dependabot-common 0.227.0 → 0.228.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/clients/azure.rb +1 -1
- data/lib/dependabot/clients/gitlab_with_retries.rb +64 -0
- data/lib/dependabot/dependency.rb +2 -2
- data/lib/dependabot/dependency_group.rb +10 -1
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +2 -2
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +2 -2
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +2 -2
- data/lib/dependabot/metadata_finders/base/release_finder.rb +3 -3
- data/lib/dependabot/pull_request_creator/branch_namer/solo_strategy.rb +2 -2
- data/lib/dependabot/pull_request_creator/gitlab.rb +1 -23
- data/lib/dependabot/pull_request_creator/message_builder.rb +3 -2
- data/lib/dependabot/pull_request_updater/gitlab.rb +1 -23
- data/lib/dependabot/shared_helpers.rb +17 -26
- data/lib/dependabot/utils.rb +2 -1
- data/lib/dependabot.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 70404b8169c3449d3f94e10dff1619ea5fc634e5e395bb4a5548e354f7bdccc4
|
4
|
+
data.tar.gz: e8d018a0410888b3ec3c2de47dd950e7327a66d86bdff74f42a4d154ed82fe51
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a78e38bc65d7f81ec5adcd9554a51e620d83ab5c60c1861e45e60e6e8f8d62088f641e9d5b6eb8883aba1cfa618b0f0c3e125f8b5f52a0e20d32dc88dc7d4fdd
|
7
|
+
data.tar.gz: 2915d63900f5dabd640d05ad36ca5e8dcc57348b941bc9c1547f245ce31f22f3bf5ee4951fbb4883f773dc57ad351932196a8c01451541172c603541d924735b
|
@@ -7,6 +7,11 @@ module Dependabot
|
|
7
7
|
class GitlabWithRetries
|
8
8
|
RETRYABLE_ERRORS = [Gitlab::Error::BadGateway].freeze
|
9
9
|
|
10
|
+
class ContentEncoding
|
11
|
+
BASE64 = "base64"
|
12
|
+
TEXT = "text"
|
13
|
+
end
|
14
|
+
|
10
15
|
#######################
|
11
16
|
# Constructor methods #
|
12
17
|
#######################
|
@@ -60,6 +65,24 @@ module Dependabot
|
|
60
65
|
@client = ::Gitlab::Client.new(args)
|
61
66
|
end
|
62
67
|
|
68
|
+
# Create commit in gitlab repo with correctly mapped file actions
|
69
|
+
#
|
70
|
+
# @param [String] repo
|
71
|
+
# @param [String] branch_name
|
72
|
+
# @param [String] commit_message
|
73
|
+
# @param [Array<Dependabot::DependencyFile>] files
|
74
|
+
# @param [Hash] options
|
75
|
+
# @return [Gitlab::ObjectifiedHash]
|
76
|
+
def create_commit(repo, branch_name, commit_message, files, **options)
|
77
|
+
@client.create_commit(
|
78
|
+
repo,
|
79
|
+
branch_name,
|
80
|
+
commit_message,
|
81
|
+
file_actions(files),
|
82
|
+
**options
|
83
|
+
)
|
84
|
+
end
|
85
|
+
|
63
86
|
def method_missing(method_name, *args, &block)
|
64
87
|
retry_connection_failures do
|
65
88
|
if @client.respond_to?(method_name)
|
@@ -85,6 +108,47 @@ module Dependabot
|
|
85
108
|
retry_attempt <= @max_retries ? retry : raise
|
86
109
|
end
|
87
110
|
end
|
111
|
+
|
112
|
+
private
|
113
|
+
|
114
|
+
# Array of file actions for a commit
|
115
|
+
#
|
116
|
+
# @param [Array<Dependabot::DependencyFile>] files
|
117
|
+
# @return [Array<Hash>]
|
118
|
+
def file_actions(files)
|
119
|
+
files.map do |file|
|
120
|
+
{
|
121
|
+
action: file_action(file),
|
122
|
+
encoding: file_encoding(file),
|
123
|
+
file_path: file.type == "symlink" ? file.symlink_target : file.path,
|
124
|
+
content: file.content
|
125
|
+
}
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
# Single file action
|
130
|
+
#
|
131
|
+
# @param [Dependabot::DependencyFile] file
|
132
|
+
# @return [String]
|
133
|
+
def file_action(file)
|
134
|
+
if file.operation == Dependabot::DependencyFile::Operation::DELETE
|
135
|
+
"delete"
|
136
|
+
elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
|
137
|
+
"create"
|
138
|
+
else
|
139
|
+
"update"
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
# Encoding option for gitlab commit operation
|
144
|
+
#
|
145
|
+
# @param [Dependabot::DependencyFile] file
|
146
|
+
# @return [String]
|
147
|
+
def file_encoding(file)
|
148
|
+
return ContentEncoding::BASE64 if file.content_encoding == Dependabot::DependencyFile::ContentEncoding::BASE64
|
149
|
+
|
150
|
+
ContentEncoding::TEXT
|
151
|
+
end
|
88
152
|
end
|
89
153
|
end
|
90
154
|
end
|
@@ -157,14 +157,14 @@ module Dependabot
|
|
157
157
|
previous_refs = previous_requirements.filter_map do |r|
|
158
158
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
159
159
|
end.uniq
|
160
|
-
|
160
|
+
previous_refs.first if previous_refs.count == 1
|
161
161
|
end
|
162
162
|
|
163
163
|
def new_ref
|
164
164
|
new_refs = requirements.filter_map do |r|
|
165
165
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
166
166
|
end.uniq
|
167
|
-
|
167
|
+
new_refs.first if new_refs.count == 1
|
168
168
|
end
|
169
169
|
|
170
170
|
def ref_changed?
|
@@ -9,12 +9,21 @@ require "yaml"
|
|
9
9
|
|
10
10
|
module Dependabot
|
11
11
|
class DependencyGroup
|
12
|
-
attr_reader :name, :rules, :dependencies
|
12
|
+
attr_reader :name, :rules, :dependencies, :handled_dependencies
|
13
13
|
|
14
14
|
def initialize(name:, rules:)
|
15
15
|
@name = name
|
16
16
|
@rules = rules
|
17
17
|
@dependencies = []
|
18
|
+
@handled_dependencies = Set.new
|
19
|
+
end
|
20
|
+
|
21
|
+
def add_to_handled(*dependencies)
|
22
|
+
@handled_dependencies += dependencies.map(&:name)
|
23
|
+
end
|
24
|
+
|
25
|
+
def add_all_to_handled
|
26
|
+
@handled_dependencies += dependencies.map(&:name)
|
18
27
|
end
|
19
28
|
|
20
29
|
def contains?(dependency)
|
@@ -333,14 +333,14 @@ module Dependabot
|
|
333
333
|
previous_refs = dependency.previous_requirements.filter_map do |r|
|
334
334
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
335
335
|
end.uniq
|
336
|
-
|
336
|
+
previous_refs.first if previous_refs.count == 1
|
337
337
|
end
|
338
338
|
|
339
339
|
def new_ref
|
340
340
|
new_refs = dependency.requirements.filter_map do |r|
|
341
341
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
342
342
|
end.uniq
|
343
|
-
|
343
|
+
new_refs.first if new_refs.count == 1
|
344
344
|
end
|
345
345
|
|
346
346
|
def ref_changed?
|
@@ -140,14 +140,14 @@ module Dependabot
|
|
140
140
|
previous_refs = dependency.previous_requirements.filter_map do |r|
|
141
141
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
142
142
|
end.uniq
|
143
|
-
|
143
|
+
previous_refs.first if previous_refs.count == 1
|
144
144
|
end
|
145
145
|
|
146
146
|
def new_ref
|
147
147
|
new_refs = dependency.requirements.filter_map do |r|
|
148
148
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
149
149
|
end.uniq
|
150
|
-
|
150
|
+
new_refs.first if new_refs.count == 1
|
151
151
|
end
|
152
152
|
|
153
153
|
# TODO: Refactor me so that Composer doesn't need to be special cased
|
@@ -139,7 +139,7 @@ module Dependabot
|
|
139
139
|
previous_refs = dependency.previous_requirements.filter_map do |r|
|
140
140
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
141
141
|
end.uniq
|
142
|
-
|
142
|
+
previous_refs.first if previous_refs.count == 1
|
143
143
|
end
|
144
144
|
|
145
145
|
def new_ref
|
@@ -148,7 +148,7 @@ module Dependabot
|
|
148
148
|
new_refs = dependency.requirements.filter_map do |r|
|
149
149
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
150
150
|
end.uniq
|
151
|
-
|
151
|
+
new_refs.first if new_refs.count == 1
|
152
152
|
end
|
153
153
|
|
154
154
|
def tag_matches_version?(tag, version)
|
@@ -189,7 +189,7 @@ module Dependabot
|
|
189
189
|
end
|
190
190
|
|
191
191
|
def version_regex(version)
|
192
|
-
/(?:[^0-9\.]|\A)#{Regexp.escape(version ||
|
192
|
+
/(?:[^0-9\.]|\A)#{Regexp.escape(version || 'unknown')}\z/
|
193
193
|
end
|
194
194
|
|
195
195
|
def version_class
|
@@ -285,14 +285,14 @@ module Dependabot
|
|
285
285
|
previous_refs = dependency.previous_requirements.filter_map do |r|
|
286
286
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
287
287
|
end.uniq
|
288
|
-
|
288
|
+
previous_refs.first if previous_refs.count == 1
|
289
289
|
end
|
290
290
|
|
291
291
|
def new_ref
|
292
292
|
new_refs = dependency.requirements.filter_map do |r|
|
293
293
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
294
294
|
end.uniq
|
295
|
-
|
295
|
+
new_refs.first if new_refs.count == 1
|
296
296
|
end
|
297
297
|
|
298
298
|
def ref_changed?
|
@@ -131,14 +131,14 @@ module Dependabot
|
|
131
131
|
previous_refs = dependency.previous_requirements.filter_map do |r|
|
132
132
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
133
133
|
end.uniq
|
134
|
-
|
134
|
+
previous_refs.first if previous_refs.count == 1
|
135
135
|
end
|
136
136
|
|
137
137
|
def new_ref(dependency)
|
138
138
|
new_refs = dependency.requirements.filter_map do |r|
|
139
139
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
140
140
|
end.uniq
|
141
|
-
|
141
|
+
new_refs.first if new_refs.count == 1
|
142
142
|
end
|
143
143
|
|
144
144
|
def ref_changed?(dependency)
|
@@ -99,32 +99,10 @@ module Dependabot
|
|
99
99
|
source.repo,
|
100
100
|
branch_name,
|
101
101
|
commit_message,
|
102
|
-
|
102
|
+
files
|
103
103
|
)
|
104
104
|
end
|
105
105
|
|
106
|
-
def file_actions
|
107
|
-
files.map do |file|
|
108
|
-
{
|
109
|
-
action: file_action(file),
|
110
|
-
file_path: file.type == "symlink" ? file.symlink_target : file.path,
|
111
|
-
content: file.content,
|
112
|
-
encoding: file.content_encoding
|
113
|
-
}
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
|
-
# @param [DependencyFile] file
|
118
|
-
def file_action(file)
|
119
|
-
if file.operation == Dependabot::DependencyFile::Operation::DELETE
|
120
|
-
"delete"
|
121
|
-
elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
|
122
|
-
"create"
|
123
|
-
else
|
124
|
-
"update"
|
125
|
-
end
|
126
|
-
end
|
127
|
-
|
128
106
|
def create_submodule_update_commit
|
129
107
|
file = files.first
|
130
108
|
|
@@ -622,7 +622,8 @@ module Dependabot
|
|
622
622
|
|
623
623
|
req = old_reqs.first.fetch(:requirement)
|
624
624
|
return req if req
|
625
|
-
|
625
|
+
|
626
|
+
dependency.previous_ref if dependency.ref_changed?
|
626
627
|
end
|
627
628
|
|
628
629
|
def new_library_requirement(dependency)
|
@@ -649,7 +650,7 @@ module Dependabot
|
|
649
650
|
# Reject any nested child gemspecs/vendored git dependencies
|
650
651
|
root_files = files.map(&:name).
|
651
652
|
select { |p| Pathname.new(p).dirname.to_s == "." }
|
652
|
-
return true if root_files.
|
653
|
+
return true if root_files.any? { |nm| nm.end_with?(".gemspec") }
|
653
654
|
|
654
655
|
dependencies.any? { |d| d.humanized_previous_version.nil? }
|
655
656
|
end
|
@@ -68,33 +68,11 @@ module Dependabot
|
|
68
68
|
source.repo,
|
69
69
|
merge_request.source_branch,
|
70
70
|
commit_being_updated.title,
|
71
|
-
|
71
|
+
files,
|
72
72
|
force: true,
|
73
73
|
start_branch: merge_request.target_branch
|
74
74
|
)
|
75
75
|
end
|
76
|
-
|
77
|
-
def file_actions
|
78
|
-
files.map do |file|
|
79
|
-
{
|
80
|
-
action: file_action(file),
|
81
|
-
file_path: file.type == "symlink" ? file.symlink_target : file.path,
|
82
|
-
content: file.content,
|
83
|
-
encoding: file.content_encoding
|
84
|
-
}
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
# @param [DependencyFile] file
|
89
|
-
def file_action(file)
|
90
|
-
if file.operation == Dependabot::DependencyFile::Operation::DELETE
|
91
|
-
"delete"
|
92
|
-
elsif file.operation == Dependabot::DependencyFile::Operation::CREATE
|
93
|
-
"create"
|
94
|
-
else
|
95
|
-
"update"
|
96
|
-
end
|
97
|
-
end
|
98
76
|
end
|
99
77
|
end
|
100
78
|
end
|
@@ -17,7 +17,7 @@ require "dependabot"
|
|
17
17
|
|
18
18
|
module Dependabot
|
19
19
|
module SharedHelpers
|
20
|
-
GIT_CONFIG_GLOBAL_PATH = File.expand_path("
|
20
|
+
GIT_CONFIG_GLOBAL_PATH = File.expand_path(".gitconfig", Utils::BUMP_TMP_DIR_PATH)
|
21
21
|
USER_AGENT = "dependabot-core/#{Dependabot::VERSION} " \
|
22
22
|
"#{Excon::USER_AGENT} ruby/#{RUBY_VERSION} " \
|
23
23
|
"(#{RUBY_PLATFORM}) " \
|
@@ -182,13 +182,23 @@ module Dependabot
|
|
182
182
|
end
|
183
183
|
|
184
184
|
def self.with_git_configured(credentials:)
|
185
|
-
|
186
|
-
|
187
|
-
|
185
|
+
safe_directories = find_safe_directories
|
186
|
+
|
187
|
+
FileUtils.mkdir_p(Utils::BUMP_TMP_DIR_PATH)
|
188
|
+
|
189
|
+
previous_config = ENV.fetch("GIT_CONFIG_GLOBAL", nil)
|
190
|
+
|
191
|
+
begin
|
192
|
+
ENV["GIT_CONFIG_GLOBAL"] = GIT_CONFIG_GLOBAL_PATH
|
193
|
+
configure_git_to_use_https_with_credentials(credentials, safe_directories)
|
194
|
+
yield
|
195
|
+
ensure
|
196
|
+
ENV["GIT_CONFIG_GLOBAL"] = previous_config
|
197
|
+
end
|
188
198
|
rescue Errno::ENOSPC => e
|
189
199
|
raise Dependabot::OutOfDisk, e.message
|
190
200
|
ensure
|
191
|
-
|
201
|
+
FileUtils.rm_f(GIT_CONFIG_GLOBAL_PATH)
|
192
202
|
end
|
193
203
|
|
194
204
|
# Handle SCP-style git URIs
|
@@ -221,7 +231,6 @@ module Dependabot
|
|
221
231
|
)
|
222
232
|
|
223
233
|
# see https://github.blog/2022-04-12-git-security-vulnerability-announced/
|
224
|
-
safe_directories ||= []
|
225
234
|
safe_directories.each do |path|
|
226
235
|
run_shell_command("git config --global --add safe.directory #{path}")
|
227
236
|
end
|
@@ -296,30 +305,12 @@ module Dependabot
|
|
296
305
|
end
|
297
306
|
end
|
298
307
|
|
299
|
-
def self.
|
300
|
-
return unless File.exist?(GIT_CONFIG_GLOBAL_PATH)
|
301
|
-
|
302
|
-
contents = File.read(GIT_CONFIG_GLOBAL_PATH)
|
303
|
-
digest = Digest::SHA2.hexdigest(contents)[0...10]
|
304
|
-
backup_path = GIT_CONFIG_GLOBAL_PATH + ".backup-#{digest}"
|
305
|
-
|
308
|
+
def self.find_safe_directories
|
306
309
|
# to preserve safe directories from global .gitconfig
|
307
310
|
output, process = Open3.capture2("git config --global --get-all safe.directory")
|
308
311
|
safe_directories = []
|
309
312
|
safe_directories = output.split("\n").compact if process.success?
|
310
|
-
|
311
|
-
FileUtils.mv(GIT_CONFIG_GLOBAL_PATH, backup_path)
|
312
|
-
[backup_path, safe_directories]
|
313
|
-
end
|
314
|
-
|
315
|
-
def self.reset_global_git_config(backup_path)
|
316
|
-
if backup_path.nil?
|
317
|
-
FileUtils.rm(GIT_CONFIG_GLOBAL_PATH)
|
318
|
-
return
|
319
|
-
end
|
320
|
-
return unless File.exist?(backup_path)
|
321
|
-
|
322
|
-
FileUtils.mv(backup_path, GIT_CONFIG_GLOBAL_PATH)
|
313
|
+
safe_directories
|
323
314
|
end
|
324
315
|
|
325
316
|
def self.run_shell_command(command,
|
data/lib/dependabot/utils.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "tmpdir"
|
3
4
|
require "set"
|
4
5
|
|
5
6
|
# TODO: in due course, these "registries" should live in a wrapper gem, not
|
@@ -7,7 +8,7 @@ require "set"
|
|
7
8
|
module Dependabot
|
8
9
|
module Utils
|
9
10
|
BUMP_TMP_FILE_PREFIX = "dependabot_"
|
10
|
-
BUMP_TMP_DIR_PATH = "tmp"
|
11
|
+
BUMP_TMP_DIR_PATH = File.expand_path(Dir::Tmpname.create("", "tmp") { nil })
|
11
12
|
|
12
13
|
@version_classes = {}
|
13
14
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.228.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-codecommit
|
@@ -332,14 +332,14 @@ dependencies:
|
|
332
332
|
requirements:
|
333
333
|
- - "~>"
|
334
334
|
- !ruby/object:Gem::Version
|
335
|
-
version: 1.
|
335
|
+
version: 1.56.0
|
336
336
|
type: :development
|
337
337
|
prerelease: false
|
338
338
|
version_requirements: !ruby/object:Gem::Requirement
|
339
339
|
requirements:
|
340
340
|
- - "~>"
|
341
341
|
- !ruby/object:Gem::Version
|
342
|
-
version: 1.
|
342
|
+
version: 1.56.0
|
343
343
|
- !ruby/object:Gem::Dependency
|
344
344
|
name: rubocop-performance
|
345
345
|
requirement: !ruby/object:Gem::Requirement
|
@@ -486,7 +486,7 @@ licenses:
|
|
486
486
|
- Nonstandard
|
487
487
|
metadata:
|
488
488
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
489
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
489
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.228.0
|
490
490
|
post_install_message:
|
491
491
|
rdoc_options: []
|
492
492
|
require_paths:
|