dependabot-core 0.77.2 → 0.78.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f75adb014d90ad2b7af6d103be94bf6257aa70f8c6de08e6ec33e8a3ab3c237
-  data.tar.gz: 96c4b51e7e8434cf0e2bbaaf51d08a2ec20b8eed6d5585f35b7f5eb0768fd54d
+  metadata.gz: 95c11f6783d5750a80f0cb5733246a913f4171b771bd2543f9d7e46d3092d2c6
+  data.tar.gz: 05b220175026cecb6153863d9ed5910da8025798be814f54de4792586bc81c13
 SHA512:
-  metadata.gz: 738ee78026051f5e981881543fd537af012733c540107e8ff391839f23a4b04cfca2c4f51ff986c5f8744f3d3d486fb967fa2737dc5a3a60fda4a1a67b5c33d5
-  data.tar.gz: c3a2d1e80a6612a8ba2c43b7237e485eaf0ced70612533d23643aa6be5cc62b6f875368d84d2b995fce154a5eccd3d2bf91257cdc5b77c45df9a2eec68221fac
+  metadata.gz: 9a3eff9df94cb5ea0bc46301527bbbbd1a72cd55863c6905d323a10f701ffaad8a3b24ffd67f86e2790e4740074306e7bf4929018176d94222abb9f7beb16d04
+  data.tar.gz: 874b136db86a44268b7b5ff2ac535903d582089a71e6f6ffb614184ac496b081108a4bc21438f978c5160eb944bc11333a0bfd6b08e0f9cd0f31d7f6f1863861

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## v0.78.0, 7 December 2018
+
+- Extract git_submodules logic into a separate gem
+
 ## v0.77.2, 7 December 2018
 
 - Add top level docker file that requires docker classes

data/lib/dependabot/file_fetchers.rb

@@ -6,7 +6,6 @@ require "dependabot/file_fetchers/java_script/npm_and_yarn"
 require "dependabot/file_fetchers/java/maven"
 require "dependabot/file_fetchers/java/gradle"
 require "dependabot/file_fetchers/php/composer"
-require "dependabot/file_fetchers/git/submodules"
 require "dependabot/file_fetchers/elixir/hex"
 require "dependabot/file_fetchers/rust/cargo"
 require "dependabot/file_fetchers/dotnet/nuget"
@@ -23,7 +22,6 @@ module Dependabot
       "gradle" => FileFetchers::Java::Gradle,
       "pip" => FileFetchers::Python::Pip,
       "composer" => FileFetchers::Php::Composer,
-      "submodules" => FileFetchers::Git::Submodules,
       "hex" => FileFetchers::Elixir::Hex,
       "cargo" => FileFetchers::Rust::Cargo,
       "nuget" => FileFetchers::Dotnet::Nuget,

data/lib/dependabot/file_parsers.rb

@@ -6,7 +6,6 @@ require "dependabot/file_parsers/java_script/npm_and_yarn"
 require "dependabot/file_parsers/java/maven"
 require "dependabot/file_parsers/java/gradle"
 require "dependabot/file_parsers/php/composer"
-require "dependabot/file_parsers/git/submodules"
 require "dependabot/file_parsers/elixir/hex"
 require "dependabot/file_parsers/rust/cargo"
 require "dependabot/file_parsers/dotnet/nuget"
@@ -23,7 +22,6 @@ module Dependabot
       "gradle" => FileParsers::Java::Gradle,
       "pip" => FileParsers::Python::Pip,
       "composer" => FileParsers::Php::Composer,
-      "submodules" => FileParsers::Git::Submodules,
       "hex" => FileParsers::Elixir::Hex,
       "cargo" => FileParsers::Rust::Cargo,
       "nuget" => FileParsers::Dotnet::Nuget,

data/lib/dependabot/file_updaters.rb

@@ -6,7 +6,6 @@ require "dependabot/file_updaters/java_script/npm_and_yarn"
 require "dependabot/file_updaters/java/maven"
 require "dependabot/file_updaters/java/gradle"
 require "dependabot/file_updaters/php/composer"
-require "dependabot/file_updaters/git/submodules"
 require "dependabot/file_updaters/elixir/hex"
 require "dependabot/file_updaters/rust/cargo"
 require "dependabot/file_updaters/dotnet/nuget"
@@ -23,7 +22,6 @@ module Dependabot
       "gradle" => FileUpdaters::Java::Gradle,
       "pip" => FileUpdaters::Python::Pip,
       "composer" => FileUpdaters::Php::Composer,
-      "submodules" => FileUpdaters::Git::Submodules,
       "hex" => FileUpdaters::Elixir::Hex,
       "cargo" => FileUpdaters::Rust::Cargo,
       "nuget" => FileUpdaters::Dotnet::Nuget,

data/lib/dependabot/metadata_finders.rb

@@ -5,7 +5,6 @@ require "dependabot/metadata_finders/python/pip"
 require "dependabot/metadata_finders/java_script/npm_and_yarn"
 require "dependabot/metadata_finders/java/maven"
 require "dependabot/metadata_finders/php/composer"
-require "dependabot/metadata_finders/git/submodules"
 require "dependabot/metadata_finders/elixir/hex"
 require "dependabot/metadata_finders/rust/cargo"
 require "dependabot/metadata_finders/dotnet/nuget"
@@ -21,7 +20,6 @@ module Dependabot
       "gradle" => MetadataFinders::Java::Maven,
       "pip" => MetadataFinders::Python::Pip,
       "composer" => MetadataFinders::Php::Composer,
-      "submodules" => MetadataFinders::Git::Submodules,
       "hex" => MetadataFinders::Elixir::Hex,
       "cargo" => MetadataFinders::Rust::Cargo,
       "nuget" => MetadataFinders::Dotnet::Nuget,

data/lib/dependabot/update_checkers.rb

@@ -6,7 +6,6 @@ require "dependabot/update_checkers/java_script/npm_and_yarn"
 require "dependabot/update_checkers/java/maven"
 require "dependabot/update_checkers/java/gradle"
 require "dependabot/update_checkers/php/composer"
-require "dependabot/update_checkers/git/submodules"
 require "dependabot/update_checkers/elixir/hex"
 require "dependabot/update_checkers/rust/cargo"
 require "dependabot/update_checkers/dotnet/nuget"
@@ -23,7 +22,6 @@ module Dependabot
       "gradle" => UpdateCheckers::Java::Gradle,
       "pip" => UpdateCheckers::Python::Pip,
       "composer" => UpdateCheckers::Php::Composer,
-      "submodules" => UpdateCheckers::Git::Submodules,
       "hex" => UpdateCheckers::Elixir::Hex,
       "cargo" => UpdateCheckers::Rust::Cargo,
       "nuget" => UpdateCheckers::Dotnet::Nuget,

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.77.2"
+  VERSION = "0.78.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.77.2
+  version: 0.78.0
 platform: ruby
 authors:
 - Dependabot
@@ -385,7 +385,6 @@ files:
 - lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb
 - lib/dependabot/file_fetchers/elixir/hex.rb
 - lib/dependabot/file_fetchers/elm/elm_package.rb
-- lib/dependabot/file_fetchers/git/submodules.rb
 - lib/dependabot/file_fetchers/go/dep.rb
 - lib/dependabot/file_fetchers/go/modules.rb
 - lib/dependabot/file_fetchers/java/gradle.rb
@@ -410,7 +409,6 @@ files:
 - lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb
 - lib/dependabot/file_parsers/elixir/hex.rb
 - lib/dependabot/file_parsers/elm/elm_package.rb
-- lib/dependabot/file_parsers/git/submodules.rb
 - lib/dependabot/file_parsers/go/dep.rb
 - lib/dependabot/file_parsers/go/modules.rb
 - lib/dependabot/file_parsers/go/modules/go_mod_parser.rb
@@ -446,7 +444,6 @@ files:
 - lib/dependabot/file_updaters/elm/elm_package.rb
 - lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb
 - lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb
-- lib/dependabot/file_updaters/git/submodules.rb
 - lib/dependabot/file_updaters/go/dep.rb
 - lib/dependabot/file_updaters/go/dep/lockfile_updater.rb
 - lib/dependabot/file_updaters/go/dep/manifest_updater.rb
@@ -476,6 +473,7 @@ files:
 - lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb
 - lib/dependabot/file_updaters/python/pip/requirement_replacer.rb
 - lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb
+- lib/dependabot/file_updaters/ruby/.DS_Store
 - lib/dependabot/file_updaters/ruby/bundler.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
@@ -499,7 +497,6 @@ files:
 - lib/dependabot/metadata_finders/dotnet/nuget.rb
 - lib/dependabot/metadata_finders/elixir/hex.rb
 - lib/dependabot/metadata_finders/elm/elm_package.rb
-- lib/dependabot/metadata_finders/git/submodules.rb
 - lib/dependabot/metadata_finders/go/dep.rb
 - lib/dependabot/metadata_finders/java/maven.rb
 - lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb
@@ -535,7 +532,6 @@ files:
 - lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb
 - lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb
 - lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb
-- lib/dependabot/update_checkers/git/submodules.rb
 - lib/dependabot/update_checkers/go/dep.rb
 - lib/dependabot/update_checkers/go/dep/file_preparer.rb
 - lib/dependabot/update_checkers/go/dep/latest_version_finder.rb
@@ -622,7 +618,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 2.7.3
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: Automated dependency management

data/lib/dependabot/file_fetchers/git/submodules.rb

@@ -1,73 +0,0 @@
-# frozen_string_literal: true
-
-require "parseconfig"
-require "dependabot/file_fetchers/base"
-require "dependabot/shared_helpers"
-
-module Dependabot
-  module FileFetchers
-    module Git
-      class Submodules < Dependabot::FileFetchers::Base
-        def self.required_files_in?(filenames)
-          filenames.include?(".gitmodules")
-        end
-
-        def self.required_files_message
-          "Repo must contain a .gitmodules file."
-        end
-
-        private
-
-        def fetch_files
-          fetched_files = []
-          fetched_files << gitmodules_file
-          fetched_files += submodule_refs
-          fetched_files
-        end
-
-        def gitmodules_file
-          @gitmodules_file ||= fetch_file_from_host(".gitmodules")
-        end
-
-        def submodule_refs
-          submodule_paths.
-            map { |path| fetch_submodule_ref_from_host(path) }.
-            tap { |refs| refs.each { |f| f.support_file = true } }
-        end
-
-        def submodule_paths
-          SharedHelpers.in_a_temporary_directory do
-            File.write(".gitmodules", gitmodules_file.content)
-            ParseConfig.new(".gitmodules").params.values.map { |p| p["path"] }
-          end
-        end
-
-        def fetch_submodule_ref_from_host(submodule_path)
-          path = Pathname.new(File.join(directory, submodule_path)).
-                 cleanpath.to_path.gsub(%r{^/*}, "")
-          sha =  case source.provider
-                 when "github"
-                   github_client_for_source.contents(
-                     repo,
-                     path: path,
-                     ref: commit
-                   ).sha
-                 when "gitlab"
-                   tmp_path = path.gsub(%r{^/*}, "")
-                   gitlab_client.get_file(repo, tmp_path, commit).blob_id
-                 else raise "Unsupported provider '#{source.provider}'."
-                 end
-
-          DependencyFile.new(
-            name: Pathname.new(submodule_path).cleanpath.to_path,
-            content: sha,
-            directory: directory,
-            type: "submodule"
-          )
-        rescue Octokit::NotFound, Gitlab::Error::NotFound
-          raise Dependabot::DependencyFileNotFound, path
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_parsers/git/submodules.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require "parseconfig"
-require "dependabot/dependency"
-require "dependabot/file_parsers/base"
-require "dependabot/shared_helpers"
-
-module Dependabot
-  module FileParsers
-    module Git
-      class Submodules < Dependabot::FileParsers::Base
-        def parse
-          SharedHelpers.in_a_temporary_directory do
-            File.write(".gitmodules", gitmodules_file.content)
-
-            ParseConfig.new(".gitmodules").params.map do |_, params|
-              branch = params["branch"]
-
-              Dependency.new(
-                name: params["path"],
-                version: submodule_sha(params["path"]),
-                package_manager: "submodules",
-                requirements: [{
-                  requirement: nil,
-                  file: ".gitmodules",
-                  source: {
-                    type: "git",
-                    url: absolute_url(params["url"]),
-                    branch: branch,
-                    ref: branch
-                  },
-                  groups: []
-                }]
-              )
-            end
-          end
-        end
-
-        private
-
-        def absolute_url(url)
-          # Submodules can be specified with a relative URL (e.g., ../repo.git)
-          # which we want to expand out into a full URL if present.
-          return url unless url.start_with?("../", "./")
-
-          path = Pathname.new(File.join(source.repo, url))
-          "https://#{source.hostname}/#{path.cleanpath}"
-        end
-
-        def submodule_sha(path)
-          submodule = dependency_files.find { |f| f.name == path }
-          raise "Submodule not found #{path}" unless submodule
-
-          submodule.content
-        end
-
-        def gitmodules_file
-          @gitmodules_file ||= get_original_file(".gitmodules")
-        end
-
-        def check_required_files
-          %w(.gitmodules).each do |filename|
-            raise "No #{filename}!" unless get_original_file(filename)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/git/submodules.rb

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/base"
-
-module Dependabot
-  module FileUpdaters
-    module Git
-      class Submodules < Dependabot::FileUpdaters::Base
-        def self.updated_files_regex
-          []
-        end
-
-        def updated_dependency_files
-          [updated_file(file: submodule, content: dependency.version)]
-        end
-
-        private
-
-        def dependency
-          # Git submodules will only ever be updating a single dependency
-          dependencies.first
-        end
-
-        def check_required_files
-          %w(.gitmodules).each do |filename|
-            raise "No #{filename}!" unless get_original_file(filename)
-          end
-        end
-
-        def submodule
-          @submodule ||= dependency_files.find do |file|
-            file.name == dependency.name
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/git/submodules.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/metadata_finders/base"
-
-module Dependabot
-  module MetadataFinders
-    module Git
-      class Submodules < Dependabot::MetadataFinders::Base
-        private
-
-        def look_up_source
-          url = dependency.requirements.first.fetch(:source)[:url] ||
-                dependency.requirements.first.fetch(:source).fetch("url")
-
-          Source.from_url(url)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/git/submodules.rb

@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/update_checkers/base"
-require "dependabot/git_commit_checker"
-
-module Dependabot
-  module UpdateCheckers
-    module Git
-      class Submodules < Dependabot::UpdateCheckers::Base
-        def latest_version
-          @latest_version ||= fetch_latest_version
-        end
-
-        def latest_resolvable_version
-          # Resolvability isn't an issue for submodules.
-          latest_version
-        end
-
-        def latest_resolvable_version_with_no_unlock
-          # No concept of "unlocking" for submodules
-          latest_version
-        end
-
-        def updated_requirements
-          # Submodule requirements are the URL and branch to use for the
-          # submodule. We never want to update either.
-          dependency.requirements
-        end
-
-        private
-
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't relevant for submodules
-          false
-        end
-
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-
-        def fetch_latest_version
-          git_commit_checker = GitCommitChecker.new(
-            dependency: dependency,
-            credentials: credentials
-          )
-
-          git_commit_checker.head_commit_for_current_branch
-        end
-      end
-    end
-  end
-end