dependabot-common 0.373.0 → 0.374.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3813dcd4d0293e11d9da8b1425d9c800f4c94552e38bf8765d912b51b7c2643c
-  data.tar.gz: bb7a4005a51cbb9ecb432a1cd25c67f664cea48dad9f900de65de30f99d9dbcd
+  metadata.gz: d88af33b38097dab784ba13eadb6c8f87aed56fcce304d1f71abf339309d3541
+  data.tar.gz: 97fd1cc7feb3a5fc0f8dcf9674c58258da57780d52c7931c0e3d9f8f011dc811
 SHA512:
-  metadata.gz: 3cb91b2676a6722670b020f805de186af35e79f73640771927070b103549a74b40fc3696890a4062b5a0045e9ad3f4ab43ddff89a46357f0113b2bd8861f4935
-  data.tar.gz: d70c62d66ea75085d88834d51d01504c412e6cd4676aba9c05e779d031ca916e614acacf021f9d71e593c7f976748096878d8aa00aa1c5a9b885c6da9165d1f4
+  metadata.gz: 72398924f6dc3e66644f35bc4a6ffe407adfc9aa18e95c0e06ddcdad5f0d3146c1a6b01a0e439e547330f3173f2cf5a658519463efa2d40e166584f32237a2be
+  data.tar.gz: '07857156b27d2d678b2b9c9bc8d8addf1e7a7a6a45c99bc6ea965fae724f33a3db43d844b91bc148ffcd67f562b545a547f4d7b4af4a77df4ba3512c13e2bb60'

data/lib/dependabot/config/file.rb

@@ -65,6 +65,7 @@ module Dependabot
           "bundler" => "bundler",
           "cargo" => "cargo",
           "composer" => "composer",
+          "deno" => "deno",
           "conda" => "conda",
           "devcontainer" => "devcontainers",
           "docker-compose" => "docker_compose",

data/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb

@@ -106,23 +106,25 @@ module Dependabot
           end
         end
 
-        # When we come across something that looks like a team mention (e.g. @dependabot/reviewers),
-        # we replace it with a text node.
-        # This is because there are ecosystems that have packages that follow the same pattern
-        # (e.g. @angular/angular-cli), and we don't want to create an invalid link, since
-        # team mentions link to `https://github.com/org/:organization_name/teams/:team_name`.
+        # Sanitize team mentions (e.g. @org/team) to prevent notifications; must run before sanitize_mentions.
         sig { params(doc: Commonmarker::Node).void }
         def sanitize_team_mentions(doc)
           doc.walk do |node|
             if node.type == :text &&
                node.string_content.match?(TEAM_MENTION_REGEX)
+              if parent_node_link?(node)
+                # Preserve text node formatting while preventing notifications with zero-width space
+                node.string_content = node.string_content.gsub(TEAM_MENTION_REGEX) do |match|
+                  insert_zero_width_space_in_mention(match)
+                end
+              else
+                nodes = build_team_mention_nodes(node.string_content)
 
-              nodes = build_team_mention_nodes(node.string_content)
-
-              nodes.each do |n|
-                node.insert_before(n)
+                nodes.each do |n|
+                  node.insert_before(n)
+                end
+                node.delete
               end
-              node.delete
             end
           end
         end

data/lib/dependabot.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.373.0"
+  VERSION = "0.374.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.373.0
+  version: 0.374.0
 platform: ruby
 authors:
 - Dependabot
@@ -617,7 +617,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.373.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
 rdoc_options: []
 require_paths:
 - lib