Handle branch names containing hyphen separators

dependabot · Oct 12, 2023 · cee26fc · cee26fc
1 parent 363356d
commit cee26fc
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 2 deletions.
diff --git a/src/dependabot/update_metadata.test.ts b/src/dependabot/update_metadata.test.ts
@@ -299,6 +299,67 @@ test('it properly handles dependencies which contain slashes', async () => {
   expect(updatedDependencies[0].dependencyGroup).toEqual('')
 })
 
+test('it handles branch names with hyphen separator', async () => {
+  const commitMessage =
+      '- [Release notes](https://github.com/fsevents/fsevents/releases)\n' +
+      '- [Commits](fsevents/[email protected])\n' +
+      '\n' +
+      '---\n' +
+      'updated-dependencies:\n' +
+      '- dependency-name: fsevents\n' +
+      '  dependency-type: indirect\n' +
+      '...\n' +
+      '\n' +
+      'Signed-off-by: dependabot[bot] <[email protected]>'
+
+  const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
+  const getScore = async () => Promise.resolve(0)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot-npm_and_yarn-fsevents-1.2.13', 'master', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/')
+})
+
+test('it handles branch names with hyphen separator and manifest files in nested directories', async () => {
+  const commitMessage =
+      '- [Release notes](https://github.com/fsevents/fsevents/releases)\n' +
+      '- [Commits](fsevents/[email protected])\n' +
+      '\n' +
+      '---\n' +
+      'updated-dependencies:\n' +
+      '- dependency-name: fsevents\n' +
+      '  dependency-type: indirect\n' +
+      '...\n' +
+      '\n' +
+      'Signed-off-by: dependabot[bot] <[email protected]>'
+
+  const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
+  const getScore = async () => Promise.resolve(0)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot-npm_and_yarn-nested-nested-fsevents-1.2.13', 'master', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/nested/nested')
+})
+
+test('it handles branch names with hyphen separator and dependency names with forward slashes', async () => {
+  const commitMessage =
+      '- [Release notes](https://github.com/composer/composer/releases)\n' +
+      '- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)\n' +
+      '- [Commits](composer/[email protected])\n' +
+      '\n' +
+      '---\n' +
+      'updated-dependencies:\n' +
+      '- dependency-name: composer/composer\n' +
+      '  dependency-type: indirect\n' +
+      '...\n' +
+      '\n' +
+      'Signed-off-by: dependabot[bot] <[email protected]>'
+
+  const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
+  const getScore = async () => Promise.resolve(0)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot-composer-composer-composer-2.6.5', 'master', getAlert, getScore)
+
+  expect(updatedDependencies[0].directory).toEqual('/')
+})
+
 test('calculateUpdateType should handle all paths', () => {
   expect(updateMetadata.calculateUpdateType('', '')).toEqual('')
   expect(updateMetadata.calculateUpdateType('', '1')).toEqual('')

diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts
@@ -49,7 +49,11 @@ export async function parse (commitMessage: string, body: string, branchName: st
 
     if (data['updated-dependencies']) {
       return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {
-        const dirname = `/${chunks.slice(2, -1 * (1 + (dependency['dependency-name'].match(/\//g) || []).length)).join(delim) || ''}`
+        // When a branch delimiter of "-" is used, we need to +1 to end of slice because there is always a hyphen
+        // between dependency name and version at the end of the branch name, regardless of configured branch separator.
+        // e.g. "fsevents-1.2.13".
+        const baseSliceEnd = delim === '-' ? 2 : 1
+        const dirname = `/${chunks.slice(2, -1 * (baseSliceEnd + (dependency['dependency-name'].match(/\//g) || []).length)).join('/') || ''}`
         const lastVersion = index === 0 ? prev : ''
         const nextVersion = index === 0 ? next : ''
         const updateType = dependency['update-type'] || calculateUpdateType(lastVersion, nextVersion)
@@ -64,7 +68,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
           newVersion: nextVersion,
           compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]),
           maintainerChanges: newMaintainer,
-          dependencyGroup: dependencyGroup,
+          dependencyGroup,
           ...await lookupFn(dependency['dependency-name'], lastVersion, dirname)
         }
       }))