dependabot-common 0.224.0 → 0.225.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_group.rb +82 -0
  3. data/lib/dependabot/file_parsers/base/dependency_set.rb +1 -0
  4. data/lib/dependabot/pull_request_creator/message_builder.rb +62 -3
  5. data/lib/dependabot/update_checkers/base.rb +2 -0
  6. data/lib/dependabot.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 967a29e273078457f5010415215784a3bf9bd8b9cd78e101ab8d7dc97ab42fba
4
- data.tar.gz: c840404ceecf85c06defa6748f5075c1e336e3878f0f18c3d1c6282b986d86b4
3
+ metadata.gz: eff50d0047fd94f2b62e76e55d42561e17780c26da251ba55cd04f493bce0cb5
4
+ data.tar.gz: 34d2e201f6198e4478a2b13d8e2c12162ae1a2e74b6c66ebfd45e12518379155
5
5
  SHA512:
6
- metadata.gz: 1bdead2177caa4c1c9cd90371bf07cb8def978492718809f3a67ee995f24c4da02424989d25f87298ad2ac04b371c63108a9520d58e33d0b6f925446dfc0d5be
7
- data.tar.gz: 2e5f484acea22c05982c2840317f7f559171ca239b846da310ac2ae40b7006fe10df16d1e26f204d3ccee0e163e8c51af5e283635f929edb1fbeaa5d6986c2ad
6
+ metadata.gz: 97d3947770789948f293026af11c4a8f065831ebf4c5ee5f06c3e2fe147766b5d4615b2497fbd7dfbfb4589a07df52a91de9c7041fe49cd74795fd3fb6be6437
7
+ data.tar.gz: 640a7855071b6c94d1a8e91972bf4e34792e6ffcf02ac38d1bb6a42e985fdfc3479b994c645fdb24d77fe450f84e39aef0e6bef2ab41c0394989f9c63f792f19
data/lib/dependabot/dependency_group.rb CHANGED
@@ -1,16 +1,42 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/experiments"
4
+ require "dependabot/config/ignore_condition"
5
+ require "dependabot/logger"
6
+
3
7
  require "wildcard_matcher"
4
8
  require "yaml"
5
9
 
6
10
  module Dependabot
7
11
  class DependencyGroup
12
+ ANY_DEPENDENCY_NAME = "*"
13
+ SECURITY_UPDATES_ONLY = false
14
+
15
+ DEFAULT_UPDATE_TYPES = [
16
+ SEMVER_MAJOR = "major",
17
+ SEMVER_MINOR = "minor",
18
+ SEMVER_PATCH = "patch"
19
+ ].freeze
20
+
21
+ IGNORE_CONDITION_TYPES = {
22
+ SEMVER_MAJOR => Dependabot::Config::IgnoreCondition::MAJOR_VERSION_TYPE,
23
+ SEMVER_MINOR => Dependabot::Config::IgnoreCondition::MINOR_VERSION_TYPE,
24
+ SEMVER_PATCH => Dependabot::Config::IgnoreCondition::PATCH_VERSION_TYPE
25
+ }.freeze
26
+
27
+ class NullIgnoreCondition
28
+ def ignored_versions(_dependency, _security_updates_only)
29
+ []
30
+ end
31
+ end
32
+
8
33
  attr_reader :name, :rules, :dependencies
9
34
 
10
35
  def initialize(name:, rules:)
11
36
  @name = name
12
37
  @rules = rules
13
38
  @dependencies = []
39
+ @ignore_condition = generate_ignore_condition!
14
40
  end
15
41
 
16
42
  def contains?(dependency)
@@ -20,6 +46,18 @@ module Dependabot
20
46
  matches_pattern?(dependency.name) && matches_dependency_type?(dependency)
21
47
  end
22
48
 
49
+ # This method generates ignored versions for the given Dependency based on
50
+ # the any update-types we have defined.
51
+ def ignored_versions_for(dependency)
52
+ @ignore_condition.ignored_versions(dependency, SECURITY_UPDATES_ONLY)
53
+ end
54
+
55
+ def targets_highest_versions_possible?
56
+ return true unless experimental_rules_enabled?
57
+
58
+ update_types.include?(SEMVER_MAJOR)
59
+ end
60
+
23
61
  def to_h
24
62
  { "name" => name }
25
63
  end
@@ -54,5 +92,49 @@ module Dependabot
54
92
  "development"
55
93
  end
56
94
  end
95
+
96
+ def pattern_rules?
97
+ rules.key?("patterns") && rules["patterns"]&.any?
98
+ end
99
+
100
+ def update_types
101
+ rules.fetch("update-types", DEFAULT_UPDATE_TYPES)
102
+ end
103
+
104
+ def generate_ignore_condition!
105
+ return NullIgnoreCondition.new unless experimental_rules_enabled?
106
+
107
+ ignored_update_types = ignored_update_types_for_rules
108
+
109
+ return NullIgnoreCondition.new unless ignored_update_types.any?
110
+
111
+ Dependabot.logger.debug("The #{name} group has set ignores for update-type(s): #{ignored_update_types}")
112
+
113
+ Dependabot::Config::IgnoreCondition.new(
114
+ dependency_name: ANY_DEPENDENCY_NAME,
115
+ update_types: ignored_update_types
116
+ )
117
+ end
118
+
119
+ def ignored_update_types_for_rules
120
+ unless update_types.is_a?(Array)
121
+ raise ArgumentError,
122
+ "The #{name} group has an unexpected value for update-types: '#{update_types}'"
123
+ end
124
+
125
+ unless update_types.any?
126
+ raise ArgumentError,
127
+ "The #{name} group has specified an empty array for update-types."
128
+ end
129
+
130
+ ignored_update_types = DEFAULT_UPDATE_TYPES - update_types
131
+ return [] if ignored_update_types.empty?
132
+
133
+ IGNORE_CONDITION_TYPES.fetch_values(*ignored_update_types)
134
+ end
135
+
136
+ def experimental_rules_enabled?
137
+ Dependabot::Experiments.enabled?(:grouped_updates_experimental_rules)
138
+ end
57
139
  end
58
140
  end
data/lib/dependabot/file_parsers/base/dependency_set.rb CHANGED
@@ -126,6 +126,7 @@ module Dependabot
126
126
  version: version,
127
127
  requirements: requirements,
128
128
  package_manager: old_dep.package_manager,
129
+ metadata: old_dep.metadata,
129
130
  subdependency_metadata: subdependency_metadata
130
131
  )
131
132
  end
data/lib/dependabot/pull_request_creator/message_builder.rb CHANGED
@@ -23,7 +23,7 @@ module Dependabot
23
23
  :pr_message_header, :pr_message_footer,
24
24
  :commit_message_options, :vulnerabilities_fixed,
25
25
  :github_redirection_service, :dependency_group, :pr_message_max_length,
26
- :pr_message_encoding
26
+ :pr_message_encoding, :ignore_conditions
27
27
 
28
28
  TRUNCATED_MSG = "...\n\n_Description has been truncated_"
29
29
 
@@ -31,7 +31,7 @@ module Dependabot
31
31
  pr_message_header: nil, pr_message_footer: nil,
32
32
  commit_message_options: {}, vulnerabilities_fixed: {},
33
33
  github_redirection_service: DEFAULT_GITHUB_REDIRECTION_SERVICE,
34
- dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil)
34
+ dependency_group: nil, pr_message_max_length: nil, pr_message_encoding: nil, ignore_conditions: [])
35
35
  @dependencies = dependencies
36
36
  @files = files
37
37
  @source = source
@@ -44,6 +44,7 @@ module Dependabot
44
44
  @dependency_group = dependency_group
45
45
  @pr_message_max_length = pr_message_max_length
46
46
  @pr_message_encoding = pr_message_encoding
47
+ @ignore_conditions = ignore_conditions
47
48
  end
48
49
 
49
50
  attr_writer :pr_message_max_length
@@ -57,13 +58,31 @@ module Dependabot
57
58
  end
58
59
 
59
60
  def pr_message
60
- msg = "#{suffixed_pr_message_header}#{commit_message_intro}#{metadata_cascades}#{prefixed_pr_message_footer}"
61
+ # TODO: Remove unignore_commands? feature flag once we are confident
62
+ # that it is working as expected
63
+ msg = if unignore_commands?
64
+ "#{suffixed_pr_message_header}" \
65
+ "#{commit_message_intro}" \
66
+ "#{metadata_cascades}" \
67
+ "#{ignore_conditions_table}" \
68
+ "#{prefixed_pr_message_footer}"
69
+ else
70
+ "#{suffixed_pr_message_header}" \
71
+ "#{commit_message_intro}" \
72
+ "#{metadata_cascades}" \
73
+ "#{prefixed_pr_message_footer}"
74
+ end
75
+
61
76
  truncate_pr_message(msg)
62
77
  rescue StandardError => e
63
78
  Dependabot.logger.error("Error while generating PR message: #{e.message}")
64
79
  suffixed_pr_message_header + prefixed_pr_message_footer
65
80
  end
66
81
 
82
+ def unignore_commands?
83
+ Experiments.enabled?(:unignore_commands)
84
+ end
85
+
67
86
  # Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
68
87
  # The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
69
88
  def truncate_pr_message(msg)
@@ -504,6 +523,46 @@ module Dependabot
504
523
  ).to_s
505
524
  end
506
525
 
526
+ def ignore_conditions_table
527
+ # Return an empty string if ignore_conditions is empty
528
+ return "" if @ignore_conditions.empty?
529
+
530
+ # Filter out the conditions where from_config_file is false and dependency is in @dependencies
531
+ valid_ignore_conditions = @ignore_conditions.select do |ic|
532
+ !ic[:from_config_file] && dependencies.any? { |dep| dep.name == ic[:dependency_name] }
533
+ end
534
+
535
+ # Return an empty string if no valid ignore conditions after filtering
536
+ return "" if valid_ignore_conditions.empty?
537
+
538
+ # Sort them by updated_at (or created_at if updated_at is nil), taking the latest 20
539
+ sorted_ignore_conditions = valid_ignore_conditions.sort_by { |ic| ic[:updated_at] || ic[:created_at] }.last(20)
540
+
541
+ # Map each condition to a row string
542
+ table_rows = sorted_ignore_conditions.map do |ic|
543
+ "| #{ic[:dependency_name]} | [#{ic[:version_requirement]}] |"
544
+ end
545
+
546
+ summary = "Most Recent Ignore Conditions Applied to This Pull Request"
547
+ build_table(summary, table_rows)
548
+ end
549
+
550
+ def build_table(summary, rows)
551
+ table_header = "| Dependency Name | Ignore Conditions |"
552
+ table_divider = "| --- | --- |"
553
+ table_body = rows.join("\n")
554
+ body = "\n#{[table_header, table_divider, table_body].join("\n")}\n"
555
+
556
+ if %w(azure bitbucket codecommit).include?(source.provider)
557
+ "\n##{summary}\n\n#{body}"
558
+ else
559
+ # Build the collapsible section
560
+ msg = "<details>\n<summary>#{summary}</summary>\n\n" \
561
+ "#{[table_header, table_divider, table_body].join("\n")}\n</details>"
562
+ "\n#{msg}\n"
563
+ end
564
+ end
565
+
507
566
  def changelog_url(dependency)
508
567
  metadata_finder(dependency).changelog_url
509
568
  end
data/lib/dependabot/update_checkers/base.rb CHANGED
@@ -166,6 +166,7 @@ module Dependabot
166
166
  previous_version: previous_version,
167
167
  previous_requirements: dependency.requirements,
168
168
  package_manager: dependency.package_manager,
169
+ metadata: dependency.metadata,
169
170
  subdependency_metadata: dependency.subdependency_metadata
170
171
  )
171
172
  end
@@ -181,6 +182,7 @@ module Dependabot
181
182
  previous_version: previous_version,
182
183
  previous_requirements: dependency.requirements,
183
184
  package_manager: dependency.package_manager,
185
+ metadata: dependency.metadata,
184
186
  subdependency_metadata: dependency.subdependency_metadata
185
187
  )
186
188
  end
data/lib/dependabot.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.224.0"
4
+ VERSION = "0.225.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.224.0
4
+ version: 0.225.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-27 00:00:00.000000000 Z
11
+ date: 2023-07-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit
@@ -486,7 +486,7 @@ licenses:
486
486
  - Nonstandard
487
487
  metadata:
488
488
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
489
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
489
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
490
490
  post_install_message:
491
491
  rdoc_options: []
492
492
  require_paths: