dependabot-common 0.239.0 → 0.240.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file_fetcher.rb +11 -4
- data/lib/dependabot/dependency.rb +2 -2
- data/lib/dependabot/dependency_file.rb +4 -10
- data/lib/dependabot/file_fetchers/base.rb +20 -8
- data/lib/dependabot/pull_request_creator/branch_namer/dependency_group_strategy.rb +32 -6
- data/lib/dependabot/pull_request_creator/branch_namer.rb +2 -2
- data/lib/dependabot/pull_request_creator/labeler.rb +116 -36
- data/lib/dependabot/pull_request_creator.rb +151 -17
- data/lib/dependabot/pull_request_updater.rb +50 -3
- data/lib/dependabot/registry_client.rb +26 -4
- data/lib/dependabot/version.rb +57 -3
- data/lib/dependabot/workspace/git.rb +27 -7
- data/lib/dependabot.rb +1 -1
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c5411b63b39f43e2f41b430d63a0c105d3c8db50e355d3e0fb7b95c37350acc0
|
4
|
+
data.tar.gz: 1dc6db6e42d21fd8626dd06b46b355230db571d061940b358be515804987dec9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 52447502758cd700e913e169bfadb0ad92587e988b5a2086ae77fe01e4ae7a09a985ad2c07b91c6a8ac09f5b2016d15c256f67d698f32bbc45a9b9d271dee489
|
7
|
+
data.tar.gz: 325168ff256723e4d503dcba9818bdf11a969e778edccbbf28882cc560ea67f7eeeb68b5e54e843409abaa19d5f9010f027e929c4f1c827619ca8efd50257093
|
@@ -1,30 +1,37 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "dependabot/file_fetchers/base"
|
5
6
|
require "dependabot/config/file"
|
6
7
|
|
7
8
|
module Dependabot
|
8
9
|
module Config
|
9
10
|
class FileFetcher < FileFetchers::Base
|
10
|
-
|
11
|
+
extend T::Sig
|
11
12
|
|
13
|
+
CONFIG_FILE_PATHS = T.let(%w(.github/dependabot.yml .github/dependabot.yaml).freeze, T::Array[String])
|
14
|
+
|
15
|
+
sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
|
12
16
|
def self.required_files_in?(filenames)
|
13
17
|
CONFIG_FILE_PATHS.any? { |file| filenames.include?(file) }
|
14
18
|
end
|
15
19
|
|
20
|
+
sig { override.returns(String) }
|
16
21
|
def self.required_files_message
|
17
22
|
"Repo must contain either a #{CONFIG_FILE_PATHS.join(' or a ')} file"
|
18
23
|
end
|
19
24
|
|
25
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
20
26
|
def config_file
|
21
|
-
@config_file ||= files.first
|
27
|
+
@config_file ||= T.let(files.first, T.nilable(Dependabot::DependencyFile))
|
22
28
|
end
|
23
29
|
|
24
30
|
private
|
25
31
|
|
32
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
26
33
|
def fetch_files
|
27
|
-
fetched_files = []
|
34
|
+
fetched_files = T.let([], T::Array[Dependabot::DependencyFile])
|
28
35
|
|
29
36
|
CONFIG_FILE_PATHS.each do |file|
|
30
37
|
fn = Pathname.new("/#{file}").relative_path_from(directory)
|
@@ -143,7 +143,7 @@ module Dependabot
|
|
143
143
|
def numeric_version
|
144
144
|
return unless version && version_class.correct?(version)
|
145
145
|
|
146
|
-
@numeric_version ||= T.let(version_class.new(version), T.nilable(Dependabot::Version))
|
146
|
+
@numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
|
147
147
|
end
|
148
148
|
|
149
149
|
sig { returns(T::Hash[String, T.untyped]) }
|
@@ -300,7 +300,7 @@ module Dependabot
|
|
300
300
|
requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
|
301
301
|
end
|
302
302
|
|
303
|
-
sig { returns(T.class_of(
|
303
|
+
sig { returns(T.class_of(Dependabot::Requirement)) }
|
304
304
|
def requirement_class
|
305
305
|
Utils.requirement_class_for_package_manager(package_manager)
|
306
306
|
end
|
@@ -14,6 +14,8 @@ module Dependabot
|
|
14
14
|
sig { returns(T.nilable(String)) }
|
15
15
|
attr_accessor :content
|
16
16
|
|
17
|
+
# This is the directory of the job source, not the directory of the file itself.
|
18
|
+
# The name actually contains the relative path from the job directory.
|
17
19
|
sig { returns(String) }
|
18
20
|
attr_accessor :directory
|
19
21
|
|
@@ -38,11 +40,6 @@ module Dependabot
|
|
38
40
|
sig { returns(T.nilable(String)) }
|
39
41
|
attr_accessor :mode
|
40
42
|
|
41
|
-
# The directory that this file was fetched for. This is useful for multi-directory
|
42
|
-
# updates, where a set of files that are related to each other are updated together.
|
43
|
-
sig { returns(T.nilable(String)) }
|
44
|
-
attr_accessor :job_directory
|
45
|
-
|
46
43
|
class ContentEncoding
|
47
44
|
UTF_8 = "utf-8"
|
48
45
|
BASE64 = "base64"
|
@@ -71,15 +68,14 @@ module Dependabot
|
|
71
68
|
content_encoding: String,
|
72
69
|
deleted: T::Boolean,
|
73
70
|
operation: String,
|
74
|
-
mode: T.nilable(String)
|
75
|
-
job_directory: T.nilable(String)
|
71
|
+
mode: T.nilable(String)
|
76
72
|
)
|
77
73
|
.void
|
78
74
|
end
|
79
75
|
def initialize(name:, content:, directory: "/", type: "file",
|
80
76
|
support_file: false, vendored_file: false, symlink_target: nil,
|
81
77
|
content_encoding: ContentEncoding::UTF_8, deleted: false,
|
82
|
-
operation: Operation::UPDATE, mode: nil
|
78
|
+
operation: Operation::UPDATE, mode: nil)
|
83
79
|
@name = name
|
84
80
|
@content = content
|
85
81
|
@directory = T.let(clean_directory(directory), String)
|
@@ -88,7 +84,6 @@ module Dependabot
|
|
88
84
|
@vendored_file = vendored_file
|
89
85
|
@content_encoding = content_encoding
|
90
86
|
@operation = operation
|
91
|
-
@job_directory = job_directory
|
92
87
|
|
93
88
|
# Make deleted override the operation. Deleted is kept when operation
|
94
89
|
# was introduced to keep compatibility with downstream dependants.
|
@@ -127,7 +122,6 @@ module Dependabot
|
|
127
122
|
"mode" => mode
|
128
123
|
}
|
129
124
|
|
130
|
-
details["job_directory"] = job_directory if job_directory
|
131
125
|
details["symlink_target"] = symlink_target if symlink_target
|
132
126
|
details
|
133
127
|
end
|
@@ -52,11 +52,15 @@ module Dependabot
|
|
52
52
|
/^fatal: clone of '(?<url>.*)' into submodule path '.*' failed$/
|
53
53
|
GIT_SUBMODULE_ERROR_REGEX = /(#{GIT_SUBMODULE_INACCESSIBLE_ERROR})|(#{GIT_SUBMODULE_CLONE_ERROR})/
|
54
54
|
|
55
|
-
sig {
|
56
|
-
def self.required_files_in?(filenames)
|
55
|
+
sig { overridable.params(filenames: T::Array[String]).returns(T::Boolean) }
|
56
|
+
def self.required_files_in?(filenames)
|
57
|
+
filenames.any?
|
58
|
+
end
|
57
59
|
|
58
|
-
sig {
|
59
|
-
def self.required_files_message
|
60
|
+
sig { overridable.returns(String) }
|
61
|
+
def self.required_files_message
|
62
|
+
"Required files are missing from configured directory"
|
63
|
+
end
|
60
64
|
|
61
65
|
# Creates a new FileFetcher for retrieving `DependencyFile`s.
|
62
66
|
#
|
@@ -85,6 +89,8 @@ module Dependabot
|
|
85
89
|
@linked_paths = T.let({}, T::Hash[T.untyped, T.untyped])
|
86
90
|
@submodules = T.let([], T::Array[T.untyped])
|
87
91
|
@options = options
|
92
|
+
|
93
|
+
@files = T.let([], T::Array[DependencyFile])
|
88
94
|
end
|
89
95
|
|
90
96
|
sig { returns(String) }
|
@@ -104,10 +110,16 @@ module Dependabot
|
|
104
110
|
|
105
111
|
sig { returns(T::Array[DependencyFile]) }
|
106
112
|
def files
|
107
|
-
@files
|
108
|
-
|
109
|
-
|
110
|
-
)
|
113
|
+
return @files if @files.any?
|
114
|
+
|
115
|
+
files = fetch_files.compact
|
116
|
+
raise Dependabot::DependencyFileNotFound.new(nil, "No files found in #{directory}") unless files.any?
|
117
|
+
|
118
|
+
unless self.class.required_files_in?(files.map(&:name))
|
119
|
+
raise DependencyFileNotFound.new(nil, self.class.required_files_message)
|
120
|
+
end
|
121
|
+
|
122
|
+
@files = files
|
111
123
|
end
|
112
124
|
|
113
125
|
sig { abstract.returns(T::Array[DependencyFile]) }
|
@@ -1,14 +1,30 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "dependabot/pull_request_creator/branch_namer/base"
|
5
6
|
|
6
7
|
module Dependabot
|
7
8
|
class PullRequestCreator
|
8
9
|
class BranchNamer
|
9
10
|
class DependencyGroupStrategy < Base
|
10
|
-
|
11
|
-
|
11
|
+
extend T::Sig
|
12
|
+
|
13
|
+
sig do
|
14
|
+
params(
|
15
|
+
dependencies: T::Array[Dependabot::Dependency],
|
16
|
+
files: T::Array[Dependabot::DependencyFile],
|
17
|
+
target_branch: String,
|
18
|
+
dependency_group: Dependabot::DependencyGroup,
|
19
|
+
includes_security_fixes: T::Boolean,
|
20
|
+
separator: String,
|
21
|
+
prefix: String,
|
22
|
+
max_length: T.nilable(Integer)
|
23
|
+
)
|
24
|
+
.void
|
25
|
+
end
|
26
|
+
def initialize(dependencies:, files:, target_branch:, dependency_group:, includes_security_fixes:,
|
27
|
+
separator: "/", prefix: "dependabot", max_length: nil)
|
12
28
|
super(
|
13
29
|
dependencies: dependencies,
|
14
30
|
files: files,
|
@@ -22,14 +38,17 @@ module Dependabot
|
|
22
38
|
@includes_security_fixes = includes_security_fixes
|
23
39
|
end
|
24
40
|
|
41
|
+
sig { returns(String) }
|
25
42
|
def new_branch_name
|
26
43
|
sanitize_branch_name(File.join(prefixes, group_name_with_dependency_digest))
|
27
44
|
end
|
28
45
|
|
29
46
|
private
|
30
47
|
|
48
|
+
sig { returns(Dependabot::DependencyGroup) }
|
31
49
|
attr_reader :dependency_group
|
32
50
|
|
51
|
+
sig { returns(T::Array[String]) }
|
33
52
|
def prefixes
|
34
53
|
[
|
35
54
|
prefix,
|
@@ -45,6 +64,7 @@ module Dependabot
|
|
45
64
|
#
|
46
65
|
# Let's append a short hash digest of the dependency changes so that we can
|
47
66
|
# meet this guarantee.
|
67
|
+
sig { returns(String) }
|
48
68
|
def group_name_with_dependency_digest
|
49
69
|
if @includes_security_fixes
|
50
70
|
"group-security-#{package_manager}-#{dependency_digest}"
|
@@ -53,16 +73,22 @@ module Dependabot
|
|
53
73
|
end
|
54
74
|
end
|
55
75
|
|
76
|
+
sig { returns(T.nilable(String)) }
|
56
77
|
def dependency_digest
|
57
|
-
@dependency_digest ||=
|
58
|
-
|
59
|
-
|
78
|
+
@dependency_digest ||= T.let(
|
79
|
+
Digest::MD5.hexdigest(dependencies.map do |dependency|
|
80
|
+
"#{dependency.name}-#{dependency.removed? ? 'removed' : dependency.version}"
|
81
|
+
end.sort.join(",")).slice(0, 10),
|
82
|
+
T.nilable(String)
|
83
|
+
)
|
60
84
|
end
|
61
85
|
|
86
|
+
sig { returns(String) }
|
62
87
|
def package_manager
|
63
88
|
T.must(dependencies.first).package_manager
|
64
89
|
end
|
65
90
|
|
91
|
+
sig { returns(String) }
|
66
92
|
def directory
|
67
93
|
T.must(files.first).directory.tr(" ", "-")
|
68
94
|
end
|
@@ -49,10 +49,10 @@ module Dependabot
|
|
49
49
|
files: files,
|
50
50
|
target_branch: target_branch,
|
51
51
|
dependency_group: dependency_group,
|
52
|
+
includes_security_fixes: includes_security_fixes,
|
52
53
|
separator: separator,
|
53
54
|
prefix: prefix,
|
54
|
-
max_length: max_length
|
55
|
-
includes_security_fixes: includes_security_fixes
|
55
|
+
max_length: max_length
|
56
56
|
)
|
57
57
|
end
|
58
58
|
end
|