dependabot-core 0.94.13 → 0.95.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. metadata +13 -337
  3. data/CHANGELOG.md +0 -7079
  4. data/LICENSE +0 -39
  5. data/README.md +0 -114
  6. data/helpers/test/run.rb +0 -18
  7. data/helpers/utils/git-credential-store-immutable +0 -10
  8. data/lib/dependabot/clients/bitbucket.rb +0 -105
  9. data/lib/dependabot/clients/github_with_retries.rb +0 -121
  10. data/lib/dependabot/clients/gitlab.rb +0 -72
  11. data/lib/dependabot/dependency.rb +0 -115
  12. data/lib/dependabot/dependency_file.rb +0 -60
  13. data/lib/dependabot/errors.rb +0 -179
  14. data/lib/dependabot/file_fetchers/README.md +0 -65
  15. data/lib/dependabot/file_fetchers/base.rb +0 -368
  16. data/lib/dependabot/file_fetchers.rb +0 -18
  17. data/lib/dependabot/file_parsers/README.md +0 -45
  18. data/lib/dependabot/file_parsers/base/dependency_set.rb +0 -77
  19. data/lib/dependabot/file_parsers/base.rb +0 -31
  20. data/lib/dependabot/file_parsers.rb +0 -18
  21. data/lib/dependabot/file_updaters/README.md +0 -58
  22. data/lib/dependabot/file_updaters/base.rb +0 -52
  23. data/lib/dependabot/file_updaters.rb +0 -18
  24. data/lib/dependabot/git_commit_checker.rb +0 -412
  25. data/lib/dependabot/metadata_finders/README.md +0 -53
  26. data/lib/dependabot/metadata_finders/base/changelog_finder.rb +0 -321
  27. data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +0 -177
  28. data/lib/dependabot/metadata_finders/base/commits_finder.rb +0 -221
  29. data/lib/dependabot/metadata_finders/base/release_finder.rb +0 -255
  30. data/lib/dependabot/metadata_finders/base.rb +0 -117
  31. data/lib/dependabot/metadata_finders.rb +0 -18
  32. data/lib/dependabot/pull_request_creator/branch_namer.rb +0 -170
  33. data/lib/dependabot/pull_request_creator/commit_signer.rb +0 -63
  34. data/lib/dependabot/pull_request_creator/github.rb +0 -277
  35. data/lib/dependabot/pull_request_creator/gitlab.rb +0 -136
  36. data/lib/dependabot/pull_request_creator/labeler.rb +0 -373
  37. data/lib/dependabot/pull_request_creator/message_builder.rb +0 -906
  38. data/lib/dependabot/pull_request_creator.rb +0 -153
  39. data/lib/dependabot/pull_request_updater/github.rb +0 -165
  40. data/lib/dependabot/pull_request_updater.rb +0 -43
  41. data/lib/dependabot/shared_helpers.rb +0 -224
  42. data/lib/dependabot/source.rb +0 -120
  43. data/lib/dependabot/update_checkers/README.md +0 -67
  44. data/lib/dependabot/update_checkers/base.rb +0 -220
  45. data/lib/dependabot/update_checkers.rb +0 -18
  46. data/lib/dependabot/utils.rb +0 -33
  47. data/lib/dependabot/version.rb +0 -5
  48. data/lib/dependabot.rb +0 -4
  49. data/lib/rubygems_version_patch.rb +0 -14
@@ -1,221 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/clients/github_with_retries"
4
- require "dependabot/clients/gitlab"
5
- require "dependabot/clients/bitbucket"
6
- require "dependabot/shared_helpers"
7
- require "dependabot/metadata_finders/base"
8
-
9
- module Dependabot
10
- module MetadataFinders
11
- class Base
12
- class CommitsFinder
13
- attr_reader :source, :dependency, :credentials
14
-
15
- def initialize(source:, dependency:, credentials:)
16
- @source = source
17
- @dependency = dependency
18
- @credentials = credentials
19
- end
20
-
21
- def commits_url
22
- return unless source
23
- return if source.provider == "azure" # TODO: Fetch Azure commits
24
-
25
- path =
26
- case source.provider
27
- when "github" then github_compare_path(new_tag, previous_tag)
28
- when "bitbucket" then bitbucket_compare_path(new_tag, previous_tag)
29
- when "gitlab" then gitlab_compare_path(new_tag, previous_tag)
30
- else raise "Unexpected source provider '#{source.provider}'"
31
- end
32
-
33
- "#{source.url}/#{path}"
34
- end
35
-
36
- # rubocop:disable Metrics/CyclomaticComplexity
37
- def commits
38
- return [] unless source
39
- return [] unless new_tag && previous_tag
40
-
41
- case source.provider
42
- when "github" then fetch_github_commits
43
- when "bitbucket" then fetch_bitbucket_commits
44
- when "gitlab" then fetch_gitlab_commits
45
- when "azure" then [] # TODO: Fetch Azure commits
46
- else raise "Unexpected source provider '#{source.provider}'"
47
- end
48
- end
49
- # rubocop:enable Metrics/CyclomaticComplexity
50
-
51
- def new_tag
52
- new_version = dependency.version
53
-
54
- if git_source?(dependency.requirements) then new_version
55
- else
56
- tags = dependency_tags.
57
- select { |t| t =~ version_regex(new_version) }
58
- tags.find { |t| t.include?(dependency.name) } || tags.first
59
- end
60
- end
61
-
62
- private
63
-
64
- def previous_tag
65
- previous_version = dependency.previous_version
66
-
67
- if git_source?(dependency.previous_requirements)
68
- previous_version || previous_ref
69
- else
70
- tags = dependency_tags.
71
- select { |t| t =~ version_regex(previous_version) }
72
- tags.find { |t| t.include?(dependency.name) } || tags.first
73
- end
74
- end
75
-
76
- # TODO: Refactor me so that Composer doesn't need to be special cased
77
- def git_source?(requirements)
78
- # Special case Composer, which uses git as a source but handles tags
79
- # internally
80
- return false if dependency.package_manager == "composer"
81
-
82
- sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
83
- return false if sources.empty?
84
- raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
85
-
86
- source_type = sources.first[:type] || sources.first.fetch("type")
87
- source_type == "git"
88
- end
89
-
90
- def previous_ref
91
- return unless git_source?(dependency.previous_requirements)
92
-
93
- dependency.previous_requirements.map do |r|
94
- r.dig(:source, "ref") || r.dig(:source, :ref)
95
- end.compact.first
96
- end
97
-
98
- def version_regex(version)
99
- /(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
100
- end
101
-
102
- def dependency_tags
103
- @dependency_tags ||= fetch_dependency_tags
104
- end
105
-
106
- def fetch_dependency_tags
107
- return [] unless source
108
-
109
- case source.provider
110
- when "github"
111
- github_client.tags(source.repo, per_page: 100).map(&:name)
112
- when "bitbucket"
113
- bitbucket_client.tags(source.repo).map { |tag| tag["name"] }
114
- when "gitlab"
115
- gitlab_client.tags(source.repo).map(&:name)
116
- when "azure"
117
- [] # TODO: Fetch Azure tags
118
- else raise "Unexpected source provider '#{source.provider}'"
119
- end
120
- rescue Octokit::NotFound, Gitlab::Error::NotFound,
121
- Dependabot::Clients::Bitbucket::NotFound,
122
- Dependabot::Clients::Bitbucket::Unauthorized,
123
- Dependabot::Clients::Bitbucket::Forbidden
124
- []
125
- end
126
-
127
- def github_compare_path(new_tag, previous_tag)
128
- if new_tag && previous_tag
129
- "compare/#{previous_tag}...#{new_tag}"
130
- elsif new_tag
131
- "commits/#{new_tag}"
132
- else
133
- "commits"
134
- end
135
- end
136
-
137
- def bitbucket_compare_path(new_tag, previous_tag)
138
- if new_tag && previous_tag
139
- "branches/compare/#{new_tag}..#{previous_tag}"
140
- elsif new_tag
141
- "commits/tag/#{new_tag}"
142
- else
143
- "commits"
144
- end
145
- end
146
-
147
- def gitlab_compare_path(new_tag, previous_tag)
148
- if new_tag && previous_tag
149
- "compare/#{previous_tag}...#{new_tag}"
150
- elsif new_tag
151
- "commits/#{new_tag}"
152
- else
153
- "commits/master"
154
- end
155
- end
156
-
157
- def fetch_github_commits
158
- commits =
159
- github_client.compare(source.repo, previous_tag, new_tag).commits
160
- return [] unless commits
161
-
162
- commits.map do |commit|
163
- {
164
- message: commit.commit.message,
165
- sha: commit.sha,
166
- html_url: commit.html_url
167
- }
168
- end
169
- rescue Octokit::NotFound
170
- []
171
- end
172
-
173
- def fetch_bitbucket_commits
174
- bitbucket_client.
175
- compare(source.repo, previous_tag, new_tag).
176
- map do |commit|
177
- {
178
- message: commit.dig("summary", "raw"),
179
- sha: commit["hash"],
180
- html_url: commit.dig("links", "html", "href")
181
- }
182
- end
183
- rescue Dependabot::Clients::Bitbucket::NotFound,
184
- Dependabot::Clients::Bitbucket::Unauthorized,
185
- Dependabot::Clients::Bitbucket::Forbidden
186
- []
187
- end
188
-
189
- def fetch_gitlab_commits
190
- gitlab_client.
191
- compare(source.repo, previous_tag, new_tag).
192
- commits.
193
- map do |commit|
194
- {
195
- message: commit["message"],
196
- sha: commit["id"],
197
- html_url: "#{source.url}/commit/#{commit['id']}"
198
- }
199
- end
200
- rescue Gitlab::Error::NotFound
201
- []
202
- end
203
-
204
- def gitlab_client
205
- @gitlab_client ||= Dependabot::Clients::Gitlab.
206
- for_gitlab_dot_com(credentials: credentials)
207
- end
208
-
209
- def github_client
210
- @github_client ||= Dependabot::Clients::GithubWithRetries.
211
- for_github_dot_com(credentials: credentials)
212
- end
213
-
214
- def bitbucket_client
215
- @bitbucket_client ||= Dependabot::Clients::Bitbucket.
216
- for_bitbucket_dot_org(credentials: credentials)
217
- end
218
- end
219
- end
220
- end
221
- end
@@ -1,255 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/clients/github_with_retries"
4
- require "dependabot/clients/gitlab"
5
- require "dependabot/metadata_finders/base"
6
- require "dependabot/utils"
7
-
8
- module Dependabot
9
- module MetadataFinders
10
- class Base
11
- class ReleaseFinder
12
- attr_reader :dependency, :credentials, :source
13
-
14
- def initialize(source:, dependency:, credentials:)
15
- @source = source
16
- @dependency = dependency
17
- @credentials = credentials
18
- end
19
-
20
- def releases_url
21
- return unless source
22
-
23
- case source.provider
24
- when "github" then "#{source.url}/releases"
25
- when "gitlab" then "#{source.url}/tags"
26
- when "bitbucket" then nil
27
- when "azure" then "#{source.url}/tags"
28
- else raise "Unexpected repo provider '#{source.provider}'"
29
- end
30
- end
31
-
32
- def releases_text
33
- return unless relevant_releases.any?
34
- return if relevant_releases.all? { |r| r.body.nil? || r.body == "" }
35
-
36
- relevant_releases.map { |r| serialize_release(r) }.join("\n\n")
37
- end
38
-
39
- private
40
-
41
- def all_dep_releases
42
- releases = all_releases
43
- dep_prefix = dependency.name.downcase
44
-
45
- releases_with_dependency_name =
46
- releases.
47
- reject { |r| r.tag_name.nil? }.
48
- select { |r| r.tag_name.downcase.include?(dep_prefix) }
49
-
50
- return releases unless releases_with_dependency_name.any?
51
-
52
- releases_with_dependency_name
53
- end
54
-
55
- def all_releases
56
- @all_releases ||= fetch_dependency_releases
57
- end
58
-
59
- def relevant_releases
60
- releases = releases_since_previous_version
61
-
62
- # Sometimes we can't filter the releases properly (if they're
63
- # prefixed by a number that gets confused with the version). In this
64
- # case, the best we can do is return nil.
65
- return [] unless releases.any?
66
-
67
- if updated_release && version_class.correct?(dependency.version)
68
- releases = filter_releases_using_updated_release(releases)
69
- filter_releases_using_updated_version(releases, conservative: true)
70
- elsif updated_release
71
- filter_releases_using_updated_release(releases)
72
- elsif version_class.correct?(dependency.version)
73
- filter_releases_using_updated_version(releases, conservative: false)
74
- else
75
- [updated_release].compact
76
- end
77
- end
78
-
79
- def releases_since_previous_version
80
- previous_version = dependency.previous_version
81
- return [updated_release].compact unless previous_version
82
-
83
- if previous_release && version_class.correct?(previous_version)
84
- releases = filter_releases_using_previous_release(all_dep_releases)
85
- filter_releases_using_previous_version(releases, conservative: true)
86
- elsif previous_release
87
- filter_releases_using_previous_release(all_dep_releases)
88
- elsif version_class.correct?(previous_version)
89
- filter_releases_using_previous_version(
90
- all_dep_releases,
91
- conservative: false
92
- )
93
- else
94
- [updated_release].compact
95
- end
96
- end
97
-
98
- def filter_releases_using_previous_release(releases)
99
- return releases if releases.index(previous_release).nil?
100
-
101
- releases.first(releases.index(previous_release))
102
- end
103
-
104
- def filter_releases_using_updated_release(releases)
105
- return releases if releases.index(updated_release).nil?
106
-
107
- releases[releases.index(updated_release)..-1]
108
- end
109
-
110
- def filter_releases_using_previous_version(releases, conservative:)
111
- previous_version = version_class.new(dependency.previous_version)
112
-
113
- releases.reject do |release|
114
- cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
115
- cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
116
-
117
- tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
118
- select { |nm| version_class.correct?(nm) }.
119
- map { |nm| version_class.new(nm) }.max
120
-
121
- next conservative unless tag_version
122
-
123
- # Reject any releases that are less than the previous version
124
- # (e.g., if two major versions are being maintained)
125
- tag_version <= previous_version
126
- end
127
- end
128
-
129
- def filter_releases_using_updated_version(releases, conservative:)
130
- updated_version = version_class.new(dependency.version)
131
-
132
- releases.reject do |release|
133
- cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
134
- cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
135
-
136
- tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
137
- select { |nm| version_class.correct?(nm) }.
138
- map { |nm| version_class.new(nm) }.min
139
-
140
- next conservative unless tag_version
141
-
142
- # Reject any releases that are greater than the updated version
143
- # (e.g., if two major versions are being maintained)
144
- tag_version > updated_version
145
- end
146
- end
147
-
148
- def updated_release
149
- release_for_version(dependency.version)
150
- end
151
-
152
- def previous_release
153
- release_for_version(dependency.previous_version)
154
- end
155
-
156
- def release_for_version(version)
157
- return nil unless version
158
-
159
- release_regex = version_regex(version)
160
- # Doing two loops looks inefficient, but it ensures consistency
161
- all_dep_releases.find { |r| release_regex.match?(r.tag_name.to_s) } ||
162
- all_dep_releases.find { |r| release_regex.match?(r.name.to_s) }
163
- end
164
-
165
- def serialize_release(release)
166
- rel = release
167
- title = "## #{rel.name.to_s != '' ? rel.name : rel.tag_name}\n"
168
- body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
169
- "No release notes provided."
170
- else
171
- rel.body.gsub(/\n*\z/m, "")
172
- end
173
-
174
- release_body_includes_title?(rel) ? body : title + body
175
- end
176
-
177
- def release_body_includes_title?(release)
178
- title = release.name.to_s != "" ? release.name : release.tag_name
179
- release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
180
- end
181
-
182
- def version_regex(version)
183
- /(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
184
- end
185
-
186
- def version_class
187
- Utils.version_class_for_package_manager(dependency.package_manager)
188
- end
189
-
190
- def fetch_dependency_releases
191
- return [] unless source
192
-
193
- case source.provider
194
- when "github" then fetch_github_releases
195
- when "bitbucket" then [] # Bitbucket doesn't support releases
196
- when "gitlab" then fetch_gitlab_releases
197
- when "azure" then [] # Azure can't list API for annotated tags
198
- else raise "Unexpected repo provider '#{source.provider}'"
199
- end
200
- end
201
-
202
- def fetch_github_releases
203
- releases = github_client.releases(source.repo, per_page: 100)
204
-
205
- # Remove any releases without a tag name. These are draft releases and
206
- # aren't yet associated with a tag, so shouldn't be used.
207
- releases = releases.reject { |r| r.tag_name.nil? }
208
-
209
- clean_release_names =
210
- releases.map { |r| r.tag_name.gsub(/^[^0-9\.]*/, "") }
211
-
212
- if clean_release_names.all? { |nm| version_class.correct?(nm) }
213
- releases.sort_by do |r|
214
- version_class.new(r.tag_name.gsub(/^[^0-9\.]*/, ""))
215
- end.reverse
216
- else
217
- releases.sort_by(&:id).reverse
218
- end
219
- rescue Octokit::NotFound
220
- []
221
- end
222
-
223
- def fetch_gitlab_releases
224
- releases =
225
- gitlab_client.
226
- tags(source.repo).
227
- select(&:release).
228
- sort_by { |r| r.commit.authored_date }.
229
- reverse
230
-
231
- releases.map do |tag|
232
- OpenStruct.new(
233
- name: tag.name,
234
- tag_name: tag.release.tag_name,
235
- body: tag.release.description,
236
- html_url: "#{source.url}/tags/#{tag.name}"
237
- )
238
- end
239
- rescue Gitlab::Error::NotFound
240
- []
241
- end
242
-
243
- def gitlab_client
244
- @gitlab_client ||= Dependabot::Clients::Gitlab.
245
- for_gitlab_dot_com(credentials: credentials)
246
- end
247
-
248
- def github_client
249
- @github_client ||= Dependabot::Clients::GithubWithRetries.
250
- for_github_dot_com(credentials: credentials)
251
- end
252
- end
253
- end
254
- end
255
- end
@@ -1,117 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/source"
4
-
5
- module Dependabot
6
- module MetadataFinders
7
- class Base
8
- require "dependabot/metadata_finders/base/changelog_finder"
9
- require "dependabot/metadata_finders/base/release_finder"
10
- require "dependabot/metadata_finders/base/commits_finder"
11
-
12
- attr_reader :dependency, :credentials
13
-
14
- def initialize(dependency:, credentials:)
15
- @dependency = dependency
16
- @credentials = credentials
17
- end
18
-
19
- def source_url
20
- source&.url
21
- end
22
-
23
- def homepage_url
24
- source_url
25
- end
26
-
27
- def changelog_url
28
- @changelog_finder ||= ChangelogFinder.new(
29
- dependency: dependency,
30
- source: source,
31
- credentials: credentials
32
- )
33
- @changelog_finder.changelog_url
34
- end
35
-
36
- def changelog_text
37
- @changelog_finder ||= ChangelogFinder.new(
38
- dependency: dependency,
39
- source: source,
40
- credentials: credentials
41
- )
42
- @changelog_finder.changelog_text
43
- end
44
-
45
- def upgrade_guide_url
46
- @changelog_finder ||= ChangelogFinder.new(
47
- dependency: dependency,
48
- source: source,
49
- credentials: credentials
50
- )
51
- @changelog_finder.upgrade_guide_url
52
- end
53
-
54
- def upgrade_guide_text
55
- @changelog_finder ||= ChangelogFinder.new(
56
- dependency: dependency,
57
- source: source,
58
- credentials: credentials
59
- )
60
- @changelog_finder.upgrade_guide_text
61
- end
62
-
63
- def releases_url
64
- @release_finder ||= ReleaseFinder.new(
65
- dependency: dependency,
66
- source: source,
67
- credentials: credentials
68
- )
69
- @release_finder.releases_url
70
- end
71
-
72
- def releases_text
73
- @release_finder ||= ReleaseFinder.new(
74
- dependency: dependency,
75
- source: source,
76
- credentials: credentials
77
- )
78
- @release_finder.releases_text
79
- end
80
-
81
- def commits_url
82
- @commits_finder ||= CommitsFinder.new(
83
- dependency: dependency,
84
- source: source,
85
- credentials: credentials
86
- )
87
- @commits_finder.commits_url
88
- end
89
-
90
- def commits
91
- @commits_finder ||= CommitsFinder.new(
92
- dependency: dependency,
93
- source: source,
94
- credentials: credentials
95
- )
96
- @commits_finder.commits
97
- end
98
-
99
- def maintainer_changes
100
- nil
101
- end
102
-
103
- private
104
-
105
- def source
106
- return @source if @source_lookup_attempted
107
-
108
- @source_lookup_attempted = true
109
- @source = look_up_source
110
- end
111
-
112
- def look_up_source
113
- raise NotImplementedError
114
- end
115
- end
116
- end
117
- end
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Dependabot
4
- module MetadataFinders
5
- @metadata_finders = {}
6
-
7
- def self.for_package_manager(package_manager)
8
- metadata_finder = @metadata_finders[package_manager]
9
- return metadata_finder if metadata_finder
10
-
11
- raise "Unsupported package_manager #{package_manager}"
12
- end
13
-
14
- def self.register(package_manager, metadata_finder)
15
- @metadata_finders[package_manager] = metadata_finder
16
- end
17
- end
18
- end