dependabot-common 0.359.0 → 0.360.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/file_fetchers/base.rb +51 -16
  3. data/lib/dependabot/git_commit_checker.rb +12 -2
  4. data/lib/dependabot/git_metadata_fetcher.rb +23 -8
  5. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +49 -9
  6. data/lib/dependabot/metadata_finders/base/release_finder.rb +32 -2
  7. data/lib/dependabot/pull_request_updater/github.rb +1 -1
  8. data/lib/dependabot.rb +1 -1
  9. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 863349d14c5c5c824a05216a25a095f3933ccd1ed20a25be6a4914df8ee78def
4
- data.tar.gz: '09e4df619889b23f0870e098f75d717878622dff605d9c3030cb7e857ee22b6e'
3
+ metadata.gz: 34df974274ecd87dcbd7843dd8fa57029f45161682bab2fdd09f8b81098dace0
4
+ data.tar.gz: 0bf86b911c383b18f1b8cbf000da70ab0179a55666bd417b4488290018179730
5
5
  SHA512:
6
- metadata.gz: 689f110d26cfc94b36ddc3208c49a9a051e9e98e8d2c16158240b6fc65d54e8d82106bf8c5f5917617059666c9782208ee77db2db24624a65b80bbecd90adb76
7
- data.tar.gz: d56e9fda4c5a4e3bc255341287f5aed210dac8b8c549102f433cde5c17758f105fe6201099f1d81945ef1228e97b8a4f5c53c11bcd60e99b38284cb4c39c993c
6
+ metadata.gz: 828fc1f64c41ffdb5a78a963ee7e0fb1f5bfa1433dc158b0282c93903d9cc2564fe87d9cea2e6e467542974c7f1a1051dc4ca7a4652098f726f379181fcc9b97
7
+ data.tar.gz: c35eff140ac36d74992546af35512a17c96563fa67354da374f9bebc8fc36eaed681d50dc06e04e97ece1ebf78a83ac46c6e6c761d004c497b5a7cc493cbd64b
data/lib/dependabot/file_fetchers/base.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
- require "ostruct"
5
4
  require "sorbet-runtime"
6
5
  require "stringio"
7
6
 
@@ -20,6 +19,42 @@ require "dependabot/shared_helpers"
20
19
  # rubocop:disable Metrics/ClassLength
21
20
  module Dependabot
22
21
  module FileFetchers
22
+ class RepositoryContent
23
+ extend T::Sig
24
+
25
+ sig { returns(T.nilable(String)) }
26
+ attr_reader :name
27
+
28
+ sig { returns(T.nilable(String)) }
29
+ attr_reader :path
30
+
31
+ sig { returns(T.nilable(String)) }
32
+ attr_reader :type
33
+
34
+ sig { returns(T.nilable(Integer)) }
35
+ attr_reader :size
36
+
37
+ sig { returns(T.nilable(String)) }
38
+ attr_reader :sha
39
+
40
+ sig do
41
+ params(
42
+ name: T.nilable(String),
43
+ path: T.nilable(String),
44
+ type: T.nilable(String),
45
+ size: T.nilable(Integer),
46
+ sha: T.nilable(String)
47
+ ).void
48
+ end
49
+ def initialize(name: nil, path: nil, type: nil, size: nil, sha: nil)
50
+ @name = name
51
+ @path = path
52
+ @type = type
53
+ @size = size
54
+ @sha = sha
55
+ end
56
+ end
57
+
23
58
  class Base
24
59
  extend T::Sig
25
60
  extend T::Helpers
@@ -468,7 +503,7 @@ module Dependabot
468
503
 
469
504
  sig do
470
505
  params(path: String, fetch_submodules: T::Boolean, raise_errors: T::Boolean)
471
- .returns(T::Array[OpenStruct])
506
+ .returns(T::Array[RepositoryContent])
472
507
  end
473
508
  def _fetch_repo_contents(path, fetch_submodules: false, raise_errors: true) # rubocop:disable Metrics/PerceivedComplexity
474
509
  path = path.gsub(" ", "%20")
@@ -507,7 +542,7 @@ module Dependabot
507
542
 
508
543
  sig do
509
544
  params(provider: String, repo: String, path: String, commit: String)
510
- .returns(T::Array[OpenStruct])
545
+ .returns(T::Array[RepositoryContent])
511
546
  end
512
547
  def _fetch_repo_contents_fully_specified(provider, repo, path, commit)
513
548
  case provider
@@ -525,7 +560,7 @@ module Dependabot
525
560
  end
526
561
  end
527
562
 
528
- sig { params(repo: String, path: String, commit: String).returns(T::Array[OpenStruct]) }
563
+ sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
529
564
  def _github_repo_contents(repo, path, commit)
530
565
  path = path.gsub(" ", "%20")
531
566
  github_response = T.unsafe(github_client).contents(repo, path: path, ref: commit)
@@ -538,7 +573,7 @@ module Dependabot
538
573
  github_response.map { |f| _build_github_file_struct(f) }
539
574
  end
540
575
 
541
- sig { params(relative_path: String).returns(T::Array[OpenStruct]) }
576
+ sig { params(relative_path: String).returns(T::Array[RepositoryContent]) }
542
577
  def _cloned_repo_contents(relative_path)
543
578
  repo_path = File.join(clone_repo_contents, relative_path)
544
579
  return [] unless Dir.exist?(repo_path)
@@ -555,7 +590,7 @@ module Dependabot
555
590
  "file"
556
591
  end
557
592
 
558
- OpenStruct.new(
593
+ RepositoryContent.new(
559
594
  name: name,
560
595
  path: Pathname.new(File.join(relative_path, name)).cleanpath.to_path,
561
596
  type: type,
@@ -590,9 +625,9 @@ module Dependabot
590
625
  entries
591
626
  end
592
627
 
593
- sig { params(file: Sawyer::Resource).returns(OpenStruct) }
628
+ sig { params(file: Sawyer::Resource).returns(RepositoryContent) }
594
629
  def _build_github_file_struct(file)
595
- OpenStruct.new(
630
+ RepositoryContent.new(
596
631
  name: T.unsafe(file).name,
597
632
  path: T.unsafe(file).path,
598
633
  type: T.unsafe(file).type,
@@ -601,7 +636,7 @@ module Dependabot
601
636
  )
602
637
  end
603
638
 
604
- sig { params(repo: String, path: String, commit: String).returns(T::Array[OpenStruct]) }
639
+ sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
605
640
  def _gitlab_repo_contents(repo, path, commit)
606
641
  T.unsafe(gitlab_client)
607
642
  .repo_tree(repo, path: path, ref: commit, per_page: 100)
@@ -614,7 +649,7 @@ module Dependabot
614
649
  else file.fetch("type")
615
650
  end
616
651
 
617
- OpenStruct.new(
652
+ RepositoryContent.new(
618
653
  name: file.name,
619
654
  path: file.path,
620
655
  type: type,
@@ -623,7 +658,7 @@ module Dependabot
623
658
  end
624
659
  end
625
660
 
626
- sig { params(path: String, commit: String).returns(T::Array[OpenStruct]) }
661
+ sig { params(path: String, commit: String).returns(T::Array[RepositoryContent]) }
627
662
  def _azure_repo_contents(path, commit)
628
663
  response = azure_client.fetch_repo_contents(commit, path)
629
664
 
@@ -634,7 +669,7 @@ module Dependabot
634
669
  else entry.fetch("gitObjectType")
635
670
  end
636
671
 
637
- OpenStruct.new(
672
+ RepositoryContent.new(
638
673
  name: File.basename(entry.fetch("relativePath")),
639
674
  path: entry.fetch("relativePath"),
640
675
  type: type,
@@ -643,7 +678,7 @@ module Dependabot
643
678
  end
644
679
  end
645
680
 
646
- sig { params(repo: String, path: String, commit: String).returns(T::Array[OpenStruct]) }
681
+ sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
647
682
  def _bitbucket_repo_contents(repo, path, commit)
648
683
  response = T.unsafe(bitbucket_client)
649
684
  .fetch_repo_contents(
@@ -659,7 +694,7 @@ module Dependabot
659
694
  else file.fetch("type")
660
695
  end
661
696
 
662
- OpenStruct.new(
697
+ RepositoryContent.new(
663
698
  name: File.basename(file.fetch("path")),
664
699
  path: file.fetch("path"),
665
700
  type: type,
@@ -668,7 +703,7 @@ module Dependabot
668
703
  end
669
704
  end
670
705
 
671
- sig { params(repo: String, path: String, commit: String).returns(T::Array[OpenStruct]) }
706
+ sig { params(repo: String, path: String, commit: String).returns(T::Array[RepositoryContent]) }
672
707
  def _codecommit_repo_contents(repo, path, commit)
673
708
  response = codecommit_client.fetch_repo_contents(
674
709
  repo,
@@ -677,7 +712,7 @@ module Dependabot
677
712
  )
678
713
 
679
714
  response.files.map do |file|
680
- OpenStruct.new(
715
+ RepositoryContent.new(
681
716
  name: File.basename(file.relative_path),
682
717
  path: file.relative_path,
683
718
  type: "file",
data/lib/dependabot/git_commit_checker.rb CHANGED
@@ -246,13 +246,17 @@ module Dependabot
246
246
 
247
247
  sig { params(commit_sha: T.nilable(String)).returns(T.nilable(String)) }
248
248
  def most_specific_version_tag_for_sha(commit_sha)
249
- tags = local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
250
- .sort_by { |t| version_class.new(t.name) }
249
+ tags = local_tags_matching_sha(commit_sha)
251
250
  return if tags.empty?
252
251
 
253
252
  tags[-1]&.name
254
253
  end
255
254
 
255
+ sig { params(commit_sha: T.nilable(String)).returns(T::Array[String]) }
256
+ def most_specific_version_tags_for_sha(commit_sha)
257
+ local_tags_matching_sha(commit_sha).map(&:name)
258
+ end
259
+
256
260
  sig { params(tags: T::Array[Dependabot::GitRef]).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
257
261
  def max_local_tag(tags)
258
262
  max_version_tag = tags.max_by { |t| version_from_tag(t) }
@@ -333,6 +337,12 @@ module Dependabot
333
337
  .reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }
334
338
  end
335
339
 
340
+ sig { params(commit_sha: T.nilable(String)).returns(T::Array[Dependabot::GitRef]) }
341
+ def local_tags_matching_sha(commit_sha)
342
+ local_tags.select { |t| t.commit_sha == commit_sha && version_class.correct?(t.name) }
343
+ .sort_by { |t| version_class.new(t.name) }
344
+ end
345
+
336
346
  sig { params(version: T.any(String, Gem::Version)).returns(T::Boolean) }
337
347
  def pinned_ref_in_release?(version)
338
348
  raise "Not a git dependency!" unless git_dependency?
data/lib/dependabot/git_metadata_fetcher.rb CHANGED
@@ -3,7 +3,6 @@
3
3
 
4
4
  require "excon"
5
5
  require "open3"
6
- require "ostruct"
7
6
  require "sorbet-runtime"
8
7
  require "tmpdir"
9
8
  require "dependabot/errors"
@@ -15,6 +14,22 @@ module Dependabot
15
14
  class GitMetadataFetcher
16
15
  extend T::Sig
17
16
 
17
+ class GitResponse
18
+ extend T::Sig
19
+
20
+ sig { returns(String) }
21
+ attr_reader :body
22
+
23
+ sig { returns(Integer) }
24
+ attr_reader :status
25
+
26
+ sig { params(body: String, status: Integer).void }
27
+ def initialize(body:, status:)
28
+ @body = body
29
+ @status = status
30
+ end
31
+ end
32
+
18
33
  KNOWN_HOSTS = /github\.com|bitbucket\.org|gitlab.com/i
19
34
 
20
35
  sig do
@@ -210,12 +225,12 @@ module Dependabot
210
225
  stdout, stderr, process = Open3.capture3(env, command)
211
226
  # package the command response like a HTTP response so error handling remains unchanged
212
227
  rescue Errno::ENOENT => e # thrown when `git` isn't installed...
213
- OpenStruct.new(body: e.message, status: 500)
228
+ GitResponse.new(body: e.message, status: 500)
214
229
  else
215
230
  if process.success?
216
- OpenStruct.new(body: stdout, status: 200)
231
+ GitResponse.new(body: stdout, status: 200)
217
232
  else
218
- OpenStruct.new(body: stderr, status: 500)
233
+ GitResponse.new(body: stderr, status: 500)
219
234
  end
220
235
  end
221
236
  end
@@ -340,7 +355,7 @@ module Dependabot
340
355
  clone_command = SharedHelpers.escape_command(clone_command)
341
356
 
342
357
  _stdout, stderr, process = Open3.capture3(env, clone_command)
343
- return OpenStruct.new(body: stderr, status: 500) unless process.success?
358
+ return GitResponse.new(body: stderr, status: 500) unless process.success?
344
359
 
345
360
  # Change to the cloned repository directory
346
361
  Dir.chdir(dir) do
@@ -348,7 +363,7 @@ module Dependabot
348
363
  tags_command = 'git for-each-ref --format="%(refname:short) %(creatordate:short)" refs/tags'
349
364
  tags_stdout, stderr, process = Open3.capture3(env, tags_command)
350
365
 
351
- return OpenStruct.new(body: stderr, status: 500) unless process.success?
366
+ return GitResponse.new(body: stderr, status: 500) unless process.success?
352
367
 
353
368
  # Parse and sort tags by creation date
354
369
  tags = tags_stdout.lines.map do |line|
@@ -359,11 +374,11 @@ module Dependabot
359
374
 
360
375
  # Format the output as a string
361
376
  formatted_output = sorted_tags.map { |tag| "#{tag[:tag]} #{tag[:date]}" }.join("\n")
362
- return OpenStruct.new(body: formatted_output, status: 200)
377
+ return GitResponse.new(body: formatted_output, status: 200)
363
378
  end
364
379
  end
365
380
  rescue Errno::ENOENT => e # Thrown when `git` isn't installed
366
- OpenStruct.new(body: e.message, status: 500)
381
+ GitResponse.new(body: e.message, status: 500)
367
382
  end
368
383
 
369
384
  sig do
data/lib/dependabot/metadata_finders/base/changelog_finder.rb CHANGED
@@ -2,7 +2,6 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
5
- require "ostruct"
6
5
  require "sorbet-runtime"
7
6
 
8
7
  require "dependabot/clients/github_with_retries"
@@ -14,6 +13,47 @@ require "dependabot/metadata_finders/base"
14
13
  module Dependabot
15
14
  module MetadataFinders
16
15
  class Base
16
+ class ChangelogFile
17
+ extend T::Sig
18
+
19
+ sig { returns(String) }
20
+ attr_reader :name
21
+
22
+ sig { returns(String) }
23
+ attr_reader :type
24
+
25
+ sig { returns(Integer) }
26
+ attr_reader :size
27
+
28
+ sig { returns(String) }
29
+ attr_reader :html_url
30
+
31
+ sig { returns(String) }
32
+ attr_reader :download_url
33
+
34
+ sig { returns(T.nilable(String)) }
35
+ attr_reader :path
36
+
37
+ sig do
38
+ params(
39
+ name: String,
40
+ type: String,
41
+ size: Integer,
42
+ html_url: String,
43
+ download_url: String,
44
+ path: T.nilable(String)
45
+ ).void
46
+ end
47
+ def initialize(name:, type:, size:, html_url:, download_url:, path: nil)
48
+ @name = name
49
+ @type = type
50
+ @size = size
51
+ @html_url = html_url
52
+ @download_url = download_url
53
+ @path = path
54
+ end
55
+ end
56
+
17
57
  # rubocop:disable Metrics/ClassLength
18
58
  class ChangelogFinder
19
59
  extend T::Sig
@@ -141,18 +181,18 @@ module Dependabot
141
181
  @changelog_from_suggested_url = nil
142
182
  end
143
183
 
144
- sig { returns(T.nilable(T.any(OpenStruct, Sawyer::Resource))) }
184
+ sig { returns(T.nilable(T.any(ChangelogFile, Sawyer::Resource))) }
145
185
  def default_branch_changelog
146
186
  return unless source
147
187
 
148
188
  @default_branch_changelog ||=
149
189
  T.let(
150
190
  changelog_from_ref(nil),
151
- T.nilable(T.any(OpenStruct, Sawyer::Resource))
191
+ T.nilable(T.any(ChangelogFile, Sawyer::Resource))
152
192
  )
153
193
  end
154
194
 
155
- sig { returns(T.nilable(T.any(OpenStruct, Sawyer::Resource))) }
195
+ sig { returns(T.nilable(T.any(ChangelogFile, Sawyer::Resource))) }
156
196
  def relevant_tag_changelog
157
197
  return unless source
158
198
  return unless tag_for_new_version
@@ -160,11 +200,11 @@ module Dependabot
160
200
  @relevant_tag_changelog ||=
161
201
  T.let(
162
202
  changelog_from_ref(tag_for_new_version),
163
- T.nilable(T.any(OpenStruct, Sawyer::Resource))
203
+ T.nilable(T.any(ChangelogFile, Sawyer::Resource))
164
204
  )
165
205
  end
166
206
 
167
- sig { params(ref: T.nilable(String)).returns(T.nilable(T.any(OpenStruct, Sawyer::Resource))) }
207
+ sig { params(ref: T.nilable(String)).returns(T.nilable(T.any(ChangelogFile, Sawyer::Resource))) }
168
208
  def changelog_from_ref(ref)
169
209
  files =
170
210
  dependency_file_list(ref)
@@ -343,7 +383,7 @@ module Dependabot
343
383
  when "commit_directory" then "dir"
344
384
  else file.fetch("type")
345
385
  end
346
- OpenStruct.new(
386
+ ChangelogFile.new(
347
387
  name: file.fetch("path").split("/").last,
348
388
  type: type,
349
389
  size: file.fetch("size", 100),
@@ -366,7 +406,7 @@ module Dependabot
366
406
  when "tree" then "dir"
367
407
  else file.fetch("type")
368
408
  end
369
- OpenStruct.new(
409
+ ChangelogFile.new(
370
410
  name: file.name,
371
411
  type: type,
372
412
  size: 100, # GitLab doesn't return file size
@@ -387,7 +427,7 @@ module Dependabot
387
427
  else entry.fetch("gitObjectType")
388
428
  end
389
429
 
390
- OpenStruct.new(
430
+ ChangelogFile.new(
391
431
  name: File.basename(entry.fetch("relativePath")),
392
432
  type: type,
393
433
  size: entry.fetch("size"),
data/lib/dependabot/metadata_finders/base/release_finder.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
- require "ostruct"
5
4
  require "sorbet-runtime"
6
5
 
7
6
  require "dependabot/credential"
@@ -13,6 +12,37 @@ require "dependabot/utils"
13
12
  module Dependabot
14
13
  module MetadataFinders
15
14
  class Base
15
+ class GitLabRelease
16
+ extend T::Sig
17
+
18
+ sig { returns(String) }
19
+ attr_reader :name
20
+
21
+ sig { returns(String) }
22
+ attr_reader :tag_name
23
+
24
+ sig { returns(String) }
25
+ attr_reader :body
26
+
27
+ sig { returns(String) }
28
+ attr_reader :html_url
29
+
30
+ sig do
31
+ params(
32
+ name: String,
33
+ tag_name: String,
34
+ body: String,
35
+ html_url: String
36
+ ).void
37
+ end
38
+ def initialize(name:, tag_name:, body:, html_url:)
39
+ @name = name
40
+ @tag_name = tag_name
41
+ @body = body
42
+ @html_url = html_url
43
+ end
44
+ end
45
+
16
46
  class ReleaseFinder
17
47
  extend T::Sig
18
48
 
@@ -281,7 +311,7 @@ module Dependabot
281
311
  .reverse
282
312
 
283
313
  releases.map do |tag|
284
- OpenStruct.new(
314
+ GitLabRelease.new(
285
315
  name: tag.name,
286
316
  tag_name: tag.release.tag_name,
287
317
  body: tag.release.description,
data/lib/dependabot/pull_request_updater/github.rb CHANGED
@@ -207,7 +207,7 @@ module Dependabot
207
207
 
208
208
  {
209
209
  path: file.realpath,
210
- mode: Dependabot::DependencyFile::Mode::FILE,
210
+ mode: file.mode || Dependabot::DependencyFile::Mode::FILE,
211
211
  type: "blob"
212
212
  }.merge(content)
213
213
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.359.0"
5
+ VERSION = "0.360.0"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.359.0
4
+ version: 0.360.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -225,20 +225,6 @@ dependencies:
225
225
  - - "~>"
226
226
  - !ruby/object:Gem::Version
227
227
  version: '0.3'
228
- - !ruby/object:Gem::Dependency
229
- name: ostruct
230
- requirement: !ruby/object:Gem::Requirement
231
- requirements:
232
- - - "~>"
233
- - !ruby/object:Gem::Version
234
- version: '0.6'
235
- type: :runtime
236
- prerelease: false
237
- version_requirements: !ruby/object:Gem::Requirement
238
- requirements:
239
- - - "~>"
240
- - !ruby/object:Gem::Version
241
- version: '0.6'
242
228
  - !ruby/object:Gem::Dependency
243
229
  name: parser
244
230
  requirement: !ruby/object:Gem::Requirement
@@ -629,7 +615,7 @@ licenses:
629
615
  - MIT
630
616
  metadata:
631
617
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
632
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.359.0
618
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.360.0
633
619
  rdoc_options: []
634
620
  require_paths:
635
621
  - lib