dependabot-core 0.94.13 → 0.95.0

data/lib/dependabot/metadata_finders/base/commits_finder.rb

@@ -1,221 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/clients/github_with_retries"
-require "dependabot/clients/gitlab"
-require "dependabot/clients/bitbucket"
-require "dependabot/shared_helpers"
-require "dependabot/metadata_finders/base"
-
-module Dependabot
-  module MetadataFinders
-    class Base
-      class CommitsFinder
-        attr_reader :source, :dependency, :credentials
-
-        def initialize(source:, dependency:, credentials:)
-          @source = source
-          @dependency = dependency
-          @credentials = credentials
-        end
-
-        def commits_url
-          return unless source
-          return if source.provider == "azure" # TODO: Fetch Azure commits
-
-          path =
-            case source.provider
-            when "github" then github_compare_path(new_tag, previous_tag)
-            when "bitbucket" then bitbucket_compare_path(new_tag, previous_tag)
-            when "gitlab" then gitlab_compare_path(new_tag, previous_tag)
-            else raise "Unexpected source provider '#{source.provider}'"
-            end
-
-          "#{source.url}/#{path}"
-        end
-
-        # rubocop:disable Metrics/CyclomaticComplexity
-        def commits
-          return [] unless source
-          return [] unless new_tag && previous_tag
-
-          case source.provider
-          when "github" then fetch_github_commits
-          when "bitbucket" then fetch_bitbucket_commits
-          when "gitlab" then fetch_gitlab_commits
-          when "azure" then [] # TODO: Fetch Azure commits
-          else raise "Unexpected source provider '#{source.provider}'"
-          end
-        end
-        # rubocop:enable Metrics/CyclomaticComplexity
-
-        def new_tag
-          new_version = dependency.version
-
-          if git_source?(dependency.requirements) then new_version
-          else
-            tags = dependency_tags.
-                   select { |t| t =~ version_regex(new_version) }
-            tags.find { |t| t.include?(dependency.name) } || tags.first
-          end
-        end
-
-        private
-
-        def previous_tag
-          previous_version = dependency.previous_version
-
-          if git_source?(dependency.previous_requirements)
-            previous_version || previous_ref
-          else
-            tags = dependency_tags.
-                   select { |t| t =~ version_regex(previous_version) }
-            tags.find { |t| t.include?(dependency.name) } || tags.first
-          end
-        end
-
-        # TODO: Refactor me so that Composer doesn't need to be special cased
-        def git_source?(requirements)
-          # Special case Composer, which uses git as a source but handles tags
-          # internally
-          return false if dependency.package_manager == "composer"
-
-          sources = requirements.map { |r| r.fetch(:source) }.uniq.compact
-          return false if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-
-          source_type = sources.first[:type] || sources.first.fetch("type")
-          source_type == "git"
-        end
-
-        def previous_ref
-          return unless git_source?(dependency.previous_requirements)
-
-          dependency.previous_requirements.map do |r|
-            r.dig(:source, "ref") || r.dig(:source, :ref)
-          end.compact.first
-        end
-
-        def version_regex(version)
-          /(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
-        end
-
-        def dependency_tags
-          @dependency_tags ||= fetch_dependency_tags
-        end
-
-        def fetch_dependency_tags
-          return [] unless source
-
-          case source.provider
-          when "github"
-            github_client.tags(source.repo, per_page: 100).map(&:name)
-          when "bitbucket"
-            bitbucket_client.tags(source.repo).map { |tag| tag["name"] }
-          when "gitlab"
-            gitlab_client.tags(source.repo).map(&:name)
-          when "azure"
-            [] # TODO: Fetch Azure tags
-          else raise "Unexpected source provider '#{source.provider}'"
-          end
-        rescue Octokit::NotFound, Gitlab::Error::NotFound,
-               Dependabot::Clients::Bitbucket::NotFound,
-               Dependabot::Clients::Bitbucket::Unauthorized,
-               Dependabot::Clients::Bitbucket::Forbidden
-          []
-        end
-
-        def github_compare_path(new_tag, previous_tag)
-          if new_tag && previous_tag
-            "compare/#{previous_tag}...#{new_tag}"
-          elsif new_tag
-            "commits/#{new_tag}"
-          else
-            "commits"
-          end
-        end
-
-        def bitbucket_compare_path(new_tag, previous_tag)
-          if new_tag && previous_tag
-            "branches/compare/#{new_tag}..#{previous_tag}"
-          elsif new_tag
-            "commits/tag/#{new_tag}"
-          else
-            "commits"
-          end
-        end
-
-        def gitlab_compare_path(new_tag, previous_tag)
-          if new_tag && previous_tag
-            "compare/#{previous_tag}...#{new_tag}"
-          elsif new_tag
-            "commits/#{new_tag}"
-          else
-            "commits/master"
-          end
-        end
-
-        def fetch_github_commits
-          commits =
-            github_client.compare(source.repo, previous_tag, new_tag).commits
-          return [] unless commits
-
-          commits.map do |commit|
-            {
-              message: commit.commit.message,
-              sha: commit.sha,
-              html_url: commit.html_url
-            }
-          end
-        rescue Octokit::NotFound
-          []
-        end
-
-        def fetch_bitbucket_commits
-          bitbucket_client.
-            compare(source.repo, previous_tag, new_tag).
-            map do |commit|
-              {
-                message: commit.dig("summary", "raw"),
-                sha: commit["hash"],
-                html_url: commit.dig("links", "html", "href")
-              }
-            end
-        rescue Dependabot::Clients::Bitbucket::NotFound,
-               Dependabot::Clients::Bitbucket::Unauthorized,
-               Dependabot::Clients::Bitbucket::Forbidden
-          []
-        end
-
-        def fetch_gitlab_commits
-          gitlab_client.
-            compare(source.repo, previous_tag, new_tag).
-            commits.
-            map do |commit|
-              {
-                message: commit["message"],
-                sha: commit["id"],
-                html_url: "#{source.url}/commit/#{commit['id']}"
-              }
-            end
-        rescue Gitlab::Error::NotFound
-          []
-        end
-
-        def gitlab_client
-          @gitlab_client ||= Dependabot::Clients::Gitlab.
-                             for_gitlab_dot_com(credentials: credentials)
-        end
-
-        def github_client
-          @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_github_dot_com(credentials: credentials)
-        end
-
-        def bitbucket_client
-          @bitbucket_client ||= Dependabot::Clients::Bitbucket.
-                                for_bitbucket_dot_org(credentials: credentials)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/base/release_finder.rb

@@ -1,255 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/clients/github_with_retries"
-require "dependabot/clients/gitlab"
-require "dependabot/metadata_finders/base"
-require "dependabot/utils"
-
-module Dependabot
-  module MetadataFinders
-    class Base
-      class ReleaseFinder
-        attr_reader :dependency, :credentials, :source
-
-        def initialize(source:, dependency:, credentials:)
-          @source = source
-          @dependency = dependency
-          @credentials = credentials
-        end
-
-        def releases_url
-          return unless source
-
-          case source.provider
-          when "github" then "#{source.url}/releases"
-          when "gitlab" then "#{source.url}/tags"
-          when "bitbucket" then nil
-          when "azure" then "#{source.url}/tags"
-          else raise "Unexpected repo provider '#{source.provider}'"
-          end
-        end
-
-        def releases_text
-          return unless relevant_releases.any?
-          return if relevant_releases.all? { |r| r.body.nil? || r.body == "" }
-
-          relevant_releases.map { |r| serialize_release(r) }.join("\n\n")
-        end
-
-        private
-
-        def all_dep_releases
-          releases = all_releases
-          dep_prefix = dependency.name.downcase
-
-          releases_with_dependency_name =
-            releases.
-            reject { |r| r.tag_name.nil? }.
-            select { |r| r.tag_name.downcase.include?(dep_prefix) }
-
-          return releases unless releases_with_dependency_name.any?
-
-          releases_with_dependency_name
-        end
-
-        def all_releases
-          @all_releases ||= fetch_dependency_releases
-        end
-
-        def relevant_releases
-          releases = releases_since_previous_version
-
-          # Sometimes we can't filter the releases properly (if they're
-          # prefixed by a number that gets confused with the version). In this
-          # case, the best we can do is return nil.
-          return [] unless releases.any?
-
-          if updated_release && version_class.correct?(dependency.version)
-            releases = filter_releases_using_updated_release(releases)
-            filter_releases_using_updated_version(releases, conservative: true)
-          elsif updated_release
-            filter_releases_using_updated_release(releases)
-          elsif version_class.correct?(dependency.version)
-            filter_releases_using_updated_version(releases, conservative: false)
-          else
-            [updated_release].compact
-          end
-        end
-
-        def releases_since_previous_version
-          previous_version = dependency.previous_version
-          return [updated_release].compact unless previous_version
-
-          if previous_release && version_class.correct?(previous_version)
-            releases = filter_releases_using_previous_release(all_dep_releases)
-            filter_releases_using_previous_version(releases, conservative: true)
-          elsif previous_release
-            filter_releases_using_previous_release(all_dep_releases)
-          elsif version_class.correct?(previous_version)
-            filter_releases_using_previous_version(
-              all_dep_releases,
-              conservative: false
-            )
-          else
-            [updated_release].compact
-          end
-        end
-
-        def filter_releases_using_previous_release(releases)
-          return releases if releases.index(previous_release).nil?
-
-          releases.first(releases.index(previous_release))
-        end
-
-        def filter_releases_using_updated_release(releases)
-          return releases if releases.index(updated_release).nil?
-
-          releases[releases.index(updated_release)..-1]
-        end
-
-        def filter_releases_using_previous_version(releases, conservative:)
-          previous_version = version_class.new(dependency.previous_version)
-
-          releases.reject do |release|
-            cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
-            cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
-
-            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                          select { |nm| version_class.correct?(nm) }.
-                          map { |nm| version_class.new(nm) }.max
-
-            next conservative unless tag_version
-
-            # Reject any releases that are less than the previous version
-            # (e.g., if two major versions are being maintained)
-            tag_version <= previous_version
-          end
-        end
-
-        def filter_releases_using_updated_version(releases, conservative:)
-          updated_version = version_class.new(dependency.version)
-
-          releases.reject do |release|
-            cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
-            cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
-
-            tag_version = [cleaned_tag, cleaned_name].compact.reject(&:empty?).
-                          select { |nm| version_class.correct?(nm) }.
-                          map { |nm| version_class.new(nm) }.min
-
-            next conservative unless tag_version
-
-            # Reject any releases that are greater than the updated version
-            # (e.g., if two major versions are being maintained)
-            tag_version > updated_version
-          end
-        end
-
-        def updated_release
-          release_for_version(dependency.version)
-        end
-
-        def previous_release
-          release_for_version(dependency.previous_version)
-        end
-
-        def release_for_version(version)
-          return nil unless version
-
-          release_regex = version_regex(version)
-          # Doing two loops looks inefficient, but it ensures consistency
-          all_dep_releases.find { |r| release_regex.match?(r.tag_name.to_s) } ||
-            all_dep_releases.find { |r| release_regex.match?(r.name.to_s) }
-        end
-
-        def serialize_release(release)
-          rel = release
-          title = "## #{rel.name.to_s != '' ? rel.name : rel.tag_name}\n"
-          body = if rel.body.to_s.gsub(/\n*\z/m, "") == ""
-                   "No release notes provided."
-                 else
-                   rel.body.gsub(/\n*\z/m, "")
-                 end
-
-          release_body_includes_title?(rel) ? body : title + body
-        end
-
-        def release_body_includes_title?(release)
-          title = release.name.to_s != "" ? release.name : release.tag_name
-          release.body.to_s.match?(/\A\s*\#*\s*#{Regexp.quote(title)}/m)
-        end
-
-        def version_regex(version)
-          /(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
-        end
-
-        def version_class
-          Utils.version_class_for_package_manager(dependency.package_manager)
-        end
-
-        def fetch_dependency_releases
-          return [] unless source
-
-          case source.provider
-          when "github" then fetch_github_releases
-          when "bitbucket" then [] # Bitbucket doesn't support releases
-          when "gitlab" then fetch_gitlab_releases
-          when "azure" then [] # Azure can't list API for annotated tags
-          else raise "Unexpected repo provider '#{source.provider}'"
-          end
-        end
-
-        def fetch_github_releases
-          releases = github_client.releases(source.repo, per_page: 100)
-
-          # Remove any releases without a tag name. These are draft releases and
-          # aren't yet associated with a tag, so shouldn't be used.
-          releases = releases.reject { |r| r.tag_name.nil? }
-
-          clean_release_names =
-            releases.map { |r| r.tag_name.gsub(/^[^0-9\.]*/, "") }
-
-          if clean_release_names.all? { |nm| version_class.correct?(nm) }
-            releases.sort_by do |r|
-              version_class.new(r.tag_name.gsub(/^[^0-9\.]*/, ""))
-            end.reverse
-          else
-            releases.sort_by(&:id).reverse
-          end
-        rescue Octokit::NotFound
-          []
-        end
-
-        def fetch_gitlab_releases
-          releases =
-            gitlab_client.
-            tags(source.repo).
-            select(&:release).
-            sort_by { |r| r.commit.authored_date }.
-            reverse
-
-          releases.map do |tag|
-            OpenStruct.new(
-              name: tag.name,
-              tag_name: tag.release.tag_name,
-              body: tag.release.description,
-              html_url: "#{source.url}/tags/#{tag.name}"
-            )
-          end
-        rescue Gitlab::Error::NotFound
-          []
-        end
-
-        def gitlab_client
-          @gitlab_client ||= Dependabot::Clients::Gitlab.
-                             for_gitlab_dot_com(credentials: credentials)
-        end
-
-        def github_client
-          @github_client ||= Dependabot::Clients::GithubWithRetries.
-                             for_github_dot_com(credentials: credentials)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/base.rb

@@ -1,117 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/source"
-
-module Dependabot
-  module MetadataFinders
-    class Base
-      require "dependabot/metadata_finders/base/changelog_finder"
-      require "dependabot/metadata_finders/base/release_finder"
-      require "dependabot/metadata_finders/base/commits_finder"
-
-      attr_reader :dependency, :credentials
-
-      def initialize(dependency:, credentials:)
-        @dependency = dependency
-        @credentials = credentials
-      end
-
-      def source_url
-        source&.url
-      end
-
-      def homepage_url
-        source_url
-      end
-
-      def changelog_url
-        @changelog_finder ||= ChangelogFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @changelog_finder.changelog_url
-      end
-
-      def changelog_text
-        @changelog_finder ||= ChangelogFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @changelog_finder.changelog_text
-      end
-
-      def upgrade_guide_url
-        @changelog_finder ||= ChangelogFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @changelog_finder.upgrade_guide_url
-      end
-
-      def upgrade_guide_text
-        @changelog_finder ||= ChangelogFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @changelog_finder.upgrade_guide_text
-      end
-
-      def releases_url
-        @release_finder ||= ReleaseFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @release_finder.releases_url
-      end
-
-      def releases_text
-        @release_finder ||= ReleaseFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @release_finder.releases_text
-      end
-
-      def commits_url
-        @commits_finder ||= CommitsFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @commits_finder.commits_url
-      end
-
-      def commits
-        @commits_finder ||= CommitsFinder.new(
-          dependency: dependency,
-          source: source,
-          credentials: credentials
-        )
-        @commits_finder.commits
-      end
-
-      def maintainer_changes
-        nil
-      end
-
-      private
-
-      def source
-        return @source if @source_lookup_attempted
-
-        @source_lookup_attempted = true
-        @source = look_up_source
-      end
-
-      def look_up_source
-        raise NotImplementedError
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-module Dependabot
-  module MetadataFinders
-    @metadata_finders = {}
-
-    def self.for_package_manager(package_manager)
-      metadata_finder = @metadata_finders[package_manager]
-      return metadata_finder if metadata_finder
-
-      raise "Unsupported package_manager #{package_manager}"
-    end
-
-    def self.register(package_manager, metadata_finder)
-      @metadata_finders[package_manager] = metadata_finder
-    end
-  end
-end