dependabot-common 0.386.0 → 0.387.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1af9eae7cb945bd312cf8a9fee63b2f4e42adcbc3d137208e2043b659052013d
|
|
4
|
+
data.tar.gz: f815b9a6961d5ecbd9c77ffdf296a9a048dbfadf21fae5ddebc4bbd8db6fbd2b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 34737076727da04d065d0163c93fe1058cfbb3a86d79d2cfef2be4cf126d2fd4d335e204087d3c337e2d97f5ec0220878a1110e139f553805c4d36574e33cb5d
|
|
7
|
+
data.tar.gz: 5885a478a01996a6f382b3c2bedb29ff59ca557c0316582f14e9136bd3881dac04d20874862bc76a93a16119653a85c868d3d08c65e8cabb9fff1ae257124323
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
class GitCommitChecker
|
|
8
|
+
# Typed view over the source hash attached to a git dependency.
|
|
9
|
+
class SourceDetails < T::ImmutableStruct
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
12
|
+
const :type, T.nilable(String)
|
|
13
|
+
const :url, T.nilable(String)
|
|
14
|
+
const :branch, T.nilable(String)
|
|
15
|
+
const :ref, T.nilable(String)
|
|
16
|
+
|
|
17
|
+
sig do
|
|
18
|
+
params(details: T::Hash[T.any(String, Symbol), Object]).returns(SourceDetails)
|
|
19
|
+
end
|
|
20
|
+
def self.from_hash(details)
|
|
21
|
+
new(
|
|
22
|
+
type: string_value(details, :type),
|
|
23
|
+
url: string_value(details, :url),
|
|
24
|
+
branch: string_value(details, :branch),
|
|
25
|
+
ref: string_value(details, :ref)
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
sig do
|
|
30
|
+
params(
|
|
31
|
+
details: T::Hash[T.any(String, Symbol), Object],
|
|
32
|
+
key: Symbol
|
|
33
|
+
).returns(T.nilable(String))
|
|
34
|
+
end
|
|
35
|
+
def self.string_value(details, key)
|
|
36
|
+
value = details.key?(key) ? details[key] : details[key.to_s]
|
|
37
|
+
value.is_a?(String) ? value : nil
|
|
38
|
+
end
|
|
39
|
+
private_class_method :string_value
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -15,6 +15,7 @@ require "dependabot/source"
|
|
|
15
15
|
require "dependabot/dependency"
|
|
16
16
|
require "dependabot/credential"
|
|
17
17
|
require "dependabot/git_metadata_fetcher"
|
|
18
|
+
require "dependabot/git_commit_checker/source_details"
|
|
18
19
|
require "dependabot/git_tag_details"
|
|
19
20
|
require "dependabot/package/package_release"
|
|
20
21
|
require "dependabot/package/release_cooldown_options"
|
|
@@ -46,7 +47,7 @@ module Dependabot
|
|
|
46
47
|
ignored_versions: T::Array[String],
|
|
47
48
|
raise_on_ignored: T::Boolean,
|
|
48
49
|
consider_version_branches_pinned: T::Boolean,
|
|
49
|
-
dependency_source_details: T.nilable(T::Hash[Symbol,
|
|
50
|
+
dependency_source_details: T.nilable(T::Hash[Symbol, Object])
|
|
50
51
|
)
|
|
51
52
|
.void
|
|
52
53
|
end
|
|
@@ -63,14 +64,15 @@ module Dependabot
|
|
|
63
64
|
@ignored_versions = ignored_versions
|
|
64
65
|
@raise_on_ignored = raise_on_ignored
|
|
65
66
|
@consider_version_branches_pinned = consider_version_branches_pinned
|
|
66
|
-
@dependency_source_details =
|
|
67
|
+
@dependency_source_details = T.let(
|
|
68
|
+
dependency_source_details && SourceDetails.from_hash(dependency_source_details),
|
|
69
|
+
T.nilable(SourceDetails)
|
|
70
|
+
)
|
|
67
71
|
end
|
|
68
72
|
|
|
69
73
|
sig { returns(T::Boolean) }
|
|
70
74
|
def git_dependency?
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
dependency_source_details&.fetch(:type) == "git"
|
|
75
|
+
dependency_source_details&.type == "git"
|
|
74
76
|
end
|
|
75
77
|
|
|
76
78
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
@@ -78,7 +80,7 @@ module Dependabot
|
|
|
78
80
|
def pinned?
|
|
79
81
|
raise "Not a git dependency!" unless git_dependency?
|
|
80
82
|
|
|
81
|
-
branch = dependency_source_details&.
|
|
83
|
+
branch = dependency_source_details&.branch
|
|
82
84
|
|
|
83
85
|
return false if ref.nil?
|
|
84
86
|
return false if branch == ref
|
|
@@ -118,7 +120,7 @@ module Dependabot
|
|
|
118
120
|
sig { returns(T::Array[GitRef]) }
|
|
119
121
|
def tags
|
|
120
122
|
GitMetadataFetcher.new(
|
|
121
|
-
url:
|
|
123
|
+
url: T.must(source_details&.url),
|
|
122
124
|
credentials: credentials
|
|
123
125
|
).tags
|
|
124
126
|
end
|
|
@@ -128,7 +130,7 @@ module Dependabot
|
|
|
128
130
|
T.must(
|
|
129
131
|
T.let(
|
|
130
132
|
GitMetadataFetcher.new(
|
|
131
|
-
url:
|
|
133
|
+
url: T.must(source_details&.url),
|
|
132
134
|
credentials: credentials
|
|
133
135
|
).ref_details_for_pinned_ref(ref),
|
|
134
136
|
T.nilable(Excon::Response)
|
|
@@ -282,9 +284,12 @@ module Dependabot
|
|
|
282
284
|
false
|
|
283
285
|
end
|
|
284
286
|
|
|
285
|
-
sig { returns(T.nilable(
|
|
287
|
+
sig { returns(T.nilable(SourceDetails)) }
|
|
286
288
|
def dependency_source_details
|
|
287
|
-
@dependency_source_details
|
|
289
|
+
@dependency_source_details ||= begin
|
|
290
|
+
details = dependency.source_details(allowed_types: ["git"])
|
|
291
|
+
SourceDetails.from_hash(details) if details
|
|
292
|
+
end
|
|
288
293
|
end
|
|
289
294
|
|
|
290
295
|
sig { returns(T::Array[Dependabot::GitTagWithDetail]) }
|
|
@@ -333,7 +338,7 @@ module Dependabot
|
|
|
333
338
|
|
|
334
339
|
sig { override.returns(T.nilable(String)) }
|
|
335
340
|
def cooldown_source_url
|
|
336
|
-
dependency_source_details&.
|
|
341
|
+
dependency_source_details&.url
|
|
337
342
|
end
|
|
338
343
|
|
|
339
344
|
sig { override.returns(T::Array[Dependabot::Credential]) }
|
|
@@ -478,7 +483,7 @@ module Dependabot
|
|
|
478
483
|
|
|
479
484
|
sig { params(tags: T::Array[Dependabot::GitRef]).returns(T::Array[Dependabot::GitRef]) }
|
|
480
485
|
def handle_tag_prefix(tags)
|
|
481
|
-
if dependency_source_details&.
|
|
486
|
+
if dependency_source_details&.ref&.start_with?("tags/")
|
|
482
487
|
tags = tags.map do |tag|
|
|
483
488
|
tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
|
|
484
489
|
end
|
|
@@ -558,12 +563,12 @@ module Dependabot
|
|
|
558
563
|
|
|
559
564
|
sig { returns(T.nilable(String)) }
|
|
560
565
|
def ref_or_branch
|
|
561
|
-
ref || dependency_source_details&.
|
|
566
|
+
ref || dependency_source_details&.branch
|
|
562
567
|
end
|
|
563
568
|
|
|
564
569
|
sig { returns(T.nilable(String)) }
|
|
565
570
|
def ref
|
|
566
|
-
dependency_source_details&.
|
|
571
|
+
dependency_source_details&.ref
|
|
567
572
|
end
|
|
568
573
|
|
|
569
574
|
sig { params(tag: String).returns(T::Boolean) }
|
|
@@ -667,7 +672,7 @@ module Dependabot
|
|
|
667
672
|
begin
|
|
668
673
|
tags = listing_repo_git_metadata_fetcher.tags
|
|
669
674
|
|
|
670
|
-
if dependency_source_details&.
|
|
675
|
+
if dependency_source_details&.ref&.start_with?("tags/")
|
|
671
676
|
tags = tags.map do |tag|
|
|
672
677
|
tag.dup.tap { |t| t.name = "tags/#{tag.name}" }
|
|
673
678
|
end
|
|
@@ -695,7 +700,7 @@ module Dependabot
|
|
|
695
700
|
|
|
696
701
|
sig { returns(T::Boolean) }
|
|
697
702
|
def wants_prerelease?
|
|
698
|
-
return false unless dependency_source_details&.
|
|
703
|
+
return false unless dependency_source_details&.ref
|
|
699
704
|
return false unless pinned_ref_looks_like_version?
|
|
700
705
|
|
|
701
706
|
version = version_from_ref(T.must(ref))
|
|
@@ -892,7 +897,7 @@ module Dependabot
|
|
|
892
897
|
@local_repo_git_metadata_fetcher ||=
|
|
893
898
|
T.let(
|
|
894
899
|
GitMetadataFetcher.new(
|
|
895
|
-
url: dependency_source_details&.
|
|
900
|
+
url: T.must(dependency_source_details&.url),
|
|
896
901
|
credentials: credentials
|
|
897
902
|
),
|
|
898
903
|
T.nilable(Dependabot::GitMetadataFetcher)
|
|
@@ -913,8 +918,14 @@ module Dependabot
|
|
|
913
918
|
|
|
914
919
|
sig { returns(String) }
|
|
915
920
|
def ref_pinned
|
|
916
|
-
|
|
917
|
-
|
|
921
|
+
details = source_details
|
|
922
|
+
details&.ref || details&.branch || "HEAD"
|
|
923
|
+
end
|
|
924
|
+
|
|
925
|
+
sig { returns(T.nilable(SourceDetails)) }
|
|
926
|
+
def source_details
|
|
927
|
+
details = dependency.source_details
|
|
928
|
+
SourceDetails.from_hash(details) if details
|
|
918
929
|
end
|
|
919
930
|
end
|
|
920
931
|
# rubocop:enable Metrics/ClassLength
|
|
@@ -147,12 +147,6 @@ module Dependabot
|
|
|
147
147
|
raise "Unexpected response: #{response_with_git.status} - #{response_with_git.body}"
|
|
148
148
|
end
|
|
149
149
|
|
|
150
|
-
if uri.match?(/github\.com/i)
|
|
151
|
-
response = response_with_git.data
|
|
152
|
-
response[:response_headers] = response[:headers] unless response.nil?
|
|
153
|
-
raise Octokit::Error.from_response(response)
|
|
154
|
-
end
|
|
155
|
-
|
|
156
150
|
raise "Server error at #{uri}: #{response_with_git.body}" if response_with_git.status >= 500
|
|
157
151
|
|
|
158
152
|
raise Dependabot::GitDependenciesNotReachable, [uri]
|
|
@@ -213,7 +207,7 @@ module Dependabot
|
|
|
213
207
|
)
|
|
214
208
|
end
|
|
215
209
|
|
|
216
|
-
sig { params(uri: String).returns(
|
|
210
|
+
sig { params(uri: String).returns(GitResponse) }
|
|
217
211
|
def fetch_raw_upload_pack_with_git_for(uri)
|
|
218
212
|
service_pack_uri = uri
|
|
219
213
|
service_pack_uri += ".git" unless service_pack_uri.end_with?(".git") || skip_git_suffix(uri)
|
|
@@ -329,7 +323,7 @@ module Dependabot
|
|
|
329
323
|
T.must(line.split.first).chars.last(40).join
|
|
330
324
|
end
|
|
331
325
|
|
|
332
|
-
sig { returns(T::Hash[Symbol,
|
|
326
|
+
sig { returns(T::Hash[Symbol, Object]) }
|
|
333
327
|
def excon_defaults
|
|
334
328
|
# Some git hosts are slow when returning a large number of tags
|
|
335
329
|
SharedHelpers.excon_defaults(read_timeout: 20)
|
|
@@ -344,7 +338,7 @@ module Dependabot
|
|
|
344
338
|
|
|
345
339
|
# Added method to fetch tags with their creation dates from a git repository. In case
|
|
346
340
|
# private registry is used, it will clone the repository and fetch tags with their creation dates.
|
|
347
|
-
sig { params(uri: String).returns(
|
|
341
|
+
sig { params(uri: String).returns(GitResponse) }
|
|
348
342
|
def fetch_tags_with_detail_from_git_for(uri)
|
|
349
343
|
uri_ending_with_git = uri
|
|
350
344
|
uri_ending_with_git += ".git" unless uri_ending_with_git.end_with?(".git") || skip_git_suffix(uri)
|
|
@@ -121,9 +121,9 @@ module Dependabot
|
|
|
121
121
|
|
|
122
122
|
# Apply case transformation to content after prefix
|
|
123
123
|
case branch_name_case
|
|
124
|
-
when "
|
|
124
|
+
when "lowercase"
|
|
125
125
|
content = content.downcase
|
|
126
|
-
when "
|
|
126
|
+
when "uppercase"
|
|
127
127
|
content = content.upcase
|
|
128
128
|
end
|
|
129
129
|
|
data/lib/dependabot.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.387.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -552,6 +552,7 @@ files:
|
|
|
552
552
|
- lib/dependabot/file_updaters/base.rb
|
|
553
553
|
- lib/dependabot/file_updaters/vendor_updater.rb
|
|
554
554
|
- lib/dependabot/git_commit_checker.rb
|
|
555
|
+
- lib/dependabot/git_commit_checker/source_details.rb
|
|
555
556
|
- lib/dependabot/git_cooldown_date_resolver.rb
|
|
556
557
|
- lib/dependabot/git_metadata_fetcher.rb
|
|
557
558
|
- lib/dependabot/git_ref.rb
|
|
@@ -622,7 +623,7 @@ licenses:
|
|
|
622
623
|
- MIT
|
|
623
624
|
metadata:
|
|
624
625
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
625
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
626
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.387.0
|
|
626
627
|
rdoc_options: []
|
|
627
628
|
require_paths:
|
|
628
629
|
- lib
|