fixing bug with directory name when the dependency name contains slashes

dist/index.js

@@ -13453,10 +13453,8 @@ var update_metadata_awaiter = (undefined && undefined.__awaiter) || function (th
 };
 
 function parse(commitMessage, branchName, mainBranch, lookup) {
-    var _a, _b, _c, _d, _e, _f;
+    var _a, _b, _c, _d;
     return update_metadata_awaiter(this, void 0, void 0, function* () {
-        const firstLine = commitMessage.split('\n')[0];
-        const directory = firstLine.match(/ in (?<directory>[^ ]+)$/);
         const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>\d[^ ]*) to (?<to>\d[^ ]*)\.$/m);
         const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m);
         if ((yamlFragment === null || yamlFragment === void 0 ? void 0 : yamlFragment.groups) && branchName.startsWith('dependabot')) {
@@ -13464,12 +13462,12 @@ function parse(commitMessage, branchName, mainBranch, lookup) {
             // Since we are on the `dependabot` branch (9 letters), the 10th letter in the branch name is the delimiter
             const delim = branchName[10];
             const chunks = branchName.split(delim);
-            const dirname = (_b = (_a = directory === null || directory === void 0 ? void 0 : directory.groups) === null || _a === void 0 ? void 0 : _a.directory) !== null && _b !== void 0 ? _b : '/';
-            const prev = (_d = (_c = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _c === void 0 ? void 0 : _c.from) !== null && _d !== void 0 ? _d : '';
-            const next = (_f = (_e = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _e === void 0 ? void 0 : _e.to) !== null && _f !== void 0 ? _f : '';
+            const prev = (_b = (_a = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _a === void 0 ? void 0 : _a.from) !== null && _b !== void 0 ? _b : '';
+            const next = (_d = (_c = bumpFragment === null || bumpFragment === void 0 ? void 0 : bumpFragment.groups) === null || _c === void 0 ? void 0 : _c.to) !== null && _d !== void 0 ? _d : '';
             if (data['updated-dependencies']) {
                 return yield Promise.all(data['updated-dependencies'].map((dependency, index) => update_metadata_awaiter(this, void 0, void 0, function* () {
-                    return (Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType: dependency['update-type'], directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: index === 0 ? prev : '', newVersion: index === 0 ? next : '' }, yield lookup(dependency['dependency-name'], index === 0 ? prev : '', dirname)));
+                    const dirname = `/${chunks.slice(2, -1 * (1 + (dependency['dependency-name'].match(/\//g) || []).length)).join(delim) || ''}`;
+                    return Object.assign({ dependencyName: dependency['dependency-name'], dependencyType: dependency['dependency-type'], updateType: dependency['update-type'], directory: dirname, packageEcosystem: chunks[1], targetBranch: mainBranch, prevVersion: index === 0 ? prev : '', newVersion: index === 0 ? next : '' }, yield lookup(dependency['dependency-name'], index === 0 ? prev : '', dirname));
                 })));
             }
         }

src/dependabot/update_metadata.test.ts

@@ -2,12 +2,11 @@ import * as updateMetadata from './update_metadata'
 
 test('it returns an empty array for a blank string', async () => {
   const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
-  expect(updateMetadata.parse('', 'dependabot/nuget/feature1', 'main', getAlert)).resolves.toEqual([])
+  expect(updateMetadata.parse('', 'dependabot/nuget/coffee-rails', 'main', getAlert)).resolves.toEqual([])
 })
 
 test('it returns an empty array for commit message with no dependabot yaml fragment', async () => {
-  const commitMessage = `Bump coffee-rails from 4.0.1 to 4.2.2
-  Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.
+  const commitMessage = `Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.
   - [Release notes](https://github.com/rails/coffee-rails/releases)
   - [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)
   - [Commits](rails/coffee-rails@v4.0.1...v4.2.2)
@@ -15,12 +14,11 @@ test('it returns an empty array for commit message with no dependabot yaml fragm
   Signed-off-by: dependabot[bot] <support@github.com>`
 
   const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
-  expect(updateMetadata.parse(commitMessage, 'dependabot/nuget/feature1', 'main', getAlert)).resolves.toEqual([])
+  expect(updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert)).resolves.toEqual([])
 })
 
 test('it returns the updated dependency information when there is a yaml fragment', async () => {
   const commitMessage =
-    'Bump coffee-rails from 4.0.1 to 4.2.2\n' +
     'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' +
     '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
     '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' +
@@ -36,7 +34,7 @@ test('it returns the updated dependency information when there is a yaml fragmen
     'Signed-off-by: dependabot[bot] <support@github.com>'
 
   const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
-  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/feature1', 'main', getAlert)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/coffee-rails', 'main', getAlert)
 
   expect(updatedDependencies).toHaveLength(1)
 
@@ -55,7 +53,6 @@ test('it returns the updated dependency information when there is a yaml fragmen
 
 test('it supports multiple dependencies within a single fragment', async () => {
   const commitMessage =
-    'Bump coffee-rails from 4.0.1 to 4.2.2 in /api/main\n' +
     'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' +
     '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
     '- [Changelog](https://github.com/rails/coffee-rails/blob/master/CHANGELOG.md)\n' +
@@ -81,7 +78,7 @@ test('it supports multiple dependencies within a single fragment', async () => {
     return Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
   }
 
-  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/api/main/feature1', 'main', getAlert)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/api/main/coffee-rails', 'main', getAlert)
 
   expect(updatedDependencies).toHaveLength(2)
 
@@ -133,7 +130,7 @@ test('it only returns information within the first fragment if there are multipl
     'Signed-off-by: dependabot[bot] <support@github.com>'
 
   const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
-  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot|nuget|feature1', 'main', getAlert)
+  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot|nuget|coffee-rails', 'main', getAlert)
 
   expect(updatedDependencies).toHaveLength(1)
 
@@ -149,3 +146,36 @@ test('it only returns information within the first fragment if there are multipl
   expect(updatedDependencies[0].ghsaId).toEqual('')
   expect(updatedDependencies[0].cvss).toEqual(0)
 })
+
+test('it properly handles dependencies which contain slashes', async () => {
+  const commitMessage =
+    '- [Release notes](https://github.com/rails/coffee/releases)\n' +
+    '- [Changelog](https://github.com/rails/coffee/blob/master/CHANGELOG.md)\n' +
+    '- [Commits](rails/coffee@v4.0.1...v4.2.2)\n' +
+    '\n' +
+    '---\n' +
+    'updated-dependencies:\n' +
+    '- dependency-name: rails/coffee\n' +
+    '  dependency-type: direct:production\n' +
+    '  update-type: version-update:semver-minor\n' +
+    '...\n' +
+    '\n' +
+    'Signed-off-by: dependabot[bot] <support@github.com>'
+
+  const getAlert = async () => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })
+  const updatedDependencies = await updateMetadata.parse(commitMessage, 'dependabot/nuget/api/rails/coffee', 'main', getAlert)
+
+  expect(updatedDependencies).toHaveLength(1)
+
+  expect(updatedDependencies[0].dependencyName).toEqual('rails/coffee')
+  expect(updatedDependencies[0].dependencyType).toEqual('direct:production')
+  expect(updatedDependencies[0].updateType).toEqual('version-update:semver-minor')
+  expect(updatedDependencies[0].directory).toEqual('/api')
+  expect(updatedDependencies[0].packageEcosystem).toEqual('nuget')
+  expect(updatedDependencies[0].targetBranch).toEqual('main')
+  expect(updatedDependencies[0].prevVersion).toEqual('')
+  expect(updatedDependencies[0].newVersion).toEqual('')
+  expect(updatedDependencies[0].alertState).toEqual('')
+  expect(updatedDependencies[0].ghsaId).toEqual('')
+  expect(updatedDependencies[0].cvss).toEqual(0)
+})

src/dependabot/update_metadata.ts

@@ -22,8 +22,6 @@ export interface alertLookup {
 }
 
 export async function parse (commitMessage: string, branchName: string, mainBranch: string, lookup: alertLookup): Promise<Array<updatedDependency>> {
-  const firstLine = commitMessage.split('\n')[0]
-  const directory = firstLine.match(/ in (?<directory>[^ ]+)$/)
   const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>\d[^ ]*) to (?<to>\d[^ ]*)\.$/m)
   const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)
 
@@ -33,22 +31,24 @@ export async function parse (commitMessage: string, branchName: string, mainBran
     // Since we are on the `dependabot` branch (9 letters), the 10th letter in the branch name is the delimiter
     const delim = branchName[10]
     const chunks = branchName.split(delim)
-    const dirname = directory?.groups?.directory ?? '/'
     const prev = bumpFragment?.groups?.from ?? ''
     const next = bumpFragment?.groups?.to ?? ''
 
     if (data['updated-dependencies']) {
-      return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => ({
-        dependencyName: dependency['dependency-name'],
-        dependencyType: dependency['dependency-type'],
-        updateType: dependency['update-type'],
-        directory: dirname,
-        packageEcosystem: chunks[1],
-        targetBranch: mainBranch,
-        prevVersion: index === 0 ? prev : '',
-        newVersion: index === 0 ? next : '',
-        ...await lookup(dependency['dependency-name'], index === 0 ? prev : '', dirname)
-      })))
+      return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {
+        const dirname = `/${chunks.slice(2, -1 * (1 + (dependency['dependency-name'].match(/\//g) || []).length)).join(delim) || ''}`
+        return {
+          dependencyName: dependency['dependency-name'],
+          dependencyType: dependency['dependency-type'],
+          updateType: dependency['update-type'],
+          directory: dirname,
+          packageEcosystem: chunks[1],
+          targetBranch: mainBranch,
+          prevVersion: index === 0 ? prev : '',
+          newVersion: index === 0 ? next : '',
+          ...await lookup(dependency['dependency-name'], index === 0 ? prev : '', dirname)
+        }
+      }))
     }
   }
 

src/main.test.ts

@@ -170,7 +170,7 @@ test('if there are multiple dependencies, it summarizes them', async () => {
         dependencyName: 'coffee-rails',
         dependencyType: 'direct:production',
         updateType: 'version-update:semver-minor',
-        directory: 'api/main',
+        directory: '/api/main',
         packageEcosystem: 'npm_and_yarn',
         targetBranch: 'trunk',
         prevVersion: '4.0.1',
@@ -183,7 +183,7 @@ test('if there are multiple dependencies, it summarizes them', async () => {
         dependencyName: 'coffeescript',
         dependencyType: 'indirect',
         updateType: 'version-update:semver-major',
-        directory: 'api/main',
+        directory: '/api/main',
         packageEcosystem: 'npm_and_yarn',
         targetBranch: 'trunk',
         prevVersion: '',
@@ -198,7 +198,7 @@ test('if there are multiple dependencies, it summarizes them', async () => {
   expect(core.setOutput).toBeCalledWith('dependency-names', 'coffee-rails, coffeescript')
   expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:production')
   expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-major')
-  expect(core.setOutput).toBeCalledWith('directory', 'api/main')
+  expect(core.setOutput).toBeCalledWith('directory', '/api/main')
   expect(core.setOutput).toBeCalledWith('package-ecosystem', 'npm_and_yarn')
   expect(core.setOutput).toBeCalledWith('target-branch', 'trunk')
   expect(core.setOutput).toBeCalledWith('previous-version', '4.0.1')