dependabot-common 0.142.1 → 0.143.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config.rb +7 -0
- data/lib/dependabot/config/file.rb +54 -0
- data/lib/dependabot/config/file_fetcher.rb +50 -0
- data/lib/dependabot/config/update_config.rb +49 -0
- data/lib/dependabot/file_fetchers/base.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +5 -5
- data/lib/dependabot/pull_request_creator/branch_namer.rb +13 -12
- data/lib/dependabot/update_checkers/base.rb +5 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +8 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 57330557c4c6b5c67064d741415cf5ec79dcb8f43bf9f3919048a3464260ab3c
|
|
4
|
+
data.tar.gz: c2c2540484356b1beeb3b72dfff70a4d0da24ee20cfbeb4b9c2e465bdd4dc2e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ab1843750e40351dd4a63830cb45e466bda21006140c4b39540010b0cd00e30a09dec6bf08aa744a42e870d2693e09d861aed43b0ec59b0854910f4dfcdbde8f
|
|
7
|
+
data.tar.gz: be02824d97291c474f1074e3070abf82fa1576bc9f5898fea338734bd4f11d811526bccb3888a3a279b893dec717fffe77fd7218b47d0b16025e3e680372109e
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/config/update_config"
|
|
4
|
+
|
|
5
|
+
module Dependabot
|
|
6
|
+
module Config
|
|
7
|
+
# Configuration for the repository, a parsed dependabot.yaml.
|
|
8
|
+
class File
|
|
9
|
+
attr_reader :updates, :registries
|
|
10
|
+
|
|
11
|
+
def initialize(updates:, registries: nil)
|
|
12
|
+
@updates = updates || []
|
|
13
|
+
@registries = registries || []
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def update_config(package_manager, directory: nil, target_branch: nil)
|
|
17
|
+
dir = directory || "/"
|
|
18
|
+
package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
|
|
19
|
+
cfg = updates.find do |u|
|
|
20
|
+
u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
|
|
21
|
+
(target_branch.nil? || u[:"target-branch"] == target_branch)
|
|
22
|
+
end
|
|
23
|
+
Dependabot::Config::UpdateConfig.new(cfg)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
PACKAGE_MANAGER_LOOKUP = {
|
|
27
|
+
"bundler" => "bundler",
|
|
28
|
+
"cargo" => "cargo",
|
|
29
|
+
"composer" => "composer",
|
|
30
|
+
"docker" => "docker",
|
|
31
|
+
"elm" => "elm",
|
|
32
|
+
"github-actions" => "github_actions",
|
|
33
|
+
"gitsubmodule" => "submodules",
|
|
34
|
+
"gomod" => "go_modules",
|
|
35
|
+
"gradle" => "gradle",
|
|
36
|
+
"maven" => "maven",
|
|
37
|
+
"mix" => "hex",
|
|
38
|
+
"nuget" => "nuget",
|
|
39
|
+
"npm" => "npm_and_yarn",
|
|
40
|
+
"pip" => "pip",
|
|
41
|
+
"terraform" => "terraform"
|
|
42
|
+
}.freeze
|
|
43
|
+
|
|
44
|
+
# Parse the YAML config file
|
|
45
|
+
def self.parse(config)
|
|
46
|
+
parsed = YAML.safe_load(config, symbolize_names: true)
|
|
47
|
+
version = parsed[:version]
|
|
48
|
+
raise InvalidConfigError, "invalid version #{version}" if version && version != 2
|
|
49
|
+
|
|
50
|
+
File.new(updates: parsed[:updates], registries: parsed[:registries])
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/file_fetchers/base"
|
|
4
|
+
require "dependabot/config/file"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module Config
|
|
8
|
+
class FileFetcher < Dependabot::FileFetchers::Base
|
|
9
|
+
CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
|
|
10
|
+
|
|
11
|
+
def self.required_files_in?(filenames)
|
|
12
|
+
CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def self.required_files_message
|
|
16
|
+
"Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def config_file
|
|
20
|
+
@config_file ||= files.first
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def fetch_files
|
|
26
|
+
fetched_files = []
|
|
27
|
+
|
|
28
|
+
CONFIG_FILE_PATHS.each do |file|
|
|
29
|
+
fn = Pathname.new("/#{file}").relative_path_from(directory)
|
|
30
|
+
|
|
31
|
+
begin
|
|
32
|
+
config_file = fetch_file_from_host(fn)
|
|
33
|
+
if config_file
|
|
34
|
+
fetched_files << config_file
|
|
35
|
+
break
|
|
36
|
+
end
|
|
37
|
+
rescue Dependabot::DependencyFileNotFound
|
|
38
|
+
next
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
unless self.class.required_files_in?(fetched_files.map(&:name))
|
|
43
|
+
raise Dependabot::DependencyFileNotFound, self.class.required_files_message
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
fetched_files
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Dependabot
|
|
4
|
+
module Config
|
|
5
|
+
# Configuration for a single ecosystem
|
|
6
|
+
class UpdateConfig
|
|
7
|
+
module Interval
|
|
8
|
+
DAILY = "daily"
|
|
9
|
+
WEEKLY = "weekly"
|
|
10
|
+
MONTHLY = "monthly"
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def initialize(config)
|
|
14
|
+
@config = config || {}
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def ignored_versions_for(dep)
|
|
18
|
+
return [] unless @config[:ignore]
|
|
19
|
+
|
|
20
|
+
@config[:ignore].
|
|
21
|
+
select { |ic| ic[:"dependency-name"] == dep.name }. # FIXME: wildcard support
|
|
22
|
+
map { |ic| ic[:versions] }.
|
|
23
|
+
flatten
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def commit_message_options
|
|
27
|
+
commit_message = @config[:"commit-message"] || {}
|
|
28
|
+
{
|
|
29
|
+
prefix: commit_message[:prefix],
|
|
30
|
+
prefix_development: commit_message[:"prefix-development"],
|
|
31
|
+
include_scope: commit_message[:include] == "scope"
|
|
32
|
+
}
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def interval
|
|
36
|
+
return unless @config[:schedule]
|
|
37
|
+
return unless @config[:schedule][:interval]
|
|
38
|
+
|
|
39
|
+
interval = @config[:schedule][:interval]
|
|
40
|
+
case interval.downcase
|
|
41
|
+
when Interval::DAILY, Interval::WEEKLY, Interval::MONTHLY
|
|
42
|
+
interval.downcase
|
|
43
|
+
else
|
|
44
|
+
raise InvalidConfigError, "unknown interval: #{interval}"
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -92,7 +92,7 @@ module Dependabot
|
|
|
92
92
|
local_tags.
|
|
93
93
|
select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
|
|
94
94
|
filtered = tags.
|
|
95
|
-
reject { |t|
|
|
95
|
+
reject { |t| tag_included_in_ignore_requirements?(t) }
|
|
96
96
|
raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
|
|
97
97
|
|
|
98
98
|
tag = filtered.
|
|
@@ -317,8 +317,8 @@ module Dependabot
|
|
|
317
317
|
listing_repo_git_metadata_fetcher.upload_pack
|
|
318
318
|
end
|
|
319
319
|
|
|
320
|
-
def
|
|
321
|
-
ignored_versions.
|
|
320
|
+
def ignore_requirements
|
|
321
|
+
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
|
322
322
|
end
|
|
323
323
|
|
|
324
324
|
def wants_prerelease?
|
|
@@ -330,9 +330,9 @@ module Dependabot
|
|
|
330
330
|
version_class.new(version).prerelease?
|
|
331
331
|
end
|
|
332
332
|
|
|
333
|
-
def
|
|
333
|
+
def tag_included_in_ignore_requirements?(tag)
|
|
334
334
|
version = tag.name.match(VERSION_REGEX).named_captures.fetch("version")
|
|
335
|
-
|
|
335
|
+
ignore_requirements.any? { |r| r.satisfied_by?(version_class.new(version)) }
|
|
336
336
|
end
|
|
337
337
|
|
|
338
338
|
def tag_is_prerelease?(tag)
|
|
@@ -17,7 +17,6 @@ module Dependabot
|
|
|
17
17
|
@prefix = prefix
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
|
21
20
|
def new_branch_name
|
|
22
21
|
@name ||=
|
|
23
22
|
begin
|
|
@@ -34,23 +33,13 @@ module Dependabot
|
|
|
34
33
|
tr("@", "")
|
|
35
34
|
end
|
|
36
35
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
if library? && ref_changed?(dep) && new_ref(dep)
|
|
40
|
-
"#{dependency_name_part}-#{new_ref(dep)}"
|
|
41
|
-
elsif library?
|
|
42
|
-
"#{dependency_name_part}-#{sanitized_requirement(dep)}"
|
|
43
|
-
else
|
|
44
|
-
"#{dependency_name_part}-#{new_version(dep)}"
|
|
45
|
-
end
|
|
36
|
+
"#{dependency_name_part}-#{branch_version_suffix}"
|
|
46
37
|
end
|
|
47
38
|
|
|
48
39
|
# Some users need branch names without slashes
|
|
49
40
|
sanitize_ref(File.join(prefixes, @name).gsub("/", separator))
|
|
50
41
|
end
|
|
51
42
|
|
|
52
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
53
|
-
|
|
54
43
|
private
|
|
55
44
|
|
|
56
45
|
def prefixes
|
|
@@ -98,6 +87,18 @@ module Dependabot
|
|
|
98
87
|
@dependency_set
|
|
99
88
|
end
|
|
100
89
|
|
|
90
|
+
def branch_version_suffix
|
|
91
|
+
dep = dependencies.first
|
|
92
|
+
|
|
93
|
+
if library? && ref_changed?(dep) && new_ref(dep)
|
|
94
|
+
new_ref(dep)
|
|
95
|
+
elsif library?
|
|
96
|
+
sanitized_requirement(dep)
|
|
97
|
+
else
|
|
98
|
+
new_version(dep)
|
|
99
|
+
end
|
|
100
|
+
end
|
|
101
|
+
|
|
101
102
|
def sanitized_requirement(dependency)
|
|
102
103
|
new_library_requirement(dependency).
|
|
103
104
|
delete(" ").
|
|
@@ -38,7 +38,7 @@ module Dependabot
|
|
|
38
38
|
|
|
39
39
|
def can_update?(requirements_to_unlock:)
|
|
40
40
|
# Can't update if all versions are being ignored
|
|
41
|
-
return false if
|
|
41
|
+
return false if ignore_requirements.include?(requirement_class.new(">= 0"))
|
|
42
42
|
|
|
43
43
|
if dependency.version
|
|
44
44
|
version_can_update?(requirements_to_unlock: requirements_to_unlock)
|
|
@@ -141,6 +141,10 @@ module Dependabot
|
|
|
141
141
|
security_advisories.any? { |a| a.vulnerable?(version) }
|
|
142
142
|
end
|
|
143
143
|
|
|
144
|
+
def ignore_requirements
|
|
145
|
+
ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
|
|
146
|
+
end
|
|
147
|
+
|
|
144
148
|
private
|
|
145
149
|
|
|
146
150
|
def latest_version_resolvable_with_full_unlock?
|
|
@@ -296,10 +300,6 @@ module Dependabot
|
|
|
296
300
|
|
|
297
301
|
changed_requirements.none? { |r| r[:requirement] == :unfixable }
|
|
298
302
|
end
|
|
299
|
-
|
|
300
|
-
def ignore_reqs
|
|
301
|
-
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
|
302
|
-
end
|
|
303
303
|
end
|
|
304
304
|
end
|
|
305
305
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.143.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-04-
|
|
11
|
+
date: 2021-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -298,14 +298,14 @@ dependencies:
|
|
|
298
298
|
requirements:
|
|
299
299
|
- - "~>"
|
|
300
300
|
- !ruby/object:Gem::Version
|
|
301
|
-
version: 1.
|
|
301
|
+
version: 1.13.0
|
|
302
302
|
type: :development
|
|
303
303
|
prerelease: false
|
|
304
304
|
version_requirements: !ruby/object:Gem::Requirement
|
|
305
305
|
requirements:
|
|
306
306
|
- - "~>"
|
|
307
307
|
- !ruby/object:Gem::Version
|
|
308
|
-
version: 1.
|
|
308
|
+
version: 1.13.0
|
|
309
309
|
- !ruby/object:Gem::Dependency
|
|
310
310
|
name: simplecov
|
|
311
311
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -391,6 +391,10 @@ files:
|
|
|
391
391
|
- lib/dependabot/clients/codecommit.rb
|
|
392
392
|
- lib/dependabot/clients/github_with_retries.rb
|
|
393
393
|
- lib/dependabot/clients/gitlab_with_retries.rb
|
|
394
|
+
- lib/dependabot/config.rb
|
|
395
|
+
- lib/dependabot/config/file.rb
|
|
396
|
+
- lib/dependabot/config/file_fetcher.rb
|
|
397
|
+
- lib/dependabot/config/update_config.rb
|
|
394
398
|
- lib/dependabot/dependency.rb
|
|
395
399
|
- lib/dependabot/dependency_file.rb
|
|
396
400
|
- lib/dependabot/errors.rb
|