dependabot-common 0.216.1 → 0.216.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/github_with_retries.rb +1 -1
- data/lib/dependabot/dependency.rb +5 -1
- data/lib/dependabot/dependency_group.rb +9 -1
- data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -1
- data/lib/dependabot/git_commit_checker.rb +2 -2
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +1 -1
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +2 -4
- data/lib/dependabot/metadata_finders/base/release_finder.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +29 -22
- data/lib/dependabot/pull_request_creator.rb +2 -1
- data/lib/dependabot/update_checkers/base.rb +2 -2
- data/lib/dependabot.rb +1 -1
- data/lib/wildcard_matcher.rb +13 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4b38a1d09ce4d017caa3e68544d16abb8052e27febb10b6c2aa48ea7689dd5dd
|
4
|
+
data.tar.gz: 6f1f21ff545f58a09a7dd238cf3a2fe56ca59ab29c6f51a9d7594762769ccf79
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ae81f98a72640e7ea5b5dd7d5f813ff8b32663a0269b9cd4b57bebfe74d5db654f4da4aa9d6bbfe8c0c6a64af78a7017bb29db0e646481a1c81d35b60f3f4ff0
|
7
|
+
data.tar.gz: 034a48105df2f2a2633944697a3339b08f4d6f4bdb2fe5f277926d38d7032d2fbb8d5c6878b926710d53f495d8d547165261faab818a70c143afb423af7fda2f
|
@@ -95,7 +95,7 @@ module Dependabot
|
|
95
95
|
c.proxy = ENV["HTTPS_PROXY"] if ENV["HTTPS_PROXY"]
|
96
96
|
end
|
97
97
|
|
98
|
-
|
98
|
+
args[:middleware] = Faraday::RackBuilder.new do |builder|
|
99
99
|
builder.use Faraday::Retry::Middleware, exceptions: RETRYABLE_ERRORS, max: max_retries || 3
|
100
100
|
|
101
101
|
Octokit::Default::MIDDLEWARE.handlers.each do |handler|
|
@@ -199,12 +199,16 @@ module Dependabot
|
|
199
199
|
self == other
|
200
200
|
end
|
201
201
|
|
202
|
-
|
202
|
+
def requirement_class
|
203
|
+
Utils.requirement_class_for_package_manager(package_manager)
|
204
|
+
end
|
203
205
|
|
204
206
|
def version_class
|
205
207
|
Utils.version_class_for_package_manager(package_manager)
|
206
208
|
end
|
207
209
|
|
210
|
+
private
|
211
|
+
|
208
212
|
def check_values
|
209
213
|
raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("")
|
210
214
|
|
@@ -1,12 +1,20 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "wildcard_matcher"
|
4
|
+
|
3
5
|
module Dependabot
|
4
6
|
class DependencyGroup
|
5
|
-
attr_reader :name, :rules
|
7
|
+
attr_reader :name, :rules, :dependencies
|
6
8
|
|
7
9
|
def initialize(name:, rules:)
|
8
10
|
@name = name
|
9
11
|
@rules = rules
|
12
|
+
@dependencies = []
|
13
|
+
end
|
14
|
+
|
15
|
+
def contains?(dependency)
|
16
|
+
@dependencies.include?(dependency) if @dependencies.any?
|
17
|
+
rules.any? { |rule| WildcardMatcher.match?(rule, dependency.name) }
|
10
18
|
end
|
11
19
|
end
|
12
20
|
end
|
@@ -459,11 +459,11 @@ module Dependabot
|
|
459
459
|
end
|
460
460
|
|
461
461
|
def version_class
|
462
|
-
@version_class ||=
|
462
|
+
@version_class ||= dependency.version_class
|
463
463
|
end
|
464
464
|
|
465
465
|
def requirement_class
|
466
|
-
@requirement_class ||=
|
466
|
+
@requirement_class ||= dependency.requirement_class
|
467
467
|
end
|
468
468
|
|
469
469
|
def local_repo_git_metadata_fetcher
|
@@ -341,13 +341,11 @@ module Dependabot
|
|
341
341
|
end
|
342
342
|
|
343
343
|
def version_class
|
344
|
-
|
344
|
+
dependency.version_class
|
345
345
|
end
|
346
346
|
|
347
347
|
def requirement_class
|
348
|
-
|
349
|
-
dependency.package_manager
|
350
|
-
)
|
348
|
+
dependency.requirement_class
|
351
349
|
end
|
352
350
|
|
353
351
|
def git_sha?(version)
|
@@ -3,6 +3,7 @@
|
|
3
3
|
require "pathname"
|
4
4
|
require "dependabot/clients/github_with_retries"
|
5
5
|
require "dependabot/clients/gitlab_with_retries"
|
6
|
+
require "dependabot/dependency_group"
|
6
7
|
require "dependabot/logger"
|
7
8
|
require "dependabot/metadata_finders"
|
8
9
|
require "dependabot/pull_request_creator"
|
@@ -21,12 +22,13 @@ module Dependabot
|
|
21
22
|
attr_reader :source, :dependencies, :files, :credentials,
|
22
23
|
:pr_message_header, :pr_message_footer,
|
23
24
|
:commit_message_options, :vulnerabilities_fixed,
|
24
|
-
:github_redirection_service
|
25
|
+
:github_redirection_service, :dependency_group
|
25
26
|
|
26
27
|
def initialize(source:, dependencies:, files:, credentials:,
|
27
28
|
pr_message_header: nil, pr_message_footer: nil,
|
28
29
|
commit_message_options: {}, vulnerabilities_fixed: {},
|
29
|
-
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE
|
30
|
+
github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
|
31
|
+
dependency_group: nil)
|
30
32
|
@dependencies = dependencies
|
31
33
|
@files = files
|
32
34
|
@source = source
|
@@ -36,19 +38,13 @@ module Dependabot
|
|
36
38
|
@commit_message_options = commit_message_options
|
37
39
|
@vulnerabilities_fixed = vulnerabilities_fixed
|
38
40
|
@github_redirection_service = github_redirection_service
|
41
|
+
@dependency_group = dependency_group
|
39
42
|
end
|
40
43
|
|
41
44
|
def pr_name
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
46
|
-
pr_name = ""
|
47
|
-
end
|
48
|
-
pr_name += library? ? library_pr_name : application_pr_name
|
49
|
-
return pr_name if files.first.directory == "/"
|
50
|
-
|
51
|
-
pr_name + " in #{files.first.directory}"
|
45
|
+
name = dependency_group ? group_pr_name : solo_pr_name
|
46
|
+
name[0] = name[0].capitalize if pr_name_prefixer.capitalize_first_word?
|
47
|
+
"#{pr_name_prefix}#{name}"
|
52
48
|
end
|
53
49
|
|
54
50
|
def pr_message
|
@@ -82,11 +78,13 @@ module Dependabot
|
|
82
78
|
|
83
79
|
private
|
84
80
|
|
85
|
-
def
|
86
|
-
|
87
|
-
|
81
|
+
def solo_pr_name
|
82
|
+
name = library? ? library_pr_name : application_pr_name
|
83
|
+
"#{name}#{pr_name_directory}"
|
84
|
+
end
|
88
85
|
|
89
|
-
|
86
|
+
def library_pr_name
|
87
|
+
"update " +
|
90
88
|
if dependencies.count == 1
|
91
89
|
"#{dependencies.first.display_name} requirement " \
|
92
90
|
"#{from_version_msg(old_library_requirement(dependencies.first))}" \
|
@@ -101,12 +99,8 @@ module Dependabot
|
|
101
99
|
end
|
102
100
|
end
|
103
101
|
|
104
|
-
# rubocop:disable Metrics/AbcSize
|
105
102
|
def application_pr_name
|
106
|
-
|
107
|
-
pr_name = pr_name.capitalize if pr_name_prefixer.capitalize_first_word?
|
108
|
-
|
109
|
-
pr_name +
|
103
|
+
"bump " +
|
110
104
|
if dependencies.count == 1
|
111
105
|
dependency = dependencies.first
|
112
106
|
"#{dependency.display_name} " \
|
@@ -131,10 +125,23 @@ module Dependabot
|
|
131
125
|
end
|
132
126
|
end
|
133
127
|
end
|
134
|
-
|
128
|
+
|
129
|
+
def group_pr_name
|
130
|
+
updates = dependencies.map(&:name).uniq.count
|
131
|
+
"bump the #{dependency_group.name} group#{pr_name_directory} with #{updates} update#{'s' if updates > 1}"
|
132
|
+
end
|
135
133
|
|
136
134
|
def pr_name_prefix
|
137
135
|
pr_name_prefixer.pr_name_prefix
|
136
|
+
rescue StandardError => e
|
137
|
+
Dependabot.logger.error("Error while generating PR name: #{e.message}")
|
138
|
+
""
|
139
|
+
end
|
140
|
+
|
141
|
+
def pr_name_directory
|
142
|
+
return "" if files.first.directory == "/"
|
143
|
+
|
144
|
+
" in #{files.first.directory}"
|
138
145
|
end
|
139
146
|
|
140
147
|
def commit_subject
|
@@ -226,7 +226,8 @@ module Dependabot
|
|
226
226
|
pr_message_header: pr_message_header,
|
227
227
|
pr_message_footer: pr_message_footer,
|
228
228
|
vulnerabilities_fixed: vulnerabilities_fixed,
|
229
|
-
github_redirection_service: github_redirection_service
|
229
|
+
github_redirection_service: github_redirection_service,
|
230
|
+
dependency_group: dependency_group
|
230
231
|
)
|
231
232
|
end
|
232
233
|
|
@@ -113,11 +113,11 @@ module Dependabot
|
|
113
113
|
end
|
114
114
|
|
115
115
|
def version_class
|
116
|
-
|
116
|
+
dependency.version_class
|
117
117
|
end
|
118
118
|
|
119
119
|
def requirement_class
|
120
|
-
|
120
|
+
dependency.requirement_class
|
121
121
|
end
|
122
122
|
|
123
123
|
# For some languages, the manifest file may be constructed such that
|
data/lib/dependabot.rb
CHANGED
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class WildcardMatcher
|
4
|
+
def self.match?(wildcard_string, candidate_string)
|
5
|
+
return false unless wildcard_string && candidate_string
|
6
|
+
|
7
|
+
regex_string = "a#{wildcard_string.downcase}a".split("*").
|
8
|
+
map { |p| Regexp.quote(p) }.
|
9
|
+
join(".*").gsub(/^a|a$/, "")
|
10
|
+
regex = /^#{regex_string}$/
|
11
|
+
regex.match?(candidate_string.downcase)
|
12
|
+
end
|
13
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.216.
|
4
|
+
version: 0.216.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-04-
|
11
|
+
date: 2023-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -488,6 +488,7 @@ files:
|
|
488
488
|
- lib/dependabot/update_checkers/version_filters.rb
|
489
489
|
- lib/dependabot/utils.rb
|
490
490
|
- lib/dependabot/version.rb
|
491
|
+
- lib/wildcard_matcher.rb
|
491
492
|
homepage: https://github.com/dependabot/dependabot-core
|
492
493
|
licenses:
|
493
494
|
- Nonstandard
|