dependabot-common 0.154.2 → 0.154.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency.rb +1 -1
  3. data/lib/dependabot/file_fetchers/base.rb +2 -2
  4. data/lib/dependabot/file_updaters/vendor_updater.rb +1 -1
  5. data/lib/dependabot/git_metadata_fetcher.rb +23 -2
  6. data/lib/dependabot/metadata_finders/base/release_finder.rb +2 -2
  7. data/lib/dependabot/pull_request_creator/github.rb +2 -2
  8. data/lib/dependabot/pull_request_creator/gitlab.rb +1 -1
  9. data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +3 -3
  10. data/lib/dependabot/shared_helpers.rb +1 -1
  11. data/lib/dependabot/version.rb +1 -1
  12. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 11d71b6ef97735d3dfdcd6fd67314262bf53d6c7ec565c78a975803c8665c15a
4
- data.tar.gz: 51d69fc1c885d25c3016634573acd3290595be8aa48119ba8206ec6989981654
3
+ metadata.gz: aeb284b757e0874d1371b390e0a9c9759571e4cd659ed4898450cfb2b048ffd9
4
+ data.tar.gz: 56aa048446b8a19b08fe5c805768c6723a87978830895ea29a409af2577902c6
5
5
  SHA512:
6
- metadata.gz: 6d070601406562596178c17385dd8ff387444eab6e5d78f894e45d5c9aed76295a362f188e95efd6224bf049db43973279d22b56b373263332de9919899c9a44
7
- data.tar.gz: 39220483eaf1adb2f820c0bf6aceb03e8c42d5ee4d2dedc55a2af4a07bf3fe874e2ea7f6073e6d9e442cb6039d8e317027d915dfa5eed35f9df58252af9cde94
6
+ metadata.gz: 7d9d3c09880a11e91f20344828502a102fe574639f785005c72234789d1115f4ae01dc3d7f75a03103f069214370db5c416bf031045843fa163b75d6c904ab10
7
+ data.tar.gz: 743aa5679f2e65289da0b9e6127ba22d0d9fb290b63d5727335eb659e4ed375f7843cce929fb47a70ad4f0f4fbc85b413803ac499a5540d890ddae8c2a552e9e
data/lib/dependabot/dependency.rb CHANGED
@@ -154,7 +154,7 @@ module Dependabot
154
154
  end
155
155
 
156
156
  def symbolize_keys(hash)
157
- Hash[hash.keys.map { |k| [k.to_sym, hash[k]] }]
157
+ hash.keys.map { |k| [k.to_sym, hash[k]] }.to_h
158
158
  end
159
159
  end
160
160
  end
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -330,8 +330,8 @@ module Dependabot
330
330
 
331
331
  response.files.map do |file|
332
332
  OpenStruct.new(
333
- name: file.absolute_path,
334
- path: file.absolute_path,
333
+ name: File.basename(file.relative_path),
334
+ path: file.relative_path,
335
335
  type: "file",
336
336
  size: 0 # file size would require new api call per file..
337
337
  )
data/lib/dependabot/file_updaters/vendor_updater.rb CHANGED
@@ -25,7 +25,7 @@ module Dependabot
25
25
  status = SharedHelpers.run_shell_command(
26
26
  "git status --untracked-files all --porcelain v1 #{relative_dir}"
27
27
  )
28
- changed_paths = status.split("\n").map { |l| l.split(" ") }
28
+ changed_paths = status.split("\n").map(&:split)
29
29
  changed_paths.map do |type, path|
30
30
  # The following types are possible to be returned:
31
31
  # M = Modified = Default for DependencyFile
data/lib/dependabot/git_metadata_fetcher.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "excon"
4
+ require "open3"
4
5
  require "dependabot/errors"
5
6
 
6
7
  module Dependabot
@@ -52,6 +53,9 @@ module Dependabot
52
53
  response = fetch_raw_upload_pack_for(uri)
53
54
  return response.body if response.status == 200
54
55
 
56
+ response_with_git = fetch_raw_upload_pack_with_git_for(uri)
57
+ return response_with_git.body if response_with_git.status == 200
58
+
55
59
  raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
56
60
 
57
61
  raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
@@ -86,6 +90,23 @@ module Dependabot
86
90
  )
87
91
  end
88
92
 
93
+ def fetch_raw_upload_pack_with_git_for(uri)
94
+ service_pack_uri = uri
95
+ service_pack_uri += ".git" unless service_pack_uri.end_with?(".git")
96
+
97
+ command = "git ls-remote #{service_pack_uri}"
98
+ env = { "PATH" => ENV["PATH"] }
99
+
100
+ stdout, stderr, process = Open3.capture3(env, command)
101
+ # package the command response like a HTTP response so error handling
102
+ # remains unchanged
103
+ if process.success?
104
+ OpenStruct.new(body: stdout, status: 200)
105
+ else
106
+ OpenStruct.new(body: stderr, status: 500)
107
+ end
108
+ end
109
+
89
110
  def tags_for_upload_pack
90
111
  refs_for_upload_pack.
91
112
  select { |ref| ref.ref_type == :tag }.
@@ -106,7 +127,7 @@ module Dependabot
106
127
  peeled_lines = []
107
128
 
108
129
  result = upload_pack.lines.each_with_object({}) do |line, res|
109
- full_ref_name = line.split(" ").last
130
+ full_ref_name = line.split.last
110
131
  next unless full_ref_name.start_with?("refs/tags", "refs/heads")
111
132
 
112
133
  peeled_lines << line && next if line.strip.end_with?("^{}")
@@ -174,7 +195,7 @@ module Dependabot
174
195
  end
175
196
 
176
197
  def sha_for_update_pack_line(line)
177
- line.split(" ").first.chars.last(40).join
198
+ line.split.first.chars.last(40).join
178
199
  end
179
200
 
180
201
  def excon_defaults
data/lib/dependabot/metadata_finders/base/release_finder.rb CHANGED
@@ -167,7 +167,7 @@ module Dependabot
167
167
 
168
168
  def serialize_release(release)
169
169
  rel = release
170
- title = "## #{rel.name.to_s != '' ? rel.name : rel.tag_name}\n"
170
+ title = "## #{rel.name.to_s == '' ? rel.tag_name : rel.name}\n"
171
171
  body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
172
172
  "No release notes provided."
173
173
  else
@@ -178,7 +178,7 @@ module Dependabot
178
178
  end
179
179
 
180
180
  def release_body_includes_title?(release)
181
- title = release.name.to_s != "" ? release.name : release.tag_name
181
+ title = release.name.to_s == "" ? release.tag_name : release.name
182
182
  release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
183
183
  end
184
184
 
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -267,7 +267,7 @@ module Dependabot
267
267
 
268
268
  def add_reviewers_to_pull_request(pull_request)
269
269
  reviewers_hash =
270
- Hash[reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }]
270
+ reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
271
271
 
272
272
  github_client_for_source.request_pull_request_review(
273
273
  source.repo,
@@ -297,7 +297,7 @@ module Dependabot
297
297
 
298
298
  def comment_with_invalid_reviewer(pull_request, message)
299
299
  reviewers_hash =
300
- Hash[reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }]
300
+ reviewers.keys.map { |k| [k.to_sym, reviewers[k]] }.to_h
301
301
  reviewers = []
302
302
  reviewers += reviewers_hash[:reviewers] || []
303
303
  reviewers += (reviewers_hash[:team_reviewers] || []).
data/lib/dependabot/pull_request_creator/gitlab.rb CHANGED
@@ -153,7 +153,7 @@ module Dependabot
153
153
 
154
154
  def add_approvers_to_merge_request(merge_request)
155
155
  approvers_hash =
156
- Hash[approvers.keys.map { |k| [k.to_sym, approvers[k]] }]
156
+ approvers.keys.map { |k| [k.to_sym, approvers[k]] }.to_h
157
157
 
158
158
  gitlab_client_for_source.edit_merge_request_approvers(
159
159
  source.repo,
data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb CHANGED
@@ -51,10 +51,10 @@ module Dependabot
51
51
  doc.walk do |node|
52
52
  if node.type == :text &&
53
53
  node.string_content.match?(MENTION_REGEX)
54
- nodes = if !parent_node_link?(node)
55
- build_mention_nodes(node.string_content)
56
- else
54
+ nodes = if parent_node_link?(node)
57
55
  build_mention_link_text_nodes(node.string_content)
56
+ else
57
+ build_mention_nodes(node.string_content)
58
58
  end
59
59
 
60
60
  nodes.each do |n|
data/lib/dependabot/shared_helpers.rb CHANGED
@@ -65,7 +65,7 @@ module Dependabot
65
65
 
66
66
  # Escapes all special characters, e.g. = & | <>
67
67
  def self.escape_command(command)
68
- command_parts = command.split(" ").map(&:strip).reject(&:empty?)
68
+ command_parts = command.split.map(&:strip).reject(&:empty?)
69
69
  Shellwords.join(command_parts)
70
70
  end
71
71
 
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.154.2"
4
+ VERSION = "0.154.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.154.2
4
+ version: 0.154.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-17 00:00:00.000000000 Z
11
+ date: 2021-06-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -81,7 +81,7 @@ dependencies:
81
81
  version: 0.20.1
82
82
  - - "<"
83
83
  - !ruby/object:Gem::Version
84
- version: 0.22.0
84
+ version: 0.23.0
85
85
  type: :runtime
86
86
  prerelease: false
87
87
  version_requirements: !ruby/object:Gem::Requirement
@@ -91,7 +91,7 @@ dependencies:
91
91
  version: 0.20.1
92
92
  - - "<"
93
93
  - !ruby/object:Gem::Version
94
- version: 0.22.0
94
+ version: 0.23.0
95
95
  - !ruby/object:Gem::Dependency
96
96
  name: docker_registry2
97
97
  requirement: !ruby/object:Gem::Requirement