dependabot-common 0.361.1 → 0.361.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/config/file.rb +1 -0
- data/lib/dependabot/git_commit_checker.rb +16 -3
- data/lib/dependabot/git_metadata_fetcher.rb +2 -1
- data/lib/dependabot/metadata_finders/base.rb +10 -0
- data/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb +24 -0
- data/lib/dependabot/version.rb +22 -0
- data/lib/dependabot.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f2b211f0bd9932e35b316074d84e9bae276448f95244ec93184d2930332d9801
|
|
4
|
+
data.tar.gz: 713b02b21f48e873c663b77afdece7967394ea18e80a33c02c0ca536debbfa31
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d29c459b7b4538e3dbf806a5dbaf79fd4eb1042664fe5df05b462bf7f404550e5843e2f9f1d85dbe297fb143e9fb6b770e5341c2d23a3cbb44a045f1cb7cbc4d
|
|
7
|
+
data.tar.gz: c92e5ea8478f61ee4030ac7c4aa4ce3573e0a6a4870deb454a91d5a82c7b3b9ddd8e8ae1074b1db72cecbdb6e7781c83472a41939780c072e0292127a8ec5727
|
|
@@ -106,19 +106,32 @@ module Dependabot
|
|
|
106
106
|
local_repo_git_metadata_fetcher.head_commit_for_ref_sha(T.must(ref))
|
|
107
107
|
end
|
|
108
108
|
|
|
109
|
-
sig { returns(
|
|
110
|
-
def
|
|
109
|
+
sig { returns(T::Array[GitRef]) }
|
|
110
|
+
def tags
|
|
111
|
+
GitMetadataFetcher.new(
|
|
112
|
+
url: dependency.source_details&.fetch(:url, nil),
|
|
113
|
+
credentials: credentials
|
|
114
|
+
).tags
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
sig { params(ref: String).returns(Excon::Response) }
|
|
118
|
+
def ref_details(ref)
|
|
111
119
|
T.must(
|
|
112
120
|
T.let(
|
|
113
121
|
GitMetadataFetcher.new(
|
|
114
122
|
url: dependency.source_details&.fetch(:url, nil),
|
|
115
123
|
credentials: credentials
|
|
116
|
-
).ref_details_for_pinned_ref(
|
|
124
|
+
).ref_details_for_pinned_ref(ref),
|
|
117
125
|
T.nilable(Excon::Response)
|
|
118
126
|
)
|
|
119
127
|
)
|
|
120
128
|
end
|
|
121
129
|
|
|
130
|
+
sig { returns(Excon::Response) }
|
|
131
|
+
def ref_details_for_pinned_ref
|
|
132
|
+
ref_details(ref_pinned)
|
|
133
|
+
end
|
|
134
|
+
|
|
122
135
|
sig { params(ref: String).returns(T::Boolean) }
|
|
123
136
|
def ref_looks_like_commit_sha?(ref)
|
|
124
137
|
ref.match?(/^[0-9a-f]{6,40}$/)
|
|
@@ -31,6 +31,7 @@ module Dependabot
|
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
KNOWN_HOSTS = /github\.com|bitbucket\.org|gitlab.com/i
|
|
34
|
+
MAX_COMMITS_PER_PAGE = 100
|
|
34
35
|
|
|
35
36
|
sig do
|
|
36
37
|
params(
|
|
@@ -391,7 +392,7 @@ module Dependabot
|
|
|
391
392
|
github: provider_url.gsub("github.com", "api.github.com/repos")
|
|
392
393
|
}.freeze
|
|
393
394
|
|
|
394
|
-
"#{api_url[:github]}/commits?per_page
|
|
395
|
+
"#{api_url[:github]}/commits?per_page=#{MAX_COMMITS_PER_PAGE}&sha=#{ref}"
|
|
395
396
|
end
|
|
396
397
|
end
|
|
397
398
|
end
|
|
@@ -162,6 +162,16 @@ module Dependabot
|
|
|
162
162
|
nil
|
|
163
163
|
end
|
|
164
164
|
|
|
165
|
+
sig { overridable.returns(T.nilable(String)) }
|
|
166
|
+
def install_script_changes
|
|
167
|
+
nil
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
sig { overridable.returns(T.nilable(String)) }
|
|
171
|
+
def attestation_changes
|
|
172
|
+
nil
|
|
173
|
+
end
|
|
174
|
+
|
|
165
175
|
private
|
|
166
176
|
|
|
167
177
|
sig { overridable.returns(T.nilable(String)) }
|
|
@@ -27,10 +27,12 @@ module Dependabot
|
|
|
27
27
|
attr_reader :github_redirection_service
|
|
28
28
|
|
|
29
29
|
def_delegators :metadata_finder,
|
|
30
|
+
:attestation_changes,
|
|
30
31
|
:changelog_url,
|
|
31
32
|
:changelog_text,
|
|
32
33
|
:commits_url,
|
|
33
34
|
:commits,
|
|
35
|
+
:install_script_changes,
|
|
34
36
|
:maintainer_changes,
|
|
35
37
|
:releases_url,
|
|
36
38
|
:releases_text,
|
|
@@ -71,6 +73,8 @@ module Dependabot
|
|
|
71
73
|
msg += upgrade_guide_cascade
|
|
72
74
|
msg += commits_cascade
|
|
73
75
|
msg += maintainer_changes_cascade
|
|
76
|
+
msg += install_script_changes_cascade
|
|
77
|
+
msg += attestation_changes_cascade
|
|
74
78
|
msg += break_tag unless msg == ""
|
|
75
79
|
"\n" + sanitize_links_and_mentions(msg, unsafe: true)
|
|
76
80
|
end
|
|
@@ -181,6 +185,26 @@ module Dependabot
|
|
|
181
185
|
)
|
|
182
186
|
end
|
|
183
187
|
|
|
188
|
+
sig { returns(String) }
|
|
189
|
+
def install_script_changes_cascade
|
|
190
|
+
return "" unless install_script_changes
|
|
191
|
+
|
|
192
|
+
build_details_tag(
|
|
193
|
+
summary: "Install script changes",
|
|
194
|
+
body: sanitize_links_and_mentions(install_script_changes) + "\n"
|
|
195
|
+
)
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
sig { returns(String) }
|
|
199
|
+
def attestation_changes_cascade
|
|
200
|
+
return "" unless attestation_changes
|
|
201
|
+
|
|
202
|
+
build_details_tag(
|
|
203
|
+
summary: "Attestation changes",
|
|
204
|
+
body: sanitize_links_and_mentions(attestation_changes) + "\n"
|
|
205
|
+
)
|
|
206
|
+
end
|
|
207
|
+
|
|
184
208
|
sig { params(summary: String, body: String).returns(String) }
|
|
185
209
|
def build_details_tag(summary:, body:)
|
|
186
210
|
# Bitbucket does not support <details> tag (https://jira.atlassian.com/browse/BCLOUD-20231)
|
data/lib/dependabot/version.rb
CHANGED
|
@@ -74,6 +74,28 @@ module Dependabot
|
|
|
74
74
|
"a"
|
|
75
75
|
end
|
|
76
76
|
|
|
77
|
+
# https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
|
|
78
|
+
SEMVER_REGEX = T.let(
|
|
79
|
+
/
|
|
80
|
+
# major.minor.patch
|
|
81
|
+
^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)
|
|
82
|
+
# pre-release
|
|
83
|
+
(?:-(
|
|
84
|
+
(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)
|
|
85
|
+
(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*
|
|
86
|
+
))?
|
|
87
|
+
# build metadata
|
|
88
|
+
(?:\+(
|
|
89
|
+
[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*
|
|
90
|
+
))?$/x,
|
|
91
|
+
Regexp
|
|
92
|
+
)
|
|
93
|
+
|
|
94
|
+
sig { params(version: String).returns(T::Boolean) }
|
|
95
|
+
def self.valid_semver?(version)
|
|
96
|
+
!version.match(SEMVER_REGEX).nil?
|
|
97
|
+
end
|
|
98
|
+
|
|
77
99
|
sig { returns(T.nilable([Integer, Integer, Integer])) }
|
|
78
100
|
def semver_parts
|
|
79
101
|
# Extracts only the numeric major.minor.patch part of the version, ensuring it starts with a number
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.361.
|
|
4
|
+
version: 0.361.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -615,7 +615,7 @@ licenses:
|
|
|
615
615
|
- MIT
|
|
616
616
|
metadata:
|
|
617
617
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
618
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.
|
|
618
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.361.2
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|
|
621
621
|
- lib
|