diff --git a/.dockerignore b/.dockerignore index 06ffeee8774..34b0d3f9bc8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -13,6 +13,8 @@ **/.bundle **/coverage **/Gemfile.lock +!updater/Gemfile.lock +!updater/spec/fixtures/**/Gemfile.lock **/node_modules !**/spec/fixtures/* git.store diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index edc8a974b42..2eeedea44c3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,6 +90,46 @@ jobs: --rm dependabot-core-ci bash -c \ "cd /home/dependabot/dependabot-core/${{ matrix.suite.path }} && ./script/ci-test" + updater: + name: Updater + runs-on: ubuntu-latest + strategy: + fail-fast: false + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Build dependabot-core image + env: + DOCKER_BUILDKIT: 1 + run: | + docker build \ + -t "dependabot/dependabot-core:latest" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from ghcr.io/dependabot/dependabot-core \ + . + - name: Free up disk space + run: | + sudo apt autoremove --purge && sudo apt -y clean + docker system prune -af --volumes + sudo swapoff -a + sudo rm -f /swapfile + df -h + - name: GPR login + run: docker login docker.pkg.github.com -u x -p ${{secrets.GITHUB_TOKEN}} + - name: GHCR login + run: docker login ghcr.io -u x -p ${{ secrets.GITHUB_TOKEN }} + - name: Build + run: script/build + - name: Lint + run: script/lint + env: + SKIP_BUILD: true + - name: Run updater tests + run: ./script/ci-test-updater + env: + SKIP_BUILD: true + DEPENDABOT_TEST_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + lint: name: Lint runs-on: ubuntu-latest diff --git a/.github/workflows/docker-branch-releases.yml b/.github/workflows/docker-branch-releases.yml new file mode 100644 index 00000000000..6838dd6480f --- /dev/null +++ b/.github/workflows/docker-branch-releases.yml @@ -0,0 +1,62 @@ +name: Push docker branch images +env: + BASE_IMAGE: "ubuntu:20.04" + UPDATER_IMAGE: "dependabot/updater" + UPDATER_IMAGE_MIRROR: "ghcr.io/dependabot/dependabot-updater" +on: + pull_request: + paths-ignore: + - "CHANGELOG.md" + - "common/lib/dependabot/version.rb" + +jobs: + push-updater-image: + name: Export dependabot-updater image to build artifacts + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + env: + TAG: ${{ github.sha }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Build dependabot-core image + env: + DOCKER_BUILDKIT: 1 + run: | + docker build \ + -t "dependabot/dependabot-core:$TAG" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from ghcr.io/dependabot/dependabot-core \ + . + - name: Build dependabot-updater image + env: + DOCKER_BUILDKIT: 1 + run: | + docker build \ + -t "$UPDATER_IMAGE:$TAG" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from "$BASE_IMAGE" \ + --cache-from "$UPDATER_IMAGE:latest" \ + --build-arg OMNIBUS_VERSION=$TAG \ + -f Dockerfile.updater \ + . + - name: Log in to GHCR + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Push branch image + if: ${{ github.repository == 'dependabot/dependabot-core' }} + run: | + docker tag "$UPDATER_IMAGE:$TAG" "$UPDATER_IMAGE_MIRROR:$TAG" + docker push "$UPDATER_IMAGE_MIRROR:$TAG" + - name: Save tagged image + run: | + docker save "$UPDATER_IMAGE:$TAG" > dependabot-updater.tar + - name: Archive image + uses: actions/upload-artifact@v3 + with: + name: updater-${{ github.sha }}.tar + path: dependabot-updater.tar + - name: Set summary + run: echo "updater uploaded with tag $TAG" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ad8ccee8aeb..de741fe6ad8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -3,6 +3,8 @@ env: BASE_IMAGE: "ubuntu:20.04" CORE_IMAGE: "dependabot/dependabot-core" CORE_IMAGE_MIRROR: "ghcr.io/dependabot/dependabot-core" + UPDATER_IMAGE: "dependabot/dependabot-updater" + UPDATER_IMAGE_MIRROR: "ghcr.io/dependabot/dependabot-updater" on: push: branches: @@ -49,6 +51,48 @@ jobs: docker push "$CORE_IMAGE:$VERSION" docker tag "$CORE_IMAGE:latest" "$CORE_IMAGE_MIRROR:$VERSION" docker push "$CORE_IMAGE_MIRROR:$VERSION" + push-updater-image: + name: Push dependabot-updater image to docker hub + runs-on: ubuntu-latest + if: ${{ github.repository == 'dependabot/dependabot-core' }} + permissions: + contents: read + packages: write + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Build dependabot-updater image + env: + DOCKER_BUILDKIT: 1 + run: | + VERSION="$(grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" common/lib/dependabot/version.rb)" + docker build \ + -t "$UPDATER_IMAGE:latest" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from "$BASE_IMAGE" \ + --cache-from "$UPDATER_IMAGE:latest" \ + --build-arg OMNIBUS_VERSION=$VERSION \ + -f Dockerfile.updater \ + . + - name: Log in to the Docker registry + run: | + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin + - name: Log in to GHCR + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Push latest image + run: | + docker push "$UPDATER_IMAGE:latest" + docker tag "$UPDATER_IMAGE:latest" "$UPDATER_IMAGE_MIRROR:latest" + docker push "$UPDATER_IMAGE_MIRROR:latest" + - name: Push tagged image + if: "contains(github.ref, 'refs/tags')" + run: | + VERSION="$(grep -Eo "[0-9]+\.[0-9]+\.[0-9]+" common/lib/dependabot/version.rb)" + docker tag "$UPDATER_IMAGE:latest" "$UPDATER_IMAGE:$VERSION" + docker push "$UPDATER_IMAGE:$VERSION" + docker tag "$UPDATER_IMAGE:latest" "$UPDATER_IMAGE_MIRROR:$VERSION" + docker push "$UPDATER_IMAGE_MIRROR:$VERSION" push-development-image: name: Push dependabot-core-development image to GHCR runs-on: ubuntu-latest diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml new file mode 100644 index 00000000000..38310d854c1 --- /dev/null +++ b/.github/workflows/smoke.yml @@ -0,0 +1,103 @@ +# Runs all ecosystems cached and concurrently. +name: Smoke + +on: + workflow_dispatch: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - docs/** + - README.md +env: + GH_TOKEN: ${{ secrets.E2E_PAT }} +jobs: + e2e: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + suite: + - actions + - bundler + - cargo + - composer + - docker + - elm + - go + - gradle + - hex + - maven + - npm + - nuget + - pip + - pip-compile + - pipenv + - poetry + - pub + - submodules + - terraform + steps: + - uses: actions/checkout@v3 + + - name: Download CLI and test + run: | + gh release download --repo dependabot/cli -p "*linux-amd64.tar.gz" + tar xzvf *.tar.gz >/dev/null 2>&1 + ./dependabot --version + URL=https://api.github.com/repos/dependabot/cli/contents/testdata/smoke-${{ matrix.suite }}.yaml + curl $(gh api $URL --jq .download_url) -o smoke.yaml + + # Download the Proxy cache. The job is ideally 100% cached so no real calls are made. + - name: Download cache + run: | + mkdir cache + cd cache + gh run download --repo dependabot/cli --name cache-${{ matrix.suite }} + + - name: GPR login + run: docker login docker.pkg.github.com -u x -p ${{secrets.GITHUB_TOKEN}} + - name: GHCR login + run: docker login ghcr.io -u x -p ${{ secrets.GITHUB_TOKEN }} + - name: Build dependabot-core image + env: + DOCKER_BUILDKIT: 1 + run: | + docker build \ + -t "dependabot/dependabot-core:latest" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from ghcr.io/dependabot/dependabot-core \ + . + - name: Build dependabot-updater image + env: + DOCKER_BUILDKIT: 1 + OMNIBUS_VERSION: latest + run: | + docker build \ + -t "dependabot/updater:latest" \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --cache-from ghcr.io/dependabot/dependabot-core \ + --cache-from ghcr.io/dependabot/dependabot-updater/dependabot-updater \ + --build-arg OMNIBUS_VERSION=$OMNIBUS_VERSION \ + -f Dockerfile.updater \ + . + + - name: ${{ matrix.suite }} + env: + LOCAL_GITHUB_ACCESS_TOKEN: ${{ secrets.E2E_PAT }} + run: | + set -o pipefail + ./dependabot test -f=smoke.yaml -o=result.yaml --cache=cache --timeout=20m --updater-image=dependabot/updater:latest 2>&1 | tee -a log.txt + + - name: Diff + if: always() + continue-on-error: true + run: diff --ignore-space-change smoke.yaml result.yaml && echo "Contents are identical" + + - name: Create summary + run: tail -n100 log.txt | grep -P '\d+/\d+ calls cached \(\d+%\)' >> $GITHUB_STEP_SUMMARY + + # No upload at the end: + # - If a test is uncachable in some regard, the cache would grow unbound. + # - We might want to consider erroring if the cache is changed. diff --git a/.gitignore b/.gitignore index 1192254f7fe..5f3ffb75763 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,8 @@ /dependabot-*.gem !bundler/spec/fixtures/projects/**/Gemfile.lock Gemfile.lock +!updater/spec/fixtures/**/Gemfile.lock +!updater/Gemfile.lock vendor !bundler/spec/fixtures/vendored_gems/vendor !common/spec/fixtures/projects/**/*/vendor diff --git a/Dockerfile.updater b/Dockerfile.updater new file mode 100644 index 00000000000..8354dedc374 --- /dev/null +++ b/Dockerfile.updater @@ -0,0 +1,58 @@ +ARG OMNIBUS_VERSION=required:fail_if_not_provided +FROM dependabot/dependabot-core:$OMNIBUS_VERSION + +ENV DEPENDABOT_HOME /home/dependabot + +RUN mkdir $DEPENDABOT_HOME/dependabot-updater + +COPY --chown=dependabot:dependabot updater/Gemfile updater/Gemfile.lock $DEPENDABOT_HOME/dependabot-updater/ + +COPY --chown=dependabot:dependabot .ruby-version ${DEPENDABOT_HOME}/.ruby-version +COPY --chown=dependabot:dependabot .rubocop.yml ${DEPENDABOT_HOME}/.rubocop.yml + +WORKDIR ${DEPENDABOT_HOME} +COPY --chown=dependabot:dependabot omnibus ${DEPENDABOT_HOME}/omnibus +COPY --chown=dependabot:dependabot git_submodules ${DEPENDABOT_HOME}/git_submodules +COPY --chown=dependabot:dependabot terraform ${DEPENDABOT_HOME}/terraform +COPY --chown=dependabot:dependabot github_actions ${DEPENDABOT_HOME}/github_actions +COPY --chown=dependabot:dependabot hex ${DEPENDABOT_HOME}/hex +COPY --chown=dependabot:dependabot elm ${DEPENDABOT_HOME}/elm +COPY --chown=dependabot:dependabot docker ${DEPENDABOT_HOME}/docker +COPY --chown=dependabot:dependabot nuget ${DEPENDABOT_HOME}/nuget +COPY --chown=dependabot:dependabot maven ${DEPENDABOT_HOME}/maven +COPY --chown=dependabot:dependabot gradle ${DEPENDABOT_HOME}/gradle +COPY --chown=dependabot:dependabot cargo ${DEPENDABOT_HOME}/cargo +COPY --chown=dependabot:dependabot composer ${DEPENDABOT_HOME}/composer +COPY --chown=dependabot:dependabot go_modules ${DEPENDABOT_HOME}/go_modules +COPY --chown=dependabot:dependabot python ${DEPENDABOT_HOME}/python +COPY --chown=dependabot:dependabot pub ${DEPENDABOT_HOME}/pub +COPY --chown=dependabot:dependabot npm_and_yarn ${DEPENDABOT_HOME}/npm_and_yarn +COPY --chown=dependabot:dependabot bundler ${DEPENDABOT_HOME}/bundler +COPY --chown=dependabot:dependabot common ${DEPENDABOT_HOME}/common + +WORKDIR $DEPENDABOT_HOME/dependabot-updater + +RUN bundle config set --local path 'vendor' && \ +bundle config set --local without 'development' && \ +bundle install + + +# START: HACKY WORKAROUND FOR NPM GIT INSTALLS SPAWNING CHILD PROCESS + +# TODO: Remove these hacks once we've deprecated npm 6 support as it no longer +# spwans a child process to npm install git dependencies. + +# Create the config file manually intead of using yarn/npm config set as this +# executes the package manager outputs to every job log +COPY --chown=dependabot:dependabot updater/config/.yarnrc updater/config/.npmrc $DEPENDABOT_HOME/ + +# END: HACKY WORKAROUND FOR NPM GIT INSTALLS SPAWNING CHILD PROCESS + +# Add project +COPY --chown=dependabot:dependabot updater /home/dependabot/dependabot-updater + +# Fix for git vulnerability since we run as root +# see https://github.blog/2022-04-12-git-security-vulnerability-announced/ +RUN git config --global --add safe.directory /home/dependabot/dependabot-updater/repo + +CMD ["bundle", "exec", "ruby", "bin/dependabot_update.rb"] diff --git a/script/_common b/script/_common new file mode 100755 index 00000000000..c645d290c03 --- /dev/null +++ b/script/_common @@ -0,0 +1,54 @@ +export LOCAL_IMAGE="dependabot/updater:latest" +export GPR_IMAGE="docker.pkg.github.com/dependabot/dependabot-updater/dependabot-updater" + +function docker_build() { + [[ -n "$SKIP_BUILD" ]] && return + + extract_version + + docker build $DOCKER_BUILD_ARGS -f Dockerfile.updater -t "$LOCAL_IMAGE" --build-arg OMNIBUS_VERSION=$OMNIBUS_VERSION . + + # Verify max layers; an AUFS limit that was _crucial_ on Heroku (but not now) + IMAGE_LAYERS=$(docker history -q "$LOCAL_IMAGE" | wc -l | sed -e 's/ //g') + echo "$LOCAL_IMAGE contains $IMAGE_LAYERS layers" + [[ $IMAGE_LAYERS -lt 126 ]] +} + +function docker_exec() { + docker_build + + appdir=$(cd $(dirname "$0")/../updater && pwd) + docker run --env "DEPENDABOT_TEST_ACCESS_TOKEN=$DEPENDABOT_TEST_ACCESS_TOKEN" \ + --rm \ + -v "$(pwd)/.:/home/dependabot/dependabot-updater:delegated" \ + -ti "$LOCAL_IMAGE" "$@" +} + +function docker_bundle_exec() { + docker_build + + VCR_ARGS="" + if [ -n "$VCR" ]; then + VCR_ARGS="--env \"VCR=$VCR\"" + fi + + appdir=$(cd $(dirname "$0")/../updater && pwd) + docker run --env "DEPENDABOT_TEST_ACCESS_TOKEN=$DEPENDABOT_TEST_ACCESS_TOKEN" \ + $VCR_ARGS \ + --rm \ + -v "$(pwd)/updater/spec/fixtures/vcr_cassettes:/home/dependabot/dependabot-updater/spec/fixtures/vcr_cassettes" \ + "$LOCAL_IMAGE" bundle exec "$@" +} + +function extract_version() { + if [ -z "$OMNIBUS_VERSION" ]; then + OMNIBUS_VERSION="$(grep 'dependabot-omnibus ([0-9]' Gemfile.lock | sed -e 's/^[ ]*//g' | sort | uniq | sed -e 's/.*(//g' -e 's/).*//g')" + export OMNIBUS_VERSION + + VERSION="$OMNIBUS_VERSION-$(git rev-parse HEAD)" + else + VERSION=$OMNIBUS_VERSION + fi + + export VERSION +} diff --git a/script/app-env b/script/app-env new file mode 100755 index 00000000000..509763c9461 --- /dev/null +++ b/script/app-env @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +docker_exec bash diff --git a/script/build b/script/build new file mode 100755 index 00000000000..d61f5948d1c --- /dev/null +++ b/script/build @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +export OMNIBUS_VERSION="latest" +docker_build diff --git a/script/ci-test-updater b/script/ci-test-updater new file mode 100755 index 00000000000..4bc4a4a59fd --- /dev/null +++ b/script/ci-test-updater @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +export OMNIBUS_VERSION="latest" +docker_bundle_exec rspec "$@" diff --git a/script/debug b/script/debug new file mode 100755 index 00000000000..4b5aaea06a1 --- /dev/null +++ b/script/debug @@ -0,0 +1,24 @@ +#!/bin/bash + +dependabot "$@" --debug \ + -v "$(pwd)"/.core-bash_history:/home/dependabot/.bash_history \ + -v "$(pwd)"/updater/bin:/home/dependabot/dependabot-updater/bin \ + -v "$(pwd)"/updater/lib:/home/dependabot/dependabot-updater/lib \ + -v "$(pwd)"/bin:/home/dependabot/bin \ + -v "$(pwd)"/bundler:/home/dependabot/bundler \ + -v "$(pwd)"/cargo:/home/dependabot/cargo \ + -v "$(pwd)"/common:/home/dependabot/common \ + -v "$(pwd)"/composer:/home/dependabot/composer \ + -v "$(pwd)"/docker:/home/dependabot/docker \ + -v "$(pwd)"/elm:/home/dependabot/elm \ + -v "$(pwd)"/git_submodules:/home/dependabot/git_submodules \ + -v "$(pwd)"/github_actions:/home/dependabot/github_actions \ + -v "$(pwd)"/go_modules:/home/dependabot/go_modules \ + -v "$(pwd)"/gradle:/home/dependabot/gradle \ + -v "$(pwd)"/hex:/home/dependabot/hex \ + -v "$(pwd)"/maven:/home/dependabot/maven \ + -v "$(pwd)"/npm_and_yarn:/home/dependabot/npm_and_yarn \ + -v "$(pwd)"/nuget:/home/dependabot/nuget \ + -v "$(pwd)"/pub:/home/dependabot/pub \ + -v "$(pwd)"/python:/home/dependabot/python \ + -v "$(pwd)"/terraform:/home/dependabot/terraform diff --git a/script/lint b/script/lint new file mode 100755 index 00000000000..5b50aba5de7 --- /dev/null +++ b/script/lint @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +export OMNIBUS_VERSION="latest" +docker_bundle_exec rubocop lib/ spec/ diff --git a/script/setup b/script/setup new file mode 100755 index 00000000000..1d45896deff --- /dev/null +++ b/script/setup @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +if [ -z "$GPR_TOKEN" ]; then + echo "Please set a value for GPR_TOKEN so you can download the dependency containers" + echo + echo "If required, generate a Personal Access Token with 'packages:read' permissions:" + echo " https://github.com/settings/tokens/new" + echo + exit 1 +fi + +# Log into GPR to pull downstream images +echo $GPR_TOKEN | docker login docker.pkg.github.com -u x --password-stdin +docker_build diff --git a/script/test b/script/test new file mode 100755 index 00000000000..f2a1be79619 --- /dev/null +++ b/script/test @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e +cd "$(dirname "$0")/.." +source script/_common + +docker_bundle_exec rspec "$@" diff --git a/updater/.rubocop.yml b/updater/.rubocop.yml new file mode 100644 index 00000000000..fc2019d46a3 --- /dev/null +++ b/updater/.rubocop.yml @@ -0,0 +1 @@ +inherit_from: ../.rubocop.yml diff --git a/updater/Brewfile b/updater/Brewfile new file mode 100644 index 00000000000..0b2c2e75395 --- /dev/null +++ b/updater/Brewfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +brew "awscli" +brew "awssume" +cask "docker" unless File.executable? "/usr/local/bin/docker" diff --git a/updater/CODEOWNERS b/updater/CODEOWNERS new file mode 100644 index 00000000000..248dab4bfd8 --- /dev/null +++ b/updater/CODEOWNERS @@ -0,0 +1 @@ +* @dependabot/maintainers diff --git a/updater/Gemfile b/updater/Gemfile new file mode 100644 index 00000000000..b8d8c169061 --- /dev/null +++ b/updater/Gemfile @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dependabot-bundler", path: "../bundler" +gem "dependabot-cargo", path: "../cargo" +gem "dependabot-common", path: "../common" +gem "dependabot-composer", path: "../composer" +gem "dependabot-docker", path: "../docker" +gem "dependabot-elm", path: "../elm" +gem "dependabot-github_actions", path: "../github_actions" +gem "dependabot-git_submodules", path: "../git_submodules" +gem "dependabot-go_modules", path: "../go_modules" +gem "dependabot-gradle", path: "../gradle" +gem "dependabot-hex", path: "../hex" +gem "dependabot-maven", path: "../maven" +gem "dependabot-npm_and_yarn", path: "../npm_and_yarn" +gem "dependabot-nuget", path: "../nuget" +gem "dependabot-pub", path: "../pub" +gem "dependabot-python", path: "../python" +gem "dependabot-terraform", path: "../terraform" + +gem "activesupport", "~> 6.1.4" +gem "http", "~> 4.1" +gem "octokit", "4.25.1" +gem "sentry-raven", "~> 3.1" +gem "terminal-table", "~> 3.0.2" + +group :test do + gem "byebug", "~> 11.1" + gem "rspec", "~> 3.11" + gem "rubocop", "~> 1.33.0" + gem "rubocop-performance", "~> 1.14.2" + gem "vcr", "~> 6.1" + gem "webmock", "~> 3.17" +end + +group :development do + gem "licensed", "~> 3.7", require: false +end diff --git a/updater/Gemfile.lock b/updater/Gemfile.lock new file mode 100644 index 00000000000..02d62fd4c9c --- /dev/null +++ b/updater/Gemfile.lock @@ -0,0 +1,325 @@ +PATH + remote: ../bundler + specs: + dependabot-bundler (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../cargo + specs: + dependabot-cargo (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../common + specs: + dependabot-common (0.211.0) + activesupport (>= 6.0.0) + aws-sdk-codecommit (~> 1.28) + aws-sdk-ecr (~> 1.5) + bundler (>= 1.16, < 3.0.0) + commonmarker (>= 0.20.1, < 0.24.0) + docker_registry2 (~> 1.11, >= 1.11.0) + excon (~> 0.75) + faraday (= 2.5.2) + gitlab (= 4.19.0) + nokogiri (~> 1.8) + octokit (>= 4.6, < 6.0) + parser (>= 2.5, < 4.0) + toml-rb (>= 1.1.2, < 3.0) + +PATH + remote: ../composer + specs: + dependabot-composer (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../docker + specs: + dependabot-docker (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../elm + specs: + dependabot-elm (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../git_submodules + specs: + dependabot-git_submodules (0.211.0) + dependabot-common (= 0.211.0) + parseconfig (~> 1.0, < 1.1.0) + +PATH + remote: ../github_actions + specs: + dependabot-github_actions (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../go_modules + specs: + dependabot-go_modules (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../gradle + specs: + dependabot-gradle (0.211.0) + dependabot-common (= 0.211.0) + dependabot-maven (= 0.211.0) + +PATH + remote: ../hex + specs: + dependabot-hex (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../maven + specs: + dependabot-maven (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../npm_and_yarn + specs: + dependabot-npm_and_yarn (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../nuget + specs: + dependabot-nuget (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../pub + specs: + dependabot-pub (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../python + specs: + dependabot-python (0.211.0) + dependabot-common (= 0.211.0) + +PATH + remote: ../terraform + specs: + dependabot-terraform (0.211.0) + dependabot-common (= 0.211.0) + +GEM + remote: https://rubygems.org/ + specs: + activesupport (6.1.4.4) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) + ast (2.4.2) + aws-eventstream (1.2.0) + aws-partitions (1.624.0) + aws-sdk-codecommit (1.51.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sdk-core (3.137.0) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.525.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1, >= 1.6.1) + aws-sdk-ecr (1.56.0) + aws-sdk-core (~> 3, >= 3.127.0) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.5.1) + aws-eventstream (~> 1, >= 1.0.2) + byebug (11.1.3) + citrus (3.0.2) + commonmarker (0.23.5) + concurrent-ruby (1.1.10) + crack (0.4.5) + rexml + diff-lcs (1.5.0) + docker_registry2 (1.12.0) + rest-client (>= 1.8.0) + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + dotenv (2.8.1) + excon (0.92.4) + faraday (2.5.2) + faraday-net_http (>= 2.0, < 3.1) + ruby2_keywords (>= 0.0.4) + faraday-net_http (3.0.0) + ffi (1.15.0) + ffi-compiler (1.0.1) + ffi (>= 1.0.0) + rake + gitlab (4.19.0) + httparty (~> 0.20) + terminal-table (>= 1.5.1) + hashdiff (1.0.1) + http (4.4.1) + addressable (~> 2.3) + http-cookie (~> 1.0) + http-form_data (~> 2.2) + http-parser (~> 1.2.0) + http-accept (1.7.0) + http-cookie (1.0.5) + domain_name (~> 0.5) + http-form_data (2.3.0) + http-parser (1.2.3) + ffi-compiler (>= 1.0, < 2.0) + httparty (0.20.0) + mime-types (~> 3.0) + multi_xml (>= 0.5.2) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + jmespath (1.6.1) + json (2.6.2) + licensed (3.7.3) + bundler (>= 1.10) + json (>= 2.6.2) + licensee (>= 9.15.2, < 10.0.0) + parallel (>= 0.18.0) + pathname-common_prefix (~> 0.0.1) + reverse_markdown (>= 1, < 3) + ruby-xxHash (~> 0.4) + thor (>= 0.19) + tomlrb (>= 1.2, < 3.0) + licensee (9.15.2) + dotenv (~> 2.0) + octokit (~> 4.20) + reverse_markdown (~> 1.0) + rugged (>= 0.24, < 2.0) + thor (>= 0.19, < 2.0) + mime-types (3.4.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2022.0105) + mini_portile2 (2.8.0) + minitest (5.16.3) + multi_xml (0.6.0) + netrc (0.11.0) + nokogiri (1.13.8) + mini_portile2 (~> 2.8.0) + racc (~> 1.4) + octokit (4.25.1) + faraday (>= 1, < 3) + sawyer (~> 0.9) + parallel (1.22.1) + parseconfig (1.0.8) + parser (3.1.2.1) + ast (~> 2.4.1) + pathname-common_prefix (0.0.1) + public_suffix (5.0.0) + racc (1.6.0) + rainbow (3.1.1) + rake (13.0.3) + regexp_parser (2.5.0) + rest-client (2.1.0) + http-accept (>= 1.7.0, < 2.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 4.0) + netrc (~> 0.8) + reverse_markdown (1.4.0) + nokogiri + rexml (3.2.5) + rspec (3.11.0) + rspec-core (~> 3.11.0) + rspec-expectations (~> 3.11.0) + rspec-mocks (~> 3.11.0) + rspec-core (3.11.0) + rspec-support (~> 3.11.0) + rspec-expectations (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-mocks (3.11.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.11.0) + rspec-support (3.11.0) + rubocop (1.33.0) + json (~> 2.3) + parallel (~> 1.10) + parser (>= 3.1.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.19.1, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.19.1) + parser (>= 3.1.1.0) + rubocop-performance (1.14.3) + rubocop (>= 1.7.0, < 2.0) + rubocop-ast (>= 0.4.0) + ruby-progressbar (1.11.0) + ruby-xxHash (0.4.0.2) + ruby2_keywords (0.0.5) + rugged (1.5.0.1) + sawyer (0.9.2) + addressable (>= 2.3.5) + faraday (>= 0.17.3, < 3) + sentry-raven (3.1.2) + faraday (>= 1.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + thor (1.2.1) + toml-rb (2.2.0) + citrus (~> 3.0, > 3.0) + tomlrb (2.0.3) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.8.2) + unicode-display_width (2.2.0) + vcr (6.1.0) + webmock (3.17.1) + addressable (>= 2.8.0) + crack (>= 0.3.2) + hashdiff (>= 0.4.0, < 2.0.0) + zeitwerk (2.6.0) + +PLATFORMS + ruby + +DEPENDENCIES + activesupport (~> 6.1.4) + byebug (~> 11.1) + dependabot-bundler! + dependabot-cargo! + dependabot-common! + dependabot-composer! + dependabot-docker! + dependabot-elm! + dependabot-git_submodules! + dependabot-github_actions! + dependabot-go_modules! + dependabot-gradle! + dependabot-hex! + dependabot-maven! + dependabot-npm_and_yarn! + dependabot-nuget! + dependabot-pub! + dependabot-python! + dependabot-terraform! + http (~> 4.1) + licensed (~> 3.7) + octokit (= 4.25.1) + rspec (~> 3.11) + rubocop (~> 1.33.0) + rubocop-performance (~> 1.14.2) + sentry-raven (~> 3.1) + terminal-table (~> 3.0.2) + vcr (~> 6.1) + webmock (~> 3.17) + +BUNDLED WITH + 2.2.20 diff --git a/updater/README.md b/updater/README.md new file mode 100644 index 00000000000..82ec90185a1 --- /dev/null +++ b/updater/README.md @@ -0,0 +1,67 @@ +# Dependabot Updater + +This is an internal component that GitHub uses to run Dependabot, it's not +considered useful outside of this internal usage, and we also are currently not +considering any contributions to this part of the codebase to make it more +generic. We do however use it to run some end-to-end tests against the rest of +the codebase, so we can ensure that things still work when we deploy them. + +This component communicates with an API that is only accessible inside the +GitHub network, and so is not generally accessible. + +## Setup + +You will need to provide the build a Personal Access Token to access the GitHub Package Registry to retrieve +dependency containers. + +[Create a token](https://github.com/settings/tokens/new) with the `packages:read` scope and set it in your environment +as `GPR_TOKEN` + +Run the setup script: + +``` +script/setup +``` + +## Tests + +We run [rspec](https://rspec.info/) tests inside a Docker container for this project: + +``` +script/test +``` + +You can run an individual test file like so: + +``` +script/test spec/dependabot/integration_spec.rb +``` + +### VCR + +In order to avoid network calls, we use [VCR](https://github.com/vcr/vcr) to maintain +fixtures for the remote services we interact with. + +If you are adding a new test that makes network calls, please ensure you record a new fixture. + +:warning: At time of writing, **our tests will not fail if a fixture is missing**. See: `spec/spec_helper.rb` + +#### Recording new fixtures + +If you've added a new test which has the `vcr: true` metadata, you can record a fixture for just those changes like so: + +``` +VCR=new_episodes DEPENDABOT_TEST_ACCESS_TOKEN= script/test +``` + +`DEPENDABOT_TEST_ACCESS_TOKEN` will need to be a Personal Access Token with the full `repo` scope. + +#### Updating existing fixtures + +If you need to upadate existing fixtures, you can use the `all` flag like so: + +``` +VCR=all DEPENDABOT_TEST_ACCESS_TOKEN= bundle exec rspec spec +``` + +As above, you will need a PAT with the full `repo` scope diff --git a/updater/bin/dependabot_update.rb b/updater/bin/dependabot_update.rb new file mode 100644 index 00000000000..bf3f8c49088 --- /dev/null +++ b/updater/bin/dependabot_update.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +$LOAD_PATH.unshift(__dir__ + "/../lib") + +require "raven" +require "dependabot/setup" +require "dependabot/end_to_end_job" + +class UpdaterKilledError < StandardError; end + +trap("TERM") do + puts "Received SIGTERM" + error = UpdaterKilledError.new("Updater process killed with SIGTERM") + extra = { update_job_id: ENV.fetch("DEPENDABOT_JOB_ID", nil) } + Raven.capture_exception(error, extra: extra) + exit +end + +begin + Dependabot::EndToEndJob.new.run +rescue Dependabot::RunFailure + exit 1 +end diff --git a/updater/bin/fetch_files.rb b/updater/bin/fetch_files.rb new file mode 100644 index 00000000000..7512a0ae2d8 --- /dev/null +++ b/updater/bin/fetch_files.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +$LOAD_PATH.unshift(__dir__ + "/../lib") + +$stdout.sync = true + +require "raven" +require "dependabot/setup" +require "dependabot/file_fetcher_job" + +class UpdaterKilledError < StandardError; end + +trap("TERM") do + puts "Received SIGTERM" + error = UpdaterKilledError.new("Updater process killed with SIGTERM") + extra = { update_job_id: ENV.fetch("DEPENDABOT_JOB_ID", nil) } + Raven.capture_exception(error, extra: extra) + exit +end + +begin + Dependabot::FileFetcherJob.new.run +rescue Dependabot::RunFailure + exit 1 +end diff --git a/updater/bin/run b/updater/bin/run new file mode 100755 index 00000000000..f4266e6b312 --- /dev/null +++ b/updater/bin/run @@ -0,0 +1,16 @@ +#!/bin/bash +set -e + +command="$1" +if [ -z "$command" ]; then + echo "usage: run [fetch_files|update_files]" + exit 1 +fi + +# Tell hex to use the system-wide CA bundle +export HEX_CACERTS_PATH=/etc/ssl/certs/ca-certificates.crt + +# Tell python to use the system-wide CA bundle +export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + +bundle exec ruby "bin/${command}.rb" diff --git a/updater/bin/update_files.rb b/updater/bin/update_files.rb new file mode 100644 index 00000000000..5be15203717 --- /dev/null +++ b/updater/bin/update_files.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +$LOAD_PATH.unshift(__dir__ + "/../lib") + +$stdout.sync = true + +require "raven" +require "dependabot/setup" +require "dependabot/update_files_job" + +class UpdaterKilledError < StandardError; end + +trap("TERM") do + puts "Received SIGTERM" + error = UpdaterKilledError.new("Updater process killed with SIGTERM") + extra = { update_job_id: ENV.fetch("DEPENDABOT_JOB_ID", nil) } + Raven.capture_exception(error, extra: extra) + exit +end + +begin + Dependabot::UpdateFilesJob.new.run + rescue Dependabot::RunFailure + exit 1 +end diff --git a/updater/config/.npmrc b/updater/config/.npmrc new file mode 100644 index 00000000000..601d250c1b7 --- /dev/null +++ b/updater/config/.npmrc @@ -0,0 +1,20 @@ +# TODO: Remove these hacks once we've deprecated npm 6 support as it no longer +# spwans a child process to npm install git dependencies. + +# Only set our custom CA cert for npm because the system ca's + our custom ca +# causes npm to blow up when installing git dependencies (E2BIG exception). This +# happens because the ca-file contents are passed as a cli argument to npm +# install from npm/cli/lib/pack.js as --ca="contents of ca file" - "ca" is +# populated automatically by npm when setting "--cafile" and passed through in +# when spawning the cli to install git dependencies. +cafile=/usr/local/share/ca-certificates/dbot-ca.crt +# Because npm doesn't pass through all npm config when doing git installs in +# npm/cli/lib/pack.js we also need to disable audit here to prevent npm from +# auditing git dependencies, we do this to sped up installs +audit=false +# Similarly, dry-run and ignore-scripts are also not passed through when doing +# git installs in npm/cli/lib/pack.js so we set dry-run and ignore-scripts to +# prevent any lifecycle hooks for git installs. dry-run disables "prepare" and +# "prepack" scripts, ignore-scripts disables all other scripts +dry-run=true +ignore-scripts=true diff --git a/updater/config/.yarnrc b/updater/config/.yarnrc new file mode 100644 index 00000000000..65545853fd0 --- /dev/null +++ b/updater/config/.yarnrc @@ -0,0 +1,6 @@ +# TODO: Remove these hacks once we've deprecated npm 6 support as it no longer +# spwans a child process to npm install git dependencies. +# yarn lockfile v1 + +# Tell yarn to use the system-wide CA bundle overriding the .npmrc cafile +cafile "/etc/ssl/certs/ca-certificates.crt" diff --git a/updater/config/licenses/config.yml b/updater/config/licenses/config.yml new file mode 100644 index 00000000000..8cc168822e2 --- /dev/null +++ b/updater/config/licenses/config.yml @@ -0,0 +1,39 @@ +name: dependabot-updater +cache_path: 'licenses' +sources: + bundler: true +allowed: + - apache-2.0 + - bsd-2-clause + - bsd-3-clause + - cc0-1.0 + - isc + - lgpl-3.0-only + - mit + - unlicense + - other +bundler: + without: + - development + - test +ignored: + bundler: + # Internal gems + - dependabot-omnibus + - dependabot-bundler + - dependabot-cargo + - dependabot-common + - dependabot-composer + - dependabot-docker + - dependabot-elm + - dependabot-git_submodules + - dependabot-github_actions + - dependabot-go_modules + - dependabot-gradle + - dependabot-hex + - dependabot-maven + - dependabot-npm_and_yarn + - dependabot-nuget + - dependabot-pub + - dependabot-python + - dependabot-terraform diff --git a/updater/lib/dependabot/api_client.rb b/updater/lib/dependabot/api_client.rb new file mode 100644 index 00000000000..4f9ebb88339 --- /dev/null +++ b/updater/lib/dependabot/api_client.rb @@ -0,0 +1,204 @@ +# frozen_string_literal: true + +require "http" +require "dependabot/job" + +module Dependabot + class ApiError < StandardError; end + + class ApiClient + # TODO: instantiate client with job_id? + def initialize(base_url, token) + @base_url = base_url + @token = token + end + + def get_job(job_id) + response = fetch_job_details_from_backend(job_id) + + # If the job has already been accessed then we can safely return quietly. + # This happens when the backend isn't sure if the updater has enqueued a + # job (because Heroku served a 500, for example) and enqueues a second to + # be on the safe side. + return if response.code == 400 && response.body.include?("been accessed") + + # For other errors from the backend, just raise. + raise ApiError, response.body if response.code >= 400 + + job_data = + response.parse["data"]["attributes"]. + transform_keys { |k| k.tr("-", "_").to_sym }. + slice( + :credentials, :dependencies, :package_manager, :ignore_conditions, + :existing_pull_requests, :source, :lockfile_only, :allowed_updates, + :update_subdependencies, :updating_a_pull_request, + :requirements_update_strategy, :security_advisories, + :vendor_dependencies, :security_updates_only + ) + + Job.new(job_data.merge(token: token)) + end + + def create_pull_request(job_id, dependencies, updated_dependency_files, + base_commit_sha, pr_message) + api_url = "#{base_url}/update_jobs/#{job_id}/create_pull_request" + data = create_pull_request_data(dependencies, updated_dependency_files, base_commit_sha, pr_message) + response = http_client.post(api_url, json: { data: data }) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def update_pull_request(job_id, dependencies, updated_dependency_files, + base_commit_sha) + api_url = "#{base_url}/update_jobs/#{job_id}/update_pull_request" + body = { + data: { + "dependency-names": dependencies.map(&:name), + "updated-dependency-files": updated_dependency_files, + "base-commit-sha": base_commit_sha + } + } + response = http_client.post(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def close_pull_request(job_id, dependency_name, reason) + api_url = "#{base_url}/update_jobs/#{job_id}/close_pull_request" + body = { data: { "dependency-names": dependency_name, reason: reason } } + response = http_client.post(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def record_update_job_error(job_id, error_type:, error_details:) + api_url = "#{base_url}/update_jobs/#{job_id}/record_update_job_error" + body = { + data: { + "error-type": error_type, + "error-details": error_details + } + } + response = http_client.post(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def mark_job_as_processed(job_id, base_commit_sha) + api_url = "#{base_url}/update_jobs/#{job_id}/mark_as_processed" + body = { data: { "base-commit-sha": base_commit_sha } } + response = http_client.patch(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def update_dependency_list(job_id, dependencies, dependency_files) + api_url = "#{base_url}/update_jobs/#{job_id}/update_dependency_list" + body = { + data: { + dependencies: dependencies, + dependency_files: dependency_files + } + } + response = http_client.post(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def record_package_manager_version(job_id, ecosystem, package_managers) + api_url = "#{base_url}/update_jobs/#{job_id}/record_package_manager_version" + body = { + data: { + ecosystem: ecosystem, + "package-managers": package_managers + } + } + response = http_client.post(api_url, json: body) + raise ApiError, response.body if response.code >= 400 + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + private + + attr_reader :token, :base_url + + def http_client + client = HTTP.auth(token) + proxy = URI(base_url).find_proxy + unless proxy.nil? + args = [proxy.host, proxy.port, proxy.user, proxy.password].compact + client = client.via(*args) + end + client + end + + def fetch_job_details_from_backend(job_id) + api_url = "#{base_url}/update_jobs/#{job_id}" + http_client.get(api_url) + rescue HTTP::ConnectionError, OpenSSL::SSL::SSLError + # Retry connection errors (which are almost certainly transitory) + retry_count ||= 0 + retry_count += 1 + raise if retry_count > 3 + + sleep(rand(3.0..10.0)) && retry + end + + def create_pull_request_data(dependencies, updated_dependency_files, base_commit_sha, pr_message) + data = { + dependencies: dependencies.map do |dep| + { + name: dep.name, + version: dep.version, + "previous-version": dep.previous_version, + requirements: dep.requirements, + "previous-requirements": dep.previous_requirements + } + end, + "updated-dependency-files": updated_dependency_files, + "base-commit-sha": base_commit_sha + } + return data unless pr_message + + data["commit-message"] = pr_message.commit_message + data["pr-title"] = pr_message.pr_name + data["pr-body"] = pr_message.pr_message + data + end + end +end diff --git a/updater/lib/dependabot/base_job.rb b/updater/lib/dependabot/base_job.rb new file mode 100644 index 00000000000..e816b47db2e --- /dev/null +++ b/updater/lib/dependabot/base_job.rb @@ -0,0 +1,117 @@ +# frozen_string_literal: true + +require "raven" +require "dependabot/api_client" +require "dependabot/service" +require "dependabot/logger" +require "dependabot/python" +require "dependabot/terraform" +require "dependabot/elm" +require "dependabot/docker" +require "dependabot/git_submodules" +require "dependabot/github_actions" +require "dependabot/composer" +require "dependabot/nuget" +require "dependabot/gradle" +require "dependabot/maven" +require "dependabot/hex" +require "dependabot/cargo" +require "dependabot/go_modules" +require "dependabot/npm_and_yarn" +require "dependabot/bundler" +require "dependabot/pub" +require "dependabot/environment" + +module Dependabot + class RunFailure < StandardError; end + + class BaseJob + # Implement in subclass + def perform_job + raise NotImplementedError + end + + # Implement in subclass + def job + raise NotImplementedError + end + + # Implement in subclass + def base_commit_sha + raise NotImplementedError + end + + # TODO: Avoid rescuing StandardError at this point in the code + # + # This means that exceptions in tests can occasionally be swallowed + # and we must rely on reading RSpec output to detect certain problems. + def run + logger_info("Starting job processing") + perform_job + logger_info("Finished job processing") + rescue StandardError => e + handle_exception(e) + service.mark_job_as_processed(job_id, base_commit_sha) + ensure + Dependabot.logger.info(service.summary) unless service.noop? + raise Dependabot::RunFailure if Dependabot::Environment.github_actions? && service.failure? + end + + def handle_exception(err) + logger_error(err.message) + err.backtrace.each { |line| logger_error(line) } + + Raven.capture_exception(err, raven_context) + + service.record_update_job_error( + job_id, + error_type: "unknown_error", + error_details: { message: err.message } + ) + end + + def job_id + Environment.job_id + end + + def api_url + Environment.api_url + end + + def token + Environment.token + end + + def api_client + @api_client ||= Dependabot::ApiClient.new(api_url, token) + end + + def service + @service ||= Dependabot::Service.new(client: api_client) + end + + private + + def logger_info(message) + Dependabot.logger.info(prefixed_log_message(message)) + end + + def logger_error(message) + Dependabot.logger.error(prefixed_log_message(message)) + end + + def prefixed_log_message(message) + message.lines.map { |line| [log_prefix, line].join(" ") }.join + end + + def log_prefix + "" if job_id + end + + def raven_context + context = { tags: {}, extra: { update_job_id: job_id } } + context[:tags][:package_manager] = job.package_manager if job + context + end + end +end diff --git a/updater/lib/dependabot/end_to_end_job.rb b/updater/lib/dependabot/end_to_end_job.rb new file mode 100644 index 00000000000..f0c60a99970 --- /dev/null +++ b/updater/lib/dependabot/end_to_end_job.rb @@ -0,0 +1,119 @@ +# frozen_string_literal: true + +require "dependabot/base_job" +require "dependabot/updater" + +module Dependabot + class EndToEndJob < BaseJob + def perform_job + begin + base_commit_sha + dependency_files + rescue StandardError => e + logger_error("Error during file fetching; aborting") + handle_file_fetcher_error(e) + service.mark_job_as_processed(job_id, base_commit_sha) + return + end + + Dependabot::Updater.new( + service: service, + job_id: job_id, + job: job, + dependency_files: dependency_files, + base_commit_sha: base_commit_sha, + repo_contents_path: Environment.repo_contents_path + ).run + + service.mark_job_as_processed(job_id, base_commit_sha) + end + + def job + @job ||= service.get_job(job_id) + end + + private + + def dependency_files + file_fetcher.files + rescue Octokit::BadGateway + @file_fetcher_retries ||= 0 + @file_fetcher_retries += 1 + @file_fetcher_retries <= 2 ? retry : raise + end + + def base_commit_sha + @base_commit_sha ||= file_fetcher.commit || "unknown" + rescue StandardError + # If an error occurs, set the commit SHA instance variable (so that we + # don't raise when recording the error later) and re-raise + @base_commit_sha = "unknown" + raise + end + + def file_fetcher + @file_fetcher ||= + Dependabot::FileFetchers.for_package_manager(job.package_manager).new( + source: job.source, + credentials: job.credentials + ) + end + + # rubocop:disable Metrics/MethodLength + def handle_file_fetcher_error(error) + error_details = + case error + when Dependabot::BranchNotFound + { + "error-type": "branch_not_found", + "error-detail": { "branch-name": error.branch_name } + } + when Dependabot::RepoNotFound + # This happens if the repo gets removed after a job gets kicked off. + # The main backend will handle it without any prompt from the updater, + # so no need to add an error to the errors array + nil + when Dependabot::DependencyFileNotParseable + { + "error-type": "dependency_file_not_parseable", + "error-detail": { + message: error.message, + "file-path": error.file_path + } + } + when Dependabot::DependencyFileNotFound + { + "error-type": "dependency_file_not_found", + "error-detail": { "file-path": error.file_path } + } + when Dependabot::PathDependenciesNotReachable + { + "error-type": "path_dependencies_not_reachable", + "error-detail": { dependencies: error.dependencies } + } + when Octokit::ServerError + # If we get a 500 from GitHub there's very little we can do about it, + # and responsibility for fixing it is on them, not us. As a result we + # quietly log these as errors + { "error-type": "unknown_error" } + else + logger_error error.message + error.backtrace.each { |line| logger_error line } + Raven.capture_exception(error, raven_context) + + { "error-type": "unknown_error" } + end + + record_error(error_details) if error_details + end + + # rubocop:enable Metrics/MethodLength + def record_error(error_details) + service.record_update_job_error( + job_id, + error_type: error_details.fetch(:"error-type"), + error_details: error_details[:"error-detail"] + ) + end + end +end diff --git a/updater/lib/dependabot/environment.rb b/updater/lib/dependabot/environment.rb new file mode 100644 index 00000000000..8bdf307edbe --- /dev/null +++ b/updater/lib/dependabot/environment.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +module Dependabot + module Environment + def self.job_id + @job_id ||= environment_variable("DEPENDABOT_JOB_ID") + end + + def self.token + @token ||= environment_variable("DEPENDABOT_JOB_TOKEN") + end + + def self.api_url + default = "http://localhost:3001" + @api_url ||= environment_variable("DEPENDABOT_API_URL", default) + end + + def self.job_path + @job_path ||= environment_variable("DEPENDABOT_JOB_PATH") + end + + def self.output_path + @output_path ||= environment_variable("DEPENDABOT_OUTPUT_PATH") + end + + def self.repo_contents_path + @repo_contents_path ||= environment_variable("DEPENDABOT_REPO_CONTENTS_PATH", nil) + end + + def self.github_actions? + @github_actions ||= environment_variable("GITHUB_ACTIONS", false) + end + + def self.environment_variable(variable_name, default = :_undefined) + return ENV.fetch(variable_name, default) unless default == :_undefined + + ENV.fetch(variable_name) do + raise ArgumentError, "Missing environment variable #{variable_name}" + end + end + + private_class_method :environment_variable + end +end diff --git a/updater/lib/dependabot/file_fetcher_job.rb b/updater/lib/dependabot/file_fetcher_job.rb new file mode 100644 index 00000000000..9bec3565965 --- /dev/null +++ b/updater/lib/dependabot/file_fetcher_job.rb @@ -0,0 +1,223 @@ +# frozen_string_literal: true + +require "base64" +require "dependabot/base_job" +require "dependabot/updater" +require "octokit" + +module Dependabot + class FileFetcherJob < BaseJob + def perform_job + begin + connectivity_check if ENV["ENABLE_CONNECTIVITY_CHECK"] == "1" + base_commit_sha + dependency_files + clone_repo_contents + rescue StandardError => e + if Octokit::RATE_LIMITED_ERRORS.include?(e.class) + remaining = rate_limit_error_remaining(e) + logger_error("Repository is rate limited, attempting to retry in " \ + "#{remaining}s") + else + logger_error("Error during file fetching; aborting") + end + handle_file_fetcher_error(e) + service.mark_job_as_processed(job_id, base_commit_sha) + clear_repo_contents_path + return + end + + File.write(Environment.output_path, JSON.dump( + base64_dependency_files: base64_dependency_files.map(&:to_h), + base_commit_sha: base_commit_sha + )) + + save_job_details + end + + def save_job_details + return unless ENV["UPDATER_ONE_CONTAINER"] + + File.write(Environment.job_path, JSON.dump( + base64_dependency_files: base64_dependency_files.map(&:to_h), + base_commit_sha: base_commit_sha, + job: job_definition["job"] + )) + end + + def dependency_files + file_fetcher.files + rescue Octokit::BadGateway + @file_fetcher_retries ||= 0 + @file_fetcher_retries += 1 + @file_fetcher_retries <= 2 ? retry : raise + end + + def clone_repo_contents + return unless job.clone? + + file_fetcher.clone_repo_contents + end + + def base64_dependency_files + dependency_files.map do |file| + base64_file = file.dup + base64_file.content = Base64.encode64(file.content) unless file.binary? + base64_file + end + end + + def job + attrs = + job_definition["job"]. + transform_keys { |key| key.tr("-", "_") }. + transform_keys(&:to_sym). + slice( + :dependencies, :package_manager, :ignore_conditions, + :existing_pull_requests, :source, :lockfile_only, :allowed_updates, + :update_subdependencies, :updating_a_pull_request, + :requirements_update_strategy, :security_advisories, + :vendor_dependencies, :experiments, :reject_external_code, + :commit_message_options, :security_updates_only + ) + + @job ||= Job.new(attrs) + end + + def base_commit_sha + @base_commit_sha ||= file_fetcher.commit || "unknown" + rescue StandardError + # If an error occurs, set the commit SHA instance variable (so that we + # don't raise when recording the error later) and re-raise + @base_commit_sha = "unknown" + raise + end + + def file_fetcher + args = { + source: job.source, + credentials: job_definition.fetch("credentials", []), + options: job.experiments + } + args[:repo_contents_path] = Environment.repo_contents_path if job.clone? + @file_fetcher ||= + Dependabot::FileFetchers.for_package_manager(job.package_manager). + new(**args) + end + + def clear_repo_contents_path + # Remove the contents of the repo_contents_path, as these files are owned + # by the root user and will cause a permission error if left in place when + # we try to remove the directory. + # The `secure` flag ensures that we do not remove any symlinks, which + # could be exploited. + return unless job.clone? + + FileUtils.rm_rf("#{Environment.repo_contents_path}/.", secure: true) + end + + # rubocop:disable Metrics/MethodLength + def handle_file_fetcher_error(error) + error_details = + case error + when Dependabot::BranchNotFound + { + "error-type": "branch_not_found", + "error-detail": { "branch-name": error.branch_name } + } + when Dependabot::RepoNotFound + # This happens if the repo gets removed after a job gets kicked off. + # This also happens when a configured personal access token is not authz'd to fetch files from the job repo. + { + "error-type": "job_repo_not_found", + "error-detail": {} + } + when Dependabot::DependencyFileNotParseable + { + "error-type": "dependency_file_not_parseable", + "error-detail": { + message: error.message, + "file-path": error.file_path + } + } + when Dependabot::DependencyFileNotFound + { + "error-type": "dependency_file_not_found", + "error-detail": { "file-path": error.file_path } + } + when Dependabot::PathDependenciesNotReachable + { + "error-type": "path_dependencies_not_reachable", + "error-detail": { dependencies: error.dependencies } + } + when Octokit::Unauthorized + { "error-type": "octokit_unauthorized" } + when *Octokit::RATE_LIMITED_ERRORS + # If we get a rate-limited error we let dependabot-api handle the + # retry by re-enqueing the update job after the reset + { + "error-type": "octokit_rate_limited", + "error-detail": { + "rate-limit-reset": error.response_headers["X-RateLimit-Reset"] + } + } + when Octokit::ServerError + # If we get a 500 from GitHub there's very little we can do about it, + # and responsibility for fixing it is on them, not us. As a result we + # quietly log these as errors + { "error-type": "unknown_error" } + else + logger_error error.message + error.backtrace.each { |line| logger_error line } + Raven.capture_exception(error, raven_context) + + { "error-type": "unknown_error" } + end + + record_error(error_details) if error_details + end + + # rubocop:enable Metrics/MethodLength + def rate_limit_error_remaining(error) + # Time at which the current rate limit window resets in UTC epoch secs. + expires_at = error.response_headers["X-RateLimit-Reset"].to_i + remaining = Time.at(expires_at) - Time.now + remaining.positive? ? remaining : 0 + end + + def job_definition + @job_definition ||= JSON.parse(File.read(Environment.job_path)) + end + + def record_error(error_details) + service.record_update_job_error( + job_id, + error_type: error_details.fetch(:"error-type"), + error_details: error_details[:"error-detail"] + ) + end + + # Perform a debug check of connectivity to GitHub/GHES. This also ensures + # connectivity through the proxy is established which can take 10-15s on + # the first request in some customer's environments. + def connectivity_check + logger_info("Connectivity check starting") + github_connectivity_client(job).repository(job.source.repo) + logger_info("Connectivity check successful") + rescue StandardError => e + logger_error("Connectivity check failed: #{e.message}") + end + + def github_connectivity_client(job) + Octokit::Client.new({ + api_endpoint: job.source.api_endpoint, + connection_options: { + request: { + open_timeout: 20, + timeout: 5 + } + } + }) + end + end +end diff --git a/updater/lib/dependabot/instrumentation.rb b/updater/lib/dependabot/instrumentation.rb new file mode 100644 index 00000000000..e32fc4237b4 --- /dev/null +++ b/updater/lib/dependabot/instrumentation.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +require "dependabot/api_client" +require "dependabot/notifications" +require "active_support/notifications" +require "dependabot/environment" + +Dependabot.subscribe(Dependabot::Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED) do |*args| + event = ActiveSupport::Notifications::Event.new(*args) + ecosystem = event.payload[:ecosystem] + package_managers = event.payload[:package_managers] + + next unless ecosystem && package_managers + + Dependabot::ApiClient.new(Dependabot::Environment.api_url, Dependabot::Environment.token). + record_package_manager_version( + Dependabot::Environment.job_id, ecosystem, package_managers + ) +end diff --git a/updater/lib/dependabot/job.rb b/updater/lib/dependabot/job.rb new file mode 100644 index 00000000000..958919e5436 --- /dev/null +++ b/updater/lib/dependabot/job.rb @@ -0,0 +1,180 @@ +# frozen_string_literal: true + +require "dependabot/source" +require "wildcard_matcher" + +module Dependabot + class Job + TOP_LEVEL_DEPENDENCY_TYPES = %w(direct production development).freeze + + attr_reader :token, :dependencies, :package_manager, :ignore_conditions, + :existing_pull_requests, :source, :credentials, + :requirements_update_strategy, :security_advisories, + :allowed_updates, :vendor_dependencies, :security_updates_only + + # NOTE: "attributes" are fetched and injected at run time from both + # dependabot-api and dependabot-backend using the UpdateJobPrivateSerializer + def initialize(attributes) + @allowed_updates = attributes.fetch(:allowed_updates) + @commit_message_options = attributes.fetch(:commit_message_options, {}) + @credentials = attributes.fetch(:credentials, []) + @dependencies = attributes.fetch(:dependencies) + @existing_pull_requests = attributes.fetch(:existing_pull_requests) + @experiments = attributes.fetch(:experiments, {}) + @ignore_conditions = attributes.fetch(:ignore_conditions) + @lockfile_only = attributes.fetch(:lockfile_only) + @package_manager = attributes.fetch(:package_manager) + @reject_external_code = attributes.fetch(:reject_external_code, false) + @requirements_update_strategy = attributes.fetch(:requirements_update_strategy) + @security_advisories = attributes.fetch(:security_advisories) + @security_updates_only = attributes.fetch(:security_updates_only) + @source = build_source(attributes.fetch(:source)) + @token = attributes.fetch(:token, nil) + @update_subdependencies = attributes.fetch(:update_subdependencies) + @updating_a_pull_request = attributes.fetch(:updating_a_pull_request) + @vendor_dependencies = attributes.fetch(:vendor_dependencies, false) + end + + def clone? + vendor_dependencies? || + Dependabot::Utils.always_clone_for_package_manager?(@package_manager) + end + + def lockfile_only? + @lockfile_only + end + + def updating_a_pull_request? + @updating_a_pull_request + end + + def update_subdependencies? + @update_subdependencies + end + + def security_updates_only? + @security_updates_only + end + + def vendor_dependencies? + @vendor_dependencies + end + + def reject_external_code? + @reject_external_code + end + + def build_pull_request_message? + experiments.fetch(:build_pull_request_message, false) + end + + # rubocop:disable Metrics/PerceivedComplexity + def allowed_update?(dependency) + allowed_updates.any? do |update| + # Check the update-type (defaulting to all) + update_type = update.fetch("update-type", "all") + # NOTE: Preview supports specifying a "security" update type whereas + # native will say "security-updates-only" + security_update = update_type == "security" || security_updates_only? + next false if security_update && !vulnerable?(dependency) + + # Check the dependency-name (defaulting to matching) + condition_name = update.fetch("dependency-name", dependency.name) + next false unless name_match?(condition_name, dependency.name) + + # Check the dependency-type (defaulting to all) + dep_type = update.fetch("dependency-type", "all") + next false if dep_type == "indirect" && + dependency.requirements.any? + # In dependabot-api, dependency-type is defaulting to "direct" not "all". Ignoring + # that field for security updates, since it should probably be "all". + next false if !security_updates_only && + dependency.requirements.none? && + TOP_LEVEL_DEPENDENCY_TYPES.include?(dep_type) + next false if dependency.production? && dep_type == "development" + next false if !dependency.production? && dep_type == "production" + + true + end + end + # rubocop:enable Metrics/PerceivedComplexity + + def vulnerable?(dependency) + security_advisories = security_advisories_for(dependency) + return false if security_advisories.none? + + # Can't (currently) detect whether dependencies without a version + # (i.e., for repos without a lockfile) are vulnerable + return false unless dependency.version + + # Can't (currently) detect whether git dependencies are vulnerable + version_class = + Dependabot::Utils. + version_class_for_package_manager(dependency.package_manager) + return false unless version_class.correct?(dependency.version) + + version = version_class.new(dependency.version) + security_advisories.any? { |a| a.vulnerable?(version) } + end + + def security_fix?(dependency) + security_advisories_for(dependency).any? { |a| a.fixed_by?(dependency) } + end + + def name_normaliser + Dependabot::Dependency. + name_normaliser_for_package_manager(package_manager) + end + + def experiments + return {} unless @experiments + + @experiments. + transform_keys { |key| key.tr("-", "_") }. + transform_keys(&:to_sym) + end + + def commit_message_options + return {} unless @commit_message_options + + @commit_message_options. + transform_keys { |key| key.tr("-", "_") }. + transform_keys(&:to_sym). + compact + end + + private + + def name_match?(name1, name2) + WildcardMatcher.match?( + name_normaliser.call(name1), + name_normaliser.call(name2) + ) + end + + def build_source(source_details) + Dependabot::Source.new( + **source_details.transform_keys { |k| k.tr("-", "_").to_sym } + ) + end + + def security_advisories_for(dep) + relevant_advisories = + security_advisories. + select { |adv| adv.fetch("dependency-name").casecmp(dep.name).zero? } + + relevant_advisories.map do |adv| + vulnerable_versions = adv["affected-versions"] || [] + safe_versions = (adv["patched-versions"] || []) + + (adv["unaffected-versions"] || []) + + Dependabot::SecurityAdvisory.new( + dependency_name: dep.name, + package_manager: package_manager, + vulnerable_versions: vulnerable_versions, + safe_versions: safe_versions + ) + end + end + end +end diff --git a/updater/lib/dependabot/sentry.rb b/updater/lib/dependabot/sentry.rb new file mode 100644 index 00000000000..f402618e27d --- /dev/null +++ b/updater/lib/dependabot/sentry.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +require "raven" + +# ExceptionSanitizer filters potential secrets/PII from exception payloads +class ExceptionSanitizer < Raven::Processor + REPO = %r{[\w.\-]+/([\w.\-]+)}.freeze + PATTERNS = { + auth_token: /(?:authorization|bearer):? (\w+)/i, + repo: %r{api\.github\.com/repos/#{REPO}|github\.com/#{REPO}} + }.freeze + + def process(data) + return data unless data[:exception] && data[:exception][:values] + + data[:exception][:values] = data[:exception][:values].map do |e| + PATTERNS.each do |key, regex| + next unless (matches = e[:value].scan(regex)) + + matches.flatten.compact.each do |match| + e[:value] = e[:value].gsub(match, "[FILTERED_#{key.to_s.upcase}]") + end + end + e + end + + data + end +end diff --git a/updater/lib/dependabot/service.rb b/updater/lib/dependabot/service.rb new file mode 100644 index 00000000000..b7a609cb7d5 --- /dev/null +++ b/updater/lib/dependabot/service.rb @@ -0,0 +1,97 @@ +# frozen_string_literal: true + +require "terminal-table" +require "dependabot/api_client" + +# Wraps an API client with the current state of communications with the Dependabot Service +# and provides an interface to summarise all actions taken. +# +module Dependabot + class Service + attr_reader :client, :events, :pull_requests, :errors + + def initialize(client:) + @client = client + @pull_requests = [] + @errors = [] + end + + delegate :get_job, :mark_job_as_processed, :update_dependency_list, :record_package_manager_version, to: :@client + + def create_pull_request(job_id, dependencies, updated_dependency_files, base_commit_sha, pr_message) + client.create_pull_request(job_id, dependencies, updated_dependency_files, base_commit_sha, pr_message) + @pull_requests << [humanize(dependencies), :created] + end + + def update_pull_request(job_id, dependencies, updated_dependency_files, base_commit_sha) + client.update_pull_request(job_id, dependencies, updated_dependency_files, base_commit_sha) + @pull_requests << [humanize(dependencies), :updated] + end + + def close_pull_request(job_id, dependency_name, reason) + client.close_pull_request(job_id, dependency_name, reason) + @pull_requests << [dependency_name, "closed: #{reason}"] + end + + def record_update_job_error(job_id, error_type:, error_details:) + @errors << error_type.to_s + client.record_update_job_error(job_id, error_type: error_type, error_details: error_details) + end + + def noop? + pull_requests.empty? && errors.empty? + end + + def failure? + errors.any? + end + + # Example output: + # + # +----------------------------+-----------------------------------+ + # | Changes to Dependabot Pull Requests | + # +----------------------------+-----------------------------------+ + # | created | package-a ( from 1.0.0 to 1.0.1 ) | + # | updated | package-b ( from 1.1.0 to 1.2.1 ) | + # | closed:dependency-removed | package-c | + # +----------------------------+-----------------------------------+ + # + def summary + return if noop? + + [ + "Results:", + pull_request_summary, + error_summary + ].compact.join("\n") + end + + private + + def pull_request_summary + return unless pull_requests.any? + + Terminal::Table.new do |t| + t.title = "Changes to Dependabot Pull Requests" + t.rows = pull_requests.map { |deps, action| [action, truncate(deps)] } + end + end + + def error_summary + return unless errors.any? + + "Dependabot encountered '#{errors.length}' error(s) during execution, please check the logs for more details." + end + + def truncate(string, max: 120) + snip = max - 3 + string.length > max ? "#{string[0...snip]}..." : string + end + + def humanize(dependencies) + dependencies.map do |dependency| + "#{dependency.name} ( from #{dependency.previous_version} to #{dependency.version} )" + end.join(", ") + end + end +end diff --git a/updater/lib/dependabot/setup.rb b/updater/lib/dependabot/setup.rb new file mode 100644 index 00000000000..40d617551a8 --- /dev/null +++ b/updater/lib/dependabot/setup.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +# Heroku's ruby buildpack freezes the Gemfile to prevent accidental damage +# However, we actually *want* to manipulate Gemfiles for other repos. +Bundler.settings.set_command_option(:frozen, "0") + +require "dependabot/sentry" +Raven.configure do |config| + config.processors += [ExceptionSanitizer] +end + +require "logger" +require "dependabot/logger" + +class LoggerFormatter < Logger::Formatter + # Strip out timestamps as these are included in the runner's logger + def call(severity, _datetime, _progname, msg) + "#{severity} #{msg2str(msg)}\n" + end +end + +Dependabot.logger = Logger.new($stdout).tap do |logger| + logger.formatter = LoggerFormatter.new +end + +# We configure `Dependabot::Utils.register_always_clone` for some ecosystems. In +# order for that configuration to take effect, we need to make sure that these +# registration commands have been executed. +require "dependabot/python" +require "dependabot/terraform" +require "dependabot/elm" +require "dependabot/docker" +require "dependabot/git_submodules" +require "dependabot/github_actions" +require "dependabot/composer" +require "dependabot/nuget" +require "dependabot/gradle" +require "dependabot/maven" +require "dependabot/hex" +require "dependabot/cargo" +require "dependabot/go_modules" +require "dependabot/npm_and_yarn" +require "dependabot/bundler" +require "dependabot/pub" + +require "dependabot/instrumentation" diff --git a/updater/lib/dependabot/update_files_job.rb b/updater/lib/dependabot/update_files_job.rb new file mode 100644 index 00000000000..1e079a7b45f --- /dev/null +++ b/updater/lib/dependabot/update_files_job.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: true + +require "base64" +require "dependabot/base_job" +require "dependabot/updater" + +module Dependabot + class UpdateFilesJob < BaseJob + def perform_job + Dependabot::Updater.new( + service: service, + job_id: job_id, + job: job, + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + base_commit_sha: base_commit_sha + ).run + + service.mark_job_as_processed(job_id, base_commit_sha) + end + + def job + attrs = + job_definition["job"]. + transform_keys { |key| key.tr("-", "_") }. + transform_keys(&:to_sym). + tap { |h| h[:credentials] = h.delete(:credentials_metadata) || [] }. + slice( + :dependencies, :package_manager, :ignore_conditions, + :existing_pull_requests, :source, :lockfile_only, :allowed_updates, + :update_subdependencies, :updating_a_pull_request, :credentials, + :requirements_update_strategy, :security_advisories, + :vendor_dependencies, :experiments, :reject_external_code, + :commit_message_options, :security_updates_only + ) + + @job ||= Job.new(attrs) + end + + def dependency_files + @dependency_files ||= + job_definition["base64_dependency_files"].map do |a| + file = Dependabot::DependencyFile.new(**a.transform_keys(&:to_sym)) + file.content = Base64.decode64(file.content).force_encoding("utf-8") unless file.binary? && !file.deleted? + file + end + end + + def repo_contents_path + return nil unless job.clone? + + Environment.repo_contents_path + end + + def base_commit_sha + job_definition["base_commit_sha"] + end + + def job_definition + @job_definition ||= JSON.parse(File.read(Environment.job_path)) + end + end +end diff --git a/updater/lib/dependabot/updater.rb b/updater/lib/dependabot/updater.rb new file mode 100644 index 00000000000..d0db0c10dc8 --- /dev/null +++ b/updater/lib/dependabot/updater.rb @@ -0,0 +1,1036 @@ +# frozen_string_literal: true + +require "raven" +require "dependabot/config/ignore_condition" +require "dependabot/config/update_config" +require "dependabot/environment" +require "dependabot/file_fetchers" +require "dependabot/file_parsers" +require "dependabot/file_updaters" +require "dependabot/logger" +require "dependabot/python" +require "dependabot/terraform" +require "dependabot/elm" +require "dependabot/docker" +require "dependabot/git_submodules" +require "dependabot/github_actions" +require "dependabot/composer" +require "dependabot/nuget" +require "dependabot/gradle" +require "dependabot/maven" +require "dependabot/hex" +require "dependabot/cargo" +require "dependabot/go_modules" +require "dependabot/npm_and_yarn" +require "dependabot/bundler" +require "dependabot/pub" + +require "dependabot/security_advisory" +require "dependabot/update_checkers" +require "wildcard_matcher" + +# rubocop:disable Metrics/ClassLength +module Dependabot + class Updater + class SubprocessFailed < StandardError; end + + # These are errors that halt the update run and are handled in the main + # backend. They do *not* raise a sentry. + RUN_HALTING_ERRORS = { + Dependabot::OutOfDisk => "out_of_disk", + Dependabot::OutOfMemory => "out_of_memory", + Dependabot::AllVersionsIgnored => "all_versions_ignored", + Dependabot::UnexpectedExternalCode => "unexpected_external_code", + Errno::ENOSPC => "out_of_disk", + Octokit::Unauthorized => "octokit_unauthorized" + }.freeze + + def initialize(service:, job_id:, job:, dependency_files:, + base_commit_sha:, repo_contents_path:) + @service = service + @job_id = job_id + @job = job + @dependency_files = dependency_files + @base_commit_sha = base_commit_sha + @repo_contents_path = repo_contents_path + @errors = [] + @created_pull_requests = [] + end + + # rubocop:disable Metrics/AbcSize + # rubocop:disable Metrics/PerceivedComplexity + def run + return unless job + + if job.updating_a_pull_request? + logger_info("Starting PR update job for #{job.source.repo}") + check_and_update_existing_pr_with_error_handling(dependencies) + else + logger_info("Starting update job for #{job.source.repo}") + if ENV["UPDATER_DETERMINISTIC"] + dependencies.each { |dep| check_and_create_pr_with_error_handling(dep) } + else + dependencies.shuffle.each { |dep| check_and_create_pr_with_error_handling(dep) } + end + end + rescue *RUN_HALTING_ERRORS.keys => e + if e.is_a?(Dependabot::AllVersionsIgnored) && !job.security_updates_only? + error = StandardError.new( + "Dependabot::AllVersionsIgnored was unexpectedly raised for a non-security update job" + ) + error.set_backtrace(e.backtrace) + Raven.capture_exception(error, raven_context) + return + end + + # OOM errors are special cased so that we stop the update run early + error = { "error-type": RUN_HALTING_ERRORS.fetch(e.class) } + record_error(error) + ensure + clear_repo_contents_path + end + # rubocop:enable Metrics/AbcSize + # rubocop:enable Metrics/PerceivedComplexity + + private + + attr_accessor :errors, :created_pull_requests + attr_reader :service, :job_id, :job, :dependency_files, :base_commit_sha, + :repo_contents_path + + def check_and_create_pr_with_error_handling(dependency) + check_and_create_pull_request(dependency) + rescue Dependabot::InconsistentRegistryResponse => e + log_error( + dependency: dependency, + error: e, + error_type: "inconsistent_registry_response", + error_detail: e.message + ) + rescue StandardError => e + raise if RUN_HALTING_ERRORS.keys.any? { |err| e.is_a?(err) } + + handle_dependabot_error(error: e, dependency: dependency) + end + + def check_and_update_existing_pr_with_error_handling(dependencies) + dependency = dependencies.last + check_and_update_pull_request(dependencies) + rescue StandardError => e + raise if RUN_HALTING_ERRORS.keys.any? { |err| e.is_a?(err) } + + handle_dependabot_error(error: e, dependency: dependency) + end + + # rubocop:disable Metrics/AbcSize + # rubocop:disable Metrics/CyclomaticComplexity + # rubocop:disable Metrics/PerceivedComplexity + # rubocop:disable Metrics/MethodLength + def check_and_update_pull_request(dependencies) + if dependencies.count != job.dependencies.count + close_pull_request(reason: :dependency_removed) unless errors.any? + return + end + + # NOTE: Prevent security only updates from turning into latest version + # updates if the current version is no longer vulnerable. This happens + # when a security update is applied by the user directly and the existing + # pull request is reabased. + if job.security_updates_only? && + dependencies.none? { |d| job.allowed_update?(d) } + lead_dependency = dependencies.first + if job.vulnerable?(lead_dependency) + logger_info("Dependency no longer allowed to update #{lead_dependency.name} #{lead_dependency.version}") + else + logger_info("No longer vulnerable #{lead_dependency.name} #{lead_dependency.version}") + end + close_pull_request(reason: :up_to_date) + return + end + + # The first dependency is the "lead" dependency in a multi-dependency + # update - i.e., the one we're trying to update. + # + # Note: Gradle, Maven and Nuget dependency names can be case-insensitive + # and the dependency name in the security advisory often doesn't match + # what users have specified in their manifest. + lead_dep_name = job.dependencies.first.downcase + lead_dependency = dependencies.find do |dep| + dep.name.downcase == lead_dep_name + end + checker = update_checker_for(lead_dependency, raise_on_ignored: raise_on_ignored?(lead_dependency)) + log_checking_for_update(lead_dependency) + + return if all_versions_ignored?(lead_dependency, checker) + + return close_pull_request(reason: :up_to_date) if checker.up_to_date? + + requirements_to_unlock = requirements_to_unlock(checker) + log_requirements_for_update(requirements_to_unlock, checker) + + return close_pull_request(reason: :update_no_longer_possible) if requirements_to_unlock == :update_not_possible + + updated_deps = checker.updated_dependencies( + requirements_to_unlock: requirements_to_unlock + ) + + updated_files = generate_dependency_files_for(updated_deps) + updated_deps = updated_deps.reject do |d| + next false if d.name == checker.dependency.name + next true if d.requirements == d.previous_requirements + + d.version == d.previous_version + end + + # NOTE: Gradle, Maven and Nuget dependency names can be case-insensitive + # and the dependency name in the security advisory often doesn't match + # what users have specified in their manifest. + job_dependencies = job.dependencies.map(&:downcase) + if updated_deps.map(&:name).map(&:downcase) != job_dependencies + # The dependencies being updated have changed. Close the existing + # multi-dependency PR and try creating a new one. + close_pull_request(reason: :dependencies_changed) + create_pull_request(updated_deps, updated_files, pr_message(updated_deps, updated_files)) + elsif existing_pull_request(updated_deps) + # The existing PR is for this version. Update it. + update_pull_request(updated_deps, updated_files) + else + # The existing PR is for a previous version. Supersede it. + create_pull_request(updated_deps, updated_files, pr_message(updated_deps, updated_files)) + end + end + # rubocop:enable Metrics/AbcSize + # rubocop:enable Metrics/CyclomaticComplexity + # rubocop:enable Metrics/PerceivedComplexity + # rubocop:enable Metrics/MethodLength + + # rubocop:disable Metrics/AbcSize + # rubocop:disable Metrics/CyclomaticComplexity + # rubocop:disable Metrics/PerceivedComplexity + # rubocop:disable Metrics/MethodLength + def check_and_create_pull_request(dependency) + checker = update_checker_for(dependency, raise_on_ignored: raise_on_ignored?(dependency)) + + log_checking_for_update(dependency) + + return if all_versions_ignored?(dependency, checker) + + # If the dependency isn't vulnerable or we can't know for sure we won't be + # able to know if the updated dependency fixes any advisories + if job.security_updates_only? + unless checker.vulnerable? + # The current dependency isn't vulnerable if the version is correct and + # can be matched against the advisories affected versions + if checker.version_class.correct?(checker.dependency.version) + return record_security_update_not_needed_error(checker) + end + + return record_dependency_file_not_supported_error(checker) + end + return record_security_update_ignored(checker) unless job.allowed_update?(dependency) + end + + if checker.up_to_date? + # The current version is still vulnerable and Dependabot can't find a + # published or compatible non-vulnerable version, this can happen if the + # fixed version hasn't been published yet or the published version isn't + # compatible with the current enviroment (e.g. python version) or + # version (uses a different version suffix for gradle/maven) + return record_security_update_not_found(checker) if job.security_updates_only? + + return log_up_to_date(dependency) + end + + if pr_exists_for_latest_version?(checker) + record_pull_request_exists_for_latest_version(checker) if job.security_updates_only? + return logger_info( + "Pull request already exists for #{checker.dependency.name} " \ + "with latest version #{checker.latest_version}" + ) + end + + requirements_to_unlock = requirements_to_unlock(checker) + log_requirements_for_update(requirements_to_unlock, checker) + + if requirements_to_unlock == :update_not_possible + return record_security_update_not_possible_error(checker) if job.security_updates_only? && job.dependencies + + return logger_info( + "No update possible for #{dependency.name} #{dependency.version}" + ) + end + + updated_deps = checker.updated_dependencies( + requirements_to_unlock: requirements_to_unlock + ) + + # Prevent updates that don't end up fixing any security advisories, + # blocking any updates where dependabot-core updates to a vulnerable + # version. This happens for npm/yarn subdendencies where Dependabot has no + # control over the target version. Related issue: + # https://github.com/github/dependabot-api/issues/905 + if job.security_updates_only? && + updated_deps.none? { |d| job.security_fix?(d) } + return record_security_update_not_possible_error(checker) + end + + if (existing_pr = existing_pull_request(updated_deps)) + # Create a update job error to prevent dependabot-api from creating a + # update_not_possible error, this is likely caused by a update job retry + # so should be invisble to users (as the first job completed with a pull + # request) + record_pull_request_exists_for_security_update(existing_pr) if job.security_updates_only? + + deps = existing_pr.map do |dep| + "#{dep.fetch('dependency-name')}@#{dep.fetch('dependency-version')}" + end + + return logger_info( + "Pull request already exists for #{deps.join(', ')}" + ) + end + + if peer_dependency_should_update_instead?(checker.dependency.name, updated_deps) + return logger_info( + "No update possible for #{dependency.name} #{dependency.version} " \ + "(peer dependency can be updated)" + ) + end + + updated_files = generate_dependency_files_for(updated_deps) + updated_deps = updated_deps.reject do |d| + next false if d.name == checker.dependency.name + next true if d.requirements == d.previous_requirements + + d.version == d.previous_version + end + create_pull_request(updated_deps, updated_files, pr_message(updated_deps, updated_files)) + end + # rubocop:enable Metrics/MethodLength + # rubocop:enable Metrics/AbcSize + # rubocop:enable Metrics/CyclomaticComplexity + # rubocop:enable Metrics/PerceivedComplexity + + def raise_on_ignored?(dependency) + job.security_updates_only? || ignore_conditions_for(dependency).any? + end + + def record_security_update_not_needed_error(checker) + logger_info( + "no security update needed as #{checker.dependency.name} " \ + "is no longer vulnerable" + ) + + record_error( + { + "error-type": "security_update_not_needed", + "error-detail": { + "dependency-name": checker.dependency.name + } + } + ) + end + + def record_security_update_ignored(checker) + logger_info( + "Dependabot cannot update to the required version as all versions " \ + "were ignored for #{checker.dependency.name}" + ) + + record_error( + { + "error-type": "all_versions_ignored", + "error-detail": { + "dependency-name": checker.dependency.name + } + } + ) + end + + def record_dependency_file_not_supported_error(checker) + logger_info( + "Dependabot can't update vulnerable dependencies for projects " \ + "without a lockfile or pinned version requirement as as the currently " \ + "installed version of #{checker.dependency.name} isn't known." + ) + + record_error( + { + "error-type": "dependency_file_not_supported", + "error-detail": { + "dependency-name": checker.dependency.name + } + } + ) + end + + def record_security_update_not_possible_error(checker) + latest_allowed_version = + (checker.lowest_resolvable_security_fix_version || + checker.dependency.version)&.to_s + lowest_non_vulnerable_version = + checker.lowest_security_fix_version&.to_s + conflicting_dependencies = checker.conflicting_dependencies + + logger_info( + security_update_not_possible_message(checker, latest_allowed_version, + conflicting_dependencies) + ) + logger_info(earliest_fixed_version_message(lowest_non_vulnerable_version)) + + record_error( + { + "error-type": "security_update_not_possible", + "error-detail": { + "dependency-name": checker.dependency.name, + "latest-resolvable-version": latest_allowed_version, + "lowest-non-vulnerable-version": lowest_non_vulnerable_version, + "conflicting-dependencies": conflicting_dependencies + } + } + ) + end + + def record_security_update_not_found(checker) + logger_info( + "Dependabot can't find a published or compatible non-vulnerable " \ + "version for #{checker.dependency.name}. " \ + "The latest available version is #{checker.dependency.version}" + ) + + record_error( + { + "error-type": "security_update_not_found", + "error-detail": { + "dependency-name": checker.dependency.name, + "dependency-version": checker.dependency.version + } + } + ) + end + + def record_pull_request_exists_for_latest_version(checker) + record_error( + { + "error-type": "pull_request_exists_for_latest_version", + "error-detail": { + "dependency-name": checker.dependency.name, + "dependency-version": checker.latest_version&.to_s + } + } + ) + end + + def record_pull_request_exists_for_security_update(existing_pull_request) + updated_dependencies = existing_pull_request.map do |dep| + { + "dependency-name": dep.fetch("dependency-name"), + "dependency-version": dep.fetch("dependency-version") + } + end + record_error( + { + "error-type": "pull_request_exists_for_security_update", + "error-detail": { + "updated-dependencies": updated_dependencies + } + } + ) + end + + def earliest_fixed_version_message(lowest_non_vulnerable_version) + if lowest_non_vulnerable_version + "The earliest fixed version is #{lowest_non_vulnerable_version}." + else + "Dependabot could not find a non-vulnerable version" + end + end + + def security_update_not_possible_message(checker, latest_allowed_version, + conflicting_dependencies) + if conflicting_dependencies.any? + dep_messages = conflicting_dependencies.map do |dep| + " #{dep['explanation']}" + end.join("\n") + + dependencies_pluralized = + conflicting_dependencies.count > 1 ? "dependencies" : "dependency" + + "The latest possible version that can be installed is " \ + "#{latest_allowed_version} because of the following " \ + "conflicting #{dependencies_pluralized}:\n\n#{dep_messages}" + else + "The latest possible version of #{checker.dependency.name} that can " \ + "be installed is #{latest_allowed_version}" + end + end + + def requirements_to_unlock(checker) + if job.lockfile_only? || !checker.requirements_unlocked_or_can_be? + if checker.can_update?(requirements_to_unlock: :none) then :none + else + :update_not_possible + end + elsif checker.can_update?(requirements_to_unlock: :own) then :own + elsif checker.can_update?(requirements_to_unlock: :all) then :all + else + :update_not_possible + end + end + + # If a version update for a peer dependency is possible we should + # defer to the PR that will be created for it to avoid duplicate PRs. + def peer_dependency_should_update_instead?(dependency_name, updated_deps) + # This doesn't apply to security updates as we can't rely on the + # peer dependency getting updated. + return false if job.security_updates_only? + + updated_deps. + reject { |dep| dep.name == dependency_name }. + any? do |dep| + next true if existing_pull_request([dep]) + + original_peer_dep = ::Dependabot::Dependency.new( + name: dep.name, + version: dep.previous_version, + requirements: dep.previous_requirements, + package_manager: dep.package_manager + ) + update_checker_for(original_peer_dep, raise_on_ignored: false). + can_update?(requirements_to_unlock: :own) + end + end + + def log_checking_for_update(dependency) + logger_info( + "Checking if #{dependency.name} #{dependency.version} needs updating" + ) + log_ignore_conditions(dependency) + end + + def all_versions_ignored?(dependency, checker) + logger_info("Latest version is #{checker.latest_version}") + false + rescue Dependabot::AllVersionsIgnored + logger_info("All updates for #{dependency.name} were ignored") + + # Report this error to the backend to create an update job error + raise if job.security_updates_only? + + true + end + + def log_ignore_conditions(dep) + conditions = job.ignore_conditions. + select { |ic| name_match?(ic["dependency-name"], dep.name) } + return if conditions.empty? + + logger_info("Ignored versions:") + conditions.each do |ic| + logger_info(" #{ic['version-requirement']} - from #{ic['source']}") unless ic["version-requirement"].nil? + + ic["update-types"]&.each do |update_type| + msg = " #{update_type} - from #{ic['source']}" + msg += " (doesn't apply to security update)" if job.security_updates_only? + logger_info(msg) + end + end + end + + def log_up_to_date(dependency) + logger_info( + "No update needed for #{dependency.name} #{dependency.version}" + ) + end + + def log_error(dependency:, error:, error_type:, error_detail: nil) + if error_type == "unknown_error" + logger_error "Error processing #{dependency.name} (#{error.class.name})" + logger_error error.message + error.backtrace.each { |line| logger_error line } + else + logger_info( + "Handled error whilst updating #{dependency.name}: #{error_type} " \ + "#{error_detail}" + ) + end + end + + def log_requirements_for_update(requirements_to_unlock, checker) + logger_info("Requirements to unlock #{requirements_to_unlock}") + + return unless checker.respond_to?(:requirements_update_strategy) + + logger_info( + "Requirements update strategy #{checker.requirements_update_strategy}" + ) + end + + def pr_exists_for_latest_version?(checker) + latest_version = checker.latest_version&.to_s + return false if latest_version.nil? + + job.existing_pull_requests. + select { |pr| pr.count == 1 }. + map(&:first). + select { |pr| pr.fetch("dependency-name") == checker.dependency.name }. + any? { |pr| pr.fetch("dependency-version") == latest_version } + end + + def existing_pull_request(updated_dependencies) + new_pr_set = Set.new( + updated_dependencies.map do |dep| + { + "dependency-name" => dep.name, + "dependency-version" => dep.version + } + end + ) + + job.existing_pull_requests.find { |pr| Set.new(pr) == new_pr_set } || + created_pull_requests.find { |pr| Set.new(pr) == new_pr_set } + end + + # rubocop:disable Metrics/PerceivedComplexity + def dependencies + all_deps = dependency_file_parser.parse + + # Tell the backend about the current dependencies on the target branch + update_dependency_list(all_deps) + + # Rebases and security updates have dependencies, version updates don't + if job.dependencies + # Gradle, Maven and Nuget dependency names can be case-insensitive and + # the dependency name in the security advisory often doesn't match what + # users have specified in their manifest. + # + # It's technically possibly to publish case-sensitive npm packages to a + # private registry but shouldn't cause problems here as job.dependencies + # is set either from an existing PR rebase/recreate or a security + # advisory. + job_dependencies = job.dependencies.map(&:downcase) + return all_deps.select do |dep| + job_dependencies.include?(dep.name.downcase) + end + end + + allowed_deps = all_deps.select { |d| job.allowed_update?(d) } + # Return dependencies in a random order, with top-level dependencies + # considered first so that dependency runs which time out don't always hit + # the same dependencies + allowed_deps = allowed_deps.shuffle unless ENV["UPDATER_DETERMINISTIC"] + + if all_deps.any? && allowed_deps.none? + logger_info("Found no dependencies to update after filtering allowed " \ + "updates") + end + + # Consider updating vulnerable deps first. Only consider the first 10, + # though, to ensure they don't take up the entire update run + deps = allowed_deps.select { |d| job.vulnerable?(d) }.sample(10) + + allowed_deps.reject { |d| job.vulnerable?(d) } + + deps + rescue StandardError => e + handle_parser_error(e) + [] + end + # rubocop:enable Metrics/PerceivedComplexity + + def dependency_file_parser + Dependabot::FileParsers.for_package_manager(job.package_manager).new( + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + source: job.source, + credentials: credentials, + reject_external_code: job.reject_external_code?, + options: job.experiments + ) + end + + def update_checker_for(dependency, raise_on_ignored:) + Dependabot::UpdateCheckers.for_package_manager(job.package_manager).new( + dependency: dependency, + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + credentials: credentials, + ignored_versions: ignore_conditions_for(dependency), + security_advisories: security_advisories_for(dependency), + raise_on_ignored: raise_on_ignored, + requirements_update_strategy: job.requirements_update_strategy, + options: job.experiments + ) + end + + def file_updater_for(dependencies) + Dependabot::FileUpdaters.for_package_manager(job.package_manager).new( + dependencies: dependencies, + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + credentials: credentials, + options: job.experiments + ) + end + + def ignore_conditions_for(dep) + update_config_ignored_versions(job.ignore_conditions, dep) + end + + def update_config_ignored_versions(ignore_conditions, dep) + ignore_conditions = ignore_conditions.map do |ic| + Dependabot::Config::IgnoreCondition.new( + dependency_name: ic["dependency-name"], + versions: [ic["version-requirement"]].compact, + update_types: ic["update-types"] + ) + end + Dependabot::Config::UpdateConfig. + new(ignore_conditions: ignore_conditions). + ignored_versions_for(dep, security_updates_only: job.security_updates_only?) + end + + def name_match?(name1, name2) + WildcardMatcher.match?( + job.name_normaliser.call(name1), + job.name_normaliser.call(name2) + ) + end + + def security_advisories_for(dep) + relevant_advisories = + job.security_advisories. + select { |adv| adv.fetch("dependency-name").casecmp(dep.name).zero? } + + relevant_advisories.map do |adv| + vulnerable_versions = adv["affected-versions"] || [] + safe_versions = (adv["patched-versions"] || []) + + (adv["unaffected-versions"] || []) + + Dependabot::SecurityAdvisory.new( + dependency_name: dep.name, + package_manager: job.package_manager, + vulnerable_versions: vulnerable_versions, + safe_versions: safe_versions + ) + end + end + + def generate_dependency_files_for(updated_dependencies) + if updated_dependencies.count == 1 + updated_dependency = updated_dependencies.first + logger_info("Updating #{updated_dependency.name} from " \ + "#{updated_dependency.previous_version} to " \ + "#{updated_dependency.version}") + else + dependency_names = updated_dependencies.map(&:name) + logger_info("Updating #{dependency_names.join(', ')}") + end + updater = file_updater_for(updated_dependencies) + updater.updated_dependency_files + end + + def create_pull_request(dependencies, updated_dependency_files, pr_message) + logger_info("Submitting #{dependencies.map(&:name).join(', ')} " \ + "pull request for creation") + + service.create_pull_request( + job_id, + dependencies, + updated_dependency_files.map(&:to_h), + base_commit_sha, + pr_message + ) + + created_pull_requests << dependencies.map do |dep| + { + "dependency-name" => dep.name, + "dependency-version" => dep.version + } + end + end + + def update_pull_request(dependencies, updated_dependency_files) + logger_info("Submitting #{dependencies.map(&:name).join(', ')} " \ + "pull request for update") + + service.update_pull_request( + job_id, + dependencies, + updated_dependency_files.map(&:to_h), + base_commit_sha + ) + end + + def close_pull_request(reason:) + reason_string = reason.to_s.tr("_", " ") + logger_info("Telling backed to close pull request for " \ + "#{job.dependencies.join(', ')} - #{reason_string}") + service.close_pull_request(job_id, job.dependencies, reason) + end + + def clear_repo_contents_path + # Remove the contents of the repo_contents_path, as these files are owned + # by the root user and will cause a permission error if left in place when + # we try to remove the directory. + # The `secure` flag ensures that we do not remove any symlinks, which + # could be exploited. + return unless repo_contents_path && Dir.exist?(repo_contents_path) + + FileUtils.rm_rf("#{repo_contents_path}/.", secure: true) + end + + # rubocop:disable Metrics/MethodLength + def handle_dependabot_error(error:, dependency:) + error_details = + case error + when Dependabot::DependencyFileNotResolvable + { + "error-type": "dependency_file_not_resolvable", + "error-detail": { message: error.message } + } + when Dependabot::DependencyFileNotEvaluatable + { + "error-type": "dependency_file_not_evaluatable", + "error-detail": { message: error.message } + } + when Dependabot::GitDependenciesNotReachable + { + "error-type": "git_dependencies_not_reachable", + "error-detail": { "dependency-urls": error.dependency_urls } + } + when Dependabot::GitDependencyReferenceNotFound + { + "error-type": "git_dependency_reference_not_found", + "error-detail": { dependency: error.dependency } + } + when Dependabot::PrivateSourceAuthenticationFailure + { + "error-type": "private_source_authentication_failure", + "error-detail": { source: error.source } + } + when Dependabot::PrivateSourceTimedOut + { + "error-type": "private_source_timed_out", + "error-detail": { source: error.source } + } + when Dependabot::PrivateSourceCertificateFailure + { + "error-type": "private_source_certificate_failure", + "error-detail": { source: error.source } + } + when Dependabot::MissingEnvironmentVariable + { + "error-type": "missing_environment_variable", + "error-detail": { + "environment-variable": error.environment_variable + } + } + when Dependabot::GoModulePathMismatch + { + "error-type": "go_module_path_mismatch", + "error-detail": { + "declared-path": error.declared_path, + "discovered-path": error.discovered_path, + "go-mod": error.go_mod + } + } + when Dependabot::NotImplemented + { + "error-type": "not_implemented", + "error-detail": { + message: error.message + } + } + when Dependabot::SharedHelpers::HelperSubprocessFailed + # If a helper subprocess has failed the error may include sensitive + # info such as file contents or paths. This information is already + # in the job logs, so we send a breadcrumb to Sentry to retrieve those + # instead. + msg = "Dependency update process failed, please check the job logs" + Raven.capture_exception( + SubprocessFailed.new(msg), + raven_context + ) + + { "error-type": "unknown_error" } + when *Octokit::RATE_LIMITED_ERRORS + # If we get a rate-limited error we let dependabot-api handle the + # retry by re-enqueing the update job after the reset + { + "error-type": "octokit_rate_limited", + "error-detail": { + "rate-limit-reset": error.response_headers["X-RateLimit-Reset"] + } + } + else + Raven.capture_exception(error, raven_context(dependency: dependency)) + { "error-type": "unknown_error" } + end + + record_error(error_details) + + log_error( + dependency: dependency, + error: error, + error_type: error_details.fetch(:"error-type"), + error_detail: error_details.fetch(:"error-detail", nil) + ) + end + + # rubocop:enable Metrics/MethodLength + # rubocop:disable Metrics/MethodLength + # rubocop:disable Metrics/CyclomaticComplexity + def handle_parser_error(error) + error_details = + case error + when Dependabot::DependencyFileNotEvaluatable + { + "error-type": "dependency_file_not_evaluatable", + "error-detail": { message: error.message } + } + when Dependabot::DependencyFileNotResolvable + { + "error-type": "dependency_file_not_resolvable", + "error-detail": { message: error.message } + } + when Dependabot::BranchNotFound + { + "error-type": "branch_not_found", + "error-detail": { "branch-name": error.branch_name } + } + when Dependabot::RepoNotFound + # This happens if the repo gets removed after a job gets kicked off. + # The main backend will handle it without any prompt from the updater, + # so no need to add an error to the errors array + nil + when Dependabot::DependencyFileNotParseable + { + "error-type": "dependency_file_not_parseable", + "error-detail": { + message: error.message, + "file-path": error.file_path + } + } + when Dependabot::DependencyFileNotFound + { + "error-type": "dependency_file_not_found", + "error-detail": { "file-path": error.file_path } + } + when Dependabot::PathDependenciesNotReachable + { + "error-type": "path_dependencies_not_reachable", + "error-detail": { dependencies: error.dependencies } + } + when Dependabot::PrivateSourceAuthenticationFailure + { + "error-type": "private_source_authentication_failure", + "error-detail": { source: error.source } + } + when Dependabot::GitDependenciesNotReachable + { + "error-type": "git_dependencies_not_reachable", + "error-detail": { "dependency-urls": error.dependency_urls } + } + when Dependabot::NotImplemented + { + "error-type": "not_implemented", + "error-detail": { + message: error.message + } + } + when Octokit::ServerError + # If we get a 500 from GitHub there's very little we can do about it, + # and responsibility for fixing it is on them, not us. As a result we + # quietly log these as errors + { "error-type": "unknown_error" } + else + raise if RUN_HALTING_ERRORS.keys.any? { |e| error.is_a?(e) } + + logger_error error.message + error.backtrace.each { |line| logger_error line } + + Raven.capture_exception(error, raven_context) + { "error-type": "unknown_error" } + end + + record_error(error_details) if error_details + end + + # rubocop:enable Metrics/MethodLength + # rubocop:enable Metrics/CyclomaticComplexity + def pr_message(dependencies, files) + return nil unless job.build_pull_request_message? + + Dependabot::PullRequestCreator::MessageBuilder.new( + source: job.source, + dependencies: dependencies, + files: files, + credentials: credentials, + commit_message_options: job.commit_message_options, + # This ensures that PR messages we build replace github.com links with + # a redirect that stop markdown enriching them into mentions on the source + # repository. + # + # TODO: Promote this value to a constant or similar once we have + # updated core to avoid surprise outcomes if this is unset. + github_redirection_service: "github-redirect.dependabot.com" + ).message + end + + def update_dependency_list(dependencies) + service.update_dependency_list( + job_id, + dependencies.map do |dep| + { + name: dep.name, + version: dep.version, + requirements: dep.requirements + } + end, + dependency_files.reject(&:support_file).map(&:path) + ) + end + + def error_context(dependency) + { dependency_name: dependency.name, update_job_id: job_id } + end + + def credentials + job.credentials + end + + def logger_info(message) + Dependabot.logger.info(prefixed_log_message(message)) + end + + def logger_error(message) + Dependabot.logger.error(prefixed_log_message(message)) + end + + def prefixed_log_message(message) + message.lines.map { |line| [log_prefix, line].join(" ") }.join + end + + def log_prefix + "" if job_id + end + + def record_error(error_details) + service.record_update_job_error( + job_id, + error_type: error_details.fetch(:"error-type"), + error_details: error_details[:"error-detail"] + ) + + errors << error_details + end + + def raven_context(dependency: nil) + context = { tags: {}, extra: { update_job_id: job_id } } + context[:tags][:package_manager] = @job.package_manager if @job + context[:extra][:dependency_name] = dependency.name if dependency + context + end + end +end +# rubocop:enable Metrics/ClassLength diff --git a/updater/lib/wildcard_matcher.rb b/updater/lib/wildcard_matcher.rb new file mode 100644 index 00000000000..e18247f9af6 --- /dev/null +++ b/updater/lib/wildcard_matcher.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class WildcardMatcher + def self.match?(wildcard_string, candidate_string) + return false unless wildcard_string && candidate_string + + regex_string = "a#{wildcard_string.downcase}a".split("*"). + map { |p| Regexp.quote(p) }. + join(".*").gsub(/^a|a$/, "") + regex = /^#{regex_string}$/ + regex.match?(candidate_string.downcase) + end +end diff --git a/updater/licenses/bundler/activesupport.dep.yml b/updater/licenses/bundler/activesupport.dep.yml new file mode 100644 index 00000000000..47019652a43 --- /dev/null +++ b/updater/licenses/bundler/activesupport.dep.yml @@ -0,0 +1,37 @@ +--- +name: activesupport +version: 6.1.4.4 +type: bundler +summary: A toolkit of support libraries and Ruby core extensions extracted from the + Rails framework. +homepage: https://rubyonrails.org +license: mit +licenses: +- sources: MIT-LICENSE + text: | + Copyright (c) 2005-2020 David Heinemeier Hansson + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.rdoc + text: |- + Active Support is released under the MIT license: + + * https://opensource.org/licenses/MIT +notices: [] diff --git a/updater/licenses/bundler/addressable.dep.yml b/updater/licenses/bundler/addressable.dep.yml new file mode 100644 index 00000000000..3ead64e68b6 --- /dev/null +++ b/updater/licenses/bundler/addressable.dep.yml @@ -0,0 +1,213 @@ +--- +name: addressable +version: 2.8.1 +type: bundler +summary: URI Implementation +homepage: https://github.com/sporkmonger/addressable +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/ast.dep.yml b/updater/licenses/bundler/ast.dep.yml new file mode 100644 index 00000000000..89d07af1993 --- /dev/null +++ b/updater/licenses/bundler/ast.dep.yml @@ -0,0 +1,31 @@ +--- +name: ast +version: 2.4.2 +type: bundler +summary: A library for working with Abstract Syntax Trees. +homepage: https://whitequark.github.io/ast/ +license: mit +licenses: +- sources: LICENSE.MIT + text: | + Copyright (c) 2011-2013 Peter Zotov + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/aws-eventstream.dep.yml b/updater/licenses/bundler/aws-eventstream.dep.yml new file mode 100644 index 00000000000..f76e1de8446 --- /dev/null +++ b/updater/licenses/bundler/aws-eventstream.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-eventstream +version: 1.2.0 +type: bundler +summary: AWS Event Stream Library +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/aws-partitions.dep.yml b/updater/licenses/bundler/aws-partitions.dep.yml new file mode 100644 index 00000000000..f1ae77e378d --- /dev/null +++ b/updater/licenses/bundler/aws-partitions.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-partitions +version: 1.621.0 +type: bundler +summary: Provides information about AWS partitions, regions, and services. +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/aws-sdk-codecommit.dep.yml b/updater/licenses/bundler/aws-sdk-codecommit.dep.yml new file mode 100644 index 00000000000..27ecc3e8c32 --- /dev/null +++ b/updater/licenses/bundler/aws-sdk-codecommit.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-sdk-codecommit +version: 1.51.0 +type: bundler +summary: AWS SDK for Ruby - CodeCommit +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/aws-sdk-core.dep.yml b/updater/licenses/bundler/aws-sdk-core.dep.yml new file mode 100644 index 00000000000..b2a57a2b29a --- /dev/null +++ b/updater/licenses/bundler/aws-sdk-core.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-sdk-core +version: 3.134.0 +type: bundler +summary: AWS SDK for Ruby - Core +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/aws-sdk-ecr.dep.yml b/updater/licenses/bundler/aws-sdk-ecr.dep.yml new file mode 100644 index 00000000000..32cb10d5c7c --- /dev/null +++ b/updater/licenses/bundler/aws-sdk-ecr.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-sdk-ecr +version: 1.56.0 +type: bundler +summary: AWS SDK for Ruby - Amazon ECR +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/aws-sigv4.dep.yml b/updater/licenses/bundler/aws-sigv4.dep.yml new file mode 100644 index 00000000000..1e5ca5831fb --- /dev/null +++ b/updater/licenses/bundler/aws-sigv4.dep.yml @@ -0,0 +1,213 @@ +--- +name: aws-sigv4 +version: 1.5.1 +type: bundler +summary: AWS Signature Version 4 library. +homepage: https://github.com/aws/aws-sdk-ruby +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/bundler.dep.yml b/updater/licenses/bundler/bundler.dep.yml new file mode 100644 index 00000000000..c267cdc3cea --- /dev/null +++ b/updater/licenses/bundler/bundler.dep.yml @@ -0,0 +1,35 @@ +--- +name: bundler +version: 2.2.20 +type: bundler +summary: The best way to manage your application's dependencies +homepage: https://bundler.io +license: mit +licenses: +- sources: LICENSE.md + text: | + The MIT License + + Portions copyright (c) 2010-2019 André Arko + Portions copyright (c) 2009 Engine Yard + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +- sources: README.md + text: Bundler is available under an [MIT License](https://github.com/rubygems/rubygems/blob/master/bundler/LICENSE.md). +notices: [] diff --git a/updater/licenses/bundler/citrus.dep.yml b/updater/licenses/bundler/citrus.dep.yml new file mode 100644 index 00000000000..24014e9d319 --- /dev/null +++ b/updater/licenses/bundler/citrus.dep.yml @@ -0,0 +1,30 @@ +--- +name: citrus +version: 3.0.2 +type: bundler +summary: Parsing Expressions for Ruby +homepage: http://mjackson.github.io/citrus +license: mit +licenses: +- sources: README.md + text: |- + Copyright 2010-2011 Michael Jackson + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + The software is provided "as is", without warranty of any kind, express or + implied, including but not limited to the warranties of merchantability, + fitness for a particular purpose and non-infringement. In no event shall the + authors or copyright holders be liable for any claim, damages or other + liability, whether in an action of contract, tort or otherwise, arising from, + out of or in connection with the software or the use or other dealings in + the software. +notices: [] diff --git a/updater/licenses/bundler/commonmarker.dep.yml b/updater/licenses/bundler/commonmarker.dep.yml new file mode 100644 index 00000000000..2fbf860b657 --- /dev/null +++ b/updater/licenses/bundler/commonmarker.dep.yml @@ -0,0 +1,33 @@ +--- +name: commonmarker +version: 0.23.5 +type: bundler +summary: CommonMark parser and renderer. Written in C, wrapped in Ruby. +homepage: https://github.com/gjtorikian/commonmarker +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2015 Garen J. Torikian + + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/concurrent-ruby.dep.yml b/updater/licenses/bundler/concurrent-ruby.dep.yml new file mode 100644 index 00000000000..72943399e55 --- /dev/null +++ b/updater/licenses/bundler/concurrent-ruby.dep.yml @@ -0,0 +1,33 @@ +--- +name: concurrent-ruby +version: 1.1.10 +type: bundler +summary: Modern concurrency tools for Ruby. Inspired by Erlang, Clojure, Scala, Haskell, + F#, C#, Java, and classic concurrency patterns. +homepage: http://www.concurrent-ruby.com +license: other +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) Jerry D'Antonio -- released under the MIT license. + + http://www.opensource.org/licenses/mit-license.php + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/docker_registry2.dep.yml b/updater/licenses/bundler/docker_registry2.dep.yml new file mode 100644 index 00000000000..bc6221ca843 --- /dev/null +++ b/updater/licenses/bundler/docker_registry2.dep.yml @@ -0,0 +1,11 @@ +--- +name: docker_registry2 +version: 1.12.0 +type: bundler +summary: Docker v2 registry HTTP API client +homepage: https://github.com/deitch/docker_registry2 +license: mit +licenses: +- sources: README.md + text: MIT License. +notices: [] diff --git a/updater/licenses/bundler/domain_name.dep.yml b/updater/licenses/bundler/domain_name.dep.yml new file mode 100644 index 00000000000..3d52edeb5c9 --- /dev/null +++ b/updater/licenses/bundler/domain_name.dep.yml @@ -0,0 +1,61 @@ +--- +name: domain_name +version: 0.5.20190701 +type: bundler +summary: Domain Name manipulation library for Ruby +homepage: https://github.com/knu/ruby-domain_name +license: other +licenses: +- sources: LICENSE.txt + text: "Copyright (c) 2011-2017 Akinori MUSHA\n\nAll rights reserved.\n\nRedistribution + and use in source and binary forms, with or without\nmodification, are permitted + provided that the following conditions\nare met:\n1. Redistributions of source + code must retain the above copyright\n notice, this list of conditions and the + following disclaimer.\n2. Redistributions in binary form must reproduce the above + copyright\n notice, this list of conditions and the following disclaimer in + the\n documentation and/or other materials provided with the distribution.\n\nTHIS + SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND\nANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED.\t IN + NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\nOR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + OF\nSUCH DAMAGE.\n\n* lib/domain_name/punycode.rb\n\nThis file is derived from + the implementation of punycode available at\nhere:\n\nhttps://www.verisign.com/en_US/channel-resources/domain-registry-products/idn-sdks/index.xhtml\n\nCopyright + (C) 2000-2002 Verisign Inc., All rights reserved.\n\nRedistribution and use in + source and binary forms, with or\nwithout modification, are permitted provided + that the following\nconditions are met:\n\n 1) Redistributions of source code + must retain the above copyright\n notice, this list of conditions and the following + disclaimer.\n\n 2) Redistributions in binary form must reproduce the above copyright\n + \ notice, this list of conditions and the following disclaimer in\n the documentation + and/or other materials provided with the\n distribution.\n\n 3) Neither the + name of the VeriSign Inc. nor the names of its\n contributors may be used to + endorse or promote products derived\n from this software without specific prior + written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT + NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A + PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE\nCOPYRIGHT OWNER OR CONTRIBUTORS + BE LIABLE FOR ANY DIRECT, INDIRECT,\nINCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING,\nBUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS\nOF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED\nAND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN\nANY WAY OUT OF THE USE OF THIS SOFTWARE, + EVEN IF ADVISED OF THE\nPOSSIBILITY OF SUCH DAMAGE.\n\nThis software is licensed + under the BSD open source license. For more\ninformation visit www.opensource.org.\n\nAuthors:\n + John Colosi (VeriSign)\n Srikanth Veeramachaneni (VeriSign)\n Nagesh Chigurupati + (Verisign)\n Praveen Srinivasan(Verisign)\n\n* lib/domain_name/etld_data.rb\n\nThis + file is generated from the Public Suffix List\n(https://publicsuffix.org/), which + is licensed under MPL 2.0:\n\nhttps://mozilla.org/MPL/2.0/\n" +- sources: README.md + text: |- + Copyright (c) 2011-2017 Akinori MUSHA + + Licensed under the 2-clause BSD license. + + Some portion of this library is copyrighted by third parties and + licensed under MPL 2.0 or 3-clause BSD license, + See `LICENSE.txt` for details. +notices: [] diff --git a/updater/licenses/bundler/excon.dep.yml b/updater/licenses/bundler/excon.dep.yml new file mode 100644 index 00000000000..cf76cb8d76c --- /dev/null +++ b/updater/licenses/bundler/excon.dep.yml @@ -0,0 +1,38 @@ +--- +name: excon +version: 0.92.4 +type: bundler +summary: speed, persistence, http(s) +homepage: https://github.com/excon/excon +license: other +licenses: +- sources: LICENSE.md + text: | + The MIT License (MIT) + + Copyright (c) 2009-2019 [CONTRIBUTORS.md](https://github.com/excon/excon/blob/master/CONTRIBUTORS.md) + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + the Software, and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: |- + Please refer to [LICENSE.md](https://github.com/excon/excon/blob/master/LICENSE.md). + + [middleware]: lib/excon/middlewares/base.rb + [hypermedia]: https://en.wikipedia.org/wiki/HATEOAS + [templating]: https://www.rfc-editor.org/rfc/rfc6570.txt +notices: [] diff --git a/updater/licenses/bundler/faraday-net_http.dep.yml b/updater/licenses/bundler/faraday-net_http.dep.yml new file mode 100644 index 00000000000..5c0997cafad --- /dev/null +++ b/updater/licenses/bundler/faraday-net_http.dep.yml @@ -0,0 +1,34 @@ +--- +name: faraday-net_http +version: 2.1.0 +type: bundler +summary: Faraday adapter for Net::HTTP +homepage: https://github.com/lostisland/faraday-net_http +license: other +licenses: +- sources: LICENSE.md + text: | + The MIT License (MIT) + + Copyright (c) 2020 Jan van der Pas + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +- sources: README.md + text: The gem is available as open source under the terms of the [license][license]. +notices: [] diff --git a/updater/licenses/bundler/faraday.dep.yml b/updater/licenses/bundler/faraday.dep.yml new file mode 100644 index 00000000000..3310ad5f9fd --- /dev/null +++ b/updater/licenses/bundler/faraday.dep.yml @@ -0,0 +1,31 @@ +--- +name: faraday +version: 2.3.0 +type: bundler +summary: HTTP/REST API client library. +homepage: https://lostisland.github.io/faraday +license: mit +licenses: +- sources: LICENSE.md + text: | + Copyright (c) 2009-2020 Rick Olson, Zack Hobson + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/ffi-compiler.dep.yml b/updater/licenses/bundler/ffi-compiler.dep.yml new file mode 100644 index 00000000000..dac83f041b9 --- /dev/null +++ b/updater/licenses/bundler/ffi-compiler.dep.yml @@ -0,0 +1,213 @@ +--- +name: ffi-compiler +version: 1.0.1 +type: bundler +summary: Ruby FFI Rakefile generator +homepage: http://wiki.github.com/ffi/ffi +license: apache-2.0 +licenses: +- sources: LICENSE + text: |2 + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/ffi.dep.yml b/updater/licenses/bundler/ffi.dep.yml new file mode 100644 index 00000000000..3ab11de8eac --- /dev/null +++ b/updater/licenses/bundler/ffi.dep.yml @@ -0,0 +1,114 @@ +--- +name: ffi +version: 1.15.0 +type: bundler +summary: Ruby FFI +homepage: https://github.com/ffi/ffi/wiki +license: other +licenses: +- sources: LICENSE + text: | + Copyright (c) 2008-2016, Ruby FFI project contributors + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the Ruby FFI project nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: COPYING + text: |+ + Copyright (c) 2008-2013, Ruby FFI project contributors + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the Ruby FFI project nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + libffi, used by this project, is licensed under the MIT license: + + libffi - Copyright (c) 1996-2011 Anthony Green, Red Hat, Inc and others. + See source files for details. + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + ``Software''), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +- sources: LICENSE.SPECS + text: | + Copyright (c) 2008-2012 Ruby-FFI contributors + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, + copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following + conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES + OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR + OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: |- + The ffi library is covered by the BSD license, also see the LICENSE file. + The specs are covered by the same license as [ruby/spec](https://github.com/ruby/spec), the MIT license. +notices: [] diff --git a/updater/licenses/bundler/gitlab.dep.yml b/updater/licenses/bundler/gitlab.dep.yml new file mode 100644 index 00000000000..df7e22d8a26 --- /dev/null +++ b/updater/licenses/bundler/gitlab.dep.yml @@ -0,0 +1,37 @@ +--- +name: gitlab +version: 4.19.0 +type: bundler +summary: A Ruby wrapper and CLI for the GitLab API +homepage: https://github.com/NARKOZ/gitlab +license: bsd-2-clause +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2012-2022 Nihad Abbasov + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +- sources: README.md + text: Released under the BSD 2-clause license. See LICENSE.txt for details. +notices: [] diff --git a/updater/licenses/bundler/http-accept.dep.yml b/updater/licenses/bundler/http-accept.dep.yml new file mode 100644 index 00000000000..036966df7c0 --- /dev/null +++ b/updater/licenses/bundler/http-accept.dep.yml @@ -0,0 +1,25 @@ +--- +name: http-accept +version: 1.7.0 +type: bundler +summary: Parse Accept and Accept-Language HTTP headers. +homepage: https://github.com/ioquatix/http-accept +license: mit +licenses: +- sources: README.md + text: "Released under the MIT license.\n\nCopyright, 2016, by [Samuel G. D. Williams](http://www.codeotaku.com/samuel-williams). + \nCopyright, 2016, by [Matthew Kerwin](http://kerwin.net.au).\n\nPermission is + hereby granted, free of charge, to any person obtaining a copy\nof this software + and associated documentation files (the \"Software\"), to deal\nin the Software + without restriction, including without limitation the rights\nto use, copy, modify, + merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and + to permit persons to whom the Software is\nfurnished to do so, subject to the + following conditions:\n\nThe above copyright notice and this permission notice + shall be included in\nall copies or substantial portions of the Software.\n\nTHE + SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A + PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE." +notices: [] diff --git a/updater/licenses/bundler/http-cookie.dep.yml b/updater/licenses/bundler/http-cookie.dep.yml new file mode 100644 index 00000000000..ff403761a2b --- /dev/null +++ b/updater/licenses/bundler/http-cookie.dep.yml @@ -0,0 +1,35 @@ +--- +name: http-cookie +version: 1.0.5 +type: bundler +summary: A Ruby library to handle HTTP Cookies based on RFC 6265 +homepage: https://github.com/sparklemotion/http-cookie +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2013 Akinori MUSHA + Copyright (c) 2011-2012 Akinori MUSHA, Eric Hodel + Copyright (c) 2006-2011 Aaron Patterson, Mike Dalessio + + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/http-form_data.dep.yml b/updater/licenses/bundler/http-form_data.dep.yml new file mode 100644 index 00000000000..e8c243c9430 --- /dev/null +++ b/updater/licenses/bundler/http-form_data.dep.yml @@ -0,0 +1,33 @@ +--- +name: http-form_data +version: 2.3.0 +type: bundler +summary: http-form_data-2.3.0 +homepage: https://github.com/httprb/form_data.rb +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2015-2017 Alexey V Zapparov + + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/http-parser.dep.yml b/updater/licenses/bundler/http-parser.dep.yml new file mode 100644 index 00000000000..e3be0f06f77 --- /dev/null +++ b/updater/licenses/bundler/http-parser.dep.yml @@ -0,0 +1,31 @@ +--- +name: http-parser +version: 1.2.3 +type: bundler +summary: Ruby bindings to joyent/http-parser +homepage: https://github.com/cotag/http-parser +license: mit +licenses: +- sources: LICENSE + text: | + The MIT License (MIT) + + Copyright (c) 2013 CoTag Media + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + the Software, and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/http.dep.yml b/updater/licenses/bundler/http.dep.yml new file mode 100644 index 00000000000..2def26f778b --- /dev/null +++ b/updater/licenses/bundler/http.dep.yml @@ -0,0 +1,31 @@ +--- +name: http +version: 4.4.1 +type: bundler +summary: HTTP should be easy +homepage: https://github.com/httprb/http +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2011-2016 Tony Arcieri, Erik Michaels-Ober, Alexey V. Zapparov, Zachary Anker + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/httparty.dep.yml b/updater/licenses/bundler/httparty.dep.yml new file mode 100644 index 00000000000..7a5aa08d96e --- /dev/null +++ b/updater/licenses/bundler/httparty.dep.yml @@ -0,0 +1,31 @@ +--- +name: httparty +version: 0.20.0 +type: bundler +summary: Makes http fun! Also, makes consuming restful web services dead easy. +homepage: https://github.com/jnunemaker/httparty +license: mit +licenses: +- sources: MIT-LICENSE + text: |- + Copyright (c) 2008 John Nunemaker + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/i18n.dep.yml b/updater/licenses/bundler/i18n.dep.yml new file mode 100644 index 00000000000..445c628a3cd --- /dev/null +++ b/updater/licenses/bundler/i18n.dep.yml @@ -0,0 +1,33 @@ +--- +name: i18n +version: 1.12.0 +type: bundler +summary: New wave Internationalization support for Ruby +homepage: https://github.com/ruby-i18n/i18n +license: mit +licenses: +- sources: MIT-LICENSE + text: |- + Copyright (c) 2008 The Ruby I18n team + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: MIT License. See the included MIT-LICENSE file. +notices: [] diff --git a/updater/licenses/bundler/jmespath.dep.yml b/updater/licenses/bundler/jmespath.dep.yml new file mode 100644 index 00000000000..18321dc2ad7 --- /dev/null +++ b/updater/licenses/bundler/jmespath.dep.yml @@ -0,0 +1,185 @@ +--- +name: jmespath +version: 1.6.1 +type: bundler +summary: JMESPath - Ruby Edition +homepage: http://github.com/trevorrowe/jmespath.rb +license: apache-2.0 +licenses: +- sources: LICENSE.txt + text: |2 + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. +notices: [] diff --git a/updater/licenses/bundler/mime-types-data.dep.yml b/updater/licenses/bundler/mime-types-data.dep.yml new file mode 100644 index 00000000000..c6435b66ba7 --- /dev/null +++ b/updater/licenses/bundler/mime-types-data.dep.yml @@ -0,0 +1,36 @@ +--- +name: mime-types-data +version: 3.2022.0105 +type: bundler +summary: mime-types-data provides a registry for information about MIME media type + definitions +homepage: https://github.com/mime-types/mime-types-data/ +license: other +licenses: +- sources: Licence.md + text: | + ## Licence + + - Copyright 2003–2021 Austin Ziegler and other contributors. + + The software in this repository is made available under the MIT license. + + ### MIT License + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + the Software, and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/mime-types.dep.yml b/updater/licenses/bundler/mime-types.dep.yml new file mode 100644 index 00000000000..1b0bc9e8ab1 --- /dev/null +++ b/updater/licenses/bundler/mime-types.dep.yml @@ -0,0 +1,37 @@ +--- +name: mime-types +version: 3.4.1 +type: bundler +summary: The mime-types library provides a library and registry for information about + MIME content type definitions +homepage: https://github.com/mime-types/ruby-mime-types/ +license: other +licenses: +- sources: Licence.md + text: | + # Licence + + - Copyright 2003–2019 Austin Ziegler and contributors. + + The software in this repository is made available under the MIT license. + + ## MIT License + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/mini_portile2.dep.yml b/updater/licenses/bundler/mini_portile2.dep.yml new file mode 100644 index 00000000000..51daff8d0c8 --- /dev/null +++ b/updater/licenses/bundler/mini_portile2.dep.yml @@ -0,0 +1,33 @@ +--- +name: mini_portile2 +version: 2.8.0 +type: bundler +summary: Simplistic port-like solution for developers +homepage: https://github.com/flavorjones/mini_portile +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2011-2016 Luis Lavena and Mike Dalessio + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: This library is licensed under MIT license. Please see LICENSE.txt for details. +notices: [] diff --git a/updater/licenses/bundler/minitest.dep.yml b/updater/licenses/bundler/minitest.dep.yml new file mode 100644 index 00000000000..fb832b2fd53 --- /dev/null +++ b/updater/licenses/bundler/minitest.dep.yml @@ -0,0 +1,34 @@ +--- +name: minitest +version: 5.16.3 +type: bundler +summary: minitest provides a complete suite of testing facilities supporting TDD, + BDD, mocking, and benchmarking +homepage: https://github.com/seattlerb/minitest +license: mit +licenses: +- sources: README.rdoc + text: |- + (The MIT License) + + Copyright (c) Ryan Davis, seattle.rb + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + 'Software'), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/multi_xml.dep.yml b/updater/licenses/bundler/multi_xml.dep.yml new file mode 100644 index 00000000000..a94d11ead9a --- /dev/null +++ b/updater/licenses/bundler/multi_xml.dep.yml @@ -0,0 +1,31 @@ +--- +name: multi_xml +version: 0.6.0 +type: bundler +summary: A generic swappable back-end for XML parsing +homepage: https://github.com/sferik/multi_xml +license: mit +licenses: +- sources: LICENSE.md + text: | + Copyright (c) 2010-2013 Erik Michaels-Ober + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/netrc.dep.yml b/updater/licenses/bundler/netrc.dep.yml new file mode 100644 index 00000000000..02fea77e202 --- /dev/null +++ b/updater/licenses/bundler/netrc.dep.yml @@ -0,0 +1,31 @@ +--- +name: netrc +version: 0.11.0 +type: bundler +summary: Library to read and write netrc files. +homepage: https://github.com/geemus/netrc +license: mit +licenses: +- sources: LICENSE.md + text: | + The MIT License (MIT) + + Copyright (c) 2011-2014 [CONTRIBUTORS.md](https://github.com/geemus/netrc/blob/master/CONTRIBUTORS.md) + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + the Software, and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/nokogiri.dep.yml b/updater/licenses/bundler/nokogiri.dep.yml new file mode 100644 index 00000000000..aa9b8162558 --- /dev/null +++ b/updater/licenses/bundler/nokogiri.dep.yml @@ -0,0 +1,1325 @@ +--- +name: nokogiri +version: 1.13.8 +type: bundler +summary: Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. +homepage: https://nokogiri.org +license: other +licenses: +- sources: LICENSE.md + text: | + The MIT License + + Copyright 2008 -- 2021 by Mike Dalessio, Aaron Patterson, Yoko Harada, Akinori MUSHA, John Shahid, Karol Bucek, Sam Ruby, Craig Barnes, Stephen Checkoway, Lars Kanis, Sergio Arbeo, Timothy Elliott, Nobuyoshi Nakada, Charles Nutter, Patrick Mahoney. + + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: LICENSE-DEPENDENCIES.md + text: "# Vendored Dependency Licenses\n\nNokogiri ships with some third party dependencies, + which are listed here along with their licenses.\n\nNote that this document is + broken into multiple sections, each of which describes the dependencies of a different + \"platform release\" of Nokogiri.\n\n\n\n\n\n- [Platform Releases](#platform-releases)\n * [Default + platform release (\"ruby\")](#default-platform-release-ruby)\n * [Native LinuxⓇ + platform releases (\"x86_64-linux\" and \"arm64-linux\")](#native-linux%E2%93%A1-platform-releases-x86_64-linux-and-arm64-linux)\n + \ * [Native Darwin (macOSⓇ) platform releases (\"x86_64-darwin\" and \"arm64-darwin\")](#native-darwin-macos%E2%93%A1-platform-releases-x86_64-darwin-and-arm64-darwin)\n + \ * [Native WindowsⓇ platform releases (\"x86-mingw32\" and \"x64-mingw32\")](#native-windows%E2%93%A1-platform-releases-x86-mingw32-and-x64-mingw32)\n + \ * [JavaⓇ (JRuby) platform release (\"java\")](#java%E2%93%A1-jruby-platform-release-java)\n- + [Appendix: Dependencies' License Texts](#appendix-dependencies-license-texts)\n + \ * [libgumbo and nokogumbo](#libgumbo-and-nokogumbo)\n * [libxml2](#libxml2)\n + \ * [libxslt](#libxslt)\n * [zlib](#zlib)\n * [libiconv](#libiconv)\n * [isorelax](#isorelax)\n + \ * [jing](#jing)\n * [nekodtd](#nekodtd)\n * [nekohtml](#nekohtml)\n * [xalan](#xalan)\n + \ * [xerces](#xerces)\n * [xml-apis](#xml-apis)\n\n\n\nAnyone + consuming this file via license-tracking software should endeavor to understand + which gem file you're downloading and using, so as not to misinterpret the contents + of this file and the licenses of the software being distributed.\n\nYou can double-check + the dependencies in your gem file by examining the output of `nokogiri -v` after + installation, which will emit the complete set of libraries in use (for versions + `>= 1.11.0.rc4`).\n\nIn particular, I'm sure somebody's lawyer, somewhere, is + going to freak out that the LGPL appears in this file; and so I'd like to take + special note that the dependency covered by LGPL, `libiconv`, is only being redistributed + in the native Windows and native Darwin platform releases. It's not present in + default, JavaⓇ, or native LinuxⓇ releases.\n\n\n## Platform Releases\n\n### Default + platform release (\"ruby\")\n\nThe default platform release distributes the following + dependencies in source form:\n\n- [libxml2](#libxml2)\n- [libxslt](#libxslt)\n- + [libgumbo and nokogumbo](#libgumbo-and-nokogumbo)\n\nThis distribution can be + identified by inspecting the included Gem::Specification, which will have the + value \"ruby\" for its \"platform\" attribute.\n\n\n### Native LinuxⓇ platform + releases (\"x86_64-linux\" and \"arm64-linux\")\n\nThe native LinuxⓇ platform + release distributes the following dependencies in source form:\n\n- [libxml2](#libxml2)\n- + [libxslt](#libxslt)\n- [libgumbo and nokogumbo](#libgumbo-and-nokogumbo)\n- [zlib](#zlib)\n\nThis + distribution can be identified by inspecting the included Gem::Specification, + which will have a value similar to \"x86_64-linux\" or \"x86-linux\" for its \"platform.cpu\" + attribute.\n\n\n### Native Darwin (macOSⓇ) platform releases (\"x86_64-darwin\" + and \"arm64-darwin\")\n\nThe native Darwin platform release distributes the following + dependencies in source form:\n\n- [libxml2](#libxml2)\n- [libxslt](#libxslt)\n- + [libgumbo and nokogumbo](#libgumbo-and-nokogumbo)\n- [zlib](#zlib)\n- [libiconv](#libiconv)\n\nThis + distribution can be identified by inspecting the included Gem::Specification, + which will have a value similar to \"x86_64-darwin\" or \"arm64-darwin\" for its + \"platform.cpu\" attribute. Darwin is also known more familiarly as \"OSX\" or + \"macOSⓇ\" and is the operating system for many AppleⓇ computers.\n\n\n### Native + WindowsⓇ platform releases (\"x86-mingw32\" and \"x64-mingw32\")\n\nThe native + WindowsⓇ platform release distributes the following dependencies in source form:\n\n- + [libxml2](#libxml2)\n- [libxslt](#libxslt)\n- [libgumbo and nokogumbo](#libgumbo-and-nokogumbo)\n- + [zlib](#zlib)\n- [libiconv](#libiconv)\n\nThis distribution can be identified + by inspecting the included Gem::Specification, which will have a value similar + to \"x64-mingw32\" or \"x86-mingw32\" for its \"platform.cpu\" attribute.\n\n\n### + JavaⓇ (JRuby) platform release (\"java\")\n\nThe Java platform release distributes + the following dependencies as compiled jar files:\n\n- [isorelax](#isorelax)\n- + [jing](#jing)\n- [nekodtd](#nekodtd)\n- [nekohtml](#nekohtml)\n- [xalan](#xalan)\n- + [xerces](#xerces)\n- [xml-apis](#xml-apis)\n\nThis distribution can be identified + by inspecting the included Gem::Specification, which will have the value \"java\" + for its \"platform.os\" attribute.\n\n\n## Appendix: Dependencies' License Texts\n\nThis + section contains a subsection for each potentially-distributed dependency, which + includes the name of the license and the license text.\n\nPlease see previous + sections to understand which of these potential dependencies is actually distributed + in the gem file you're downloading and using.\n\n\n### libgumbo and nokogumbo\n\nApache + 2.0\n\nhttps://github.com/rubys/nokogumbo/blob/f6a7412/LICENSE.txt\n\n\n Apache + License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n + \ \n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n \n + \ 1. Definitions.\n \n \"License\" shall mean the terms and conditions + for use, reproduction,\n and distribution as defined by Sections 1 through + 9 of this document.\n \n \"Licensor\" shall mean the copyright owner + or entity authorized by\n the copyright owner that is granting the License.\n + \ \n \"Legal Entity\" shall mean the union of the acting entity and + all\n other entities that control, are controlled by, or are under common\n + \ control with that entity. For the purposes of this definition,\n \"control\" + means (i) the power, direct or indirect, to cause the\n direction or + management of such entity, whether by contract or\n otherwise, or (ii) + ownership of fifty percent (50%) or more of the\n outstanding shares, + or (iii) beneficial ownership of such entity.\n \n \"You\" (or \"Your\") + shall mean an individual or Legal Entity\n exercising permissions granted + by this License.\n \n \"Source\" form shall mean the preferred form + for making modifications,\n including but not limited to software source + code, documentation\n source, and configuration files.\n \n \"Object\" + form shall mean any form resulting from mechanical\n transformation or + translation of a Source form, including but\n not limited to compiled + object code, generated documentation,\n and conversions to other media + types.\n \n \"Work\" shall mean the work of authorship, whether in + Source or\n Object form, made available under the License, as indicated + by a\n copyright notice that is included in or attached to the work\n + \ (an example is provided in the Appendix below).\n \n \"Derivative + Works\" shall mean any work, whether in Source or Object\n form, that + is based on (or derived from) the Work and for which the\n editorial + revisions, annotations, elaborations, or other modifications\n represent, + as a whole, an original work of authorship. For the purposes\n of this + License, Derivative Works shall not include works that remain\n separable + from, or merely link (or bind by name) to the interfaces of,\n the Work + and Derivative Works thereof.\n \n \"Contribution\" shall mean any + work of authorship, including\n the original version of the Work and + any modifications or additions\n to that Work or Derivative Works thereof, + that is intentionally\n submitted to Licensor for inclusion in the Work + by the copyright owner\n or by an individual or Legal Entity authorized + to submit on behalf of\n the copyright owner. For the purposes of this + definition, \"submitted\"\n means any form of electronic, verbal, or + written communication sent\n to the Licensor or its representatives, + including but not limited to\n communication on electronic mailing lists, + source code control systems,\n and issue tracking systems that are managed + by, or on behalf of, the\n Licensor for the purpose of discussing and + improving the Work, but\n excluding communication that is conspicuously + marked or otherwise\n designated in writing by the copyright owner as + \"Not a Contribution.\"\n \n \"Contributor\" shall mean Licensor and + any individual or Legal Entity\n on behalf of whom a Contribution has + been received by Licensor and\n subsequently incorporated within the + Work.\n \n 2. Grant of Copyright License. Subject to the terms and conditions + of\n this License, each Contributor hereby grants to You a perpetual,\n + \ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright + license to reproduce, prepare Derivative Works of,\n publicly display, + publicly perform, sublicense, and distribute the\n Work and such Derivative + Works in Source or Object form.\n \n 3. Grant of Patent License. Subject + to the terms and conditions of\n this License, each Contributor hereby + grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, + irrevocable\n (except as stated in this section) patent license to make, + have made,\n use, offer to sell, sell, import, and otherwise transfer + the Work,\n where such license applies only to those patent claims licensable\n + \ by such Contributor that are necessarily infringed by their\n Contribution(s) + alone or by combination of their Contribution(s)\n with the Work to which + such Contribution(s) was submitted. If You\n institute patent litigation + against any entity (including a\n cross-claim or counterclaim in a lawsuit) + alleging that the Work\n or a Contribution incorporated within the Work + constitutes direct\n or contributory patent infringement, then any patent + licenses\n granted to You under this License for that Work shall terminate\n + \ as of the date such litigation is filed.\n \n 4. Redistribution. + You may reproduce and distribute copies of the\n Work or Derivative Works + thereof in any medium, with or without\n modifications, and in Source + or Object form, provided that You\n meet the following conditions:\n + \ \n (a) You must give any other recipients of the Work or\n Derivative + Works a copy of this License; and\n \n (b) You must cause any modified + files to carry prominent notices\n stating that You changed the files; + and\n \n (c) You must retain, in the Source form of any Derivative + Works\n that You distribute, all copyright, patent, trademark, and\n + \ attribution notices from the Source form of the Work,\n excluding + those notices that do not pertain to any part of\n the Derivative + Works; and\n \n (d) If the Work includes a \"NOTICE\" text file as + part of its\n distribution, then any Derivative Works that You distribute + must\n include a readable copy of the attribution notices contained\n + \ within such NOTICE file, excluding those notices that do not\n pertain + to any part of the Derivative Works, in at least one\n of the following + places: within a NOTICE text file distributed\n as part of the Derivative + Works; within the Source form or\n documentation, if provided along + with the Derivative Works; or,\n within a display generated by the + Derivative Works, if and\n wherever such third-party notices normally + appear. The contents\n of the NOTICE file are for informational purposes + only and\n do not modify the License. You may add Your own attribution\n + \ notices within Derivative Works that You distribute, alongside\n + \ or as an addendum to the NOTICE text from the Work, provided\n that + such additional attribution notices cannot be construed\n as modifying + the License.\n \n You may add Your own copyright statement to Your + modifications and\n may provide additional or different license terms + and conditions\n for use, reproduction, or distribution of Your modifications, + or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, + and distribution of the Work otherwise complies with\n the conditions + stated in this License.\n \n 5. Submission of Contributions. Unless You + explicitly state otherwise,\n any Contribution intentionally submitted + for inclusion in the Work\n by You to the Licensor shall be under the + terms and conditions of\n this License, without any additional terms + or conditions.\n Notwithstanding the above, nothing herein shall supersede + or modify\n the terms of any separate license agreement you may have + executed\n with Licensor regarding such Contributions.\n \n 6. + Trademarks. This License does not grant permission to use the trade\n names, + trademarks, service marks, or product names of the Licensor,\n except + as required for reasonable and customary use in describing the\n origin + of the Work and reproducing the content of the NOTICE file.\n \n 7. Disclaimer + of Warranty. Unless required by applicable law or\n agreed to in writing, + Licensor provides the Work (and each\n Contributor provides its Contributions) + on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or\n implied, including, without limitation, any warranties + or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining + the\n appropriateness of using or redistributing the Work and assume + any\n risks associated with Your exercise of permissions under this License.\n + \ \n 8. Limitation of Liability. In no event and under no legal theory,\n + \ whether in tort (including negligence), contract, or otherwise,\n unless + required by applicable law (such as deliberate and grossly\n negligent + acts) or agreed to in writing, shall any Contributor be\n liable to You + for damages, including any direct, indirect, special,\n incidental, or + consequential damages of any character arising as a\n result of this + License or out of the use or inability to use the\n Work (including but + not limited to damages for loss of goodwill,\n work stoppage, computer + failure or malfunction, or any and all\n other commercial damages or + losses), even if such Contributor\n has been advised of the possibility + of such damages.\n \n 9. Accepting Warranty or Additional Liability. + While redistributing\n the Work or Derivative Works thereof, You may + choose to offer,\n and charge a fee for, acceptance of support, warranty, + indemnity,\n or other liability obligations and/or rights consistent + with this\n License. However, in accepting such obligations, You may + act only\n on Your own behalf and on Your sole responsibility, not on + behalf\n of any other Contributor, and only if You agree to indemnify,\n + \ defend, and hold each Contributor harmless for any liability\n incurred + by, or claims asserted against, such Contributor by reason\n of your + accepting any such warranty or additional liability.\n \n END OF TERMS + AND CONDITIONS\n \n APPENDIX: How to apply the Apache License to your + work.\n \n To apply the Apache License to your work, attach the following\n + \ boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced + with your own identifying information. (Don't include\n the brackets!) + \ The text should be enclosed in the appropriate\n comment syntax for + the file format. We also recommend that a\n file or class name and description + of purpose be included on the\n same \"printed page\" as the copyright + notice for easier\n identification within third-party archives.\n \n + \ Copyright [yyyy] [name of copyright owner]\n \n Licensed under + the Apache License, Version 2.0 (the \"License\");\n you may not use this + file except in compliance with the License.\n You may obtain a copy of the + License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n + \ Unless required by applicable law or agreed to in writing, software\n distributed + under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied.\n See the License + for the specific language governing permissions and\n limitations under + the License.\n \n\n### libxml2\n\nMIT\n\nhttp://xmlsoft.org/\n\n Except + where otherwise noted in the source code (e.g. the files hash.c,\n list.c and + the trio files, which are covered by a similar licence but\n with different + Copyright notices) all the files are:\n \n Copyright (C) 1998-2012 Daniel + Veillard. All Rights Reserved.\n \n Permission is hereby granted, free + of charge, to any person obtaining a copy\n of this software and associated + documentation files (the \"Software\"), to deal\n in the Software without restriction, + including without limitation the rights\n to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell\n copies of the Software, and to permit + persons to whom the Software is fur-\n nished to do so, subject to the following + conditions:\n \n The above copyright notice and this permission notice shall + be included in\n all copies or substantial portions of the Software.\n \n + \ THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR\n IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FIT-\n NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + THE\n AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n + \ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n + \ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\n + \ THE SOFTWARE.\n \n\n### libxslt\n\nMIT\n\nhttp://xmlsoft.org/libxslt/\n\n + \ Licence for libxslt except libexslt\n ----------------------------------------------------------------------\n + \ Copyright (C) 2001-2002 Daniel Veillard. All Rights Reserved.\n \n Permission + is hereby granted, free of charge, to any person obtaining a copy\n of this + software and associated documentation files (the \"Software\"), to deal\n in + the Software without restriction, including without limitation the rights\n to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n copies + of the Software, and to permit persons to whom the Software is fur-\n nished + to do so, subject to the following conditions:\n \n The above copyright + notice and this permission notice shall be included in\n all copies or substantial + portions of the Software.\n \n THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT + WARRANTY OF ANY KIND, EXPRESS OR\n IMPLIED, INCLUDING BUT NOT LIMITED TO THE + WARRANTIES OF MERCHANTABILITY, FIT-\n NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + \ IN NO EVENT SHALL THE\n DANIEL VEILLARD BE LIABLE FOR ANY CLAIM, DAMAGES + OR OTHER LIABILITY, WHETHER\n IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CON-\n NECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE.\n \n Except as contained in this notice, the name + of Daniel Veillard shall not\n be used in advertising or otherwise to promote + the sale, use or other deal-\n ings in this Software without prior written + authorization from him.\n \n ----------------------------------------------------------------------\n + \ \n Licence for libexslt\n ----------------------------------------------------------------------\n + \ Copyright (C) 2001-2002 Thomas Broyer, Charlie Bozeman and Daniel Veillard.\n + \ All Rights Reserved.\n \n Permission is hereby granted, free of charge, + to any person obtaining a copy\n of this software and associated documentation + files (the \"Software\"), to deal\n in the Software without restriction, including + without limitation the rights\n to use, copy, modify, merge, publish, distribute, + sublicense, and/or sell\n copies of the Software, and to permit persons to + whom the Software is fur-\n nished to do so, subject to the following conditions:\n + \ \n The above copyright notice and this permission notice shall be included + in\n all copies or substantial portions of the Software.\n \n THE SOFTWARE + IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n IMPLIED, + INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-\n NESS + FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n AUTHORS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\n IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-\n NECTION WITH + THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n \n Except as + contained in this notice, the name of the authors shall not\n be used in advertising + or otherwise to promote the sale, use or other deal-\n ings in this Software + without prior written authorization from him.\n ----------------------------------------------------------------------\n + \ \n\n### zlib\n\nzlib license\n\nhttp://www.zlib.net/zlib_license.html\n\n + \ Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler\n \n This + software is provided 'as-is', without any express or implied\n warranty. + \ In no event will the authors be held liable for any damages\n arising from + the use of this software.\n \n Permission is granted to anyone to use + this software for any purpose,\n including commercial applications, and to + alter it and redistribute it\n freely, subject to the following restrictions:\n + \ \n 1. The origin of this software must not be misrepresented; you must + not\n claim that you wrote the original software. If you use this software\n + \ in a product, an acknowledgment in the product documentation would be\n + \ appreciated but is not required.\n 2. Altered source versions must + be plainly marked as such, and must not be\n misrepresented as being the + original software.\n 3. This notice may not be removed or altered from any + source distribution.\n \n Jean-loup Gailly Mark Adler\n jloup@gzip.org + \ madler@alumni.caltech.edu\n \n\n### libiconv\n\nLGPL\n\nhttps://www.gnu.org/software/libiconv/\n\n + \ \t\t GNU LIBRARY GENERAL PUBLIC LICENSE\n \t\t Version 2, June 1991\n + \ \n Copyright (C) 1991 Free Software Foundation, Inc.\n 51 Franklin + Street, Fifth Floor, Boston, MA 02110-1301, USA\n Everyone is permitted to + copy and distribute verbatim copies\n of this license document, but changing + it is not allowed.\n \n [This is the first released version of the library + GPL. It is\n numbered 2 because it goes with version 2 of the ordinary GPL.]\n + \ \n \t\t\t Preamble\n \n The licenses for most software are designed + to take away your\n freedom to share and change it. By contrast, the GNU General + Public\n Licenses are intended to guarantee your freedom to share and change\n + \ free software--to make sure the software is free for all its users.\n \n + \ This license, the Library General Public License, applies to some\n specially + designated Free Software Foundation software, and to any\n other libraries + whose authors decide to use it. You can use it for\n your libraries, too.\n + \ \n When we speak of free software, we are referring to freedom, not\n + \ price. Our General Public Licenses are designed to make sure that you\n have + the freedom to distribute copies of free software (and charge for\n this service + if you wish), that you receive source code or can get it\n if you want it, + that you can change the software or use pieces of it\n in new free programs; + and that you know you can do these things.\n \n To protect your rights, + we need to make restrictions that forbid\n anyone to deny you these rights + or to ask you to surrender the rights.\n These restrictions translate to certain + responsibilities for you if\n you distribute copies of the library, or if you + modify it.\n \n For example, if you distribute copies of the library, + whether gratis\n or for a fee, you must give the recipients all the rights + that we gave\n you. You must make sure that they, too, receive or can get + the source\n code. If you link a program with the library, you must provide\n + \ complete object files to the recipients so that they can relink them\n with + the library, after making changes to the library and recompiling\n it. And + you must show them these terms so they know their rights.\n \n Our method + of protecting your rights has two steps: (1) copyright\n the library, and (2) + offer you this license which gives you legal\n permission to copy, distribute + and/or modify the library.\n \n Also, for each distributor's protection, + we want to make certain\n that everyone understands that there is no warranty + for this free\n library. If the library is modified by someone else and passed + on, we\n want its recipients to know that what they have is not the original\n + \ version, so that any problems introduced by others will not reflect on\n the + original authors' reputations.\n \f\n Finally, any free program is threatened + constantly by software\n patents. We wish to avoid the danger that companies + distributing free\n software will individually obtain patent licenses, thus + in effect\n transforming the program into proprietary software. To prevent + this,\n we have made it clear that any patent must be licensed for everyone's\n + \ free use or not licensed at all.\n \n Most GNU software, including + some libraries, is covered by the ordinary\n GNU General Public License, which + was designed for utility programs. This\n license, the GNU Library General + Public License, applies to certain\n designated libraries. This license is + quite different from the ordinary\n one; be sure to read it in full, and don't + assume that anything in it is\n the same as in the ordinary license.\n \n + \ The reason we have a separate public license for some libraries is that\n + \ they blur the distinction we usually make between modifying or adding to a\n + \ program and simply using it. Linking a program with a library, without\n + \ changing the library, is in some sense simply using the library, and is\n + \ analogous to running a utility program or application program. However, in\n + \ a textual and legal sense, the linked executable is a combined work, a\n derivative + of the original library, and the ordinary General Public License\n treats it + as such.\n \n Because of this blurred distinction, using the ordinary + General\n Public License for libraries did not effectively promote software\n + \ sharing, because most developers did not use the libraries. We\n concluded + that weaker conditions might promote sharing better.\n \n However, unrestricted + linking of non-free programs would deprive the\n users of those programs of + all benefit from the free status of the\n libraries themselves. This Library + General Public License is intended to\n permit developers of non-free programs + to use free libraries, while\n preserving your freedom as a user of such programs + to change the free\n libraries that are incorporated in them. (We have not + seen how to achieve\n this as regards changes in header files, but we have + achieved it as regards\n changes in the actual functions of the Library.) The + hope is that this\n will lead to faster development of free libraries.\n \n + \ The precise terms and conditions for copying, distribution and\n modification + follow. Pay close attention to the difference between a\n \"work based on + the library\" and a \"work that uses the library\". The\n former contains + code derived from the library, while the latter only\n works together with + the library.\n \n Note that it is possible for a library to be covered + by the ordinary\n General Public License rather than by this special one.\n + \ \f\n \t\t GNU LIBRARY GENERAL PUBLIC LICENSE\n TERMS AND CONDITIONS + FOR COPYING, DISTRIBUTION AND MODIFICATION\n \n 0. This License Agreement + applies to any software library which\n contains a notice placed by the copyright + holder or other authorized\n party saying it may be distributed under the terms + of this Library\n General Public License (also called \"this License\"). Each + licensee is\n addressed as \"you\".\n \n A \"library\" means a collection + of software functions and/or data\n prepared so as to be conveniently linked + with application programs\n (which use some of those functions and data) to + form executables.\n \n The \"Library\", below, refers to any such software + library or work\n which has been distributed under these terms. A \"work based + on the\n Library\" means either the Library or any derivative work under\n + \ copyright law: that is to say, a work containing the Library or a\n portion + of it, either verbatim or with modifications and/or translated\n straightforwardly + into another language. (Hereinafter, translation is\n included without limitation + in the term \"modification\".)\n \n \"Source code\" for a work means the + preferred form of the work for\n making modifications to it. For a library, + complete source code means\n all the source code for all modules it contains, + plus any associated\n interface definition files, plus the scripts used to + control compilation\n and installation of the library.\n \n Activities + other than copying, distribution and modification are not\n covered by this + License; they are outside its scope. The act of\n running a program using + the Library is not restricted, and output from\n such a program is covered + only if its contents constitute a work based\n on the Library (independent + of the use of the Library in a tool for\n writing it). Whether that is true + depends on what the Library does\n and what the program that uses the Library + does.\n \n 1. You may copy and distribute verbatim copies of the Library's\n + \ complete source code as you receive it, in any medium, provided that\n you + conspicuously and appropriately publish on each copy an\n appropriate copyright + notice and disclaimer of warranty; keep intact\n all the notices that refer + to this License and to the absence of any\n warranty; and distribute a copy + of this License along with the\n Library.\n \n You may charge a fee + for the physical act of transferring a copy,\n and you may at your option offer + warranty protection in exchange for a\n fee.\n \f\n 2. You may modify + your copy or copies of the Library or any portion\n of it, thus forming a work + based on the Library, and copy and\n distribute such modifications or work + under the terms of Section 1\n above, provided that you also meet all of these + conditions:\n \n a) The modified work must itself be a software library.\n + \ \n b) You must cause the files modified to carry prominent notices\n + \ stating that you changed the files and the date of any change.\n \n + \ c) You must cause the whole of the work to be licensed at no\n charge + to all third parties under the terms of this License.\n \n d) If a facility + in the modified Library refers to a function or a\n table of data to be + supplied by an application program that uses\n the facility, other than + as an argument passed when the facility\n is invoked, then you must make + a good faith effort to ensure that,\n in the event an application does + not supply such function or\n table, the facility still operates, and performs + whatever part of\n its purpose remains meaningful.\n \n (For + example, a function in a library to compute square roots has\n a purpose + that is entirely well-defined independent of the\n application. Therefore, + Subsection 2d requires that any\n application-supplied function or table + used by this function must\n be optional: if the application does not supply + it, the square\n root function must still compute square roots.)\n \n + \ These requirements apply to the modified work as a whole. If\n identifiable + sections of that work are not derived from the Library,\n and can be reasonably + considered independent and separate works in\n themselves, then this License, + and its terms, do not apply to those\n sections when you distribute them as + separate works. But when you\n distribute the same sections as part of a whole + which is a work based\n on the Library, the distribution of the whole must + be on the terms of\n this License, whose permissions for other licensees extend + to the\n entire whole, and thus to each and every part regardless of who wrote\n + \ it.\n \n Thus, it is not the intent of this section to claim rights + or contest\n your rights to work written entirely by you; rather, the intent + is to\n exercise the right to control the distribution of derivative or\n collective + works based on the Library.\n \n In addition, mere aggregation of another + work not based on the Library\n with the Library (or with a work based on the + Library) on a volume of\n a storage or distribution medium does not bring the + other work under\n the scope of this License.\n \n 3. You may opt to + apply the terms of the ordinary GNU General Public\n License instead of this + License to a given copy of the Library. To do\n this, you must alter all the + notices that refer to this License, so\n that they refer to the ordinary GNU + General Public License, version 2,\n instead of to this License. (If a newer + version than version 2 of the\n ordinary GNU General Public License has appeared, + then you can specify\n that version instead if you wish.) Do not make any + other change in\n these notices.\n \f\n Once this change is made in + a given copy, it is irreversible for\n that copy, so the ordinary GNU General + Public License applies to all\n subsequent copies and derivative works made + from that copy.\n \n This option is useful when you wish to copy part + of the code of\n the Library into a program that is not a library.\n \n + \ 4. You may copy and distribute the Library (or a portion or\n derivative + of it, under Section 2) in object code or executable form\n under the terms + of Sections 1 and 2 above provided that you accompany\n it with the complete + corresponding machine-readable source code, which\n must be distributed under + the terms of Sections 1 and 2 above on a\n medium customarily used for software + interchange.\n \n If distribution of object code is made by offering access + to copy\n from a designated place, then offering equivalent access to copy + the\n source code from the same place satisfies the requirement to\n distribute + the source code, even though third parties are not\n compelled to copy the + source along with the object code.\n \n 5. A program that contains no + derivative of any portion of the\n Library, but is designed to work with the + Library by being compiled or\n linked with it, is called a \"work that uses + the Library\". Such a\n work, in isolation, is not a derivative work of the + Library, and\n therefore falls outside the scope of this License.\n \n However, + linking a \"work that uses the Library\" with the Library\n creates an executable + that is a derivative of the Library (because it\n contains portions of the + Library), rather than a \"work that uses the\n library\". The executable is + therefore covered by this License.\n Section 6 states terms for distribution + of such executables.\n \n When a \"work that uses the Library\" uses material + from a header file\n that is part of the Library, the object code for the work + may be a\n derivative work of the Library even though the source code is not.\n + \ Whether this is true is especially significant if the work can be\n linked + without the Library, or if the work is itself a library. The\n threshold for + this to be true is not precisely defined by law.\n \n If such an object + file uses only numerical parameters, data\n structure layouts and accessors, + and small macros and small inline\n functions (ten lines or less in length), + then the use of the object\n file is unrestricted, regardless of whether it + is legally a derivative\n work. (Executables containing this object code plus + portions of the\n Library will still fall under Section 6.)\n \n Otherwise, + if the work is a derivative of the Library, you may\n distribute the object + code for the work under the terms of Section 6.\n Any executables containing + that work also fall under Section 6,\n whether or not they are linked directly + with the Library itself.\n \f\n 6. As an exception to the Sections above, + you may also compile or\n link a \"work that uses the Library\" with the Library + to produce a\n work containing portions of the Library, and distribute that + work\n under terms of your choice, provided that the terms permit\n modification + of the work for the customer's own use and reverse\n engineering for debugging + such modifications.\n \n You must give prominent notice with each copy + of the work that the\n Library is used in it and that the Library and its use + are covered by\n this License. You must supply a copy of this License. If + the work\n during execution displays copyright notices, you must include the\n + \ copyright notice for the Library among them, as well as a reference\n directing + the user to the copy of this License. Also, you must do one\n of these things:\n + \ \n a) Accompany the work with the complete corresponding\n machine-readable + source code for the Library including whatever\n changes were used in the + work (which must be distributed under\n Sections 1 and 2 above); and, if + the work is an executable linked\n with the Library, with the complete + machine-readable \"work that\n uses the Library\", as object code and/or + source code, so that the\n user can modify the Library and then relink + to produce a modified\n executable containing the modified Library. (It + is understood\n that the user who changes the contents of definitions files + in the\n Library will not necessarily be able to recompile the application\n + \ to use the modified definitions.)\n \n b) Accompany the work + with a written offer, valid for at\n least three years, to give the same + user the materials\n specified in Subsection 6a, above, for a charge no + more\n than the cost of performing this distribution.\n \n c) + If distribution of the work is made by offering access to copy\n from a + designated place, offer equivalent access to copy the above\n specified + materials from the same place.\n \n d) Verify that the user has already + received a copy of these\n materials or that you have already sent this + user a copy.\n \n For an executable, the required form of the \"work that + uses the\n Library\" must include any data and utility programs needed for\n + \ reproducing the executable from it. However, as a special exception,\n the + source code distributed need not include anything that is normally\n distributed + (in either source or binary form) with the major\n components (compiler, kernel, + and so on) of the operating system on\n which the executable runs, unless that + component itself accompanies\n the executable.\n \n It may happen that + this requirement contradicts the license\n restrictions of other proprietary + libraries that do not normally\n accompany the operating system. Such a contradiction + means you cannot\n use both them and the Library together in an executable + that you\n distribute.\n \f\n 7. You may place library facilities that + are a work based on the\n Library side-by-side in a single library together + with other library\n facilities not covered by this License, and distribute + such a combined\n library, provided that the separate distribution of the work + based on\n the Library and of the other library facilities is otherwise\n permitted, + and provided that you do these two things:\n \n a) Accompany the combined + library with a copy of the same work\n based on the Library, uncombined + with any other library\n facilities. This must be distributed under the + terms of the\n Sections above.\n \n b) Give prominent notice + with the combined library of the fact\n that part of it is a work based + on the Library, and explaining\n where to find the accompanying uncombined + form of the same work.\n \n 8. You may not copy, modify, sublicense, link + with, or distribute\n the Library except as expressly provided under this License. + \ Any\n attempt otherwise to copy, modify, sublicense, link with, or\n distribute + the Library is void, and will automatically terminate your\n rights under this + License. However, parties who have received copies,\n or rights, from you + under this License will not have their licenses\n terminated so long as such + parties remain in full compliance.\n \n 9. You are not required to accept + this License, since you have not\n signed it. However, nothing else grants + you permission to modify or\n distribute the Library or its derivative works. + \ These actions are\n prohibited by law if you do not accept this License. + \ Therefore, by\n modifying or distributing the Library (or any work based + on the\n Library), you indicate your acceptance of this License to do so, and\n + \ all its terms and conditions for copying, distributing or modifying\n the + Library or works based on it.\n \n 10. Each time you redistribute the + Library (or any work based on the\n Library), the recipient automatically receives + a license from the\n original licensor to copy, distribute, link with or modify + the Library\n subject to these terms and conditions. You may not impose any + further\n restrictions on the recipients' exercise of the rights granted herein.\n + \ You are not responsible for enforcing compliance by third parties to\n this + License.\n \f\n 11. If, as a consequence of a court judgment or allegation + of patent\n infringement or for any other reason (not limited to patent issues),\n + \ conditions are imposed on you (whether by court order, agreement or\n otherwise) + that contradict the conditions of this License, they do not\n excuse you from + the conditions of this License. If you cannot\n distribute so as to satisfy + simultaneously your obligations under this\n License and any other pertinent + obligations, then as a consequence you\n may not distribute the Library at + all. For example, if a patent\n license would not permit royalty-free redistribution + of the Library by\n all those who receive copies directly or indirectly through + you, then\n the only way you could satisfy both it and this License would be + to\n refrain entirely from distribution of the Library.\n \n If any portion + of this section is held invalid or unenforceable under any\n particular circumstance, + the balance of the section is intended to apply,\n and the section as a whole + is intended to apply in other circumstances.\n \n It is not the purpose + of this section to induce you to infringe any\n patents or other property right + claims or to contest validity of any\n such claims; this section has the sole + purpose of protecting the\n integrity of the free software distribution system + which is\n implemented by public license practices. Many people have made\n + \ generous contributions to the wide range of software distributed\n through + that system in reliance on consistent application of that\n system; it is up + to the author/donor to decide if he or she is willing\n to distribute software + through any other system and a licensee cannot\n impose that choice.\n \n + \ This section is intended to make thoroughly clear what is believed to\n be + a consequence of the rest of this License.\n \n 12. If the distribution + and/or use of the Library is restricted in\n certain countries either by patents + or by copyrighted interfaces, the\n original copyright holder who places the + Library under this License may add\n an explicit geographical distribution + limitation excluding those countries,\n so that distribution is permitted only + in or among countries not thus\n excluded. In such case, this License incorporates + the limitation as if\n written in the body of this License.\n \n 13. + The Free Software Foundation may publish revised and/or new\n versions of the + Library General Public License from time to time.\n Such new versions will + be similar in spirit to the present version,\n but may differ in detail to + address new problems or concerns.\n \n Each version is given a distinguishing + version number. If the Library\n specifies a version number of this License + which applies to it and\n \"any later version\", you have the option of following + the terms and\n conditions either of that version or of any later version published + by\n the Free Software Foundation. If the Library does not specify a\n license + version number, you may choose any version ever published by\n the Free Software + Foundation.\n \f\n 14. If you wish to incorporate parts of the Library + into other free\n programs whose distribution conditions are incompatible with + these,\n write to the author to ask for permission. For software which is\n + \ copyrighted by the Free Software Foundation, write to the Free\n Software + Foundation; we sometimes make exceptions for this. Our\n decision will be + guided by the two goals of preserving the free status\n of all derivatives + of our free software and of promoting the sharing\n and reuse of software generally.\n + \ \n \t\t\t NO WARRANTY\n \n 15. BECAUSE THE LIBRARY IS LICENSED + FREE OF CHARGE, THERE IS NO\n WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED + BY APPLICABLE LAW.\n EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT + HOLDERS AND/OR\n OTHER PARTIES PROVIDE THE LIBRARY \"AS IS\" WITHOUT WARRANTY + OF ANY\n KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, + THE\n IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n + \ PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE\n LIBRARY + IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME\n THE COST OF + ALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n \n 16. IN NO EVENT UNLESS + REQUIRED BY APPLICABLE LAW OR AGREED TO IN\n WRITING WILL ANY COPYRIGHT HOLDER, + OR ANY OTHER PARTY WHO MAY MODIFY\n AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED + ABOVE, BE LIABLE TO YOU\n FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL + OR\n CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE\n + \ LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING\n RENDERED + INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A\n FAILURE OF THE + LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF\n SUCH HOLDER OR OTHER + PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH\n DAMAGES.\n \n \t\t + \ END OF TERMS AND CONDITIONS\n \f\n Appendix: How to Apply These + Terms to Your New Libraries\n \n If you develop a new library, and you + want it to be of the greatest\n possible use to the public, we recommend making + it free software that\n everyone can redistribute and change. You can do so + by permitting\n redistribution under these terms (or, alternatively, under + the terms of the\n ordinary General Public License).\n \n To apply + these terms, attach the following notices to the library. It is\n safest to + attach them to the start of each source file to most effectively\n convey the + exclusion of warranty; and each file should have at least the\n \"copyright\" + line and a pointer to where the full notice is found.\n \n \n Copyright + (C) \n \n This library is free software; you + can redistribute it and/or\n modify it under the terms of the GNU Library + General Public\n License as published by the Free Software Foundation; + either\n version 2 of the License, or (at your option) any later version.\n + \ \n This library is distributed in the hope that it will be useful,\n + \ but WITHOUT ANY WARRANTY; without even the implied warranty of\n MERCHANTABILITY + or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n Library General Public + License for more details.\n \n You should have received a copy of the + GNU Library General Public\n License along with this library; if not, write + to the Free\n Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston,\n MA 02110-1301, USA\n \n Also add information on how to + contact you by electronic and paper mail.\n \n You should also get your + employer (if you work as a programmer) or your\n school, if any, to sign a + \"copyright disclaimer\" for the library, if\n necessary. Here is a sample; + alter the names:\n \n Yoyodyne, Inc., hereby disclaims all copyright interest + in the\n library `Frob' (a library for tweaking knobs) written by James Random + Hacker.\n \n , 1 April 1990\n Ty Coon, President + of Vice\n \n That's all there is to it!\n\n\n### isorelax\n\nMIT\n\nhttp://iso-relax.sourceforge.net/\n\n + \ Copyright (c) 2001-2002, SourceForge ISO-RELAX Project (ASAMI\n Tomoharu, + Daisuke Okajima, Kohsuke Kawaguchi, and MURATA Makoto)\n \n Permission is + hereby granted, free of charge, to any person obtaining\n a copy of this software + and associated documentation files (the\n \"Software\"), to deal in the Software + without restriction, including\n without limitation the rights to use, copy, + modify, merge, publish,\n distribute, sublicense, and/or sell copies of the + Software, and to\n permit persons to whom the Software is furnished to do so, + subject to\n the following conditions:\n \n The above copyright notice + and this permission notice shall be\n included in all copies or substantial + portions of the Software.\n \n THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT + WARRANTY OF ANY KIND,\n EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE + WARRANTIES OF\n MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\n NONINFRINGEMENT. + IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\n LIABLE FOR ANY CLAIM, + DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\n OF CONTRACT, TORT OR OTHERWISE, + ARISING FROM, OUT OF OR IN CONNECTION\n WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE.\n\n\n### jing\n\nBSD-3-Clause\n\nhttp://www.thaiopensource.com/relaxng/jing.html\n\n + \ Copyright (c) 2001-2003 Thai Open Source Software Center Ltd\n All rights + reserved.\n \n Redistribution and use in source and binary forms, with or + without\n modification, are permitted provided that the following conditions\n + \ are met:\n \n * Redistributions of source code must retain the above + copyright\n notice, this list of conditions and the following disclaimer.\n + \ \n * Redistributions in binary form must reproduce the above\n copyright + notice, this list of conditions and the following\n disclaimer in the documentation + and/or other materials provided\n with the distribution.\n \n * Neither + the name of the Thai Open Source Software Center Ltd nor\n the names of its + contributors may be used to endorse or promote\n products derived from this + software without specific prior\n written permission.\n \n THIS SOFTWARE + IS PROVIDED BY THE COPYRIGHT HOLDERS AND\n CONTRIBUTORS \"AS IS\" AND ANY EXPRESS + OR IMPLIED WARRANTIES,\n INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n DISCLAIMED. + IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE\n LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY,\n OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO,\n PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR\n PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n THEORY + OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR\n TORT (INCLUDING NEGLIGENCE + OR OTHERWISE) ARISING IN ANY WAY OUT OF\n THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF\n SUCH DAMAGE.\n\n \n### nekodtd\n\nApache + 1.0-derived\n\nhttps://people.apache.org/~andyc/neko/doc/dtd/\n\n The CyberNeko + Software License, Version 1.0\n \n (C) Copyright 2002-2005, Andy Clark. + \ All rights reserved.\n \n Redistribution and use in source and binary + forms, with or without\n modification, are permitted provided that the following + conditions\n are met:\n \n 1. Redistributions of source code must retain + the above copyright\n notice, this list of conditions and the following + disclaimer. \n \n 2. Redistributions in binary form must reproduce the above + copyright\n notice, this list of conditions and the following disclaimer + in\n the documentation and/or other materials provided with the\n distribution.\n + \ \n 3. The end-user documentation included with the redistribution,\n if + any, must include the following acknowledgment: \n \"This product includes + software developed by Andy Clark.\"\n Alternately, this acknowledgment may + appear in the software itself,\n if and wherever such third-party acknowledgments + normally appear.\n \n 4. The names \"CyberNeko\" and \"NekoHTML\" must not + be used to endorse\n or promote products derived from this software without + prior \n written permission. For written permission, please contact \n andyc@cyberneko.net.\n + \ \n 5. Products derived from this software may not be called \"CyberNeko\",\n + \ nor may \"CyberNeko\" appear in their name, without prior written\n permission + of the author.\n \n THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED + OR IMPLIED\n WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n + \ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\n DISCLAIMED. + \ IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\n BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \n OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT \n OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + USE, DATA, OR PROFITS; OR \n BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, \n WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE \n OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + \n EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n \n ====================================================================\n + \ \n This license is based on the Apache Software License, version 1.1.\n\n### + nekohtml\n\nApache 2.0\n\nhttp://nekohtml.sourceforge.net/\n\n \n Apache + License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n + \ \n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n \n + \ 1. Definitions.\n \n \"License\" shall mean the terms and conditions + for use, reproduction,\n and distribution as defined by Sections 1 through + 9 of this document.\n \n \"Licensor\" shall mean the copyright owner + or entity authorized by\n the copyright owner that is granting the License.\n + \ \n \"Legal Entity\" shall mean the union of the acting entity and + all\n other entities that control, are controlled by, or are under common\n + \ control with that entity. For the purposes of this definition,\n \"control\" + means (i) the power, direct or indirect, to cause the\n direction or + management of such entity, whether by contract or\n otherwise, or (ii) + ownership of fifty percent (50%) or more of the\n outstanding shares, + or (iii) beneficial ownership of such entity.\n \n \"You\" (or \"Your\") + shall mean an individual or Legal Entity\n exercising permissions granted + by this License.\n \n \"Source\" form shall mean the preferred form + for making modifications,\n including but not limited to software source + code, documentation\n source, and configuration files.\n \n \"Object\" + form shall mean any form resulting from mechanical\n transformation or + translation of a Source form, including but\n not limited to compiled + object code, generated documentation,\n and conversions to other media + types.\n \n \"Work\" shall mean the work of authorship, whether in + Source or\n Object form, made available under the License, as indicated + by a\n copyright notice that is included in or attached to the work\n + \ (an example is provided in the Appendix below).\n \n \"Derivative + Works\" shall mean any work, whether in Source or Object\n form, that + is based on (or derived from) the Work and for which the\n editorial + revisions, annotations, elaborations, or other modifications\n represent, + as a whole, an original work of authorship. For the purposes\n of this + License, Derivative Works shall not include works that remain\n separable + from, or merely link (or bind by name) to the interfaces of,\n the Work + and Derivative Works thereof.\n \n \"Contribution\" shall mean any + work of authorship, including\n the original version of the Work and + any modifications or additions\n to that Work or Derivative Works thereof, + that is intentionally\n submitted to Licensor for inclusion in the Work + by the copyright owner\n or by an individual or Legal Entity authorized + to submit on behalf of\n the copyright owner. For the purposes of this + definition, \"submitted\"\n means any form of electronic, verbal, or + written communication sent\n to the Licensor or its representatives, + including but not limited to\n communication on electronic mailing lists, + source code control systems,\n and issue tracking systems that are managed + by, or on behalf of, the\n Licensor for the purpose of discussing and + improving the Work, but\n excluding communication that is conspicuously + marked or otherwise\n designated in writing by the copyright owner as + \"Not a Contribution.\"\n \n \"Contributor\" shall mean Licensor and + any individual or Legal Entity\n on behalf of whom a Contribution has + been received by Licensor and\n subsequently incorporated within the + Work.\n \n 2. Grant of Copyright License. Subject to the terms and conditions + of\n this License, each Contributor hereby grants to You a perpetual,\n + \ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright + license to reproduce, prepare Derivative Works of,\n publicly display, + publicly perform, sublicense, and distribute the\n Work and such Derivative + Works in Source or Object form.\n \n 3. Grant of Patent License. Subject + to the terms and conditions of\n this License, each Contributor hereby + grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, + irrevocable\n (except as stated in this section) patent license to make, + have made,\n use, offer to sell, sell, import, and otherwise transfer + the Work,\n where such license applies only to those patent claims licensable\n + \ by such Contributor that are necessarily infringed by their\n Contribution(s) + alone or by combination of their Contribution(s)\n with the Work to which + such Contribution(s) was submitted. If You\n institute patent litigation + against any entity (including a\n cross-claim or counterclaim in a lawsuit) + alleging that the Work\n or a Contribution incorporated within the Work + constitutes direct\n or contributory patent infringement, then any patent + licenses\n granted to You under this License for that Work shall terminate\n + \ as of the date such litigation is filed.\n \n 4. Redistribution. + You may reproduce and distribute copies of the\n Work or Derivative Works + thereof in any medium, with or without\n modifications, and in Source + or Object form, provided that You\n meet the following conditions:\n + \ \n (a) You must give any other recipients of the Work or\n Derivative + Works a copy of this License; and\n \n (b) You must cause any modified + files to carry prominent notices\n stating that You changed the files; + and\n \n (c) You must retain, in the Source form of any Derivative + Works\n that You distribute, all copyright, patent, trademark, and\n + \ attribution notices from the Source form of the Work,\n excluding + those notices that do not pertain to any part of\n the Derivative + Works; and\n \n (d) If the Work includes a \"NOTICE\" text file as + part of its\n distribution, then any Derivative Works that You distribute + must\n include a readable copy of the attribution notices contained\n + \ within such NOTICE file, excluding those notices that do not\n pertain + to any part of the Derivative Works, in at least one\n of the following + places: within a NOTICE text file distributed\n as part of the Derivative + Works; within the Source form or\n documentation, if provided along + with the Derivative Works; or,\n within a display generated by the + Derivative Works, if and\n wherever such third-party notices normally + appear. The contents\n of the NOTICE file are for informational purposes + only and\n do not modify the License. You may add Your own attribution\n + \ notices within Derivative Works that You distribute, alongside\n + \ or as an addendum to the NOTICE text from the Work, provided\n that + such additional attribution notices cannot be construed\n as modifying + the License.\n \n You may add Your own copyright statement to Your + modifications and\n may provide additional or different license terms + and conditions\n for use, reproduction, or distribution of Your modifications, + or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, + and distribution of the Work otherwise complies with\n the conditions + stated in this License.\n \n 5. Submission of Contributions. Unless You + explicitly state otherwise,\n any Contribution intentionally submitted + for inclusion in the Work\n by You to the Licensor shall be under the + terms and conditions of\n this License, without any additional terms + or conditions.\n Notwithstanding the above, nothing herein shall supersede + or modify\n the terms of any separate license agreement you may have + executed\n with Licensor regarding such Contributions.\n \n 6. + Trademarks. This License does not grant permission to use the trade\n names, + trademarks, service marks, or product names of the Licensor,\n except + as required for reasonable and customary use in describing the\n origin + of the Work and reproducing the content of the NOTICE file.\n \n 7. Disclaimer + of Warranty. Unless required by applicable law or\n agreed to in writing, + Licensor provides the Work (and each\n Contributor provides its Contributions) + on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or\n implied, including, without limitation, any warranties + or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining + the\n appropriateness of using or redistributing the Work and assume + any\n risks associated with Your exercise of permissions under this License.\n + \ \n 8. Limitation of Liability. In no event and under no legal theory,\n + \ whether in tort (including negligence), contract, or otherwise,\n unless + required by applicable law (such as deliberate and grossly\n negligent + acts) or agreed to in writing, shall any Contributor be\n liable to You + for damages, including any direct, indirect, special,\n incidental, or + consequential damages of any character arising as a\n result of this + License or out of the use or inability to use the\n Work (including but + not limited to damages for loss of goodwill,\n work stoppage, computer + failure or malfunction, or any and all\n other commercial damages or + losses), even if such Contributor\n has been advised of the possibility + of such damages.\n \n 9. Accepting Warranty or Additional Liability. + While redistributing\n the Work or Derivative Works thereof, You may + choose to offer,\n and charge a fee for, acceptance of support, warranty, + indemnity,\n or other liability obligations and/or rights consistent + with this\n License. However, in accepting such obligations, You may + act only\n on Your own behalf and on Your sole responsibility, not on + behalf\n of any other Contributor, and only if You agree to indemnify,\n + \ defend, and hold each Contributor harmless for any liability\n incurred + by, or claims asserted against, such Contributor by reason\n of your + accepting any such warranty or additional liability.\n \n END OF TERMS + AND CONDITIONS\n \n APPENDIX: How to apply the Apache License to your + work.\n \n To apply the Apache License to your work, attach the following\n + \ boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced + with your own identifying information. (Don't include\n the brackets!) + \ The text should be enclosed in the appropriate\n comment syntax for + the file format. We also recommend that a\n file or class name and description + of purpose be included on the\n same \"printed page\" as the copyright + notice for easier\n identification within third-party archives.\n \n + \ Copyright [yyyy] [name of copyright owner]\n \n Licensed under + the Apache License, Version 2.0 (the \"License\");\n you may not use this + file except in compliance with the License.\n You may obtain a copy of the + License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n + \ Unless required by applicable law or agreed to in writing, software\n distributed + under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied.\n See the License + for the specific language governing permissions and\n limitations under + the License.\n\n### xalan\n\nApache 2.0\n\nhttps://xml.apache.org/xalan-j/\n\ncovers + xalan.jar and serializer.jar\n\n Apache License\n + \ Version 2.0, January 2004\n http://www.apache.org/licenses/\n + \ \n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n \n + \ 1. Definitions.\n \n \"License\" shall mean the terms and conditions + for use, reproduction,\n and distribution as defined by Sections 1 through + 9 of this document.\n \n \"Licensor\" shall mean the copyright owner + or entity authorized by\n the copyright owner that is granting the License.\n + \ \n \"Legal Entity\" shall mean the union of the acting entity and + all\n other entities that control, are controlled by, or are under common\n + \ control with that entity. For the purposes of this definition,\n \"control\" + means (i) the power, direct or indirect, to cause the\n direction or + management of such entity, whether by contract or\n otherwise, or (ii) + ownership of fifty percent (50%) or more of the\n outstanding shares, + or (iii) beneficial ownership of such entity.\n \n \"You\" (or \"Your\") + shall mean an individual or Legal Entity\n exercising permissions granted + by this License.\n \n \"Source\" form shall mean the preferred form + for making modifications,\n including but not limited to software source + code, documentation\n source, and configuration files.\n \n \"Object\" + form shall mean any form resulting from mechanical\n transformation or + translation of a Source form, including but\n not limited to compiled + object code, generated documentation,\n and conversions to other media + types.\n \n \"Work\" shall mean the work of authorship, whether in + Source or\n Object form, made available under the License, as indicated + by a\n copyright notice that is included in or attached to the work\n + \ (an example is provided in the Appendix below).\n \n \"Derivative + Works\" shall mean any work, whether in Source or Object\n form, that + is based on (or derived from) the Work and for which the\n editorial + revisions, annotations, elaborations, or other modifications\n represent, + as a whole, an original work of authorship. For the purposes\n of this + License, Derivative Works shall not include works that remain\n separable + from, or merely link (or bind by name) to the interfaces of,\n the Work + and Derivative Works thereof.\n \n \"Contribution\" shall mean any + work of authorship, including\n the original version of the Work and + any modifications or additions\n to that Work or Derivative Works thereof, + that is intentionally\n submitted to Licensor for inclusion in the Work + by the copyright owner\n or by an individual or Legal Entity authorized + to submit on behalf of\n the copyright owner. For the purposes of this + definition, \"submitted\"\n means any form of electronic, verbal, or + written communication sent\n to the Licensor or its representatives, + including but not limited to\n communication on electronic mailing lists, + source code control systems,\n and issue tracking systems that are managed + by, or on behalf of, the\n Licensor for the purpose of discussing and + improving the Work, but\n excluding communication that is conspicuously + marked or otherwise\n designated in writing by the copyright owner as + \"Not a Contribution.\"\n \n \"Contributor\" shall mean Licensor and + any individual or Legal Entity\n on behalf of whom a Contribution has + been received by Licensor and\n subsequently incorporated within the + Work.\n \n 2. Grant of Copyright License. Subject to the terms and conditions + of\n this License, each Contributor hereby grants to You a perpetual,\n + \ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright + license to reproduce, prepare Derivative Works of,\n publicly display, + publicly perform, sublicense, and distribute the\n Work and such Derivative + Works in Source or Object form.\n \n 3. Grant of Patent License. Subject + to the terms and conditions of\n this License, each Contributor hereby + grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, + irrevocable\n (except as stated in this section) patent license to make, + have made,\n use, offer to sell, sell, import, and otherwise transfer + the Work,\n where such license applies only to those patent claims licensable\n + \ by such Contributor that are necessarily infringed by their\n Contribution(s) + alone or by combination of their Contribution(s)\n with the Work to which + such Contribution(s) was submitted. If You\n institute patent litigation + against any entity (including a\n cross-claim or counterclaim in a lawsuit) + alleging that the Work\n or a Contribution incorporated within the Work + constitutes direct\n or contributory patent infringement, then any patent + licenses\n granted to You under this License for that Work shall terminate\n + \ as of the date such litigation is filed.\n \n 4. Redistribution. + You may reproduce and distribute copies of the\n Work or Derivative Works + thereof in any medium, with or without\n modifications, and in Source + or Object form, provided that You\n meet the following conditions:\n + \ \n (a) You must give any other recipients of the Work or\n Derivative + Works a copy of this License; and\n \n (b) You must cause any modified + files to carry prominent notices\n stating that You changed the files; + and\n \n (c) You must retain, in the Source form of any Derivative + Works\n that You distribute, all copyright, patent, trademark, and\n + \ attribution notices from the Source form of the Work,\n excluding + those notices that do not pertain to any part of\n the Derivative + Works; and\n \n (d) If the Work includes a \"NOTICE\" text file as + part of its\n distribution, then any Derivative Works that You distribute + must\n include a readable copy of the attribution notices contained\n + \ within such NOTICE file, excluding those notices that do not\n pertain + to any part of the Derivative Works, in at least one\n of the following + places: within a NOTICE text file distributed\n as part of the Derivative + Works; within the Source form or\n documentation, if provided along + with the Derivative Works; or,\n within a display generated by the + Derivative Works, if and\n wherever such third-party notices normally + appear. The contents\n of the NOTICE file are for informational purposes + only and\n do not modify the License. You may add Your own attribution\n + \ notices within Derivative Works that You distribute, alongside\n + \ or as an addendum to the NOTICE text from the Work, provided\n that + such additional attribution notices cannot be construed\n as modifying + the License.\n \n You may add Your own copyright statement to Your + modifications and\n may provide additional or different license terms + and conditions\n for use, reproduction, or distribution of Your modifications, + or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, + and distribution of the Work otherwise complies with\n the conditions + stated in this License.\n \n 5. Submission of Contributions. Unless You + explicitly state otherwise,\n any Contribution intentionally submitted + for inclusion in the Work\n by You to the Licensor shall be under the + terms and conditions of\n this License, without any additional terms + or conditions.\n Notwithstanding the above, nothing herein shall supersede + or modify\n the terms of any separate license agreement you may have + executed\n with Licensor regarding such Contributions.\n \n 6. + Trademarks. This License does not grant permission to use the trade\n names, + trademarks, service marks, or product names of the Licensor,\n except + as required for reasonable and customary use in describing the\n origin + of the Work and reproducing the content of the NOTICE file.\n \n 7. Disclaimer + of Warranty. Unless required by applicable law or\n agreed to in writing, + Licensor provides the Work (and each\n Contributor provides its Contributions) + on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or\n implied, including, without limitation, any warranties + or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining + the\n appropriateness of using or redistributing the Work and assume + any\n risks associated with Your exercise of permissions under this License.\n + \ \n 8. Limitation of Liability. In no event and under no legal theory,\n + \ whether in tort (including negligence), contract, or otherwise,\n unless + required by applicable law (such as deliberate and grossly\n negligent + acts) or agreed to in writing, shall any Contributor be\n liable to You + for damages, including any direct, indirect, special,\n incidental, or + consequential damages of any character arising as a\n result of this + License or out of the use or inability to use the\n Work (including but + not limited to damages for loss of goodwill,\n work stoppage, computer + failure or malfunction, or any and all\n other commercial damages or + losses), even if such Contributor\n has been advised of the possibility + of such damages.\n \n 9. Accepting Warranty or Additional Liability. + While redistributing\n the Work or Derivative Works thereof, You may + choose to offer,\n and charge a fee for, acceptance of support, warranty, + indemnity,\n or other liability obligations and/or rights consistent + with this\n License. However, in accepting such obligations, You may + act only\n on Your own behalf and on Your sole responsibility, not on + behalf\n of any other Contributor, and only if You agree to indemnify,\n + \ defend, and hold each Contributor harmless for any liability\n incurred + by, or claims asserted against, such Contributor by reason\n of your + accepting any such warranty or additional liability.\n \n END OF TERMS + AND CONDITIONS\n \n APPENDIX: How to apply the Apache License to your + work.\n \n To apply the Apache License to your work, attach the following\n + \ boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced + with your own identifying information. (Don't include\n the brackets!) + \ The text should be enclosed in the appropriate\n comment syntax for + the file format. We also recommend that a\n file or class name and description + of purpose be included on the\n same \"printed page\" as the copyright + notice for easier\n identification within third-party archives.\n \n + \ Copyright [yyyy] [name of copyright owner]\n \n Licensed under + the Apache License, Version 2.0 (the \"License\");\n you may not use this + file except in compliance with the License.\n You may obtain a copy of the + License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n + \ Unless required by applicable law or agreed to in writing, software\n distributed + under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied.\n See the License + for the specific language governing permissions and\n limitations under + the License.\n \n\n### xerces\n\nApache 2.0\n\nhttps://xerces.apache.org/xerces2-j/\n\n + \ \n Apache License\n Version + 2.0, January 2004\n http://www.apache.org/licenses/\n + \ \n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n \n + \ 1. Definitions.\n \n \"License\" shall mean the terms and conditions + for use, reproduction,\n and distribution as defined by Sections 1 through + 9 of this document.\n \n \"Licensor\" shall mean the copyright owner + or entity authorized by\n the copyright owner that is granting the License.\n + \ \n \"Legal Entity\" shall mean the union of the acting entity and + all\n other entities that control, are controlled by, or are under common\n + \ control with that entity. For the purposes of this definition,\n \"control\" + means (i) the power, direct or indirect, to cause the\n direction or + management of such entity, whether by contract or\n otherwise, or (ii) + ownership of fifty percent (50%) or more of the\n outstanding shares, + or (iii) beneficial ownership of such entity.\n \n \"You\" (or \"Your\") + shall mean an individual or Legal Entity\n exercising permissions granted + by this License.\n \n \"Source\" form shall mean the preferred form + for making modifications,\n including but not limited to software source + code, documentation\n source, and configuration files.\n \n \"Object\" + form shall mean any form resulting from mechanical\n transformation or + translation of a Source form, including but\n not limited to compiled + object code, generated documentation,\n and conversions to other media + types.\n \n \"Work\" shall mean the work of authorship, whether in + Source or\n Object form, made available under the License, as indicated + by a\n copyright notice that is included in or attached to the work\n + \ (an example is provided in the Appendix below).\n \n \"Derivative + Works\" shall mean any work, whether in Source or Object\n form, that + is based on (or derived from) the Work and for which the\n editorial + revisions, annotations, elaborations, or other modifications\n represent, + as a whole, an original work of authorship. For the purposes\n of this + License, Derivative Works shall not include works that remain\n separable + from, or merely link (or bind by name) to the interfaces of,\n the Work + and Derivative Works thereof.\n \n \"Contribution\" shall mean any + work of authorship, including\n the original version of the Work and + any modifications or additions\n to that Work or Derivative Works thereof, + that is intentionally\n submitted to Licensor for inclusion in the Work + by the copyright owner\n or by an individual or Legal Entity authorized + to submit on behalf of\n the copyright owner. For the purposes of this + definition, \"submitted\"\n means any form of electronic, verbal, or + written communication sent\n to the Licensor or its representatives, + including but not limited to\n communication on electronic mailing lists, + source code control systems,\n and issue tracking systems that are managed + by, or on behalf of, the\n Licensor for the purpose of discussing and + improving the Work, but\n excluding communication that is conspicuously + marked or otherwise\n designated in writing by the copyright owner as + \"Not a Contribution.\"\n \n \"Contributor\" shall mean Licensor and + any individual or Legal Entity\n on behalf of whom a Contribution has + been received by Licensor and\n subsequently incorporated within the + Work.\n \n 2. Grant of Copyright License. Subject to the terms and conditions + of\n this License, each Contributor hereby grants to You a perpetual,\n + \ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright + license to reproduce, prepare Derivative Works of,\n publicly display, + publicly perform, sublicense, and distribute the\n Work and such Derivative + Works in Source or Object form.\n \n 3. Grant of Patent License. Subject + to the terms and conditions of\n this License, each Contributor hereby + grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, + irrevocable\n (except as stated in this section) patent license to make, + have made,\n use, offer to sell, sell, import, and otherwise transfer + the Work,\n where such license applies only to those patent claims licensable\n + \ by such Contributor that are necessarily infringed by their\n Contribution(s) + alone or by combination of their Contribution(s)\n with the Work to which + such Contribution(s) was submitted. If You\n institute patent litigation + against any entity (including a\n cross-claim or counterclaim in a lawsuit) + alleging that the Work\n or a Contribution incorporated within the Work + constitutes direct\n or contributory patent infringement, then any patent + licenses\n granted to You under this License for that Work shall terminate\n + \ as of the date such litigation is filed.\n \n 4. Redistribution. + You may reproduce and distribute copies of the\n Work or Derivative Works + thereof in any medium, with or without\n modifications, and in Source + or Object form, provided that You\n meet the following conditions:\n + \ \n (a) You must give any other recipients of the Work or\n Derivative + Works a copy of this License; and\n \n (b) You must cause any modified + files to carry prominent notices\n stating that You changed the files; + and\n \n (c) You must retain, in the Source form of any Derivative + Works\n that You distribute, all copyright, patent, trademark, and\n + \ attribution notices from the Source form of the Work,\n excluding + those notices that do not pertain to any part of\n the Derivative + Works; and\n \n (d) If the Work includes a \"NOTICE\" text file as + part of its\n distribution, then any Derivative Works that You distribute + must\n include a readable copy of the attribution notices contained\n + \ within such NOTICE file, excluding those notices that do not\n pertain + to any part of the Derivative Works, in at least one\n of the following + places: within a NOTICE text file distributed\n as part of the Derivative + Works; within the Source form or\n documentation, if provided along + with the Derivative Works; or,\n within a display generated by the + Derivative Works, if and\n wherever such third-party notices normally + appear. The contents\n of the NOTICE file are for informational purposes + only and\n do not modify the License. You may add Your own attribution\n + \ notices within Derivative Works that You distribute, alongside\n + \ or as an addendum to the NOTICE text from the Work, provided\n that + such additional attribution notices cannot be construed\n as modifying + the License.\n \n You may add Your own copyright statement to Your + modifications and\n may provide additional or different license terms + and conditions\n for use, reproduction, or distribution of Your modifications, + or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, + and distribution of the Work otherwise complies with\n the conditions + stated in this License.\n \n 5. Submission of Contributions. Unless You + explicitly state otherwise,\n any Contribution intentionally submitted + for inclusion in the Work\n by You to the Licensor shall be under the + terms and conditions of\n this License, without any additional terms + or conditions.\n Notwithstanding the above, nothing herein shall supersede + or modify\n the terms of any separate license agreement you may have + executed\n with Licensor regarding such Contributions.\n \n 6. + Trademarks. This License does not grant permission to use the trade\n names, + trademarks, service marks, or product names of the Licensor,\n except + as required for reasonable and customary use in describing the\n origin + of the Work and reproducing the content of the NOTICE file.\n \n 7. Disclaimer + of Warranty. Unless required by applicable law or\n agreed to in writing, + Licensor provides the Work (and each\n Contributor provides its Contributions) + on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or\n implied, including, without limitation, any warranties + or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining + the\n appropriateness of using or redistributing the Work and assume + any\n risks associated with Your exercise of permissions under this License.\n + \ \n 8. Limitation of Liability. In no event and under no legal theory,\n + \ whether in tort (including negligence), contract, or otherwise,\n unless + required by applicable law (such as deliberate and grossly\n negligent + acts) or agreed to in writing, shall any Contributor be\n liable to You + for damages, including any direct, indirect, special,\n incidental, or + consequential damages of any character arising as a\n result of this + License or out of the use or inability to use the\n Work (including but + not limited to damages for loss of goodwill,\n work stoppage, computer + failure or malfunction, or any and all\n other commercial damages or + losses), even if such Contributor\n has been advised of the possibility + of such damages.\n \n 9. Accepting Warranty or Additional Liability. + While redistributing\n the Work or Derivative Works thereof, You may + choose to offer,\n and charge a fee for, acceptance of support, warranty, + indemnity,\n or other liability obligations and/or rights consistent + with this\n License. However, in accepting such obligations, You may + act only\n on Your own behalf and on Your sole responsibility, not on + behalf\n of any other Contributor, and only if You agree to indemnify,\n + \ defend, and hold each Contributor harmless for any liability\n incurred + by, or claims asserted against, such Contributor by reason\n of your + accepting any such warranty or additional liability.\n \n END OF TERMS + AND CONDITIONS\n \n APPENDIX: How to apply the Apache License to your + work.\n \n To apply the Apache License to your work, attach the following\n + \ boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced + with your own identifying information. (Don't include\n the brackets!) + \ The text should be enclosed in the appropriate\n comment syntax for + the file format. We also recommend that a\n file or class name and description + of purpose be included on the\n same \"printed page\" as the copyright + notice for easier\n identification within third-party archives.\n \n + \ Copyright [yyyy] [name of copyright owner]\n \n Licensed under + the Apache License, Version 2.0 (the \"License\");\n you may not use this + file except in compliance with the License.\n You may obtain a copy of the + License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n + \ Unless required by applicable law or agreed to in writing, software\n distributed + under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied.\n See the License + for the specific language governing permissions and\n limitations under + the License.\n \n\n### xml-apis\n\nApache 2.0\n\nhttps://xerces.apache.org/xml-commons/\n\n + \ Unless otherwise noted all files in XML Commons are covered under the\n Apache + License Version 2.0. Please read the LICENSE and NOTICE files.\n \n XML + Commons contains some software and documentation that is covered\n under a + number of different licenses. This applies particularly to the\n xml-commons/java/external/ + directory. Most files under\n xml-commons/java/external/ are covered under + their respective\n LICENSE.*.txt files; see the matching README.*.txt files + for\n descriptions.\n\n \n Apache License\n + \ Version 2.0, January 2004\n http://www.apache.org/licenses/\n + \ \n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n \n + \ 1. Definitions.\n \n \"License\" shall mean the terms and conditions + for use, reproduction,\n and distribution as defined by Sections 1 through + 9 of this document.\n \n \"Licensor\" shall mean the copyright owner + or entity authorized by\n the copyright owner that is granting the License.\n + \ \n \"Legal Entity\" shall mean the union of the acting entity and + all\n other entities that control, are controlled by, or are under common\n + \ control with that entity. For the purposes of this definition,\n \"control\" + means (i) the power, direct or indirect, to cause the\n direction or + management of such entity, whether by contract or\n otherwise, or (ii) + ownership of fifty percent (50%) or more of the\n outstanding shares, + or (iii) beneficial ownership of such entity.\n \n \"You\" (or \"Your\") + shall mean an individual or Legal Entity\n exercising permissions granted + by this License.\n \n \"Source\" form shall mean the preferred form + for making modifications,\n including but not limited to software source + code, documentation\n source, and configuration files.\n \n \"Object\" + form shall mean any form resulting from mechanical\n transformation or + translation of a Source form, including but\n not limited to compiled + object code, generated documentation,\n and conversions to other media + types.\n \n \"Work\" shall mean the work of authorship, whether in + Source or\n Object form, made available under the License, as indicated + by a\n copyright notice that is included in or attached to the work\n + \ (an example is provided in the Appendix below).\n \n \"Derivative + Works\" shall mean any work, whether in Source or Object\n form, that + is based on (or derived from) the Work and for which the\n editorial + revisions, annotations, elaborations, or other modifications\n represent, + as a whole, an original work of authorship. For the purposes\n of this + License, Derivative Works shall not include works that remain\n separable + from, or merely link (or bind by name) to the interfaces of,\n the Work + and Derivative Works thereof.\n \n \"Contribution\" shall mean any + work of authorship, including\n the original version of the Work and + any modifications or additions\n to that Work or Derivative Works thereof, + that is intentionally\n submitted to Licensor for inclusion in the Work + by the copyright owner\n or by an individual or Legal Entity authorized + to submit on behalf of\n the copyright owner. For the purposes of this + definition, \"submitted\"\n means any form of electronic, verbal, or + written communication sent\n to the Licensor or its representatives, + including but not limited to\n communication on electronic mailing lists, + source code control systems,\n and issue tracking systems that are managed + by, or on behalf of, the\n Licensor for the purpose of discussing and + improving the Work, but\n excluding communication that is conspicuously + marked or otherwise\n designated in writing by the copyright owner as + \"Not a Contribution.\"\n \n \"Contributor\" shall mean Licensor and + any individual or Legal Entity\n on behalf of whom a Contribution has + been received by Licensor and\n subsequently incorporated within the + Work.\n \n 2. Grant of Copyright License. Subject to the terms and conditions + of\n this License, each Contributor hereby grants to You a perpetual,\n + \ worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright + license to reproduce, prepare Derivative Works of,\n publicly display, + publicly perform, sublicense, and distribute the\n Work and such Derivative + Works in Source or Object form.\n \n 3. Grant of Patent License. Subject + to the terms and conditions of\n this License, each Contributor hereby + grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, + irrevocable\n (except as stated in this section) patent license to make, + have made,\n use, offer to sell, sell, import, and otherwise transfer + the Work,\n where such license applies only to those patent claims licensable\n + \ by such Contributor that are necessarily infringed by their\n Contribution(s) + alone or by combination of their Contribution(s)\n with the Work to which + such Contribution(s) was submitted. If You\n institute patent litigation + against any entity (including a\n cross-claim or counterclaim in a lawsuit) + alleging that the Work\n or a Contribution incorporated within the Work + constitutes direct\n or contributory patent infringement, then any patent + licenses\n granted to You under this License for that Work shall terminate\n + \ as of the date such litigation is filed.\n \n 4. Redistribution. + You may reproduce and distribute copies of the\n Work or Derivative Works + thereof in any medium, with or without\n modifications, and in Source + or Object form, provided that You\n meet the following conditions:\n + \ \n (a) You must give any other recipients of the Work or\n Derivative + Works a copy of this License; and\n \n (b) You must cause any modified + files to carry prominent notices\n stating that You changed the files; + and\n \n (c) You must retain, in the Source form of any Derivative + Works\n that You distribute, all copyright, patent, trademark, and\n + \ attribution notices from the Source form of the Work,\n excluding + those notices that do not pertain to any part of\n the Derivative + Works; and\n \n (d) If the Work includes a \"NOTICE\" text file as + part of its\n distribution, then any Derivative Works that You distribute + must\n include a readable copy of the attribution notices contained\n + \ within such NOTICE file, excluding those notices that do not\n pertain + to any part of the Derivative Works, in at least one\n of the following + places: within a NOTICE text file distributed\n as part of the Derivative + Works; within the Source form or\n documentation, if provided along + with the Derivative Works; or,\n within a display generated by the + Derivative Works, if and\n wherever such third-party notices normally + appear. The contents\n of the NOTICE file are for informational purposes + only and\n do not modify the License. You may add Your own attribution\n + \ notices within Derivative Works that You distribute, alongside\n + \ or as an addendum to the NOTICE text from the Work, provided\n that + such additional attribution notices cannot be construed\n as modifying + the License.\n \n You may add Your own copyright statement to Your + modifications and\n may provide additional or different license terms + and conditions\n for use, reproduction, or distribution of Your modifications, + or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, + and distribution of the Work otherwise complies with\n the conditions + stated in this License.\n \n 5. Submission of Contributions. Unless You + explicitly state otherwise,\n any Contribution intentionally submitted + for inclusion in the Work\n by You to the Licensor shall be under the + terms and conditions of\n this License, without any additional terms + or conditions.\n Notwithstanding the above, nothing herein shall supersede + or modify\n the terms of any separate license agreement you may have + executed\n with Licensor regarding such Contributions.\n \n 6. + Trademarks. This License does not grant permission to use the trade\n names, + trademarks, service marks, or product names of the Licensor,\n except + as required for reasonable and customary use in describing the\n origin + of the Work and reproducing the content of the NOTICE file.\n \n 7. Disclaimer + of Warranty. Unless required by applicable law or\n agreed to in writing, + Licensor provides the Work (and each\n Contributor provides its Contributions) + on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + either express or\n implied, including, without limitation, any warranties + or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS + FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining + the\n appropriateness of using or redistributing the Work and assume + any\n risks associated with Your exercise of permissions under this License.\n + \ \n 8. Limitation of Liability. In no event and under no legal theory,\n + \ whether in tort (including negligence), contract, or otherwise,\n unless + required by applicable law (such as deliberate and grossly\n negligent + acts) or agreed to in writing, shall any Contributor be\n liable to You + for damages, including any direct, indirect, special,\n incidental, or + consequential damages of any character arising as a\n result of this + License or out of the use or inability to use the\n Work (including but + not limited to damages for loss of goodwill,\n work stoppage, computer + failure or malfunction, or any and all\n other commercial damages or + losses), even if such Contributor\n has been advised of the possibility + of such damages.\n \n 9. Accepting Warranty or Additional Liability. + While redistributing\n the Work or Derivative Works thereof, You may + choose to offer,\n and charge a fee for, acceptance of support, warranty, + indemnity,\n or other liability obligations and/or rights consistent + with this\n License. However, in accepting such obligations, You may + act only\n on Your own behalf and on Your sole responsibility, not on + behalf\n of any other Contributor, and only if You agree to indemnify,\n + \ defend, and hold each Contributor harmless for any liability\n incurred + by, or claims asserted against, such Contributor by reason\n of your + accepting any such warranty or additional liability.\n \n END OF TERMS + AND CONDITIONS\n \n APPENDIX: How to apply the Apache License to your + work.\n \n To apply the Apache License to your work, attach the following\n + \ boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced + with your own identifying information. (Don't include\n the brackets!) + \ The text should be enclosed in the appropriate\n comment syntax for + the file format. We also recommend that a\n file or class name and description + of purpose be included on the\n same \"printed page\" as the copyright + notice for easier\n identification within third-party archives.\n \n + \ Copyright [yyyy] [name of copyright owner]\n \n Licensed under + the Apache License, Version 2.0 (the \"License\");\n you may not use this + file except in compliance with the License.\n You may obtain a copy of the + License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n \n + \ Unless required by applicable law or agreed to in writing, software\n distributed + under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES + OR CONDITIONS OF ANY KIND, either express or implied.\n See the License + for the specific language governing permissions and\n limitations under + the License.\n" +- sources: README.md + text: |- + This project is licensed under the terms of the MIT license. + + See this license at [`LICENSE.md`](LICENSE.md). +notices: [] diff --git a/updater/licenses/bundler/octokit.dep.yml b/updater/licenses/bundler/octokit.dep.yml new file mode 100644 index 00000000000..44521d7168f --- /dev/null +++ b/updater/licenses/bundler/octokit.dep.yml @@ -0,0 +1,53 @@ +--- +name: octokit +version: 4.25.1 +type: bundler +summary: Ruby toolkit for working with the GitHub API +homepage: https://github.com/octokit/octokit.rb +license: mit +licenses: +- sources: LICENSE.md + text: | + Copyright (c) 2009-2017 Wynn Netherland, Adam Stacoviak, Erik Michaels-Ober + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: |- + Copyright (c) 2009-2014 Wynn Netherland, Adam Stacoviak, Erik Michaels-Ober + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/parseconfig.dep.yml b/updater/licenses/bundler/parseconfig.dep.yml new file mode 100644 index 00000000000..d970749c7ec --- /dev/null +++ b/updater/licenses/bundler/parseconfig.dep.yml @@ -0,0 +1,38 @@ +--- +name: parseconfig +version: 1.0.8 +type: bundler +summary: Config File Parser for Standard Unix/Linux Type Config Files +homepage: http://github.com/datafolklabs/ruby-parseconfig/ +license: mit +licenses: +- sources: LICENSE + text: |2+ + + The MIT License: + + Copyright (c) 2006-2016 Data Folk Labs, LLC + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + +- sources: README.md + text: |- + The ParseConfig library is Open Source and distributed under the MIT license. + Please see the LICENSE file included with this software. +notices: [] diff --git a/updater/licenses/bundler/parser.dep.yml b/updater/licenses/bundler/parser.dep.yml new file mode 100644 index 00000000000..0a543dc96a5 --- /dev/null +++ b/updater/licenses/bundler/parser.dep.yml @@ -0,0 +1,36 @@ +--- +name: parser +version: 3.1.2.1 +type: bundler +summary: A Ruby parser written in pure Ruby. +homepage: https://github.com/whitequark/parser +license: other +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2013-2016 whitequark + + Parts of the source are derived from ruby_parser: + Copyright (c) Ryan Davis, seattle.rb + + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/public_suffix.dep.yml b/updater/licenses/bundler/public_suffix.dep.yml new file mode 100644 index 00000000000..59145797432 --- /dev/null +++ b/updater/licenses/bundler/public_suffix.dep.yml @@ -0,0 +1,38 @@ +--- +name: public_suffix +version: 5.0.0 +type: bundler +summary: Domain name parser based on the Public Suffix List. +homepage: https://simonecarletti.com/code/publicsuffix-ruby +license: mit +licenses: +- sources: LICENSE.txt + text: | + Copyright (c) 2009-2022 Simone Carletti + + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: |- + Copyright (c) 2009-2022 Simone Carletti. This is Free Software distributed under the MIT license. + + The [Public Suffix List source](https://publicsuffix.org/list/) is subject to the terms of the Mozilla Public License, v. 2.0. +notices: [] diff --git a/updater/licenses/bundler/racc.dep.yml b/updater/licenses/bundler/racc.dep.yml new file mode 100644 index 00000000000..47a83228f84 --- /dev/null +++ b/updater/licenses/bundler/racc.dep.yml @@ -0,0 +1,39 @@ +--- +name: racc +version: 1.6.0 +type: bundler +summary: Racc is a LALR(1) parser generator +homepage: https://i.loveruby.net/en/projects/racc/ +license: other +licenses: +- sources: COPYING + text: | + Copyright (C) 2019 Yukihiro Matsumoto. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. +- sources: README.rdoc + text: |- + Racc is distributed under the same terms of ruby. + (see the file COPYING). Note that you do NOT need to follow + ruby license for your own parser (racc outputs). + You can distribute those files under any licenses you want. +notices: [] diff --git a/updater/licenses/bundler/rake.dep.yml b/updater/licenses/bundler/rake.dep.yml new file mode 100644 index 00000000000..212817fe077 --- /dev/null +++ b/updater/licenses/bundler/rake.dep.yml @@ -0,0 +1,39 @@ +--- +name: rake +version: 13.0.3 +type: bundler +summary: Rake is a Make-like program implemented in Ruby +homepage: https://github.com/ruby/rake +license: mit +licenses: +- sources: MIT-LICENSE + text: |+ + Copyright (c) Jim Weirich + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +- sources: README.rdoc + text: |- + Rake is available under an MIT-style license. + + :include: MIT-LICENSE + + --- +notices: [] diff --git a/updater/licenses/bundler/rest-client.dep.yml b/updater/licenses/bundler/rest-client.dep.yml new file mode 100644 index 00000000000..902f9eb1c41 --- /dev/null +++ b/updater/licenses/bundler/rest-client.dep.yml @@ -0,0 +1,141 @@ +--- +name: rest-client +version: 2.1.0 +type: bundler +summary: Simple HTTP and REST client for Ruby, inspired by microframework syntax for + specifying actions. +homepage: https://github.com/rest-client/rest-client +license: mit +licenses: +- sources: LICENSE + text: | + The MIT License (MIT) + + Copyright (c) 2008-2014 Rest Client Authors + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +notices: +- sources: AUTHORS + text: |- + The Ruby REST Client would not be what it is today without the help of + the following kind souls: + + Adam Jacob + Adam Wiggins + Adrian Rangel + Alex Tomlins + Aman Gupta + Andy Brody + Avi Deitcher + Blake Mizerany + Brad Ediger + Braintree + Brian Donovan + Caleb Land + Chris Dinn + Chris Frohoff + Chris Green + Coda Hale + Crawford + Cyril Rohr + Dan Mayer + Dario Hamidi + Darren Coxall + David Backeus + David Perkowski + Dmitri Dolguikh + Dusty Doris + Dylan Egan + El Draper + Evan Broder + Evan Smith + François Beausoleil + Gabriele Cirulli + Garry Shutler + Giovanni Cappellotto + Greg Borenstein + Harm Aarts + Hiro Asari + Hugh McGowan + Ian Warshak + Igor Zubkov + Ivan Makfinsky + JH. Chabran + James Edward Gray II + Jari Bakken + Jeff Pereira + Jeff Remer + Jeffrey Hardy + Jeremy Kemper + Joe Rafaniello + John Barnette + Jon Rowe + Jordi Massaguer Pla + Joshua J. Campoverde + Juan Alvarez + Julien Kirch + Jun Aruga + Justin Coyne + Justin Lambert + Keith Rarick + Kenichi Kamiya + Kevin Read + Kosuke Asami + Kyle Meyer + Kyle VanderBeek + Lars Gierth + Lawrence Leonard Gilbert + Lee Jarvis + Lennon Day-Reynolds + Lin Jen-Shin + Magne Matre Gåsland + Marc-André Cournoyer + Marius Butuc + Matthew Manning + Michael Klett + Michael Rykov + Michael Westbom + Mike Fletcher + Nelson Elhage + Nicholas Wieland + Nick Hammond + Nick Plante + Niko Dittmann + Nikolay Shebanov + Oscar Del Ben + Pablo Astigarraga + Paul Dlug + Pedro Belo + Pedro Chambino + Philip Corliss + Pierre-Louis Gottfrois + Rafael Ssouza + Richard Schneeman + Rick Olson + Robert Eanes + Rodrigo Panachi + Sam Norbury + Samuel Cochran + Syl Turner + T. Watanabe + Tekin + W. Andrew Loe III + Waynn Lue + Xavier Shay + tpresa diff --git a/updater/licenses/bundler/ruby2_keywords.dep.yml b/updater/licenses/bundler/ruby2_keywords.dep.yml new file mode 100644 index 00000000000..00fcb8585e7 --- /dev/null +++ b/updater/licenses/bundler/ruby2_keywords.dep.yml @@ -0,0 +1,42 @@ +--- +name: ruby2_keywords +version: 0.0.5 +type: bundler +summary: Shim library for Module#ruby2_keywords +homepage: https://github.com/ruby/ruby2_keywords +license: other +licenses: +- sources: LICENSE + text: | + Copyright 2019-2020 Nobuyoshi Nakada, Yusuke Endoh + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +- sources: README.md + text: |- + The gem is available as open source under the terms of the + [Ruby License] or the [2-Clause BSD License]. + + [GitHub]: https://github.com/ruby/ruby2_keywords/ + [Ruby Issue Tracking System]: https://bugs.ruby-lang.org + [Ruby License]: https://www.ruby-lang.org/en/about/license.txt + [2-Clause BSD License]: https://opensource.org/licenses/BSD-2-Clause +notices: [] diff --git a/updater/licenses/bundler/sawyer.dep.yml b/updater/licenses/bundler/sawyer.dep.yml new file mode 100644 index 00000000000..7b586236a1d --- /dev/null +++ b/updater/licenses/bundler/sawyer.dep.yml @@ -0,0 +1,33 @@ +--- +name: sawyer +version: 0.9.2 +type: bundler +summary: Secret User Agent of HTTP +homepage: https://github.com/lostisland/sawyer +license: mit +licenses: +- sources: LICENSE.md + text: | + Copyright (c) 2011 rick olson + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT). +notices: [] diff --git a/updater/licenses/bundler/sentry-raven.dep.yml b/updater/licenses/bundler/sentry-raven.dep.yml new file mode 100644 index 00000000000..62ba090e42b --- /dev/null +++ b/updater/licenses/bundler/sentry-raven.dep.yml @@ -0,0 +1,212 @@ +--- +name: sentry-raven +version: 3.1.2 +type: bundler +summary: A gem that provides a client interface for the Sentry error logger +homepage: https://github.com/getsentry/raven-ruby +license: apache-2.0 +licenses: +- sources: LICENSE + text: |2 + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2015 Functional Software, Inc + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +notices: [] diff --git a/updater/licenses/bundler/terminal-table.dep.yml b/updater/licenses/bundler/terminal-table.dep.yml new file mode 100644 index 00000000000..8db897780d8 --- /dev/null +++ b/updater/licenses/bundler/terminal-table.dep.yml @@ -0,0 +1,32 @@ +--- +name: terminal-table +version: 3.0.2 +type: bundler +summary: Simple, feature rich ascii table generation library +homepage: https://github.com/tj/terminal-table +license: mit +licenses: +- sources: LICENSE.txt + text: | + The MIT License (MIT) + + Copyright (c) 2008-2017 TJ Holowaychuk + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/toml-rb.dep.yml b/updater/licenses/bundler/toml-rb.dep.yml new file mode 100644 index 00000000000..d1a0dc3fd25 --- /dev/null +++ b/updater/licenses/bundler/toml-rb.dep.yml @@ -0,0 +1,52 @@ +--- +name: toml-rb +version: 2.2.0 +type: bundler +summary: Toml parser in ruby, for ruby. +homepage: https://github.com/emancu/toml-rb +license: mit +licenses: +- sources: LICENSE + text: | + The MIT License (MIT) + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +- sources: README.md + text: |- + MIT License + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/tzinfo.dep.yml b/updater/licenses/bundler/tzinfo.dep.yml new file mode 100644 index 00000000000..7e894b0359f --- /dev/null +++ b/updater/licenses/bundler/tzinfo.dep.yml @@ -0,0 +1,32 @@ +--- +name: tzinfo +version: 2.0.5 +type: bundler +summary: Time Zone Library +homepage: https://tzinfo.github.io +license: mit +licenses: +- sources: LICENSE + text: | + Copyright (c) 2005-2022 Philip Ross + + Permission is hereby granted, free of charge, to any person obtaining a copy of + this software and associated documentation files (the "Software"), to deal in + the Software without restriction, including without limitation the rights to + use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is furnished to do + so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +- sources: README.md + text: TZInfo is released under the MIT license, see LICENSE for details. +notices: [] diff --git a/updater/licenses/bundler/unf.dep.yml b/updater/licenses/bundler/unf.dep.yml new file mode 100644 index 00000000000..e8c0d6991b8 --- /dev/null +++ b/updater/licenses/bundler/unf.dep.yml @@ -0,0 +1,33 @@ +--- +name: unf +version: 0.1.4 +type: bundler +summary: A wrapper library to bring Unicode Normalization Form support to Ruby/JRuby +homepage: https://github.com/knu/ruby-unf +license: other +licenses: +- sources: LICENSE + text: "Copyright (c) 2011, 2012 Akinori MUSHA\n\nAll rights reserved.\n\nRedistribution + and use in source and binary forms, with or without\nmodification, are permitted + provided that the following conditions\nare met:\n1. Redistributions of source + code must retain the above copyright\n notice, this list of conditions and the + following disclaimer.\n2. Redistributions in binary form must reproduce the above + copyright\n notice, this list of conditions and the following disclaimer in + the\n documentation and/or other materials provided with the distribution.\n\nTHIS + SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND\nANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED.\t IN + NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\nOR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION)\nHOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT\nLIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY\nOUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + OF\nSUCH DAMAGE.\n" +- sources: README.md + text: |- + Copyright (c) 2011, 2012, 2013 Akinori MUSHA + + Licensed under the 2-clause BSD license. + See `LICENSE` for details. +notices: [] diff --git a/updater/licenses/bundler/unf_ext.dep.yml b/updater/licenses/bundler/unf_ext.dep.yml new file mode 100644 index 00000000000..0deae359184 --- /dev/null +++ b/updater/licenses/bundler/unf_ext.dep.yml @@ -0,0 +1,40 @@ +--- +name: unf_ext +version: 0.0.8.2 +type: bundler +summary: Unicode Normalization Form support library for CRuby +homepage: https://github.com/knu/ruby-unf_ext +license: mit +licenses: +- sources: LICENSE.txt + text: | + The MIT License + + Copyright (c) 2010 Takeru Ohta + Copyright (c) 2011-2018 Akinori MUSHA (extended Ruby support) + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. +- sources: README.md + text: |- + Copyright (c) 2010-2017 Takeru Ohta + Copyright (c) 2011-2018 Akinori MUSHA + + Licensed under the MIT license. + See `LICENSE` for details. +notices: [] diff --git a/updater/licenses/bundler/unicode-display_width.dep.yml b/updater/licenses/bundler/unicode-display_width.dep.yml new file mode 100644 index 00000000000..be60f3eb99a --- /dev/null +++ b/updater/licenses/bundler/unicode-display_width.dep.yml @@ -0,0 +1,33 @@ +--- +name: unicode-display_width +version: 2.2.0 +type: bundler +summary: Determines the monospace display width of a string in Ruby. +homepage: https://github.com/janlelis/unicode-display_width +license: mit +licenses: +- sources: MIT-LICENSE.txt + text: | + The MIT LICENSE + + Copyright (c) 2011, 2015-2022 Jan Lelis + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +notices: [] diff --git a/updater/licenses/bundler/zeitwerk.dep.yml b/updater/licenses/bundler/zeitwerk.dep.yml new file mode 100644 index 00000000000..da00aefdf09 --- /dev/null +++ b/updater/licenses/bundler/zeitwerk.dep.yml @@ -0,0 +1,33 @@ +--- +name: zeitwerk +version: 2.6.0 +type: bundler +summary: Efficient and thread-safe constant autoloader +homepage: https://github.com/fxn/zeitwerk +license: mit +licenses: +- sources: MIT-LICENSE + text: | + Copyright (c) 2019–ω Xavier Noria + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +- sources: README.md + text: Released under the MIT License, Copyright (c) 2019–ω Xavier Noria. +notices: [] diff --git a/updater/spec/bin_run_spec.rb b/updater/spec/bin_run_spec.rb new file mode 100644 index 00000000000..a0eaa3fb581 --- /dev/null +++ b/updater/spec/bin_run_spec.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +require "json" +require "spec_helper" + +RSpec.describe "bin/run" do + describe "fetch_files" do + before do + ENV["DEPENDABOT_JOB_ID"] = "1" + ENV["DEPENDABOT_JOB_TOKEN"] = "token" + ENV["DEPENDABOT_JOB_PATH"] = + "spec/fixtures/jobs/job_with_credentials.json" + ENV["DEPENDABOT_OUTPUT_PATH"] = File.join(Dir.mktmpdir, "output.json") + ENV["DEPENDABOT_API_URL"] = "http://example.com" + end + + after do + ENV["DEPENDABOT_JOB_ID"] = nil + ENV["DEPENDABOT_JOB_TOKEN"] = nil + ENV["DEPENDABOT_JOB_PATH"] = nil + ENV["DEPENDABOT_API_URL"] = nil + end + + it "completes the job successfully and persists the files" do + result = `bin/run fetch_files` + expect(result).to include("Starting job processing") + expect(result).to include("Finished job processing") + job_output = JSON.parse(File.read(ENV.fetch("DEPENDABOT_OUTPUT_PATH", nil))) + expect(job_output.fetch("base64_dependency_files").length).to eq(1) + end + end +end diff --git a/updater/spec/dependabot/api_client_spec.rb b/updater/spec/dependabot/api_client_spec.rb new file mode 100644 index 00000000000..8226461e6e3 --- /dev/null +++ b/updater/spec/dependabot/api_client_spec.rb @@ -0,0 +1,236 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/dependency" +require "dependabot/api_client" + +RSpec.describe Dependabot::ApiClient do + subject(:client) { Dependabot::ApiClient.new("http://example.com", "token") } + let(:headers) { { "Content-Type" => "application/json" } } + + describe "get_job" do + before do + stub_request(:get, "http://example.com/update_jobs/1"). + to_return(body: fixture("get_job.json"), headers: headers) + end + + it "hits the correct endpoint" do + client.get_job(1) + + expect(WebMock). + to have_requested(:get, "http://example.com/update_jobs/1"). + with(headers: { "Authorization" => "token" }) + end + + it "returns a job" do + job = client.get_job(1) + expect(job).to be_a(Dependabot::Job) + end + end + + describe "create_pull_request" do + let(:dependency) do + Dependabot::Dependency.new( + name: "business", + package_manager: "bundler", + version: "1.8.0", + previous_version: "1.7.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.7.0", groups: [], source: nil } + ] + ) + end + let(:dependency_files) do + [ + { name: "Gemfile", content: "some things" }, + { name: "Gemfile.lock", content: "more things" } + ] + end + let(:create_pull_request_url) do + "http://example.com/update_jobs/1/create_pull_request" + end + let(:base_commit) { "sha" } + let(:message) { nil } + + before do + stub_request(:post, create_pull_request_url). + to_return(status: 204, headers: headers) + end + + it "hits the correct endpoint" do + client.create_pull_request(1, [dependency], dependency_files, base_commit, message) + + expect(WebMock). + to have_requested(:post, create_pull_request_url). + with(headers: { "Authorization" => "token" }) + end + + it "does not send pull request message" do + client.create_pull_request(1, [dependency], dependency_files, base_commit, message) + + expect(WebMock). + to(have_requested(:post, create_pull_request_url). + with do |req| + expect(req.body).not_to include("commit-message") + end) + end + + context "with pull request message" do + let(:message) do + Dependabot::PullRequestCreator::Message.new( + pr_name: "PR name", + pr_message: "PR message", + commit_message: "Commit message" + ) + end + + it "encodes fields" do + client.create_pull_request(1, [dependency], dependency_files, base_commit, message) + expect(WebMock). + to(have_requested(:post, create_pull_request_url). + with(headers: { "Authorization" => "token" }). + with do |req| + data = JSON.parse(req.body)["data"] + expect(data["commit-message"]).to eq("Commit message") + expect(data["pr-title"]).to eq("PR name") + expect(data["pr-body"]).to eq("PR message") + true + end) + end + end + end + + describe "update_pull_request" do + let(:dependency) do + Dependabot::Dependency.new( + name: "business", + package_manager: "bundler", + version: "1.8.0", + previous_version: "1.7.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.7.0", groups: [], source: nil } + ] + ) + end + let(:dependency_files) do + [ + { name: "Gemfile", content: "some things" }, + { name: "Gemfile.lock", content: "more things" } + ] + end + let(:update_pull_request_url) do + "http://example.com/update_jobs/1/update_pull_request" + end + let(:base_commit) { "sha" } + + before do + stub_request(:post, update_pull_request_url). + to_return(status: 204, headers: headers) + end + + it "hits the correct endpoint" do + client.update_pull_request(1, [dependency], dependency_files, base_commit) + + expect(WebMock). + to have_requested(:post, update_pull_request_url). + with(headers: { "Authorization" => "token" }) + end + end + + describe "close_pull_request" do + let(:dependency_name) { "business" } + let(:close_pull_request_url) do + "http://example.com/update_jobs/1/close_pull_request" + end + + before do + stub_request(:post, close_pull_request_url). + to_return(status: 204, headers: headers) + end + + it "hits the correct endpoint" do + client.close_pull_request(1, dependency_name, :dependency_removed) + + expect(WebMock). + to have_requested(:post, close_pull_request_url). + with(headers: { "Authorization" => "token" }) + end + end + + describe "record_update_job_error" do + let(:url) { "http://example.com/update_jobs/1/record_update_job_error" } + let(:error_type) { "dependency_file_not_evaluatable" } + let(:error_detail) { { "message" => "My message" } } + before { stub_request(:post, url).to_return(status: 204) } + + it "hits the correct endpoint" do + client.record_update_job_error( + 1, + error_type: error_type, + error_details: error_detail + ) + + expect(WebMock). + to have_requested(:post, url). + with(headers: { "Authorization" => "token" }) + end + end + + describe "mark_job_as_processed" do + let(:url) { "http://example.com/update_jobs/1/mark_as_processed" } + let(:base_commit) { "sha" } + before { stub_request(:patch, url).to_return(status: 204) } + + it "hits the correct endpoint" do + client.mark_job_as_processed(1, base_commit) + + expect(WebMock). + to have_requested(:patch, url). + with(headers: { "Authorization" => "token" }) + end + end + + describe "update_dependency_list" do + let(:url) { "http://example.com/update_jobs/1/update_dependency_list" } + let(:dependency) do + Dependabot::Dependency.new( + name: "business", + package_manager: "bundler", + version: "1.8.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil } + ] + ) + end + before { stub_request(:post, url).to_return(status: 204) } + + it "hits the correct endpoint" do + client.update_dependency_list(1, [dependency], ["Gemfile"]) + + expect(WebMock). + to have_requested(:post, url). + with(headers: { "Authorization" => "token" }) + end + end + + describe "record_package_manager_version" do + let(:url) { "http://example.com/update_jobs/1/record_package_manager_version" } + before { stub_request(:post, url).to_return(status: 204) } + + it "hits the correct endpoint" do + client.record_package_manager_version( + 1, "bundler", { "bundler" => "2" } + ) + + expect(WebMock). + to have_requested(:post, url). + with(headers: { "Authorization" => "token" }) + end + end +end diff --git a/updater/spec/dependabot/file_fetcher_job_spec.rb b/updater/spec/dependabot/file_fetcher_job_spec.rb new file mode 100644 index 00000000000..1e8c1b03c0a --- /dev/null +++ b/updater/spec/dependabot/file_fetcher_job_spec.rb @@ -0,0 +1,235 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/file_fetcher_job" +require "tmpdir" + +RSpec.describe Dependabot::FileFetcherJob do + subject(:job) { described_class.new } + + let(:api_client) { double(Dependabot::ApiClient) } + let(:job_id) { "123123" } + + before do + allow(job).to receive(:job_id).and_return(job_id) + allow(job).to receive(:token).and_return("job_token") + allow(job).to receive(:api_client).and_return(api_client) + + allow(api_client).to receive(:mark_job_as_processed) + allow(api_client).to receive(:record_update_job_error) + + allow(Dependabot::Environment).to receive(:output_path).and_return(File.join(Dir.mktmpdir, "output.json")) + end + + describe "#perform_job" do + subject(:perform_job) { job.perform_job } + + before do + allow(job). + to receive(:job_definition). + and_return(JSON.parse(fixture("jobs/job_with_credentials.json"))) + end + + it "fetches the files and writes the fetched files to output.json", vcr: true do + expect(api_client).not_to receive(:mark_job_as_processed) + + perform_job + + output = JSON.parse(File.read(Dependabot::Environment.output_path)) + dependency_file = output["base64_dependency_files"][0] + expect(dependency_file["name"]).to eq( + "dependabot-test-ruby-package.gemspec" + ) + expect(dependency_file["content_encoding"]).to eq("utf-8") + end + + it "does not clone the repo", vcr: true do + expect_any_instance_of(Dependabot::Bundler::FileFetcher). + not_to receive(:clone_repo_contents) + + expect(api_client).not_to receive(:mark_job_as_processed) + + perform_job + end + + context "when the fetcher raises a BranchNotFound error" do + before do + allow_any_instance_of(Dependabot::Bundler::FileFetcher). + to receive(:commit). + and_raise(Dependabot::BranchNotFound, "my_branch") + end + + it "tells the backend about the error (and doesn't re-raise it)" do + expect(api_client). + to receive(:record_update_job_error). + with( + job_id, + error_details: { "branch-name": "my_branch" }, + error_type: "branch_not_found" + ) + expect(api_client).to receive(:mark_job_as_processed) + + perform_job + end + end + + context "when the fetcher raises a RepoNotFound error" do + let(:provider) { job.job_definition.dig("job", "source", "provider") } + let(:repo) { job.job_definition.dig("job", "source", "repo") } + let(:source) { ::Dependabot::Source.new(provider: provider, repo: repo) } + + before do + allow_any_instance_of(Dependabot::Bundler::FileFetcher). + to receive(:commit). + and_raise(Dependabot::RepoNotFound, source) + end + + it "tells the backend about the error (and doesn't re-raise it)" do + expect(api_client). + to receive(:record_update_job_error). + with( + job_id, + error_details: {}, + error_type: "job_repo_not_found" + ) + expect(api_client).to receive(:mark_job_as_processed) + + perform_job + end + end + + context "when the fetcher raises a rate limited error", vcr: true do + let(:reset_at) { Time.now + 30 } + + before do + exception = Octokit::TooManyRequests.new( + response_headers: { + "X-RateLimit-Reset" => reset_at + } + ) + allow_any_instance_of(Dependabot::Bundler::FileFetcher). + to receive(:files). + and_raise(exception) + end + + it "retries the job when the rate-limit is reset and reports api error" do + expect(Raven).not_to receive(:capture_exception) + expect(api_client). + to receive(:record_update_job_error). + with( + job_id, + error_details: { "rate-limit-reset": reset_at }, + error_type: "octokit_rate_limited" + ) + expect(api_client).to receive(:mark_job_as_processed) + + perform_job + end + end + + context "when vendoring dependencies", vcr: true do + before do + allow(job). + to receive(:job_definition). + and_return( + JSON.parse(fixture("jobs/job_with_vendor_dependencies.json")) + ) + + allow(Dependabot::Environment).to receive(:repo_contents_path).and_return(Dir.mktmpdir) + end + + it "clones the repo" do + expect(api_client).not_to receive(:mark_job_as_processed) + + perform_job + + root_dir_entries = Dir.entries(Dependabot::Environment.repo_contents_path) + expect(root_dir_entries).to include(".gitignore") + expect(root_dir_entries).to include( + "dependabot-test-ruby-package.gemspec" + ) + expect(root_dir_entries).to include("README.md") + end + end + + context "when package ecosystem always clones", vcr: true do + before do + allow(job). + to receive(:job_definition). + and_return( + JSON.parse(fixture("jobs/job_with_go_modules.json")) + ) + + allow(Dependabot::Environment).to receive(:repo_contents_path).and_return(Dir.mktmpdir) + end + + it "clones the repo" do + expect(api_client).not_to receive(:mark_job_as_processed) + + perform_job + + root_dir_entries = Dir.entries(Dependabot::Environment.repo_contents_path) + expect(root_dir_entries).to include("go.mod") + expect(root_dir_entries).to include("go.sum") + expect(root_dir_entries).to include("main.go") + end + + it "cleans up any files left after the job errors" do + allow(job).to receive(:clone_repo_contents).and_wrap_original do |method, *args| + method.call(*args) + raise "Something went wrong" + end + expect(api_client).to receive(:mark_job_as_processed) + + perform_job + + expect(Dir.exist?(Dependabot::Environment.repo_contents_path)).to be_truthy + expect(Dir.empty?(Dependabot::Environment.repo_contents_path)).to be_truthy + end + end + + context "when the connectivity check is enabled", vcr: true do + before do + allow(ENV).to receive(:[]).and_call_original + allow(ENV).to receive(:[]).with("ENABLE_CONNECTIVITY_CHECK").and_return("1") + end + + it "logs connectivity is successful and does not raise an error" do + expect(Dependabot.logger).to receive(:info).with(/Connectivity check starting/) + expect(Dependabot.logger).to receive(:info).with(/Connectivity check successful/) + + expect { perform_job }.not_to raise_error + end + + context "when connectivity is broken" do + let(:mock_octokit) { instance_double(Octokit::Client) } + + before do + allow(Octokit::Client). + to receive(:new). + and_call_original + allow(Octokit::Client). + to receive(:new).with({ + api_endpoint: "https://api.github.com/", + connection_options: { + request: { + open_timeout: 20, + timeout: 5 + } + } + }). + and_return(mock_octokit) + allow(mock_octokit).to receive(:repository). + and_raise(Octokit::Error) + end + + it "logs connectivity failed and does not raise an error" do + expect(Dependabot.logger).to receive(:info).with(/Connectivity check starting/) + expect(Dependabot.logger).to receive(:error).with(/Connectivity check failed/) + + expect { perform_job }.not_to raise_error + end + end + end + end +end diff --git a/updater/spec/dependabot/instrumentation_spec.rb b/updater/spec/dependabot/instrumentation_spec.rb new file mode 100644 index 00000000000..984e3af5591 --- /dev/null +++ b/updater/spec/dependabot/instrumentation_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/api_client" +require "dependabot/instrumentation" + +RSpec.describe "dependabot instrumentation" do + describe ".subscribe" do + it "relays package manager versions to core" do + allow(Dependabot::Environment).to receive(:job_id).and_return(1) + allow(Dependabot::Environment).to receive(:token).and_return("some_token") + + expect_any_instance_of(Dependabot::ApiClient).to receive(:record_package_manager_version).with( + 1, "bundler", { "bundler" => "1" } + ) + + Dependabot.instrument( + Dependabot::Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED, + { ecosystem: "bundler", package_managers: { "bundler" => "1" } } + ) + end + end +end diff --git a/updater/spec/dependabot/integration_spec.rb b/updater/spec/dependabot/integration_spec.rb new file mode 100644 index 00000000000..bd4ec0d62a5 --- /dev/null +++ b/updater/spec/dependabot/integration_spec.rb @@ -0,0 +1,641 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/dependency" +require "dependabot/dependency_file" +require "dependabot/file_fetchers" +require "dependabot/end_to_end_job" +require "dependabot/api_client" + +RSpec.describe Dependabot::EndToEndJob do + subject(:end_to_end_job) { Dependabot::EndToEndJob.new } + + before { WebMock.disable! } + after { WebMock.enable! } + + let(:job_id) { 1 } + let(:api_client) { double(Dependabot::ApiClient) } + + before do + allow(end_to_end_job).to receive(:api_client).and_return(api_client) + allow(end_to_end_job).to receive(:job).and_return(job) + allow(end_to_end_job).to receive(:job_id).and_return(1) + allow(end_to_end_job).to receive(:token).and_return("token") + allow(end_to_end_job). + to receive(:dependency_files).and_return(dependency_files) + allow(end_to_end_job).to receive(:base_commit_sha).and_return("sha") + + allow(api_client).to receive(:create_pull_request) + allow(api_client).to receive(:update_pull_request) + allow(api_client).to receive(:close_pull_request) + allow(api_client).to receive(:mark_job_as_processed) + allow(api_client).to receive(:update_dependency_list) + allow(api_client).to receive(:record_update_job_error) + # Recording the package manager happens via an observer so the instantiated `api_client` does not receive this call + allow_any_instance_of(Dependabot::ApiClient).to receive(:record_package_manager_version) + + allow(Dependabot::Environment).to receive(:token).and_return("some_token") + allow(Dependabot::Environment).to receive(:job_id).and_return(job_id) + allow(Dependabot.logger).to receive(:info).and_call_original + end + + describe "bundler" do + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "Gemfile", + content: fixture("bundler/original/Gemfile"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "Gemfile.lock", + content: fixture("bundler/original/Gemfile.lock"), + directory: "/" + ) + ] + end + + let(:job) do + Dependabot::Job.new( + token: "token", + dependencies: nil, + allowed_updates: [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ], + existing_pull_requests: [], + ignore_conditions: [], + security_advisories: [], + package_manager: "bundler", + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com", + "branch" => nil + }, + credentials: [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "github-token" + }], + lockfile_only: false, + requirements_update_strategy: nil, + update_subdependencies: false, + updating_a_pull_request: false, + vendor_dependencies: false, + security_updates_only: false + ) + end + + it "updates dependencies correctly" do + expect(api_client). + to receive(:create_pull_request) do |id, deps, files, commit_sha| + expect(id).to eq(1) + dep = Dependabot::Dependency.new( + name: "dummy-pkg-b", + package_manager: "bundler", + version: "1.2.0", + previous_version: "1.1.0", + requirements: [ + { requirement: "~> 1.2.0", + groups: [:default], + source: nil, + file: "Gemfile" } + ], + previous_requirements: [ + { requirement: "~> 1.1.0", + groups: [:default], + source: nil, + file: "Gemfile" } + ] + ) + expect(deps).to eql([dep]) + expect(files).to eq( + [ + { + "name" => "Gemfile", + "content" => fixture("bundler/updated/Gemfile"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "Gemfile.lock", + "content" => fixture("bundler/updated/Gemfile.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + ) + expect(commit_sha).to eq("sha") + end + end_to_end_job.run + end + + it "summarizes the changes" do + expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| + expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") + end + + end_to_end_job.run + end + + it "instruments the package manager version" do + expect_any_instance_of(Dependabot::ApiClient).to receive(:record_package_manager_version) + + end_to_end_job.run + end + + context "when there is an exception that blocks PR creation" do + before do + allow(api_client).to receive(:create_pull_request).and_raise(StandardError, "oh no!") + end + + it "notifies Dependabot API of the problem" do + expect(api_client).to receive(:record_update_job_error). + with(job_id, { error_type: "unknown_error", error_details: nil }) + + end_to_end_job.run + end + + it "indicates there was an error in the summary" do + expect(Dependabot.logger).not_to receive(:info).with(/Changes to Dependabot Pull Requests/) + expect(Dependabot.logger).to receive(:info).with(/Dependabot encountered '1' error/) + + end_to_end_job.run + end + + it "does not raise an exception" do + expect { end_to_end_job.run }.not_to raise_error + end + + context "when GITHUB_ACTIONS is set" do + before do + allow(Dependabot::Environment).to receive(:github_actions?) { "true" } + end + + it "raises an exception" do + expect { end_to_end_job.run }.to raise_error(Dependabot::RunFailure) + end + end + end + + context "when there is an exception that does not block PR creation" do + before do + # Pre-populate an error in the service + end_to_end_job.service.record_update_job_error( + job_id, + error_type: :epoch_error, + error_details: { + message: "What is fortran doing here?!" + } + ) + end + + it "indicates both the pr creation and error in the summary" do + expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| + expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") + expect(log_message).to include("Dependabot encountered '1' error") + end + + end_to_end_job.run + end + + it "does not raise an exception" do + expect { end_to_end_job.run }.not_to raise_error + end + + context "when GITHUB_ACTIONS is set" do + before do + allow(Dependabot::Environment).to receive(:github_actions?) { "true" } + end + + it "raises an exception" do + expect { end_to_end_job.run }.to raise_error(Dependabot::RunFailure) + end + end + end + end + + describe "bundler git dependencies" do + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "Gemfile", + content: fixture("bundler_git/original/Gemfile"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "Gemfile.lock", + content: fixture("bundler_git/original/Gemfile.lock"), + directory: "/" + ) + ] + end + + let(:job) do + Dependabot::Job.new( + token: "token", + dependencies: nil, + allowed_updates: [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ], + existing_pull_requests: [], + ignore_conditions: [], + security_advisories: [], + package_manager: "bundler", + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com", + "branch" => nil + }, + credentials: [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => test_access_token + }], + lockfile_only: false, + requirements_update_strategy: nil, + update_subdependencies: false, + updating_a_pull_request: false, + vendor_dependencies: false, + security_updates_only: false + ) + end + + it "updates dependencies correctly" do + expect(api_client). + to receive(:create_pull_request) do |id, deps, files, commit_sha| + expect(id).to eq(1) + dep = Dependabot::Dependency.new( + name: "dummy-git-dependency", + package_manager: "bundler", + version: "c0e25c2eb332122873f73acb3b61fb2e261cfd8f", + previous_version: "20151f9b67c8a04461fa0ee28385b6187b86587b", + requirements: [ + { requirement: ">= 0", + groups: [:default], + source: { + type: "git", + branch: "master", + ref: "v1.1.0", + url: "git@github.com:dependabot-fixtures/ruby-dummy-git-" \ + "dependency.git" + }, + file: "Gemfile" } + ], + previous_requirements: [ + { requirement: ">= 0", + groups: [:default], + source: { + type: "git", + branch: "master", + ref: "v1.0.0", + url: "git@github.com:dependabot-fixtures/ruby-dummy-git-" \ + "dependency.git" + }, + file: "Gemfile" } + ] + ) + expect(deps).to eql([dep]) + expect(files).to eq( + [ + { + "name" => "Gemfile", + "content" => fixture("bundler_git/updated/Gemfile"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "Gemfile.lock", + "content" => fixture("bundler_git/updated/Gemfile.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + ) + expect(commit_sha).to eq("sha") + end + end_to_end_job.run + end + + it "summarizes the changes" do + expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| + expect(log_message).to include( + "created", + "dummy-git-dependency", + "from 20151f9b67c8a04461fa0ee28385b6187b86587b", + "to c0e25c2eb332122873f73acb3b61fb2e261cfd8f" + ) + end + + end_to_end_job.run + end + end + + describe "JavaScript" do + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "package.json", + content: fixture("npm/original/package.json"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "package-lock.json", + content: fixture("npm/original/package-lock.json"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "yarn.lock", + content: fixture("yarn/original/yarn.lock"), + directory: "/" + ) + ] + end + + let(:job) do + Dependabot::Job.new( + token: "token", + dependencies: nil, + allowed_updates: [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ], + existing_pull_requests: [], + ignore_conditions: [], + security_advisories: [], + package_manager: "npm_and_yarn", + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com", + "branch" => nil + }, + credentials: [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "github-token" + }], + lockfile_only: false, + requirements_update_strategy: nil, + update_subdependencies: false, + updating_a_pull_request: false, + vendor_dependencies: false, + security_updates_only: false + ) + end + + it "updates dependencies correctly" do + expect(api_client). + to receive(:create_pull_request) do |id, deps, files, commit_sha| + expect(id).to eq(1) + dep = Dependabot::Dependency.new( + name: "@dependabot/dummy-pkg-b", + package_manager: "npm_and_yarn", + version: "1.2.0", + previous_version: "1.1.0", + requirements: [ + { + file: "package.json", + requirement: "^1.2.0", + groups: ["dependencies"], + source: { + type: "registry", + url: "https://registry.npmjs.org" + } + } + ], + previous_requirements: [ + { + file: "package.json", + requirement: "^1.1.0", + groups: ["dependencies"], + source: { + type: "registry", + url: "https://registry.npmjs.org" + } + } + ] + ) + expect(deps).to eql([dep]) + expect(files).to eq( + [ + { + "name" => "package.json", + "content" => fixture("npm/updated/package.json"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "yarn.lock", + "content" => fixture("yarn/updated/yarn.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "package-lock.json", + "content" => fixture("npm/updated/package-lock.json"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + ) + expect(commit_sha).to eq("sha") + end + end_to_end_job.run + end + + it "summarizes the changes" do + expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| + expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") + end + + end_to_end_job.run + end + end + + describe "composer" do + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "composer.json", + content: fixture("composer/original/composer.json"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "composer.lock", + content: fixture("composer/original/composer.lock"), + directory: "/" + ) + ] + end + + let(:job) do + Dependabot::Job.new( + token: "token", + dependencies: nil, + allowed_updates: [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ], + existing_pull_requests: [], + ignore_conditions: [], + security_advisories: [], + package_manager: "composer", + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com", + "branch" => nil + }, + credentials: [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "github-token" + }], + lockfile_only: false, + requirements_update_strategy: :bump_versions, + update_subdependencies: false, + updating_a_pull_request: false, + vendor_dependencies: false, + security_updates_only: false + ) + end + + it "updates dependencies correctly" do + expect(api_client). + to receive(:create_pull_request) do |id, deps, files, commit_sha| + expect(id).to eq(1) + dep = Dependabot::Dependency.new( + name: "dependabot/dummy-pkg-b", + package_manager: "composer", + version: "1.2.0", + previous_version: "1.1.0", + requirements: [ + { + file: "composer.json", + requirement: "^1.2.0", + source: { + type: "git", + url: "https://github.com/dependabot/php-dummy-pkg-b.git" + }, + groups: ["runtime"] + } + ], + previous_requirements: [ + { + file: "composer.json", + requirement: "^1.1.0", + source: { + type: "git", + url: "https://github.com/dependabot/php-dummy-pkg-b.git" + }, + groups: ["runtime"] + } + ] + ) + expect(deps).to eql([dep]) + expect(files).to eq( + [ + { + "name" => "composer.json", + "content" => fixture("composer/updated/composer.json"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "composer.lock", + "content" => fixture("composer/updated/composer.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + ) + expect(commit_sha).to eq("sha") + end + end_to_end_job.run + end + + it "summarizes the changes" do + expect(Dependabot.logger).to receive(:info).with(/Changes to Dependabot Pull Requests/) do |log_message| + expect(log_message).to include("created", "dummy-pkg-b ( from 1.1.0 to 1.2.0 )") + end + + end_to_end_job.run + end + end +end diff --git a/updater/spec/dependabot/job_spec.rb b/updater/spec/dependabot/job_spec.rb new file mode 100644 index 00000000000..8cf01ddea1b --- /dev/null +++ b/updater/spec/dependabot/job_spec.rb @@ -0,0 +1,410 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/job" +require "dependabot/dependency" +require "dependabot/bundler" + +RSpec.describe Dependabot::Job do + subject(:job) { described_class.new(attributes) } + + let(:attributes) do + { + token: "token", + dependencies: dependencies, + allowed_updates: allowed_updates, + existing_pull_requests: [], + ignore_conditions: [], + security_advisories: security_advisories, + package_manager: package_manager, + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com", + "branch" => nil + }, + credentials: [{ + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "github-token" + }], + lockfile_only: false, + requirements_update_strategy: nil, + update_subdependencies: false, + updating_a_pull_request: false, + vendor_dependencies: vendor_dependencies, + experiments: experiments, + commit_message_options: commit_message_options, + security_updates_only: security_updates_only + } + end + + let(:dependencies) { nil } + let(:security_advisories) { [] } + let(:package_manager) { "bundler" } + let(:security_updates_only) { false } + let(:allowed_updates) do + [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ] + end + let(:experiments) { nil } + let(:commit_message_options) { nil } + let(:vendor_dependencies) { false } + + describe "#allowed_update?" do + subject { job.allowed_update?(dependency) } + let(:dependency) do + Dependabot::Dependency.new( + name: dependency_name, + package_manager: "bundler", + version: "1.8.0", + requirements: requirements + ) + end + let(:dependency_name) { "business" } + let(:requirements) do + [{ file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil }] + end + + context "with default allowed updates on a dependency with no requirements" do + let(:allowed_updates) do + [ + { + "dependency-type" => "direct", + "update-type" => "all" + } + ] + end + let(:security_advisories) do + [ + { + "dependency-name" => dependency_name, + "affected-versions" => [], + "patched-versions" => ["~> 1.11.0"], + "unaffected-versions" => [] + } + ] + end + let(:dependency) do + Dependabot::Dependency.new( + name: dependency_name, + package_manager: "bundler", + version: "1.8.0", + requirements: [] + ) + end + it { is_expected.to eq(false) } + + context "for a security update" do + let(:security_updates_only) { true } + it { is_expected.to eq(true) } + end + end + + context "with a top-level dependency" do + let(:requirements) do + [{ file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil }] + end + + it { is_expected.to eq(true) } + end + + context "with a sub-dependency" do + let(:requirements) { [] } + it { is_expected.to eq(false) } + + context "that is insecure" do + let(:security_advisories) do + [ + { + "dependency-name" => "business", + "affected-versions" => [], + "patched-versions" => ["~> 1.11.0"], + "unaffected-versions" => [] + } + ] + end + + it { is_expected.to eq(true) } + end + end + + context "when only security fixes are allowed" do + let(:security_updates_only) { true } + it { is_expected.to eq(false) } + + context "for a security fix" do + let(:security_advisories) do + [ + { + "dependency-name" => "business", + "affected-versions" => [], + "patched-versions" => ["~> 1.11.0"], + "unaffected-versions" => [] + } + ] + end + + it { is_expected.to eq(true) } + end + end + + context "and a dependency whitelist that includes the dependency" do + let(:allowed_updates) { [{ "dependency-name" => "business" }] } + it { is_expected.to eq(true) } + + context "with a dependency whitelist that uses a wildcard" do + let(:allowed_updates) { [{ "dependency-name" => "bus*" }] } + it { is_expected.to eq(true) } + end + end + + context "and a dependency whitelist that excludes the dependency" do + let(:allowed_updates) { [{ "dependency-name" => "rails" }] } + it { is_expected.to eq(false) } + + context "that would match if we were sloppy about substrings" do + let(:allowed_updates) { [{ "dependency-name" => "bus" }] } + it { is_expected.to eq(false) } + end + + context "with a dependency whitelist that uses a wildcard" do + let(:allowed_updates) { [{ "dependency-name" => "b.ness*" }] } + it { is_expected.to eq(false) } + end + + context "when security fixes are also allowed" do + let(:allowed_updates) do + [ + { "dependency-name" => "rails" }, + { "update-type" => "security" } + ] + end + + it { is_expected.to eq(false) } + + context "for a security fix" do + let(:security_advisories) do + [ + { + "dependency-name" => "business", + "affected-versions" => [], + "patched-versions" => ["~> 1.11.0"], + "unaffected-versions" => [] + } + ] + end + + it { is_expected.to eq(true) } + end + end + end + + context "with dev dependencies during a security update while allowed: production is in effect" do + let(:package_manager) { "npm_and_yarn" } + let(:security_updates_only) { true } + let(:dependency) do + Dependabot::Dependency.new( + name: "ansi-regex", + package_manager: "npm_and_yarn", + version: "6.0.0", + requirements: [ + { + file: "package.json", + requirement: "^6.0.0", + groups: ["devDependencies"], + source: { + type: "registry", + url: "https://registry.npmjs.org" + } + } + ] + ) + end + let(:security_advisories) do + [ + { + "dependency-name" => "ansi-regex", + "affected-versions" => [ + ">= 3.0.0 < 3.0.1", + ">= 4.0.0 < 4.1.1", + ">= 5.0.0 < 5.0.1", + ">= 6.0.0 < 6.0.1" + ], + "patched-versions" => [], + "unaffected-versions" => [] + } + ] + end + let(:allowed_updates) do + [{ "dependency-type" => "production" }] + end + it { is_expected.to eq(false) } + end + end + + describe "#security_updates_only?" do + subject { job.security_updates_only? } + + it { is_expected.to eq(false) } + + context "with security only allowed updates" do + let(:security_updates_only) { true } + + it { is_expected.to eq(true) } + end + end + + describe "#experiments" do + it "handles nil values" do + expect(job.experiments).to eq({}) + end + + context "with experiments" do + let(:experiments) { { "simple" => false, "kebab-case" => true } } + + it "transforms the keys" do + expect(job.experiments).to eq(simple: false, kebab_case: true) + end + end + + context "with experimental values" do + let(:experiments) { { "timeout_per_operation_seconds" => 600 } } + + it "preserves the values" do + expect(job.experiments).to eq(timeout_per_operation_seconds: 600) + end + end + end + + describe "#commit_message_options" do + it "handles nil values" do + expect(job.commit_message_options).to eq({}) + end + + context "with commit_message_options" do + let(:commit_message_options) do + { + "prefix" => "[dev]", + "prefix-development" => "[bump-dev]", + "include-scope" => true + } + end + + it "transforms the keys" do + expect(job.commit_message_options[:prefix]).to eq("[dev]") + expect(job.commit_message_options[:prefix_development]).to eq("[bump-dev]") + expect(job.commit_message_options[:include_scope]).to eq(true) + end + end + + context "with partial commit_message_options" do + let(:commit_message_options) do + { + "prefix" => "[dev]" + } + end + + it "transforms the keys" do + expect(job.commit_message_options[:prefix]).to eq("[dev]") + expect(job.commit_message_options).not_to have_key(:prefix_development) + expect(job.commit_message_options).not_to have_key(:include_scope) + end + end + end + + describe "#clone?" do + subject { job.clone? } + + it { is_expected.to eq(false) } + + context "with vendoring configuration enabled" do + let(:vendor_dependencies) { true } + + it { is_expected.to eq(true) } + end + + context "for ecosystems that always clone" do + let(:vendor_dependencies) { false } + let(:dependencies) do + [ + Dependabot::Dependency.new( + name: "github.com/pkg/errors", + package_manager: "go_modules", + version: "v1.8.0", + requirements: [ + { + file: "go.mod", + requirement: "v1.8.0", + groups: [], + source: nil + } + ] + ) + ] + end + let(:package_manager) { "go_modules" } + + it { is_expected.to eq(true) } + end + end + + describe "#security_fix?" do + subject { job.security_fix?(dependency) } + + let(:dependency) do + Dependabot::Dependency.new( + package_manager: "bundler", + name: "business", + version: dependency_version, + previous_version: dependency_previous_version, + requirements: [], + previous_requirements: [] + ) + end + let(:dependency_version) { "1.11.1" } + let(:dependency_previous_version) { "0.7.1" } + let(:security_advisories) do + [ + { + "dependency-name" => "business", + "affected-versions" => [], + "patched-versions" => ["~> 1.11.0"], + "unaffected-versions" => [] + } + ] + end + + it { is_expected.to eq(true) } + + context "when the update hasn't been patched" do + let(:dependency_version) { "1.10.0" } + + it { is_expected.to eq(false) } + end + end + + describe "#reject_external_code?" do + it "defaults to false" do + expect(job.reject_external_code?).to eq(false) + end + + it "can be enabled by job attributes" do + attrs = attributes + attrs[:reject_external_code] = true + job = Dependabot::Job.new(attrs) + expect(job.reject_external_code?).to eq(true) + end + end +end diff --git a/updater/spec/dependabot/sentry_spec.rb b/updater/spec/dependabot/sentry_spec.rb new file mode 100644 index 00000000000..1260603399d --- /dev/null +++ b/updater/spec/dependabot/sentry_spec.rb @@ -0,0 +1,102 @@ +# frozen_string_literal: true + +require "dependabot/sentry" +require "spec_helper" + +RSpec.describe ExceptionSanitizer do + let(:message) { "kaboom" } + let(:data) do + { + environment: "default", + extra: {}, + exception: { + values: [ + { type: "StandardError", value: message } + ] + } + } + end + + it "does not filter messages by default" do + expect(sanitized_message(data)).to eq(message) + end + + context "with exception containing Bearer token" do + let(:message) { "Bearer SECRET_TOKEN is bad and you should feel bad" } + + it "filters sensitive messages" do + expect(sanitized_message(data)).to eq( + "Bearer [FILTERED_AUTH_TOKEN] is bad and you should feel bad" + ) + end + end + + context "with exception containing Authorization: header" do + let(:message) { "Authorization: SECRET_TOKEN is bad" } + + it "filters sensitive messages" do + expect(sanitized_message(data)).to eq( + "Authorization: [FILTERED_AUTH_TOKEN] is bad" + ) + end + end + + context "with exception containing authorization value" do + let(:message) { "authorization SECRET_TOKEN invalid" } + + it "filters sensitive messages" do + expect(sanitized_message(data)).to eq( + "authorization [FILTERED_AUTH_TOKEN] invalid" + ) + end + end + + context "with exception secret token without an indicator" do + let(:message) { "SECRET_TOKEN is not filtered" } + + it "filters sensitive messages" do + expect(sanitized_message(data)).to eq("SECRET_TOKEN is not filtered") + end + end + + context "with api repo NWO" do + let(:message) { "https://api.github.com/repos/foo/bar is bad" } + + it "filters repo name from an api request" do + expect(sanitized_message(data)).to eq( + "https://api.github.com/repos/foo/[FILTERED_REPO] is bad" + ) + end + end + + context "with regular repo NWO" do + let(:message) { "https://github.com/foo/bar is bad" } + + it "filters repo name from an api request" do + expect(sanitized_message(data)).to eq( + "https://github.com/foo/[FILTERED_REPO] is bad" + ) + end + end + + context "with multiple repo NWO" do + let(:message) do + "https://api.github.com/repos/foo/bar is bad, " \ + "https://github.com/foo/baz is bad" + end + + it "filters repo name from an api request" do + expect(sanitized_message(data)).to eq( + "https://api.github.com/repos/foo/[FILTERED_REPO] is bad, " \ + "https://github.com/foo/[FILTERED_REPO] is bad" + ) + end + end + + private + + def sanitized_message(data) + filtered = ExceptionSanitizer.new.process(data) + filtered[:exception][:values].first[:value] + end +end diff --git a/updater/spec/dependabot/service_spec.rb b/updater/spec/dependabot/service_spec.rb new file mode 100644 index 00000000000..fa4fda2700e --- /dev/null +++ b/updater/spec/dependabot/service_spec.rb @@ -0,0 +1,309 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/api_client" +require "dependabot/service" + +RSpec.describe Dependabot::Service do + let(:job_id) { 42 } + let(:base_sha) { "mock-sha" } + + let(:mock_client) do + instance_double(Dependabot::ApiClient, { + create_pull_request: nil, + update_pull_request: nil, + close_pull_request: nil, + record_update_job_error: nil + }) + end + subject(:service) { described_class.new(client: mock_client) } + + shared_context :a_pr_was_created do + let(:pr_message) { "update all the things" } + let(:dependencies) do + [ + Dependabot::Dependency.new( + name: "dependabot-fortran", + package_manager: "bundler", + version: "1.8.0", + previous_version: "1.7.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.8.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.7.0", groups: [], source: nil } + ] + ), + Dependabot::Dependency.new( + name: "dependabot-pascal", + package_manager: "bundler", + version: "2.8.0", + previous_version: "2.7.0", + requirements: [ + { file: "Gemfile", requirement: "~> 2.8.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 2.7.0", groups: [], source: nil } + ] + ) + ] + end + + let(:dependency_files) do + [ + { name: "Gemfile", content: "some gems" } + ] + end + + before do + service.create_pull_request(job_id, dependencies, dependency_files, base_sha, pr_message) + end + end + + shared_context :a_pr_was_updated do + let(:dependencies) do + [ + Dependabot::Dependency.new( + name: "dependabot-cobol", + package_manager: "bundler", + version: "3.8.0", + previous_version: "3.7.0", + requirements: [ + { file: "Gemfile", requirement: "~> 3.8.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 3.7.0", groups: [], source: nil } + ] + ) + ] + end + + let(:dependency_files) do + [ + { name: "Gemfile", content: "some gems" } + ] + end + + before do + service.update_pull_request(job_id, dependencies, dependency_files, base_sha) + end + end + + shared_context :a_pr_was_closed do + let(:dependency_name) { "dependabot-fortran" } + let(:reason) { :dependency_removed } + + before do + service.close_pull_request(job_id, dependency_name, reason) + end + end + + shared_context :an_error_was_reported do + before do + service.record_update_job_error( + job_id, + error_type: :epoch_error, + error_details: { + message: "What is fortran doing here?!" + } + ) + end + end + + describe "Instance methods delegated to @client" do + { + get_job: "mock_job_id", + mark_job_as_processed: %w(mock_job_id mock_sha), + update_dependency_list: %w(mock_job_id mock_dependencies mock_dependency_file), + record_package_manager_version: %w(mock_job_id mock_ecosystem mock_package_managers) + }.each do |method, arguments| + before { allow(mock_client).to receive(method) } + + it "delegates #{method}" do + service.send(method, *arguments) + + expect(mock_client).to have_received(method).with(*arguments) + end + end + end + + describe "#create_pull_request" do + include_context :a_pr_was_created + + it "delegates to @client" do + expect(mock_client). + to have_received(:create_pull_request).with(job_id, dependencies, dependency_files, base_sha, pr_message) + end + + it "memoizes a shorthand summary of the PR" do + expect(service.pull_requests). + to eql([["dependabot-fortran ( from 1.7.0 to 1.8.0 ), dependabot-pascal ( from 2.7.0 to 2.8.0 )", :created]]) + end + end + + describe "#update_pull_request" do + include_context :a_pr_was_updated + + it "delegates to @client" do + expect(mock_client).to have_received(:update_pull_request).with(job_id, dependencies, dependency_files, base_sha) + end + + it "memoizes a shorthand summary of the PR" do + expect(service.pull_requests).to eql([["dependabot-cobol ( from 3.7.0 to 3.8.0 )", :updated]]) + end + end + + describe "#close_pull_request" do + include_context :a_pr_was_closed + + it "delegates to @client" do + expect(mock_client).to have_received(:close_pull_request).with(job_id, dependency_name, reason) + end + + it "memoizes a shorthand summary of the reason for closing PRs for a dependency" do + expect(service.pull_requests).to eql([["dependabot-fortran", "closed: dependency_removed"]]) + end + end + + describe "#record_update_job_error" do + include_context :an_error_was_reported + + it "delegates to @client" do + expect(mock_client).to have_received(:record_update_job_error).with( + job_id, + { + error_type: :epoch_error, + error_details: { + message: "What is fortran doing here?!" + } + } + ) + end + + it "memoizes a shorthand summary of the error" do + expect(service.errors).to eql(["epoch_error"]) + end + end + + describe "#noop?" do + it "is true by default" do + expect(service).to be_noop + end + + it "is false if there has been an event" do + service.record_update_job_error( + job_id, + error_type: :epoch_error, + error_details: { + message: "What is fortran doing here?!" + } + ) + + expect(service).not_to be_noop + end + + it "is false if there has been a pull request change" do + service.close_pull_request(job_id, "dependabot-cobol", "legacy code removed") + + expect(service).not_to be_failure + end + end + + describe "#failure?" do + it "is false by default" do + expect(service).not_to be_failure + end + + it "is true if there has been an error" do + service.record_update_job_error( + job_id, + error_type: :epoch_error, + error_details: { + message: "What is fortran doing here?!" + } + ) + + expect(service).to be_failure + end + end + + describe "#summary" do + context "when there were no service events" do + it "is empty" do + expect(service.summary).to be_nil + end + end + + context "when a pr was created" do + include_context :a_pr_was_created + + it "includes the summary of the created PR" do + expect(service.summary). + to include("created", "dependabot-fortran ( from 1.7.0 to 1.8.0 ), dependabot-pascal ( from 2.7.0 to 2.8.0 )") + end + end + + context "when a pr was updated" do + include_context :a_pr_was_updated + + it "includes the summary of the updated PR" do + expect(service.summary). + to include("updated", "dependabot-cobol ( from 3.7.0 to 3.8.0 )") + end + end + + context "when a pr was closed" do + include_context :a_pr_was_closed + + it "includes the summary of the closed PR" do + expect(service.summary). + to include("closed: dependency_removed", "dependabot-fortran") + end + end + + context "when there was an error" do + include_context :an_error_was_reported + + it "includes an error count" do + expect(service.summary). + to include("Dependabot encountered '1' error(s) during execution") + end + end + + context "when there was a mix of pr activity" do + include_context :a_pr_was_updated + include_context :a_pr_was_closed + + it "includes the summary of the updated PR" do + expect(service.summary). + to include("updated", "dependabot-cobol ( from 3.7.0 to 3.8.0 )") + end + + it "includes the summary of the closed PR" do + expect(service.summary). + to include("closed: dependency_removed", "dependabot-fortran") + end + end + + context "when there was a mix of pr and error activity" do + include_context :a_pr_was_created + include_context :a_pr_was_closed + include_context :an_error_was_reported + + it "includes the summary of the created PR" do + expect(service.summary). + to include("created", "dependabot-fortran ( from 1.7.0 to 1.8.0 ), dependabot-pascal ( from 2.7.0 to 2.8.0 )") + end + + it "includes the summary of the closed PR" do + expect(service.summary). + to include("closed: dependency_removed", "dependabot-fortran") + end + + it "includes an error count" do + expect(service.summary). + to include("Dependabot encountered '1' error(s) during execution") + end + end + end +end diff --git a/updater/spec/dependabot/update_files_job_spec.rb b/updater/spec/dependabot/update_files_job_spec.rb new file mode 100644 index 00000000000..3999d3a0008 --- /dev/null +++ b/updater/spec/dependabot/update_files_job_spec.rb @@ -0,0 +1,78 @@ +# frozen_string_literal: true + +require "spec_helper" +require "dependabot/update_files_job" +require "tmpdir" + +RSpec.describe Dependabot::UpdateFilesJob do + subject(:job) { described_class.new } + + let(:service) { double(Dependabot::Service) } + let(:job_path) do + File.join("spec", "fixtures", "file_fetcher_output/output.json") + end + let(:repo_contents_path) { "repo/path" } + let(:job_id) { "123123" } + + before do + allow(job).to receive(:service).and_return(service) + allow(job).to receive(:job_id).and_return(job_id) + allow(service).to receive(:mark_job_as_processed) + + allow(Dependabot::Environment).to receive(:job_path).and_return(job_path) + allow(Dependabot::Environment).to receive(:repo_contents_path).and_return(repo_contents_path) + end + + describe "#perform_job" do + subject(:perform_job) { job.perform_job } + + it "delegates to Dependabot::Updater" do + dummy_runner = double(run: nil) + base_commit_sha = "1c6331732c41e4557a16dacb82534f1d1c831848" + expect(Dependabot::Updater). + to receive(:new). + with( + service: service, + job_id: job_id, + job: anything, + dependency_files: anything, + repo_contents_path: nil, + base_commit_sha: base_commit_sha + ). + and_return(dummy_runner) + expect(dummy_runner).to receive(:run) + expect(service).to receive(:mark_job_as_processed). + with(job_id, base_commit_sha) + + perform_job + end + + context "with vendoring_dependencies" do + let(:job_path) do + File.join("spec", "fixtures", + "file_fetcher_output/vendoring_output.json") + end + + it "delegates to Dependabot::Updater" do + dummy_runner = double(run: nil) + base_commit_sha = "1c6331732c41e4557a16dacb82534f1d1c831848" + expect(Dependabot::Updater). + to receive(:new). + with( + service: service, + job_id: job_id, + job: anything, + dependency_files: anything, + repo_contents_path: repo_contents_path, + base_commit_sha: base_commit_sha + ). + and_return(dummy_runner) + expect(dummy_runner).to receive(:run) + expect(service).to receive(:mark_job_as_processed). + with(job_id, base_commit_sha) + + perform_job + end + end + end +end diff --git a/updater/spec/dependabot/updater_spec.rb b/updater/spec/dependabot/updater_spec.rb new file mode 100644 index 00000000000..7fa084398e6 --- /dev/null +++ b/updater/spec/dependabot/updater_spec.rb @@ -0,0 +1,1809 @@ +# frozen_string_literal: true + +require "spec_helper" +require "bundler/compact_index_client" +require "bundler/compact_index_client/updater" +require "dependabot/dependency" +require "dependabot/dependency_file" +require "dependabot/file_fetchers" +require "dependabot/updater" +require "dependabot/service" + +RSpec.describe Dependabot::Updater do + subject(:updater) do + Dependabot::Updater.new( + service: service, + job_id: 1, + job: job, + dependency_files: dependency_files, + base_commit_sha: "sha", + repo_contents_path: repo_contents_path + ) + end + + let(:logger) { double(Logger) } + let(:service) { double(Dependabot::Service) } + + before do + allow(service).to receive(:get_job).and_return(job) + allow(service).to receive(:create_pull_request) + allow(service).to receive(:update_pull_request) + allow(service).to receive(:close_pull_request) + allow(service).to receive(:mark_job_as_processed) + allow(service).to receive(:update_dependency_list) + allow(service).to receive(:record_update_job_error) + allow_any_instance_of(Dependabot::ApiClient).to receive(:record_package_manager_version) + allow(Dependabot).to receive(:logger).and_return(logger) + allow(logger).to receive(:info) + allow(logger).to receive(:error) + + allow(Dependabot::Environment).to receive(:token).and_return("some_token") + allow(Dependabot::Environment).to receive(:job_id).and_return(1) + end + + let(:job) do + Dependabot::Job.new( + token: "token", + dependencies: requested_dependencies, + allowed_updates: allowed_updates, + existing_pull_requests: existing_pull_requests, + ignore_conditions: ignore_conditions, + security_advisories: security_advisories, + package_manager: "bundler", + source: { + "provider" => "github", + "repo" => "dependabot-fixtures/dependabot-test-ruby-package", + "directory" => "/", + "branch" => nil, + "api-endpoint" => "https://api.github.com/", + "hostname" => "github.com" + }, + credentials: credentials, + lockfile_only: false, + requirements_update_strategy: nil, + update_subdependencies: false, + updating_a_pull_request: updating_a_pull_request, + vendor_dependencies: false, + experiments: experiments, + commit_message_options: { + "prefix" => commit_message_prefix, + "prefix-development" => commit_message_prefix_development, + "include-scope" => commit_message_include_scope + }, + security_updates_only: security_updates_only + ) + end + let(:requested_dependencies) { nil } + let(:updating_a_pull_request) { false } + let(:existing_pull_requests) { [] } + let(:security_advisories) { [] } + let(:ignore_conditions) { [] } + let(:security_updates_only) { false } + let(:ignore_conditions) { [] } + let(:allowed_updates) do + [ + { + "dependency-type" => "direct", + "update-type" => "all" + }, + { + "dependency-type" => "indirect", + "update-type" => "security" + } + ] + end + let(:credentials) do + [ + { + "type" => "git_source", + "host" => "github.com", + "username" => "x-access-token", + "password" => "github-token" + }, + { "type" => "random", "secret" => "codes" } + ] + end + let(:experiments) { {} } + let(:repo_contents_path) { nil } + let(:commit_message_prefix) { "[bump]" } + let(:commit_message_prefix_development) { "[bump-dev]" } + let(:commit_message_include_scope) { true } + + let(:checker) { double(Dependabot::Bundler::UpdateChecker) } + before do + allow(checker).to receive(:up_to_date?).and_return(false, false) + allow(checker).to receive(:vulnerable?).and_return(false) + allow(checker).to receive(:version_class). + and_return(Dependabot::Bundler::Version) + allow(checker).to receive(:requirements_unlocked_or_can_be?). + and_return(true) + allow(checker). + to receive(:can_update?).with(requirements_to_unlock: :own). + and_return(true, false) + allow(checker). + to receive(:can_update?).with(requirements_to_unlock: :all). + and_return(false) + allow(checker).to receive(:updated_dependencies).and_return([dependency]) + allow(checker).to receive(:dependency).and_return(original_dependency) + allow(checker). + to receive(:latest_version). + and_return(Gem::Version.new("1.2.0")) + allow(Dependabot::Bundler::UpdateChecker).to receive(:new).and_return(checker) + end + let(:dependency) do + Dependabot::Dependency.new( + name: "dummy-pkg-b", + package_manager: "bundler", + version: "1.2.0", + previous_version: "1.1.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.2.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.1.0", groups: [], source: nil } + ] + ) + end + let(:multiple_dependencies) do + [ + Dependabot::Dependency.new( + name: "dummy-pkg-b", + package_manager: "bundler", + version: "1.2.0", + previous_version: "1.1.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.2.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.1.0", groups: [], source: nil } + ] + ), + Dependabot::Dependency.new( + name: "dummy-pkg-a", + package_manager: "bundler", + version: "2.0.0", + previous_version: "1.0.1", + requirements: [ + { file: "Gemfile", requirement: "~> 2.0.0", groups: [], source: nil } + ], + previous_requirements: [ + { file: "Gemfile", requirement: "~> 1.0.0", groups: [], source: nil } + ] + ) + ] + end + let(:original_dependency) do + Dependabot::Dependency.new( + name: "dummy-pkg-b", + package_manager: "bundler", + version: "1.1.0", + requirements: [ + { file: "Gemfile", requirement: "~> 1.1.0", groups: [], source: nil } + ] + ) + end + + describe "#run" do + before do + allow_any_instance_of(Bundler::CompactIndexClient::Updater). + to receive(:etag_for). + and_return("") + + stub_request(:get, "https://index.rubygems.org/versions"). + to_return(status: 200, body: fixture("rubygems-index")) + + stub_request(:get, "https://index.rubygems.org/info/dummy-pkg-a"). + to_return(status: 200, body: fixture("rubygems-info-a")) + stub_request(:get, "https://index.rubygems.org/info/dummy-pkg-b"). + to_return(status: 200, body: fixture("rubygems-info-b")) + end + + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "Gemfile", + content: fixture("bundler/original/Gemfile"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "Gemfile.lock", + content: fixture("bundler/original/Gemfile.lock"), + directory: "/" + ) + ] + end + + context "when the host is out of disk space" do + before do + allow(service).to receive(:record_update_job_error).and_return(nil) + allow(job).to receive(:updating_a_pull_request?).and_raise(Errno::ENOSPC) + end + + it "records an 'out_of_disk' error" do + updater.run + + expect(service).to have_received(:record_update_job_error). + with(anything, { error_type: "out_of_disk", error_details: nil }) + end + end + + context "when github pr creation is rate limiting" do + let(:experiments) { { "build-pull-request-message" => true } } + + before do + allow(service).to receive(:record_update_job_error).and_return(nil) + + error = Octokit::TooManyRequests.new({ + status: 403, + response_headers: { "X-RateLimit-Reset" => 42 } + }) + message_builder = double(Dependabot::PullRequestCreator::MessageBuilder) + allow(Dependabot::PullRequestCreator::MessageBuilder).to receive(:new).and_return(message_builder) + allow(message_builder).to receive(:message).and_raise(error) + end + + it "records an 'octokit_rate_limited' error" do + updater.run + + expect(service).to have_received(:record_update_job_error). + with(anything, { error_type: "octokit_rate_limited", error_details: { "rate-limit-reset": 42 } }) + end + end + + context "when the job has already been processed" do + let(:job) { nil } + + it "no-ops" do + expect(updater).to_not receive(:dependencies) + updater.run + end + end + + it "logs the current and latest versions" do + expect(logger). + to receive(:info). + with(" Checking if dummy-pkg-b 1.1.0 needs updating") + expect(logger). + to receive(:info). + with(" Latest version is 1.2.0") + updater.run + end + + context "when the checker has an requirements update strategy" do + before do + allow(checker). + to receive(:requirements_update_strategy). + and_return(:bump_versions) + end + + it "logs the update requirements and strategy" do + expect(logger). + to receive(:info). + with(" Requirements to unlock own") + expect(logger). + to receive(:info). + with(" Requirements update strategy bump_versions") + updater.run + end + end + + context "when no dependencies are allowed" do + let(:allowed_updates) { [{ "dependency-name" => "typoed-dep-name" }] } + + it "logs the current and latest versions" do + expect(logger). + to receive(:info). + with(" Found no dependencies to update after filtering " \ + "allowed updates") + updater.run + end + end + + context "when the repo_contents_path is set and the job clones into it" do + let(:repo_contents_path) { Dir.mktmpdir("test_repo_dir") } + + before do + File.write(File.join(repo_contents_path, "Gemfile"), <<~GEMFILE) + source "https://rubygems.org" + gem "dummy-pkg-a" + GEMFILE + end + + after do + FileUtils.rm_rf(repo_contents_path) + end + + it "cleans up any files left behind" do + updater.run + + expect(Dir.exist?(repo_contents_path)).to be_truthy + expect(Dir.empty?(repo_contents_path)).to be_truthy + end + end + + context "for security only updates" do + let(:security_updates_only) { true } + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"], + "patched-versions" => ["1.2.0"] }] + end + + before do + allow(checker).to receive(:vulnerable?).and_return(true) + end + + it "creates the pull request" do + expect(service).to receive(:create_pull_request).once + updater.run + end + + context "when the dep has no version so we can't check vulnerability" do + let(:original_dependency) do + Dependabot::Dependency.new( + name: "dummy-pkg-b", + package_manager: "bundler", + version: nil, + requirements: [ + { + file: "Gemfile", + requirement: "~> 1.1.0", + groups: [], + source: nil + } + ] + ) + end + + before do + allow(checker).to receive(:vulnerable?).and_return(false) + end + + it "does not create pull request" do + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error).with( + 1, + { + error_type: "dependency_file_not_supported", + error_details: { + "dependency-name": "dummy-pkg-b" + } + } + ) + expect(logger). + to receive(:info).with( + " Dependabot can't update vulnerable dependencies for " \ + "projects without a lockfile or pinned version requirement as " \ + "as the currently installed version of " \ + "dummy-pkg-b isn't known." + ) + + updater.run + end + end + + context "when the dependency is no longer vulnerable" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.0.0"], + "patched-versions" => ["1.1.0"] }] + end + + before do + allow(checker).to receive(:vulnerable?).and_return(false) + end + + it "does not create pull request" do + expect(service).to_not receive(:create_pull_request) + updater.run + end + end + + context "when the update is still vulnerable" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0", "1.2.0"] }] + end + + before do + allow(checker).to receive(:vulnerable?).and_return(true) + end + + it "does not create pull request" do + expect(checker).to receive(:lowest_resolvable_security_fix_version). + and_return(dependency.version) + expect(checker).to receive(:lowest_security_fix_version). + and_return(Dependabot::Bundler::Version.new("1.3.0")) + expect(checker).to receive(:conflicting_dependencies).and_return( + [ + { + "explanation" => + "dummy-pkg-a (1.0.0) requires dummy-pkg-b (= 1.2.0)", + "name" => "dummy-pkg-a", + "version" => "1.0.0", + "requirement" => "= 1.2.0" + } + ] + ) + + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error).with( + 1, + { + error_type: "security_update_not_possible", + error_details: { + "dependency-name": "dummy-pkg-b", + "latest-resolvable-version": "1.2.0", + "lowest-non-vulnerable-version": "1.3.0", + "conflicting-dependencies": [ + { + "explanation" => + "dummy-pkg-a (1.0.0) requires dummy-pkg-b (= 1.2.0)", + "name" => "dummy-pkg-a", + "version" => "1.0.0", + "requirement" => "= 1.2.0" + } + ] + } + } + ) + expect(logger). + to receive(:info).with( + " The latest possible version that can be installed is " \ + "1.2.0 because of the following conflicting dependency:\n" \ + " \n" \ + " dummy-pkg-a (1.0.0) requires dummy-pkg-b (= 1.2.0)" + ) + + updater.run + end + + it "reports the correct error when there is no fixed version" do + expect(checker).to receive(:lowest_resolvable_security_fix_version). + and_return(nil) + expect(checker).to receive(:lowest_security_fix_version). + and_return(nil) + expect(checker).to receive(:conflicting_dependencies).and_return([]) + + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error).with( + 1, + { + error_type: "security_update_not_possible", + error_details: { + "dependency-name": "dummy-pkg-b", + "latest-resolvable-version": "1.1.0", + "lowest-non-vulnerable-version": nil, + "conflicting-dependencies": [] + } + } + ) + expect(logger). + to receive(:info).with( + " The latest possible version of dummy-pkg-b that can be " \ + "installed is 1.1.0" + ) + updater.run + end + end + + context "when the dependency is deemed up-to-date but still vulnerable" do + it "doesn't update the dependency" do + expect(checker).to receive(:up_to_date?).and_return(true) + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error). + with( + 1, + error_type: "security_update_not_found", + error_details: { + "dependency-name": "dummy-pkg-b", + "dependency-version": "1.1.0" + } + ) + expect(logger). + to receive(:info). + with( + " Dependabot can't find a published or compatible " \ + "non-vulnerable version for dummy-pkg-b. " \ + "The latest available version is 1.1.0" + ) + updater.run + end + end + end + + context "when ignore conditions are set" do + def expect_update_checker_with_ignored_versions(versions) + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: versions, + security_advisories: anything, + raise_on_ignored: anything, + requirements_update_strategy: anything, + options: anything + ).once + end + + describe "when ignores match the dependency name" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + let(:ignore_conditions) { [{ "dependency-name" => "dummy-pkg-b", "version-requirement" => ">= 0" }] } + + it "passes ignored_versions to the update checker" do + updater.run + expect_update_checker_with_ignored_versions([">= 0"]) + end + end + + describe "when all versions are ignored" do + let(:ignore_conditions) do + [ + { "dependency-name" => "dummy-pkg-a", "version-requirement" => "~> 2.0.0" }, + { "dependency-name" => "dummy-pkg-b", "version-requirement" => "~> 1.0.0" } + ] + end + + before do + allow(checker). + to receive(:latest_version). + and_raise(Dependabot::AllVersionsIgnored) + allow(checker). + to receive(:up_to_date?). + and_raise(Dependabot::AllVersionsIgnored) + end + + it "logs the errors" do + expect(logger). + to receive(:info). + with( + " All updates for dummy-pkg-a were ignored" + ) + expect(logger). + to receive(:info). + with( + " All updates for dummy-pkg-b were ignored" + ) + updater.run + end + + it "doesn't report a job error" do + updater.run + expect(service).to_not have_received(:record_update_job_error) + end + end + + describe "without an ignore condition" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + + it "doesn't enable raised_on_ignore for ignore logging" do + updater.run + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + security_advisories: anything, + raise_on_ignored: false, + requirements_update_strategy: anything, + options: anything + ) + end + end + + describe "with an ignored version" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + let(:ignore_conditions) { [{ "dependency-name" => "dummy-pkg-b", "version-requirement" => "~> 1.0.0" }] } + + it "enables raised_on_ignore for ignore logging" do + updater.run + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + security_advisories: anything, + raise_on_ignored: true, + requirements_update_strategy: anything, + options: anything + ) + end + end + + describe "with an ignored update-type" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + let(:ignore_conditions) do + [{ "dependency-name" => "dummy-pkg-b", "update-types" => ["version-update:semver-patch"] }] + end + + it "enables raised_on_ignore for ignore logging" do + updater.run + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + security_advisories: anything, + raise_on_ignored: true, + requirements_update_strategy: anything, + options: anything + ) + end + end + + describe "when ignores don't match the name" do + let(:requested_dependencies) { ["dummy-pkg-a"] } + let(:ignore_conditions) { [{ "dependency-name" => "dummy-pkg-b", "version-requirement" => ">= 0" }] } + + it "passes ignored_versions to the update checker" do + updater.run + expect_update_checker_with_ignored_versions([]) + end + end + + describe "when ignores match a wildcard name" do + let(:requested_dependencies) { ["dummy-pkg-a"] } + let(:ignore_conditions) { [{ "dependency-name" => "dummy-pkg-*", "version-requirement" => ">= 0" }] } + + it "passes ignored_versions to the update checker" do + updater.run + expect_update_checker_with_ignored_versions([">= 0"]) + end + end + + describe "when ignores define update-types with feature enabled" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + let(:ignore_conditions) do + [ + { + "dependency-name" => "dummy-pkg-a", + "version-requirement" => ">= 3.0.0, < 5" + }, + { + "dependency-name" => "dummy-pkg-*", + "version-requirement" => ">= 2.0.0, < 3" + }, + { + "dependency-name" => "dummy-pkg-b", + "update-types" => ["version-update:semver-patch", "version-update:semver-minor"] + } + ] + end + + it "passes ignored_versions to the update checker" do + updater.run + expect_update_checker_with_ignored_versions([">= 2.0.0, < 3", "> 1.1.0, < 1.2", ">= 1.2.a, < 2"]) + end + end + end + + context "when cloning experiment is enabled" do + let(:experiments) { { "cloning" => true } } + + it "passes the experiment to the FileUpdater" do + expect(Dependabot::Bundler::FileUpdater).to receive(:new).with( + dependencies: [dependency], + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + credentials: credentials, + options: { cloning: true } + ).and_call_original + expect(service).to receive(:create_pull_request).once + updater.run + end + end + + it "updates the update config's dependency list" do + job_id = 1 + dependencies = [ + { + name: "dummy-pkg-a", + version: "2.0.0", + requirements: [ + { + file: "Gemfile", + requirement: "~> 2.0.0", + groups: [:default], + source: nil + } + ] + }, + { + name: "dummy-pkg-b", + version: "1.1.0", + requirements: [ + { + file: "Gemfile", + requirement: "~> 1.1.0", + groups: [:default], + source: nil + } + ] + } + ] + dependency_files = ["/Gemfile", "/Gemfile.lock"] + + expect(service). + to receive(:update_dependency_list).with(job_id, dependencies, dependency_files) + updater.run + end + + it "updates dependencies correctly" do + job_id = 1 + dependencies = [have_attributes(name: "dummy-pkg-b")] + updated_dependency_files = [ + { + "name" => "Gemfile", + "content" => fixture("bundler/updated/Gemfile"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "Gemfile.lock", + "content" => fixture("bundler/updated/Gemfile.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + base_commit_sha = "sha" + pr_message = nil + expect(service). + to receive(:create_pull_request). + with(job_id, dependencies, updated_dependency_files, base_commit_sha, pr_message) + + updater.run + end + + it "does not build pull request message" do + expect(Dependabot::PullRequestCreator::MessageBuilder).not_to receive(:new) + updater.run + end + + it "updates only the dependencies that need updating" do + expect(service).to receive(:create_pull_request).once + updater.run + end + + context "when an update requires multiple dependencies to be updated" do + before do + allow(checker). + to receive(:can_update?).with(requirements_to_unlock: :own). + and_return(false, false) + allow(checker). + to receive(:can_update?).with(requirements_to_unlock: :all). + and_return(false, true) + allow(checker).to receive(:updated_dependencies). + with(requirements_to_unlock: :all). + and_return(multiple_dependencies) + end + + let(:peer_checker) { double(Dependabot::Bundler::UpdateChecker) } + before do + allow(peer_checker).to receive(:can_update?).and_return(false) + allow(Dependabot::Bundler::UpdateChecker).to receive(:new). + and_return(checker, checker, peer_checker) + end + + it "updates the dependency" do + expect(service).to receive(:create_pull_request).once + updater.run + end + + context "when the peer dependency could update on its own" do + before { allow(peer_checker).to receive(:can_update?).and_return(true) } + + it "doesn't update the dependency" do + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + updater.run + end + end + + context "with ignore conditions" do + let(:ignore_conditions) do + [ + { "dependency-name" => "dummy-pkg-a", "version-requirement" => "~> 2.0.0" }, + { "dependency-name" => "dummy-pkg-b", "version-requirement" => "~> 1.0.0" } + ] + end + + it "doesn't set raise_on_ignore for the peer_checker" do + updater.run + + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + options: anything, + security_advisories: anything, + raise_on_ignored: true, + requirements_update_strategy: anything + ).twice.ordered + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + options: anything, + security_advisories: anything, + raise_on_ignored: false, + requirements_update_strategy: anything + ).ordered + end + end + end + + context "when a PR already exists" do + let(:existing_pull_requests) do + [ + [ + { + "dependency-name" => "dummy-pkg-b", + "dependency-version" => "1.2.0" + } + ] + ] + end + + context "for the latest version" do + before do + allow(checker). + to receive(:latest_version). + and_return(Gem::Version.new("1.2.0")) + end + + it "doesn't call can_update? (so short-circuits resolution)" do + expect(checker).to_not receive(:can_update?) + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + expect(service).to_not receive(:record_update_job_error) + expect(logger). + to receive(:info). + with(" Pull request already exists for dummy-pkg-b " \ + "with latest version 1.2.0") + updater.run + end + end + + context "for the resolved version" do + before do + allow(checker). + to receive(:latest_version). + and_return(Gem::Version.new("1.3.0")) + end + + it "doesn't update the dependency" do + expect(checker).to receive(:up_to_date?).and_return(false, false) + expect(checker).to receive(:can_update?).and_return(true, false) + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + expect(service).to_not receive(:record_update_job_error) + expect(logger). + to receive(:info). + with(" Pull request already exists for dummy-pkg-b@1.2.0") + updater.run + end + end + + context "when security only updates for the resolved version" do + let(:security_updates_only) { true } + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + + before do + allow(checker). + to receive(:latest_version). + and_return(Gem::Version.new("1.3.0")) + allow(checker).to receive(:vulnerable?).and_return(true) + end + + it "creates an update job error and short-circuits" do + expect(checker).to receive(:up_to_date?).and_return(false) + expect(checker).to receive(:can_update?).and_return(true) + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error). + with( + 1, + error_type: "pull_request_exists_for_security_update", + error_details: { + "updated-dependencies": [ + "dependency-name": "dummy-pkg-b", + "dependency-version": "1.2.0" + ] + } + ) + expect(logger). + to receive(:info). + with(" Pull request already exists for dummy-pkg-b@1.2.0") + updater.run + end + end + + context "when security only updates for the latest version" do + let(:security_updates_only) { true } + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + + before do + allow(checker). + to receive(:latest_version). + and_return(Gem::Version.new("1.2.0")) + allow(checker).to receive(:vulnerable?).and_return(true) + end + + it "doesn't call can_update? (so short-circuits resolution)" do + expect(checker).to_not receive(:can_update?) + expect(updater).to_not receive(:generate_dependency_files_for) + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error). + with( + 1, + error_type: "pull_request_exists_for_latest_version", + error_details: { + "dependency-name": "dummy-pkg-b", + "dependency-version": "1.2.0" + } + ) + expect(logger). + to receive(:info). + with(" Pull request already exists for dummy-pkg-b " \ + "with latest version 1.2.0") + updater.run + end + end + + context "for a different version" do + let(:existing_pull_requests) do + [ + { + "dependency-name" => "dummy-pkg-b", + "dependency-version" => "1.1.1" + } + ] + end + + it "updates the dependency" do + expect(service).to receive(:create_pull_request).once + updater.run + end + end + end + + context "when a list of dependencies is specified" do + let(:requested_dependencies) { ["dummy-pkg-b"] } + + context "and the job is to update a PR" do + let(:updating_a_pull_request) { true } + + it "only attempts to update dependencies on the specified list" do + expect(updater). + to receive(:check_and_update_existing_pr_with_error_handling). + and_call_original + expect(updater). + to_not receive(:check_and_create_pr_with_error_handling) + expect(service).to receive(:create_pull_request).once + + updater.run + end + + context "when security only updates" do + let(:security_updates_only) { true } + + before do + allow(checker).to receive(:vulnerable?).and_return(true) + end + + context "the dependency isn't vulnerable" do + it "closes the pull request" do + expect(service).to receive(:close_pull_request).once + updater.run + end + end + + context "the dependency is vulnerable" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + + it "creates the pull request" do + expect(service).to receive(:create_pull_request) + updater.run + end + end + + context "the dependency is vulnerable but updates aren't allowed" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + let(:allowed_updates) do + [ + { + "dependency-type" => "development" + } + ] + end + + it "closes the pull request" do + expect(service).to receive(:close_pull_request).once + expect(logger). + to receive(:info).with( + " Dependency no longer allowed to update dummy-pkg-b 1.1.0" + ) + updater.run + end + end + end + + context "when the dependency doesn't appear in the parsed file" do + let(:requested_dependencies) { ["removed_dependency"] } + + it "closes the pull request" do + expect(service).to receive(:close_pull_request).once + updater.run + end + + context "because an error was raised parsing the dependencies" do + before do + allow(updater).to receive(:dependency_files). + and_raise( + Dependabot::DependencyFileNotParseable.new("path/to/file") + ) + end + + it "does not close the pull request" do + expect(service).to_not receive(:close_pull_request) + updater.run + end + end + end + + context "when the dependency name case doesn't match what's parsed" do + let(:requested_dependencies) { ["Dummy-pkg-b"] } + + it "only attempts to update dependencies on the specified list" do + expect(updater). + to receive(:check_and_update_existing_pr_with_error_handling). + and_call_original + expect(updater). + to_not receive(:check_and_create_pr_with_error_handling) + expect(service).to receive(:create_pull_request).once + expect(service).not_to receive(:close_pull_request) + + updater.run + end + end + + context "when a PR already exists" do + let(:existing_pull_requests) do + [ + [ + { + "dependency-name" => "dummy-pkg-b", + "dependency-version" => "1.2.0" + } + ] + ] + end + + it "updates the dependency" do + expect(service).to receive(:update_pull_request).once + updater.run + end + + context "for a different version" do + let(:existing_pull_requests) do + [ + [ + { + "dependency-name" => "dummy-pkg-b", + "dependency-version" => "1.1.1" + } + ] + ] + end + + it "updates the dependency" do + expect(service).to receive(:create_pull_request).once + updater.run + end + end + end + + context "when the dependency no-longer needs updating" do + before { allow(checker).to receive(:can_update?).and_return(false) } + + it "closes the pull request" do + expect(service).to receive(:close_pull_request).once + updater.run + end + end + end + + context "and the job is not to update a PR" do + let(:updating_a_pull_request) { false } + + it "only attempts to update dependencies on the specified list" do + expect(updater). + to receive(:check_and_create_pr_with_error_handling). + and_call_original + expect(updater). + to_not receive(:check_and_update_existing_pr_with_error_handling) + expect(service).to receive(:create_pull_request).once + + updater.run + end + + context "when the dependency doesn't appear in the parsed file" do + let(:requested_dependencies) { ["removed_dependency"] } + + it "does not try to close any pull request" do + expect(service).to_not receive(:close_pull_request) + updater.run + end + end + + context "when the dependency name case doesn't match what's parsed" do + let(:requested_dependencies) { ["Dummy-pkg-b"] } + + it "only attempts to update dependencies on the specified list" do + expect(updater). + to receive(:check_and_create_pr_with_error_handling). + and_call_original + expect(updater). + to_not receive(:check_and_update_existing_pr_with_error_handling) + expect(service).to receive(:create_pull_request).once + + updater.run + end + end + + context "when the dependency is a sub-dependency" do + let(:requested_dependencies) { ["dummy-pkg-a"] } + + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "Gemfile", + content: fixture("bundler/original/sub_dep"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "Gemfile.lock", + content: fixture("bundler/original/sub_dep.lock"), + directory: "/" + ) + ] + end + + it "still attempts to update the dependency" do + expect(updater). + to receive(:check_and_create_pr_with_error_handling). + and_call_original + expect(updater). + to_not receive(:check_and_update_existing_pr_with_error_handling) + expect(service).to receive(:create_pull_request).once + + updater.run + end + end + + context "for security only updates" do + let(:security_updates_only) { true } + + before do + allow(checker).to receive(:vulnerable?).and_return(true) + end + + context "when the dependency is vulnerable" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + + it "creates the pull request" do + expect(service).to receive(:create_pull_request) + updater.run + end + end + + context "when the dependency is not allowed to update" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.1.0"] }] + end + let(:allowed_updates) do + [ + { + "dependency-type" => "development" + } + ] + end + + it "does not create the pull request" do + expect(service).not_to receive(:create_pull_request) + expect(service).to receive(:record_update_job_error).with( + 1, + { + error_type: "all_versions_ignored", + error_details: { + "dependency-name": "dummy-pkg-b" + } + } + ) + expect(logger). + to receive(:info).with( + " Dependabot cannot update to the required version as all " \ + "versions were ignored for dummy-pkg-b" + ) + updater.run + end + end + + context "when the dependency is no longer vulnerable" do + let(:security_advisories) do + [{ "dependency-name" => "dummy-pkg-b", + "affected-versions" => ["1.0.0"], + "patched-versions" => ["1.1.0"] }] + end + + before do + allow(checker).to receive(:vulnerable?).and_return(false) + end + + it "does not create pull request" do + expect(service).to_not receive(:create_pull_request) + expect(service).to receive(:record_update_job_error).with( + 1, + { + error_type: "security_update_not_needed", + error_details: { + "dependency-name": "dummy-pkg-b" + } + } + ) + expect(logger). + to receive(:info).with( + " no security update needed as dummy-pkg-b " \ + "is no longer vulnerable" + ) + + updater.run + end + end + end + end + end + + context "when an error is raised" do + let(:error) { StandardError } + + before do + values = [-> { raise error }, -> { true }, -> { true }, -> { true }] + allow(checker).to receive(:can_update?) { values.shift.call } + end + + context "during parsing" do + before { allow(updater).to receive(:dependency_files).and_raise(error) } + + context "and it's an unknown error" do + let(:error) { StandardError.new("hell") } + + it "tells Sentry" do + expect(Raven).to receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "unknown_error", + error_details: nil + ) + updater.run + end + end + + context "but it's a Dependabot::DependencyFileNotFound" do + let(:error) { Dependabot::DependencyFileNotFound.new("path/to/file") } + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "dependency_file_not_found", + error_details: { "file-path": "path/to/file" } + ) + updater.run + end + end + + context "but it's a Dependabot::BranchNotFound" do + let(:error) { Dependabot::BranchNotFound.new("my_branch") } + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "branch_not_found", + error_details: { "branch-name": "my_branch" } + ) + updater.run + end + end + + context "but it's a Dependabot::DependencyFileNotParseable" do + let(:error) do + Dependabot::DependencyFileNotParseable.new("path/to/file", "a") + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "dependency_file_not_parseable", + error_details: { "file-path": "path/to/file", message: "a" } + ) + updater.run + end + end + + context "but it's a Dependabot::PathDependenciesNotReachable" do + let(:error) do + Dependabot::PathDependenciesNotReachable.new(["bad_gem"]) + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "path_dependencies_not_reachable", + error_details: { dependencies: ["bad_gem"] } + ) + updater.run + end + end + end + + context "but it's a Dependabot::DependencyFileNotResolvable" do + let(:error) { Dependabot::DependencyFileNotResolvable.new("message") } + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "dependency_file_not_resolvable", + error_details: { message: "message" } + ) + updater.run + end + end + + context "but it's a Dependabot::DependencyFileNotEvaluatable" do + let(:error) { Dependabot::DependencyFileNotEvaluatable.new("message") } + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "dependency_file_not_evaluatable", + error_details: { message: "message" } + ) + updater.run + end + end + + context "but it's a Dependabot::InconsistentRegistryResponse" do + let(:error) { Dependabot::InconsistentRegistryResponse.new("message") } + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "doesn't tell the main backend" do + expect(service).to_not receive(:record_update_job_error) + updater.run + end + end + + context "but it's a Dependabot::GitDependenciesNotReachable" do + let(:error) do + Dependabot::GitDependenciesNotReachable.new("https://example.com") + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "git_dependencies_not_reachable", + error_details: { "dependency-urls": ["https://example.com"] } + ) + updater.run + end + end + + context "but it's a Dependabot::GitDependencyReferenceNotFound" do + let(:error) do + Dependabot::GitDependencyReferenceNotFound.new("some_dep") + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "git_dependency_reference_not_found", + error_details: { dependency: "some_dep" } + ) + updater.run + end + end + + context "but it's a Dependabot::GoModulePathMismatch" do + let(:error) do + Dependabot::GoModulePathMismatch.new("/go.mod", "foo", "bar") + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "go_module_path_mismatch", + error_details: { + "declared-path": "foo", + "discovered-path": "bar", + "go-mod": "/go.mod" + } + ) + updater.run + end + end + + context "but it's a Dependabot::PrivateSourceAuthenticationFailure" do + let(:error) do + Dependabot::PrivateSourceAuthenticationFailure.new("some.example.com") + end + + it "doesn't tell Sentry" do + expect(Raven).to_not receive(:capture_exception) + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "private_source_authentication_failure", + error_details: { source: "some.example.com" } + ) + updater.run + end + end + + context "but it's a Dependabot::SharedHelpers::HelperSubprocessFailed" do + let(:error) do + Dependabot::SharedHelpers::HelperSubprocessFailed.new( + message: "Potentially sensitive log content goes here", + error_context: {} + ) + end + + it "tells the main backend there has been an unknown error" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "unknown_error", + error_details: nil + ) + updater.run + end + + it "notifies Sentry with a breadcrumb to check the logs" do + expect(Raven). + to receive(:capture_exception). + with(instance_of(Dependabot::Updater::SubprocessFailed), anything) + updater.run + end + end + + it "tells Sentry" do + expect(Raven).to receive(:capture_exception).once + updater.run + end + + it "tells the main backend" do + expect(service). + to receive(:record_update_job_error). + with( + 1, + error_type: "unknown_error", + error_details: nil + ) + updater.run + end + + it "still processes the other jobs" do + expect(service).to receive(:create_pull_request).once + updater.run + end + end + + context "when build_pull_request_message is set" do + let(:experiments) { { "build-pull-request-message" => true } } + + it "builds pull request message" do + expect(Dependabot::PullRequestCreator::MessageBuilder). + to receive(:new).with( + source: job.source, + files: an_instance_of(Array), + dependencies: an_instance_of(Array), + credentials: credentials, + commit_message_options: { + include_scope: commit_message_include_scope, + prefix: commit_message_prefix, + prefix_development: commit_message_prefix_development + }, + github_redirection_service: "github-redirect.dependabot.com" + ) + updater.run + end + end + + describe "experiments" do + let(:experiments) do + { "large-hadron-collider" => true } + end + + it "passes the experiments to the FileParser as options" do + expect(Dependabot::Bundler::FileParser).to receive(:new).with( + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + source: job.source, + credentials: credentials, + reject_external_code: job.reject_external_code?, + options: { large_hadron_collider: true } + ).and_call_original + + updater.run + end + + it "passes the experiments to the FileUpdater as options" do + expect(Dependabot::Bundler::FileUpdater).to receive(:new).with( + dependencies: [dependency], + dependency_files: dependency_files, + repo_contents_path: repo_contents_path, + credentials: credentials, + options: { large_hadron_collider: true } + ).and_call_original + + updater.run + end + + it "passes the experiments to the UpdateChecker as options" do + updater.run + + expect(Dependabot::Bundler::UpdateChecker).to have_received(:new).with( + dependency: anything, + dependency_files: anything, + repo_contents_path: anything, + credentials: anything, + ignored_versions: anything, + security_advisories: anything, + raise_on_ignored: anything, + requirements_update_strategy: anything, + options: { large_hadron_collider: true } + ).twice + end + + context "with a bundler 2 project" do + let(:dependency_files) do + [ + Dependabot::DependencyFile.new( + name: "Gemfile", + content: fixture("bundler2/original/Gemfile"), + directory: "/" + ), + Dependabot::DependencyFile.new( + name: "Gemfile.lock", + content: fixture("bundler2/original/Gemfile.lock"), + directory: "/" + ) + ] + end + + it "updates dependencies correctly" do + job_id = 1 + dependencies = [have_attributes(name: "dummy-pkg-b")] + updated_dependency_files = [ + { + "name" => "Gemfile", + "content" => fixture("bundler2/updated/Gemfile"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + }, + { + "name" => "Gemfile.lock", + "content" => fixture("bundler2/updated/Gemfile.lock"), + "directory" => "/", + "type" => "file", + "support_file" => false, + "content_encoding" => "utf-8", + "deleted" => false, + "operation" => "update" + } + ] + base_commit_sha = "sha" + pr_message = nil + expect(service). + to receive(:create_pull_request). + with(job_id, dependencies, updated_dependency_files, base_commit_sha, pr_message) + + updater.run + end + end + end + + it "does not log empty ignore conditions" do + expect(logger). + not_to receive(:info). + with(/Ignored versions:/) + updater.run + end + + context "with ignore conditions" do + let(:config_ignore_condition) do + { + "dependency-name" => "*-pkg-b", + "update-types" => ["version-update:semver-patch", "version-update:semver-minor"], + "source" => ".github/dependabot.yaml" + } + end + let(:comment_ignore_condition) do + { + "dependency-name" => dependency.name, + "version-requirement" => ">= 1.a, < 2.0.0", + "source" => "@dependabot ignore command" + } + end + let(:ignore_conditions) { [config_ignore_condition, comment_ignore_condition] } + + it "logs ignored versions" do + updater.run + expect(logger). + to have_received(:info). + with(/Ignored versions:/) + end + + it "logs ignore conditions" do + updater.run + expect(logger). + to have_received(:info). + with(" >= 1.a, < 2.0.0 - from @dependabot ignore command") + end + + it "logs ignored update types" do + updater.run + expect(logger). + to have_received(:info). + with(" version-update:semver-patch - from .github/dependabot.yaml") + expect(logger). + to have_received(:info). + with(" version-update:semver-minor - from .github/dependabot.yaml") + end + end + + context "with ignored versions that don't apply during a security update" do + let(:security_updates_only) { true } + let(:requested_dependencies) { ["dummy-pkg-b"] } + let(:ignore_conditions) do + [ + { + "dependency-name" => "dummy-pkg-b", + "update-types" => ["version-update:semver-patch"], + "source" => ".github/dependabot.yaml" + } + ] + end + + it "logs ignored versions" do + updater.run + expect(logger). + to have_received(:info). + with(/Ignored versions:/) + end + + it "logs ignored update types" do + updater.run + expect(logger). + to have_received(:info). + with( + " version-update:semver-patch - from .github/dependabot.yaml (doesn't apply to security update)" + ) + end + end + end +end diff --git a/updater/spec/dependabot/wildcard_matcher_spec.rb b/updater/spec/dependabot/wildcard_matcher_spec.rb new file mode 100644 index 00000000000..999f403e790 --- /dev/null +++ b/updater/spec/dependabot/wildcard_matcher_spec.rb @@ -0,0 +1,175 @@ +# frozen_string_literal: true + +require "spec_helper" +require "wildcard_matcher" + +RSpec.describe WildcardMatcher do + describe ".match?" do + subject { WildcardMatcher.match?(wildcard_string, candidate_string) } + + context "without a wildcard" do + let(:wildcard_string) { "bus" } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + + context "with different capitalisation" do + let(:candidate_string) { "Bus" } + it { is_expected.to eq(true) } + end + end + + context "with a superstring" do + let(:candidate_string) { wildcard_string + "iness" } + it { is_expected.to eq(false) } + end + + context "with a substring" do + let(:candidate_string) { "bu" } + it { is_expected.to eq(false) } + end + + context "with a string that ends in the same way" do + let(:candidate_string) { "blunderbus" } + it { is_expected.to eq(false) } + end + + context "with a regex character" do + let(:wildcard_string) { "bus." } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + end + + context "with a superstring" do + let(:candidate_string) { wildcard_string + "iness" } + it { is_expected.to eq(false) } + end + end + end + + context "with a wildcard" do + context "at the start" do + let(:wildcard_string) { "*bus" } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + end + + context "with a matching string (except the wildcard" do + let(:candidate_string) { "bus" } + it { is_expected.to eq(true) } + end + + context "with a string that ends in the same way" do + let(:candidate_string) { "blunderbus" } + it { is_expected.to eq(true) } + end + + context "with a superstring" do + let(:candidate_string) { wildcard_string + "iness" } + it { is_expected.to eq(false) } + end + + context "with a substring" do + let(:candidate_string) { "bu" } + it { is_expected.to eq(false) } + end + end + + context "at the end" do + let(:wildcard_string) { "bus*" } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + end + + context "with a matching string (except the wildcard" do + let(:candidate_string) { "bus" } + it { is_expected.to eq(true) } + end + + context "with a string that ends in the same way" do + let(:candidate_string) { "blunderbus" } + it { is_expected.to eq(false) } + end + + context "with a superstring" do + let(:candidate_string) { wildcard_string + "iness" } + it { is_expected.to eq(true) } + end + + context "with a substring" do + let(:candidate_string) { "bu" } + it { is_expected.to eq(false) } + end + end + + context "in the middle" do + let(:wildcard_string) { "bu*s" } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + end + + context "with a matching string (except the wildcard" do + let(:candidate_string) { "bus" } + it { is_expected.to eq(true) } + end + + context "with a string that ends in the same way" do + let(:candidate_string) { "blunderbus" } + it { is_expected.to eq(false) } + end + + context "with a superstring" do + let(:candidate_string) { wildcard_string + "y" } + it { is_expected.to eq(false) } + end + + context "with a substring" do + let(:candidate_string) { "bu" } + it { is_expected.to eq(false) } + end + + context "with a string that starts and ends in the right way" do + let(:candidate_string) { "business" } + it { is_expected.to eq(true) } + end + end + + context "as the only character" do + let(:wildcard_string) { "*" } + + context "with a matching string" do + let(:candidate_string) { wildcard_string } + it { is_expected.to eq(true) } + end + + context "with any string" do + let(:candidate_string) { "bus" } + it { is_expected.to eq(true) } + end + end + + context "with multiple wildcards" do + let(:wildcard_string) { "bu*in*ss" } + + context "with a string that fits" do + let(:candidate_string) { "business" } + it { is_expected.to eq(true) } + end + + context "with a string that doesn't" do + let(:candidate_string) { "buspass" } + it { is_expected.to eq(false) } + end + end + end + end +end diff --git a/updater/spec/examples.txt b/updater/spec/examples.txt new file mode 100644 index 00000000000..1986f01d1ce --- /dev/null +++ b/updater/spec/examples.txt @@ -0,0 +1,184 @@ +example_id | status | run_time | +------------------------------------------------------- | ------ | --------------- | +./spec/bin_run_spec.rb[1:1:1] | passed | 3.6 seconds | +./spec/dependabot/api_client_spec.rb[1:1:1] | passed | 0.00139 seconds | +./spec/dependabot/api_client_spec.rb[1:1:2] | passed | 0.0036 seconds | +./spec/dependabot/api_client_spec.rb[1:2:1] | passed | 0.00216 seconds | +./spec/dependabot/api_client_spec.rb[1:2:2] | passed | 0.00511 seconds | +./spec/dependabot/api_client_spec.rb[1:2:3:1] | passed | 0.00277 seconds | +./spec/dependabot/api_client_spec.rb[1:3:1] | passed | 0.00152 seconds | +./spec/dependabot/api_client_spec.rb[1:4:1] | passed | 0.00159 seconds | +./spec/dependabot/api_client_spec.rb[1:5:1] | passed | 0.00158 seconds | +./spec/dependabot/api_client_spec.rb[1:6:1] | passed | 0.00206 seconds | +./spec/dependabot/api_client_spec.rb[1:7:1] | passed | 0.00202 seconds | +./spec/dependabot/api_client_spec.rb[1:8:1] | passed | 0.00196 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:1] | passed | 0.04948 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:2] | passed | 0.01698 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:3:1] | passed | 0.003 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:4:1] | passed | 0.00211 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:5:1] | passed | 0.01102 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:6:1] | passed | 0.79306 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:7:1] | passed | 0.98857 seconds | +./spec/dependabot/file_fetcher_job_spec.rb[1:1:7:2] | passed | 0.0159 seconds | +./spec/dependabot/instrumentation_spec.rb[1:1:1] | passed | 0.00085 seconds | +./spec/dependabot/integration_spec.rb[1:1:1] | failed | 0.07627 seconds | +./spec/dependabot/integration_spec.rb[1:1:2] | failed | 0.09173 seconds | +./spec/dependabot/integration_spec.rb[1:2:1] | failed | 0.40383 seconds | +./spec/dependabot/integration_spec.rb[1:3:1] | failed | 0.1804 seconds | +./spec/dependabot/integration_spec.rb[1:4:1] | failed | 3.85 seconds | +./spec/dependabot/job_spec.rb[1:1:1:1] | passed | 0.00028 seconds | +./spec/dependabot/job_spec.rb[1:1:2:1] | passed | 0.00022 seconds | +./spec/dependabot/job_spec.rb[1:1:2:2:1] | passed | 0.00035 seconds | +./spec/dependabot/job_spec.rb[1:1:3:1] | passed | 0.00023 seconds | +./spec/dependabot/job_spec.rb[1:1:3:2:1] | passed | 0.00038 seconds | +./spec/dependabot/job_spec.rb[1:1:4:1] | passed | 0.001 seconds | +./spec/dependabot/job_spec.rb[1:1:4:2:1] | passed | 0.00041 seconds | +./spec/dependabot/job_spec.rb[1:1:5:1] | passed | 0.00034 seconds | +./spec/dependabot/job_spec.rb[1:1:5:2:1] | passed | 0.00026 seconds | +./spec/dependabot/job_spec.rb[1:1:5:3:1] | passed | 0.00033 seconds | +./spec/dependabot/job_spec.rb[1:1:5:4:1] | passed | 0.00022 seconds | +./spec/dependabot/job_spec.rb[1:1:5:4:2:1] | passed | 0.00048 seconds | +./spec/dependabot/job_spec.rb[1:2:1] | passed | 0.00018 seconds | +./spec/dependabot/job_spec.rb[1:2:2:1] | passed | 0.00017 seconds | +./spec/dependabot/job_spec.rb[1:3:1] | passed | 0.00013 seconds | +./spec/dependabot/job_spec.rb[1:3:2:1] | passed | 0.00017 seconds | +./spec/dependabot/job_spec.rb[1:3:3:1] | passed | 0.00018 seconds | +./spec/dependabot/job_spec.rb[1:4:1] | passed | 0.00017 seconds | +./spec/dependabot/job_spec.rb[1:4:2:1] | passed | 0.00026 seconds | +./spec/dependabot/job_spec.rb[1:4:3:1] | passed | 0.00271 seconds | +./spec/dependabot/job_spec.rb[1:5:1] | passed | 0.00016 seconds | +./spec/dependabot/job_spec.rb[1:5:2:1] | passed | 0.00018 seconds | +./spec/dependabot/job_spec.rb[1:5:3:1] | passed | 0.00022 seconds | +./spec/dependabot/job_spec.rb[1:6:1] | passed | 0.00042 seconds | +./spec/dependabot/job_spec.rb[1:6:2:1] | passed | 0.00035 seconds | +./spec/dependabot/job_spec.rb[1:7:1] | passed | 0.00013 seconds | +./spec/dependabot/job_spec.rb[1:7:2] | passed | 0.00014 seconds | +./spec/dependabot/sentry_spec.rb[1:1] | passed | 0.00012 seconds | +./spec/dependabot/sentry_spec.rb[1:2:1] | passed | 0.00012 seconds | +./spec/dependabot/sentry_spec.rb[1:3:1] | passed | 0.00012 seconds | +./spec/dependabot/sentry_spec.rb[1:4:1] | passed | 0.00013 seconds | +./spec/dependabot/sentry_spec.rb[1:5:1] | passed | 0.00009 seconds | +./spec/dependabot/sentry_spec.rb[1:6:1] | passed | 0.00012 seconds | +./spec/dependabot/sentry_spec.rb[1:7:1] | passed | 0.00015 seconds | +./spec/dependabot/sentry_spec.rb[1:8:1] | passed | 0.00012 seconds | +./spec/dependabot/update_files_job_spec.rb[1:1:1] | passed | 0.00268 seconds | +./spec/dependabot/update_files_job_spec.rb[1:1:2:1] | passed | 0.00178 seconds | +./spec/dependabot/updater_spec.rb[1:1:1:1] | passed | 0.0035 seconds | +./spec/dependabot/updater_spec.rb[1:1:2:1] | failed | 0.08017 seconds | +./spec/dependabot/updater_spec.rb[1:1:3:1] | passed | 0.00334 seconds | +./spec/dependabot/updater_spec.rb[1:1:4] | failed | 0.08012 seconds | +./spec/dependabot/updater_spec.rb[1:1:5:1] | failed | 0.07962 seconds | +./spec/dependabot/updater_spec.rb[1:1:6:1] | failed | 0.08001 seconds | +./spec/dependabot/updater_spec.rb[1:1:7:1] | passed | 0.0241 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:1] | failed | 0.08165 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:2:1] | failed | 0.08114 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:3:1] | passed | 0.08034 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:4:1] | failed | 0.0794 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:4:2] | failed | 0.08075 seconds | +./spec/dependabot/updater_spec.rb[1:1:8:5:1] | failed | 0.08189 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:1:1] | failed | 0.08113 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:2:1] | failed | 0.0805 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:2:2] | failed | 0.08072 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:3:1] | failed | 0.08015 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:4:1] | failed | 0.08221 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:5:1] | failed | 0.08064 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:6:1] | failed | 0.08054 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:7:1] | failed | 0.08219 seconds | +./spec/dependabot/updater_spec.rb[1:1:9:8:1] | failed | 0.08154 seconds | +./spec/dependabot/updater_spec.rb[1:1:10:1] | failed | 0.08263 seconds | +./spec/dependabot/updater_spec.rb[1:1:11] | failed | 0.08208 seconds | +./spec/dependabot/updater_spec.rb[1:1:12] | failed | 0.0897 seconds | +./spec/dependabot/updater_spec.rb[1:1:13] | passed | 0.09625 seconds | +./spec/dependabot/updater_spec.rb[1:1:14] | failed | 0.0797 seconds | +./spec/dependabot/updater_spec.rb[1:1:15:1] | failed | 0.08512 seconds | +./spec/dependabot/updater_spec.rb[1:1:15:2:1] | passed | 0.08067 seconds | +./spec/dependabot/updater_spec.rb[1:1:15:3:1] | failed | 0.08125 seconds | +./spec/dependabot/updater_spec.rb[1:1:16:1:1] | failed | 0.07859 seconds | +./spec/dependabot/updater_spec.rb[1:1:16:2:1] | failed | 0.07988 seconds | +./spec/dependabot/updater_spec.rb[1:1:16:3:1] | failed | 0.08099 seconds | +./spec/dependabot/updater_spec.rb[1:1:16:4:1] | failed | 0.07806 seconds | +./spec/dependabot/updater_spec.rb[1:1:16:5:1] | failed | 0.08013 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:1] | failed | 0.08259 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:2:1:1] | failed | 0.08076 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:2:2:1] | failed | 0.08033 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:3:1] | failed | 0.08136 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:3:2:1] | passed | 0.00351 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:4:1] | failed | 0.08121 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:5:1] | failed | 0.08116 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:5:2:1] | failed | 0.08012 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:1:6:1] | failed | 0.08089 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:1] | failed | 0.08248 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:2:1] | passed | 0.07992 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:3:1] | failed | 0.08172 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:4:1] | failed | 0.08545 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:5:1:1] | failed | 0.08122 seconds | +./spec/dependabot/updater_spec.rb[1:1:17:2:5:2:1] | failed | 0.08072 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:1:1] | passed | 0.00628 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:1:2] | passed | 0.00683 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:2:1] | passed | 0.00261 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:2:2] | passed | 0.00287 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:3:1] | passed | 0.00236 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:3:2] | passed | 0.00236 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:4:1] | passed | 0.00278 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:4:2] | passed | 0.00357 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:5:1] | passed | 0.00272 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:1:5:2] | passed | 0.00255 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:2:1] | passed | 0.08122 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:2:2] | failed | 0.08178 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:3:1] | passed | 0.07931 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:3:2] | failed | 0.0817 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:4:1] | passed | 0.07967 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:4:2] | failed | 0.08085 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:5:1] | passed | 0.08564 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:5:2] | failed | 0.07967 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:6:1] | passed | 0.07905 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:6:2] | failed | 0.08087 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:7:1] | passed | 0.08083 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:7:2] | failed | 0.08133 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:8:1] | passed | 0.08062 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:8:2] | failed | 0.08143 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:9:1] | failed | 0.08159 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:9:2] | failed | 0.08244 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:10] | failed | 0.08068 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:11] | failed | 0.08252 seconds | +./spec/dependabot/updater_spec.rb[1:1:18:12] | failed | 0.08083 seconds | +./spec/dependabot/updater_spec.rb[1:1:19:1] | failed | 0.08146 seconds | +./spec/dependabot/updater_spec.rb[1:1:20:1] | passed | 0.07898 seconds | +./spec/dependabot/updater_spec.rb[1:1:20:2] | failed | 0.08157 seconds | +./spec/dependabot/updater_spec.rb[1:1:20:3] | failed | 0.08249 seconds | +./spec/dependabot/updater_spec.rb[1:1:20:4:1] | failed | 0.40336 seconds | +./spec/dependabot/updater_spec.rb[1:1:21] | passed | 0.08128 seconds | +./spec/dependabot/updater_spec.rb[1:1:22:1] | failed | 0.0814 seconds | +./spec/dependabot/updater_spec.rb[1:1:22:2] | failed | 0.08011 seconds | +./spec/dependabot/updater_spec.rb[1:1:22:3] | failed | 0.07938 seconds | +./spec/dependabot/updater_spec.rb[1:1:23:1] | failed | 0.08239 seconds | +./spec/dependabot/updater_spec.rb[1:1:23:2] | failed | 0.07734 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:1:1] | passed | 0.00018 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:1:2:1] | passed | 0.00012 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:2:1] | passed | 0.00012 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:3:1] | passed | 0.00012 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:4:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:5:1:1] | passed | 0.00017 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:1:5:2:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:1:1:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:1:2:1] | passed | 0.00015 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:1:3:1] | passed | 0.00015 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:1:4:1] | passed | 0.00017 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:1:5:1] | passed | 0.00019 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:2:1:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:2:2:1] | passed | 0.00013 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:2:3:1] | passed | 0.00016 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:2:4:1] | passed | 0.00015 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:2:5:1] | passed | 0.00013 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:1:1] | passed | 0.00015 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:2:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:3:1] | passed | 0.00013 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:4:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:5:1] | passed | 0.00014 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:3:6:1] | passed | 0.00013 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:4:1:1] | passed | 0.0002 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:4:2:1] | passed | 0.00015 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:5:1:1] | passed | 0.00013 seconds | +./spec/dependabot/wildcard_matcher_spec.rb[1:1:2:5:2:1] | passed | 0.00014 seconds | +./spec/npm_and_yarn_config_spec.rb[1:1] | failed | 0.41756 seconds | +./spec/npm_and_yarn_config_spec.rb[1:2] | failed | 0.03057 seconds | diff --git a/updater/spec/fixtures/bundler/original/Gemfile b/updater/spec/fixtures/bundler/original/Gemfile new file mode 100644 index 00000000000..ecc7a043dfa --- /dev/null +++ b/updater/spec/fixtures/bundler/original/Gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-pkg-a", "~> 2.0.0" +gem "dummy-pkg-b", "~> 1.1.0" diff --git a/updater/spec/fixtures/bundler/original/Gemfile.lock b/updater/spec/fixtures/bundler/original/Gemfile.lock new file mode 100644 index 00000000000..4fd8f37aaa1 --- /dev/null +++ b/updater/spec/fixtures/bundler/original/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + dummy-pkg-a (2.0.0) + dummy-pkg-b (1.1.0) + dummy-pkg-a (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + dummy-pkg-a (~> 2.0.0) + dummy-pkg-b (~> 1.1.0) + +BUNDLED WITH + 1.14.6 diff --git a/updater/spec/fixtures/bundler/original/sub_dep b/updater/spec/fixtures/bundler/original/sub_dep new file mode 100644 index 00000000000..d7ccf130e11 --- /dev/null +++ b/updater/spec/fixtures/bundler/original/sub_dep @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-pkg-b", "~> 1.1.0" diff --git a/updater/spec/fixtures/bundler/original/sub_dep.lock b/updater/spec/fixtures/bundler/original/sub_dep.lock new file mode 100644 index 00000000000..dae47db2ec4 --- /dev/null +++ b/updater/spec/fixtures/bundler/original/sub_dep.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + dummy-pkg-a (2.0.0) + dummy-pkg-b (1.1.0) + dummy-pkg-a (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + dummy-pkg-a + dummy-pkg-b (~> 1.1.0) + +BUNDLED WITH + 1.14.6 diff --git a/updater/spec/fixtures/bundler/updated/Gemfile b/updater/spec/fixtures/bundler/updated/Gemfile new file mode 100644 index 00000000000..607828c5fdb --- /dev/null +++ b/updater/spec/fixtures/bundler/updated/Gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-pkg-a", "~> 2.0.0" +gem "dummy-pkg-b", "~> 1.2.0" diff --git a/updater/spec/fixtures/bundler/updated/Gemfile.lock b/updater/spec/fixtures/bundler/updated/Gemfile.lock new file mode 100644 index 00000000000..0e7697ff9a9 --- /dev/null +++ b/updater/spec/fixtures/bundler/updated/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + dummy-pkg-a (2.0.0) + dummy-pkg-b (1.2.0) + dummy-pkg-a (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + dummy-pkg-a (~> 2.0.0) + dummy-pkg-b (~> 1.2.0) + +BUNDLED WITH + 1.14.6 diff --git a/updater/spec/fixtures/bundler2/original/Gemfile b/updater/spec/fixtures/bundler2/original/Gemfile new file mode 100644 index 00000000000..ecc7a043dfa --- /dev/null +++ b/updater/spec/fixtures/bundler2/original/Gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-pkg-a", "~> 2.0.0" +gem "dummy-pkg-b", "~> 1.1.0" diff --git a/updater/spec/fixtures/bundler2/original/Gemfile.lock b/updater/spec/fixtures/bundler2/original/Gemfile.lock new file mode 100644 index 00000000000..e2e32c16db9 --- /dev/null +++ b/updater/spec/fixtures/bundler2/original/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + dummy-pkg-a (2.0.0) + dummy-pkg-b (1.1.0) + dummy-pkg-a (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + dummy-pkg-a (~> 2.0.0) + dummy-pkg-b (~> 1.1.0) + +BUNDLED WITH + 2.2.11 diff --git a/updater/spec/fixtures/bundler2/updated/Gemfile b/updater/spec/fixtures/bundler2/updated/Gemfile new file mode 100644 index 00000000000..607828c5fdb --- /dev/null +++ b/updater/spec/fixtures/bundler2/updated/Gemfile @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-pkg-a", "~> 2.0.0" +gem "dummy-pkg-b", "~> 1.2.0" diff --git a/updater/spec/fixtures/bundler2/updated/Gemfile.lock b/updater/spec/fixtures/bundler2/updated/Gemfile.lock new file mode 100644 index 00000000000..8430d10f29d --- /dev/null +++ b/updater/spec/fixtures/bundler2/updated/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + dummy-pkg-a (2.0.0) + dummy-pkg-b (1.2.0) + dummy-pkg-a (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + dummy-pkg-a (~> 2.0.0) + dummy-pkg-b (~> 1.2.0) + +BUNDLED WITH + 2.2.11 diff --git a/updater/spec/fixtures/bundler_git/original/Gemfile b/updater/spec/fixtures/bundler_git/original/Gemfile new file mode 100644 index 00000000000..d27ea892f0a --- /dev/null +++ b/updater/spec/fixtures/bundler_git/original/Gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-git-dependency", git: "git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git", ref: "v1.0.0" diff --git a/updater/spec/fixtures/bundler_git/original/Gemfile.lock b/updater/spec/fixtures/bundler_git/original/Gemfile.lock new file mode 100644 index 00000000000..71a32c5f8bb --- /dev/null +++ b/updater/spec/fixtures/bundler_git/original/Gemfile.lock @@ -0,0 +1,19 @@ +GIT + remote: git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git + revision: 20151f9b67c8a04461fa0ee28385b6187b86587b + ref: v1.0.0 + specs: + dummy-git-dependency (1.0.0) + +GEM + remote: https://rubygems.org/ + specs: + +PLATFORMS + x86_64-darwin-19 + +DEPENDENCIES + dummy-git-dependency! + +BUNDLED WITH + 2.2.11 diff --git a/updater/spec/fixtures/bundler_git/updated/Gemfile b/updater/spec/fixtures/bundler_git/updated/Gemfile new file mode 100644 index 00000000000..ab88c81480a --- /dev/null +++ b/updater/spec/fixtures/bundler_git/updated/Gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "dummy-git-dependency", git: "git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git", ref: "v1.1.0" diff --git a/updater/spec/fixtures/bundler_git/updated/Gemfile.lock b/updater/spec/fixtures/bundler_git/updated/Gemfile.lock new file mode 100644 index 00000000000..80108ed18be --- /dev/null +++ b/updater/spec/fixtures/bundler_git/updated/Gemfile.lock @@ -0,0 +1,20 @@ +GIT + remote: git@github.com:dependabot-fixtures/ruby-dummy-git-dependency.git + revision: c0e25c2eb332122873f73acb3b61fb2e261cfd8f + ref: v1.1.0 + specs: + dummy-git-dependency (1.1.0) + +GEM + remote: https://rubygems.org/ + specs: + +PLATFORMS + x86_64-darwin-19 + x86_64-linux + +DEPENDENCIES + dummy-git-dependency! + +BUNDLED WITH + 2.2.11 diff --git a/updater/spec/fixtures/composer/original/composer.json b/updater/spec/fixtures/composer/original/composer.json new file mode 100644 index 00000000000..a505225f4c7 --- /dev/null +++ b/updater/spec/fixtures/composer/original/composer.json @@ -0,0 +1,7 @@ +{ + "name": "dependabot/test-project", + "require": { + "dependabot/dummy-pkg-a": "^2.0.0", + "dependabot/dummy-pkg-b": "^1.1.0" + } +} diff --git a/updater/spec/fixtures/composer/original/composer.lock b/updater/spec/fixtures/composer/original/composer.lock new file mode 100644 index 00000000000..886600a5665 --- /dev/null +++ b/updater/spec/fixtures/composer/original/composer.lock @@ -0,0 +1,65 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "This file is @generated automatically" + ], + "content-hash": "8fe1579c07dcc6865cfb8300382414ea", + "packages": [ + { + "name": "dependabot/dummy-pkg-a", + "version": "v2.0.0", + "source": { + "type": "git", + "url": "https://github.com/dependabot/php-dummy-pkg-a.git", + "reference": "183c190aa576256c768a04ff2163c208e0dd81d1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/dependabot/php-dummy-pkg-a/zipball/183c190aa576256c768a04ff2163c208e0dd81d1", + "reference": "183c190aa576256c768a04ff2163c208e0dd81d1", + "shasum": "" + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "A dummy package for testing Dependabot", + "time": "2017-06-08T12:52:19+00:00" + }, + { + "name": "dependabot/dummy-pkg-b", + "version": "v1.1.0", + "source": { + "type": "git", + "url": "https://github.com/dependabot/php-dummy-pkg-b.git", + "reference": "164a01c72b834713b19f05eb0cf51130fccd9429" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/dependabot/php-dummy-pkg-b/zipball/164a01c72b834713b19f05eb0cf51130fccd9429", + "reference": "164a01c72b834713b19f05eb0cf51130fccd9429", + "shasum": "" + }, + "require": { + "dependabot/dummy-pkg-a": "~2.0" + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "A dummy package for testing Dependabot", + "time": "2017-06-08T13:03:29+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +} diff --git a/updater/spec/fixtures/composer/updated/composer.json b/updater/spec/fixtures/composer/updated/composer.json new file mode 100644 index 00000000000..883441453b2 --- /dev/null +++ b/updater/spec/fixtures/composer/updated/composer.json @@ -0,0 +1,7 @@ +{ + "name": "dependabot/test-project", + "require": { + "dependabot/dummy-pkg-a": "^2.0.0", + "dependabot/dummy-pkg-b": "^1.2.0" + } +} diff --git a/updater/spec/fixtures/composer/updated/composer.lock b/updater/spec/fixtures/composer/updated/composer.lock new file mode 100644 index 00000000000..93b85d48d51 --- /dev/null +++ b/updater/spec/fixtures/composer/updated/composer.lock @@ -0,0 +1,74 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "f3db3a6bac0d9a53cb3d7f7da5a7f535", + "packages": [ + { + "name": "dependabot/dummy-pkg-a", + "version": "v2.0.0", + "source": { + "type": "git", + "url": "https://github.com/dependabot/php-dummy-pkg-a.git", + "reference": "183c190aa576256c768a04ff2163c208e0dd81d1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/dependabot/php-dummy-pkg-a/zipball/183c190aa576256c768a04ff2163c208e0dd81d1", + "reference": "183c190aa576256c768a04ff2163c208e0dd81d1", + "shasum": "" + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "A dummy package for testing Dependabot", + "support": { + "issues": "https://github.com/dependabot/php-dummy-pkg-a/issues", + "source": "https://github.com/dependabot/php-dummy-pkg-a/tree/v2.0.0" + }, + "time": "2017-06-08T12:52:19+00:00" + }, + { + "name": "dependabot/dummy-pkg-b", + "version": "v1.2.0", + "source": { + "type": "git", + "url": "https://github.com/dependabot/php-dummy-pkg-b.git", + "reference": "658d78acdba4020da5da797c4e96c082be9126f0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/dependabot/php-dummy-pkg-b/zipball/658d78acdba4020da5da797c4e96c082be9126f0", + "reference": "658d78acdba4020da5da797c4e96c082be9126f0", + "shasum": "" + }, + "require": { + "dependabot/dummy-pkg-a": "~2.0" + }, + "type": "library", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "A dummy package for testing Dependabot", + "support": { + "issues": "https://github.com/dependabot/php-dummy-pkg-b/issues", + "source": "https://github.com/dependabot/php-dummy-pkg-b/tree/v1.2.0" + }, + "time": "2017-06-08T13:03:43+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "plugin-api-version": "2.3.0" +} diff --git a/updater/spec/fixtures/file_fetcher_output/output.json b/updater/spec/fixtures/file_fetcher_output/output.json new file mode 100644 index 00000000000..45777a602d9 --- /dev/null +++ b/updater/spec/fixtures/file_fetcher_output/output.json @@ -0,0 +1,70 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials": [ + { + "type": "git_source", + "host": "github.com", + "username": "x-access-token", + "password": "v1.exampletokenfromgithubinityesitisforsure" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org", + "token": "secret" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": false, + "security-updates-only": false + }, + "base64_dependency_files":[ + { + "name":"dependabot-test-ruby-package.gemspec", + "content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n", + "directory":"/", + "type":"file", + "support_file":false, + "content_encoding":"utf-8", + "deleted":false + } + ], + "base_commit_sha":"1c6331732c41e4557a16dacb82534f1d1c831848" +} diff --git a/updater/spec/fixtures/file_fetcher_output/vendoring_output.json b/updater/spec/fixtures/file_fetcher_output/vendoring_output.json new file mode 100644 index 00000000000..020585c7a68 --- /dev/null +++ b/updater/spec/fixtures/file_fetcher_output/vendoring_output.json @@ -0,0 +1,70 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials": [ + { + "type": "git_source", + "host": "github.com", + "username": "x-access-token", + "password": "v1.exampletokenfromgithubinityesitisforsure" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org", + "token": "secret" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": true, + "security-updates-only": false + }, + "base64_dependency_files":[ + { + "name":"dependabot-test-ruby-package.gemspec", + "content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n", + "directory":"/", + "type":"file", + "support_file":false, + "content_encoding":"utf-8", + "deleted":false + } + ], + "base_commit_sha":"1c6331732c41e4557a16dacb82534f1d1c831848" +} diff --git a/updater/spec/fixtures/get_job.json b/updater/spec/fixtures/get_job.json new file mode 100644 index 00000000000..540a6a24a89 --- /dev/null +++ b/updater/spec/fixtures/get_job.json @@ -0,0 +1,60 @@ +{ + "data": { + "attributes": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials": [ + { + "type": "git_source", + "host": "github.com", + "username": "x-access-token", + "password": "v1.exampletokenfromgithubinityesitisforsure" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org", + "token": "secret" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": false, + "security-updates-only": false + } + } +} diff --git a/updater/spec/fixtures/handle_error.json b/updater/spec/fixtures/handle_error.json new file mode 100644 index 00000000000..31cce9259fa --- /dev/null +++ b/updater/spec/fixtures/handle_error.json @@ -0,0 +1,5 @@ +{ + "data": { + "error_type": "some_error_class" + } +} diff --git a/updater/spec/fixtures/jobs/job_with_credentials.json b/updater/spec/fixtures/jobs/job_with_credentials.json new file mode 100644 index 00000000000..7c853604d18 --- /dev/null +++ b/updater/spec/fixtures/jobs/job_with_credentials.json @@ -0,0 +1,58 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials": [ + { + "type": "git_source", + "host": "github.com", + "username": "x-access-token", + "password": "v1.exampletokenfromgithubinityesitisforsure" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org", + "token": "secret" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": false, + "security-updates-only": false + } +} diff --git a/updater/spec/fixtures/jobs/job_with_go_modules.json b/updater/spec/fixtures/jobs/job_with_go_modules.json new file mode 100644 index 00000000000..f82d6ff0477 --- /dev/null +++ b/updater/spec/fixtures/jobs/job_with_go_modules.json @@ -0,0 +1,41 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "go_modules", + "repo-name": "dependabot-fixtures/go-modules-lib", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/go-modules-lib", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": false, + "security-updates-only": false + } +} diff --git a/updater/spec/fixtures/jobs/job_with_vendor_dependencies.json b/updater/spec/fixtures/jobs/job_with_vendor_dependencies.json new file mode 100644 index 00000000000..335d1eeca4a --- /dev/null +++ b/updater/spec/fixtures/jobs/job_with_vendor_dependencies.json @@ -0,0 +1,58 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials": [ + { + "type": "git_source", + "host": "github.com", + "username": "x-access-token", + "password": "v1.exampletokenfromgithubinityesitisforsure" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org", + "token": "secret" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": true, + "security-updates-only": false + } +} diff --git a/updater/spec/fixtures/jobs/job_without_credentials.json b/updater/spec/fixtures/jobs/job_without_credentials.json new file mode 100644 index 00000000000..0044aba5a47 --- /dev/null +++ b/updater/spec/fixtures/jobs/job_without_credentials.json @@ -0,0 +1,45 @@ +{ + "job": { + "allowed-updates": [ + { + "dependency-type": "direct", + "update-type": "all" + }, + { + "dependency-type": "indirect", + "update-type": "security" + } + ], + "credentials-metadata": [ + { + "type": "git_source", + "host": "github.com" + }, + { + "type": "rubygems_index", + "host": "my.rubygems-host.org" + } + ], + "dependencies": null, + "directory": "/", + "existing-pull-requests": [], + "ignore-conditions": [], + "security-advisories": [], + "package_manager": "bundler", + "repo-name": "dependabot-fixtures/dependabot-test-ruby-package", + "source": { + "provider": "github", + "repo": "dependabot-fixtures/dependabot-test-ruby-package", + "directory": "/", + "branch": null, + "hostname": "github.com", + "api-endpoint": "https://api.github.com/" + }, + "lockfile-only": false, + "requirements-update-strategy": null, + "update-subdependencies": false, + "updating-a-pull-request": false, + "vendor-dependencies": false, + "security-updates-only": false + } +} diff --git a/updater/spec/fixtures/npm/original/package-lock.json b/updater/spec/fixtures/npm/original/package-lock.json new file mode 100644 index 00000000000..136afe7fbe9 --- /dev/null +++ b/updater/spec/fixtures/npm/original/package-lock.json @@ -0,0 +1,21 @@ +{ + "name": "test-project", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@dependabot/dummy-pkg-a": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@dependabot/dummy-pkg-a/-/dummy-pkg-a-2.0.0.tgz", + "integrity": "sha1-azsBJ8wM5TewHB2FE6LLzbPNDtw=" + }, + "@dependabot/dummy-pkg-b": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@dependabot/dummy-pkg-b/-/dummy-pkg-b-1.1.0.tgz", + "integrity": "sha1-9L+JqT0VzOdXwDQ8m+awDZmUffk=", + "requires": { + "@dependabot/dummy-pkg-a": "2.0.0" + } + } + } +} diff --git a/updater/spec/fixtures/npm/original/package.json b/updater/spec/fixtures/npm/original/package.json new file mode 100644 index 00000000000..0f556db371c --- /dev/null +++ b/updater/spec/fixtures/npm/original/package.json @@ -0,0 +1,10 @@ +{ + "name": "test-project", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "@dependabot/dummy-pkg-a": "^2.0.0", + "@dependabot/dummy-pkg-b": "^1.1.0" + } +} diff --git a/updater/spec/fixtures/npm/updated/package-lock.json b/updater/spec/fixtures/npm/updated/package-lock.json new file mode 100644 index 00000000000..9025f498c47 --- /dev/null +++ b/updater/spec/fixtures/npm/updated/package-lock.json @@ -0,0 +1,21 @@ +{ + "name": "test-project", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@dependabot/dummy-pkg-a": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@dependabot/dummy-pkg-a/-/dummy-pkg-a-2.0.0.tgz", + "integrity": "sha1-azsBJ8wM5TewHB2FE6LLzbPNDtw=" + }, + "@dependabot/dummy-pkg-b": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@dependabot/dummy-pkg-b/-/dummy-pkg-b-1.2.0.tgz", + "integrity": "sha512-fATgitB2jmBgmm9smHE2fMdMWZlFUgnVnkGdeZ5llKkgyvsiI3XiIhwiGXGdqaVyMDJshK9PEf5/V/puaZ0m6w==", + "requires": { + "@dependabot/dummy-pkg-a": "^2.0.0" + } + } + } +} diff --git a/updater/spec/fixtures/npm/updated/package.json b/updater/spec/fixtures/npm/updated/package.json new file mode 100644 index 00000000000..fe89c9a2899 --- /dev/null +++ b/updater/spec/fixtures/npm/updated/package.json @@ -0,0 +1,10 @@ +{ + "name": "test-project", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "@dependabot/dummy-pkg-a": "^2.0.0", + "@dependabot/dummy-pkg-b": "^1.2.0" + } +} diff --git a/updater/spec/fixtures/rubygems-index b/updater/spec/fixtures/rubygems-index new file mode 100644 index 00000000000..b743cc67c5e --- /dev/null +++ b/updater/spec/fixtures/rubygems-index @@ -0,0 +1,10 @@ +created_at: 2017-03-27T04:38:13+00:00 +--- +dummy-pkg-a 1.0.0 bf914ad70e2044413345b8efd4911d69 +dummy-pkg-a 1.0.1 92e70e285b9ea3e5fb66913f1a5a26b4 +dummy-pkg-a 1.1.0 b28c6dc43fc68172975b324020cf2266 +dummy-pkg-a 2.0.0 48fd354677a031497800da75a6fea68c +dummy-pkg-a 2.1.0.rc1 3c5834b0450820da13956ca11e668e7a +dummy-pkg-b 1.0.0 8285ab1075a8ad736c6c5f6640e2a7b4 +dummy-pkg-b 1.1.0 6eb2d48e2ee123f80bde3304865a492a +dummy-pkg-b 1.2.0 3a55f5f8a99bf9a76a61f34e5a1226fc diff --git a/updater/spec/fixtures/rubygems-info-a b/updater/spec/fixtures/rubygems-info-a new file mode 100644 index 00000000000..ce8008061f9 --- /dev/null +++ b/updater/spec/fixtures/rubygems-info-a @@ -0,0 +1,6 @@ +--- +1.0.0 |checksum:bf80371809ed088b2a99ed8bd5640e02b95e5cbbfd27350801cbfdf137abe363 +1.0.1 |checksum:f8ec34efa64c2d74c29710ecbf33296f11c57f248d12af70dd9d107f97d23807 +1.1.0 |checksum:be4df310095b9fb2b3f1c70204c706f3dce52a6418d2719ce832c9f20526e382 +2.0.0 |checksum:45ffe617cf34fa9acf7a9f153c6c4f723e53b539f9eef737b03629e8eb8aa858 +2.1.0.rc1 |checksum:79d997001f9cc71bf3df1abd89396d2ecc990b0aada04c3d9f692b644396c843,rubygems:> 1.3.1 diff --git a/updater/spec/fixtures/rubygems-info-b b/updater/spec/fixtures/rubygems-info-b new file mode 100644 index 00000000000..4a54f782439 --- /dev/null +++ b/updater/spec/fixtures/rubygems-info-b @@ -0,0 +1,4 @@ +--- +1.0.0 dummy-pkg-a:< 2.0.0|checksum:0147d64042d5ab109d185f54957fcfb88f1ff9158651944ff75c6c82d47ab444 +1.1.0 dummy-pkg-a:~> 2.0|checksum:c8725691239b43d5f4c343b64d30afae6dd25ff1a79cca4d80534804c638b113 +1.2.0 dummy-pkg-a:~> 2.0|checksum:51b99c7db0d39924d690e19282f63d1fba9cc002ef55a139d9b6a4b0469399a1 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/does_not_clone_the_repo.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/does_not_clone_the_repo.yml new file mode 100644 index 00000000000..4bba419b7b5 --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/does_not_clone_the_repo.yml @@ -0,0 +1,302 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:20:31 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"c7014303ad99dbf7e02ae891e64a18881566da6a75b8b457cb0cf96705f6eca6" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '52' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '8' + Accept-Ranges: + - bytes + Content-Length: + - '1254' + X-Github-Request-Id: + - C80F:51E5:12C5A2:20FA0C:5F9B15FF + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":0}' + recorded_at: Thu, 29 Oct 2020 19:20:32 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:20:32 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"4ec4b41160548cc0f86c2459b25f9dd74f27df28fc425f9786cdb4ab70be7e01" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '51' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '9' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - C810:0BE6:144B46:2232C8:5F9B1600 + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Thu, 29 Oct 2020 19:20:32 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:20:32 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"7b44807c792639c3b05064b3493694c6b4cce370" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '50' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '10' + Accept-Ranges: + - bytes + Content-Length: + - '496' + X-Github-Request-Id: + - C811:0357:123458:1FE6AE:5F9B1600 + body: + encoding: ASCII-8BIT + string: '[{"name":".gitignore","path":".gitignore","sha":"c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","size":6,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore"}},{"name":"README.md","path":"README.md","sha":"f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","size":85,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md"}},{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}]' + recorded_at: Thu, 29 Oct 2020 19:20:32 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:20:32 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"c5fd208850ed1bf1334b4b9cd4910950bed0c497" + Last-Modified: + - Wed, 27 May 2020 10:39:57 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '49' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '11' + Accept-Ranges: + - bytes + Content-Length: + - '703' + X-Github-Request-Id: + - C812:0357:123474:1FE6DE:5F9B1600 + body: + encoding: ASCII-8BIT + string: '{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n","encoding":"base64","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}' + recorded_at: Thu, 29 Oct 2020 19:20:32 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/fetches_the_files_and_writes_the_fetched_files_to_output_json.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/fetches_the_files_and_writes_the_fetched_files_to_output_json.yml new file mode 100644 index 00000000000..a57dd2ac01c --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/fetches_the_files_and_writes_the_fetched_files_to_output_json.yml @@ -0,0 +1,294 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:20 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"05138d3b8df2fc6f68facbbc84776e4d" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '42' + X-Ratelimit-Reset: + - '1597938283' + Accept-Ranges: + - bytes + Transfer-Encoding: + - chunked + X-Github-Request-Id: + - FED9:4A5A:67DBD2:F5E8C6:5F3E9478 + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":0}' + recorded_at: Thu, 20 Aug 2020 15:19:20 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:20 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"65d96789fd44ca17a64d185184c47a55" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '41' + X-Ratelimit-Reset: + - '1597938283' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - FEDA:29AB:71BB21:FD5860:5F3E9478 + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Thu, 20 Aug 2020 15:19:20 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:21 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"7b44807c792639c3b05064b3493694c6b4cce370" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '40' + X-Ratelimit-Reset: + - '1597938284' + Accept-Ranges: + - bytes + Content-Length: + - '496' + X-Github-Request-Id: + - FEDB:549C:3517BB:8B1654:5F3E9479 + body: + encoding: ASCII-8BIT + string: '[{"name":".gitignore","path":".gitignore","sha":"c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","size":6,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore"}},{"name":"README.md","path":"README.md","sha":"f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","size":85,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md"}},{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}]' + recorded_at: Thu, 20 Aug 2020 15:19:21 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:21 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"c5fd208850ed1bf1334b4b9cd4910950bed0c497" + Last-Modified: + - Wed, 27 May 2020 10:39:57 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '39' + X-Ratelimit-Reset: + - '1597938283' + Accept-Ranges: + - bytes + Content-Length: + - '703' + X-Github-Request-Id: + - FEDC:455E:E95A4A:1861D80:5F3E9479 + body: + encoding: ASCII-8BIT + string: '{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n","encoding":"base64","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}' + recorded_at: Thu, 20 Aug 2020 15:19:21 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/cleans_up_any_files_left_after_the_job_errors.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/cleans_up_any_files_left_after_the_job_errors.yml new file mode 100644 index 00000000000..e1235120ccb --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/cleans_up_any_files_left_after_the_job_errors.yml @@ -0,0 +1,155 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/go-modules-lib + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.21.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Wed, 17 Nov 2021 12:40:17 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"0b87317ead9a654aeddc1dcc7bcab1daacf22aa88923364fcb86eca675b76004" + Last-Modified: + - Thu, 18 Oct 2018 21:49:07 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, + Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '37' + X-Ratelimit-Reset: + - '1637155033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '23' + Accept-Ranges: + - bytes + Content-Length: + - '1273' + X-Github-Request-Id: + - D48F:FC63:4B33A76:4C9CDA5:6194F831 + body: + encoding: ASCII-8BIT + string: '{"id":153008541,"node_id":"MDEwOlJlcG9zaXRvcnkxNTMwMDg1NDE=","name":"go-modules-lib","full_name":"dependabot-fixtures/go-modules-lib","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/go-modules-lib","description":null,"fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib","forks_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/deployments","created_at":"2018-10-14T19:03:22Z","updated_at":"2018-10-18T21:49:07Z","pushed_at":"2021-06-16T18:58:56Z","git_url":"git://github.com/dependabot-fixtures/go-modules-lib.git","ssh_url":"git@github.com:dependabot-fixtures/go-modules-lib.git","clone_url":"https://github.com/dependabot-fixtures/go-modules-lib.git","svn_url":"https://github.com/dependabot-fixtures/go-modules-lib","homepage":null,"size":2,"stargazers_count":0,"watchers_count":0,"language":"Go","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":1,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"allow_forking":true,"is_template":false,"topics":[],"visibility":"public","forks":1,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":1,"subscribers_count":1}' + recorded_at: Wed, 17 Nov 2021 12:40:17 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.21.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Wed, 17 Nov 2021 12:40:17 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"469a0496e7fe8fc3a9eec96b43115f66c1921ec6bd966a9fa014f48657cbaced" + Last-Modified: + - Thu, 18 Oct 2018 21:49:07 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, + Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '36' + X-Ratelimit-Reset: + - '1637155032' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '24' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - D490:7847:6236DA:6B1093:6194F831 + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMTUzMDA4NTQxOnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs/heads/master","object":{"sha":"160300187fedba9292e56b0277db8fffa369b560","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/commits/160300187fedba9292e56b0277db8fffa369b560"}}' + recorded_at: Wed, 17 Nov 2021 12:40:17 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/clones_the_repo.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/clones_the_repo.yml new file mode 100644 index 00000000000..cbab1d5a072 --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_package_ecosystem_always_clones/clones_the_repo.yml @@ -0,0 +1,153 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/go-modules-lib + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:16:47 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"b531dfa6aa0f0a5745dfb82327e7106362f8d945f6bc982a6a4573fb55b363f8" + Last-Modified: + - Thu, 18 Oct 2018 21:49:07 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '54' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '6' + Accept-Ranges: + - bytes + Content-Length: + - '1216' + X-Github-Request-Id: + - C7D4:0DB0:11A7A:35521:5F9B151E + body: + encoding: ASCII-8BIT + string: '{"id":153008541,"node_id":"MDEwOlJlcG9zaXRvcnkxNTMwMDg1NDE=","name":"go-modules-lib","full_name":"dependabot-fixtures/go-modules-lib","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/go-modules-lib","description":null,"fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib","forks_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/deployments","created_at":"2018-10-14T19:03:22Z","updated_at":"2018-10-18T21:49:07Z","pushed_at":"2018-10-18T21:49:05Z","git_url":"git://github.com/dependabot-fixtures/go-modules-lib.git","ssh_url":"git@github.com:dependabot-fixtures/go-modules-lib.git","clone_url":"https://github.com/dependabot-fixtures/go-modules-lib.git","svn_url":"https://github.com/dependabot-fixtures/go-modules-lib","homepage":null,"size":2,"stargazers_count":0,"watchers_count":0,"language":"Go","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":0}' + recorded_at: Thu, 29 Oct 2020 19:16:47 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.19.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 29 Oct 2020 19:16:47 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"469a0496e7fe8fc3a9eec96b43115f66c1921ec6bd966a9fa014f48657cbaced" + Last-Modified: + - Thu, 18 Oct 2018 21:49:07 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, + X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '53' + X-Ratelimit-Reset: + - '1603999545' + X-Ratelimit-Used: + - '7' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - C7D5:1CFD:18366:409A2:5F9B151F + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMTUzMDA4NTQxOnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/refs/heads/master","object":{"sha":"160300187fedba9292e56b0277db8fffa369b560","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/go-modules-lib/git/commits/160300187fedba9292e56b0277db8fffa369b560"}}' + recorded_at: Thu, 29 Oct 2020 19:16:47 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/logs_connectivity_is_successful_and_does_not_raise_an_error.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/logs_connectivity_is_successful_and_does_not_raise_an_error.yml new file mode 100644 index 00000000000..f6ffdd02cc9 --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/logs_connectivity_is_successful_and_does_not_raise_an_error.yml @@ -0,0 +1,382 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:30:05 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"d041f3a6129802958b654fb48b93bc9dc7ccb7d70f223019425d4c0d579491c6" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '43' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '17' + Accept-Ranges: + - bytes + Content-Length: + - '1298' + X-Github-Request-Id: + - 0400:5036:3954D:41410:6230E93D + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"allow_forking":true,"is_template":false,"topics":[],"visibility":"public","forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":1}' + recorded_at: Tue, 15 Mar 2022 19:30:05 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:30:05 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"d041f3a6129802958b654fb48b93bc9dc7ccb7d70f223019425d4c0d579491c6" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '42' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '18' + Accept-Ranges: + - bytes + Content-Length: + - '1298' + X-Github-Request-Id: + - 0401:2EA6:1406B3:14B558:6230E93D + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"allow_forking":true,"is_template":false,"topics":[],"visibility":"public","forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":1}' + recorded_at: Tue, 15 Mar 2022 19:30:05 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:30:05 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"4ec4b41160548cc0f86c2459b25f9dd74f27df28fc425f9786cdb4ab70be7e01" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '41' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '19' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - 0402:19A3:158342:163172:6230E93D + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Tue, 15 Mar 2022 19:30:05 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:30:05 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"7b44807c792639c3b05064b3493694c6b4cce370" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '40' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '20' + Accept-Ranges: + - bytes + Content-Length: + - '496' + X-Github-Request-Id: + - 0403:7088:17566:1EFBA:6230E93D + body: + encoding: ASCII-8BIT + string: '[{"name":".gitignore","path":".gitignore","sha":"c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","size":6,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore"}},{"name":"README.md","path":"README.md","sha":"f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","size":85,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md"}},{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}]' + recorded_at: Tue, 15 Mar 2022 19:30:05 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:30:05 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"c5fd208850ed1bf1334b4b9cd4910950bed0c497" + Last-Modified: + - Wed, 27 May 2020 10:39:57 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '39' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '21' + Accept-Ranges: + - bytes + Content-Length: + - '703' + X-Github-Request-Id: + - 0404:19A2:D5755:DF679:6230E93D + body: + encoding: ASCII-8BIT + string: '{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n","encoding":"base64","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}' + recorded_at: Tue, 15 Mar 2022 19:30:05 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/when_connectivity_is_broken/logs_connectivity_failed_and_does_not_raise_an_error.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/when_connectivity_is_broken/logs_connectivity_failed_and_does_not_raise_an_error.yml new file mode 100644 index 00000000000..98e5e2a80fb --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_connectivity_check_is_enabled/when_connectivity_is_broken/logs_connectivity_failed_and_does_not_raise_an_error.yml @@ -0,0 +1,306 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:23:50 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"d041f3a6129802958b654fb48b93bc9dc7ccb7d70f223019425d4c0d579491c6" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '47' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '13' + Accept-Ranges: + - bytes + Content-Length: + - '1298' + X-Github-Request-Id: + - 0401:2EA6:132466:13CA55:6230E7C7 + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"allow_forking":true,"is_template":false,"topics":[],"visibility":"public","forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":1}' + recorded_at: Tue, 15 Mar 2022 19:23:51 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:23:50 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"4ec4b41160548cc0f86c2459b25f9dd74f27df28fc425f9786cdb4ab70be7e01" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '46' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '14' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - 0403:7084:1D95:8E8F:6230E7C7 + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Tue, 15 Mar 2022 19:23:51 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:23:50 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"7b44807c792639c3b05064b3493694c6b4cce370" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '45' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '15' + Accept-Ranges: + - bytes + Content-Length: + - '496' + X-Github-Request-Id: + - 0402:199D:2FB1E:37377:6230E7C7 + body: + encoding: ASCII-8BIT + string: '[{"name":".gitignore","path":".gitignore","sha":"c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","size":6,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/.gitignore?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c111b331371ae211d3bc2e3a9e34ad2a7d6b3982","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/.gitignore"}},{"name":"README.md","path":"README.md","sha":"f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","size":85,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/README.md","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/README.md?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/f71de17053d17a9a5d135b3bfff3f6aa4409dc4b","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/README.md"}},{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}]' + recorded_at: Tue, 15 Mar 2022 19:23:51 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848 + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.22.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Tue, 15 Mar 2022 19:23:51 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"c5fd208850ed1bf1334b4b9cd4910950bed0c497" + Last-Modified: + - Wed, 27 May 2020 10:39:57 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, + X-GitHub-Request-Id, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '44' + X-Ratelimit-Reset: + - '1647374033' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '16' + Accept-Ranges: + - bytes + Content-Length: + - '703' + X-Github-Request-Id: + - 0405:19A2:CC582:D5CB7:6230E7C7 + body: + encoding: ASCII-8BIT + string: '{"name":"dependabot-test-ruby-package.gemspec","path":"dependabot-test-ruby-package.gemspec","sha":"c5fd208850ed1bf1334b4b9cd4910950bed0c497","size":383,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","git_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","download_url":"https://raw.githubusercontent.com/dependabot-fixtures/dependabot-test-ruby-package/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec","type":"file","content":"IyBmcm96ZW5fc3RyaW5nX2xpdGVyYWw6IHRydWUKCkdlbTo6U3BlY2lmaWNh\ndGlvbi5uZXcgZG8gfHNwZWN8CiAgc3BlYy5uYW1lICAgICA9ICdkZXBlbmRh\nYm90LXRlc3QtcnVieS1wYWNrYWdlJwogIHNwZWMudmVyc2lvbiAgPSAnMS4w\nLjEnCiAgc3BlYy5zdW1tYXJ5ICA9ICdBIGR1bW15IHBhY2thZ2UgZm9yIHRl\nc3RpbmcgRGVwZW5kYWJvdCcKICBzcGVjLmF1dGhvciAgID0gJ0RlcGVuZGFi\nb3QnCiAgc3BlYy5saWNlbnNlICA9ICdNSVQnCiAgc3BlYy5lbWFpbCAgICA9\nICdub3JlcGx5QGdpdGh1Yi5jb20nCiAgc3BlYy5ob21lcGFnZSA9ICdodHRw\nOi8vZ2l0aHViLmNvbS9kZXBlbmRhYm90LWZpeHR1cmVzL2RlcGVuZGFib3Qt\ndGVzdC1ydWJ5LXBhY2thZ2UnCmVuZAo=\n","encoding":"base64","_links":{"self":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/dependabot-test-ruby-package.gemspec?ref=1c6331732c41e4557a16dacb82534f1d1c831848","git":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs/c5fd208850ed1bf1334b4b9cd4910950bed0c497","html":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package/blob/1c6331732c41e4557a16dacb82534f1d1c831848/dependabot-test-ruby-package.gemspec"}}' + recorded_at: Tue, 15 Mar 2022 19:23:51 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_fetcher_raises_a_rate_limited_error/retries_the_job_when_the_rate-limit_is_reset_and_reports_api_error.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_fetcher_raises_a_rate_limited_error/retries_the_job_when_the_rate-limit_is_reset_and_reports_api_error.yml new file mode 100644 index 00000000000..bb022b5069f --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_the_fetcher_raises_a_rate_limited_error/retries_the_job_when_the_rate-limit_is_reset_and_reports_api_error.yml @@ -0,0 +1,150 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:23 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"05138d3b8df2fc6f68facbbc84776e4d" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '34' + X-Ratelimit-Reset: + - '1597938283' + Accept-Ranges: + - bytes + Content-Length: + - '1254' + X-Github-Request-Id: + - FEE1:0E51:12447D:33BFEA:5F3E947B + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars0.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":0}' + recorded_at: Thu, 20 Aug 2020 15:19:23 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.18.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 20 Aug 2020 15:19:24 GMT + Content-Type: + - application/json; charset=utf-8 + Status: + - 200 OK + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"65d96789fd44ca17a64d185184c47a55" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, + X-GitHub-Media-Type, Deprecation, Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '33' + X-Ratelimit-Reset: + - '1597938284' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - FEE2:3F63:7AEDEE:111BEE3:5F3E947B + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Thu, 20 Aug 2020 15:19:24 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_vendoring_dependencies/clones_the_repo.yml b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_vendoring_dependencies/clones_the_repo.yml new file mode 100644 index 00000000000..eafe1a387f3 --- /dev/null +++ b/updater/spec/fixtures/vcr_cassettes/Dependabot_FileFetcherJob/_perform_job/when_vendoring_dependencies/clones_the_repo.yml @@ -0,0 +1,156 @@ +--- +http_interactions: +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.21.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 15 Jul 2021 14:06:13 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"1af1160a3291ee19d25636a391de9337b9b5a582bfc66f1baabd3b3c8c8f7b93" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, + Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '58' + X-Ratelimit-Reset: + - '1626360905' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '2' + Accept-Ranges: + - bytes + Content-Length: + - '1253' + X-Github-Request-Id: + - D4F1:11D27:32DCF45:33DFA45:60F040D5 + body: + encoding: ASCII-8BIT + string: '{"id":267290099,"node_id":"MDEwOlJlcG9zaXRvcnkyNjcyOTAwOTk=","name":"dependabot-test-ruby-package","full_name":"dependabot-fixtures/dependabot-test-ruby-package","private":false,"owner":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","description":"A + ruby gem for testing dependabot","fork":false,"url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package","forks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/forks","keys_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/keys{/key_id}","collaborators_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/teams","hooks_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/hooks","issue_events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/events{/number}","events_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/events","assignees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/assignees{/user}","branches_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/branches{/branch}","tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/tags","blobs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs{/sha}","trees_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/trees{/sha}","statuses_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/statuses/{sha}","languages_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/languages","stargazers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/stargazers","contributors_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contributors","subscribers_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscribers","subscription_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/subscription","commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/commits{/sha}","git_commits_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits{/sha}","comments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/comments{/number}","issue_comment_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues/comments{/number}","contents_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/contents/{+path}","compare_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/compare/{base}...{head}","merges_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/merges","archive_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/downloads","issues_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/issues{/number}","pulls_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/pulls{/number}","milestones_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/milestones{/number}","notifications_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/labels{/name}","releases_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/releases{/id}","deployments_url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/deployments","created_at":"2020-05-27T10:32:22Z","updated_at":"2020-05-27T11:17:06Z","pushed_at":"2020-05-27T11:23:26Z","git_url":"git://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","ssh_url":"git@github.com:dependabot-fixtures/dependabot-test-ruby-package.git","clone_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package.git","svn_url":"https://github.com/dependabot-fixtures/dependabot-test-ruby-package","homepage":null,"size":1,"stargazers_count":0,"watchers_count":0,"language":"Ruby","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"forks_count":0,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":0,"license":null,"forks":0,"open_issues":0,"watchers":0,"default_branch":"master","temp_clone_token":null,"organization":{"login":"dependabot-fixtures","id":44116593,"node_id":"MDEyOk9yZ2FuaXphdGlvbjQ0MTE2NTkz","avatar_url":"https://avatars.githubusercontent.com/u/44116593?v=4","gravatar_id":"","url":"https://api.github.com/users/dependabot-fixtures","html_url":"https://github.com/dependabot-fixtures","followers_url":"https://api.github.com/users/dependabot-fixtures/followers","following_url":"https://api.github.com/users/dependabot-fixtures/following{/other_user}","gists_url":"https://api.github.com/users/dependabot-fixtures/gists{/gist_id}","starred_url":"https://api.github.com/users/dependabot-fixtures/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dependabot-fixtures/subscriptions","organizations_url":"https://api.github.com/users/dependabot-fixtures/orgs","repos_url":"https://api.github.com/users/dependabot-fixtures/repos","events_url":"https://api.github.com/users/dependabot-fixtures/events{/privacy}","received_events_url":"https://api.github.com/users/dependabot-fixtures/received_events","type":"Organization","site_admin":false},"network_count":0,"subscribers_count":1}' + recorded_at: Thu, 15 Jul 2021 14:06:13 GMT +- request: + method: get + uri: https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master + body: + encoding: US-ASCII + string: '' + headers: + User-Agent: + - Octokit Ruby Gem 4.21.0 + Accept: + - application/vnd.github.v3+json + Content-Type: + - application/json + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + response: + status: + code: 200 + message: OK + headers: + Server: + - GitHub.com + Date: + - Thu, 15 Jul 2021 14:06:13 GMT + Content-Type: + - application/json; charset=utf-8 + Cache-Control: + - public, max-age=60, s-maxage=60 + Vary: + - Accept, Accept-Encoding, Accept, X-Requested-With + Etag: + - W/"4ec4b41160548cc0f86c2459b25f9dd74f27df28fc425f9786cdb4ab70be7e01" + Last-Modified: + - Wed, 27 May 2020 11:17:06 GMT + X-Poll-Interval: + - '300' + X-Github-Media-Type: + - github.v3; format=json + Access-Control-Expose-Headers: + - ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, + X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, + X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, + Sunset + Access-Control-Allow-Origin: + - "*" + Strict-Transport-Security: + - max-age=31536000; includeSubdomains; preload + X-Frame-Options: + - deny + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - '0' + Referrer-Policy: + - origin-when-cross-origin, strict-origin-when-cross-origin + Content-Security-Policy: + - default-src 'none' + X-Ratelimit-Limit: + - '60' + X-Ratelimit-Remaining: + - '57' + X-Ratelimit-Reset: + - '1626360905' + X-Ratelimit-Resource: + - core + X-Ratelimit-Used: + - '3' + Accept-Ranges: + - bytes + Content-Length: + - '237' + X-Github-Request-Id: + - D4F2:74C5:B45918:BD4730:60F040D5 + body: + encoding: ASCII-8BIT + string: '{"ref":"refs/heads/master","node_id":"MDM6UmVmMjY3MjkwMDk5OnJlZnMvaGVhZHMvbWFzdGVy","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/refs/heads/master","object":{"sha":"1c6331732c41e4557a16dacb82534f1d1c831848","type":"commit","url":"https://api.github.com/repos/dependabot-fixtures/dependabot-test-ruby-package/git/commits/1c6331732c41e4557a16dacb82534f1d1c831848"}}' + recorded_at: Thu, 15 Jul 2021 14:06:13 GMT +recorded_with: VCR 6.0.0 diff --git a/updater/spec/fixtures/yarn/original/package.json b/updater/spec/fixtures/yarn/original/package.json new file mode 100644 index 00000000000..0f556db371c --- /dev/null +++ b/updater/spec/fixtures/yarn/original/package.json @@ -0,0 +1,10 @@ +{ + "name": "test-project", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "@dependabot/dummy-pkg-a": "^2.0.0", + "@dependabot/dummy-pkg-b": "^1.1.0" + } +} diff --git a/updater/spec/fixtures/yarn/original/yarn.lock b/updater/spec/fixtures/yarn/original/yarn.lock new file mode 100644 index 00000000000..f46330354ac --- /dev/null +++ b/updater/spec/fixtures/yarn/original/yarn.lock @@ -0,0 +1,13 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@dependabot/dummy-pkg-a@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@dependabot/dummy-pkg-a/-/dummy-pkg-a-2.0.0.tgz#6b3b0127cc0ce537b01c1d8513a2cbcdb3cd0edc" + +"@dependabot/dummy-pkg-b@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@dependabot/dummy-pkg-b/-/dummy-pkg-b-1.1.0.tgz#f4bf89a93d15cce757c0343c9be6b00d99947df9" + dependencies: + "@dependabot/dummy-pkg-a" "^2.0.0" diff --git a/updater/spec/fixtures/yarn/updated/package.json b/updater/spec/fixtures/yarn/updated/package.json new file mode 100644 index 00000000000..fe89c9a2899 --- /dev/null +++ b/updater/spec/fixtures/yarn/updated/package.json @@ -0,0 +1,10 @@ +{ + "name": "test-project", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "@dependabot/dummy-pkg-a": "^2.0.0", + "@dependabot/dummy-pkg-b": "^1.2.0" + } +} diff --git a/updater/spec/fixtures/yarn/updated/yarn.lock b/updater/spec/fixtures/yarn/updated/yarn.lock new file mode 100644 index 00000000000..9442e3fc7bd --- /dev/null +++ b/updater/spec/fixtures/yarn/updated/yarn.lock @@ -0,0 +1,13 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@dependabot/dummy-pkg-a@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@dependabot/dummy-pkg-a/-/dummy-pkg-a-2.0.0.tgz#6b3b0127cc0ce537b01c1d8513a2cbcdb3cd0edc" + +"@dependabot/dummy-pkg-b@^1.2.0": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@dependabot/dummy-pkg-b/-/dummy-pkg-b-1.2.0.tgz#2f3ce43cbb4c701c4f46490139df0383153bc53c" + dependencies: + "@dependabot/dummy-pkg-a" "^2.0.0" diff --git a/updater/spec/npm_and_yarn_config_spec.rb b/updater/spec/npm_and_yarn_config_spec.rb new file mode 100644 index 00000000000..3940e3927df --- /dev/null +++ b/updater/spec/npm_and_yarn_config_spec.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe "npm and yarn config" do + # NOTE: This comes from config/.npmrc + it "contains a valid .npmrc config file" do + npm_result = `npm config list` + # Output from yarn config set + expect(npm_result).to include("audit = false") + expect(npm_result).to include( + "cafile = \"/usr/local/share/ca-certificates/dbot-ca.crt\"" + ) + expect(npm_result).to include("dry-run = true") + expect(npm_result).to include("ignore-scripts = true") + end + + # NOTE: This comes from config/.yarnrc + it "contains a valid .yarnrc config file" do + yarn_config = File.read("/home/dependabot/.yarnrc") + # Output from yarn config set + expect(yarn_config).to include( + "cafile \"/etc/ssl/certs/ca-certificates.crt\"" + ) + end +end diff --git a/updater/spec/spec_helper.rb b/updater/spec/spec_helper.rb new file mode 100644 index 00000000000..5fe57eb7ef7 --- /dev/null +++ b/updater/spec/spec_helper.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: true + +require "byebug" +require "dependabot/logger" +require "dependabot/python" +require "dependabot/terraform" +require "dependabot/elm" +require "dependabot/docker" +require "dependabot/git_submodules" +require "dependabot/github_actions" +require "dependabot/composer" +require "dependabot/nuget" +require "dependabot/gradle" +require "dependabot/maven" +require "dependabot/hex" +require "dependabot/cargo" +require "dependabot/go_modules" +require "dependabot/npm_and_yarn" +require "dependabot/bundler" +require "dependabot/pub" +require "logger" +require "vcr" +require "webmock/rspec" + +# TODO: Stop rescuing StandardError in Dependabot::BaseJob#run +# +# For now we log errors as these can surface exceptions that currently get rescued +# in integration tests. +# +# This includes missing VCR fixtures. +Dependabot.logger = Logger.new($stdout, level: Logger::ERROR) + +WebMock.disable_net_connect! + +RSpec.configure do |config| + config.expect_with :rspec do |expectations| + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end + + config.mock_with :rspec do |mocks| + mocks.verify_partial_doubles = true + end + + config.shared_context_metadata_behavior = :apply_to_host_groups + config.filter_run_when_matching :focus + config.example_status_persistence_file_path = "spec/examples.txt" + config.disable_monkey_patching! + config.default_formatter = "doc" if config.files_to_run.one? + config.profile_examples = 10 + config.order = :random + + Kernel.srand config.seed + + def fixture(path) + File.read(File.join("spec", "fixtures", path)) + end +end + +VCR.configure do |config| + config.cassette_library_dir = "spec/fixtures/vcr_cassettes" + config.hook_into :webmock + config.configure_rspec_metadata! + config.allow_http_connections_when_no_cassette = false + + config.filter_sensitive_data("") do + ENV.fetch("AWS_ACCESS_KEY_ID", nil) + end + + config.filter_sensitive_data("") do + ENV.fetch("AWS_SECRET_ACCESS_KEY", nil) + end + + config.filter_sensitive_data("") do |interaction| + interaction.request.headers["Authorization"]&.first + end + + # Prevent access tokens being written to VCR cassettes + unless ENV["DEPENDABOT_TEST_ACCESS_TOKEN"].nil? + config.filter_sensitive_data("") do + ENV["DEPENDABOT_TEST_ACCESS_TOKEN"] + end + end + + # Let's you set default VCR mode with VCR=all for re-recording + # episodes. :once is VCR default + record_mode = ENV["VCR"] ? ENV["VCR"].to_sym : :none + config.default_cassette_options = { + record: record_mode, + allow_unused_http_interactions: false + } +end + +def test_access_token + ENV.fetch("DEPENDABOT_TEST_ACCESS_TOKEN", "missing-test-access-token") +end