diff --git a/.rubocop.yml b/.rubocop.yml index 763aa81b251..6268d5ea5eb 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -330,5 +330,3 @@ Naming/BlockForwarding: Enabled: false Style/MutableConstant: Enabled: false -Style/RedundantFreeze: - Enabled: false diff --git a/bundler/helpers/v1/lib/functions/lockfile_updater.rb b/bundler/helpers/v1/lib/functions/lockfile_updater.rb index 90075e98906..0079bf2c743 100644 --- a/bundler/helpers/v1/lib/functions/lockfile_updater.rb +++ b/bundler/helpers/v1/lib/functions/lockfile_updater.rb @@ -10,7 +10,7 @@ class LockfileUpdater locked\sto\s(?[^\s]+)\s\(| not\sfind\s(?[^\s]+)-\d| has\s(?[^\s]+)\slocked\sat - /x.freeze + /x def initialize(gemfile_name:, lockfile_name:, dependencies:) @gemfile_name = gemfile_name diff --git a/bundler/helpers/v1/lib/functions/version_resolver.rb b/bundler/helpers/v1/lib/functions/version_resolver.rb index b5e5d8a1286..01afb47f2cf 100644 --- a/bundler/helpers/v1/lib/functions/version_resolver.rb +++ b/bundler/helpers/v1/lib/functions/version_resolver.rb @@ -2,7 +2,7 @@ module Functions class VersionResolver - GEM_NOT_FOUND_ERROR_REGEX = /locked to (?[^\s]+) \(/.freeze + GEM_NOT_FOUND_ERROR_REGEX = /locked to (?[^\s]+) \(/ attr_reader :dependency_name, :dependency_requirements, :gemfile_name, :lockfile_name diff --git a/bundler/helpers/v1/spec/native_spec_helper.rb b/bundler/helpers/v1/spec/native_spec_helper.rb index f98379b2175..414047798da 100644 --- a/bundler/helpers/v1/spec/native_spec_helper.rb +++ b/bundler/helpers/v1/spec/native_spec_helper.rb @@ -25,7 +25,7 @@ # Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb # TODO: Stop sanitizing the lockfile once we have bundler 2 installed -LOCKFILE_ENDING = /(?\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze +LOCKFILE_ENDING = /(?\s*(?:RUBY VERSION|BUNDLED WITH).*)/m def project_dependency_files(project) project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project)) diff --git a/bundler/helpers/v2/lib/functions/lockfile_updater.rb b/bundler/helpers/v2/lib/functions/lockfile_updater.rb index 523410178f6..43ef79bf0a7 100644 --- a/bundler/helpers/v2/lib/functions/lockfile_updater.rb +++ b/bundler/helpers/v2/lib/functions/lockfile_updater.rb @@ -10,7 +10,7 @@ class LockfileUpdater locked\sto\s(?[^\s]+)\s\(| not\sfind\s(?[^\s]+)-\d| has\s(?[^\s]+)\slocked\sat - /x.freeze + /x DEPENDENCY_DROPPED = "_dependency_dropped_" def initialize(gemfile_name:, lockfile_name:, dependencies:) diff --git a/bundler/helpers/v2/lib/functions/version_resolver.rb b/bundler/helpers/v2/lib/functions/version_resolver.rb index 383eed7851e..e41a8ed4d24 100644 --- a/bundler/helpers/v2/lib/functions/version_resolver.rb +++ b/bundler/helpers/v2/lib/functions/version_resolver.rb @@ -2,7 +2,7 @@ module Functions class VersionResolver - GEM_NOT_FOUND_ERROR_REGEX = /locked to (?[^\s]+) \(/.freeze + GEM_NOT_FOUND_ERROR_REGEX = /locked to (?[^\s]+) \(/ attr_reader :dependency_name, :dependency_requirements, :gemfile_name, :lockfile_name diff --git a/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb b/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb index f723bf5ea70..11efb8d86d1 100644 --- a/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb +++ b/bundler/lib/dependabot/bundler/file_updater/lockfile_updater.rb @@ -18,10 +18,9 @@ class LockfileUpdater require_relative "gemspec_dependency_name_finder" require_relative "ruby_requirement_setter" - LOCKFILE_ENDING = - /(?\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze - GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m.freeze - GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m.freeze + LOCKFILE_ENDING = /(?\s*(?:RUBY VERSION|BUNDLED WITH).*)/m + GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m + GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m # Can't be a constant because some of these don't exist in bundler # 1.15, which Heroku uses, which causes an exception on boot. diff --git a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb index 17ea325c5d4..f4a5f388f10 100644 --- a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb +++ b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb @@ -167,7 +167,7 @@ def space_after_specifier?(requirement_nodes) req_string.include?(" ") end - EQUALITY_OPERATOR = /(?!])=/.freeze + EQUALITY_OPERATOR = /(?!])=/ def use_equality_operator?(requirement_nodes) return true if requirement_nodes.none? diff --git a/bundler/lib/dependabot/bundler/helpers.rb b/bundler/lib/dependabot/bundler/helpers.rb index 95d26ae5e0b..d59234c35dc 100644 --- a/bundler/lib/dependabot/bundler/helpers.rb +++ b/bundler/lib/dependabot/bundler/helpers.rb @@ -13,7 +13,7 @@ module Helpers # it was created with an old version that didn't add this information FAILOVER = V1 - BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?\d+)\./m.freeze + BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?\d+)\./m def self.bundler_version(lockfile) return DEFAULT unless lockfile diff --git a/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb b/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb index a0b64682bc2..d6858cddaad 100644 --- a/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb +++ b/bundler/lib/dependabot/bundler/update_checker/file_preparer.rb @@ -24,7 +24,7 @@ class UpdateChecker # version allowed by the gemspec, if the gemspec has a required ruby # version range class FilePreparer - VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze + VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/ # Can't be a constant because some of these don't exist in bundler # 1.15, which Heroku uses, which causes an exception on boot. diff --git a/bundler/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb b/bundler/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb index c4f9b280121..213011e1fd1 100644 --- a/bundler/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +++ b/bundler/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb @@ -14,19 +14,15 @@ module Dependabot module Bundler class UpdateChecker module SharedBundlerHelpers - GIT_REGEX = /reset --hard [^\s]*` in directory (?[^\s]*)/.freeze - GIT_REF_REGEX = /not exist in the repository (?[^\s]*)\./.freeze - PATH_REGEX = /The path `(?.*)` does not exist/.freeze + GIT_REGEX = /reset --hard [^\s]*` in directory (?[^\s]*)/ + GIT_REF_REGEX = /not exist in the repository (?[^\s]*)\./ + PATH_REGEX = /The path `(?.*)` does not exist/ module BundlerErrorPatterns - MISSING_AUTH_REGEX = - /bundle config (?.*) username:password/.freeze - BAD_AUTH_REGEX = - /Bad username or password for (?.*)\.$/.freeze - BAD_CERT_REGEX = - /verify the SSL certificate for (?.*)\.$/.freeze - HTTP_ERR_REGEX = - /Could not fetch specs from (?.*)$/.freeze + MISSING_AUTH_REGEX = /bundle config (?.*) username:password/ + BAD_AUTH_REGEX = /Bad username or password for (?.*)\.$/ + BAD_CERT_REGEX = /verify the SSL certificate for (?.*)\.$/ + HTTP_ERR_REGEX = /Could not fetch specs from (?.*)$/ end RETRYABLE_ERRORS = %w( diff --git a/cargo/lib/dependabot/cargo/file_updater/lockfile_updater.rb b/cargo/lib/dependabot/cargo/file_updater/lockfile_updater.rb index 53c426283d6..85251838783 100644 --- a/cargo/lib/dependabot/cargo/file_updater/lockfile_updater.rb +++ b/cargo/lib/dependabot/cargo/file_updater/lockfile_updater.rb @@ -14,9 +14,9 @@ class LockfileUpdater LOCKFILE_ENTRY_REGEX = / \[\[package\]\]\n (?:(?!^\[(\[package|metadata)).)+ - /mx.freeze + /mx - LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/.freeze + LOCKFILE_CHECKSUM_REGEX = /^"checksum .*$/ def initialize(dependencies:, dependency_files:, credentials:) @dependencies = dependencies diff --git a/cargo/lib/dependabot/cargo/requirement.rb b/cargo/lib/dependabot/cargo/requirement.rb index 6f4c192ab8c..84cec9a8316 100644 --- a/cargo/lib/dependabot/cargo/requirement.rb +++ b/cargo/lib/dependabot/cargo/requirement.rb @@ -16,7 +16,7 @@ class Requirement < Gem::Requirement version_pattern = Cargo::Version::VERSION_PATTERN PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ # Use Cargo::Version rather than Gem::Version to ensure that # pre-release versions aren't transformed. diff --git a/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb b/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb index 77eac69f596..a19b71beca0 100644 --- a/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb +++ b/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb @@ -16,7 +16,7 @@ class UpdateChecker class RequirementsUpdater class UnfixableRequirement < StandardError; end - VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/.freeze + VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-*]+)*/ ALLOWED_UPDATE_STRATEGIES = %i(bump_versions bump_versions_if_necessary).freeze diff --git a/cargo/lib/dependabot/cargo/update_checker/version_resolver.rb b/cargo/lib/dependabot/cargo/update_checker/version_resolver.rb index ca96de5e3aa..93c33954b87 100644 --- a/cargo/lib/dependabot/cargo/update_checker/version_resolver.rb +++ b/cargo/lib/dependabot/cargo/update_checker/version_resolver.rb @@ -11,15 +11,12 @@ module Dependabot module Cargo class UpdateChecker class VersionResolver - UNABLE_TO_UPDATE = - /Unable to update (?.*?)$/.freeze - BRANCH_NOT_FOUND_REGEX = - /#{UNABLE_TO_UPDATE}.*to find branch `(?[^`]+)`/m.freeze - REVSPEC_PATTERN = /revspec '.*' not found/.freeze - OBJECT_PATTERN = /object not found - no match for id \(.*\)/.freeze - REF_NOT_FOUND_REGEX = - /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m.freeze - GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?[^`]*)`.*fatal: couldn't find remote ref/m.freeze + UNABLE_TO_UPDATE = /Unable to update (?.*?)$/ + BRANCH_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*to find branch `(?[^`]+)`/m + REVSPEC_PATTERN = /revspec '.*' not found/ + OBJECT_PATTERN = /object not found - no match for id \(.*\)/ + REF_NOT_FOUND_REGEX = /#{UNABLE_TO_UPDATE}.*(#{REVSPEC_PATTERN}|#{OBJECT_PATTERN})/m + GIT_REF_NOT_FOUND_REGEX = /Updating git repository `(?[^`]*)`.*fatal: couldn't find remote ref/m def initialize(dependency:, credentials:, original_dependency_files:, prepared_dependency_files:) @@ -188,6 +185,7 @@ def handle_cargo_errors(error) end if error.message.include?("authenticate when downloading repo") || + # TODO: stop catching this 200 error: https://github.com/dependabot/dependabot-core/pull/5332#discussion_r936888624 error.message.include?("HTTP 200 response: got 401") || error.message.include?("fatal: Authentication failed for") # Check all dependencies for reachability (so that we raise a diff --git a/cargo/lib/dependabot/cargo/version.rb b/cargo/lib/dependabot/cargo/version.rb index 1156b953868..60a08165979 100644 --- a/cargo/lib/dependabot/cargo/version.rb +++ b/cargo/lib/dependabot/cargo/version.rb @@ -13,7 +13,7 @@ class Version < Gem::Version VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' \ '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \ '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def initialize(version) @version_string = version.to_s diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb index 59761f3081a..625eda6675f 100644 --- a/common/lib/dependabot/errors.rb +++ b/common/lib/dependabot/errors.rb @@ -4,9 +4,9 @@ module Dependabot class DependabotError < StandardError - BASIC_AUTH_REGEX = %r{://(?[^:]*:[^@%\s]+(@|%40))}.freeze + BASIC_AUTH_REGEX = %r{://(?[^:]*:[^@%\s]+(@|%40))} # Remove any path segment from fury.io sources - FURY_IO_PATH_REGEX = %r{fury\.io/(?.+)}.freeze + FURY_IO_PATH_REGEX = %r{fury\.io/(?.+)} def initialize(message = nil) super(sanitize_message(message)) diff --git a/common/lib/dependabot/git_commit_checker.rb b/common/lib/dependabot/git_commit_checker.rb index bc62cfb459a..d91db6c1d35 100644 --- a/common/lib/dependabot/git_commit_checker.rb +++ b/common/lib/dependabot/git_commit_checker.rb @@ -19,7 +19,7 @@ class GitCommitChecker | [0-9]+\.[0-9]+(?:\.[a-z0-9\-]+)* )$ - /ix.freeze + /ix def initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, diff --git a/common/lib/dependabot/git_metadata_fetcher.rb b/common/lib/dependabot/git_metadata_fetcher.rb index 6ba5e8f7377..dae47a18b71 100644 --- a/common/lib/dependabot/git_metadata_fetcher.rb +++ b/common/lib/dependabot/git_metadata_fetcher.rb @@ -6,7 +6,7 @@ module Dependabot class GitMetadataFetcher - KNOWN_HOSTS = /github\.com|bitbucket\.org|gitlab.com/i.freeze + KNOWN_HOSTS = /github\.com|bitbucket\.org|gitlab.com/i def initialize(url:, credentials:) @url = url diff --git a/common/lib/dependabot/pull_request_creator/labeler.rb b/common/lib/dependabot/pull_request_creator/labeler.rb index 357be02f59b..a841fc51cdb 100644 --- a/common/lib/dependabot/pull_request_creator/labeler.rb +++ b/common/lib/dependabot/pull_request_creator/labeler.rb @@ -5,7 +5,7 @@ module Dependabot class PullRequestCreator class Labeler - DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze + DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i DEFAULT_DEPENDENCIES_LABEL = "dependencies" DEFAULT_SECURITY_LABEL = "security" diff --git a/common/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb b/common/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb index 05c380dea1c..ed291a7c894 100644 --- a/common/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb +++ b/common/lib/dependabot/pull_request_creator/message_builder/issue_linker.rb @@ -6,15 +6,15 @@ module Dependabot class PullRequestCreator class MessageBuilder class IssueLinker - REPO_REGEX = %r{(?[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)}.freeze - TAG_REGEX = /(?(?:\#|GH-)\d+)/i.freeze + REPO_REGEX = %r{(?[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+)} + TAG_REGEX = /(?(?:\#|GH-)\d+)/i ISSUE_LINK_REGEXS = [ / (?:(?<=[^A-Za-z0-9\[\\]|^)\\*#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$))| (?:(?<=\s|^)#{REPO_REGEX}#{TAG_REGEX}(?=[^A-Za-z0-9\-]|$)) - /x.freeze, - /\[#{TAG_REGEX}\](?=[^A-Za-z0-9\-\(])/.freeze, - /\[(?(?:\#|GH-)?\d+)\]\(\)/i.freeze + /x, + /\[#{TAG_REGEX}\](?=[^A-Za-z0-9\-\(])/, + /\[(?(?:\#|GH-)?\d+)\]\(\)/i ].freeze attr_reader :source_url diff --git a/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb b/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb index 8035b257565..e0810fa60c4 100644 --- a/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb +++ b/common/lib/dependabot/pull_request_creator/message_builder/link_and_mention_sanitizer.rb @@ -8,19 +8,19 @@ module Dependabot class PullRequestCreator class MessageBuilder class LinkAndMentionSanitizer - GITHUB_USERNAME = /[a-z0-9]+(-[a-z0-9]+)*/i.freeze + GITHUB_USERNAME = /[a-z0-9]+(-[a-z0-9]+)*/i GITHUB_REF_REGEX = %r{ (?:https?://)? github\.com/(?#{GITHUB_USERNAME}/[^/\s]+)/ (?:issue|pull)s?/(?\d+) - }x.freeze + }x # [^/\s#]+ means one or more characters not matching (^) the class /, whitespace (\s), or # - GITHUB_NWO_REGEX = %r{(?#{GITHUB_USERNAME}/[^/\s#]+)#(?\d+)}.freeze - MENTION_REGEX = %r{(?#{GITHUB_USERNAME}/[^/\s#]+)#(?\d+)} + MENTION_REGEX = %r{(?#{GITHUB_USERNAME})/(?#{GITHUB_USERNAME})/?}.freeze + TEAM_MENTION_REGEX = %r{(?#{GITHUB_USERNAME})/(?#{GITHUB_USERNAME})/?} # End of string - EOS_REGEX = /\z/.freeze + EOS_REGEX = /\z/ COMMONMARKER_OPTIONS = %i( GITHUB_PRE_LANG FULL_INFO_STRING ).freeze diff --git a/common/lib/dependabot/source.rb b/common/lib/dependabot/source.rb index f7342f2b898..faeaec5f77b 100644 --- a/common/lib/dependabot/source.rb +++ b/common/lib/dependabot/source.rb @@ -7,7 +7,7 @@ class Source (?:\.com)[/:] (?[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+) (?:(?:/tree|/blob)/(?[^/]+)/(?.*)[\#|/])? - }x.freeze + }x GITHUB_ENTERPRISE_SOURCE = %r{ (?(http://|https://|git://|ssh://))* @@ -16,27 +16,27 @@ class Source [/:] (?[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+) (?:(?:/tree|/blob)/(?[^/]+)/(?.*)[\#|/])? - }x.freeze + }x GITLAB_SOURCE = %r{ (?gitlab) (?:\.com)[/:] (?[^/]+/(?:(?!\.git)[^/])+((?!/tree|/blob/|/-)/[^/]+)?) (?:(?:/tree|/blob)/(?[^/]+)/(?.*)[\#|/].*)? - }x.freeze + }x BITBUCKET_SOURCE = %r{ (?bitbucket) (?:\.org)[/:] (?[\w.-]+/(?:(?!\.git|\.\s)[\w.-])+) (?:(?:/src)/(?[^/]+)/(?.*)[\#|/])? - }x.freeze + }x AZURE_SOURCE = %r{ (?azure) (?:\.com)[/:] (?[\w.-]+/([\w.-]+/)?(?:_git/)(?:(?!\.git|\.\s)[\w.-])+) - }x.freeze + }x CODECOMMIT_SOURCE = %r{ (?(http://|https://|git://|ssh://)) @@ -48,7 +48,7 @@ class Source (?:/)?(?[^?]*)? [?]? (?.*)? - }x.freeze + }x SOURCE_REGEX = / (?:#{GITHUB_SOURCE})| @@ -56,7 +56,7 @@ class Source (?:#{BITBUCKET_SOURCE})| (?:#{AZURE_SOURCE})| (?:#{CODECOMMIT_SOURCE}) - /x.freeze + /x IGNORED_PROVIDER_HOSTS = %w(gitbox.apache.org svn.apache.org fuchsia.googlesource.com).freeze diff --git a/composer/lib/dependabot/composer/file_updater/lockfile_updater.rb b/composer/lib/dependabot/composer/file_updater/lockfile_updater.rb index 3eb6b0e8388..532cdc1f2d0 100644 --- a/composer/lib/dependabot/composer/file_updater/lockfile_updater.rb +++ b/composer/lib/dependabot/composer/file_updater/lockfile_updater.rb @@ -30,13 +30,13 @@ def initialize(extensions) %r{ (?<=PHP\sextension\s)ext\-[^\s/]+\s.*?\s(?=is|but)| (?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=but) - }x.freeze + }x MISSING_IMPLICIT_PLATFORM_REQ_REGEX = %r{ (?)| (?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=->) - }x.freeze - MISSING_ENV_VAR_REGEX = /Environment variable '(?.[^']+)' is not set/.freeze + }x + MISSING_ENV_VAR_REGEX = /Environment variable '(?.[^']+)' is not set/ def initialize(dependencies:, dependency_files:, credentials:) @dependencies = dependencies diff --git a/composer/lib/dependabot/composer/helpers.rb b/composer/lib/dependabot/composer/helpers.rb index 5dad7955c8e..a879edae23c 100644 --- a/composer/lib/dependabot/composer/helpers.rb +++ b/composer/lib/dependabot/composer/helpers.rb @@ -6,12 +6,12 @@ module Dependabot module Composer module Helpers # From composers json-schema: https://getcomposer.org/schema.json - COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze + COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$} # From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33 PLATFORM_PACKAGE_REGEX = / ^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)* |composer-(?:plugin|runtime)-api)$ - /x.freeze + /x def self.composer_version(composer_json, parsed_lockfile = nil) if parsed_lockfile && parsed_lockfile["plugin-api-version"] diff --git a/composer/lib/dependabot/composer/requirement.rb b/composer/lib/dependabot/composer/requirement.rb index 7a965ecf262..14bc88b97b3 100644 --- a/composer/lib/dependabot/composer/requirement.rb +++ b/composer/lib/dependabot/composer/requirement.rb @@ -5,9 +5,8 @@ module Dependabot module Composer class Requirement < Gem::Requirement - AND_SEPARATOR = - /(?<=[a-zA-Z0-9*])(?)| (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1 (?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2 - }x.freeze - VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze + }x + VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/ SOURCE_TIMED_OUT_REGEX = - /The "(?[^"]+packages\.json)".*timed out/.freeze - FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?.*?)'/.freeze - FAILED_GIT_CLONE = /Failed to clone (?.*?) via/.freeze + /The "(?[^"]+packages\.json)".*timed out/ + FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?.*?)'/ + FAILED_GIT_CLONE = /Failed to clone (?.*?) via/ def initialize(credentials:, dependency:, dependency_files:, requirements_to_unlock:, latest_allowable_version:) diff --git a/docker/lib/dependabot/docker/file_fetcher.rb b/docker/lib/dependabot/docker/file_fetcher.rb index 2baf4d23b8d..86fe86844ed 100644 --- a/docker/lib/dependabot/docker/file_fetcher.rb +++ b/docker/lib/dependabot/docker/file_fetcher.rb @@ -7,9 +7,9 @@ module Dependabot module Docker class FileFetcher < Dependabot::FileFetchers::Base - YAML_REGEXP = /^[^\.]+\.ya?ml$/i.freeze - DOCKER_REGEXP = /dockerfile/i.freeze - HELM_REGEXP = /values[\-a-zA-Z_0-9]*\.yaml/i.freeze + YAML_REGEXP = /^[^\.]+\.ya?ml$/i + DOCKER_REGEXP = /dockerfile/i + HELM_REGEXP = /values[\-a-zA-Z_0-9]*\.yaml/i def self.required_files_in?(filenames) filenames.any? { |f| f.match?(DOCKER_REGEXP) } or diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb index 7c7c2a92f95..b3e996ef138 100644 --- a/docker/lib/dependabot/docker/file_parser.rb +++ b/docker/lib/dependabot/docker/file_parser.rb @@ -15,27 +15,25 @@ class FileParser < Dependabot::FileParsers::Base # Details of Docker regular expressions is at # https://github.com/docker/distribution/blob/master/reference/regexp.go - DOMAIN_COMPONENT = - /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/.freeze - DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/.freeze - REGISTRY = /(?#{DOMAIN}(?::\d+)?)/.freeze - - NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/.freeze - IMAGE = %r{(?#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}.freeze - - FROM = /FROM/i.freeze - PLATFORM = /--platform\=(?\S+)/.freeze - TAG = /:(?[\w][\w.-]{0,127})/.freeze - DIGEST = /@(?[^\s]+)/.freeze - NAME = /\s+AS\s+(?[\w-]+)/.freeze + DOMAIN_COMPONENT = /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/ + DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/ + REGISTRY = /(?#{DOMAIN}(?::\d+)?)/ + + NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/ + IMAGE = %r{(?#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)} + + FROM = /FROM/i + PLATFORM = /--platform\=(?\S+)/ + TAG = /:(?[\w][\w.-]{0,127})/ + DIGEST = /@(?[^\s]+)/ + NAME = /\s+AS\s+(?[\w-]+)/ FROM_LINE = %r{^#{FROM}\s+(#{PLATFORM}\s+)?(#{REGISTRY}/)? - #{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x.freeze + #{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x - AWS_ECR_URL = /dkr\.ecr\.(?[^.]+)\.amazonaws\.com/.freeze + AWS_ECR_URL = /dkr\.ecr\.(?[^.]+)\.amazonaws\.com/ - IMAGE_SPEC = - %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x.freeze + IMAGE_SPEC = %r{^(#{REGISTRY}/)?#{IMAGE}#{TAG}?#{DIGEST}?#{NAME}?}x def parse dependency_set = DependencySet.new diff --git a/docker/lib/dependabot/docker/file_updater.rb b/docker/lib/dependabot/docker/file_updater.rb index b28ae42c89c..05ab0a4d6aa 100644 --- a/docker/lib/dependabot/docker/file_updater.rb +++ b/docker/lib/dependabot/docker/file_updater.rb @@ -7,7 +7,7 @@ module Dependabot module Docker class FileUpdater < Dependabot::FileUpdaters::Base - FROM_REGEX = /FROM(\s+--platform\=\S+)?/i.freeze + FROM_REGEX = /FROM(\s+--platform\=\S+)?/i def self.updated_files_regex [ diff --git a/docker/lib/dependabot/docker/update_checker.rb b/docker/lib/dependabot/docker/update_checker.rb index d3add4e7da2..d7fe499cce1 100644 --- a/docker/lib/dependabot/docker/update_checker.rb +++ b/docker/lib/dependabot/docker/update_checker.rb @@ -43,18 +43,16 @@ module Dependabot module Docker class UpdateChecker < Dependabot::UpdateCheckers::Base VERSION_REGEX = - /v?(?[0-9]+(?:(?:\.[_a-z0-9]+)|(?:-(?:kb)?[0-9]+))*)/i.freeze - VERSION_WITH_SFX = /^#{VERSION_REGEX}(?-[a-z0-9.\-]+)?$/i.freeze - VERSION_WITH_PFX = /^(?[a-z0-9.\-]+-)?#{VERSION_REGEX}$/i.freeze - VERSION_WITH_PFX_AND_SFX = - /^(?[a-z\-]+-)?#{VERSION_REGEX}(?-[a-z\-]+)?$/i. - freeze + /v?(?[0-9]+(?:(?:\.[_a-z0-9]+)|(?:-(?:kb)?[0-9]+))*)/i + VERSION_WITH_SFX = /^#{VERSION_REGEX}(?-[a-z0-9.\-]+)?$/i + VERSION_WITH_PFX = /^(?[a-z0-9.\-]+-)?#{VERSION_REGEX}$/i + VERSION_WITH_PFX_AND_SFX = /^(?[a-z\-]+-)?#{VERSION_REGEX}(?-[a-z\-]+)?$/i NAME_WITH_VERSION = / #{VERSION_WITH_PFX}| #{VERSION_WITH_SFX}| #{VERSION_WITH_PFX_AND_SFX} - /x.freeze + /x def latest_version fetch_latest_version(dependency.version) diff --git a/docker/lib/dependabot/docker/utils/credentials_finder.rb b/docker/lib/dependabot/docker/utils/credentials_finder.rb index 43ff7718e0a..f6db2e54abb 100644 --- a/docker/lib/dependabot/docker/utils/credentials_finder.rb +++ b/docker/lib/dependabot/docker/utils/credentials_finder.rb @@ -9,7 +9,7 @@ module Dependabot module Docker module Utils class CredentialsFinder - AWS_ECR_URL = /dkr\.ecr\.(?[^.]+)\.amazonaws\.com/.freeze + AWS_ECR_URL = /dkr\.ecr\.(?[^.]+)\.amazonaws\.com/ def initialize(credentials) @credentials = credentials diff --git a/elm/lib/dependabot/elm/requirement.rb b/elm/lib/dependabot/elm/requirement.rb index f4674dc9418..8b2d21fe8d9 100644 --- a/elm/lib/dependabot/elm/requirement.rb +++ b/elm/lib/dependabot/elm/requirement.rb @@ -9,8 +9,8 @@ class Requirement < Gem::Requirement ELM_PATTERN_RAW = "(#{Elm::Version::VERSION_PATTERN}) (<=?) v (<=?) " \ "(#{Elm::Version::VERSION_PATTERN})" - ELM_PATTERN = /\A#{ELM_PATTERN_RAW}\z/.freeze - ELM_EXACT_PATTERN = /\A#{Elm::Version::VERSION_PATTERN}\z/.freeze + ELM_PATTERN = /\A#{ELM_PATTERN_RAW}\z/ + ELM_EXACT_PATTERN = /\A#{Elm::Version::VERSION_PATTERN}\z/ # Returns an array of requirements. At least one requirement from the # returned array must be satisfied for a version to be valid. diff --git a/elm/lib/dependabot/elm/update_checker/cli_parser.rb b/elm/lib/dependabot/elm/update_checker/cli_parser.rb index e2b49ec81cc..902f4e1be28 100644 --- a/elm/lib/dependabot/elm/update_checker/cli_parser.rb +++ b/elm/lib/dependabot/elm/update_checker/cli_parser.rb @@ -7,10 +7,8 @@ module Dependabot module Elm class UpdateChecker class CliParser - INSTALL_DEPENDENCY_REGEX = - %r{([^\s]+\/[^\s]+)\s+(\d+\.\d+\.\d+)}.freeze - UPGRADE_DEPENDENCY_REGEX = - %r{([^\s]+\/[^\s]+) \(\d+\.\d+\.\d+ => (\d+\.\d+\.\d+)\)}.freeze + INSTALL_DEPENDENCY_REGEX = %r{([^\s]+\/[^\s]+)\s+(\d+\.\d+\.\d+)} + UPGRADE_DEPENDENCY_REGEX = %r{([^\s]+\/[^\s]+) \(\d+\.\d+\.\d+ => (\d+\.\d+\.\d+)\)} def self.decode_install_preview(text) installs = {} diff --git a/elm/lib/dependabot/elm/update_checker/requirements_updater.rb b/elm/lib/dependabot/elm/update_checker/requirements_updater.rb index 61819052214..7a3d20d743a 100644 --- a/elm/lib/dependabot/elm/update_checker/requirements_updater.rb +++ b/elm/lib/dependabot/elm/update_checker/requirements_updater.rb @@ -9,8 +9,8 @@ module Elm class UpdateChecker class RequirementsUpdater RANGE_REQUIREMENT_REGEX = - /(\d+\.\d+\.\d+) <= v < (\d+\.\d+\.\d+)/.freeze - SINGLE_VERSION_REGEX = /\A(\d+\.\d+\.\d+)\z/.freeze + /(\d+\.\d+\.\d+) <= v < (\d+\.\d+\.\d+)/ + SINGLE_VERSION_REGEX = /\A(\d+\.\d+\.\d+)\z/ def initialize(requirements:, latest_resolvable_version:) @requirements = requirements diff --git a/elm/lib/dependabot/elm/version.rb b/elm/lib/dependabot/elm/version.rb index 1a14f976d29..f111dbdae2e 100644 --- a/elm/lib/dependabot/elm/version.rb +++ b/elm/lib/dependabot/elm/version.rb @@ -10,7 +10,7 @@ module Dependabot module Elm class Version < Gem::Version VERSION_PATTERN = "[0-9]+\.[0-9]+\.[0-9]+" - VERSION_PATTERN_REGEX = /\A#{VERSION_PATTERN}\Z/.freeze + VERSION_PATTERN_REGEX = /\A#{VERSION_PATTERN}\Z/ def self.correct?(version) version.to_s.match?(VERSION_PATTERN_REGEX) diff --git a/github_actions/lib/dependabot/github_actions/file_fetcher.rb b/github_actions/lib/dependabot/github_actions/file_fetcher.rb index 5e3a2555ab2..396fbf97435 100644 --- a/github_actions/lib/dependabot/github_actions/file_fetcher.rb +++ b/github_actions/lib/dependabot/github_actions/file_fetcher.rb @@ -6,7 +6,7 @@ module Dependabot module GithubActions class FileFetcher < Dependabot::FileFetchers::Base - FILENAME_PATTERN = /^(\.github|action.ya?ml)$/.freeze + FILENAME_PATTERN = /^(\.github|action.ya?ml)$/ def self.required_files_in?(filenames) filenames.any? { |f| f.match?(FILENAME_PATTERN) } diff --git a/github_actions/lib/dependabot/github_actions/file_parser.rb b/github_actions/lib/dependabot/github_actions/file_parser.rb index 8b2e5a291de..97f3dc5564e 100644 --- a/github_actions/lib/dependabot/github_actions/file_parser.rb +++ b/github_actions/lib/dependabot/github_actions/file_parser.rb @@ -21,7 +21,7 @@ class FileParser < Dependabot::FileParsers::Base (?[\w.-]+) (?/[^\@]+)? @(?.+) - }x.freeze + }x def parse dependency_set = DependencySet.new diff --git a/go_modules/lib/dependabot/go_modules/file_parser.rb b/go_modules/lib/dependabot/go_modules/file_parser.rb index 2ccdea11caa..49b5451cc83 100644 --- a/go_modules/lib/dependabot/go_modules/file_parser.rb +++ b/go_modules/lib/dependabot/go_modules/file_parser.rb @@ -12,7 +12,7 @@ module Dependabot module GoModules class FileParser < Dependabot::FileParsers::Base - GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?[0-9a-f]{12})$/.freeze + GIT_VERSION_REGEX = /^v\d+\.\d+\.\d+-.*-(?[0-9a-f]{12})$/ def parse dependency_set = Dependabot::FileParsers::Base::DependencySet.new diff --git a/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb b/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb index d00df743d87..84adb95f2f3 100644 --- a/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb +++ b/go_modules/lib/dependabot/go_modules/file_updater/go_mod_updater.rb @@ -13,7 +13,7 @@ class FileUpdater class GoModUpdater RESOLVABILITY_ERROR_REGEXES = [ # The checksum in go.sum does not match the downloaded content - /verifying .*: checksum mismatch/.freeze, + /verifying .*: checksum mismatch/, /go(?: get)?: .*: go.mod has post-v\d+ module path/ ].freeze @@ -21,19 +21,19 @@ class GoModUpdater /fatal: The remote end hung up unexpectedly/, /repository '.+' not found/, # (Private) module could not be fetched - /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m.freeze, + /go(?: get)?: .*: git (fetch|ls-remote) .*: exit status 128/m, # (Private) module could not be found - /cannot find module providing package/.freeze, + /cannot find module providing package/, # Package in module was likely renamed or removed - /module .* found \(.*\), but does not contain package/m.freeze, + /module .* found \(.*\), but does not contain package/m, # Package pseudo-version does not match the version-control metadata # https://golang.google.cn/doc/go1.13#version-validation - /go(?: get)?: .*: invalid pseudo-version/m.freeze, + /go(?: get)?: .*: invalid pseudo-version/m, # Package does not exist, has been pulled or cannot be reached due to # auth problems with either git or the go proxy - /go(?: get)?: .*: unknown revision/m.freeze, + /go(?: get)?: .*: unknown revision/m, # Package pointing to a proxy that 404s - /go(?: get)?: .*: unrecognized import path/m.freeze + /go(?: get)?: .*: unrecognized import path/m ].freeze MODULE_PATH_MISMATCH_REGEXES = [ @@ -43,11 +43,11 @@ class GoModUpdater ].freeze OUT_OF_DISK_REGEXES = [ - %r{input/output error}.freeze, - /no space left on device/.freeze + %r{input/output error}, + /no space left on device/ ].freeze - GO_MOD_VERSION = /^go 1\.[\d]+$/.freeze + GO_MOD_VERSION = /^go 1\.[\d]+$/ def initialize(dependencies:, credentials:, repo_contents_path:, directory:, options:) diff --git a/go_modules/lib/dependabot/go_modules/requirement.rb b/go_modules/lib/dependabot/go_modules/requirement.rb index 5608b058e68..c7dfa6be5f1 100644 --- a/go_modules/lib/dependabot/go_modules/requirement.rb +++ b/go_modules/lib/dependabot/go_modules/requirement.rb @@ -12,15 +12,15 @@ module Dependabot module GoModules class Requirement < Gem::Requirement - WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze - OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze + WILDCARD_REGEX = /(?:\.|^)[xX*]/ + OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/ # Override the version pattern to allow a 'v' prefix quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|") version_pattern = "v?#{Version::VERSION_PATTERN}" PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ # Use GoModules::Version rather than Gem::Version to ensure that # pre-release versions aren't transformed. diff --git a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb index e552b7f5319..1da357e8be0 100644 --- a/go_modules/lib/dependabot/go_modules/resolvability_errors.rb +++ b/go_modules/lib/dependabot/go_modules/resolvability_errors.rb @@ -3,7 +3,7 @@ module Dependabot module GoModules module ResolvabilityErrors - GITHUB_REPO_REGEX = %r{github.com/[^:@]*}.freeze + GITHUB_REPO_REGEX = %r{github.com/[^:@]*} def self.handle(message, credentials:, goprivate:) mod_path = message.scan(GITHUB_REPO_REGEX).last diff --git a/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb b/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb index a32faba022c..2426a11c90b 100644 --- a/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +++ b/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb @@ -22,10 +22,10 @@ class LatestVersionFinder /unrecognized import path/, /malformed module path/, # (Private) module could not be fetched - /module .*: git ls-remote .*: exit status 128/m.freeze + /module .*: git ls-remote .*: exit status 128/m ].freeze - INVALID_VERSION_REGEX = /version "[^"]+" invalid/m.freeze - PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/.freeze + INVALID_VERSION_REGEX = /version "[^"]+" invalid/m + PSEUDO_VERSION_REGEX = /\b\d{14}-[0-9a-f]{12}$/ def initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false, diff --git a/go_modules/lib/dependabot/go_modules/version.rb b/go_modules/lib/dependabot/go_modules/version.rb index f0dbd4b0d97..3a559271da8 100644 --- a/go_modules/lib/dependabot/go_modules/version.rb +++ b/go_modules/lib/dependabot/go_modules/version.rb @@ -13,7 +13,7 @@ class Version < Gem::Version VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \ '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \ '(\+incompatible)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) version = version.gsub(/^v/, "") if version.is_a?(String) diff --git a/gradle/lib/dependabot/gradle/file_parser.rb b/gradle/lib/dependabot/gradle/file_parser.rb index 883b7c5d14f..ac21996109c 100644 --- a/gradle/lib/dependabot/gradle/file_parser.rb +++ b/gradle/lib/dependabot/gradle/file_parser.rb @@ -25,18 +25,16 @@ class FileParser < Dependabot::FileParsers::Base (?:\$\{property\((?[^:\s]*?)\)\})| (?:\$\{(?[^:\s]*?)\})| (?:\$(?[^:\s"']*)) - /x.freeze - - PART = %r{[^\s,@'":/\\]+}.freeze - VSN_PART = %r{[^\s,'":/\\]+}.freeze - DEPENDENCY_DECLARATION_REGEX = - /(?:\(|\s)\s*['"](?#{PART}:#{PART}:#{VSN_PART})['"]/. - freeze - DEPENDENCY_SET_DECLARATION_REGEX = - /(?:^|\s)dependencySet\((?[^\)]+)\)\s*\{/.freeze - DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?#{PART})['"]/.freeze - PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze - PLUGIN_ID_REGEX = /['"](?#{PART})['"]/.freeze + /x + + PART = %r{[^\s,@'":/\\]+} + VSN_PART = %r{[^\s,'":/\\]+} + DEPENDENCY_DECLARATION_REGEX = /(?:\(|\s)\s*['"](?#{PART}:#{PART}:#{VSN_PART})['"]/ + + DEPENDENCY_SET_DECLARATION_REGEX = /(?:^|\s)dependencySet\((?[^\)]+)\)\s*\{/ + DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?#{PART})['"]/ + PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/ + PLUGIN_ID_REGEX = /['"](?#{PART})['"]/ def parse dependency_set = DependencySet.new diff --git a/gradle/lib/dependabot/gradle/file_parser/property_value_finder.rb b/gradle/lib/dependabot/gradle/file_parser/property_value_finder.rb index 0cf33886551..7f5bbe6feb4 100644 --- a/gradle/lib/dependabot/gradle/file_parser/property_value_finder.rb +++ b/gradle/lib/dependabot/gradle/file_parser/property_value_finder.rb @@ -9,71 +9,58 @@ class PropertyValueFinder # rubocop:disable Layout/LineLength SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze - QUOTED_VALUE_REGEX = - /\s*['"][^\s]+['"]\s*/.freeze + QUOTED_VALUE_REGEX = /\s*['"][^\s]+['"]\s*/ # project.findProperty('property') ?: - FIND_PROPERTY_REGEX = - /\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/.freeze + FIND_PROPERTY_REGEX = /\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/ # project.hasProperty('property') ? project.getProperty('property') : GROOVY_HAS_PROPERTY_REGEX = - /\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/.freeze + /\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/ # if(project.hasProperty("property")) project.getProperty("property") else KOTLIN_HAS_PROPERTY_REGEX = - /\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s+/.freeze + /\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s+/ - GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = - /(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/.freeze + GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = /(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/ - KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = - /(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/.freeze + KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = /(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/ PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = - /(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})?/.freeze + /(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})?/ - VALUE_REGEX = - /#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?[^\s]+)['"]/.freeze + VALUE_REGEX = /#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?[^\s]+)['"]/ - GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX = - /(?:^|\s+|ext.)(?[^\s=]+)\s*=#{VALUE_REGEX}/.freeze + GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX = /(?:^|\s+|ext.)(?[^\s=]+)\s*=#{VALUE_REGEX}/ - KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX = - /\s*extra\[['"](?[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/.freeze + KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX = /\s*extra\[['"](?[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/ - KOTLIN_SINGLE_PROPERTY_SET_REGEX = - /\s*set\(['"](?[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/.freeze + KOTLIN_SINGLE_PROPERTY_SET_REGEX = /\s*set\(['"](?[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/ - KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX = - /\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/.freeze + KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX = /\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/ KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX = - /(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})/.freeze + /(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})/ SINGLE_PROPERTY_DECLARATION_REGEX = - /(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})/.freeze + /(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})/ - GROOVY_MULTI_PROPERTY_DECLARATION_REGEX = - /(?:^|\s+|ext.)(?[^\s=]+)\s*=\s*\[(?[^\]]+)\]/m.freeze + GROOVY_MULTI_PROPERTY_DECLARATION_REGEX = /(?:^|\s+|ext.)(?[^\s=]+)\s*=\s*\[(?[^\]]+)\]/m - KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX = - /\s*(?[^\s=]+)\.apply\s*{(?[^\]]+)}/m.freeze + KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX = /\s*(?[^\s=]+)\.apply\s*{(?[^\]]+)}/m KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX = - /\s*extra\[['"](?[^\s=]+)['"]\]\s*=\s*mapOf\((?[^\]]+)\)/m.freeze + /\s*extra\[['"](?[^\s=]+)['"]\]\s*=\s*mapOf\((?[^\]]+)\)/m MULTI_PROPERTY_DECLARATION_REGEX = - /(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})/.freeze + /(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})/ - KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX = - /(?:^|\s+)['"](?[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/.freeze + KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX = /(?:^|\s+)['"](?[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/ - REGULAR_NAMESPACED_DECLARATION_REGEX = - /(?:^|\s+)(?[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/.freeze + REGULAR_NAMESPACED_DECLARATION_REGEX = /(?:^|\s+)(?[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/ NAMESPACED_DECLARATION_REGEX = - /(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/.freeze + /(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/ # rubocop:enable Layout/LineLength def initialize(dependency_files:) diff --git a/gradle/lib/dependabot/gradle/file_parser/repositories_finder.rb b/gradle/lib/dependabot/gradle/file_parser/repositories_finder.rb index f2272b3e206..c12caea09c9 100644 --- a/gradle/lib/dependabot/gradle/file_parser/repositories_finder.rb +++ b/gradle/lib/dependabot/gradle/file_parser/repositories_finder.rb @@ -15,16 +15,13 @@ class RepositoriesFinder GOOGLE_MAVEN_REPO = "https://maven.google.com" GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2" - REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze + REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/ - GROOVY_MAVEN_REPO_REGEX = - /maven\s*\{[^\}]*\surl[\s\(]=?[^'"]*['"](?[^'"]+)['"]/.freeze + GROOVY_MAVEN_REPO_REGEX = /maven\s*\{[^\}]*\surl[\s\(]=?[^'"]*['"](?[^'"]+)['"]/ - KOTLIN_MAVEN_REPO_REGEX = - /maven\((url\s?\=\s?)?["](?[^"]+)["]\)/.freeze + KOTLIN_MAVEN_REPO_REGEX = /maven\((url\s?\=\s?)?["](?[^"]+)["]\)/ - MAVEN_REPO_REGEX = - /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/.freeze + MAVEN_REPO_REGEX = /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/ def initialize(dependency_files:, target_dependency_file:) @dependency_files = dependency_files diff --git a/gradle/lib/dependabot/gradle/metadata_finder.rb b/gradle/lib/dependabot/gradle/metadata_finder.rb index d72147dcbe0..3744ddb1f65 100644 --- a/gradle/lib/dependabot/gradle/metadata_finder.rb +++ b/gradle/lib/dependabot/gradle/metadata_finder.rb @@ -11,8 +11,8 @@ module Dependabot module Gradle class MetadataFinder < Dependabot::MetadataFinders::Base - DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}.freeze - PROPERTY_REGEX = /\$\{(?.*?)\}/.freeze + DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)} + PROPERTY_REGEX = /\$\{(?.*?)\}/ KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin" private diff --git a/gradle/lib/dependabot/gradle/requirement.rb b/gradle/lib/dependabot/gradle/requirement.rb index 5d1a2d7fe26..956fbd85b93 100644 --- a/gradle/lib/dependabot/gradle/requirement.rb +++ b/gradle/lib/dependabot/gradle/requirement.rb @@ -8,9 +8,8 @@ module Dependabot module Gradle class Requirement < Gem::Requirement quoted = OPS.keys.map { |k| Regexp.quote k }.join("|") - PATTERN_RAW = - "\\s*(#{quoted})?\\s*(#{Gradle::Version::VERSION_PATTERN})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gradle::Version::VERSION_PATTERN})\\s*" + PATTERN = /\A#{PATTERN_RAW}\z/ def self.parse(obj) return ["=", Gradle::Version.new(obj.to_s)] if obj.is_a?(Gem::Version) diff --git a/gradle/lib/dependabot/gradle/version.rb b/gradle/lib/dependabot/gradle/version.rb index cc86188dc98..852a8769239 100644 --- a/gradle/lib/dependabot/gradle/version.rb +++ b/gradle/lib/dependabot/gradle/version.rb @@ -30,7 +30,7 @@ class Version < Gem::Version "[0-9a-zA-Z]+" \ '(?>\.[0-9a-zA-Z]*)*' \ '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) return false if version.nil? diff --git a/hex/lib/dependabot/hex/file_fetcher.rb b/hex/lib/dependabot/hex/file_fetcher.rb index efda2276b42..3b4319b0544 100644 --- a/hex/lib/dependabot/hex/file_fetcher.rb +++ b/hex/lib/dependabot/hex/file_fetcher.rb @@ -6,12 +6,11 @@ module Dependabot module Hex class FileFetcher < Dependabot::FileFetchers::Base - APPS_PATH_REGEX = /apps_path:\s*"(?.*?)"/m.freeze + APPS_PATH_REGEX = /apps_path:\s*"(?.*?)"/m STRING_ARG = %{(?:["'](.*?)["'])} SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze - SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/. - freeze - PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/.freeze + SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/ + PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/ def self.required_files_in?(filenames) filenames.include?("mix.exs") diff --git a/hex/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb b/hex/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb index a47114aaffe..4e161917549 100644 --- a/hex/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb +++ b/hex/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb @@ -11,17 +11,15 @@ def initialize(mixfile_content:) @mixfile_content = mixfile_content end - FILE_READ = /File.read\(.*?\)/.freeze - FILE_READ_BANG = /File.read!\(.*?\)/.freeze + FILE_READ = /File.read\(.*?\)/ + FILE_READ_BANG = /File.read!\(.*?\)/ PIPE = Regexp.escape("|>").freeze - VERSION_FILE = /"VERSION"/i.freeze - - NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/.freeze - NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/.freeze - PIPED_VERSION_FILE_READ = - /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/.freeze - PIPED_VERSION_FILE_READ_BANG = - /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/.freeze + VERSION_FILE = /"VERSION"/i + + NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/ + NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/ + PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/ + PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/ # rubocop:disable Performance/MethodObjectAsBlock def sanitized_content diff --git a/hex/lib/dependabot/hex/requirement.rb b/hex/lib/dependabot/hex/requirement.rb index 255d1bdb130..c6d60272414 100644 --- a/hex/lib/dependabot/hex/requirement.rb +++ b/hex/lib/dependabot/hex/requirement.rb @@ -6,8 +6,8 @@ module Dependabot module Hex class Requirement < Gem::Requirement - AND_SEPARATOR = /\s+and\s+/.freeze - OR_SEPARATOR = /\s+or\s+/.freeze + AND_SEPARATOR = /\s+and\s+/ + OR_SEPARATOR = /\s+or\s+/ # Add the double-equality matcher to the list of allowed operations OPS = OPS.merge("==" => ->(v, r) { v == r }) @@ -15,7 +15,7 @@ class Requirement < Gem::Requirement # Override the version pattern to allow local versions quoted = OPS.keys.map { |k| Regexp.quote k }.join "|" PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Hex::Version::VERSION_PATTERN})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ # Returns an array of requirements. At least one requirement from the # returned array must be satisfied for a version to be valid. diff --git a/hex/lib/dependabot/hex/update_checker/requirements_updater.rb b/hex/lib/dependabot/hex/update_checker/requirements_updater.rb index 12fe5d8049d..76870e4c2d7 100644 --- a/hex/lib/dependabot/hex/update_checker/requirements_updater.rb +++ b/hex/lib/dependabot/hex/update_checker/requirements_updater.rb @@ -8,10 +8,10 @@ module Dependabot module Hex class UpdateChecker class RequirementsUpdater - OPERATORS = />=|<=|>|<|==|~>/.freeze - AND_SEPARATOR = /\s+and\s+/.freeze - OR_SEPARATOR = /\s+or\s+/.freeze - SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/.freeze + OPERATORS = />=|<=|>|<|==|~>/ + AND_SEPARATOR = /\s+and\s+/ + OR_SEPARATOR = /\s+or\s+/ + SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/ def initialize(requirements:, latest_resolvable_version:, updated_source:) diff --git a/hex/lib/dependabot/hex/version.rb b/hex/lib/dependabot/hex/version.rb index a7072b0fe47..66c23d63414 100644 --- a/hex/lib/dependabot/hex/version.rb +++ b/hex/lib/dependabot/hex/version.rb @@ -13,7 +13,7 @@ class Version < Gem::Version attr_reader :build_info VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) return false if version.nil? diff --git a/maven/lib/dependabot/maven/file_parser.rb b/maven/lib/dependabot/maven/file_parser.rb index f1eee3b5411..ebdd3016017 100644 --- a/maven/lib/dependabot/maven/file_parser.rb +++ b/maven/lib/dependabot/maven/file_parser.rb @@ -28,7 +28,7 @@ class FileParser < Dependabot::FileParsers::Base EXTENSION_SELECTOR = "extensions > extension" # Regex to get the property name from a declaration that uses a property - PROPERTY_REGEX = /\$\{(?.*?)\}/.freeze + PROPERTY_REGEX = /\$\{(?.*?)\}/ def parse dependency_set = DependencySet.new diff --git a/maven/lib/dependabot/maven/file_parser/property_value_finder.rb b/maven/lib/dependabot/maven/file_parser/property_value_finder.rb index e7b12b6271d..75c9779b528 100644 --- a/maven/lib/dependabot/maven/file_parser/property_value_finder.rb +++ b/maven/lib/dependabot/maven/file_parser/property_value_finder.rb @@ -16,7 +16,7 @@ class PropertyValueFinder require_relative "repositories_finder" require_relative "pom_fetcher" - DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}.freeze + DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)} def initialize(dependency_files:, credentials: []) @dependency_files = dependency_files diff --git a/maven/lib/dependabot/maven/file_updater/declaration_finder.rb b/maven/lib/dependabot/maven/file_updater/declaration_finder.rb index 895944552f1..5f65e8573dd 100644 --- a/maven/lib/dependabot/maven/file_updater/declaration_finder.rb +++ b/maven/lib/dependabot/maven/file_updater/declaration_finder.rb @@ -11,7 +11,7 @@ class FileUpdater class DeclarationFinder DECLARATION_REGEX = %r{.*?|.*?| - .*?(?:.*?.*)?|.*?}mx.freeze + .*?(?:.*?.*)?|.*?}mx attr_reader :dependency, :declaring_requirement, :dependency_files diff --git a/maven/lib/dependabot/maven/metadata_finder.rb b/maven/lib/dependabot/maven/metadata_finder.rb index 2db714324cc..699ade449de 100644 --- a/maven/lib/dependabot/maven/metadata_finder.rb +++ b/maven/lib/dependabot/maven/metadata_finder.rb @@ -12,7 +12,7 @@ module Dependabot module Maven class MetadataFinder < Dependabot::MetadataFinders::Base - DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}.freeze + DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)} private diff --git a/maven/lib/dependabot/maven/requirement.rb b/maven/lib/dependabot/maven/requirement.rb index 852b30603d8..89b9faf0e0c 100644 --- a/maven/lib/dependabot/maven/requirement.rb +++ b/maven/lib/dependabot/maven/requirement.rb @@ -7,10 +7,9 @@ module Dependabot module Maven class Requirement < Gem::Requirement quoted = OPS.keys.map { |k| Regexp.quote k }.join("|") - OR_SYNTAX = /(?<=\]|\)),/.freeze - PATTERN_RAW = - "\\s*(#{quoted})?\\s*(#{Maven::Version::VERSION_PATTERN})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + OR_SYNTAX = /(?<=\]|\)),/ + PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Maven::Version::VERSION_PATTERN})\\s*" + PATTERN = /\A#{PATTERN_RAW}\z/ def self.parse(obj) return ["=", Maven::Version.new(obj.to_s)] if obj.is_a?(Gem::Version) diff --git a/maven/lib/dependabot/maven/utils/auth_headers_finder.rb b/maven/lib/dependabot/maven/utils/auth_headers_finder.rb index 97633b21a4e..36130678c5a 100644 --- a/maven/lib/dependabot/maven/utils/auth_headers_finder.rb +++ b/maven/lib/dependabot/maven/utils/auth_headers_finder.rb @@ -47,7 +47,7 @@ def gitlab_auth_headers(maven_repo_url) end def gitlab_maven_repo?(maven_repo_path) - gitlab_maven_repo_reg = %r{^/api/v4.*/packages/maven/?$}.freeze + gitlab_maven_repo_reg = %r{^/api/v4.*/packages/maven/?$} maven_repo_path.match?(gitlab_maven_repo_reg) end end diff --git a/maven/lib/dependabot/maven/version.rb b/maven/lib/dependabot/maven/version.rb index 9354753316a..bc5e82f9b3b 100644 --- a/maven/lib/dependabot/maven/version.rb +++ b/maven/lib/dependabot/maven/version.rb @@ -30,7 +30,7 @@ class Version < Gem::Version "[0-9a-zA-Z]+" \ '(?>\.[0-9a-zA-Z]*)*' \ '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) return false if version.nil? diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb index c26604e3ce3..26958547f49 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb @@ -19,9 +19,8 @@ class FileFetcher < Dependabot::FileFetchers::Base # when it specifies a path. Only include Yarn "link:"'s that start with a # path and ignore symlinked package names that have been registered with # "yarn link", e.g. "link:react" - PATH_DEPENDENCY_STARTS = - %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze - PATH_DEPENDENCY_CLEAN_REGEX = /^file:|^link:/.freeze + PATH_DEPENDENCY_STARTS = %w(file: link:. link:/ link:~/ / ./ ../ ~/).freeze + PATH_DEPENDENCY_CLEAN_REGEX = /^file:|^link:/ def self.required_files_in?(filenames) filenames.include?("package.json") diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb index 2991bd8e94b..d567f0a75f9 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_parser.rb @@ -31,7 +31,7 @@ class FileParser < Dependabot::FileParsers::Base (?:\#(?=[\^~=<>*])(?.+))| (?:\#(?.+)) )?$ - }ix.freeze + }ix def parse dependency_set = DependencySet.new diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb index 70755c7584f..cad977184db 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater.rb @@ -34,21 +34,21 @@ def updated_lockfile attr_reader :lockfile, :dependencies, :dependency_files, :credentials - UNREACHABLE_GIT = /fatal: repository '(?.*)' not found/.freeze - FORBIDDEN_GIT = /fatal: Authentication failed for '(?.*)'/.freeze - FORBIDDEN_PACKAGE = %r{(?[^/]+) - (Forbidden|Unauthorized)}.freeze + UNREACHABLE_GIT = /fatal: repository '(?.*)' not found/ + FORBIDDEN_GIT = /fatal: Authentication failed for '(?.*)'/ + FORBIDDEN_PACKAGE = %r{(?[^/]+) - (Forbidden|Unauthorized)} FORBIDDEN_PACKAGE_403 = %r{^403\sForbidden\s - -\sGET\shttps?://(?[^/]+)/(?[^/\s]+)}x.freeze - MISSING_PACKAGE = %r{(?[^/]+) - Not found}.freeze - INVALID_PACKAGE = /Can't install (?.*): Missing/.freeze + -\sGET\shttps?://(?[^/]+)/(?[^/\s]+)}x + MISSING_PACKAGE = %r{(?[^/]+) - Not found} + INVALID_PACKAGE = /Can't install (?.*): Missing/ # TODO: look into fixing this in npm, seems like a bug in the git # downloader introduced in npm 7 # # NOTE: error message returned from arborist/npm 8 when trying to # fetching a invalid/non-existent git ref - NPM8_MISSING_GIT_REF = /already exists and is not an empty directory/.freeze - NPM6_MISSING_GIT_REF = /did not match any file\(s\) known to git/.freeze + NPM8_MISSING_GIT_REF = /already exists and is not an empty directory/ + NPM6_MISSING_GIT_REF = /did not match any file\(s\) known to git/ def updated_lockfile_content return lockfile.content if npmrc_disables_lockfile? diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb index 4e5c924ffc3..1fdfc500486 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/npmrc_builder.rb @@ -13,7 +13,7 @@ class NpmrcBuilder registry.yarnpkg.com ).freeze - SCOPED_REGISTRY = /^\s*@(?\S+):registry\s*=\s*(?\S+)/.freeze + SCOPED_REGISTRY = /^\s*@(?\S+):registry\s*=\s*(?\S+)/ def initialize(dependency_files:, credentials:) @dependency_files = dependency_files diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb index 37347612a69..e33a2faad4e 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/yarn_lockfile_updater.rb @@ -40,10 +40,9 @@ def updated_yarn_lock_content(yarn_lock) attr_reader :dependencies, :dependency_files, :repo_contents_path, :credentials - UNREACHABLE_GIT = /ls-remote --tags --heads (?.*)/.freeze - TIMEOUT_FETCHING_PACKAGE = - %r{(?.+)/(?[^/]+): ETIMEDOUT}.freeze - INVALID_PACKAGE = /Can't add "(?.*)": invalid/.freeze + UNREACHABLE_GIT = /ls-remote --tags --heads (?.*)/ + TIMEOUT_FETCHING_PACKAGE = %r{(?.+)/(?[^/]+): ETIMEDOUT} + INVALID_PACKAGE = /Can't add "(?.*)": invalid/ def top_level_dependencies dependencies.select(&:top_level?) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb index 05a79803334..f634c3350b5 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_name.rb @@ -18,7 +18,7 @@ class PackageName [a-z0-9\-\_\.\!\~\*\'\(\)]+ # URL-safe characters ) \z # end of string - }xi.freeze # multi-line/case-insensitive + }xi # multi-line/case-insensitive TYPES_PACKAGE_NAME_REGEX = %r{ \A # beginning of string @@ -26,7 +26,7 @@ class PackageName ((?.+)__)? # capture scope (?.+) # capture name \z # end of string - }xi.freeze # multi-line/case-insensitive + }xi # multi-line/case-insensitive class InvalidPackageName < StandardError; end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/requirement.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/requirement.rb index 5b57996735d..c6c4f1977bc 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/requirement.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/requirement.rb @@ -6,8 +6,8 @@ module Dependabot module NpmAndYarn class Requirement < Gem::Requirement - AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/.freeze - OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/.freeze + AND_SEPARATOR = /(?<=[a-zA-Z0-9*])\s+(?:&+\s+)?(?!\s*[|-])/ + OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/ LATEST_REQUIREMENT = "latest" # Override the version pattern to allow a 'v' prefix @@ -15,7 +15,7 @@ class Requirement < Gem::Requirement version_pattern = "v?#{NpmAndYarn::Version::VERSION_PATTERN}" PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ def self.parse(obj) return ["=", nil] if obj.is_a?(String) && obj.strip == LATEST_REQUIREMENT diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb index 29c6ca56060..32678a433f5 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb @@ -13,16 +13,11 @@ class RegistryFinder http://registry.npmjs.org https://registry.yarnpkg.com ).freeze - NPM_AUTH_TOKEN_REGEX = - %r{//(?.*)/:_authToken=(?.*)$}.freeze - NPM_GLOBAL_REGISTRY_REGEX = - /^registry\s*=\s*['"]?(?.*?)['"]?$/.freeze - YARN_GLOBAL_REGISTRY_REGEX = - /^(?:--)?registry\s+((['"](?.*)['"])|(?.*))/.freeze - NPM_SCOPED_REGISTRY_REGEX = - /^(?@[^:]+)\s*:registry\s*=\s*['"]?(?.*?)['"]?$/.freeze - YARN_SCOPED_REGISTRY_REGEX = - /['"](?@[^:]+):registry['"]\s((['"](?.*)['"])|(?.*))/.freeze + NPM_AUTH_TOKEN_REGEX = %r{//(?.*)/:_authToken=(?.*)$} + NPM_GLOBAL_REGISTRY_REGEX = /^registry\s*=\s*['"]?(?.*?)['"]?$/ + YARN_GLOBAL_REGISTRY_REGEX = /^(?:--)?registry\s+((['"](?.*)['"])|(?.*))/ + NPM_SCOPED_REGISTRY_REGEX = /^(?@[^:]+)\s*:registry\s*=\s*['"]?(?.*?)['"]?$/ + YARN_SCOPED_REGISTRY_REGEX = /['"](?@[^:]+):registry['"]\s((['"](?.*)['"])|(?.*))/ def initialize(dependency:, credentials:, npmrc_file: nil, yarnrc_file: nil, yarnrc_yml_file: nil) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb index 634295aab65..2bae3cd2dd3 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb @@ -13,10 +13,9 @@ module Dependabot module NpmAndYarn class UpdateChecker class RequirementsUpdater - VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze - SEPARATOR = /(?<=[a-zA-Z0-9*])[\s|]+(?![\s|-])/.freeze - ALLOWED_UPDATE_STRATEGIES = - %i(widen_ranges bump_versions bump_versions_if_necessary).freeze + VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/ + SEPARATOR = /(?<=[a-zA-Z0-9*])[\s|]+(?![\s|-])/ + ALLOWED_UPDATE_STRATEGIES = %i(widen_ranges bump_versions bump_versions_if_necessary).freeze def initialize(requirements:, updated_source:, update_strategy:, latest_resolvable_version:) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb index dc466fbbbd5..681683baf82 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb @@ -36,7 +36,7 @@ class VersionResolver "\s>\s(?[^"]+)"\s has\s(incorrect|unmet)\speer\sdependency\s "(?[^"]+)" - /x.freeze + /x # Error message from npm install: # react-dom@15.2.0 requires a peer of react@^15.2.0 \ @@ -46,7 +46,7 @@ class VersionResolver (?[^\s]+)\s requires\sa\speer\sof\s (?.+?)\sbut\snone\sis\sinstalled. - /x.freeze + /x # Error message from npm install: # npm ERR! Could not resolve dependency: @@ -59,7 +59,7 @@ class VersionResolver / npm\s(?:WARN|ERR!)\sCould\snot\sresolve\sdependency:\n npm\s(?:WARN|ERR!)\speer\s(?\S+@\S+(\s\S+)?)\sfrom\s(?\S+@\S+) - /x.freeze + /x def initialize(dependency:, credentials:, dependency_files:, latest_allowable_version:, latest_version_finder:) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb index 56f138804ce..3f9f325a725 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/version.rb @@ -15,7 +15,7 @@ class Version < Gem::Version attr_reader :build_info VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) version = version.gsub(/^v/, "") if version.is_a?(String) diff --git a/nuget/lib/dependabot/nuget/file_parser/project_file_parser.rb b/nuget/lib/dependabot/nuget/file_parser/project_file_parser.rb index cc4f65d7d97..0544f20255a 100644 --- a/nuget/lib/dependabot/nuget/file_parser/project_file_parser.rb +++ b/nuget/lib/dependabot/nuget/file_parser/project_file_parser.rb @@ -20,9 +20,9 @@ class ProjectFileParser "ItemGroup > Dependency, " \ "ItemGroup > DevelopmentDependency" - PROJECT_SDK_REGEX = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$}.freeze - PROPERTY_REGEX = /\$\((?.*?)\)/.freeze - ITEM_REGEX = /\@\((?.*?)\)/.freeze + PROJECT_SDK_REGEX = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$} + PROPERTY_REGEX = /\$\((?.*?)\)/ + ITEM_REGEX = /\@\((?.*?)\)/ def initialize(dependency_files:) @dependency_files = dependency_files diff --git a/nuget/lib/dependabot/nuget/file_parser/property_value_finder.rb b/nuget/lib/dependabot/nuget/file_parser/property_value_finder.rb index bdd6f4850f8..40a1dd04eba 100644 --- a/nuget/lib/dependabot/nuget/file_parser/property_value_finder.rb +++ b/nuget/lib/dependabot/nuget/file_parser/property_value_finder.rb @@ -10,7 +10,7 @@ module Dependabot module Nuget class FileParser class PropertyValueFinder - PROPERTY_REGEX = /\$\((?.*?)\)/.freeze + PROPERTY_REGEX = /\$\((?.*?)\)/ def initialize(dependency_files:) @dependency_files = dependency_files diff --git a/nuget/lib/dependabot/nuget/file_updater/packages_config_declaration_finder.rb b/nuget/lib/dependabot/nuget/file_updater/packages_config_declaration_finder.rb index 20c1ce32b01..6bdda24cbcb 100644 --- a/nuget/lib/dependabot/nuget/file_updater/packages_config_declaration_finder.rb +++ b/nuget/lib/dependabot/nuget/file_updater/packages_config_declaration_finder.rb @@ -9,7 +9,7 @@ class FileUpdater class PackagesConfigDeclarationFinder DECLARATION_REGEX = %r{]*?/>| - ]*?[^/]>.*?}mx.freeze + ]*?[^/]>.*?}mx attr_reader :dependency_name, :declaring_requirement, :packages_config diff --git a/nuget/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb b/nuget/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb index ff27195e775..fe11e87017e 100644 --- a/nuget/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb +++ b/nuget/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb @@ -19,18 +19,18 @@ class ProjectFileDeclarationFinder ]*?[^/]>.*?| ]*?/>| ]*?[^/]>.*? - }mx.freeze + }mx SDK_IMPORT_REGEX = / ]*?Sdk="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?> | ]*?Version="[^"]*?"[^>]*?Sdk="[^"]*?"[^>]*?> - /mx.freeze + /mx SDK_PROJECT_REGEX = / ]*?Sdk="[^"]*?"[^>]*?> - /mx.freeze + /mx SDK_SDK_REGEX = / ]*?Name="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?> | ]*?Version="[^"]*?"[^>]*?Name="[^"]*?"[^>]*?> - /mx.freeze + /mx attr_reader :dependency_name, :declaring_requirement, :dependency_files diff --git a/nuget/lib/dependabot/nuget/update_checker/version_finder.rb b/nuget/lib/dependabot/nuget/update_checker/version_finder.rb index 36858b7006b..7c4df7e11f4 100644 --- a/nuget/lib/dependabot/nuget/update_checker/version_finder.rb +++ b/nuget/lib/dependabot/nuget/update_checker/version_finder.rb @@ -15,7 +15,7 @@ class UpdateChecker class VersionFinder require_relative "repository_finder" - NUGET_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze + NUGET_RANGE_REGEX = /[\(\[].*,.*[\)\]]/ def initialize(dependency:, dependency_files:, credentials:, ignored_versions:, raise_on_ignored: false, diff --git a/nuget/lib/dependabot/nuget/version.rb b/nuget/lib/dependabot/nuget/version.rb index 8819097feac..921e625db3f 100644 --- a/nuget/lib/dependabot/nuget/version.rb +++ b/nuget/lib/dependabot/nuget/version.rb @@ -11,7 +11,7 @@ module Dependabot module Nuget class Version < Gem::Version VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) return false if version.nil? diff --git a/pub/lib/dependabot/pub/requirement.rb b/pub/lib/dependabot/pub/requirement.rb index fae784e342d..7da062ab1e3 100644 --- a/pub/lib/dependabot/pub/requirement.rb +++ b/pub/lib/dependabot/pub/requirement.rb @@ -14,8 +14,8 @@ class Requirement < Gem::Requirement quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|") version_pattern = Pub::Version::VERSION_PATTERN - PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*".freeze + PATTERN = /\A#{PATTERN_RAW}\z/ # Use Pub::Version rather than Gem::Version to ensure that # pre-release versions aren't transformed. diff --git a/pub/lib/dependabot/pub/version.rb b/pub/lib/dependabot/pub/version.rb index 5bad57d0902..348ef4c90c7 100644 --- a/pub/lib/dependabot/pub/version.rb +++ b/pub/lib/dependabot/pub/version.rb @@ -17,7 +17,7 @@ module Dependabot module Pub class Version < Gem::Version VERSION_PATTERN = Gem::Version::VERSION_PATTERN + "(\\+[0-9a-zA-Z\\-.]+)?" - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ attr_reader :build_info diff --git a/python/lib/dependabot/python/file_fetcher.rb b/python/lib/dependabot/python/file_fetcher.rb index 1b3ca181795..a5de350fc91 100644 --- a/python/lib/dependabot/python/file_fetcher.rb +++ b/python/lib/dependabot/python/file_fetcher.rb @@ -11,9 +11,9 @@ module Dependabot module Python class FileFetcher < Dependabot::FileFetchers::Base - CHILD_REQUIREMENT_REGEX = /^-r\s?(?.*\.(?:txt|in))/.freeze - CONSTRAINT_REGEX = /^-c\s?(?.*\.(?:txt|in))/.freeze - DEPENDENCY_TYPES = %w(packages dev-packages).freeze + CHILD_REQUIREMENT_REGEX = /^-r\s?(?.*\.(?:txt|in))/ + CONSTRAINT_REGEX = /^-c\s?(?.*\.(?:txt|in))/ + DEPENDENCY_TYPES = %w(packages dev-packages) def self.required_files_in?(filenames) return true if filenames.any? { |name| name.end_with?(".txt", ".in") } diff --git a/python/lib/dependabot/python/file_parser/setup_file_parser.rb b/python/lib/dependabot/python/file_parser/setup_file_parser.rb index 50d8554b4ce..dd5d56f3171 100644 --- a/python/lib/dependabot/python/file_parser/setup_file_parser.rb +++ b/python/lib/dependabot/python/file_parser/setup_file_parser.rb @@ -12,10 +12,10 @@ module Dependabot module Python class FileParser class SetupFileParser - INSTALL_REQUIRES_REGEX = /install_requires\s*=\s*\[/m.freeze - SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*\[/m.freeze - TESTS_REQUIRE_REGEX = /tests_require\s*=\s*\[/m.freeze - EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*\{/m.freeze + INSTALL_REQUIRES_REGEX = /install_requires\s*=\s*\[/m + SETUP_REQUIRES_REGEX = /setup_requires\s*=\s*\[/m + TESTS_REQUIRE_REGEX = /tests_require\s*=\s*\[/m + EXTRAS_REQUIRE_REGEX = /extras_require\s*=\s*\{/m CLOSING_BRACKET = { "[" => "]", "{" => "}" }.freeze diff --git a/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb b/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb index 85d6732ba46..2ac1fe5ef15 100644 --- a/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb +++ b/python/lib/dependabot/python/file_updater/pip_compile_file_updater.rb @@ -22,10 +22,9 @@ class PipCompileFileUpdater require_relative "setup_file_sanitizer" UNSAFE_PACKAGES = %w(setuptools distribute pip).freeze - INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m.freeze - WARNINGS = /\s*# WARNING:.*\Z/m.freeze - UNSAFE_NOTE = - /\s*# The following packages are considered to be unsafe.*\Z/m.freeze + INCOMPATIBLE_VERSIONS_REGEX = /There are incompatible versions in the resolved dependencies:.*\z/m + WARNINGS = /\s*# WARNING:.*\Z/m + UNSAFE_NOTE = /\s*# The following packages are considered to be unsafe.*\Z/m attr_reader :dependencies, :dependency_files, :credentials diff --git a/python/lib/dependabot/python/requirement.rb b/python/lib/dependabot/python/requirement.rb index cc1326ef04f..965c992d782 100644 --- a/python/lib/dependabot/python/requirement.rb +++ b/python/lib/dependabot/python/requirement.rb @@ -6,7 +6,7 @@ module Dependabot module Python class Requirement < Gem::Requirement - OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/.freeze + OR_SEPARATOR = /(?<=[a-zA-Z0-9)*])\s*\|+/ # Add equality and arbitrary-equality matchers OPS = OPS.merge( @@ -19,8 +19,8 @@ class Requirement < Gem::Requirement version_pattern = Python::Version::VERSION_PATTERN PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze - PARENS_PATTERN = /\A\(([^)]+)\)\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ + PARENS_PATTERN = /\A\(([^)]+)\)\z/ def self.parse(obj) return ["=", Python::Version.new(obj.to_s)] if obj.is_a?(Gem::Version) diff --git a/python/lib/dependabot/python/requirement_parser.rb b/python/lib/dependabot/python/requirement_parser.rb index c1098b28c7e..8e5958d0a41 100644 --- a/python/lib/dependabot/python/requirement_parser.rb +++ b/python/lib/dependabot/python/requirement_parser.rb @@ -3,29 +3,26 @@ module Dependabot module Python class RequirementParser - NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/.freeze - EXTRA = /[a-zA-Z0-9\-_\.]+/.freeze - COMPARISON = /===|==|>=|<=|<|>|~=|!=/.freeze - VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/. - freeze - REQUIREMENT = - /(?#{COMPARISON})\s*\\?\s*(?#{VERSION})/.freeze - HASH = /--hash=(?.*?):(?.*?)(?=\s|$)/.freeze - REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/.freeze - HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/.freeze - MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/.freeze - PYTHON_STR_C = - %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]}.freeze - PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/.freeze + NAME = /[a-zA-Z0-9](?:[a-zA-Z0-9\-_\.]*[a-zA-Z0-9])?/ + EXTRA = /[a-zA-Z0-9\-_\.]+/ + COMPARISON = /===|==|>=|<=|<|>|~=|!=/ + VERSION = /([1-9][0-9]*!)?[0-9]+[a-zA-Z0-9\-_.*]*(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?/ + + REQUIREMENT = /(?#{COMPARISON})\s*\\?\s*(?#{VERSION})/ + HASH = /--hash=(?.*?):(?.*?)(?=\s|$)/ + REQUIREMENTS = /#{REQUIREMENT}(\s*,\s*\\?\s*#{REQUIREMENT})*/ + HASHES = /#{HASH}(\s*\\?\s*#{HASH})*/ + MARKER_OP = /\s*(#{COMPARISON}|(\s*in)|(\s*not\s*in))/ + PYTHON_STR_C = %r{[a-zA-Z0-9\s\(\)\.\{\}\-_\*#:;/\?\[\]!~`@\$%\^&=\+\|<>]} + PYTHON_STR = /('(#{PYTHON_STR_C}|")*'|"(#{PYTHON_STR_C}|')*")/ ENV_VAR = /python_version|python_full_version|os_name|sys_platform| platform_release|platform_system|platform_version|platform_machine| platform_python_implementation|implementation_name| - implementation_version/.freeze - MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/.freeze - MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/.freeze - MARKER_EXPR = - /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/.freeze + implementation_version/ + MARKER_VAR = /\s*(#{ENV_VAR}|#{PYTHON_STR})/ + MARKER_EXPR_ONE = /#{MARKER_VAR}#{MARKER_OP}#{MARKER_VAR}/ + MARKER_EXPR = /(#{MARKER_EXPR_ONE}|\(\s*|\s*\)|\s+and\s+|\s+or\s+)+/ INSTALL_REQ_WITH_REQUIREMENT = /\s*\\?\s*(?#{NAME}) @@ -34,7 +31,7 @@ class RequirementParser \s*\\?\s*(;\s*(?#{MARKER_EXPR}))? \s*\\?\s*(?#{HASHES})? \s*#*\s*(?.+)? - /x.freeze + /x INSTALL_REQ_WITHOUT_REQUIREMENT = /^\s*\\?\s*(?#{NAME}) @@ -42,7 +39,7 @@ class RequirementParser \s*\\?\s*(;\s*(?#{MARKER_EXPR}))? \s*\\?\s*(?#{HASHES})? \s*#*\s*(?.+)?$ - /x.freeze + /x VALID_REQ_TXT_REQUIREMENT = /^\s*\\?\s*(?#{NAME}) @@ -51,12 +48,12 @@ class RequirementParser \s*\\?\s*(;\s*(?#{MARKER_EXPR}))? \s*\\?\s*(?#{HASHES})? \s*(\#+\s*(?.*))?$ - /x.freeze + /x NAME_WITH_EXTRAS = /\s*\\?\s*(?#{NAME}) (\s*\\?\s*\[\s*(?#{EXTRA}(\s*,\s*#{EXTRA})*)\s*\])? - /x.freeze + /x end end end diff --git a/python/lib/dependabot/python/update_checker.rb b/python/lib/dependabot/python/update_checker.rb index a82d3e8466b..d21c4bb28aa 100644 --- a/python/lib/dependabot/python/update_checker.rb +++ b/python/lib/dependabot/python/update_checker.rb @@ -26,7 +26,7 @@ class UpdateChecker < Dependabot::UpdateCheckers::Base https://pypi.python.org/simple/ https://pypi.org/simple/ ).freeze - VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze + VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/ def latest_version @latest_version ||= fetch_latest_version diff --git a/python/lib/dependabot/python/update_checker/index_finder.rb b/python/lib/dependabot/python/update_checker/index_finder.rb index ce74363c821..ed180abbcb8 100644 --- a/python/lib/dependabot/python/update_checker/index_finder.rb +++ b/python/lib/dependabot/python/update_checker/index_finder.rb @@ -9,7 +9,7 @@ module Python class UpdateChecker class IndexFinder PYPI_BASE_URL = "https://pypi.org/simple/" - ENVIRONMENT_VARIABLE_REGEX = /\$\{.+\}/.freeze + ENVIRONMENT_VARIABLE_REGEX = /\$\{.+\}/ def initialize(dependency_files:, credentials:) @dependency_files = dependency_files diff --git a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb index aa6547de6e2..2e2b418a1e0 100644 --- a/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/pip_compile_version_resolver.rb @@ -24,16 +24,14 @@ class UpdateChecker # - Run `pip-compile` and see what the result is # rubocop:disable Metrics/ClassLength class PipCompileVersionResolver - GIT_DEPENDENCY_UNREACHABLE_REGEX = - /git clone --filter=blob:none --quiet (?[^\s]+).* /.freeze - GIT_REFERENCE_NOT_FOUND_REGEX = - /Did not find branch or tag '(?[^\n"]+)'/m.freeze + GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone --filter=blob:none --quiet (?[^\s]+).* / + GIT_REFERENCE_NOT_FOUND_REGEX = /Did not find branch or tag '(?[^\n"]+)'/m NATIVE_COMPILATION_ERROR = "pip._internal.exceptions.InstallationSubprocessError: Command errored out with exit status 1:" # See https://packaging.python.org/en/latest/tutorials/packaging-projects/#configuring-metadata - PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/.freeze + PYTHON_PACKAGE_NAME_REGEX = /[A-Za-z0-9_\-]+/ RESOLUTION_IMPOSSIBLE_ERROR = "ResolutionImpossible" - ERROR_REGEX = /(?<=ERROR\:\W).*$/.freeze + ERROR_REGEX = /(?<=ERROR\:\W).*$/ attr_reader :dependency, :dependency_files, :credentials diff --git a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb index 608ce50ae54..9684630b225 100644 --- a/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/pipenv_version_resolver.rb @@ -30,21 +30,18 @@ class UpdateChecker # still better than nothing, though. class PipenvVersionResolver # rubocop:disable Layout/LineLength - GIT_DEPENDENCY_UNREACHABLE_REGEX = - /git clone -q (?[^\s]+).* /.freeze - GIT_REFERENCE_NOT_FOUND_REGEX = - %r{git checkout -q (?[^\n"]+)\n?[^\n]*/(?.*?)(\\n'\]|$)}m. - freeze + GIT_DEPENDENCY_UNREACHABLE_REGEX = /git clone -q (?[^\s]+).* / + GIT_REFERENCE_NOT_FOUND_REGEX = %r{git checkout -q (?[^\n"]+)\n?[^\n]*/(?.*?)(\\n'\]|$)}m PIPENV_INSTALLATION_ERROR = "pipenv.patched.notpip._internal.exceptions.InstallationError: Command errored out" \ " with exit status 1: python setup.py egg_info" TRACEBACK = "Traceback (most recent call last):" PIPENV_INSTALLATION_ERROR_REGEX = - /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/. - freeze + /#{Regexp.quote(TRACEBACK)}[\s\S]*^\s+import\s(?.+)[\s\S]*^#{Regexp.quote(PIPENV_INSTALLATION_ERROR)}/ + UNSUPPORTED_DEPS = %w(pyobjc).freeze UNSUPPORTED_DEP_REGEX = - /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/.freeze - PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/.freeze + /Could not find a version that satisfies the requirement.*(?:#{UNSUPPORTED_DEPS.join("|")})/ + PIPENV_RANGE_WARNING = /Warning:\sPython\s[<>].* was not found/ # rubocop:enable Layout/LineLength DEPENDENCY_TYPES = %w(packages dev-packages).freeze diff --git a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb index f4343fdade8..6be187f5374 100644 --- a/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb +++ b/python/lib/dependabot/python/update_checker/poetry_version_resolver.rb @@ -35,7 +35,7 @@ class PoetryVersionResolver ...Failedtoclone (?.+?).gitat'(?.+?)', verifyrefexistsonremote) - /x.freeze # TODO: remove the first clause and | when py3.6 support is EoL + /x # TODO: remove the first clause and | when py3.6 support is EoL GIT_DEPENDENCY_UNREACHABLE_REGEX = / (?:'\['git', \s+'clone', @@ -47,7 +47,7 @@ class PoetryVersionResolver \s+Failed\sto\sclone \s+(?.+?), \s+check\syour\sgit\sconfiguration) - /mx.freeze # TODO: remove the first clause and | when py3.6 support is EoL + /mx # TODO: remove the first clause and | when py3.6 support is EoL attr_reader :dependency, :dependency_files, :credentials diff --git a/python/lib/dependabot/python/update_checker/requirements_updater.rb b/python/lib/dependabot/python/update_checker/requirements_updater.rb index fb81d111f7e..c2267d4f318 100644 --- a/python/lib/dependabot/python/update_checker/requirements_updater.rb +++ b/python/lib/dependabot/python/update_checker/requirements_updater.rb @@ -9,8 +9,8 @@ module Dependabot module Python class UpdateChecker class RequirementsUpdater - PYPROJECT_OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/.freeze - PYPROJECT_SEPARATOR = /#{PYPROJECT_OR_SEPARATOR}|,/.freeze + PYPROJECT_OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|+/ + PYPROJECT_SEPARATOR = /#{PYPROJECT_OR_SEPARATOR}|,/ class UnfixableRequirement < StandardError; end diff --git a/python/lib/dependabot/python/version.rb b/python/lib/dependabot/python/version.rb index 0290de9f0ff..8aa961920f2 100644 --- a/python/lib/dependabot/python/version.rb +++ b/python/lib/dependabot/python/version.rb @@ -18,7 +18,7 @@ class Version < Gem::Version VERSION_PATTERN = 'v?([1-9][0-9]*!)?[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \ '(-[0-9A-Za-z]+(\.[0-9a-zA-Z]+)*)?' \ '(\+[0-9a-zA-Z]+(\.[0-9a-zA-Z]+)*)?' - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ def self.correct?(version) return false if version.nil? diff --git a/terraform/lib/dependabot/terraform/file_fetcher.rb b/terraform/lib/dependabot/terraform/file_fetcher.rb index bd2627c1b87..c14f82df46a 100644 --- a/terraform/lib/dependabot/terraform/file_fetcher.rb +++ b/terraform/lib/dependabot/terraform/file_fetcher.rb @@ -10,7 +10,7 @@ class FileFetcher < Dependabot::FileFetchers::Base include FileSelector # https://www.terraform.io/docs/language/modules/sources.html#local-paths - LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?..?\/[^'"]+)}.freeze + LOCAL_PATH_SOURCE = %r{source\s*=\s*['"](?..?\/[^'"]+)} def self.required_files_in?(filenames) filenames.any? { |f| f.end_with?(".tf", ".hcl") } diff --git a/terraform/lib/dependabot/terraform/file_parser.rb b/terraform/lib/dependabot/terraform/file_parser.rb index 0b53da9ddb0..bbf2055097e 100644 --- a/terraform/lib/dependabot/terraform/file_parser.rb +++ b/terraform/lib/dependabot/terraform/file_parser.rb @@ -24,7 +24,7 @@ class FileParser < Dependabot::FileParsers::Base DEFAULT_REGISTRY = "registry.terraform.io" DEFAULT_NAMESPACE = "hashicorp" # https://www.terraform.io/docs/language/providers/requirements.html#source-addresses - PROVIDER_SOURCE_ADDRESS = %r{\A((?.+)/)?(?.+)/(?.+)\z}.freeze + PROVIDER_SOURCE_ADDRESS = %r{\A((?.+)/)?(?.+)/(?.+)\z} def parse dependency_set = DependencySet.new diff --git a/terraform/lib/dependabot/terraform/file_updater.rb b/terraform/lib/dependabot/terraform/file_updater.rb index c2a81df7ab8..7a4e69aaaa7 100644 --- a/terraform/lib/dependabot/terraform/file_updater.rb +++ b/terraform/lib/dependabot/terraform/file_updater.rb @@ -11,9 +11,9 @@ module Terraform class FileUpdater < Dependabot::FileUpdaters::Base include FileSelector - PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?\S+)\":/.freeze - MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?\S+)\"/m.freeze - GIT_HTTPS_PREFIX = %r{^git::https://}.freeze + PRIVATE_MODULE_ERROR = /Could not download module.*code from\n.*\"(?\S+)\":/ + MODULE_NOT_INSTALLED_ERROR = /Module not installed.*module\s*\"(?\S+)\"/m + GIT_HTTPS_PREFIX = %r{^git::https://} def self.updated_files_regex [/\.tf$/, /\.hcl$/] diff --git a/terraform/lib/dependabot/terraform/requirement.rb b/terraform/lib/dependabot/terraform/requirement.rb index 1935b17b478..b92c980a266 100644 --- a/terraform/lib/dependabot/terraform/requirement.rb +++ b/terraform/lib/dependabot/terraform/requirement.rb @@ -12,7 +12,7 @@ class Requirement < Gem::Requirement # https://www.terraform.io/docs/registry/modules/publish.html#requirements OPERATORS = OPS.keys.map { |key| Regexp.quote(key) }.join("|").freeze PATTERN_RAW = "\\s*(#{OPERATORS})?\\s*v?(#{Gem::Version::VERSION_PATTERN})\\s*" - PATTERN = /\A#{PATTERN_RAW}\z/.freeze + PATTERN = /\A#{PATTERN_RAW}\z/ def self.parse(obj) return ["=", Version.new(obj.to_s)] if obj.is_a?(Gem::Version) diff --git a/updater/lib/dependabot/sentry.rb b/updater/lib/dependabot/sentry.rb index f402618e27d..7eb3d68c4b0 100644 --- a/updater/lib/dependabot/sentry.rb +++ b/updater/lib/dependabot/sentry.rb @@ -4,7 +4,7 @@ # ExceptionSanitizer filters potential secrets/PII from exception payloads class ExceptionSanitizer < Raven::Processor - REPO = %r{[\w.\-]+/([\w.\-]+)}.freeze + REPO = %r{[\w.\-]+/([\w.\-]+)} PATTERNS = { auth_token: /(?:authorization|bearer):? (\w+)/i, repo: %r{api\.github\.com/repos/#{REPO}|github\.com/#{REPO}}