dependabot-common 0.125.0 → 0.125.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e489f6c5c7b1d69d80357335298b9f9fcc3b7e2d0055a93b598efe2988694574
4
- data.tar.gz: ed57cd62c40ba0180c679c83ba7998ffc37c2762abd909b1b7f49b6a396d52c6
3
+ metadata.gz: 5cea5014538128815ea1ee0d391d71280e703663a69dad5ee6a9f8c30059b33d
4
+ data.tar.gz: d12e2a67cc6b8aea8b95be0ac1908941464ae5fb77b15ee94fff757a80bf6675
5
5
  SHA512:
6
- metadata.gz: 858eda286ffc2e3874ddb279b692774566f3016566265896a21620bed3d2a0da44917ccf554f01d7902bbd28b4399e47fcb89a64f1212351cc82a1f9dc8417be
7
- data.tar.gz: dc2e6cc12d8890d3c4646e8757239d452ca3ab478599fa8438b73eaf8cce816bdc4402dcac640fe425689c7a0e0f72b20516be01ba1d37b826f75d54058a1e11
6
+ metadata.gz: 766afa6f3226f4ebbf46a3a9e6b14eb3c2b9d28da0a24e1b5a0ad4f3c6e6e7e01047c1902d070cbbbf007ba0b963c282ec17baf98618634befe3e2ffdde5f67d
7
+ data.tar.gz: 01a5c62d6ee5ee5a5462625af55f4df60d480f3f9a642668aa16173be7a1af013e85b11ba13443ce6614cc76a60d2f18b34b5edc3c1415e9a22e39a927e980e7
@@ -95,9 +95,7 @@ module Dependabot
95
95
  "/_apis/git/repositories/" + source.unscoped_repo +
96
96
  "/commits"
97
97
 
98
- unless branch_name.to_s.empty?
99
- commits_url += "?searchCriteria.itemVersion.version=" + branch_name
100
- end
98
+ commits_url += "?searchCriteria.itemVersion.version=" + branch_name unless branch_name.to_s.empty?
101
99
 
102
100
  response = get(commits_url)
103
101
 
@@ -113,9 +113,7 @@ module Dependabot
113
113
  def load_cloned_file_if_present(filename)
114
114
  path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
115
115
  repo_path = File.join(clone_repo_contents, path)
116
- unless File.exist?(repo_path)
117
- raise Dependabot::DependencyFileNotFound, path
118
- end
116
+ raise Dependabot::DependencyFileNotFound, path unless File.exist?(repo_path)
119
117
 
120
118
  content = File.read(repo_path)
121
119
  type = if File.symlink?(repo_path)
@@ -135,9 +133,7 @@ module Dependabot
135
133
  end
136
134
 
137
135
  def fetch_file_from_host(filename, type: "file", fetch_submodules: false)
138
- unless repo_contents_path.nil?
139
- return load_cloned_file_if_present(filename)
140
- end
136
+ return load_cloned_file_if_present(filename) unless repo_contents_path.nil?
141
137
 
142
138
  path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
143
139
  content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
@@ -480,10 +476,10 @@ module Dependabot
480
476
  return path if Dir.exist?(File.join(path, ".git"))
481
477
 
482
478
  FileUtils.mkdir_p(path)
483
- br_opt = " --branch=#{source.branch} --single-branch" if source.branch
479
+ br_opt = " --branch #{source.branch} --single-branch" if source.branch
484
480
  SharedHelpers.run_shell_command(
485
481
  <<~CMD
486
- git clone --no-tags --no-recurse-submodules --depth=1#{br_opt} #{source.url} #{path}
482
+ git clone --no-tags --no-recurse-submodules --depth 1#{br_opt} #{source.url} #{path}
487
483
  CMD
488
484
  )
489
485
  path
@@ -21,9 +21,7 @@ module Dependabot
21
21
  attr_reader :dependencies
22
22
 
23
23
  def <<(dep)
24
- unless dep.is_a?(Dependency)
25
- raise ArgumentError, "must be a Dependency object"
26
- end
24
+ raise ArgumentError, "must be a Dependency object" unless dep.is_a?(Dependency)
27
25
 
28
26
  existing_dependency = dependency_for_name(dep.name)
29
27
 
@@ -40,9 +38,7 @@ module Dependabot
40
38
  end
41
39
 
42
40
  def +(other)
43
- unless other.is_a?(DependencySet)
44
- raise ArgumentError, "must be a DependencySet"
45
- end
41
+ raise ArgumentError, "must be a DependencySet" unless other.is_a?(DependencySet)
46
42
 
47
43
  other.dependencies.each { |dep| self << dep }
48
44
  self
@@ -23,7 +23,7 @@ module Dependabot
23
23
  )
24
24
 
25
25
  status = SharedHelpers.run_shell_command(
26
- "git status --untracked-files=all --porcelain=v1 #{relative_dir}"
26
+ "git status --untracked-files all --porcelain v1 #{relative_dir}"
27
27
  )
28
28
  changed_paths = status.split("\n").map { |l| l.split(" ") }
29
29
  changed_paths.map do |type, path|
@@ -93,9 +93,7 @@ module Dependabot
93
93
  select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
94
94
  filtered = tags.
95
95
  reject { |t| tag_included_in_ignore_reqs?(t) }
96
- if @raise_on_ignored && tags.any? && filtered.empty?
97
- raise Dependabot::AllVersionsIgnored
98
- end
96
+ raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
99
97
 
100
98
  tag = filtered.
101
99
  reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
@@ -52,13 +52,9 @@ module Dependabot
52
52
  response = fetch_raw_upload_pack_for(uri)
53
53
  return response.body if response.status == 200
54
54
 
55
- unless uri.match?(KNOWN_HOSTS)
56
- raise Dependabot::GitDependenciesNotReachable, [uri]
57
- end
55
+ raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
58
56
 
59
- if response.status < 400
60
- raise "Unexpected response: #{response.status} - #{response.body}"
61
- end
57
+ raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
62
58
 
63
59
  if uri.match?(/github\.com/i)
64
60
  response = response.data
@@ -100,9 +100,7 @@ module Dependabot
100
100
  # rubocop:enable Metrics/PerceivedComplexity
101
101
 
102
102
  def changelog_from_suggested_url
103
- if defined?(@changelog_from_suggested_url)
104
- return @changelog_from_suggested_url
105
- end
103
+ return @changelog_from_suggested_url if defined?(@changelog_from_suggested_url)
106
104
  return unless suggested_changelog_url
107
105
 
108
106
  # TODO: Support other providers
@@ -51,9 +51,7 @@ module Dependabot
51
51
  def new_tag
52
52
  new_version = dependency.version
53
53
 
54
- if git_source?(dependency.requirements) && git_sha?(new_version)
55
- return new_version
56
- end
54
+ return new_version if git_source?(dependency.requirements) && git_sha?(new_version)
57
55
 
58
56
  return new_ref if new_ref && ref_changed?
59
57
 
@@ -98,9 +96,7 @@ module Dependabot
98
96
  end
99
97
 
100
98
  def version_from_tag(tag)
101
- if version_class.correct?(tag.gsub(/^v/, ""))
102
- version_class.new(tag.gsub(/^v/, ""))
103
- end
99
+ version_class.new(tag.gsub(/^v/, "")) if version_class.correct?(tag.gsub(/^v/, ""))
104
100
 
105
101
  return unless tag.gsub(/^[^\d]*/, "").length > 1
106
102
  return unless version_class.correct?(tag.gsub(/^[^\d]*/, ""))
@@ -156,9 +152,7 @@ module Dependabot
156
152
  def tag_matches_version?(tag, version)
157
153
  return false unless version
158
154
 
159
- unless version_class.correct?(version)
160
- return tag.match?(/(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/)
161
- end
155
+ return tag.match?(/(?:[^0-9\.]|\A)#{Regexp.escape(version)}\z/) unless version_class.correct?(version)
162
156
 
163
157
  version_regex = GitCommitChecker::VERSION_REGEX
164
158
  return false unless tag.match?(version_regex)
@@ -120,9 +120,7 @@ module Dependabot
120
120
  # Version looks like a git SHA and we could be updating to a specific
121
121
  # ref in which case we return that otherwise we return a shorthand sha
122
122
  if dependency.version.match?(/^[0-9a-f]{40}$/)
123
- if ref_changed?(dependency) && new_ref(dependency)
124
- return new_ref(dependency)
125
- end
123
+ return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
126
124
 
127
125
  dependency.version[0..6]
128
126
  elsif dependency.version == dependency.previous_version &&
@@ -443,9 +443,7 @@ module Dependabot
443
443
 
444
444
  raise_custom_error err, RepoNotFound, err.message
445
445
  when Octokit::UnprocessableEntity
446
- if err.message.include?("no history in common")
447
- raise_custom_error err, NoHistoryInCommon, err.message
448
- end
446
+ raise_custom_error err, NoHistoryInCommon, err.message if err.message.include?("no history in common")
449
447
 
450
448
  raise err
451
449
  else
@@ -92,9 +92,7 @@ module Dependabot
92
92
  end
93
93
 
94
94
  def create_commit
95
- if files.count == 1 && files.first.type == "submodule"
96
- return create_submodule_update_commit
97
- end
95
+ return create_submodule_update_commit if files.count == 1 && files.first.type == "submodule"
98
96
 
99
97
  actions = files.map do |file|
100
98
  if file.type == "symlink"
@@ -169,13 +169,9 @@ module Dependabot
169
169
 
170
170
  # rubocop:disable Metrics/PerceivedComplexity
171
171
  def version_commit_message_intro
172
- if dependencies.count > 1 && updating_a_property?
173
- return multidependency_property_intro
174
- end
172
+ return multidependency_property_intro if dependencies.count > 1 && updating_a_property?
175
173
 
176
- if dependencies.count > 1 && updating_a_dependency_set?
177
- return dependency_set_intro
178
- end
174
+ return dependency_set_intro if dependencies.count > 1 && updating_a_dependency_set?
179
175
 
180
176
  return multidependency_intro if dependencies.count > 1
181
177
 
@@ -184,9 +180,7 @@ module Dependabot
184
180
  "#{from_version_msg(previous_version(dependency))}"\
185
181
  "to #{new_version(dependency)}."
186
182
 
187
- if switching_from_ref_to_release?(dependency)
188
- msg += " This release includes the previously tagged commit."
189
- end
183
+ msg += " This release includes the previously tagged commit." if switching_from_ref_to_release?(dependency)
190
184
 
191
185
  if vulnerabilities_fixed[dependency.name]&.one?
192
186
  msg += " **This update includes a security fix.**"
@@ -272,9 +266,7 @@ module Dependabot
272
266
  end
273
267
 
274
268
  def metadata_links
275
- if dependencies.count == 1
276
- return metadata_links_for_dep(dependencies.first)
277
- end
269
+ return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
278
270
 
279
271
  dependencies.map do |dep|
280
272
  "\n\nUpdates `#{dep.display_name}` "\
@@ -294,9 +286,7 @@ module Dependabot
294
286
  end
295
287
 
296
288
  def metadata_cascades
297
- if dependencies.one?
298
- return metadata_cascades_for_dep(dependencies.first)
299
- end
289
+ return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
300
290
 
301
291
  dependencies.map do |dep|
302
292
  msg = "\nUpdates `#{dep.display_name}` "\
@@ -375,9 +365,7 @@ module Dependabot
375
365
  end
376
366
 
377
367
  if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
378
- if ref_changed?(dependency) && previous_ref(dependency)
379
- return previous_ref(dependency)
380
- end
368
+ return previous_ref(dependency) if ref_changed?(dependency) && previous_ref(dependency)
381
369
 
382
370
  "`#{dependency.previous_version[0..6]}`"
383
371
  elsif dependency.version == dependency.previous_version &&
@@ -391,9 +379,7 @@ module Dependabot
391
379
 
392
380
  def new_version(dependency)
393
381
  if dependency.version.match?(/^[0-9a-f]{40}$/)
394
- if ref_changed?(dependency) && new_ref(dependency)
395
- return new_ref(dependency)
396
- end
382
+ return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
397
383
 
398
384
  "`#{dependency.version[0..6]}`"
399
385
  elsif dependency.version == dependency.previous_version &&
@@ -448,9 +434,7 @@ module Dependabot
448
434
 
449
435
  req = updated_reqs.first.fetch(:requirement)
450
436
  return req if req
451
- if ref_changed?(dependency) && new_ref(dependency)
452
- return new_ref(dependency)
453
- end
437
+ return new_ref(dependency) if ref_changed?(dependency) && new_ref(dependency)
454
438
 
455
439
  raise "No new requirement!"
456
440
  end
@@ -159,9 +159,7 @@ module Dependabot
159
159
  def serialized_vulnerability_details(details)
160
160
  msg = vulnerability_source_line(details)
161
161
 
162
- if details["title"]
163
- msg += "> **#{details['title'].lines.map(&:strip).join(' ')}**\n"
164
- end
162
+ msg += "> **#{details['title'].lines.map(&:strip).join(' ')}**\n" if details["title"]
165
163
 
166
164
  if (description = details["description"])
167
165
  description.strip.lines.first(20).each { |line| msg += "> #{line}" }
@@ -42,13 +42,9 @@ module Dependabot
42
42
  end
43
43
 
44
44
  def capitalize_first_word?
45
- if commit_message_options.key?(:prefix)
46
- return !commit_message_options[:prefix]&.strip&.match?(/\A[a-z]/)
47
- end
45
+ return !commit_message_options[:prefix]&.strip&.match?(/\A[a-z]/) if commit_message_options.key?(:prefix)
48
46
 
49
- if last_dependabot_commit_style
50
- return capitalise_first_word_from_last_dependabot_commit_style
51
- end
47
+ return capitalise_first_word_from_last_dependabot_commit_style if last_dependabot_commit_style
52
48
 
53
49
  capitalise_first_word_from_previous_commits
54
50
  end
@@ -63,15 +59,11 @@ module Dependabot
63
59
 
64
60
  def commit_prefix
65
61
  # If a preferred prefix has been explicitly provided, use it
66
- if commit_message_options.key?(:prefix)
67
- return prefix_from_explicitly_provided_details
68
- end
62
+ return prefix_from_explicitly_provided_details if commit_message_options.key?(:prefix)
69
63
 
70
64
  # Otherwise, if there is a previous Dependabot commit and it used a
71
65
  # known style, use that as our model for subsequent commits
72
- if last_dependabot_commit_style
73
- return prefix_for_last_dependabot_commit_style
74
- end
66
+ return prefix_for_last_dependabot_commit_style if last_dependabot_commit_style
75
67
 
76
68
  # Otherwise we need to detect the user's preferred style from the
77
69
  # existing commits on their repo
@@ -89,9 +81,7 @@ module Dependabot
89
81
  end
90
82
 
91
83
  def explicitly_provided_prefix_string
92
- unless commit_message_options.key?(:prefix)
93
- raise "No explicitly provided prefix!"
94
- end
84
+ raise "No explicitly provided prefix!" unless commit_message_options.key?(:prefix)
95
85
 
96
86
  if dependencies.any?(&:production?)
97
87
  commit_message_options[:prefix].to_s
@@ -181,9 +171,7 @@ module Dependabot
181
171
  end
182
172
 
183
173
  # Definitely not using Angular commits if < 30% match angular commits
184
- if angular_messages.count.to_f / recent_commit_messages.count < 0.3
185
- return false
186
- end
174
+ return false if angular_messages.count.to_f / recent_commit_messages.count < 0.3
187
175
 
188
176
  eslint_only_pres = ESLINT_PREFIXES.map(&:downcase) - ANGULAR_PREFIXES
189
177
  angular_only_pres = ANGULAR_PREFIXES - ESLINT_PREFIXES.map(&:downcase)
@@ -244,9 +232,7 @@ module Dependabot
244
232
  "build"
245
233
  end
246
234
 
247
- if capitalize_angular_commit_prefix?
248
- commit_prefix = commit_prefix.capitalize
249
- end
235
+ commit_prefix = commit_prefix.capitalize if capitalize_angular_commit_prefix?
250
236
 
251
237
  commit_prefix
252
238
  end
@@ -256,9 +242,7 @@ module Dependabot
256
242
  ANGULAR_PREFIXES.any? { |pre| message.match?(/#{pre}[:(]/i) }
257
243
  end
258
244
 
259
- if semantic_messages.none?
260
- return last_dependabot_commit_message&.start_with?(/[A-Z]/)
261
- end
245
+ return last_dependabot_commit_message&.start_with?(/[A-Z]/) if semantic_messages.none?
262
246
 
263
247
  capitalized_msgs = semantic_messages.
264
248
  select { |m| m.start_with?(/[A-Z]/) }
@@ -85,10 +85,10 @@ module Dependabot
85
85
 
86
86
  def self.run_helper_subprocess(command:, function:, args:, env: nil,
87
87
  stderr_to_stdout: false,
88
- escape_command_str: true)
88
+ allow_unsafe_shell_command: false)
89
89
  start = Time.now
90
90
  stdin_data = JSON.dump(function: function, args: args)
91
- cmd = escape_command_str ? escape_command(command) : command
91
+ cmd = allow_unsafe_shell_command ? command : escape_command(command)
92
92
  env_cmd = [env, cmd].compact
93
93
  stdout, stderr, process = Open3.capture3(*env_cmd, stdin_data: stdin_data)
94
94
  time_taken = Time.now - start
@@ -176,15 +176,23 @@ module Dependabot
176
176
  # Note: we use --global here (rather than --system) so that Dependabot
177
177
  # can be run without privileged access
178
178
  run_shell_command(
179
- 'git config --global --replace-all url."https://github.com/".'\
180
- "insteadOf ssh://git@github.com/ && "\
181
- 'git config --global --add url."https://github.com/".'\
182
- "insteadOf ssh://git@github.com: && "\
183
- 'git config --global --add url."https://github.com/".'\
184
- "insteadOf git@github.com: && "\
185
- 'git config --global --add url."https://github.com/".'\
186
- "insteadOf git@github.com/ && "\
187
- 'git config --global --add url."https://github.com/".'\
179
+ "git config --global --replace-all url.https://github.com/."\
180
+ "insteadOf ssh://git@github.com/"
181
+ )
182
+ run_shell_command(
183
+ "git config --global --add url.https://github.com/."\
184
+ "insteadOf ssh://git@github.com:"
185
+ )
186
+ run_shell_command(
187
+ "git config --global --add url.https://github.com/."\
188
+ "insteadOf git@github.com:"
189
+ )
190
+ run_shell_command(
191
+ "git config --global --add url.https://github.com/."\
192
+ "insteadOf git@github.com/"
193
+ )
194
+ run_shell_command(
195
+ "git config --global --add url.https://github.com/."\
188
196
  "insteadOf git://github.com/"
189
197
  )
190
198
  end
@@ -199,7 +207,8 @@ module Dependabot
199
207
  File.join(__dir__, "../../bin/git-credential-store-immutable")
200
208
  run_shell_command(
201
209
  "git config --global credential.helper "\
202
- "'!#{credential_helper_path} --file=#{Dir.pwd}/git.store'"
210
+ "'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
211
+ allow_unsafe_shell_command: true
203
212
  )
204
213
 
205
214
  github_credentials = credentials.
@@ -237,7 +246,8 @@ module Dependabot
237
246
 
238
247
  def self.reset_git_repo(path)
239
248
  Dir.chdir(path) do
240
- run_shell_command("git reset HEAD --hard && git clean -fx")
249
+ run_shell_command("git reset HEAD --hard")
250
+ run_shell_command("git clean -fx")
241
251
  end
242
252
  end
243
253
 
@@ -262,9 +272,10 @@ module Dependabot
262
272
  FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
263
273
  end
264
274
 
265
- def self.run_shell_command(command)
275
+ def self.run_shell_command(command, allow_unsafe_shell_command: false)
266
276
  start = Time.now
267
- stdout, process = Open3.capture2e(command)
277
+ cmd = allow_unsafe_shell_command ? command : escape_command(command)
278
+ stdout, process = Open3.capture2e(cmd)
268
279
  time_taken = Time.now - start
269
280
 
270
281
  # Raise an error with the output from the shell session if the
@@ -272,7 +283,7 @@ module Dependabot
272
283
  return stdout if process.success?
273
284
 
274
285
  error_context = {
275
- command: command,
286
+ command: cmd,
276
287
  time_taken: time_taken,
277
288
  process_exit_value: process.to_s
278
289
  }
@@ -48,9 +48,7 @@ module Dependabot
48
48
  end
49
49
 
50
50
  def updated_dependencies(requirements_to_unlock:)
51
- unless can_update?(requirements_to_unlock: requirements_to_unlock)
52
- return []
53
- end
51
+ return [] unless can_update?(requirements_to_unlock: requirements_to_unlock)
54
52
 
55
53
  case requirements_to_unlock&.to_sym
56
54
  when :none then [updated_dependency_without_unlock]
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.125.0"
4
+ VERSION = "0.125.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot