dependabot-common 0.235.0 → 0.236.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +15 -3
- data/lib/dependabot/config/file_fetcher.rb +3 -3
- data/lib/dependabot/config/ignore_condition.rb +34 -8
- data/lib/dependabot/config/update_config.rb +19 -1
- data/lib/dependabot/config.rb +1 -1
- data/lib/dependabot/dependency_file.rb +5 -0
- data/lib/dependabot/file_fetchers/base.rb +25 -2
- data/lib/dependabot/file_updaters/artifact_updater.rb +37 -10
- data/lib/dependabot/file_updaters/vendor_updater.rb +13 -3
- data/lib/dependabot/logger.rb +7 -2
- data/lib/dependabot/pull_request_creator/commit_signer.rb +33 -7
- data/lib/dependabot/pull_request_creator/github.rb +2 -2
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +1 -1
- data/lib/dependabot/pull_request_creator/message_builder.rb +5 -18
- data/lib/dependabot/pull_request_updater/github.rb +2 -2
- data/lib/dependabot.rb +1 -1
- metadata +17 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 945c135096f005a7d416b56d1e8f9e6b91e1a02b0590758887eba5a110fb5b19
|
|
4
|
+
data.tar.gz: 0cc101754418b3b1aa682c273e5c6ed2fa72b796d72a9b4d30b3c0f0aa41c39b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 76e41c5707a11e8a5b17df8fa71fc81a4ebbf1a3fd71469931d84cebe1573588afa6605751af2a65c849884bcdf0dd79b5bc4a1d63b9ac69d39466cf8a4b952e
|
|
7
|
+
data.tar.gz: 53204ad41f102502301e483b3175280673849b0ab0d530b8458aa77289251dfaf287f9ee051e90bd5b39722a7b25a2993e8a49aa15c03982e82990df475fd9dd
|
|
@@ -2,11 +2,14 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/config/update_config"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Config
|
|
8
9
|
# Configuration for the repository, a parsed dependabot.yaml.
|
|
9
10
|
class File
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
10
13
|
attr_reader :updates, :registries
|
|
11
14
|
|
|
12
15
|
def initialize(updates:, registries: nil)
|
|
@@ -14,6 +17,10 @@ module Dependabot
|
|
|
14
17
|
@registries = registries || []
|
|
15
18
|
end
|
|
16
19
|
|
|
20
|
+
sig do
|
|
21
|
+
params(package_manager: String, directory: T.nilable(String), target_branch: T.nilable(String))
|
|
22
|
+
.returns(UpdateConfig)
|
|
23
|
+
end
|
|
17
24
|
def update_config(package_manager, directory: nil, target_branch: nil)
|
|
18
25
|
dir = directory || "/"
|
|
19
26
|
package_ecosystem = PACKAGE_MANAGER_LOOKUP.invert.fetch(package_manager)
|
|
@@ -21,13 +28,14 @@ module Dependabot
|
|
|
21
28
|
u[:"package-ecosystem"] == package_ecosystem && u[:directory] == dir &&
|
|
22
29
|
(target_branch.nil? || u[:"target-branch"] == target_branch)
|
|
23
30
|
end
|
|
24
|
-
|
|
31
|
+
UpdateConfig.new(
|
|
25
32
|
ignore_conditions: ignore_conditions(cfg),
|
|
26
33
|
commit_message_options: commit_message_options(cfg)
|
|
27
34
|
)
|
|
28
35
|
end
|
|
29
36
|
|
|
30
37
|
# Parse the YAML config file
|
|
38
|
+
sig { params(config: String).returns(File) }
|
|
31
39
|
def self.parse(config)
|
|
32
40
|
parsed = YAML.safe_load(config, symbolize_names: true)
|
|
33
41
|
version = parsed[:version]
|
|
@@ -58,10 +66,11 @@ module Dependabot
|
|
|
58
66
|
"terraform" => "terraform"
|
|
59
67
|
}.freeze
|
|
60
68
|
|
|
69
|
+
sig { params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(T::Array[IgnoreCondition]) }
|
|
61
70
|
def ignore_conditions(cfg)
|
|
62
71
|
ignores = cfg&.dig(:ignore) || []
|
|
63
72
|
ignores.map do |ic|
|
|
64
|
-
|
|
73
|
+
IgnoreCondition.new(
|
|
65
74
|
dependency_name: ic[:"dependency-name"],
|
|
66
75
|
versions: ic[:versions],
|
|
67
76
|
update_types: ic[:"update-types"]
|
|
@@ -69,9 +78,12 @@ module Dependabot
|
|
|
69
78
|
end
|
|
70
79
|
end
|
|
71
80
|
|
|
81
|
+
sig do
|
|
82
|
+
params(cfg: T.nilable(T::Hash[Symbol, T.untyped])).returns(UpdateConfig::CommitMessageOptions)
|
|
83
|
+
end
|
|
72
84
|
def commit_message_options(cfg)
|
|
73
85
|
commit_message = cfg&.dig(:"commit-message") || {}
|
|
74
|
-
|
|
86
|
+
UpdateConfig::CommitMessageOptions.new(
|
|
75
87
|
prefix: commit_message[:prefix],
|
|
76
88
|
prefix_development: commit_message[:"prefix-development"] || commit_message[:prefix],
|
|
77
89
|
include: commit_message[:include]
|
|
@@ -6,7 +6,7 @@ require "dependabot/config/file"
|
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
8
|
module Config
|
|
9
|
-
class FileFetcher <
|
|
9
|
+
class FileFetcher < FileFetchers::Base
|
|
10
10
|
CONFIG_FILE_PATHS = %w(.github/dependabot.yml .github/dependabot.yaml).freeze
|
|
11
11
|
|
|
12
12
|
def self.required_files_in?(filenames)
|
|
@@ -35,13 +35,13 @@ module Dependabot
|
|
|
35
35
|
fetched_files << config_file
|
|
36
36
|
break
|
|
37
37
|
end
|
|
38
|
-
rescue
|
|
38
|
+
rescue DependencyFileNotFound
|
|
39
39
|
next
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
unless self.class.required_files_in?(fetched_files.map(&:name))
|
|
44
|
-
raise
|
|
44
|
+
raise DependencyFileNotFound.new(nil, self.class.required_files_message)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
fetched_files
|
|
@@ -1,24 +1,43 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
module Dependabot
|
|
5
7
|
module Config
|
|
6
8
|
# Filters versions that should not be considered for dependency updates
|
|
7
9
|
class IgnoreCondition
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
8
12
|
PATCH_VERSION_TYPE = "version-update:semver-patch"
|
|
9
13
|
MINOR_VERSION_TYPE = "version-update:semver-minor"
|
|
10
14
|
MAJOR_VERSION_TYPE = "version-update:semver-major"
|
|
11
15
|
|
|
12
16
|
ALL_VERSIONS = ">= 0"
|
|
13
17
|
|
|
14
|
-
|
|
18
|
+
sig { returns(String) }
|
|
19
|
+
attr_reader :dependency_name
|
|
20
|
+
|
|
21
|
+
sig { returns(T::Array[String]) }
|
|
22
|
+
attr_reader :versions
|
|
15
23
|
|
|
24
|
+
sig { returns(T::Array[String]) }
|
|
25
|
+
attr_reader :update_types
|
|
26
|
+
|
|
27
|
+
sig do
|
|
28
|
+
params(
|
|
29
|
+
dependency_name: String,
|
|
30
|
+
versions: T.any(NilClass, T::Array[String]),
|
|
31
|
+
update_types: T.any(NilClass, T::Array[String])
|
|
32
|
+
).void
|
|
33
|
+
end
|
|
16
34
|
def initialize(dependency_name:, versions: nil, update_types: nil)
|
|
17
|
-
@dependency_name = dependency_name
|
|
18
|
-
@versions = versions || []
|
|
19
|
-
@update_types = update_types || []
|
|
35
|
+
@dependency_name = T.let(dependency_name, String)
|
|
36
|
+
@versions = T.let(versions || [], T::Array[String])
|
|
37
|
+
@update_types = T.let(update_types || [], T::Array[String])
|
|
20
38
|
end
|
|
21
39
|
|
|
40
|
+
sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
|
|
22
41
|
def ignored_versions(dependency, security_updates_only)
|
|
23
42
|
return versions if security_updates_only
|
|
24
43
|
return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
|
|
@@ -28,10 +47,12 @@ module Dependabot
|
|
|
28
47
|
|
|
29
48
|
private
|
|
30
49
|
|
|
50
|
+
sig { returns(T::Array[String]) }
|
|
31
51
|
def transformed_update_types
|
|
32
52
|
update_types.map(&:downcase).filter_map(&:strip)
|
|
33
53
|
end
|
|
34
54
|
|
|
55
|
+
sig { params(dependency: Dependency).returns(T::Array[T.untyped]) }
|
|
35
56
|
def versions_by_type(dependency)
|
|
36
57
|
version = correct_version_for(dependency)
|
|
37
58
|
return [] unless version
|
|
@@ -52,9 +73,10 @@ module Dependabot
|
|
|
52
73
|
end.compact
|
|
53
74
|
end
|
|
54
75
|
|
|
76
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
55
77
|
def ignore_patch(version)
|
|
56
78
|
parts = version.split(".")
|
|
57
|
-
version_parts = parts.fill(0, parts.length...2)
|
|
79
|
+
version_parts = parts.fill("0", parts.length...2)
|
|
58
80
|
upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
|
|
59
81
|
lower_bound = "> #{version}"
|
|
60
82
|
upper_bound = "< #{upper_parts.join('.')}"
|
|
@@ -62,9 +84,10 @@ module Dependabot
|
|
|
62
84
|
["#{lower_bound}, #{upper_bound}"]
|
|
63
85
|
end
|
|
64
86
|
|
|
87
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
65
88
|
def ignore_minor(version)
|
|
66
89
|
parts = version.split(".")
|
|
67
|
-
version_parts = parts.fill(0, parts.length...2)
|
|
90
|
+
version_parts = parts.fill("0", parts.length...2)
|
|
68
91
|
lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
|
|
69
92
|
upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
|
|
70
93
|
lower_bound = ">= #{lower_parts.join('.')}"
|
|
@@ -73,6 +96,7 @@ module Dependabot
|
|
|
73
96
|
["#{lower_bound}, #{upper_bound}"]
|
|
74
97
|
end
|
|
75
98
|
|
|
99
|
+
sig { params(version: String).returns(T::Array[String]) }
|
|
76
100
|
def ignore_major(version)
|
|
77
101
|
version_parts = version.split(".")
|
|
78
102
|
lower_parts = [version_parts[0].to_i + 1] + ["a"]
|
|
@@ -81,6 +105,7 @@ module Dependabot
|
|
|
81
105
|
[lower_bound]
|
|
82
106
|
end
|
|
83
107
|
|
|
108
|
+
sig { params(dependency: Dependency).returns(T.nilable(Version)) }
|
|
84
109
|
def correct_version_for(dependency)
|
|
85
110
|
version = dependency.version
|
|
86
111
|
return if version.nil? || version.empty?
|
|
@@ -91,10 +116,11 @@ module Dependabot
|
|
|
91
116
|
version_class.new(version)
|
|
92
117
|
end
|
|
93
118
|
|
|
119
|
+
sig { params(package_manager: String).returns(T.class_of(Version)) }
|
|
94
120
|
def version_class_for(package_manager)
|
|
95
121
|
Utils.version_class_for_package_manager(package_manager)
|
|
96
122
|
rescue StandardError
|
|
97
|
-
|
|
123
|
+
Version
|
|
98
124
|
end
|
|
99
125
|
end
|
|
100
126
|
end
|
|
@@ -2,17 +2,32 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/config/ignore_condition"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
module Config
|
|
8
9
|
# Configuration for a single ecosystem
|
|
9
10
|
class UpdateConfig
|
|
10
|
-
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
sig { returns(T.nilable(CommitMessageOptions)) }
|
|
14
|
+
attr_reader :commit_message_options
|
|
15
|
+
|
|
16
|
+
sig { returns(T::Array[IgnoreCondition]) }
|
|
17
|
+
attr_reader :ignore_conditions
|
|
18
|
+
|
|
19
|
+
sig do
|
|
20
|
+
params(
|
|
21
|
+
ignore_conditions: T.nilable(T::Array[IgnoreCondition]),
|
|
22
|
+
commit_message_options: T.nilable(CommitMessageOptions)
|
|
23
|
+
).void
|
|
24
|
+
end
|
|
11
25
|
def initialize(ignore_conditions: nil, commit_message_options: nil)
|
|
12
26
|
@ignore_conditions = ignore_conditions || []
|
|
13
27
|
@commit_message_options = commit_message_options
|
|
14
28
|
end
|
|
15
29
|
|
|
30
|
+
sig { params(dependency: Dependency, security_updates_only: T::Boolean).returns(T::Array[String]) }
|
|
16
31
|
def ignored_versions_for(dependency, security_updates_only: false)
|
|
17
32
|
normalizer = name_normaliser_for(dependency)
|
|
18
33
|
dep_name = normalizer.call(dependency.name)
|
|
@@ -25,6 +40,7 @@ module Dependabot
|
|
|
25
40
|
.uniq
|
|
26
41
|
end
|
|
27
42
|
|
|
43
|
+
sig { params(wildcard_string: T.nilable(String), candidate_string: T.nilable(String)).returns(T::Boolean) }
|
|
28
44
|
def self.wildcard_match?(wildcard_string, candidate_string)
|
|
29
45
|
return false unless wildcard_string && candidate_string
|
|
30
46
|
|
|
@@ -43,6 +59,8 @@ module Dependabot
|
|
|
43
59
|
end
|
|
44
60
|
|
|
45
61
|
class CommitMessageOptions
|
|
62
|
+
extend T::Sig
|
|
63
|
+
|
|
46
64
|
attr_reader :prefix, :prefix_development, :include
|
|
47
65
|
|
|
48
66
|
def initialize(prefix:, prefix_development:, include:)
|
data/lib/dependabot/config.rb
CHANGED
|
@@ -20,6 +20,11 @@ module Dependabot
|
|
|
20
20
|
DELETE = "delete"
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
+
class Mode
|
|
24
|
+
FILE = "100644"
|
|
25
|
+
SUBMODULE = "160000"
|
|
26
|
+
end
|
|
27
|
+
|
|
23
28
|
def initialize(name:, content:, directory: "/", type: "file",
|
|
24
29
|
support_file: false, vendored_file: false, symlink_target: nil,
|
|
25
30
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
|
@@ -57,6 +57,7 @@ module Dependabot
|
|
|
57
57
|
@credentials = credentials
|
|
58
58
|
@repo_contents_path = repo_contents_path
|
|
59
59
|
@linked_paths = {}
|
|
60
|
+
@submodules = []
|
|
60
61
|
@options = options
|
|
61
62
|
end
|
|
62
63
|
|
|
@@ -100,7 +101,7 @@ module Dependabot
|
|
|
100
101
|
raise Dependabot::OutOfDisk
|
|
101
102
|
end
|
|
102
103
|
|
|
103
|
-
raise Dependabot::RepoNotFound,
|
|
104
|
+
raise Dependabot::RepoNotFound.new(source, e.message)
|
|
104
105
|
end
|
|
105
106
|
|
|
106
107
|
def ecosystem_versions
|
|
@@ -154,7 +155,8 @@ module Dependabot
|
|
|
154
155
|
directory: directory,
|
|
155
156
|
type: type,
|
|
156
157
|
content: content,
|
|
157
|
-
symlink_target: symlink_target
|
|
158
|
+
symlink_target: symlink_target,
|
|
159
|
+
support_file: in_submodule?(path)
|
|
158
160
|
)
|
|
159
161
|
end
|
|
160
162
|
|
|
@@ -185,6 +187,10 @@ module Dependabot
|
|
|
185
187
|
subpaths(path).find { |subpath| @linked_paths.key?(subpath) }
|
|
186
188
|
end
|
|
187
189
|
|
|
190
|
+
def in_submodule?(path)
|
|
191
|
+
subpaths(path.delete_prefix("/")).any? { |subpath| @submodules.include?(subpath) }
|
|
192
|
+
end
|
|
193
|
+
|
|
188
194
|
# Given a "foo/bar/baz" path, returns ["foo", "foo/bar", "foo/bar/baz"]
|
|
189
195
|
def subpaths(path)
|
|
190
196
|
components = path.split("/")
|
|
@@ -633,6 +639,8 @@ module Dependabot
|
|
|
633
639
|
git clone #{clone_options.string} #{source.url} #{path}
|
|
634
640
|
CMD
|
|
635
641
|
)
|
|
642
|
+
|
|
643
|
+
@submodules = find_submodules(path) if recurse_submodules_when_cloning?
|
|
636
644
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
637
645
|
raise unless e.message.match(GIT_SUBMODULE_ERROR_REGEX) && e.message.downcase.include?("submodule")
|
|
638
646
|
|
|
@@ -684,6 +692,21 @@ module Dependabot
|
|
|
684
692
|
bom = (+"\xEF\xBB\xBF").force_encoding(Encoding::BINARY)
|
|
685
693
|
Base64.decode64(str).delete_prefix(bom).force_encoding("UTF-8").encode
|
|
686
694
|
end
|
|
695
|
+
|
|
696
|
+
def find_submodules(path)
|
|
697
|
+
SharedHelpers.run_shell_command(
|
|
698
|
+
<<~CMD
|
|
699
|
+
git -C #{path} ls-files --stage
|
|
700
|
+
CMD
|
|
701
|
+
).split("\n").filter_map do |line|
|
|
702
|
+
info = line.split
|
|
703
|
+
|
|
704
|
+
type = info.first
|
|
705
|
+
path = info.last
|
|
706
|
+
|
|
707
|
+
next path if type == DependencyFile::Mode::SUBMODULE
|
|
708
|
+
end
|
|
709
|
+
end
|
|
687
710
|
end
|
|
688
711
|
end
|
|
689
712
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/dependency_file"
|
|
5
6
|
|
|
6
7
|
# This class provides a utility to check for arbitary modified files within a
|
|
@@ -9,8 +10,12 @@ require "dependabot/dependency_file"
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module FileUpdaters
|
|
11
12
|
class ArtifactUpdater
|
|
13
|
+
extend T::Sig
|
|
14
|
+
extend T::Helpers
|
|
15
|
+
|
|
12
16
|
# @param repo_contents_path [String, nil] the path we cloned the repository into
|
|
13
17
|
# @param target_directory [String, nil] the path within a project directory we should inspect for changes
|
|
18
|
+
sig { params(repo_contents_path: T.nilable(String), target_directory: T.nilable(String)).void }
|
|
14
19
|
def initialize(repo_contents_path:, target_directory:)
|
|
15
20
|
@repo_contents_path = repo_contents_path
|
|
16
21
|
@target_directory = target_directory
|
|
@@ -23,17 +28,24 @@ module Dependabot
|
|
|
23
28
|
# @param only_paths [Array<String>, nil] An optional list of specific paths to check, if this is nil we will
|
|
24
29
|
# return every change we find within the `base_directory`
|
|
25
30
|
# @return [Array<Dependabot::DependencyFile>]
|
|
31
|
+
sig do
|
|
32
|
+
params(base_directory: String, only_paths: T.nilable(T::Array[String]))
|
|
33
|
+
.returns(T::Array[Dependabot::DependencyFile])
|
|
34
|
+
end
|
|
26
35
|
def updated_files(base_directory:, only_paths: nil)
|
|
27
36
|
return [] unless repo_contents_path && target_directory
|
|
28
37
|
|
|
29
|
-
Dir.chdir(repo_contents_path) do
|
|
38
|
+
Dir.chdir(T.must(repo_contents_path)) do
|
|
30
39
|
# rubocop:disable Performance/DeletePrefix
|
|
31
|
-
relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(target_directory)
|
|
40
|
+
relative_dir = Pathname.new(base_directory).sub(%r{\A/}, "").join(T.must(target_directory))
|
|
32
41
|
# rubocop:enable Performance/DeletePrefix
|
|
33
42
|
|
|
34
|
-
status =
|
|
35
|
-
|
|
36
|
-
|
|
43
|
+
status = T.let(
|
|
44
|
+
SharedHelpers.run_shell_command(
|
|
45
|
+
"git status --untracked-files all --porcelain v1 #{relative_dir}",
|
|
46
|
+
fingerprint: "git status --untracked-files all --porcelain v1 <relative_dir>"
|
|
47
|
+
),
|
|
48
|
+
String
|
|
37
49
|
)
|
|
38
50
|
changed_paths = status.split("\n").map(&:split)
|
|
39
51
|
changed_paths.filter_map do |type, path|
|
|
@@ -51,7 +63,7 @@ module Dependabot
|
|
|
51
63
|
operation = Dependabot::DependencyFile::Operation::DELETE if type == "D"
|
|
52
64
|
operation = Dependabot::DependencyFile::Operation::CREATE if type == "??"
|
|
53
65
|
|
|
54
|
-
encoded_content, encoding = get_encoded_file_contents(path, operation)
|
|
66
|
+
encoded_content, encoding = get_encoded_file_contents(T.must(path), operation)
|
|
55
67
|
|
|
56
68
|
create_dependency_file(
|
|
57
69
|
name: file_path.to_s,
|
|
@@ -66,10 +78,19 @@ module Dependabot
|
|
|
66
78
|
|
|
67
79
|
private
|
|
68
80
|
|
|
69
|
-
TEXT_ENCODINGS = %w(us-ascii utf-8).freeze
|
|
81
|
+
TEXT_ENCODINGS = T.let(%w(us-ascii utf-8).freeze, T::Array[String])
|
|
70
82
|
|
|
71
|
-
|
|
83
|
+
sig { returns(T.nilable(String)) }
|
|
84
|
+
attr_reader :repo_contents_path
|
|
85
|
+
sig { returns(T.nilable(String)) }
|
|
86
|
+
attr_reader :target_directory
|
|
72
87
|
|
|
88
|
+
sig do
|
|
89
|
+
params(
|
|
90
|
+
path: String,
|
|
91
|
+
operation: String
|
|
92
|
+
).returns([T.nilable(String), String])
|
|
93
|
+
end
|
|
73
94
|
def get_encoded_file_contents(path, operation)
|
|
74
95
|
encoded_content = nil
|
|
75
96
|
encoding = ""
|
|
@@ -86,6 +107,7 @@ module Dependabot
|
|
|
86
107
|
[encoded_content, encoding]
|
|
87
108
|
end
|
|
88
109
|
|
|
110
|
+
sig { params(path: String).returns(T::Boolean) }
|
|
89
111
|
def binary_file?(path)
|
|
90
112
|
return false unless File.exist?(path)
|
|
91
113
|
|
|
@@ -95,8 +117,13 @@ module Dependabot
|
|
|
95
117
|
!TEXT_ENCODINGS.include?(encoding)
|
|
96
118
|
end
|
|
97
119
|
|
|
120
|
+
sig do
|
|
121
|
+
overridable
|
|
122
|
+
.params(parameters: T::Hash[Symbol, T.untyped])
|
|
123
|
+
.returns(Dependabot::DependencyFile)
|
|
124
|
+
end
|
|
98
125
|
def create_dependency_file(parameters)
|
|
99
|
-
Dependabot::DependencyFile.new(**parameters)
|
|
126
|
+
Dependabot::DependencyFile.new(**T.unsafe(parameters))
|
|
100
127
|
end
|
|
101
128
|
end
|
|
102
129
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/dependency_file"
|
|
5
6
|
require "dependabot/file_updaters/artifact_updater"
|
|
6
7
|
|
|
@@ -13,21 +14,30 @@ require "dependabot/file_updaters/artifact_updater"
|
|
|
13
14
|
module Dependabot
|
|
14
15
|
module FileUpdaters
|
|
15
16
|
class VendorUpdater < ArtifactUpdater
|
|
17
|
+
extend T::Sig
|
|
18
|
+
extend T::Helpers
|
|
19
|
+
|
|
16
20
|
# This provides backwards compatability for anyone who used this class
|
|
17
21
|
# before the base ArtifactUpdater class was introduced and aligns the
|
|
18
22
|
# method's public signatures with it's special-case domain.
|
|
23
|
+
sig { params(repo_contents_path: T.nilable(String), vendor_dir: T.nilable(String)).void }
|
|
19
24
|
def initialize(repo_contents_path:, vendor_dir:)
|
|
20
25
|
@repo_contents_path = repo_contents_path
|
|
21
26
|
@vendor_dir = vendor_dir
|
|
22
27
|
super(repo_contents_path: @repo_contents_path, target_directory: @vendor_dir)
|
|
23
28
|
end
|
|
24
29
|
|
|
25
|
-
|
|
30
|
+
T.unsafe(self).alias_method :updated_vendor_cache_files, :updated_files
|
|
26
31
|
|
|
27
32
|
private
|
|
28
33
|
|
|
34
|
+
sig do
|
|
35
|
+
override
|
|
36
|
+
.params(parameters: T::Hash[Symbol, T.untyped])
|
|
37
|
+
.returns(Dependabot::DependencyFile)
|
|
38
|
+
end
|
|
29
39
|
def create_dependency_file(parameters)
|
|
30
|
-
Dependabot::DependencyFile.new(**parameters.merge({ vendored_file: true }))
|
|
40
|
+
Dependabot::DependencyFile.new(**T.unsafe({ **parameters.merge({ vendored_file: true }) }))
|
|
31
41
|
end
|
|
32
42
|
end
|
|
33
43
|
end
|
data/lib/dependabot/logger.rb
CHANGED
|
@@ -1,13 +1,18 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "logger"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
8
|
+
extend T::Sig
|
|
9
|
+
|
|
10
|
+
sig { returns(::Logger) }
|
|
7
11
|
def self.logger
|
|
8
|
-
@logger ||= Logger.new(nil)
|
|
12
|
+
@logger ||= T.let(::Logger.new(nil), T.nilable(::Logger))
|
|
9
13
|
end
|
|
10
14
|
|
|
15
|
+
sig { params(logger: ::Logger).void }
|
|
11
16
|
def self.logger=(logger)
|
|
12
17
|
@logger = logger
|
|
13
18
|
end
|
|
@@ -1,16 +1,40 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "time"
|
|
5
5
|
require "tmpdir"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
require "dependabot/pull_request_creator"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
class PullRequestCreator
|
|
10
11
|
class CommitSigner
|
|
11
|
-
|
|
12
|
-
:signature_key
|
|
12
|
+
extend T::Sig
|
|
13
13
|
|
|
14
|
+
sig { returns(T::Hash[Symbol, String]) }
|
|
15
|
+
attr_reader :author_details
|
|
16
|
+
|
|
17
|
+
sig { returns(String) }
|
|
18
|
+
attr_reader :commit_message
|
|
19
|
+
|
|
20
|
+
sig { returns(String) }
|
|
21
|
+
attr_reader :tree_sha
|
|
22
|
+
|
|
23
|
+
sig { returns(String) }
|
|
24
|
+
attr_reader :parent_sha
|
|
25
|
+
|
|
26
|
+
sig { returns(String) }
|
|
27
|
+
attr_reader :signature_key
|
|
28
|
+
|
|
29
|
+
sig do
|
|
30
|
+
params(
|
|
31
|
+
author_details: T::Hash[Symbol, String],
|
|
32
|
+
commit_message: String,
|
|
33
|
+
tree_sha: String,
|
|
34
|
+
parent_sha: String,
|
|
35
|
+
signature_key: String
|
|
36
|
+
).void
|
|
37
|
+
end
|
|
14
38
|
def initialize(author_details:, commit_message:, tree_sha:, parent_sha:,
|
|
15
39
|
signature_key:)
|
|
16
40
|
@author_details = author_details
|
|
@@ -20,6 +44,7 @@ module Dependabot
|
|
|
20
44
|
@signature_key = signature_key
|
|
21
45
|
end
|
|
22
46
|
|
|
47
|
+
sig { returns(String) }
|
|
23
48
|
def signature
|
|
24
49
|
begin
|
|
25
50
|
require "gpgme"
|
|
@@ -39,20 +64,21 @@ module Dependabot
|
|
|
39
64
|
opts = { mode: GPGME::SIG_MODE_DETACH, signer: email }
|
|
40
65
|
crypto.sign(commit_object, opts).to_s
|
|
41
66
|
rescue Errno::ENOTEMPTY
|
|
42
|
-
FileUtils.remove_entry(dir, true)
|
|
67
|
+
FileUtils.remove_entry(T.must(dir), true)
|
|
43
68
|
# This appears to be a Ruby bug which occurs very rarely
|
|
44
69
|
raise if @retrying
|
|
45
70
|
|
|
46
|
-
@retrying = true
|
|
71
|
+
@retrying = T.let(true, T.nilable(T::Boolean))
|
|
47
72
|
retry
|
|
48
73
|
ensure
|
|
49
|
-
FileUtils.remove_entry(dir, true)
|
|
74
|
+
FileUtils.remove_entry(T.must(dir), true)
|
|
50
75
|
end
|
|
51
76
|
|
|
52
77
|
private
|
|
53
78
|
|
|
79
|
+
sig { returns(String) }
|
|
54
80
|
def commit_object
|
|
55
|
-
time_str = Time.parse(author_details[:date]).strftime("%s %z")
|
|
81
|
+
time_str = Time.parse(T.must(author_details[:date])).strftime("%s %z")
|
|
56
82
|
name = author_details[:name]
|
|
57
83
|
email = author_details[:email]
|
|
58
84
|
|
|
@@ -189,7 +189,7 @@ module Dependabot
|
|
|
189
189
|
if file.type == "submodule"
|
|
190
190
|
{
|
|
191
191
|
path: file.path.sub(%r{^/}, ""),
|
|
192
|
-
mode:
|
|
192
|
+
mode: Dependabot::DependencyFile::Mode::SUBMODULE,
|
|
193
193
|
type: "commit",
|
|
194
194
|
sha: file.content
|
|
195
195
|
}
|
|
@@ -207,7 +207,7 @@ module Dependabot
|
|
|
207
207
|
|
|
208
208
|
{
|
|
209
209
|
path: file.realpath,
|
|
210
|
-
mode: (file.mode ||
|
|
210
|
+
mode: (file.mode || Dependabot::DependencyFile::Mode::FILE),
|
|
211
211
|
type: "blob"
|
|
212
212
|
}.merge(content)
|
|
213
213
|
end
|
|
@@ -59,20 +59,11 @@ module Dependabot
|
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def pr_message
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
"#{metadata_cascades}" \
|
|
68
|
-
"#{ignore_conditions_table}" \
|
|
69
|
-
"#{prefixed_pr_message_footer}"
|
|
70
|
-
else
|
|
71
|
-
"#{suffixed_pr_message_header}" \
|
|
72
|
-
"#{commit_message_intro}" \
|
|
73
|
-
"#{metadata_cascades}" \
|
|
74
|
-
"#{prefixed_pr_message_footer}"
|
|
75
|
-
end
|
|
62
|
+
msg = "#{suffixed_pr_message_header}" \
|
|
63
|
+
"#{commit_message_intro}" \
|
|
64
|
+
"#{metadata_cascades}" \
|
|
65
|
+
"#{ignore_conditions_table}" \
|
|
66
|
+
"#{prefixed_pr_message_footer}"
|
|
76
67
|
|
|
77
68
|
truncate_pr_message(msg)
|
|
78
69
|
rescue StandardError => e
|
|
@@ -80,10 +71,6 @@ module Dependabot
|
|
|
80
71
|
suffixed_pr_message_header + prefixed_pr_message_footer
|
|
81
72
|
end
|
|
82
73
|
|
|
83
|
-
def unignore_commands?
|
|
84
|
-
Experiments.enabled?(:unignore_commands)
|
|
85
|
-
end
|
|
86
|
-
|
|
87
74
|
# Truncate PR message as determined by the pr_message_max_length and pr_message_encoding instance variables
|
|
88
75
|
# The encoding is used when calculating length, all messages are returned as ruby UTF_8 encoded string
|
|
89
76
|
def truncate_pr_message(msg)
|
|
@@ -128,7 +128,7 @@ module Dependabot
|
|
|
128
128
|
if file.type == "submodule"
|
|
129
129
|
{
|
|
130
130
|
path: file.path.sub(%r{^/}, ""),
|
|
131
|
-
mode:
|
|
131
|
+
mode: Dependabot::DependencyFile::Mode::SUBMODULE,
|
|
132
132
|
type: "commit",
|
|
133
133
|
sha: file.content
|
|
134
134
|
}
|
|
@@ -146,7 +146,7 @@ module Dependabot
|
|
|
146
146
|
|
|
147
147
|
{
|
|
148
148
|
path: file.realpath,
|
|
149
|
-
mode:
|
|
149
|
+
mode: Dependabot::DependencyFile::Mode::FILE,
|
|
150
150
|
type: "blob"
|
|
151
151
|
}.merge(content)
|
|
152
152
|
end
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.236.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-10-
|
|
11
|
+
date: 2023-10-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|
|
@@ -188,6 +188,20 @@ dependencies:
|
|
|
188
188
|
- - "<"
|
|
189
189
|
- !ruby/object:Gem::Version
|
|
190
190
|
version: '7.0'
|
|
191
|
+
- !ruby/object:Gem::Dependency
|
|
192
|
+
name: opentelemetry-sdk
|
|
193
|
+
requirement: !ruby/object:Gem::Requirement
|
|
194
|
+
requirements:
|
|
195
|
+
- - "~>"
|
|
196
|
+
- !ruby/object:Gem::Version
|
|
197
|
+
version: '1.3'
|
|
198
|
+
type: :runtime
|
|
199
|
+
prerelease: false
|
|
200
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
201
|
+
requirements:
|
|
202
|
+
- - "~>"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: '1.3'
|
|
191
205
|
- !ruby/object:Gem::Dependency
|
|
192
206
|
name: parser
|
|
193
207
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -514,7 +528,7 @@ licenses:
|
|
|
514
528
|
- Nonstandard
|
|
515
529
|
metadata:
|
|
516
530
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
517
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
531
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
|
|
518
532
|
post_install_message:
|
|
519
533
|
rdoc_options: []
|
|
520
534
|
require_paths:
|