Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Double quote variables in shellscript #3917

Merged
merged 1 commit into from
Jun 16, 2021

Conversation

PeterDaveHello
Copy link
Contributor

This will help prevent globbing and word splitting. Most of them are
already quoted, just few of them are missed.

This will help prevent globbing and word splitting. Most of them are
already quoted, just few of them are missed.
@PeterDaveHello PeterDaveHello requested a review from a team as a code owner June 16, 2021 11:03
Copy link
Contributor

@feelepxyz feelepxyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one 👍

@feelepxyz feelepxyz enabled auto-merge June 16, 2021 11:15
@feelepxyz feelepxyz disabled auto-merge June 16, 2021 15:37
@feelepxyz feelepxyz merged commit c7523c8 into dependabot:main Jun 16, 2021
@PeterDaveHello PeterDaveHello deleted the ImproveShellScript branch June 16, 2021 16:24
PeterDaveHello added a commit to PeterDaveHelloKitchen/dependabot-core that referenced this pull request Jun 16, 2021
@xlgmokha
Copy link
Contributor

Perhaps we could introduce shellcheck to lint the shell scripts.

e.g.

モ shellcheck bin/* */helpers/build

In bin/bump-version.rb line 1:
#!/usr/bin/env ruby
^-- SC1071: ShellCheck only supports sh/bash/dash/ksh scripts. Sorry!


In bin/docker-dev-shell line 14:
OPTS=`getopt -o hr --long help,rebuild -n 'parse-options' -- "$@"`
^--^ SC2034: OPTS appears unused. Verify use (or export if used externally).
     ^-- SC2006: Use $(...) notation instead of legacy backticked `...`.

Did you mean:
OPTS=$(getopt -o hr --long help,rebuild -n 'parse-options' -- "$@")


In bin/docker-dev-shell line 15:
if [ $? != 0 ]; then
     ^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.


In bin/docker-dev-shell line 61:
echo $RUNNING
     ^------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
echo "$RUNNING"


In bin/dry-run.rb line 1:
#!/usr/bin/env ruby
^-- SC1071: ShellCheck only supports sh/bash/dash/ksh scripts. Sorry!


In hex/helpers/build line 18:
case `uname` in
     ^-----^ SC2006: Use $(...) notation instead of legacy backticked `...`.

Did you mean:
case $(uname) in

For more information:
  https://www.shellcheck.net/wiki/SC1071 -- ShellCheck only supports sh/bash/...
  https://www.shellcheck.net/wiki/SC2034 -- OPTS appears unused. Verify use (...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

There's some easy PR points to collect here.

@feelepxyz
Copy link
Contributor

feelepxyz commented Jun 17, 2021

@xlgmokha good idea! This action might be helpful to set it up https://github.com/ludeeus/action-shellcheck

@xlgmokha xlgmokha mentioned this pull request Jun 17, 2021
1 task
@xlgmokha
Copy link
Contributor

This action might be helpful to set it up https://github.com/ludeeus/action-shellcheck

I gave this a try: #3932. It seemed easier to configure shellcheck directly rather than using an external action. I also like being able to run the script locally to reproduce issues found in CI. WDYT?

@xlgmokha xlgmokha mentioned this pull request Jun 19, 2021
milind009 added a commit to GiriB/dependabot-core that referenced this pull request Oct 6, 2021
* Raise on ruby 2.7 deprecation warnings

Break tests if we introduce any ruby 2.7 deprecation warnings.

* Fix ruby 2.7 deprecations

* Add `--no-install-recommends` to all `apt-get install` in Dockerfile

This option will prevent not needed package being installed, make the
image smaller.

* Double quote variables in shellscript

This will help prevent globbing and word splitting. Most of them are
already quoted, just few of them are missed.

* v0.154.1

* Double quote variables in Dockerfile's shellscript, cc dependabot#3917

* build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers

Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 2.6.2 to 2.6.3.
- [Release notes](https://github.com/npm/arborist/releases)
- [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md)
- [Commits](npm/arborist@v2.6.2...v2.6.3)

---
updated-dependencies:
- dependency-name: "@npmcli/arborist"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bundler: attempt to isolate flaky test

Seeing a bunch of CI failures from this force updater spec:
`NoMethodError with message: undefined method `name' for "Gemfile":String`

Ref: https://github.com/dependabot/dependabot-core/pull/3923/checks?check_run_id=2842564846

I haven't managed to reproduce this locally yet.

* Add more failing specs

* Fix ruby 2.7 deprecations in python

* Add more flaky test candidates

* Github actions: Handle no latest version found

When no latest version can be found return nil to prevent the update
checker from comparing the version with the current version:

```
ArgumentError: comparison of String with Dependabot::GithubActions::Version failed
```

* Strip auth headers from VCR cassettes

* Fix spec

* Remove nil guard

* Fix cops

* Terraform: Handle 401 registry responses

Raise a `PrivateSourceAuthenticationFailure` with the provided hostname
if the registry responds with a `401`.

* v0.154.2

* Terraform: handle dependencies without a namespace

Default providers without a namespace to `hashicorp`.

* chore: add lint job to check shell scripts

* fix shellcheck errors in shellcheck linter script

* chore: break out files to each line

* chore: use sudo to install apt packages

* chore: allow passing args to shellscript. e.g ./bin/lint -f diff

* chore: fix SC2006

```plaintext
In ./hex/helpers/build line 18:
case `uname` in
     ^-----^ SC2006: Use $(...) notation instead of legacy backticked `...`.

Did you mean:
case $(uname) in
```

https://github.com/koalaman/shellcheck/wiki/SC2006

* chore: fix SC2086 in docker-dev-shell

```plaintext
In ./bin/docker-dev-shell line 61:
echo $RUNNING
     ^------^ SC2086: Double quote to prevent globbing and word splitting.
```

https://github.com/koalaman/shellcheck/wiki/SC2086

* chore: fix SC2006

```plaintext
In ./bin/docker-dev-shell line 14:
OPTS=`getopt -o hr --long help,rebuild -n 'parse-options' -- "$@"`
^--^ SC2034: OPTS appears unused. Verify use (or export if used externally).
     ^-- SC2006: Use $(...) notation instead of legacy backticked `...`.
```

https://github.com/koalaman/shellcheck/wiki/SC2006

* chore: ignore existing shellcheck issues

* chore: add ecosystem specific script files to linter list

* chore: remove unnecessary headers

* rake rubocop:sort

* enable Style/* and autofix

* enable Lint/* and autoformat

* final rubocop warnings

* Replace wget with curl for minimized dependency

Use single tool for the same purpose, simplify the tool dependency, and
also make the Docker image a little bit more smaller.

* Fetches upload-pack using git if http fails

* test: pin constraint to ensure deterministic test results

* test: update declared constraints in expectation

* test: tweak assertion to match new constraint

* test: update fixture constraint to ensure resolution falls within a deterministic range

* chore: install shellcheck in the dev container

* Updates existing error handling tests to mock capture3 call

* Adds tests for fallback where HTTP fails but git ls-remote succeeds

* fix url in test

* Reformats lines to accomodate line-length lint finding

* Streamlines git ls-remote fallback logic to remove unused response values

* Updates github pull request tests to mock-fail git ls-remote fallback

* Updates metadata commits finder tests to mock-fail git ls-remote fallback

* Updates git commit checker tests to mock-fail git ls-remote fallback

* Returns basename and relative path in CodeCommit file fetcher

Previously, the `name` and `path` attributes were both the absolute
path for all files retrieved from CodeCommit sources. This caused
problems in `fetch_file_from_host`, which joins the `directory`
from the config with the `filename`. When `filename` is the absolute
path, this essentially duplicated the directory in the result, e.g.
`directory/directory/relative path`.

This change returns the basename and relative path instead, matching
the implemenation for azure devops, and allowing the join in `fetch_file_from_host`
to return `directory/relative path`

* build(deps-dev): bump eslint in /npm_and_yarn/helpers

Bumps [eslint](https://github.com/eslint/eslint) from 7.28.0 to 7.29.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.28.0...v7.29.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): update commonmarker requirement from >= 0.20.1, < 0.22.0 to >= 0.20.1, < 0.23.0

Updates the requirements on [commonmarker](https://github.com/gjtorikian/commonmarker) to permit the latest version.
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Commits](gjtorikian/commonmarker@v0.20.1...v0.21.2)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.89 to 0.12.90.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.89...0.12.90)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Clarify support policies in README and Issue template

We tend to get a lot of questions here about the Dependabot service that
we operate at GitHub. Many of those questions are much easier to resolve
when going through Support, as they have much better tooling and
processes to follow up on those sorts of questions.

This attempts to clarify that in the README and issue template.

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.89 to 0.12.90.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.89...0.12.90)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Terraform: handle unreachable private module proxy

Raise a `PrivateSourceAuthenticationFailure` when a private module proxy
can't be reached.

* Terraform: handle missing source

Silently ignore failing source requests to not block PR creation.
Returning nil here will cause the PR creator to not include any
changelogs/release notes.

* v0.154.3

* expected credentials

* bin/ci-test

* Add version_filter module to common, remove from ecosystem update_checker

* Check if the version is a Gem::Version, not the advisory

* Run rubocop

* Run rubocop

* Move include up in class hierarchy

Co-authored-by: Philip Harrison <[email protected]>

* Make filter_vulnerable_versions stateless

* Rubocop

* Remove VersionFilters include

Co-authored-by: Jurre <[email protected]>

* Reorder #lowest_security_fix_version filters

* Rubocop

* ci-test: shellcheck yourself

before you shellwreck yourself

* docker-dev-shell: do not rename gemspec

* devcontainer: do not rename gemspec

* Add fetch_lowest_security_fix_version and test

* Working security advisory test

* Add lowest_resolvable_security_fix_version

* Update LatestVersionFinder tests to use new fixture tags

* Update test suite, add lowest_security_fix_version tests

* Rubocop

* temp commit

* Initialize :security_advsiories as an empty array, remove pending test

* Add latest_version_checker to UpdateChecker, add tests for security advisories

* Use stateless filter_vulnerable_versions

* Add missing assignment

* Clarifying external contribution guidelines

See dependabot#3943

* Move `#filter_vulnerable_version` to come before `#filter_ignored_version`

* Terraform: handle nested module sources

Relax the regex that matches module sources to include nested modules.

* v0.154.4

* Create changelog from merge commits

* Add link to pr

* Check out branch before committing changes

* Update bin/bump-version.rb

* Swap version filters

Co-authored-by: Philip Harrison <[email protected]>

* Terraform: install modules when updating lockfile

Terraform requires modules to be installed with `terraform init` when
updating the lockfile. Opted to only run `terraform init` if the call to
`terraform providers lock` bails out and retry.

We could opt to always run `terraform init` if there are any modules
defined but would mean parsing the dependency files and checking if any
of the dependencies are modules as we only have access to the current
dependency, which in this case is provider.

* Update test to reflect dependency version after update

* v0.154.5

* Add test for indirect dependencies to `#lowest_resolvable_security_fix`

* v0.155.0

* GemspecSanitizer replace interpolated strings

The previous impl only replaced the components of the interpolated
string that looked like versions.

When this is called with a `replacement_version` read from
`Gemfile.lock`, the replacement value based on the interpolated string.

* nuget: RepositoryFinder might not find PackageBaseAddress

* nuget: handle RepositoryDetails without BaseAddress

* autoformat fixture

* build(deps-dev): bump jest in /npm_and_yarn/helpers

Bumps [jest](https://github.com/facebook/jest) from 27.0.4 to 27.0.5.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](jestjs/jest@v27.0.4...v27.0.5)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump pip-tools from 6.1.0 to 6.2.0 in /python/helpers

Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/jazzband/pip-tools/releases)
- [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md)
- [Commits](jazzband/pip-tools@6.1.0...6.2.0)

---
updated-dependencies:
- dependency-name: pip-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Terraform: fix module updates with a lockfile

This is the other side of dependabot#3968

This fixes module updates when there's a lockfile present. Modules are
not included in the lockfile so adding a guard to only attempt lockfile
updates for providers.

Fixed some test setup to match what the parsed files would look like.

* v0.155.1

* feature: Add support for Hex sub-projects

* clean: Refactor tests to use new pattern

* Terraform: clone repository contents for update

Terraform projects can include local path modules that are currently not
fetched in the file fetching step so any lockfile update will fail
because these files are missing.

The easiest fix seemed to be to always start cloning terraform projects
as this is what we want to end up doing for all ecosystems.

The file fetcher will still hit the gh api when getting the reo contents
but this would require changes in common so keen to make that change
separately as it currently works.

* Stop double writing dependecy files

* v0.155.2

* Update CHANGELOG.md

* Bump minor for change to cloning

Merged too quickly dependabot#3979
Makes sense to bump minor for the terraform cloning change.

* Exclude release note merges in changelog

Exclude release note merges in generated changelog.

For example: dependabot#3977

* build(deps-dev): update rubocop requirement from ~> 1.16.0 to ~> 1.17.0

Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

* Enable new cops

* Fix cops

* Terraform: Configure git for `terraform init` and capture errors

When attempting to `terraform init` when there are private module
sources present, currently we raise a `HelperSubprocessFailed`.

Terraform will attempt to use any git credentials that are configured,
so passing these along should help in some cases when Dependabot is
configured to access these, and when it isn't we should raise a
PrivateSourceAuthenticationFailure to communicate more clearly that we
cannot reach a certain source.

It's a little unfortunate that we even need to do this, because this
happens when we attempt to update a lockfile, and these don't support
modules. However, `terraform providers lock` will still complain about
modules needing to be installed, and this should do a better job of
that.

* v0.156.1

* Terraform: Prevent `terraform init` from initializing backends

* remove `strip_terminal_colors`

as its not needed anymore

* pin azurerm versions in test fixtures

prevents new versions from breaking the tests

* prefer Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES

* poetry_files_parser ignore paths

* poetry ignore url dependencies too

* linter

* outdated test

* v0.156.2

* build(deps-dev): bump prettier in /npm_and_yarn/helpers

Bumps [prettier](https://github.com/prettier/prettier) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump poetry from 1.1.6 to 1.1.7 in /python/helpers

Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.6 to 1.1.7.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/1.1.7/CHANGELOG.md)
- [Commits](python-poetry/poetry@1.1.6...1.1.7)

---
updated-dependencies:
- dependency-name: poetry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump pip from 21.1.2 to 21.1.3 in /python/helpers

Bumps [pip](https://github.com/pypa/pip) from 21.1.2 to 21.1.3.
- [Release notes](https://github.com/pypa/pip/releases)
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@21.1.2...21.1.3)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* PR Updater: Handle required status checks

As per [the docs][docs] when branch protection rules are enabled, force
pushing to them is disabled.

This handles errors when this happens and raises a `BranchProtected`
error, which will allow us to handle this gracefully and inform the user
of this.

[docs]: https://docs.github.com/en/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#about-branch-protection-rules

* build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers

Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/npm/arborist/releases)
- [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md)
- [Commits](npm/arborist@v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: "@npmcli/arborist"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump jest in /npm_and_yarn/helpers

Bumps [jest](https://github.com/facebook/jest) from 27.0.5 to 27.0.6.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](jestjs/jest@v27.0.5...v27.0.6)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): update rubocop requirement from ~> 1.17.0 to ~> 1.18.0

Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add support for fetching extensions.xml files

These files contain dependency coordinates for Maven extensions that
want to receive the Maven afterSessionStart event. The file is always
located in the .mvn folder in the project root and is optional.

See also
  - https://maven.apache.org/guides/mini/guide-using-extensions.html
  - https://maven.apache.org/examples/maven-3-lifecycle-extensions.html

* Add support for extensions.xml to parser

extensions.xml files can only contain an extensions block specifying one
or more extension dependency. The extension nodes only have groupId,
artifactId and version.

* Add update support for extension.xml files

Adjusts the maven file_updater to also process extensions.xml files.
Methods and variables that are now used for either file type have been
renamed accordingly.

* Fix rubocop violations

* Use `if` instead `unless nil`

Co-authored-by: Philip Harrison <[email protected]>

* Simplify using `fetch_file_if_present`

Co-authored-by: Philip Harrison <[email protected]>

* Simplify updated files check

Co-authored-by: Philip Harrison <[email protected]>

* Make sure code works even if `.mvn` directory is missing

Co-authored-by: Philip Harrison <[email protected]>

* Always require a pom.xml file

Co-authored-by: Philip Harrison <[email protected]>

* Remove empty line

Co-authored-by: Philip Harrison <[email protected]>

* Remove empty line

Co-authored-by: Philip Harrison <[email protected]>

* Fix linter error

Co-authored-by: mo khan <[email protected]>

* Fix linter error

* v0.156.3

* Fix spec stubs

* add Unauthorized exception to azure.rb

* add tests for azure client

* v0.156.4

* fix trailing whitespace

* fix trailing whitespace

* test: place upper bound on version constraint

* Gomod: Handle unrecognized import path error

When referencing a go proxy that 404s, we see this error. Previously
this would not be handled, but it should result in a
DependencyFileNotResolvable error, so users have a sense of what's
wrong.

* test: reproduce a defect with relative paths using poetry

* test: ensure both the pyproject and lock file are updated

* fix(poetry): copy all project files when generating lockfile hash

* style: fix linter errors

* build(deps-dev): bump eslint in /npm_and_yarn/helpers

Bumps [eslint](https://github.com/eslint/eslint) from 7.29.0 to 7.30.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.29.0...v7.30.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* add response 200 context block for #create_commit test

* add 403 test for Azure.create_commit

* add test for fetch_commit

* fix trailing whitespace

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.90 to 0.12.92.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.90...0.12.92)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.90 to 0.12.92.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.90...0.12.92)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* v0.156.5

* syntax error

Co-authored-by: Philip Harrison <[email protected]>
Co-authored-by: Peter Dave Hello <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mo khan <[email protected]>
Co-authored-by: Peter Wagner <[email protected]>
Co-authored-by: Loren Gordon <[email protected]>
Co-authored-by: Jurre Stender <[email protected]>
Co-authored-by: Jurre <[email protected]>
Co-authored-by: Nish Sinha <[email protected]>
Co-authored-by: Mike McDonald <[email protected]>
Co-authored-by: Guilherme Duarte <[email protected]>
Co-authored-by: Heine Furubotten <[email protected]>
Co-authored-by: Benedikt Ritter <[email protected]>
Co-authored-by: wolf-cola <[email protected]>
Co-authored-by: wolf-cola <[email protected]>
AlekhyaYalla pushed a commit to GiriB/dependabot-core that referenced this pull request Nov 9, 2021
* Raise on ruby 2.7 deprecation warnings

Break tests if we introduce any ruby 2.7 deprecation warnings.

* Fix ruby 2.7 deprecations

* Add `--no-install-recommends` to all `apt-get install` in Dockerfile

This option will prevent not needed package being installed, make the
image smaller.

* Double quote variables in shellscript

This will help prevent globbing and word splitting. Most of them are
already quoted, just few of them are missed.

* v0.154.1

* Double quote variables in Dockerfile's shellscript, cc dependabot#3917

* build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers

Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 2.6.2 to 2.6.3.
- [Release notes](https://github.com/npm/arborist/releases)
- [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md)
- [Commits](npm/arborist@v2.6.2...v2.6.3)

---
updated-dependencies:
- dependency-name: "@npmcli/arborist"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bundler: attempt to isolate flaky test

Seeing a bunch of CI failures from this force updater spec:
`NoMethodError with message: undefined method `name' for "Gemfile":String`

Ref: https://github.com/dependabot/dependabot-core/pull/3923/checks?check_run_id=2842564846

I haven't managed to reproduce this locally yet.

* Add more failing specs

* Fix ruby 2.7 deprecations in python

* Add more flaky test candidates

* Github actions: Handle no latest version found

When no latest version can be found return nil to prevent the update
checker from comparing the version with the current version:

```
ArgumentError: comparison of String with Dependabot::GithubActions::Version failed
```

* Strip auth headers from VCR cassettes

* Fix spec

* Remove nil guard

* Fix cops

* Terraform: Handle 401 registry responses

Raise a `PrivateSourceAuthenticationFailure` with the provided hostname
if the registry responds with a `401`.

* v0.154.2

* Terraform: handle dependencies without a namespace

Default providers without a namespace to `hashicorp`.

* chore: add lint job to check shell scripts

* fix shellcheck errors in shellcheck linter script

* chore: break out files to each line

* chore: use sudo to install apt packages

* chore: allow passing args to shellscript. e.g ./bin/lint -f diff

* chore: fix SC2006

```plaintext
In ./hex/helpers/build line 18:
case `uname` in
     ^-----^ SC2006: Use $(...) notation instead of legacy backticked `...`.

Did you mean:
case $(uname) in
```

https://github.com/koalaman/shellcheck/wiki/SC2006

* chore: fix SC2086 in docker-dev-shell

```plaintext
In ./bin/docker-dev-shell line 61:
echo $RUNNING
     ^------^ SC2086: Double quote to prevent globbing and word splitting.
```

https://github.com/koalaman/shellcheck/wiki/SC2086

* chore: fix SC2006

```plaintext
In ./bin/docker-dev-shell line 14:
OPTS=`getopt -o hr --long help,rebuild -n 'parse-options' -- "$@"`
^--^ SC2034: OPTS appears unused. Verify use (or export if used externally).
     ^-- SC2006: Use $(...) notation instead of legacy backticked `...`.
```

https://github.com/koalaman/shellcheck/wiki/SC2006

* chore: ignore existing shellcheck issues

* chore: add ecosystem specific script files to linter list

* chore: remove unnecessary headers

* rake rubocop:sort

* enable Style/* and autofix

* enable Lint/* and autoformat

* final rubocop warnings

* Replace wget with curl for minimized dependency

Use single tool for the same purpose, simplify the tool dependency, and
also make the Docker image a little bit more smaller.

* Fetches upload-pack using git if http fails

* test: pin constraint to ensure deterministic test results

* test: update declared constraints in expectation

* test: tweak assertion to match new constraint

* test: update fixture constraint to ensure resolution falls within a deterministic range

* chore: install shellcheck in the dev container

* Updates existing error handling tests to mock capture3 call

* Adds tests for fallback where HTTP fails but git ls-remote succeeds

* fix url in test

* Reformats lines to accomodate line-length lint finding

* Streamlines git ls-remote fallback logic to remove unused response values

* Updates github pull request tests to mock-fail git ls-remote fallback

* Updates metadata commits finder tests to mock-fail git ls-remote fallback

* Updates git commit checker tests to mock-fail git ls-remote fallback

* Returns basename and relative path in CodeCommit file fetcher

Previously, the `name` and `path` attributes were both the absolute
path for all files retrieved from CodeCommit sources. This caused
problems in `fetch_file_from_host`, which joins the `directory`
from the config with the `filename`. When `filename` is the absolute
path, this essentially duplicated the directory in the result, e.g.
`directory/directory/relative path`.

This change returns the basename and relative path instead, matching
the implemenation for azure devops, and allowing the join in `fetch_file_from_host`
to return `directory/relative path`

* build(deps-dev): bump eslint in /npm_and_yarn/helpers

Bumps [eslint](https://github.com/eslint/eslint) from 7.28.0 to 7.29.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.28.0...v7.29.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): update commonmarker requirement from >= 0.20.1, < 0.22.0 to >= 0.20.1, < 0.23.0

Updates the requirements on [commonmarker](https://github.com/gjtorikian/commonmarker) to permit the latest version.
- [Release notes](https://github.com/gjtorikian/commonmarker/releases)
- [Commits](gjtorikian/commonmarker@v0.20.1...v0.21.2)

---
updated-dependencies:
- dependency-name: commonmarker
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.89 to 0.12.90.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.89...0.12.90)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Clarify support policies in README and Issue template

We tend to get a lot of questions here about the Dependabot service that
we operate at GitHub. Many of those questions are much easier to resolve
when going through Support, as they have much better tooling and
processes to follow up on those sorts of questions.

This attempts to clarify that in the README and issue template.

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.89 to 0.12.90.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.89...0.12.90)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* Terraform: handle unreachable private module proxy

Raise a `PrivateSourceAuthenticationFailure` when a private module proxy
can't be reached.

* Terraform: handle missing source

Silently ignore failing source requests to not block PR creation.
Returning nil here will cause the PR creator to not include any
changelogs/release notes.

* v0.154.3

* expected credentials

* bin/ci-test

* Add version_filter module to common, remove from ecosystem update_checker

* Check if the version is a Gem::Version, not the advisory

* Run rubocop

* Run rubocop

* Move include up in class hierarchy

Co-authored-by: Philip Harrison <[email protected]>

* Make filter_vulnerable_versions stateless

* Rubocop

* Remove VersionFilters include

Co-authored-by: Jurre <[email protected]>

* Reorder #lowest_security_fix_version filters

* Rubocop

* ci-test: shellcheck yourself

before you shellwreck yourself

* docker-dev-shell: do not rename gemspec

* devcontainer: do not rename gemspec

* Add fetch_lowest_security_fix_version and test

* Working security advisory test

* Add lowest_resolvable_security_fix_version

* Update LatestVersionFinder tests to use new fixture tags

* Update test suite, add lowest_security_fix_version tests

* Rubocop

* temp commit

* Initialize :security_advsiories as an empty array, remove pending test

* Add latest_version_checker to UpdateChecker, add tests for security advisories

* Use stateless filter_vulnerable_versions

* Add missing assignment

* Clarifying external contribution guidelines

See dependabot#3943

* Move `#filter_vulnerable_version` to come before `#filter_ignored_version`

* Terraform: handle nested module sources

Relax the regex that matches module sources to include nested modules.

* v0.154.4

* Create changelog from merge commits

* Add link to pr

* Check out branch before committing changes

* Update bin/bump-version.rb

* Swap version filters

Co-authored-by: Philip Harrison <[email protected]>

* Terraform: install modules when updating lockfile

Terraform requires modules to be installed with `terraform init` when
updating the lockfile. Opted to only run `terraform init` if the call to
`terraform providers lock` bails out and retry.

We could opt to always run `terraform init` if there are any modules
defined but would mean parsing the dependency files and checking if any
of the dependencies are modules as we only have access to the current
dependency, which in this case is provider.

* Update test to reflect dependency version after update

* v0.154.5

* Add test for indirect dependencies to `#lowest_resolvable_security_fix`

* v0.155.0

* GemspecSanitizer replace interpolated strings

The previous impl only replaced the components of the interpolated
string that looked like versions.

When this is called with a `replacement_version` read from
`Gemfile.lock`, the replacement value based on the interpolated string.

* nuget: RepositoryFinder might not find PackageBaseAddress

* nuget: handle RepositoryDetails without BaseAddress

* autoformat fixture

* build(deps-dev): bump jest in /npm_and_yarn/helpers

Bumps [jest](https://github.com/facebook/jest) from 27.0.4 to 27.0.5.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](jestjs/jest@v27.0.4...v27.0.5)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump pip-tools from 6.1.0 to 6.2.0 in /python/helpers

Bumps [pip-tools](https://github.com/jazzband/pip-tools) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/jazzband/pip-tools/releases)
- [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md)
- [Commits](jazzband/pip-tools@6.1.0...6.2.0)

---
updated-dependencies:
- dependency-name: pip-tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Terraform: fix module updates with a lockfile

This is the other side of dependabot#3968

This fixes module updates when there's a lockfile present. Modules are
not included in the lockfile so adding a guard to only attempt lockfile
updates for providers.

Fixed some test setup to match what the parsed files would look like.

* v0.155.1

* feature: Add support for Hex sub-projects

* clean: Refactor tests to use new pattern

* Terraform: clone repository contents for update

Terraform projects can include local path modules that are currently not
fetched in the file fetching step so any lockfile update will fail
because these files are missing.

The easiest fix seemed to be to always start cloning terraform projects
as this is what we want to end up doing for all ecosystems.

The file fetcher will still hit the gh api when getting the reo contents
but this would require changes in common so keen to make that change
separately as it currently works.

* Stop double writing dependecy files

* v0.155.2

* Update CHANGELOG.md

* Bump minor for change to cloning

Merged too quickly dependabot#3979
Makes sense to bump minor for the terraform cloning change.

* Exclude release note merges in changelog

Exclude release note merges in generated changelog.

For example: dependabot#3977

* build(deps-dev): update rubocop requirement from ~> 1.16.0 to ~> 1.17.0

Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.16.0...v1.17.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

* Enable new cops

* Fix cops

* Terraform: Configure git for `terraform init` and capture errors

When attempting to `terraform init` when there are private module
sources present, currently we raise a `HelperSubprocessFailed`.

Terraform will attempt to use any git credentials that are configured,
so passing these along should help in some cases when Dependabot is
configured to access these, and when it isn't we should raise a
PrivateSourceAuthenticationFailure to communicate more clearly that we
cannot reach a certain source.

It's a little unfortunate that we even need to do this, because this
happens when we attempt to update a lockfile, and these don't support
modules. However, `terraform providers lock` will still complain about
modules needing to be installed, and this should do a better job of
that.

* v0.156.1

* Terraform: Prevent `terraform init` from initializing backends

* remove `strip_terminal_colors`

as its not needed anymore

* pin azurerm versions in test fixtures

prevents new versions from breaking the tests

* prefer Dependabot::Python::FileParser::PoetryFilesParser::POETRY_DEPENDENCY_TYPES

* poetry_files_parser ignore paths

* poetry ignore url dependencies too

* linter

* outdated test

* v0.156.2

* build(deps-dev): bump prettier in /npm_and_yarn/helpers

Bumps [prettier](https://github.com/prettier/prettier) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@2.3.1...2.3.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump poetry from 1.1.6 to 1.1.7 in /python/helpers

Bumps [poetry](https://github.com/python-poetry/poetry) from 1.1.6 to 1.1.7.
- [Release notes](https://github.com/python-poetry/poetry/releases)
- [Changelog](https://github.com/python-poetry/poetry/blob/1.1.7/CHANGELOG.md)
- [Commits](python-poetry/poetry@1.1.6...1.1.7)

---
updated-dependencies:
- dependency-name: poetry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps): bump pip from 21.1.2 to 21.1.3 in /python/helpers

Bumps [pip](https://github.com/pypa/pip) from 21.1.2 to 21.1.3.
- [Release notes](https://github.com/pypa/pip/releases)
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@21.1.2...21.1.3)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* PR Updater: Handle required status checks

As per [the docs][docs] when branch protection rules are enabled, force
pushing to them is disabled.

This handles errors when this happens and raises a `BranchProtected`
error, which will allow us to handle this gracefully and inform the user
of this.

[docs]: https://docs.github.com/en/github/administering-a-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#about-branch-protection-rules

* build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers

Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/npm/arborist/releases)
- [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md)
- [Commits](npm/arborist@v2.6.3...v2.6.4)

---
updated-dependencies:
- dependency-name: "@npmcli/arborist"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump jest in /npm_and_yarn/helpers

Bumps [jest](https://github.com/facebook/jest) from 27.0.5 to 27.0.6.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/facebook/jest/blob/master/CHANGELOG.md)
- [Commits](jestjs/jest@v27.0.5...v27.0.6)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): update rubocop requirement from ~> 1.17.0 to ~> 1.18.0

Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](rubocop/rubocop@v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

* Add support for fetching extensions.xml files

These files contain dependency coordinates for Maven extensions that
want to receive the Maven afterSessionStart event. The file is always
located in the .mvn folder in the project root and is optional.

See also
  - https://maven.apache.org/guides/mini/guide-using-extensions.html
  - https://maven.apache.org/examples/maven-3-lifecycle-extensions.html

* Add support for extensions.xml to parser

extensions.xml files can only contain an extensions block specifying one
or more extension dependency. The extension nodes only have groupId,
artifactId and version.

* Add update support for extension.xml files

Adjusts the maven file_updater to also process extensions.xml files.
Methods and variables that are now used for either file type have been
renamed accordingly.

* Fix rubocop violations

* Use `if` instead `unless nil`

Co-authored-by: Philip Harrison <[email protected]>

* Simplify using `fetch_file_if_present`

Co-authored-by: Philip Harrison <[email protected]>

* Simplify updated files check

Co-authored-by: Philip Harrison <[email protected]>

* Make sure code works even if `.mvn` directory is missing

Co-authored-by: Philip Harrison <[email protected]>

* Always require a pom.xml file

Co-authored-by: Philip Harrison <[email protected]>

* Remove empty line

Co-authored-by: Philip Harrison <[email protected]>

* Remove empty line

Co-authored-by: Philip Harrison <[email protected]>

* Fix linter error

Co-authored-by: mo khan <[email protected]>

* Fix linter error

* v0.156.3

* Fix spec stubs

* add Unauthorized exception to azure.rb

* add tests for azure client

* v0.156.4

* fix trailing whitespace

* fix trailing whitespace

* test: place upper bound on version constraint

* Gomod: Handle unrecognized import path error

When referencing a go proxy that 404s, we see this error. Previously
this would not be handled, but it should result in a
DependencyFileNotResolvable error, so users have a sense of what's
wrong.

* test: reproduce a defect with relative paths using poetry

* test: ensure both the pyproject and lock file are updated

* fix(poetry): copy all project files when generating lockfile hash

* style: fix linter errors

* build(deps-dev): bump eslint in /npm_and_yarn/helpers

Bumps [eslint](https://github.com/eslint/eslint) from 7.29.0 to 7.30.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.29.0...v7.30.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* add response 200 context block for #create_commit test

* add 403 test for Azure.create_commit

* add test for fetch_commit

* fix trailing whitespace

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.90 to 0.12.92.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.90...0.12.92)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1

Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 0.12.90 to 0.12.92.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Commits](phpstan/phpstan@0.12.90...0.12.92)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* v0.156.5

* syntax error

Co-authored-by: Philip Harrison <[email protected]>
Co-authored-by: Peter Dave Hello <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mo khan <[email protected]>
Co-authored-by: Peter Wagner <[email protected]>
Co-authored-by: Loren Gordon <[email protected]>
Co-authored-by: Jurre Stender <[email protected]>
Co-authored-by: Jurre <[email protected]>
Co-authored-by: Nish Sinha <[email protected]>
Co-authored-by: Mike McDonald <[email protected]>
Co-authored-by: Guilherme Duarte <[email protected]>
Co-authored-by: Heine Furubotten <[email protected]>
Co-authored-by: Benedikt Ritter <[email protected]>
Co-authored-by: wolf-cola <[email protected]>
Co-authored-by: wolf-cola <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants