RubyGems - dependabot-common - Versions diffs - 0.219.0 → 0.220.0 - Mend

dependabot-common 0.219.0 → 0.220.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +15 -6
data/lib/dependabot.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9de5ea53359451b6552e39b450ef6c53c46d0d99becf02b15949e3af086f7ed8
-  data.tar.gz: aca210e308541379b560262139f618c9721ae905835607fe46425d1b4e702a5d
+  metadata.gz: ffac7b072d3084a0eaa087c7bf4cdf6bf8f180a7312a55bd99fd5648320bb38f
+  data.tar.gz: af8cb21616a02e1a3368ae839f591fd2dfed3154bd4b138fe13843447f9306d6
 SHA512:
-  metadata.gz: a9c643d8050004fe119010919e4b6a08842ef454055332e4ca14c23f6398c05955d990d17e4d8e60f626a181eae4cb3dc8eab911c06752064de08ebcc88ff3e0
-  data.tar.gz: c7bfe1aad5c0231e4a02cb0003a83f133ad82e59cedc035aee9dc3f7ce4d1abbc5d133cd97be54a90c30171b34fc8ca51189fbc92a9d37f1f5ac37896c2c9b56
+  metadata.gz: 3073fb55361f0b46820a01071dc35e14fa91bdbbe653cd581256dde2889df9abeef87bd6787d5c32fd619aaa728736db98116dce9ca357d132e7814941f949dd
+  data.tar.gz: 3a1c6297dcd5425c3838550486066ece3ca2f89f7d1386adc0fa29e1afa681d17a0c30ed8fe987c672e25727af75319e072e1db4668fed0d35b4f4220457fdb9

data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module Dependabot
         # fixed-length name, so we can punt on handling truncation until
         # we determine the strict validation rules for names
         def new_branch_name
-          File.join(prefixes, timestamped_group_name).gsub("/", separator)
+          File.join(prefixes, group_name_with_dependency_digest).gsub("/", separator)
         end
         private
@@ -37,11 +37,20 @@ module Dependabot
           ].compact
         end
-        # When superseding a grouped update pull request, we will have a period
-        # of time when there are two branches for the group so we use a timestamp
-        # to avoid collisions.
-        def timestamped_group_name
-          "#{dependency_group.name}-#{Time.now.utc.to_i}"
+        # Group pull requests will generally include too many dependencies to include
+        # in the branch name, but we rely on branch names being deterministic for a
+        # given set of dependency changes.
+        #
+        # Let's append a short hash digest of the dependency changes so that we can
+        # meet this guarantee.
+        def group_name_with_dependency_digest
+          "#{dependency_group.name}-#{dependency_digest}"
+        end
+        def dependency_digest
+          @dependency_digest ||= Digest::MD5.hexdigest(dependencies.map do |dependency|
+            "#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
+          end.sort.join(",")).slice(0, 10)
         end
         def package_manager

data/lib/dependabot.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.219.0"
+  VERSION = "0.220.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.219.0
+  version: 0.220.0
 platform: ruby
 authors:
 - Dependabot
@@ -508,7 +508,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.219.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.220.0
 post_install_message:
 rdoc_options: []
 require_paths: