RubyGems - dependabot-common - Versions diffs - 0.139.0 → 0.139.1 - Mend

dependabot-common 0.139.0 → 0.139.1

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +49 -1
data/lib/dependabot/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de2abf02275016c9c8d0ecd543e0646e08aa6551edec39a6567d8d5ac53af14f
-  data.tar.gz: 5c9e219a03dbdeee3c9d3c8adab6ea0db8bf0c7331749149c43ae846290cc481
+  metadata.gz: 14fda97b138d41cabecc3d42788bb0b4a327de69d04dc23f897daf83b9881df7
+  data.tar.gz: 9f3ee6368d26b56394b10c3dc2c104c316ef56cb4cda642915f8a45da61af116
 SHA512:
-  metadata.gz: 381cf5957178c14ca1654367bac15f3e9626320afead493c142790eb374a593efaa039c512a384c6b749fc8a8fe9956957532d61c7a8c006e65dfb00a6f51b48
-  data.tar.gz: 1e76b8f2721fbc1ceb99a96d06a38d6b4ada860a9daed49e96857c39d1d44351fa4b796d4ce434a3aac9001519147de6add25c06261463d8e5a31bf29fa97bc7
+  metadata.gz: 5a09177d3c27a3c321980a9acf566543ce1ee657300854dc2e7a942de2e1124bea8189bcb54eb459d7e2820dc8745424c3479422ccf772b173db79027ac37567
+  data.tar.gz: c17abdd1331d9ee815a44e77e5de2ea51050c153a00859e411dddc78915c641bb385f2d45e7dd034fd9ea1efd4d82b29cdde4192dfc2efb9c641911472161471

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED Viewed

@@ -15,6 +15,8 @@ module Dependabot
           (?:issue|pull)s?/(?<number>\d+)
         }x.freeze
         MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@#{GITHUB_USERNAME}/?}.freeze
+        # regex to match a team mention on github
+        TEAM_MENTION_REGEX = %r{(?<![A-Za-z0-9`~])@(?<org>#{GITHUB_USERNAME})/(?<team>#{GITHUB_USERNAME})/?}.freeze
         # End of string
         EOS_REGEX = /\z/.freeze
         COMMONMARKER_OPTIONS = %i(
@@ -35,8 +37,10 @@ module Dependabot
             text, :LIBERAL_HTML_TAG, COMMONMARKER_EXTENSIONS
           )
+          sanitize_team_mentions(doc)
           sanitize_mentions(doc)
           sanitize_links(doc)
           mode = unsafe ? :UNSAFE : :DEFAULT
           doc.to_html(([mode] + COMMONMARKER_OPTIONS), COMMONMARKER_EXTENSIONS)
         end
@@ -62,6 +66,26 @@ module Dependabot
           end
         end
+        # When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
+        # we replace it with a text node.
+        # This is because there are ecosystems that have packages that follow the same pattern
+        # (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
+        # team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
+        def sanitize_team_mentions(doc)
+          doc.walk do |node|
+            if node.type == :text &&
+               node.string_content.match?(TEAM_MENTION_REGEX)
+              nodes = build_team_mention_nodes(node.string_content)
+              nodes.each do |n|
+                node.insert_before(n)
+              end
+              node.delete
+            end
+          end
+        end
         def sanitize_links(doc)
           doc.walk do |node|
             if node.type == :link && node.url.match?(GITHUB_REF_REGEX)
@@ -87,7 +111,7 @@ module Dependabot
         def replace_github_host(text)
           text.gsub(
-            "github.com", github_redirection_service || "github.com"
+            /(www\.)?github.com/, github_redirection_service || "github.com"
           )
         end
@@ -117,6 +141,30 @@ module Dependabot
           nodes
         end
+        def build_team_mention_nodes(text)
+          nodes = []
+          scan = StringScanner.new(text)
+          until scan.eos?
+            line = scan.scan_until(TEAM_MENTION_REGEX) ||
+                   scan.scan_until(EOS_REGEX)
+            line_match = line.match(TEAM_MENTION_REGEX)
+            mention = line_match&.to_s
+            text_node = CommonMarker::Node.new(:text)
+            if mention
+              text_node.string_content = line_match.pre_match
+              nodes << text_node
+              nodes += build_mention_link_text_nodes(mention.to_s)
+            else
+              text_node.string_content = line
+              nodes << text_node
+            end
+          end
+          nodes
+        end
         def build_mention_link_text_nodes(text)
           code_node = CommonMarker::Node.new(:code)
           code_node.string_content = insert_zero_width_space_in_mention(text)

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.139.0"
+  VERSION = "0.139.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.139.0
+  version: 0.139.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-30 00:00:00.000000000 Z
+date: 2021-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport