dependabot-common 0.363.0 → 0.364.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/command_helpers.rb +5 -1
- data/lib/dependabot/dependency_graphers/base.rb +2 -2
- data/lib/dependabot/dependency_group.rb +0 -2
- data/lib/dependabot/file_fetchers/base.rb +14 -14
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +15 -15
- data/lib/dependabot/package/package_latest_version_finder.rb +6 -6
- data/lib/dependabot/pull_request_creator/message_builder.rb +45 -0
- data/lib/dependabot/shared_helpers.rb +17 -25
- data/lib/dependabot.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6da1e661120cc32753f744c61f71c22ea49fc6f2fdcbbfd3a137631acf3103e4
|
|
4
|
+
data.tar.gz: 1c3c5a19b497c29ac3fa2853202918f514cc2c702c091b8dd4af352b186ad61f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd97c8d6b0978058bf3204aee949f1082fda7d8724ac366a7684d35c3d82d867e1d26ce0bf24e3dd97e94b08b689d3276b681cdfa86782525dfa09aeae892af5
|
|
7
|
+
data.tar.gz: 13d846c8ab332fa64643df2bdc4aa95a47250efdbf10a382a77df4e63312bf773a1f01fdaaa72390d715cd4132f1798d5a4ceec70910dca43ee271abaeca5a29
|
|
@@ -103,7 +103,11 @@ module Dependabot
|
|
|
103
103
|
Dependabot.logger.info("Started process PID: #{pid} with command: #{sanitized_env_cmd.join(' ')}")
|
|
104
104
|
|
|
105
105
|
# Write to stdin if input data is provided
|
|
106
|
-
|
|
106
|
+
begin
|
|
107
|
+
stdin&.write(stdin_data) if stdin_data
|
|
108
|
+
rescue Errno::EPIPE
|
|
109
|
+
# Process exited before reading stdin - continue to collect output
|
|
110
|
+
end
|
|
107
111
|
stdin&.close
|
|
108
112
|
|
|
109
113
|
stdout_io.sync = true
|
|
@@ -91,8 +91,8 @@ module Dependabot
|
|
|
91
91
|
sig { returns(T::Hash[String, Dependabot::Dependency]) }
|
|
92
92
|
def dependencies_by_name
|
|
93
93
|
@dependencies_by_name ||= T.let(
|
|
94
|
-
@dependencies.
|
|
95
|
-
|
|
94
|
+
@dependencies.to_h do |dep|
|
|
95
|
+
[dep.name, dep]
|
|
96
96
|
end,
|
|
97
97
|
T.nilable(T::Hash[String, Dependabot::Dependency])
|
|
98
98
|
)
|
|
@@ -641,20 +641,20 @@ module Dependabot
|
|
|
641
641
|
T.unsafe(gitlab_client)
|
|
642
642
|
.repo_tree(repo, path: path, ref: commit, per_page: 100)
|
|
643
643
|
.map do |file|
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
644
|
+
# GitLab API essentially returns the output from `git ls-tree`
|
|
645
|
+
type = case file.type
|
|
646
|
+
when "blob" then "file"
|
|
647
|
+
when "tree" then "dir"
|
|
648
|
+
when "commit" then "submodule"
|
|
649
|
+
else file.fetch("type")
|
|
650
|
+
end
|
|
651
|
+
|
|
652
|
+
RepositoryContent.new(
|
|
653
|
+
name: file.name,
|
|
654
|
+
path: file.path,
|
|
655
|
+
type: type,
|
|
656
|
+
size: 0 # GitLab doesn't return file size
|
|
657
|
+
)
|
|
658
658
|
end
|
|
659
659
|
end
|
|
660
660
|
|
|
@@ -309,11 +309,11 @@ module Dependabot
|
|
|
309
309
|
T.unsafe(bitbucket_client)
|
|
310
310
|
.compare(T.must(source).repo, previous_tag, new_tag)
|
|
311
311
|
.map do |commit|
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
312
|
+
{
|
|
313
|
+
message: commit.dig("summary", "raw"),
|
|
314
|
+
sha: commit["hash"],
|
|
315
|
+
html_url: commit.dig("links", "html", "href")
|
|
316
|
+
}
|
|
317
317
|
end
|
|
318
318
|
rescue Dependabot::Clients::Bitbucket::NotFound,
|
|
319
319
|
Dependabot::Clients::Bitbucket::Unauthorized,
|
|
@@ -330,11 +330,11 @@ module Dependabot
|
|
|
330
330
|
.compare(T.must(source).repo, previous_tag, new_tag)
|
|
331
331
|
.commits
|
|
332
332
|
.map do |commit|
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
333
|
+
{
|
|
334
|
+
message: commit["message"],
|
|
335
|
+
sha: commit["id"],
|
|
336
|
+
html_url: "#{T.must(source).url}/commit/#{commit['id']}"
|
|
337
|
+
}
|
|
338
338
|
end
|
|
339
339
|
rescue Gitlab::Error::NotFound
|
|
340
340
|
[]
|
|
@@ -346,11 +346,11 @@ module Dependabot
|
|
|
346
346
|
azure_client
|
|
347
347
|
.compare(previous_tag, new_tag, type)
|
|
348
348
|
.map do |commit|
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
349
|
+
{
|
|
350
|
+
message: commit["comment"],
|
|
351
|
+
sha: commit["commitId"],
|
|
352
|
+
html_url: commit["remoteUrl"]
|
|
353
|
+
}
|
|
354
354
|
end
|
|
355
355
|
rescue Dependabot::Clients::Azure::NotFound,
|
|
356
356
|
Dependabot::Clients::Azure::Unauthorized,
|
|
@@ -240,9 +240,9 @@ module Dependabot
|
|
|
240
240
|
def filter_ignored_versions(releases)
|
|
241
241
|
filtered = releases
|
|
242
242
|
.reject do |release|
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
243
|
+
ignore_requirements.any? do |r|
|
|
244
|
+
r.satisfied_by?(release.version)
|
|
245
|
+
end
|
|
246
246
|
end
|
|
247
247
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(releases).any?
|
|
248
248
|
raise Dependabot::AllVersionsIgnored
|
|
@@ -277,9 +277,9 @@ module Dependabot
|
|
|
277
277
|
|
|
278
278
|
releases
|
|
279
279
|
.select do |release|
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
280
|
+
reqs.all? do |r|
|
|
281
|
+
r.any? { |o| o.satisfied_by?(release.version) }
|
|
282
|
+
end
|
|
283
283
|
end
|
|
284
284
|
end
|
|
285
285
|
|
|
@@ -263,6 +263,8 @@ module Dependabot
|
|
|
263
263
|
|
|
264
264
|
sig { returns(String) }
|
|
265
265
|
def group_pr_name
|
|
266
|
+
return dependency_name_group_pr_name if dependency_group&.group_by_dependency_name?
|
|
267
|
+
|
|
266
268
|
if source.directories
|
|
267
269
|
grouped_directory_name
|
|
268
270
|
else
|
|
@@ -270,6 +272,20 @@ module Dependabot
|
|
|
270
272
|
end
|
|
271
273
|
end
|
|
272
274
|
|
|
275
|
+
sig { returns(String) }
|
|
276
|
+
def dependency_name_group_pr_name
|
|
277
|
+
dep = T.must(dependencies.first)
|
|
278
|
+
directories = dep.metadata[:updated_directories] || [dep.metadata[:directory]].compact
|
|
279
|
+
|
|
280
|
+
if directories.count > 1
|
|
281
|
+
"bump #{dep.name} across #{directories.count} directories"
|
|
282
|
+
elsif directories.one?
|
|
283
|
+
"bump #{dep.name} in #{directories.first}"
|
|
284
|
+
else
|
|
285
|
+
"bump #{dep.name}"
|
|
286
|
+
end
|
|
287
|
+
end
|
|
288
|
+
|
|
273
289
|
sig { returns(String) }
|
|
274
290
|
def grouped_name
|
|
275
291
|
updates = dependencies.map(&:name).uniq.count
|
|
@@ -411,6 +427,8 @@ module Dependabot
|
|
|
411
427
|
# rubocop:disable Metrics/AbcSize
|
|
412
428
|
sig { returns(String) }
|
|
413
429
|
def version_commit_message_intro
|
|
430
|
+
return dependency_name_group_intro if dependency_group&.group_by_dependency_name? && source.directories
|
|
431
|
+
|
|
414
432
|
return multi_directory_group_intro if dependency_group && source.directories
|
|
415
433
|
|
|
416
434
|
return group_intro if dependency_group
|
|
@@ -546,6 +564,33 @@ module Dependabot
|
|
|
546
564
|
end
|
|
547
565
|
# rubocop:enable Metrics/AbcSize
|
|
548
566
|
|
|
567
|
+
sig { returns(String) }
|
|
568
|
+
def dependency_name_group_intro
|
|
569
|
+
dep = T.must(dependencies.first)
|
|
570
|
+
directories = dep.metadata[:updated_directories] || [dep.metadata[:directory]].compact
|
|
571
|
+
|
|
572
|
+
msg = "Bumps #{dependency_links.first}"
|
|
573
|
+
|
|
574
|
+
if directories.count > 1
|
|
575
|
+
msg += " across #{directories.count} directories:\n\n"
|
|
576
|
+
msg += directories.map do |dir|
|
|
577
|
+
prev_version = dep.humanized_previous_version || "unknown"
|
|
578
|
+
new_version = dep.humanized_version || "unknown"
|
|
579
|
+
"- `#{dir}`: #{prev_version} → #{new_version}"
|
|
580
|
+
end.join("\n")
|
|
581
|
+
elsif directories.one?
|
|
582
|
+
msg += " in `#{directories.first}`"
|
|
583
|
+
msg += " #{from_version_msg(dep.humanized_previous_version)}"
|
|
584
|
+
msg += "to #{dep.humanized_version}."
|
|
585
|
+
else
|
|
586
|
+
msg += " #{from_version_msg(dep.humanized_previous_version)}"
|
|
587
|
+
msg += "to #{dep.humanized_version}."
|
|
588
|
+
end
|
|
589
|
+
|
|
590
|
+
msg += "\n"
|
|
591
|
+
msg
|
|
592
|
+
end
|
|
593
|
+
|
|
549
594
|
sig { returns(String) }
|
|
550
595
|
def group_intro
|
|
551
596
|
# Ensure dependencies are unique by name, from and to versions
|
|
@@ -163,15 +163,13 @@ module Dependabot
|
|
|
163
163
|
end
|
|
164
164
|
|
|
165
165
|
env_cmd = [env, cmd].compact
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
stdout, stderr, process = T.unsafe(Open3).capture3(*env_cmd, stdin_data: stdin_data)
|
|
174
|
-
end
|
|
166
|
+
raw_stdout, raw_stderr, process = CommandHelpers.capture3_with_timeout(
|
|
167
|
+
env_cmd,
|
|
168
|
+
stdin_data: stdin_data,
|
|
169
|
+
timeout: timeout
|
|
170
|
+
)
|
|
171
|
+
stdout = T.let(raw_stdout || "", String)
|
|
172
|
+
stderr = T.let(raw_stderr || "", String)
|
|
175
173
|
time_taken = Time.now - start
|
|
176
174
|
|
|
177
175
|
if ENV["DEBUG_HELPERS"] == "true"
|
|
@@ -480,22 +478,16 @@ module Dependabot
|
|
|
480
478
|
opts[:chdir] = cwd if cwd
|
|
481
479
|
|
|
482
480
|
env_cmd = [env || {}, cmd, opts].compact
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
)
|
|
494
|
-
elsif stderr_to_stdout
|
|
495
|
-
stdout, process = Open3.capture2e(env || {}, cmd, opts)
|
|
496
|
-
else
|
|
497
|
-
stdout, stderr, process = Open3.capture3(env || {}, cmd, opts)
|
|
498
|
-
end
|
|
481
|
+
kwargs = {
|
|
482
|
+
stderr_to_stdout: stderr_to_stdout,
|
|
483
|
+
timeout: timeout
|
|
484
|
+
}
|
|
485
|
+
kwargs[:output_observer] = output_observer if output_observer
|
|
486
|
+
|
|
487
|
+
stdout, stderr, process = CommandHelpers.capture3_with_timeout(
|
|
488
|
+
env_cmd,
|
|
489
|
+
**kwargs
|
|
490
|
+
)
|
|
499
491
|
|
|
500
492
|
time_taken = Time.now - start
|
|
501
493
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.364.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -133,14 +133,14 @@ dependencies:
|
|
|
133
133
|
requirements:
|
|
134
134
|
- - "~>"
|
|
135
135
|
- !ruby/object:Gem::Version
|
|
136
|
-
version: '
|
|
136
|
+
version: '6.0'
|
|
137
137
|
type: :runtime
|
|
138
138
|
prerelease: false
|
|
139
139
|
version_requirements: !ruby/object:Gem::Requirement
|
|
140
140
|
requirements:
|
|
141
141
|
- - "~>"
|
|
142
142
|
- !ruby/object:Gem::Version
|
|
143
|
-
version: '
|
|
143
|
+
version: '6.0'
|
|
144
144
|
- !ruby/object:Gem::Dependency
|
|
145
145
|
name: json
|
|
146
146
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -175,14 +175,14 @@ dependencies:
|
|
|
175
175
|
requirements:
|
|
176
176
|
- - "~>"
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
|
-
version: '
|
|
178
|
+
version: '10.0'
|
|
179
179
|
type: :runtime
|
|
180
180
|
prerelease: false
|
|
181
181
|
version_requirements: !ruby/object:Gem::Requirement
|
|
182
182
|
requirements:
|
|
183
183
|
- - "~>"
|
|
184
184
|
- !ruby/object:Gem::Version
|
|
185
|
-
version: '
|
|
185
|
+
version: '10.0'
|
|
186
186
|
- !ruby/object:Gem::Dependency
|
|
187
187
|
name: opentelemetry-api
|
|
188
188
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -615,7 +615,7 @@ licenses:
|
|
|
615
615
|
- MIT
|
|
616
616
|
metadata:
|
|
617
617
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
618
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
618
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
|
|
619
619
|
rdoc_options: []
|
|
620
620
|
require_paths:
|
|
621
621
|
- lib
|