Merge remote-tracking branch 'upstream/main' into feat/cicd-components

renovatebot · Jan 19, 2024 · 08b3044 · 08b3044
2 parents 14b9e30 + d59316e
commit 08b3044
Show file tree

Hide file tree

Showing 23 changed files with 106 additions and 54 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -31,7 +31,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+      - uses: github/codeql-action/upload-sarif@4759df8df70c5ebe7042c3029bbace20eee13edd # v2.23.1
         with:
           sarif_file: trivy-results.sarif
           category: 'docker-image-${{ matrix.tag }}'
diff --git a/lib/modules/datasource/hex/schema.ts b/lib/modules/datasource/hex/schema.ts
@@ -24,7 +24,7 @@ export const HexRelease = z
       .record(
         z.string(),
         z.object({
-          message: z.string(),
+          message: z.string().nullable(),
           reason: z.string(),
         }),
       )

diff --git a/lib/modules/manager/cake/__fixtures__/build.cake b/lib/modules/manager/cake/__fixtures__/build.cake
@@ -2,6 +2,8 @@ foo
 #addin nuget:?package=Foo.Foo
 #addin "nuget:?package=Bim.Bim&version=6.6.6"
 #tool nuget:https://example.com?package=Bar.Bar&version=2.2.2
+#tool nuget:https://example.com/feed/v3/?package=Cake.Git&version=2.2.3
+#tool nuget:https://example.com/feed/v3/index.json?package=Cake.MinVer&version=2.2.4
 #module nuget:file:///tmp/?package=Baz.Baz&version=3.3.3
 #load nuget:?package=Cake.7zip&version=1.0.3
 #l nuget:?package=Cake.asciidoctorj&version=1.0.0

diff --git a/lib/modules/manager/cake/index.spec.ts b/lib/modules/manager/cake/index.spec.ts
@@ -7,7 +7,12 @@ describe('modules/manager/cake/index', () => {
       deps: [
         { depName: 'Foo.Foo', currentValue: undefined },
         { depName: 'Bim.Bim', currentValue: '6.6.6' },
-        { depName: 'Bar.Bar', registryUrls: ['https://example.com'] },
+        { depName: 'Bar.Bar', registryUrls: ['https://example.com/'] },
+        { depName: 'Cake.Git', registryUrls: ['https://example.com/feed/v3/'] },
+        {
+          depName: 'Cake.MinVer',
+          registryUrls: ['https://example.com/feed/v3/index.json'],
+        },
         { depName: 'Baz.Baz', skipReason: 'unsupported-url' },
         { depName: 'Cake.7zip', currentValue: '1.0.3' },
         { depName: 'Cake.asciidoctorj', currentValue: '1.0.0' },

diff --git a/lib/modules/manager/cake/index.ts b/lib/modules/manager/cake/index.ts
@@ -31,7 +31,8 @@ function parseDependencyLine(line: string): PackageDependency | null {
     const isEmptyHost = url.startsWith('?');
     url = isEmptyHost ? `http://localhost/${url}` : url;
 
-    const { origin: registryUrl, protocol, searchParams } = new URL(url);
+    const { origin, pathname, protocol, searchParams } = new URL(url);
+    const registryUrl = `${origin}${pathname}`;
 
     const depName = searchParams.get('package')!;
     const currentValue = searchParams.get('version') ?? undefined;

diff --git a/lib/modules/manager/conan/__fixtures__/conanfile.txt b/lib/modules/manager/conan/__fixtures__/conanfile.txt
@@ -1,16 +1,17 @@
 [requires]
 poco/1.9.4
-zlib/[~1.2.3, loose=False]  
+zlib/[~1.2.3, loose=False]
 fake/8.62.134@test/dev
+cairo/1.17.2#aff2d03608351db075ec1348a3afc9ff
 cairo/1.17.2@_/_#aff2d03608351db075ec1348a3afc9ff
 
 [build_requires]
 7zip/[>1.1 <2.1, include_prerelease=True]
 curl/[~1.2.3, loose=False, include_prerelease=True]@test/dev
 boost/[>1.1 <2.1]
-catch2/[2.8]     
+catch2/[2.8]
 openssl/[~=3.0]@test/prod
-cmake/[>1.1 || 0.8] 
+cmake/[>1.1 || 0.8]
 cryptopp/[1.2.7 || >=1.2.9 <2.0.0]@test/local
 #commentedout/1.2
 # commentedout/3.4
@@ -29,4 +30,4 @@ openssl:shared=True
 
 [imports]
 bin, *.dll -> ./bin # Copies all dll files from packages bin folder to my local "bin" folder
-lib, *.dylib* -> ./bin # Copies all dylib files from packages lib folder to my local "bin" folder
+lib, *.dylib* -> ./bin # Copies all dylib files from packages lib folder to my local "bin" folder
diff --git a/lib/modules/manager/conan/extract.spec.ts b/lib/modules/manager/conan/extract.spec.ts
@@ -35,6 +35,16 @@ describe('modules/manager/conan/extract', () => {
           packageName: 'fake/8.62.134@test/dev',
           replaceString: 'fake/8.62.134@test/dev',
         },
+        {
+          autoReplaceStringTemplate:
+            '{{depName}}/{{newValue}}@_/_{{#if newDigest}}#{{newDigest}}{{/if}}',
+          currentDigest: 'aff2d03608351db075ec1348a3afc9ff',
+          currentValue: '1.17.2',
+          depName: 'cairo',
+          depType: 'requires',
+          packageName: 'cairo/1.17.2@_/_',
+          replaceString: 'cairo/1.17.2#aff2d03608351db075ec1348a3afc9ff',
+        },
         {
           autoReplaceStringTemplate:
             '{{depName}}/{{newValue}}@_/_{{#if newDigest}}#{{newDigest}}{{/if}}',

diff --git a/lib/modules/manager/conan/extract.ts b/lib/modules/manager/conan/extract.ts
@@ -4,7 +4,7 @@ import type { PackageDependency, PackageFileContent } from '../types';
 import { isComment } from './common';
 
 const regex = regEx(
-  `(?<name>[-_a-z0-9]+)/(?<version>[^@\n{*"']+)(?<userChannel>@[-_a-zA-Z0-9]+(?:/[^#\n.{*"' ]+|))?#?(?<revision>[-_a-f0-9]+[^\n{*"'])?`,
+  `(?<name>[-_a-z0-9]+)/(?<version>[^@#\n{*"']+)(?<userChannel>@[-_a-zA-Z0-9]+(?:/[^#\n.{*"' ]+|))?#?(?<revision>[-_a-f0-9]+[^\n{*"'])?`,
 );
 
 function setDepType(content: string, originalType: string): string {

diff --git a/lib/modules/manager/gitlabci/common.spec.ts b/lib/modules/manager/gitlabci/common.spec.ts
@@ -1,4 +1,4 @@
-import { Fixtures } from '../../../../test/fixtures';
+import { codeBlock } from 'common-tags';
 import { parseSingleYaml } from '../../../util/yaml';
 import type { GitlabPipeline } from '../gitlabci/types';
 import { replaceReferenceTags } from '../gitlabci/utils';
@@ -9,10 +9,22 @@ import {
   isNonEmptyObject,
 } from './common';
 
-const yamlFileMultiConfig = Fixtures.get('include.2.yaml');
 // TODO: use schema (#9610)
 const pipeline = parseSingleYaml<GitlabPipeline>(
-  replaceReferenceTags(yamlFileMultiConfig),
+  replaceReferenceTags(codeBlock`
+    include:
+    - project: mikebryant/include-source-example
+      file: /template.yaml
+      ref: 1.0.0
+    -   project: mikebryant/include-source-example2
+        file: /template.yaml
+        ref: master
+    - {"project":"mikebryant/include-source-example3", "file": "/template.yaml",}
+    - {}
+
+    script:
+    - !reference [.setup, script]
+    - !reference [arbitrary job name with space and no starting dot, nested1, nested2, nested3]`),
 );
 const includeLocal = { local: 'something' };
 const includeProject = { project: 'something' };

diff --git a/lib/modules/manager/gradle/parser.spec.ts b/lib/modules/manager/gradle/parser.spec.ts
@@ -721,6 +721,7 @@ describe('modules/manager/gradle/parser', () => {
       ${''}                                         | ${'library("foo", "bar", "baz", "qux").version("1.2.3")'}       | ${null}
       ${''}                                         | ${'library("foo.bar", "foo", "bar").version("1.2.3", "4.5.6")'} | ${null}
       ${''}                                         | ${'library("foo", bar, "baz").version("1.2.3")'}                | ${null}
+      ${''}                                         | ${'plugin("foo.bar", "foo")'}                                   | ${null}
       ${''}                                         | ${'plugin("foo.bar", "foo").version("1.2.3")'}                  | ${{ depName: 'foo', currentValue: '1.2.3' }}
       ${''}                                         | ${'alias("foo.bar").to("foo", "bar").version("1.2.3")'}         | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}
       ${'version("baz", "1.2.3")'}                  | ${'alias("foo.bar").to("foo", "bar").versionRef("baz")'}        | ${{ depName: 'foo:bar', currentValue: '1.2.3' }}

diff --git a/lib/modules/manager/gradle/parser/version-catalogs.ts b/lib/modules/manager/gradle/parser/version-catalogs.ts
@@ -79,7 +79,7 @@ const qVersionCatalogPlugins = q
       .handler((ctx) => storeInTokenMap(ctx, 'pluginName'))
       .end(),
   })
-  .opt(qVersionCatalogVersion)
+  .join(qVersionCatalogVersion)
   .handler(handlePlugin)
   .handler(cleanupTempVars);
 

diff --git a/lib/modules/manager/npm/post-update/__fixtures__/update-lockfile-massage-1/package-lock.json b/lib/modules/manager/npm/post-update/__fixtures__/update-lockfile-massage-1/package-lock.json
diff --git a/lib/modules/manager/npm/post-update/__snapshots__/npm.spec.ts.snap b/lib/modules/manager/npm/post-update/__snapshots__/npm.spec.ts.snap
@@ -100,8 +100,8 @@ exports[`modules/manager/npm/post-update/npm performs lock file updates retainin
       "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ=="
     },
     "node_modules/postcss": {
-      "version": "8.4.8",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.8.tgz",
+      "version": "8.4.31",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
       "integrity": "sha512-2tXEqGxrjvAO6U+CJzDL2Fk2kPHTv1jQsYkSoMeOis2SsYaXRO2COxTdQp99cYvif9JTXaAk9lYGc3VhJt7JPQ==",
       "dependencies": {
         "nanoid": "^3.3.1",

diff --git a/lib/modules/platform/github/readme.md b/lib/modules/platform/github/readme.md
@@ -96,7 +96,8 @@ When Renovate runs against repositories on `github.com`, and the environment var
 - `rubygems.pkg.github.com`
 
 <!-- prettier-ignore -->
-!!! warning Users have reported that this feature is not working correctly, so it has been reverted to experimental mode.
+!!! warning
+    We reverted the Package Registry Credentials feature to experimental mode, because users reported it's not working correctly with app tokens.
 
 ## Features awaiting implementation
 

diff --git a/lib/util/cache/package/file.ts b/lib/util/cache/package/file.ts
@@ -2,7 +2,7 @@ import cacache from 'cacache';
 import { DateTime } from 'luxon';
 import upath from 'upath';
 import { logger } from '../../../logger';
-import { compress, decompress } from '../../compress';
+import { compressToBase64, decompressFromBase64 } from '../../compress';
 
 function getKey(namespace: string, key: string): string {
   return `${namespace}-${key}`;
@@ -32,7 +32,7 @@ export async function get<T = never>(
         if (!cachedValue.compress) {
           return cachedValue.value;
         }
-        const res = await decompress(cachedValue.value);
+        const res = await decompressFromBase64(cachedValue.value);
         return JSON.parse(res);
       }
       await rm(namespace, key);
@@ -58,7 +58,7 @@ export async function set(
     getKey(namespace, key),
     JSON.stringify({
       compress: true,
-      value: await compress(JSON.stringify(value)),
+      value: await compressToBase64(value),
       expiry: DateTime.local().plus({ minutes: ttlMinutes }),
     }),
   );

diff --git a/lib/util/cache/package/redis.ts b/lib/util/cache/package/redis.ts
@@ -2,7 +2,7 @@
 import { DateTime } from 'luxon';
 import { createClient } from 'redis';
 import { logger } from '../../../logger';
-import { compress, decompress } from '../../compress';
+import { compressToBase64, decompressFromBase64 } from '../../compress';
 
 let client: ReturnType<typeof createClient> | undefined;
 let rprefix: string | undefined;
@@ -43,7 +43,7 @@ export async function get<T = never>(
         if (!cachedValue.compress) {
           return cachedValue.value;
         }
-        const res = await decompress(cachedValue.value);
+        const res = await decompressFromBase64(cachedValue.value);
         return JSON.parse(res);
       }
       // istanbul ignore next
@@ -71,7 +71,7 @@ export async function set(
       getKey(namespace, key),
       JSON.stringify({
         compress: true,
-        value: await compress(JSON.stringify(value)),
+        value: await compressToBase64(value),
         expiry: DateTime.local().plus({ minutes: ttlMinutes }),
       }),
       { EX: redisTTL },

diff --git a/lib/util/cache/repository/impl/base.ts b/lib/util/cache/repository/impl/base.ts
@@ -1,7 +1,7 @@
 import is from '@sindresorhus/is';
 import { GlobalConfig } from '../../../../config/global';
 import { logger } from '../../../../logger';
-import { compress, decompress } from '../../../compress';
+import { compressToBase64, decompressFromBase64 } from '../../../compress';
 import { hash } from '../../../hash';
 import { safeStringify } from '../../../stringify';
 import { CACHE_REVISION } from '../common';
@@ -41,7 +41,7 @@ export abstract class RepoCacheBase implements RepoCache {
       logger.debug('Repository cache fingerprint is invalid');
       return;
     }
-    const jsonStr = await decompress(oldCache.payload);
+    const jsonStr = await decompressFromBase64(oldCache.payload);
     this.data = RepoCacheBase.parseData(jsonStr);
     this.oldHash = oldCache.hash;
   }
@@ -80,7 +80,7 @@ export abstract class RepoCacheBase implements RepoCache {
     const repository = this.repository;
     const fingerprint = this.fingerprint;
 
-    const payload = await compress(jsonStr);
+    const payload = await compressToBase64(jsonStr);
 
     await this.write({
       revision,

diff --git a/lib/util/cache/repository/impl/local.spec.ts b/lib/util/cache/repository/impl/local.spec.ts
@@ -1,7 +1,7 @@
 import { fs } from '../../../../../test/util';
 import { GlobalConfig } from '../../../../config/global';
 import { logger } from '../../../../logger';
-import { compress } from '../../../compress';
+import { compressToBase64 } from '../../../compress';
 import { hash } from '../../../hash';
 import { CACHE_REVISION } from '../common';
 import type { RepoCacheRecord } from '../schema';
@@ -21,7 +21,7 @@ async function createCacheRecord(
 
   const jsonStr = JSON.stringify(data);
   const hashedJsonStr = hash(jsonStr);
-  const payload = await compress(jsonStr);
+  const payload = await compressToBase64(jsonStr);
 
   return {
     revision,

diff --git a/lib/util/compress.spec.ts b/lib/util/compress.spec.ts
@@ -1,13 +1,23 @@
-import { compress, decompress } from './compress';
+import { compressToBase64, decompressFromBase64 } from './compress';
 
 describe('util/compress', () => {
-  it('works', async () => {
+  it('compresses strings', async () => {
     const input = 'foobar';
 
-    const compressed = await compress(input);
+    const compressed = await compressToBase64(input);
     expect(compressed).toBe('iwKAZm9vYmFyAw==');
 
-    const decompressed = await decompress(compressed);
+    const decompressed = await decompressFromBase64(compressed);
     expect(decompressed).toBe(input);
   });
+
+  it('compresses objects', async () => {
+    const input = { foo: 'bar' };
+
+    const compressed = await compressToBase64(input);
+    expect(compressed).toBe('CwaAeyJmb28iOiJiYXIifQM=');
+
+    const decompressed = await decompressFromBase64(compressed);
+    expect(JSON.parse(decompressed)).toEqual(input);
+  });
 });
diff --git a/lib/util/compress.ts b/lib/util/compress.ts
@@ -1,11 +1,16 @@
 import { promisify } from 'node:util';
 import zlib, { constants } from 'node:zlib';
+import is from '@sindresorhus/is';
 
 const brotliCompress = promisify(zlib.brotliCompress);
 const brotliDecompress = promisify(zlib.brotliDecompress);
 
-export async function compress(input: string): Promise<string> {
-  const buf = await brotliCompress(input, {
+/**
+ * @deprecated
+ */
+export async function compressToBase64(input: unknown): Promise<string> {
+  const jsonStr = is.string(input) ? input : JSON.stringify(input);
+  const buf = await brotliCompress(jsonStr, {
     params: {
       [constants.BROTLI_PARAM_MODE]: constants.BROTLI_MODE_TEXT,
       [constants.BROTLI_PARAM_QUALITY]: 8,
@@ -14,7 +19,10 @@ export async function compress(input: string): Promise<string> {
   return buf.toString('base64');
 }
 
-export async function decompress(input: string): Promise<string> {
+/**
+ * @deprecated
+ */
+export async function decompressFromBase64(input: string): Promise<string> {
   const buf = Buffer.from(input, 'base64');
   const str = await brotliDecompress(buf);
   return str.toString('utf8');

diff --git a/package.json b/package.json
@@ -152,7 +152,7 @@
     "@aws-sdk/client-s3": "3.363.0",
     "@aws-sdk/credential-providers": "3.363.0",
     "@breejs/later": "4.2.0",
-    "@cdktf/hcl2json": "0.20.0",
+    "@cdktf/hcl2json": "0.20.1",
     "@opentelemetry/api": "1.7.0",
     "@opentelemetry/context-async-hooks": "1.19.0",
     "@opentelemetry/exporter-trace-otlp-http": "0.46.0",
@@ -176,7 +176,7 @@
     "aggregate-error": "3.1.0",
     "auth-header": "1.0.0",
     "aws4": "1.12.0",
-    "azure-devops-node-api": "12.1.0",
+    "azure-devops-node-api": "12.3.0",
     "bunyan": "1.8.15",
     "cacache": "18.0.2",
     "cacheable-lookup": "5.0.4",
@@ -203,7 +203,7 @@
     "glob": "10.3.10",
     "global-agent": "3.0.0",
     "good-enough-parser": "1.1.23",
-    "google-auth-library": "9.4.1",
+    "google-auth-library": "9.4.2",
     "got": "11.8.6",
     "graph-data-structure": "3.5.0",
     "handlebars": "4.7.8",
@@ -348,7 +348,7 @@
     "typescript": "5.3.3",
     "unified": "9.2.2"
   },
-  "packageManager": "pnpm@8.14.0",
+  "packageManager": "pnpm@8.14.1",
   "files": [
     "dist",
     "renovate-schema.json"