RubyGems - dependabot-common - Versions diffs - 0.313.0 → 0.314.0 - Mend

dependabot-common 0.313.0 → 0.314.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/dependabot/git_commit_checker.rb +6 -1
data/lib/dependabot/git_metadata_fetcher.rb +81 -0
data/lib/dependabot/git_tag_with_detail.rb +45 -0
data/lib/dependabot.rb +1 -1
metadata +4 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7a5bf7bdeabf2957b9ecbe1efa5f27f9552b31db52d76970484c665e249e756
-  data.tar.gz: 32722bfd412044839d449b19b77469a3c4253802b63adc5c35aef80a9eb9b00e
+  metadata.gz: 75665e6e5f16e2e104b7415ff2f557508d03f394e8f9de6a5f841f4352e1484e
+  data.tar.gz: 61f9095c642362351d1381f1f9d3f5a26c13d3b24fb1841046b3682c6a85aaa6
 SHA512:
-  metadata.gz: 1752b119bf852196e0b870ec8d6a30473c898e0002c5467108e99447fdf88374dbeef037da2fa839fd685f9efa3bc229c7f4732b32cfd18fcdd151899c273066
-  data.tar.gz: 3e2da158a84b3717ba3f05c6e3cd673e26941889fc8716920bc877cc09db8d68454a02a915d10821229e44c82c545ed9fbf4d7e1550763d428d8f4468bbec95a
+  metadata.gz: bd09436156631884d91cd670497ca6d033ee4cb2927db598d0348f78af77f4d7bc1626ccd6ea36e051f900ad9b5ad4299f4c49e5cb4308a6203e99861c7cd458
+  data.tar.gz: f2a87eed835ec64c46769dadae2ec093fc8d6b9c8a004c40d3c65ed55a824ebdd2a402165d640d83dad757a0d34473f3b92d92d8ffd1aa99a2af0d734af9fdff

data/lib/dependabot/git_commit_checker.rb CHANGED Viewed

@@ -2,8 +2,8 @@
 # frozen_string_literal: true
 require "excon"
-require "gitlab"
 require "sorbet-runtime"
+require "gitlab"
 require "dependabot/clients/github_with_retries"
 require "dependabot/clients/gitlab_with_retries"
 require "dependabot/clients/bitbucket_with_retries"
@@ -220,6 +220,11 @@ module Dependabot
       @dependency_source_details || dependency.source_details(allowed_types: ["git"])
     end
+    sig { returns(T::Array[Dependabot::GitTagWithDetail]) }
+    def refs_for_tag_with_detail
+      local_repo_git_metadata_fetcher.refs_for_tag_with_detail
+    end
     sig { params(commit_sha: T.nilable(String)).returns(T.nilable(String)) }
     def most_specific_version_tag_for_sha(commit_sha)
       tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }

data/lib/dependabot/git_metadata_fetcher.rb CHANGED Viewed

@@ -7,6 +7,7 @@ require "sorbet-runtime"
 require "dependabot/errors"
 require "dependabot/git_ref"
+require "dependabot/git_tag_with_detail"
 require "dependabot/credential"
 module Dependabot
@@ -93,6 +94,29 @@ module Dependabot
         &.commit_sha
     end
+    sig { returns(T::Array[GitTagWithDetail]) }
+    def refs_for_tag_with_detail
+      @refs_for_tag_with_detail ||= T.let(parse_refs_for_tag_with_detail,
+                                          T.nilable(T::Array[GitTagWithDetail]))
+    end
+    sig { returns(T::Array[GitTagWithDetail]) }
+    def parse_refs_for_tag_with_detail
+      result_lines = []
+      return result_lines if upload_tag_with_detail.nil?
+      T.must(upload_tag_with_detail).lines.each do |line|
+        tag, detail = line.split(/\s+/, 2)
+        next unless tag && detail
+        result_lines << GitTagWithDetail.new(
+          tag: tag.strip,
+          release_date: detail.strip
+        )
+      end
+      result_lines
+    end
     private
     sig { returns(String) }
@@ -260,5 +284,62 @@ module Dependabot
       # Some git hosts are slow when returning a large number of tags
       SharedHelpers.excon_defaults(read_timeout: 20)
     end
+    sig { returns(T.nilable(String)) }
+    def upload_tag_with_detail
+      @upload_tag_detail ||= T.let(fetch_tags_with_detail(url), T.nilable(String))
+    rescue Octokit::ClientError
+      raise Dependabot::GitDependenciesNotReachable, [url]
+    end
+    sig { params(uri: String).returns(String) }
+    def fetch_tags_with_detail(uri)
+      response = fetch_raw_upload_pack_for(uri)
+      return response.body if response.status == 200
+      response_with_git = fetch_tags_with_detail_from_git_for(uri)
+      return response_with_git.body if response_with_git.status == 200
+      raise Dependabot::GitDependenciesNotReachable, [uri] unless uri.match?(KNOWN_HOSTS)
+      raise "Unexpected response: #{response.status} - #{response.body}" if response.status < 400
+      if uri.match?(/github\.com/i)
+        response = response.data
+        response[:response_headers] = response[:headers]
+        raise Octokit::Error.from_response(response)
+      end
+      raise "Server error at #{uri}: #{response.body}" if response.status >= 500
+      raise Dependabot::GitDependenciesNotReachable, [uri]
+    rescue Excon::Error::Socket, Excon::Error::Timeout
+      raise if uri.match?(KNOWN_HOSTS)
+      raise Dependabot::GitDependenciesNotReachable, [uri]
+    end
+    sig { params(uri: String).returns(T.untyped) }
+    def fetch_tags_with_detail_from_git_for(uri)
+      complete_uri = uri
+      complete_uri += ".git" unless complete_uri.end_with?(".git") || skip_git_suffix(uri)
+      env = { "PATH" => ENV.fetch("PATH", nil), "GIT_TERMINAL_PROMPT" => "0" }
+      command = "git for-each-ref --format=\"%(refname:short) %(creatordate:short)\" refs/tags #{complete_uri}"
+      command = SharedHelpers.escape_command(command)
+      begin
+        stdout, stderr, process = Open3.capture3(env, command)
+        # package the command response like a HTTP response so error handling remains unchanged
+      rescue Errno::ENOENT => e # thrown when `git` isn't installed...
+        OpenStruct.new(body: e.message, status: 500)
+      else
+        if process.success?
+          OpenStruct.new(body: stdout, status: 200)
+        else
+          OpenStruct.new(body: stderr, status: 500)
+        end
+      end
+    end
   end
 end

data/lib/dependabot/git_tag_with_detail.rb ADDED Viewed

@@ -0,0 +1,45 @@
+# typed: strong
+# frozen_string_literal: true
+require "sorbet-runtime"
+module Dependabot
+  class GitTagWithDetail
+    extend T::Sig
+    sig { returns(String) }
+    attr_accessor :tag
+    sig { returns(String) }
+    attr_accessor :release_date
+    sig do
+      params(
+        tag: String,
+        release_date: String
+      ).void
+    end
+    def initialize(tag:, release_date:)
+      @tag = tag
+      @release_date = release_date
+    end
+    sig { params(other: BasicObject).returns(T::Boolean) }
+    def ==(other)
+      case other
+      when GitTagWithDetail
+        to_h == other.to_h
+      else
+        false
+      end
+    end
+    sig { returns(T::Hash[Symbol, T.nilable(String)]) }
+    def to_h
+      {
+        tag: tag,
+        release_date: release_date
+      }.compact
+    end
+  end
+end

data/lib/dependabot.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.313.0"
+  VERSION = "0.314.0"
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.313.0
+  version: 0.314.0
 platform: ruby
 authors:
 - Dependabot
 bindir: bin
 cert_chain: []
-date: 2025-05-15 00:00:00.000000000 Z
+date: 2025-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit
@@ -548,6 +548,7 @@ files:
 - lib/dependabot/git_commit_checker.rb
 - lib/dependabot/git_metadata_fetcher.rb
 - lib/dependabot/git_ref.rb
+- lib/dependabot/git_tag_with_detail.rb
 - lib/dependabot/logger.rb
 - lib/dependabot/metadata_finders.rb
 - lib/dependabot/metadata_finders/README.md
@@ -609,7 +610,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.313.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.314.0
 rdoc_options: []
 require_paths:
 - lib