dependabot-common 0.239.0 → 0.240.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file_fetcher.rb +11 -4
- data/lib/dependabot/dependency.rb +2 -2
- data/lib/dependabot/dependency_file.rb +4 -10
- data/lib/dependabot/file_fetchers/base.rb +20 -8
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +32 -6
- data/lib/dependabot/pull_request_creator/branch_namer.rb +2 -2
- data/lib/dependabot/pull_request_creator/labeler.rb +116 -36
- data/lib/dependabot/pull_request_creator.rb +151 -17
- data/lib/dependabot/pull_request_updater.rb +50 -3
- data/lib/dependabot/registry_client.rb +26 -4
- data/lib/dependabot/version.rb +57 -3
- data/lib/dependabot/workspace/git.rb +27 -7
- data/lib/dependabot.rb +1 -1
- metadata +19 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c5411b63b39f43e2f41b430d63a0c105d3c8db50e355d3e0fb7b95c37350acc0
|
|
4
|
+
data.tar.gz: 1dc6db6e42d21fd8626dd06b46b355230db571d061940b358be515804987dec9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 52447502758cd700e913e169bfadb0ad92587e988b5a2086ae77fe01e4ae7a09a985ad2c07b91c6a8ac09f5b2016d15c256f67d698f32bbc45a9b9d271dee489
|
|
7
|
+
data.tar.gz: 325168ff256723e4d503dcba9818bdf11a969e778edccbbf28882cc560ea67f7eeeb68b5e54e843409abaa19d5f9010f027e929c4f1c827619ca8efd50257093
|
|
@@ -1,30 +1,37 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/file_fetchers/base"
|
|
5
6
|
require "dependabot/config/file"
|
|
6
7
|
|
|
7
8
|
module Dependabot
|
|
8
9
|
module Config
|
|
9
10
|
class FileFetcher < FileFetchers::Base
|
|
10
|
-
|
|
11
|
+
extend T::Sig
|
|
11
12
|
|
|
13
|
+
CONFIG_FILE_PATHS = T.let(%w(.github/dependabot.yml .github/dependabot.yaml).freeze, T::Array[String])
|
|
14
|
+
|
|
15
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
12
16
|
def self.required_files_in?(filenames)
|
|
13
17
|
CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
|
|
14
18
|
end
|
|
15
19
|
|
|
20
|
+
sig { override.returns(String) }
|
|
16
21
|
def self.required_files_message
|
|
17
22
|
"Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
|
|
18
23
|
end
|
|
19
24
|
|
|
25
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
20
26
|
def config_file
|
|
21
|
-
@config_file ||= files.first
|
|
27
|
+
@config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
|
|
22
28
|
end
|
|
23
29
|
|
|
24
30
|
private
|
|
25
31
|
|
|
32
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
|
26
33
|
def fetch_files
|
|
27
|
-
fetched_files = []
|
|
34
|
+
fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
28
35
|
|
|
29
36
|
CONFIG_FILE_PATHS.each do |file|
|
|
30
37
|
fn = Pathname.new("/#{file}").relative_path_from(directory)
|
|
@@ -143,7 +143,7 @@ module Dependabot
|
|
|
143
143
|
def numeric_version
|
|
144
144
|
return unless version && version_class.correct?(version)
|
|
145
145
|
|
|
146
|
-
@numeric_version ||= T.let(version_class.new(version), T.nilable(Dependabot::Version))
|
|
146
|
+
@numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
|
|
147
147
|
end
|
|
148
148
|
|
|
149
149
|
sig { returns(T::Hash[String, T.untyped]) }
|
|
@@ -300,7 +300,7 @@ module Dependabot
|
|
|
300
300
|
requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
|
|
301
301
|
end
|
|
302
302
|
|
|
303
|
-
sig { returns(T.class_of(
|
|
303
|
+
sig { returns(T.class_of(Dependabot::Requirement)) }
|
|
304
304
|
def requirement_class
|
|
305
305
|
Utils.requirement_class_for_package_manager(package_manager)
|
|
306
306
|
end
|
|
@@ -14,6 +14,8 @@ module Dependabot
|
|
|
14
14
|
sig { returns(T.nilable(String)) }
|
|
15
15
|
attr_accessor :content
|
|
16
16
|
|
|
17
|
+
# This is the directory of the job source, not the directory of the file itself.
|
|
18
|
+
# The name actually contains the relative path from the job directory.
|
|
17
19
|
sig { returns(String) }
|
|
18
20
|
attr_accessor :directory
|
|
19
21
|
|
|
@@ -38,11 +40,6 @@ module Dependabot
|
|
|
38
40
|
sig { returns(T.nilable(String)) }
|
|
39
41
|
attr_accessor :mode
|
|
40
42
|
|
|
41
|
-
# The directory that this file was fetched for. This is useful for multi-directory
|
|
42
|
-
# updates, where a set of files that are related to each other are updated together.
|
|
43
|
-
sig { returns(T.nilable(String)) }
|
|
44
|
-
attr_accessor :job_directory
|
|
45
|
-
|
|
46
43
|
class ContentEncoding
|
|
47
44
|
UTF_8 = "utf-8"
|
|
48
45
|
BASE64 = "base64"
|
|
@@ -71,15 +68,14 @@ module Dependabot
|
|
|
71
68
|
content_encoding: String,
|
|
72
69
|
deleted: T::Boolean,
|
|
73
70
|
operation: String,
|
|
74
|
-
mode: T.nilable(String)
|
|
75
|
-
job_directory: T.nilable(String)
|
|
71
|
+
mode: T.nilable(String)
|
|
76
72
|
)
|
|
77
73
|
.void
|
|
78
74
|
end
|
|
79
75
|
def initialize(name:, content:, directory: "/", type: "file",
|
|
80
76
|
support_file: false, vendored_file: false, symlink_target: nil,
|
|
81
77
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
|
82
|
-
operation: Operation::UPDATE, mode: nil
|
|
78
|
+
operation: Operation::UPDATE, mode: nil)
|
|
83
79
|
@name = name
|
|
84
80
|
@content = content
|
|
85
81
|
@directory = T.let(clean_directory(directory), String)
|
|
@@ -88,7 +84,6 @@ module Dependabot
|
|
|
88
84
|
@vendored_file = vendored_file
|
|
89
85
|
@content_encoding = content_encoding
|
|
90
86
|
@operation = operation
|
|
91
|
-
@job_directory = job_directory
|
|
92
87
|
|
|
93
88
|
# Make deleted override the operation. Deleted is kept when operation
|
|
94
89
|
# was introduced to keep compatibility with downstream dependants.
|
|
@@ -127,7 +122,6 @@ module Dependabot
|
|
|
127
122
|
"mode" => mode
|
|
128
123
|
}
|
|
129
124
|
|
|
130
|
-
details["job_directory"] = job_directory if job_directory
|
|
131
125
|
details["symlink_target"] = symlink_target if symlink_target
|
|
132
126
|
details
|
|
133
127
|
end
|
|
@@ -52,11 +52,15 @@ module Dependabot
|
|
|
52
52
|
/^fatal: clone of '(?<url>.*)' into submodule path '.*' failed$/
|
|
53
53
|
GIT_SUBMODULE_ERROR_REGEX = /(#{GIT_SUBMODULE_INACCESSIBLE_ERROR})|(#{GIT_SUBMODULE_CLONE_ERROR})/
|
|
54
54
|
|
|
55
|
-
sig {
|
|
56
|
-
def self.required_files_in?(filenames)
|
|
55
|
+
sig { overridable.params(filenames: T::Array[String]).returns(T::Boolean) }
|
|
56
|
+
def self.required_files_in?(filenames)
|
|
57
|
+
filenames.any?
|
|
58
|
+
end
|
|
57
59
|
|
|
58
|
-
sig {
|
|
59
|
-
def self.required_files_message
|
|
60
|
+
sig { overridable.returns(String) }
|
|
61
|
+
def self.required_files_message
|
|
62
|
+
"Required files are missing from configured directory"
|
|
63
|
+
end
|
|
60
64
|
|
|
61
65
|
# Creates a new FileFetcher for retrieving `DependencyFile`s.
|
|
62
66
|
#
|
|
@@ -85,6 +89,8 @@ module Dependabot
|
|
|
85
89
|
@linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
|
|
86
90
|
@submodules = T.let([], T::Array[T.untyped])
|
|
87
91
|
@options = options
|
|
92
|
+
|
|
93
|
+
@files = T.let([], T::Array[DependencyFile])
|
|
88
94
|
end
|
|
89
95
|
|
|
90
96
|
sig { returns(String) }
|
|
@@ -104,10 +110,16 @@ module Dependabot
|
|
|
104
110
|
|
|
105
111
|
sig { returns(T::Array[DependencyFile]) }
|
|
106
112
|
def files
|
|
107
|
-
@files
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
)
|
|
113
|
+
return @files if @files.any?
|
|
114
|
+
|
|
115
|
+
files = fetch_files.compact
|
|
116
|
+
raise Dependabot::DependencyFileNotFound.new(nil, "No files found in #{directory}") unless files.any?
|
|
117
|
+
|
|
118
|
+
unless self.class.required_files_in?(files.map(&:name))
|
|
119
|
+
raise DependencyFileNotFound.new(nil, self.class.required_files_message)
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
@files = files
|
|
111
123
|
end
|
|
112
124
|
|
|
113
125
|
sig { abstract.returns(T::Array[DependencyFile]) }
|
|
@@ -1,14 +1,30 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/pull_request_creator/branch_namer/base"
|
|
5
6
|
|
|
6
7
|
module Dependabot
|
|
7
8
|
class PullRequestCreator
|
|
8
9
|
class BranchNamer
|
|
9
10
|
class DependencyGroupStrategy < Base
|
|
10
|
-
|
|
11
|
-
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
sig do
|
|
14
|
+
params(
|
|
15
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
16
|
+
files: T::Array[Dependabot::DependencyFile],
|
|
17
|
+
target_branch: String,
|
|
18
|
+
dependency_group: Dependabot::DependencyGroup,
|
|
19
|
+
includes_security_fixes: T::Boolean,
|
|
20
|
+
separator: String,
|
|
21
|
+
prefix: String,
|
|
22
|
+
max_length: T.nilable(Integer)
|
|
23
|
+
)
|
|
24
|
+
.void
|
|
25
|
+
end
|
|
26
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
|
|
27
|
+
separator: "/", prefix: "dependabot", max_length: nil)
|
|
12
28
|
super(
|
|
13
29
|
dependencies: dependencies,
|
|
14
30
|
files: files,
|
|
@@ -22,14 +38,17 @@ module Dependabot
|
|
|
22
38
|
@includes_security_fixes = includes_security_fixes
|
|
23
39
|
end
|
|
24
40
|
|
|
41
|
+
sig { returns(String) }
|
|
25
42
|
def new_branch_name
|
|
26
43
|
sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
|
|
27
44
|
end
|
|
28
45
|
|
|
29
46
|
private
|
|
30
47
|
|
|
48
|
+
sig { returns(Dependabot::DependencyGroup) }
|
|
31
49
|
attr_reader :dependency_group
|
|
32
50
|
|
|
51
|
+
sig { returns(T::Array[String]) }
|
|
33
52
|
def prefixes
|
|
34
53
|
[
|
|
35
54
|
prefix,
|
|
@@ -45,6 +64,7 @@ module Dependabot
|
|
|
45
64
|
#
|
|
46
65
|
# Let's append a short hash digest of the dependency changes so that we can
|
|
47
66
|
# meet this guarantee.
|
|
67
|
+
sig { returns(String) }
|
|
48
68
|
def group_name_with_dependency_digest
|
|
49
69
|
if @includes_security_fixes
|
|
50
70
|
"group-security-#{package_manager}-#{dependency_digest}"
|
|
@@ -53,16 +73,22 @@ module Dependabot
|
|
|
53
73
|
end
|
|
54
74
|
end
|
|
55
75
|
|
|
76
|
+
sig { returns(T.nilable(String)) }
|
|
56
77
|
def dependency_digest
|
|
57
|
-
@dependency_digest ||=
|
|
58
|
-
|
|
59
|
-
|
|
78
|
+
@dependency_digest ||= T.let(
|
|
79
|
+
Digest::MD5.hexdigest(dependencies.map do |dependency|
|
|
80
|
+
"#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
|
|
81
|
+
end.sort.join(",")).slice(0, 10),
|
|
82
|
+
T.nilable(String)
|
|
83
|
+
)
|
|
60
84
|
end
|
|
61
85
|
|
|
86
|
+
sig { returns(String) }
|
|
62
87
|
def package_manager
|
|
63
88
|
T.must(dependencies.first).package_manager
|
|
64
89
|
end
|
|
65
90
|
|
|
91
|
+
sig { returns(String) }
|
|
66
92
|
def directory
|
|
67
93
|
T.must(files.first).directory.tr(" ", "-")
|
|
68
94
|
end
|
|
@@ -49,10 +49,10 @@ module Dependabot
|
|
|
49
49
|
files: files,
|
|
50
50
|
target_branch: target_branch,
|
|
51
51
|
dependency_group: dependency_group,
|
|
52
|
+
includes_security_fixes: includes_security_fixes,
|
|
52
53
|
separator: separator,
|
|
53
54
|
prefix: prefix,
|
|
54
|
-
max_length: max_length
|
|
55
|
-
includes_security_fixes: includes_security_fixes
|
|
55
|
+
max_length: max_length
|
|
56
56
|
)
|
|
57
57
|
end
|
|
58
58
|
end
|