dependabot-core 0.76.10 → 0.76.11

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ea5efa14e9bf750844ec81c5566726109c3300827886e530423cdb46dd163d76
4
- data.tar.gz: 2649ba3489b8286fe121bb203f6afb012e4856e11911c758a0f6f6e70b066c99
3
+ metadata.gz: a5a81bf12f28897fd225b92b4e37e0476b0896fcc58685457173f696f3010c44
4
+ data.tar.gz: b30ff79c7eb025531e5d559270f7f13b06d4a0fd099f478a3019a9ad9fa2fe63
5
5
  SHA512:
6
- metadata.gz: 3c15ebc60b7ed05e863cd331d8881473a3c8cd191c0e49b8837213231a122ff0fede2fe034b80d1ec16ef68d2baa31e15f2309bc1ff1b8e2c85c911f11797500
7
- data.tar.gz: 4f04914e2406c1a48344e3b486c38b5c555eceb1406e5c99335b3961a600803d8d2ec71e2b812435fee08a4c33f3869d24d54cdcb12a94e9d0be445c03c5bbaa
6
+ metadata.gz: b1379cee6737a8d68f06463024c9793f1db3ffc0750af144e358e717ae8fab08febb492c7ff4638bd8b74980d257cf7ca50d901be33f51e757409dc5ee68c8cc
7
+ data.tar.gz: 527956ec32bea4528e5868d2168cd9ac5c23331783a8da287393a00b7a669dee2a8cfdb91066bbd315deb93dd23b623c0f4461e2ff177d2eda1bfb33ca7e2f4f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## v0.76.11, 7 December 2018
2
+
3
+ - Python: Ignore dependencies that we had to insert a version for
4
+ - JS(npm): Raise helpful errer for forbidden missing deps
5
+ - Gradle: Don't consider dependencies that concatenate properties to build a version
6
+ - Maven: Check distribution type when looking up declaration to update
7
+
1
8
  ## v0.76.10, 6 December 2018
2
9
 
3
10
  - Cache commit tag lookup in changelog finder
@@ -92,8 +92,8 @@ def parse_setup(directory):
92
92
 
93
93
  global fake_open
94
94
  def fake_open(*args, **kwargs):
95
- content = ("VERSION = (0, 0, 1)\n"
96
- "__version__ = '0.0.1'\n"
95
+ content = ("VERSION = ('0', '0', '1+dependabot')\n"
96
+ "__version__ = '0.0.1+dependabot'\n"
97
97
  "__author__ = 'someone'\n"
98
98
  "__title__ = 'something'\n"
99
99
  "__description__ = 'something'\n"
@@ -113,7 +113,7 @@ def parse_setup(directory):
113
113
  content = re.sub(version_re, "", content)
114
114
 
115
115
  # Set variables likely to be imported
116
- __version__ = '0.0.1'
116
+ __version__ = '0.0.1+dependabot'
117
117
  __author__ = 'someone'
118
118
  __title__ = 'something'
119
119
  __description__ = 'something'
@@ -175,7 +175,7 @@ module Dependabot
175
175
  end
176
176
 
177
177
  def evaluated_value(value, buildfile)
178
- return value unless value.match?(PROPERTY_REGEX)
178
+ return value unless value.scan(PROPERTY_REGEX).count == 1
179
179
 
180
180
  property_name = value.match(PROPERTY_REGEX).
181
181
  named_captures.fetch("property_name")
@@ -29,6 +29,10 @@ module Dependabot
29
29
  # probably blocked. Ignore it.
30
30
  next if dep["markers"].include?("<")
31
31
 
32
+ # If the requirement is our inserted version, ignore it
33
+ # (we wouldn't be able to update it)
34
+ next if dep["version"] == "0.0.1+dependabot"
35
+
32
36
  dependencies <<
33
37
  Dependency.new(
34
38
  name: normalised_name(dep["name"]),
@@ -59,6 +59,7 @@ module Dependabot
59
59
  ].compact.join(":")
60
60
 
61
61
  next false unless node_name == dependency_name
62
+ next false unless packaging_type_matches?(node)
62
63
 
63
64
  declaring_requirement_matches?(node)
64
65
  end
@@ -99,6 +100,21 @@ module Dependabot
99
100
  end
100
101
  end
101
102
 
103
+ def packaging_type_matches?(node)
104
+ type = declaring_requirement.dig(:metadata, :packaging_type)
105
+ type == packaging_type(node)
106
+ end
107
+
108
+ def packaging_type(dependency_node)
109
+ return "pom" if dependency_node.child.node_name == "parent"
110
+ return "jar" unless dependency_node.at_xpath("./*/type")
111
+
112
+ packaging_type_content = dependency_node.at_xpath("./*/type").
113
+ content.strip
114
+
115
+ evaluated_value(packaging_type_content)
116
+ end
117
+
102
118
  def evaluated_value(value)
103
119
  unless value.match?(FileParsers::Java::Maven::PROPERTY_REGEX)
104
120
  return value
@@ -175,7 +175,7 @@ module Dependabot
175
175
  error.message.match(MISSING_PACKAGE).
176
176
  named_captures["package_req"].
177
177
  split(/(?<=\w)\@/).first
178
- handle_missing_package(package_name)
178
+ handle_missing_package(package_name, error, lockfile)
179
179
  end
180
180
  names = dependencies.map(&:name)
181
181
  if names.any? { |name| error.message.include?("#{name}@") } &&
@@ -209,7 +209,7 @@ module Dependabot
209
209
  error.message.match(FORBIDDEN_PACKAGE).
210
210
  named_captures["package_req"].
211
211
  split(/(?<=\w)\@/).first
212
- handle_missing_package(package_name)
212
+ handle_missing_package(package_name, error, lockfile)
213
213
  end
214
214
  if error.message.match?(UNREACHABLE_GIT)
215
215
  dependency_url =
@@ -232,14 +232,14 @@ module Dependabot
232
232
  raise Dependabot::DependencyFileNotResolvable, msg
233
233
  end
234
234
 
235
- def handle_missing_package(package_name)
235
+ def handle_missing_package(package_name, error, lockfile)
236
236
  missing_dep = FileParsers::JavaScript::NpmAndYarn.new(
237
237
  dependency_files: dependency_files,
238
238
  source: nil,
239
239
  credentials: credentials
240
240
  ).parse.find { |dep| dep.name == package_name }
241
241
 
242
- return unless missing_dep
242
+ raise_resolvability_error(error, lockfile) unless missing_dep
243
243
 
244
244
  reg = UpdateCheckers::JavaScript::NpmAndYarn::RegistryFinder.new(
245
245
  dependency: missing_dep,
@@ -250,13 +250,17 @@ module Dependabot
250
250
  find { |f| f.name.end_with?(".yarnrc") }
251
251
  ).registry
252
252
 
253
- if reg == "registry.npmjs.org" && !package_name.start_with?("@")
254
- return
255
- end
253
+ return if central_registry?(reg) && !package_name.start_with?("@")
256
254
 
257
255
  raise Dependabot::PrivateSourceAuthenticationFailure, reg
258
256
  end
259
257
 
258
+ def central_registry?(registry)
259
+ FileParsers::JavaScript::NpmAndYarn::CENTRAL_REGISTRIES.any? do |r|
260
+ r.include?(registry)
261
+ end
262
+ end
263
+
260
264
  def resolvable_before_update?(lockfile)
261
265
  @resolvable_before_update ||= {}
262
266
  if @resolvable_before_update.key?(lockfile.name)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.76.10"
4
+ VERSION = "0.76.11"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.76.10
4
+ version: 0.76.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-06 00:00:00.000000000 Z
11
+ date: 2018-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-ecr