dependabot-common 0.211.0 → 0.212.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +1 -1
- data/lib/dependabot/clients/bitbucket.rb +2 -2
- data/lib/dependabot/config/ignore_condition.rb +1 -1
- data/lib/dependabot/dependency.rb +8 -10
- data/lib/dependabot/errors.rb +7 -7
- data/lib/dependabot/file_fetchers/base.rb +4 -4
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
- data/lib/dependabot/file_updaters/vendor_updater.rb +2 -0
- data/lib/dependabot/git_commit_checker.rb +6 -2
- data/lib/dependabot/git_metadata_fetcher.rb +2 -2
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +5 -5
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +4 -4
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +4 -4
- data/lib/dependabot/metadata_finders/base/release_finder.rb +4 -4
- data/lib/dependabot/pull_request_creator/branch_namer.rb +10 -12
- data/lib/dependabot/pull_request_creator/github.rb +5 -5
- data/lib/dependabot/pull_request_creator/labeler.rb +2 -0
- data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +10 -10
- data/lib/dependabot/pull_request_creator/message_builder.rb +39 -39
- data/lib/dependabot/pull_request_creator/pr_name_prefixer.rb +5 -10
- data/lib/dependabot/pull_request_updater/github.rb +1 -1
- data/lib/dependabot/security_advisory.rb +3 -3
- data/lib/dependabot/shared_helpers.rb +12 -12
- data/lib/dependabot/source.rb +2 -2
- data/lib/dependabot/update_checkers/base.rb +1 -1
- data/lib/dependabot/version.rb +1 -1
- metadata +22 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5242196cd22b0092cbdaaf08f6d5ce3f4249d1eeccedada949822b0b14657e9c
|
|
4
|
+
data.tar.gz: f47437aa525423bdbb507dfa5b0978863e41f3010682ed1c6f321d2ac67efea9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cad3f4c8848f45b07d7769bdf4a1b351e3cca4f921bb449cee629ddffc3c579df3b1dfc9343ecfdabd1192d1f1e207e82f8af0c8ee0f142af5856e5bee769d0e
|
|
7
|
+
data.tar.gz: c564e966eba317b8b5e61bf4d82df255248ee4932711d85854e38e843ce0f26d0dc22a649cb7e2f475e01f2b0fd61dce160a46a5ecdc0cbe61d560fd5b004587
|
|
@@ -310,7 +310,7 @@ module Dependabot
|
|
|
310
310
|
# https://developercommunity.visualstudio.com/content/problem/608770/remove-4000-character-limit-on-pull-request-descri.html
|
|
311
311
|
pr_description = pr_description.dup.force_encoding(Encoding::UTF_16)
|
|
312
312
|
if pr_description.length > MAX_PR_DESCRIPTION_LENGTH
|
|
313
|
-
truncated_msg = "...\n\n_Description has been truncated_".
|
|
313
|
+
truncated_msg = (+"...\n\n_Description has been truncated_").force_encoding(Encoding::UTF_16)
|
|
314
314
|
truncate_length = MAX_PR_DESCRIPTION_LENGTH - truncated_msg.length
|
|
315
315
|
pr_description = (pr_description[0..truncate_length] + truncated_msg)
|
|
316
316
|
end
|
|
@@ -189,8 +189,8 @@ module Dependabot
|
|
|
189
189
|
raise NotFound if response.status == 404
|
|
190
190
|
|
|
191
191
|
if response.status >= 400
|
|
192
|
-
raise "Unhandled Bitbucket error!\n"\
|
|
193
|
-
"Status: #{response.status}\n"\
|
|
192
|
+
raise "Unhandled Bitbucket error!\n" \
|
|
193
|
+
"Status: #{response.status}\n" \
|
|
194
194
|
"Body: #{response.body}"
|
|
195
195
|
end
|
|
196
196
|
|
|
@@ -120,9 +120,7 @@ module Dependabot
|
|
|
120
120
|
private
|
|
121
121
|
|
|
122
122
|
def check_values
|
|
123
|
-
if [version, previous_version].any?
|
|
124
|
-
raise ArgumentError, "blank strings must not be provided as versions"
|
|
125
|
-
end
|
|
123
|
+
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
|
126
124
|
|
|
127
125
|
check_requirement_fields
|
|
128
126
|
check_subdependency_metadata
|
|
@@ -130,8 +128,8 @@ module Dependabot
|
|
|
130
128
|
|
|
131
129
|
def check_requirement_fields
|
|
132
130
|
requirement_fields = [requirements, previous_requirements].compact
|
|
133
|
-
unless requirement_fields.all?
|
|
134
|
-
requirement_fields.flatten.all?
|
|
131
|
+
unless requirement_fields.all?(Array) &&
|
|
132
|
+
requirement_fields.flatten.all?(Hash)
|
|
135
133
|
raise ArgumentError, "requirements must be an array of hashes"
|
|
136
134
|
end
|
|
137
135
|
|
|
@@ -139,9 +137,9 @@ module Dependabot
|
|
|
139
137
|
optional_keys = %i(metadata)
|
|
140
138
|
unless requirement_fields.flatten.
|
|
141
139
|
all? { |r| required_keys.sort == (r.keys - optional_keys).sort }
|
|
142
|
-
raise ArgumentError, "each requirement must have the following "\
|
|
143
|
-
"required keys: #{required_keys.join(', ')}."\
|
|
144
|
-
"Optionally, it may have the following keys: "\
|
|
140
|
+
raise ArgumentError, "each requirement must have the following " \
|
|
141
|
+
"required keys: #{required_keys.join(', ')}." \
|
|
142
|
+
"Optionally, it may have the following keys: " \
|
|
145
143
|
"#{optional_keys.join(', ')}."
|
|
146
144
|
end
|
|
147
145
|
|
|
@@ -154,13 +152,13 @@ module Dependabot
|
|
|
154
152
|
return unless subdependency_metadata
|
|
155
153
|
|
|
156
154
|
unless subdependency_metadata.is_a?(Array) &&
|
|
157
|
-
subdependency_metadata.all?
|
|
155
|
+
subdependency_metadata.all?(Hash)
|
|
158
156
|
raise ArgumentError, "subdependency_metadata must be an array of hashes"
|
|
159
157
|
end
|
|
160
158
|
end
|
|
161
159
|
|
|
162
160
|
def symbolize_keys(hash)
|
|
163
|
-
hash.keys.
|
|
161
|
+
hash.keys.to_h { |k| [k.to_sym, hash[k]] }
|
|
164
162
|
end
|
|
165
163
|
end
|
|
166
164
|
end
|
data/lib/dependabot/errors.rb
CHANGED
|
@@ -124,8 +124,8 @@ module Dependabot
|
|
|
124
124
|
|
|
125
125
|
def initialize(source)
|
|
126
126
|
@source = sanitize_source(source)
|
|
127
|
-
msg = "The following source could not be reached as it requires "\
|
|
128
|
-
"authentication (and any provided details were invalid or lacked "\
|
|
127
|
+
msg = "The following source could not be reached as it requires " \
|
|
128
|
+
"authentication (and any provided details were invalid or lacked " \
|
|
129
129
|
"the required permissions): #{@source}"
|
|
130
130
|
super(msg)
|
|
131
131
|
end
|
|
@@ -173,7 +173,7 @@ module Dependabot
|
|
|
173
173
|
@dependency_urls =
|
|
174
174
|
dependency_urls.flatten.map { |uri| filter_sensitive_data(uri) }
|
|
175
175
|
|
|
176
|
-
msg = "The following git URLs could not be retrieved: "\
|
|
176
|
+
msg = "The following git URLs could not be retrieved: " \
|
|
177
177
|
"#{@dependency_urls.join(', ')}"
|
|
178
178
|
super(msg)
|
|
179
179
|
end
|
|
@@ -185,7 +185,7 @@ module Dependabot
|
|
|
185
185
|
def initialize(dependency)
|
|
186
186
|
@dependency = dependency
|
|
187
187
|
|
|
188
|
-
msg = "The branch or reference specified for #{@dependency} could not "\
|
|
188
|
+
msg = "The branch or reference specified for #{@dependency} could not " \
|
|
189
189
|
"be retrieved"
|
|
190
190
|
super(msg)
|
|
191
191
|
end
|
|
@@ -196,7 +196,7 @@ module Dependabot
|
|
|
196
196
|
|
|
197
197
|
def initialize(*dependencies)
|
|
198
198
|
@dependencies = dependencies.flatten
|
|
199
|
-
msg = "The following path based dependencies could not be retrieved: "\
|
|
199
|
+
msg = "The following path based dependencies could not be retrieved: " \
|
|
200
200
|
"#{@dependencies.join(', ')}"
|
|
201
201
|
super(msg)
|
|
202
202
|
end
|
|
@@ -210,8 +210,8 @@ module Dependabot
|
|
|
210
210
|
@declared_path = declared_path
|
|
211
211
|
@discovered_path = discovered_path
|
|
212
212
|
|
|
213
|
-
msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't "\
|
|
214
|
-
"match the actual path '#{@discovered_path}' in the dependency's "\
|
|
213
|
+
msg = "The module path '#{@declared_path}' found in #{@go_mod} doesn't " \
|
|
214
|
+
"match the actual path '#{@discovered_path}' in the dependency's " \
|
|
215
215
|
"go.mod"
|
|
216
216
|
super(msg)
|
|
217
217
|
end
|
|
@@ -141,7 +141,7 @@ module Dependabot
|
|
|
141
141
|
|
|
142
142
|
path = Pathname.new(File.join(directory, filename)).cleanpath.to_path
|
|
143
143
|
content = _fetch_file_content(path, fetch_submodules: fetch_submodules)
|
|
144
|
-
type = @linked_paths.key?(path.gsub(%r{^/}, ""))
|
|
144
|
+
type = "symlink" if @linked_paths.key?(path.gsub(%r{^/}, ""))
|
|
145
145
|
|
|
146
146
|
DependencyFile.new(
|
|
147
147
|
name: Pathname.new(filename).cleanpath.to_path,
|
|
@@ -233,8 +233,8 @@ module Dependabot
|
|
|
233
233
|
repo_path = File.join(clone_repo_contents, relative_path)
|
|
234
234
|
return [] unless Dir.exist?(repo_path)
|
|
235
235
|
|
|
236
|
-
Dir.entries(repo_path).
|
|
237
|
-
next if
|
|
236
|
+
Dir.entries(repo_path).filter_map do |name|
|
|
237
|
+
next if name == "." || name == ".."
|
|
238
238
|
|
|
239
239
|
absolute_path = File.join(repo_path, name)
|
|
240
240
|
type = if File.symlink?(absolute_path)
|
|
@@ -251,7 +251,7 @@ module Dependabot
|
|
|
251
251
|
type: type,
|
|
252
252
|
size: 0 # NOTE: added for parity with github contents API
|
|
253
253
|
)
|
|
254
|
-
end
|
|
254
|
+
end
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
def update_linked_paths(repo, path, commit, github_response)
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
class DependencySet
|
|
11
11
|
def initialize(dependencies = [], case_sensitive: false)
|
|
12
12
|
unless dependencies.is_a?(Array) &&
|
|
13
|
-
dependencies.all?
|
|
13
|
+
dependencies.all?(Dependency)
|
|
14
14
|
raise ArgumentError, "must be an array of Dependency objects"
|
|
15
15
|
end
|
|
16
16
|
|
|
@@ -18,7 +18,9 @@ module Dependabot
|
|
|
18
18
|
return [] unless repo_contents_path && vendor_dir
|
|
19
19
|
|
|
20
20
|
Dir.chdir(repo_contents_path) do
|
|
21
|
+
# rubocop:disable Performance/DeletePrefix
|
|
21
22
|
relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(vendor_dir)
|
|
23
|
+
# rubocop:enable Performance/DeletePrefix
|
|
22
24
|
|
|
23
25
|
status = SharedHelpers.run_shell_command(
|
|
24
26
|
"git status --untracked-files all --porcelain v1 #{relative_dir}"
|
|
@@ -86,6 +86,10 @@ module Dependabot
|
|
|
86
86
|
raise Dependabot::GitDependencyReferenceNotFound, dependency.name
|
|
87
87
|
end
|
|
88
88
|
|
|
89
|
+
def head_commit_for_local_branch(name)
|
|
90
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(name)
|
|
91
|
+
end
|
|
92
|
+
|
|
89
93
|
def local_tags_for_latest_version_commit_sha
|
|
90
94
|
tags = allowed_version_tags
|
|
91
95
|
max_tag = max_version_tag(tags)
|
|
@@ -274,8 +278,8 @@ module Dependabot
|
|
|
274
278
|
end
|
|
275
279
|
|
|
276
280
|
def bitbucket_commit_comparison_status(ref1, ref2)
|
|
277
|
-
url = "https://api.bitbucket.org/2.0/repositories/"\
|
|
278
|
-
"#{listing_source_repo}/commits/?"\
|
|
281
|
+
url = "https://api.bitbucket.org/2.0/repositories/" \
|
|
282
|
+
"#{listing_source_repo}/commits/?" \
|
|
279
283
|
"include=#{ref2}&exclude=#{ref1}"
|
|
280
284
|
|
|
281
285
|
client = Clients::BitbucketWithRetries.
|
|
@@ -88,7 +88,7 @@ module Dependabot
|
|
|
88
88
|
service_pack_uri = uri
|
|
89
89
|
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git")
|
|
90
90
|
|
|
91
|
-
env = { "PATH" => ENV
|
|
91
|
+
env = { "PATH" => ENV.fetch("PATH", nil) }
|
|
92
92
|
command = "git ls-remote #{service_pack_uri}"
|
|
93
93
|
command = SharedHelpers.escape_command(command)
|
|
94
94
|
|
|
@@ -125,7 +125,7 @@ module Dependabot
|
|
|
125
125
|
full_ref_name = line.split.last
|
|
126
126
|
next unless full_ref_name.start_with?("refs/tags", "refs/heads")
|
|
127
127
|
|
|
128
|
-
peeled_lines << line && next if line.strip.end_with?("^{}")
|
|
128
|
+
(peeled_lines << line) && next if line.strip.end_with?("^{}")
|
|
129
129
|
|
|
130
130
|
ref_name = full_ref_name.sub(%r{^refs/(tags|heads)/}, "").strip
|
|
131
131
|
sha = sha_for_update_pack_line(line)
|
|
@@ -239,7 +239,7 @@ module Dependabot
|
|
|
239
239
|
files += github_client.contents(source.repo, opts)
|
|
240
240
|
|
|
241
241
|
files.uniq.each do |f|
|
|
242
|
-
next unless
|
|
242
|
+
next unless f.type == "dir" && f.name.match?(/docs?/o)
|
|
243
243
|
|
|
244
244
|
opts = { path: f.path, ref: ref }.compact
|
|
245
245
|
files += github_client.contents(source.repo, opts)
|
|
@@ -300,16 +300,16 @@ module Dependabot
|
|
|
300
300
|
end
|
|
301
301
|
|
|
302
302
|
def previous_ref
|
|
303
|
-
previous_refs = dependency.previous_requirements.
|
|
303
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
304
304
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
305
|
-
end.
|
|
305
|
+
end.uniq
|
|
306
306
|
return previous_refs.first if previous_refs.count == 1
|
|
307
307
|
end
|
|
308
308
|
|
|
309
309
|
def new_ref
|
|
310
|
-
new_refs = dependency.requirements.
|
|
310
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
311
311
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
312
|
-
end.
|
|
312
|
+
end.uniq
|
|
313
313
|
return new_refs.first if new_refs.count == 1
|
|
314
314
|
end
|
|
315
315
|
|
|
@@ -137,16 +137,16 @@ module Dependabot
|
|
|
137
137
|
end
|
|
138
138
|
|
|
139
139
|
def previous_ref
|
|
140
|
-
previous_refs = dependency.previous_requirements.
|
|
140
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
141
141
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
142
|
-
end.
|
|
142
|
+
end.uniq
|
|
143
143
|
return previous_refs.first if previous_refs.count == 1
|
|
144
144
|
end
|
|
145
145
|
|
|
146
146
|
def new_ref
|
|
147
|
-
new_refs = dependency.requirements.
|
|
147
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
148
148
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
149
|
-
end.
|
|
149
|
+
end.uniq
|
|
150
150
|
return new_refs.first if new_refs.count == 1
|
|
151
151
|
end
|
|
152
152
|
|
|
@@ -136,18 +136,18 @@ module Dependabot
|
|
|
136
136
|
def previous_ref
|
|
137
137
|
return unless git_source?(dependency.previous_requirements)
|
|
138
138
|
|
|
139
|
-
previous_refs = dependency.previous_requirements.
|
|
139
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
140
140
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
141
|
-
end.
|
|
141
|
+
end.uniq
|
|
142
142
|
return previous_refs.first if previous_refs.count == 1
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
def new_ref
|
|
146
146
|
return unless git_source?(dependency.previous_requirements)
|
|
147
147
|
|
|
148
|
-
new_refs = dependency.requirements.
|
|
148
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
149
149
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
150
|
-
end.
|
|
150
|
+
end.uniq
|
|
151
151
|
return new_refs.first if new_refs.count == 1
|
|
152
152
|
end
|
|
153
153
|
|
|
@@ -275,16 +275,16 @@ module Dependabot
|
|
|
275
275
|
end
|
|
276
276
|
|
|
277
277
|
def previous_ref
|
|
278
|
-
previous_refs = dependency.previous_requirements.
|
|
278
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
279
279
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
280
|
-
end.
|
|
280
|
+
end.uniq
|
|
281
281
|
return previous_refs.first if previous_refs.count == 1
|
|
282
282
|
end
|
|
283
283
|
|
|
284
284
|
def new_ref
|
|
285
|
-
new_refs = dependency.requirements.
|
|
285
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
286
286
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
287
|
-
end.
|
|
287
|
+
end.uniq
|
|
288
288
|
return new_refs.first if new_refs.count == 1
|
|
289
289
|
end
|
|
290
290
|
|
|
@@ -90,7 +90,9 @@ module Dependabot
|
|
|
90
90
|
def branch_version_suffix
|
|
91
91
|
dep = dependencies.first
|
|
92
92
|
|
|
93
|
-
if
|
|
93
|
+
if dep.removed?
|
|
94
|
+
"-removed"
|
|
95
|
+
elsif library? && ref_changed?(dep) && new_ref(dep)
|
|
94
96
|
new_ref(dep)
|
|
95
97
|
elsif library?
|
|
96
98
|
sanitized_requirement(dep)
|
|
@@ -127,24 +129,24 @@ module Dependabot
|
|
|
127
129
|
elsif dependency.version == dependency.previous_version &&
|
|
128
130
|
package_manager == "docker"
|
|
129
131
|
dependency.requirements.
|
|
130
|
-
|
|
131
|
-
|
|
132
|
+
filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
|
133
|
+
first.split(":").last[0..6]
|
|
132
134
|
else
|
|
133
135
|
dependency.version
|
|
134
136
|
end
|
|
135
137
|
end
|
|
136
138
|
|
|
137
139
|
def previous_ref(dependency)
|
|
138
|
-
previous_refs = dependency.previous_requirements.
|
|
140
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
139
141
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
140
|
-
end.
|
|
142
|
+
end.uniq
|
|
141
143
|
return previous_refs.first if previous_refs.count == 1
|
|
142
144
|
end
|
|
143
145
|
|
|
144
146
|
def new_ref(dependency)
|
|
145
|
-
new_refs = dependency.requirements.
|
|
147
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
146
148
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
147
|
-
end.
|
|
149
|
+
end.uniq
|
|
148
150
|
return new_refs.first if new_refs.count == 1
|
|
149
151
|
end
|
|
150
152
|
|
|
@@ -185,11 +187,7 @@ module Dependabot
|
|
|
185
187
|
# Remove forbidden characters (those not already replaced elsewhere)
|
|
186
188
|
gsub(%r{[^A-Za-z0-9/\-_.(){}]}, "").
|
|
187
189
|
# Slashes can't be followed by periods
|
|
188
|
-
gsub(%r{/\.}, "/dot-").
|
|
189
|
-
# Two or more sequential periods are forbidden
|
|
190
|
-
gsub(/\.+/, ".").
|
|
191
|
-
# Two or more sequential slashes are forbidden
|
|
192
|
-
gsub(%r{/+}, "/").
|
|
190
|
+
gsub(%r{/\.}, "/dot-").squeeze(".").squeeze("/").
|
|
193
191
|
# Trailing periods are forbidden
|
|
194
192
|
sub(/\.$/, "")
|
|
195
193
|
end
|
|
@@ -219,7 +219,7 @@ module Dependabot
|
|
|
219
219
|
retry_count ||= 0
|
|
220
220
|
retry_count += 1
|
|
221
221
|
if retry_count > 10
|
|
222
|
-
raise "Repeatedly failed to create or update branch #{branch_name} "\
|
|
222
|
+
raise "Repeatedly failed to create or update branch #{branch_name} " \
|
|
223
223
|
"with commit #{commit.sha}."
|
|
224
224
|
end
|
|
225
225
|
|
|
@@ -269,7 +269,7 @@ module Dependabot
|
|
|
269
269
|
|
|
270
270
|
def add_reviewers_to_pull_request(pull_request)
|
|
271
271
|
reviewers_hash =
|
|
272
|
-
reviewers.keys.
|
|
272
|
+
reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
|
|
273
273
|
|
|
274
274
|
github_client_for_source.request_pull_request_review(
|
|
275
275
|
source.repo,
|
|
@@ -299,7 +299,7 @@ module Dependabot
|
|
|
299
299
|
|
|
300
300
|
def comment_with_invalid_reviewer(pull_request, message)
|
|
301
301
|
reviewers_hash =
|
|
302
|
-
reviewers.keys.
|
|
302
|
+
reviewers.keys.to_h { |k| [k.to_sym, reviewers[k]] }
|
|
303
303
|
reviewers = []
|
|
304
304
|
reviewers += reviewers_hash[:reviewers] || []
|
|
305
305
|
reviewers += (reviewers_hash[:team_reviewers] || []).
|
|
@@ -315,9 +315,9 @@ module Dependabot
|
|
|
315
315
|
|
|
316
316
|
msg = "Dependabot tried to add #{reviewers_string} as "
|
|
317
317
|
msg += reviewers.count > 1 ? "reviewers" : "a reviewer"
|
|
318
|
-
msg += " to this PR, but received the following error from GitHub:\n\n"\
|
|
318
|
+
msg += " to this PR, but received the following error from GitHub:\n\n" \
|
|
319
319
|
"```\n" \
|
|
320
|
-
"#{message}\n"\
|
|
320
|
+
"#{message}\n" \
|
|
321
321
|
"```"
|
|
322
322
|
|
|
323
323
|
github_client_for_source.add_comment(
|
|
@@ -105,7 +105,9 @@ module Dependabot
|
|
|
105
105
|
new_version_parts = version(dep).split(/[.+]/)
|
|
106
106
|
old_version_parts = previous_version(dep)&.split(/[.+]/) || []
|
|
107
107
|
all_parts = new_version_parts.first(3) + old_version_parts.first(3)
|
|
108
|
+
# rubocop:disable Performance/RedundantEqualityComparisonBlock
|
|
108
109
|
next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
|
|
110
|
+
# rubocop:enable Performance/RedundantEqualityComparisonBlock
|
|
109
111
|
next 1 if new_version_parts[0] != old_version_parts[0]
|
|
110
112
|
next 2 if new_version_parts[1] != old_version_parts[1]
|
|
111
113
|
|
|
@@ -63,7 +63,7 @@ module Dependabot
|
|
|
63
63
|
def release_cascade
|
|
64
64
|
return "" unless releases_text && releases_url
|
|
65
65
|
|
|
66
|
-
msg = "*Sourced from [#{dependency.display_name}'s releases]"\
|
|
66
|
+
msg = "*Sourced from [#{dependency.display_name}'s releases]" \
|
|
67
67
|
"(#{releases_url}).*\n\n"
|
|
68
68
|
msg += quote_and_truncate(releases_text)
|
|
69
69
|
msg = link_issues(text: msg)
|
|
@@ -80,8 +80,8 @@ module Dependabot
|
|
|
80
80
|
def changelog_cascade
|
|
81
81
|
return "" unless changelog_url && changelog_text
|
|
82
82
|
|
|
83
|
-
msg = "*Sourced from "\
|
|
84
|
-
"[#{dependency.display_name}'s changelog]"\
|
|
83
|
+
msg = "*Sourced from " \
|
|
84
|
+
"[#{dependency.display_name}'s changelog]" \
|
|
85
85
|
"(#{changelog_url}).*\n\n"
|
|
86
86
|
msg += quote_and_truncate(changelog_text)
|
|
87
87
|
msg = link_issues(text: msg)
|
|
@@ -95,8 +95,8 @@ module Dependabot
|
|
|
95
95
|
def upgrade_guide_cascade
|
|
96
96
|
return "" unless upgrade_guide_url && upgrade_guide_text
|
|
97
97
|
|
|
98
|
-
msg = "*Sourced from "\
|
|
99
|
-
"[#{dependency.display_name}'s upgrade guide]"\
|
|
98
|
+
msg = "*Sourced from " \
|
|
99
|
+
"[#{dependency.display_name}'s upgrade guide]" \
|
|
100
100
|
"(#{upgrade_guide_url}).*\n\n"
|
|
101
101
|
msg += quote_and_truncate(upgrade_guide_text)
|
|
102
102
|
msg = link_issues(text: msg)
|
|
@@ -112,7 +112,7 @@ module Dependabot
|
|
|
112
112
|
|
|
113
113
|
msg = ""
|
|
114
114
|
|
|
115
|
-
commits.
|
|
115
|
+
commits.last(10).reverse_each do |commit|
|
|
116
116
|
title = commit[:message].strip.split("\n").first
|
|
117
117
|
title = title.slice(0..76) + "..." if title && title.length > 80
|
|
118
118
|
title = title&.gsub(/(?<=[^\w.-])([_*`~])/, '\\1')
|
|
@@ -124,8 +124,8 @@ module Dependabot
|
|
|
124
124
|
|
|
125
125
|
msg +=
|
|
126
126
|
if commits.count > 10
|
|
127
|
-
"- Additional commits viewable in "\
|
|
128
|
-
|
|
127
|
+
"- Additional commits viewable in " \
|
|
128
|
+
"[compare view](#{commits_url})\n"
|
|
129
129
|
else
|
|
130
130
|
"- See full diff in [compare view](#{commits_url})\n"
|
|
131
131
|
end
|
|
@@ -175,8 +175,8 @@ module Dependabot
|
|
|
175
175
|
|
|
176
176
|
def vulnerability_source_line(details)
|
|
177
177
|
if details["source_url"] && details["source_name"]
|
|
178
|
-
"*Sourced from [#{details['source_name']}]"\
|
|
179
|
-
|
|
178
|
+
"*Sourced from [#{details['source_name']}]" \
|
|
179
|
+
"(#{details['source_url']}).*\n\n"
|
|
180
180
|
elsif details["source_name"]
|
|
181
181
|
"*Sourced from #{details['source_name']}.*\n\n"
|
|
182
182
|
else
|
|
@@ -74,9 +74,9 @@ module Dependabot
|
|
|
74
74
|
|
|
75
75
|
pr_name +
|
|
76
76
|
if dependencies.count == 1
|
|
77
|
-
"#{dependencies.first.display_name} requirement "\
|
|
78
|
-
|
|
79
|
-
|
|
77
|
+
"#{dependencies.first.display_name} requirement " \
|
|
78
|
+
"#{from_version_msg(old_library_requirement(dependencies.first))}" \
|
|
79
|
+
"to #{new_library_requirement(dependencies.first)}"
|
|
80
80
|
else
|
|
81
81
|
names = dependencies.map(&:name)
|
|
82
82
|
"requirements for #{names[0..-2].join(', ')} and #{names[-1]}"
|
|
@@ -90,19 +90,19 @@ module Dependabot
|
|
|
90
90
|
pr_name +
|
|
91
91
|
if dependencies.count == 1
|
|
92
92
|
dependency = dependencies.first
|
|
93
|
-
"#{dependency.display_name} "\
|
|
94
|
-
|
|
95
|
-
|
|
93
|
+
"#{dependency.display_name} " \
|
|
94
|
+
"#{from_version_msg(previous_version(dependency))}" \
|
|
95
|
+
"to #{new_version(dependency)}"
|
|
96
96
|
elsif updating_a_property?
|
|
97
97
|
dependency = dependencies.first
|
|
98
|
-
"#{property_name} "\
|
|
99
|
-
|
|
100
|
-
|
|
98
|
+
"#{property_name} " \
|
|
99
|
+
"#{from_version_msg(previous_version(dependency))}" \
|
|
100
|
+
"to #{new_version(dependency)}"
|
|
101
101
|
elsif updating_a_dependency_set?
|
|
102
102
|
dependency = dependencies.first
|
|
103
|
-
"#{dependency_set.fetch(:group)} dependency set "\
|
|
104
|
-
|
|
105
|
-
|
|
103
|
+
"#{dependency_set.fetch(:group)} dependency set " \
|
|
104
|
+
"#{from_version_msg(previous_version(dependency))}" \
|
|
105
|
+
"to #{new_version(dependency)}"
|
|
106
106
|
else
|
|
107
107
|
names = dependencies.map(&:name)
|
|
108
108
|
"#{names[0..-2].join(', ')} and #{names[-1]}"
|
|
@@ -174,8 +174,8 @@ module Dependabot
|
|
|
174
174
|
return unless signoff_details.is_a?(Hash)
|
|
175
175
|
return unless signoff_details[:org_name] && signoff_details[:org_email]
|
|
176
176
|
|
|
177
|
-
"On-behalf-of: @#{signoff_details[:org_name]} "\
|
|
178
|
-
|
|
177
|
+
"On-behalf-of: @#{signoff_details[:org_name]} " \
|
|
178
|
+
"<#{signoff_details[:org_email]}>"
|
|
179
179
|
end
|
|
180
180
|
|
|
181
181
|
def requirement_commit_message_intro
|
|
@@ -200,8 +200,8 @@ module Dependabot
|
|
|
200
200
|
return multidependency_intro if dependencies.count > 1
|
|
201
201
|
|
|
202
202
|
dependency = dependencies.first
|
|
203
|
-
msg = "Bumps #{dependency_links.first} "\
|
|
204
|
-
"#{from_version_msg(previous_version(dependency))}"\
|
|
203
|
+
msg = "Bumps #{dependency_links.first} " \
|
|
204
|
+
"#{from_version_msg(previous_version(dependency))}" \
|
|
205
205
|
"to #{new_version(dependency)}."
|
|
206
206
|
|
|
207
207
|
msg += " This release includes the previously tagged commit." if switching_from_ref_to_release?(dependency)
|
|
@@ -220,23 +220,23 @@ module Dependabot
|
|
|
220
220
|
def multidependency_property_intro
|
|
221
221
|
dependency = dependencies.first
|
|
222
222
|
|
|
223
|
-
"Bumps `#{property_name}` "\
|
|
224
|
-
|
|
225
|
-
|
|
223
|
+
"Bumps `#{property_name}` " \
|
|
224
|
+
"#{from_version_msg(previous_version(dependency))}" \
|
|
225
|
+
"to #{new_version(dependency)}."
|
|
226
226
|
end
|
|
227
227
|
|
|
228
228
|
def dependency_set_intro
|
|
229
229
|
dependency = dependencies.first
|
|
230
230
|
|
|
231
|
-
"Bumps `#{dependency_set.fetch(:group)}` "\
|
|
232
|
-
|
|
233
|
-
|
|
231
|
+
"Bumps `#{dependency_set.fetch(:group)}` " \
|
|
232
|
+
"dependency set #{from_version_msg(previous_version(dependency))}" \
|
|
233
|
+
"to #{new_version(dependency)}."
|
|
234
234
|
end
|
|
235
235
|
|
|
236
236
|
def multidependency_intro
|
|
237
|
-
"Bumps #{dependency_links[0..-2].join(', ')} "\
|
|
238
|
-
|
|
239
|
-
|
|
237
|
+
"Bumps #{dependency_links[0..-2].join(', ')} " \
|
|
238
|
+
"and #{dependency_links[-1]}. These " \
|
|
239
|
+
"dependencies needed to be updated together."
|
|
240
240
|
end
|
|
241
241
|
|
|
242
242
|
def from_version_msg(previous_version)
|
|
@@ -296,10 +296,10 @@ module Dependabot
|
|
|
296
296
|
if dep.removed?
|
|
297
297
|
"\n\nRemoves `#{dep.display_name}`"
|
|
298
298
|
else
|
|
299
|
-
"\n\nUpdates `#{dep.display_name}` "\
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
299
|
+
"\n\nUpdates `#{dep.display_name}` " \
|
|
300
|
+
"#{from_version_msg(previous_version(dep))}to " \
|
|
301
|
+
"#{new_version(dep)}" \
|
|
302
|
+
"#{metadata_links_for_dep(dep)}"
|
|
303
303
|
end
|
|
304
304
|
end.join
|
|
305
305
|
end
|
|
@@ -320,9 +320,9 @@ module Dependabot
|
|
|
320
320
|
msg = if dep.removed?
|
|
321
321
|
"\nRemoves `#{dep.display_name}`"
|
|
322
322
|
else
|
|
323
|
-
"\nUpdates `#{dep.display_name}` "\
|
|
324
|
-
|
|
325
|
-
|
|
323
|
+
"\nUpdates `#{dep.display_name}` " \
|
|
324
|
+
"#{from_version_msg(previous_version(dep))}" \
|
|
325
|
+
"to #{new_version(dep)}"
|
|
326
326
|
end
|
|
327
327
|
|
|
328
328
|
if vulnerabilities_fixed[dep.name]&.one?
|
|
@@ -427,21 +427,21 @@ module Dependabot
|
|
|
427
427
|
|
|
428
428
|
def docker_digest_from_reqs(requirements)
|
|
429
429
|
requirements.
|
|
430
|
-
|
|
431
|
-
|
|
430
|
+
filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
|
431
|
+
first
|
|
432
432
|
end
|
|
433
433
|
|
|
434
434
|
def previous_ref(dependency)
|
|
435
|
-
previous_refs = dependency.previous_requirements.
|
|
435
|
+
previous_refs = dependency.previous_requirements.filter_map do |r|
|
|
436
436
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
437
|
-
end.
|
|
437
|
+
end.uniq
|
|
438
438
|
return previous_refs.first if previous_refs.count == 1
|
|
439
439
|
end
|
|
440
440
|
|
|
441
441
|
def new_ref(dependency)
|
|
442
|
-
new_refs = dependency.requirements.
|
|
442
|
+
new_refs = dependency.requirements.filter_map do |r|
|
|
443
443
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
444
|
-
end.
|
|
444
|
+
end.uniq
|
|
445
445
|
return new_refs.first if new_refs.count == 1
|
|
446
446
|
end
|
|
447
447
|
|
|
@@ -493,7 +493,7 @@ module Dependabot
|
|
|
493
493
|
|
|
494
494
|
def switching_from_ref_to_release?(dependency)
|
|
495
495
|
unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
|
|
496
|
-
dependency.previous_version.nil? && previous_ref(dependency)
|
|
496
|
+
(dependency.previous_version.nil? && previous_ref(dependency))
|
|
497
497
|
return false
|
|
498
498
|
end
|
|
499
499
|
|
|
@@ -280,8 +280,7 @@ module Dependabot
|
|
|
280
280
|
reject { |c| c.author&.type == "Bot" }.
|
|
281
281
|
reject { |c| c.commit&.message&.start_with?("Merge") }.
|
|
282
282
|
map(&:commit).
|
|
283
|
-
|
|
284
|
-
compact.
|
|
283
|
+
filter_map(&:message).
|
|
285
284
|
map(&:strip)
|
|
286
285
|
end
|
|
287
286
|
|
|
@@ -292,8 +291,7 @@ module Dependabot
|
|
|
292
291
|
@recent_gitlab_commit_messages.
|
|
293
292
|
reject { |c| c.author_email == dependabot_email }.
|
|
294
293
|
reject { |c| c.message&.start_with?("merge !") }.
|
|
295
|
-
|
|
296
|
-
compact.
|
|
294
|
+
filter_map(&:message).
|
|
297
295
|
map(&:strip)
|
|
298
296
|
end
|
|
299
297
|
|
|
@@ -304,8 +302,7 @@ module Dependabot
|
|
|
304
302
|
@recent_azure_commit_messages.
|
|
305
303
|
reject { |c| azure_commit_author_email(c) == dependabot_email }.
|
|
306
304
|
reject { |c| c.fetch("comment")&.start_with?("Merge") }.
|
|
307
|
-
|
|
308
|
-
compact.
|
|
305
|
+
filter_map { |c| c.fetch("comment") }.
|
|
309
306
|
map(&:strip)
|
|
310
307
|
end
|
|
311
308
|
|
|
@@ -315,8 +312,7 @@ module Dependabot
|
|
|
315
312
|
|
|
316
313
|
@recent_bitbucket_commit_messages.
|
|
317
314
|
reject { |c| bitbucket_commit_author_email(c) == dependabot_email }.
|
|
318
|
-
|
|
319
|
-
compact.
|
|
315
|
+
filter_map { |c| c.fetch("message", nil) }.
|
|
320
316
|
reject { |m| m.start_with?("Merge") }.
|
|
321
317
|
map(&:strip)
|
|
322
318
|
end
|
|
@@ -327,8 +323,7 @@ module Dependabot
|
|
|
327
323
|
@recent_codecommit_commit_messages.commits.
|
|
328
324
|
reject { |c| c.author.email == dependabot_email }.
|
|
329
325
|
reject { |c| c.message&.start_with?("Merge") }.
|
|
330
|
-
|
|
331
|
-
compact.
|
|
326
|
+
filter_map(&:message).
|
|
332
327
|
map(&:strip)
|
|
333
328
|
end
|
|
334
329
|
|
|
@@ -173,7 +173,7 @@ module Dependabot
|
|
|
173
173
|
|
|
174
174
|
if e.message.match?(/protected branch/i) ||
|
|
175
175
|
e.message.match?(/not authorized to push/i) ||
|
|
176
|
-
e.message.
|
|
176
|
+
e.message.include?("must not contain merge commits") ||
|
|
177
177
|
e.message.match?(/required status check/i)
|
|
178
178
|
raise BranchProtected
|
|
179
179
|
end
|
|
@@ -51,7 +51,7 @@ module Dependabot
|
|
|
51
51
|
# @return [Boolean]
|
|
52
52
|
def fixed_by?(dependency)
|
|
53
53
|
# Handle case mismatch between the security advisory and parsed name
|
|
54
|
-
return false unless dependency_name.
|
|
54
|
+
return false unless dependency_name.casecmp(dependency.name).zero?
|
|
55
55
|
return false unless package_manager == dependency.package_manager
|
|
56
56
|
# TODO: Support no previous version to the same level as dependency graph
|
|
57
57
|
# and security alerts. We currently ignore dependency updates without a
|
|
@@ -112,13 +112,13 @@ module Dependabot
|
|
|
112
112
|
def check_version_requirements
|
|
113
113
|
unless vulnerable_versions.is_a?(Array) &&
|
|
114
114
|
vulnerable_versions.all? { |i| requirement_class <= i.class }
|
|
115
|
-
raise ArgumentError, "vulnerable_versions must be an array "\
|
|
115
|
+
raise ArgumentError, "vulnerable_versions must be an array " \
|
|
116
116
|
"of #{requirement_class} instances"
|
|
117
117
|
end
|
|
118
118
|
|
|
119
119
|
unless safe_versions.is_a?(Array) &&
|
|
120
120
|
safe_versions.all? { |i| requirement_class <= i.class }
|
|
121
|
-
raise ArgumentError, "safe_versions must be an array "\
|
|
121
|
+
raise ArgumentError, "safe_versions must be an array " \
|
|
122
122
|
"of #{requirement_class} instances"
|
|
123
123
|
end
|
|
124
124
|
end
|
|
@@ -17,9 +17,9 @@ require "dependabot/version"
|
|
|
17
17
|
module Dependabot
|
|
18
18
|
module SharedHelpers
|
|
19
19
|
GIT_CONFIG_GLOBAL_PATH = File.expand_path("~/.gitconfig")
|
|
20
|
-
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} "\
|
|
21
|
-
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} "\
|
|
22
|
-
"(#{RUBY_PLATFORM}) "\
|
|
20
|
+
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
|
|
21
|
+
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
|
|
22
|
+
"(#{RUBY_PLATFORM}) " \
|
|
23
23
|
"(+https://github.com/dependabot/dependabot-core)"
|
|
24
24
|
SIGKILL = 9
|
|
25
25
|
|
|
@@ -32,7 +32,7 @@ module Dependabot
|
|
|
32
32
|
reset_git_repo(repo_contents_path)
|
|
33
33
|
# Handle missing directories by creating an empty one and relying on the
|
|
34
34
|
# file fetcher to raise a DependencyFileNotFound error
|
|
35
|
-
FileUtils.mkdir_p(path)
|
|
35
|
+
FileUtils.mkdir_p(path)
|
|
36
36
|
Dir.chdir(path) { yield(path) }
|
|
37
37
|
else
|
|
38
38
|
in_a_temporary_directory(directory, &block)
|
|
@@ -40,7 +40,7 @@ module Dependabot
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
def self.in_a_temporary_directory(directory = "/")
|
|
43
|
-
|
|
43
|
+
FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
|
|
44
44
|
tmp_dir = Dir.mktmpdir(Utils::BUMP_TMP_FILE_PREFIX, Utils::BUMP_TMP_DIR_PATH)
|
|
45
45
|
|
|
46
46
|
begin
|
|
@@ -188,7 +188,7 @@ module Dependabot
|
|
|
188
188
|
# a wrapper binary that only allows non-mutating commands. Without this,
|
|
189
189
|
# whenever the credentials are deemed to be invalid, they're erased.
|
|
190
190
|
run_shell_command(
|
|
191
|
-
"git config --global credential.helper "\
|
|
191
|
+
"git config --global credential.helper " \
|
|
192
192
|
"'!#{credential_helper_path} --file #{Dir.pwd}/git.store'",
|
|
193
193
|
allow_unsafe_shell_command: true
|
|
194
194
|
)
|
|
@@ -224,7 +224,7 @@ module Dependabot
|
|
|
224
224
|
next unless cred["username"] && cred["password"]
|
|
225
225
|
|
|
226
226
|
authenticated_url =
|
|
227
|
-
"https://#{cred.fetch('username')}:#{cred.fetch('password')}"\
|
|
227
|
+
"https://#{cred.fetch('username')}:#{cred.fetch('password')}" \
|
|
228
228
|
"@#{cred.fetch('host')}"
|
|
229
229
|
|
|
230
230
|
git_store_content += authenticated_url + "\n"
|
|
@@ -241,23 +241,23 @@ module Dependabot
|
|
|
241
241
|
# NOTE: we use --global here (rather than --system) so that Dependabot
|
|
242
242
|
# can be run without privileged access
|
|
243
243
|
run_shell_command(
|
|
244
|
-
"git config --global --replace-all url.https://#{host}/."\
|
|
244
|
+
"git config --global --replace-all url.https://#{host}/." \
|
|
245
245
|
"insteadOf ssh://git@#{host}/"
|
|
246
246
|
)
|
|
247
247
|
run_shell_command(
|
|
248
|
-
"git config --global --add url.https://#{host}/."\
|
|
248
|
+
"git config --global --add url.https://#{host}/." \
|
|
249
249
|
"insteadOf ssh://git@#{host}:"
|
|
250
250
|
)
|
|
251
251
|
run_shell_command(
|
|
252
|
-
"git config --global --add url.https://#{host}/."\
|
|
252
|
+
"git config --global --add url.https://#{host}/." \
|
|
253
253
|
"insteadOf git@#{host}:"
|
|
254
254
|
)
|
|
255
255
|
run_shell_command(
|
|
256
|
-
"git config --global --add url.https://#{host}/."\
|
|
256
|
+
"git config --global --add url.https://#{host}/." \
|
|
257
257
|
"insteadOf git@#{host}/"
|
|
258
258
|
)
|
|
259
259
|
run_shell_command(
|
|
260
|
-
"git config --global --add url.https://#{host}/."\
|
|
260
|
+
"git config --global --add url.https://#{host}/." \
|
|
261
261
|
"insteadOf git://#{host}/"
|
|
262
262
|
)
|
|
263
263
|
end
|
data/lib/dependabot/source.rb
CHANGED
|
@@ -109,8 +109,8 @@ module Dependabot
|
|
|
109
109
|
def initialize(provider:, repo:, directory: nil, branch: nil, commit: nil,
|
|
110
110
|
hostname: nil, api_endpoint: nil)
|
|
111
111
|
if (hostname.nil? ^ api_endpoint.nil?) && (provider != "codecommit")
|
|
112
|
-
msg = "Both hostname and api_endpoint must be specified if either "\
|
|
113
|
-
"are. Alternatively, both may be left blank to use the "\
|
|
112
|
+
msg = "Both hostname and api_endpoint must be specified if either " \
|
|
113
|
+
"are. Alternatively, both may be left blank to use the " \
|
|
114
114
|
"provider's defaults."
|
|
115
115
|
raise msg
|
|
116
116
|
end
|
|
@@ -287,7 +287,7 @@ module Dependabot
|
|
|
287
287
|
|
|
288
288
|
def version_from_requirements
|
|
289
289
|
@version_from_requirements ||=
|
|
290
|
-
dependency.requirements.
|
|
290
|
+
dependency.requirements.filter_map { |r| r.fetch(:requirement) }.
|
|
291
291
|
flat_map { |req_str| requirement_class.requirements_array(req_str) }.
|
|
292
292
|
flat_map(&:requirements).
|
|
293
293
|
reject { |req_array| req_array.first.start_with?("<") }.
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.212.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -132,14 +132,14 @@ dependencies:
|
|
|
132
132
|
requirements:
|
|
133
133
|
- - '='
|
|
134
134
|
- !ruby/object:Gem::Version
|
|
135
|
-
version: 2.
|
|
135
|
+
version: 2.5.2
|
|
136
136
|
type: :runtime
|
|
137
137
|
prerelease: false
|
|
138
138
|
version_requirements: !ruby/object:Gem::Requirement
|
|
139
139
|
requirements:
|
|
140
140
|
- - '='
|
|
141
141
|
- !ruby/object:Gem::Version
|
|
142
|
-
version: 2.
|
|
142
|
+
version: 2.5.2
|
|
143
143
|
- !ruby/object:Gem::Dependency
|
|
144
144
|
name: gitlab
|
|
145
145
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -290,14 +290,14 @@ dependencies:
|
|
|
290
290
|
requirements:
|
|
291
291
|
- - "~>"
|
|
292
292
|
- !ruby/object:Gem::Version
|
|
293
|
-
version: 3.
|
|
293
|
+
version: 3.12.0
|
|
294
294
|
type: :development
|
|
295
295
|
prerelease: false
|
|
296
296
|
version_requirements: !ruby/object:Gem::Requirement
|
|
297
297
|
requirements:
|
|
298
298
|
- - "~>"
|
|
299
299
|
- !ruby/object:Gem::Version
|
|
300
|
-
version: 3.
|
|
300
|
+
version: 3.12.0
|
|
301
301
|
- !ruby/object:Gem::Dependency
|
|
302
302
|
name: rake
|
|
303
303
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,14 +346,28 @@ dependencies:
|
|
|
346
346
|
requirements:
|
|
347
347
|
- - "~>"
|
|
348
348
|
- !ruby/object:Gem::Version
|
|
349
|
-
version: 1.
|
|
349
|
+
version: 1.36.0
|
|
350
350
|
type: :development
|
|
351
351
|
prerelease: false
|
|
352
352
|
version_requirements: !ruby/object:Gem::Requirement
|
|
353
353
|
requirements:
|
|
354
354
|
- - "~>"
|
|
355
355
|
- !ruby/object:Gem::Version
|
|
356
|
-
version: 1.
|
|
356
|
+
version: 1.36.0
|
|
357
|
+
- !ruby/object:Gem::Dependency
|
|
358
|
+
name: rubocop-performance
|
|
359
|
+
requirement: !ruby/object:Gem::Requirement
|
|
360
|
+
requirements:
|
|
361
|
+
- - "~>"
|
|
362
|
+
- !ruby/object:Gem::Version
|
|
363
|
+
version: 1.14.2
|
|
364
|
+
type: :development
|
|
365
|
+
prerelease: false
|
|
366
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
367
|
+
requirements:
|
|
368
|
+
- - "~>"
|
|
369
|
+
- !ruby/object:Gem::Version
|
|
370
|
+
version: 1.14.2
|
|
357
371
|
- !ruby/object:Gem::Dependency
|
|
358
372
|
name: ruby-debug-ide
|
|
359
373
|
requirement: !ruby/object:Gem::Requirement
|