dependabot-common 0.375.0 → 0.376.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_file.rb +19 -0
  3. data/lib/dependabot/registry_client.rb +14 -2
  4. data/lib/dependabot.rb +1 -1
  5. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9131ea6c1d60dcacb5910c06b15afb3c289d6ca84ed2b70633792148c37f69d3
4
- data.tar.gz: 37e4b152ea03ba6cc051b89d27b89d8cdf07cde85209a9afb6e2772072f43647
3
+ metadata.gz: 2649607c4b50e0d3447b6127fee079597d0f6c404347195ef0e7283b9017d528
4
+ data.tar.gz: 29f1fbfd4fc78fe8ac967bc5d77c01ad1de766e65ed7a6f36408e63226ebf7f4
5
5
  SHA512:
6
- metadata.gz: c0603247a8e5ac0f1498e0ea4e497900792cf72f22ded37fa7039483c3d6da07372b6d413ddb25a54b4574e77e01a9ef7e68a86dfe5af87bffebb0afa213b2c7
7
- data.tar.gz: ec29620b703653d8b35724d5176b9dd9c073ebba37e63805119684766e18d3fd2fb94e1536a23556ce44256a4b3b30d2327d68fcba8bc1bfa3ae8f2fb1d0fdf7
6
+ metadata.gz: 55b79ec0676c883d3533f361215d3c704c96a297c717c2f9c721567391875990f726079c6873e442f86424c2858ecb545499639e5ce0987154743ea68689351c
7
+ data.tar.gz: e67f0a9ef1254c6747743f6ab56234ffe720ae4e0d56440fe8ab85220ecf3a5761c1545b7743bfbc65ea90c2ce6f72d6d2bbe4d6ad80ad486e69833eef69e01e
data/lib/dependabot/dependency_file.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "digest"
4
5
  require "pathname"
5
6
  require "sorbet-runtime"
6
7
 
@@ -209,6 +210,24 @@ module Dependabot
209
210
  T.must(content)
210
211
  end
211
212
 
213
+ # Returns the Git blob OID for this file's content,
214
+ # matching the value GitHub/Spokes uses for the same blob.
215
+ # Accepts :sha1 (default) or :sha256 to match the repository's object format.
216
+ sig { params(algorithm: Symbol).returns(T.nilable(String)) }
217
+ def blob_oid(algorithm: :sha1)
218
+ return nil unless content
219
+
220
+ raw = decoded_content.dup.force_encoding(Encoding::BINARY)
221
+ header = "blob #{raw.bytesize}\0".b
222
+ digest = case algorithm
223
+ when :sha256 then Digest::SHA256.new
224
+ else Digest::SHA1.new
225
+ end
226
+ digest.update(header)
227
+ digest.update(raw)
228
+ digest.hexdigest
229
+ end
230
+
212
231
  private
213
232
 
214
233
  sig { params(directory: String).returns(String) }
data/lib/dependabot/registry_client.rb CHANGED
@@ -36,7 +36,7 @@ module Dependabot
36
36
  retry_interval: 5
37
37
  )
38
38
  rescue Excon::Error::Timeout, Excon::Error::Socket => e
39
- cache_error(url, e)
39
+ cache_error(url, e) if cacheable_error?(e)
40
40
  raise e
41
41
  end
42
42
 
@@ -57,7 +57,7 @@ module Dependabot
57
57
  **SharedHelpers.excon_defaults({ headers: headers }.merge(options))
58
58
  )
59
59
  rescue Excon::Error::Timeout, Excon::Error::Socket => e
60
- cache_error(url, e)
60
+ cache_error(url, e) if cacheable_error?(e)
61
61
  raise e
62
62
  end
63
63
 
@@ -77,5 +77,17 @@ module Dependabot
77
77
  host = URI(url).host
78
78
  @cached_errors.fetch(host, nil)
79
79
  end
80
+
81
+ sig { params(error: CachedErrorType).returns(T::Boolean) }
82
+ private_class_method def self.cacheable_error?(error)
83
+ if error.is_a?(Excon::Error::Socket)
84
+ case error.socket_error
85
+ when EOFError
86
+ return false
87
+ end
88
+ end
89
+
90
+ true
91
+ end
80
92
  end
81
93
  end
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.375.0"
5
+ VERSION = "0.376.0"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.375.0
4
+ version: 0.376.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -43,20 +43,20 @@ dependencies:
43
43
  requirements:
44
44
  - - ">="
45
45
  - !ruby/object:Gem::Version
46
- version: '1.16'
46
+ version: '2.4'
47
47
  - - "<"
48
48
  - !ruby/object:Gem::Version
49
- version: 3.0.0
49
+ version: 5.0.0
50
50
  type: :runtime
51
51
  prerelease: false
52
52
  version_requirements: !ruby/object:Gem::Requirement
53
53
  requirements:
54
54
  - - ">="
55
55
  - !ruby/object:Gem::Version
56
- version: '1.16'
56
+ version: '2.4'
57
57
  - - "<"
58
58
  - !ruby/object:Gem::Version
59
- version: 3.0.0
59
+ version: 5.0.0
60
60
  - !ruby/object:Gem::Dependency
61
61
  name: commonmarker
62
62
  requirement: !ruby/object:Gem::Requirement
@@ -147,14 +147,14 @@ dependencies:
147
147
  requirements:
148
148
  - - "<"
149
149
  - !ruby/object:Gem::Version
150
- version: '2.19'
150
+ version: '2.20'
151
151
  type: :runtime
152
152
  prerelease: false
153
153
  version_requirements: !ruby/object:Gem::Requirement
154
154
  requirements:
155
155
  - - "<"
156
156
  - !ruby/object:Gem::Version
157
- version: '2.19'
157
+ version: '2.20'
158
158
  - !ruby/object:Gem::Dependency
159
159
  name: nokogiri
160
160
  requirement: !ruby/object:Gem::Requirement
@@ -617,7 +617,7 @@ licenses:
617
617
  - MIT
618
618
  metadata:
619
619
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
620
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.375.0
620
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
621
621
  rdoc_options: []
622
622
  require_paths:
623
623
  - lib