|
+
release_note_lines = releases_text.split("\n").first(50)
|
71
|
+
release_note_lines =
|
72
|
+
release_note_lines.map { |line| "> #{line}\n" }
|
73
|
+
if release_note_lines.count == 50
|
74
|
+
release_note_lines << truncated_line
|
75
|
+
end
|
76
|
+
release_note_lines.join
|
77
|
+
end
|
78
|
+
msg = link_issues(text: msg)
|
79
|
+
msg = fix_relative_links(
|
80
|
+
text: msg,
|
81
|
+
base_url: source_url + "/blob/HEAD/"
|
82
|
+
)
|
83
|
+
msg = sanitize_template_tags(msg)
|
84
|
+
msg = sanitize_links_and_mentions(msg)
|
85
|
+
|
86
|
+
build_details_tag(summary: "Release notes", body: msg)
|
87
|
+
end
|
88
|
+
|
89
|
+
def changelog_cascade
|
90
|
+
return "" unless changelog_url && changelog_text
|
91
|
+
|
92
|
+
msg = "*Sourced from "\
|
93
|
+
"[#{dependency.display_name}'s changelog]"\
|
94
|
+
"(#{changelog_url}).*\n\n"
|
95
|
+
msg +=
|
96
|
+
begin
|
97
|
+
changelog_lines = changelog_text.split("\n").first(50)
|
98
|
+
changelog_lines = changelog_lines.map { |line| "> #{line}\n" }
|
99
|
+
changelog_lines << truncated_line if changelog_lines.count == 50
|
100
|
+
changelog_lines.join
|
101
|
+
end
|
102
|
+
msg = link_issues(text: msg)
|
103
|
+
msg = fix_relative_links(text: msg, base_url: changelog_url)
|
104
|
+
msg = sanitize_template_tags(msg)
|
105
|
+
msg = sanitize_links_and_mentions(msg)
|
106
|
+
|
107
|
+
build_details_tag(summary: "Changelog", body: msg)
|
108
|
+
end
|
109
|
+
|
110
|
+
def upgrade_guide_cascade
|
111
|
+
return "" unless upgrade_guide_url && upgrade_guide_text
|
112
|
+
|
113
|
+
msg = "*Sourced from "\
|
114
|
+
"[#{dependency.display_name}'s upgrade guide]"\
|
115
|
+
"(#{upgrade_guide_url}).*\n\n"
|
116
|
+
msg +=
|
117
|
+
begin
|
118
|
+
upgrade_lines = upgrade_guide_text.split("\n").first(50)
|
119
|
+
upgrade_lines = upgrade_lines.map { |line| "> #{line}\n" }
|
120
|
+
upgrade_lines << truncated_line if upgrade_lines.count == 50
|
121
|
+
upgrade_lines.join
|
122
|
+
end
|
123
|
+
msg = link_issues(text: msg)
|
124
|
+
msg = fix_relative_links(text: msg, base_url: upgrade_guide_url)
|
125
|
+
msg = sanitize_template_tags(msg)
|
126
|
+
msg = sanitize_links_and_mentions(msg)
|
127
|
+
|
128
|
+
build_details_tag(summary: "Upgrade guide", body: msg)
|
129
|
+
end
|
130
|
+
|
131
|
+
def commits_cascade
|
132
|
+
return "" unless commits_url && commits
|
133
|
+
|
134
|
+
msg = ""
|
135
|
+
|
136
|
+
commits.reverse.first(10).each do |commit|
|
137
|
+
title = commit[:message].strip.split("\n").first
|
138
|
+
title = title.slice(0..76) + "..." if title && title.length > 80
|
139
|
+
title = title&.gsub(/(?<=[^\w.-])([_*`~])/, '\\1')
|
140
|
+
sha = commit[:sha][0, 7]
|
141
|
+
msg += "- [`#{sha}`](#{commit[:html_url]}) #{title}\n"
|
142
|
+
end
|
143
|
+
|
144
|
+
msg = msg.gsub(/\<.*?\>/) { |tag| "\\#{tag}" }
|
145
|
+
|
146
|
+
msg +=
|
147
|
+
if commits.count > 10
|
148
|
+
"- Additional commits viewable in "\
|
149
|
+
"[compare view](#{commits_url})\n"
|
150
|
+
else
|
151
|
+
"- See full diff in [compare view](#{commits_url})\n"
|
152
|
+
end
|
153
|
+
msg = link_issues(text: msg)
|
154
|
+
msg = sanitize_links_and_mentions(msg)
|
155
|
+
|
156
|
+
build_details_tag(summary: "Commits", body: msg)
|
157
|
+
end
|
158
|
+
|
159
|
+
def maintainer_changes_cascade
|
160
|
+
return "" unless maintainer_changes
|
161
|
+
|
162
|
+
build_details_tag(
|
163
|
+
summary: "Maintainer changes",
|
164
|
+
body: sanitize_links_and_mentions(maintainer_changes) + "\n"
|
165
|
+
)
|
166
|
+
end
|
167
|
+
|
168
|
+
def build_details_tag(summary:, body:)
|
169
|
+
# Azure DevOps does not support <details> tag (https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html)
|
170
|
+
# CodeCommit does not support the <details> tag (no url available)
|
171
|
+
if source_provider_supports_html?
|
172
|
+
msg = "<details>\n<summary>#{summary}</summary>\n\n"
|
173
|
+
msg += body
|
174
|
+
msg + "</details>\n"
|
175
|
+
else
|
176
|
+
"\n\##{summary}\n\n#{body}"
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
def serialized_vulnerability_details(details)
|
181
|
+
msg = vulnerability_source_line(details)
|
182
|
+
|
183
|
+
if details["title"]
|
184
|
+
msg += "> **#{details['title'].lines.map(&:strip).join(' ')}**\n"
|
185
|
+
end
|
186
|
+
|
187
|
+
if (description = details["description"])
|
188
|
+
description.strip.lines.first(20).each { |line| msg += "> #{line}" }
|
189
|
+
msg += truncated_line if description.strip.lines.count > 20
|
190
|
+
end
|
191
|
+
|
192
|
+
msg += "\n" unless msg.end_with?("\n")
|
193
|
+
msg += "> \n"
|
194
|
+
msg += vulnerability_version_range_lines(details)
|
195
|
+
msg + "\n"
|
196
|
+
end
|
197
|
+
|
198
|
+
def vulnerability_source_line(details)
|
199
|
+
if details["source_url"] && details["source_name"]
|
200
|
+
"*Sourced from [#{details['source_name']}]"\
|
201
|
+
"(#{details['source_url']}).*\n\n"
|
202
|
+
elsif details["source_name"]
|
203
|
+
"*Sourced from #{details['source_name']}.*\n\n"
|
204
|
+
else
|
205
|
+
""
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
def vulnerability_version_range_lines(details)
|
210
|
+
msg = ""
|
211
|
+
%w(
|
212
|
+
patched_versions
|
213
|
+
unaffected_versions
|
214
|
+
affected_versions
|
215
|
+
).each do |tp|
|
216
|
+
type = tp.split("_").first.capitalize
|
217
|
+
next unless details[tp]
|
218
|
+
|
219
|
+
versions_string = details[tp].any? ? details[tp].join("; ") : "none"
|
220
|
+
versions_string = versions_string.gsub(/(?<!\\)~/, '\~')
|
221
|
+
msg += "> #{type} versions: #{versions_string}\n"
|
222
|
+
end
|
223
|
+
msg
|
224
|
+
end
|
225
|
+
|
226
|
+
def link_issues(text:)
|
227
|
+
IssueLinker.
|
228
|
+
new(source_url: source_url).
|
229
|
+
link_issues(text: text)
|
230
|
+
end
|
231
|
+
|
232
|
+
def fix_relative_links(text:, base_url:)
|
233
|
+
text.gsub(/\[.*?\]\([^)]+\)/) do |link|
|
234
|
+
next link if link.include?("://")
|
235
|
+
|
236
|
+
relative_path = link.match(/\((.*?)\)/).captures.last
|
237
|
+
base = base_url.split("://").last.gsub(%r{[^/]*$}, "")
|
238
|
+
path = File.join(base, relative_path)
|
239
|
+
absolute_path =
|
240
|
+
base_url.sub(
|
241
|
+
%r{(?<=://).*$},
|
242
|
+
Pathname.new(path).cleanpath.to_s
|
243
|
+
)
|
244
|
+
link.gsub(relative_path, absolute_path)
|
245
|
+
end
|
246
|
+
end
|
247
|
+
|
248
|
+
def truncated_line
|
249
|
+
# Tables can spill out of truncated details, so we close them
|
250
|
+
"></tr></table> \n ... (truncated)\n"
|
251
|
+
end
|
252
|
+
|
253
|
+
def break_tag
|
254
|
+
source_provider_supports_html? ? "\n<br />" : "\n\n"
|
255
|
+
end
|
256
|
+
|
257
|
+
def source_provider_supports_html?
|
258
|
+
!%w(azure codecommit).include?(source.provider)
|
259
|
+
end
|
260
|
+
|
261
|
+
def sanitize_links_and_mentions(text, unsafe: false)
|
262
|
+
return text unless source.provider == "github"
|
263
|
+
|
264
|
+
LinkAndMentionSanitizer.
|
265
|
+
new(github_redirection_service: github_redirection_service).
|
266
|
+
sanitize_links_and_mentions(text: text, unsafe: unsafe)
|
267
|
+
end
|
268
|
+
|
269
|
+
def sanitize_template_tags(text)
|
270
|
+
text.gsub(/\<.*?\>/) do |tag|
|
271
|
+
tag_contents = tag.match(/\<(.*?)\>/).captures.first.strip
|
272
|
+
|
273
|
+
# Unclosed calls to template overflow out of the blockquote block,
|
274
|
+
# wrecking the rest of our PRs. Other tags don't share this problem.
|
275
|
+
next "\\#{tag}" if tag_contents.start_with?("template")
|
276
|
+
|
277
|
+
tag
|
278
|
+
end
|
279
|
+
end
|
280
|
+
end
|
281
|
+
end
|
282
|
+
end
|
283
|
+
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.119.
|
4
|
+
version: 0.119.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-09-
|
11
|
+
date: 2020-09-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -376,6 +376,7 @@ files:
|
|
376
376
|
- lib/dependabot/pull_request_creator/message_builder.rb
|
377
377
|
- lib/dependabot/pull_request_creator/message_builder/issue_linker.rb
|
378
378
|
- lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb
|
379
|
+
- lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb
|
379
380
|
- lib/dependabot/pull_request_creator/pr_name_prefixer.rb
|
380
381
|
- lib/dependabot/pull_request_updater.rb
|
381
382
|
- lib/dependabot/pull_request_updater/github.rb
|