RubyGems - dependabot-bun - Versions diffs - 0.365.0 → 0.366.0 - Mend

dependabot-bun 0.365.0 → 0.366.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/bun/file_updater/package_json_updater.rb +8 -24
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bfac1053c413c5e8e45078b1ad3f93399cec8424a7414626b0e1893aae08d56a
-  data.tar.gz: 017d7f541d8d3b4c7e416dc67b24d158cd7fa6ecb447c10ce5068b8a0041b149
+  metadata.gz: e9924d7d1cda3bed963b35ae4259b4287815e402aaeeda628f448e39346f5573
+  data.tar.gz: fda9c37bbe7e38fc29f6526e32da6dc479d97287d709f65f3f82953d7712947c
 SHA512:
-  metadata.gz: 98aadaa40867e79bf5caeb4b487cda78466226555c6a55de72119e26ebf0748ad79e9195be93bbf794d74cf4d87b9da95858304b9147c7306706f53c4c9bd78f
-  data.tar.gz: 11a25d32f203175443b74e6a2c4875dd3862bb4bb3ec3cfcfa93c0825f5ef2a833b62a204989d1dda37f952f91b5d8214563e887ecfd970f40a073ee60902e8f
+  metadata.gz: 19fca763c06a4f26d3df6e268585bd35b9ee36757948967a6be2f6814541b289581a0d91b242d4f80910eeff01e2ead07634a37464722a87d569d01e06695ca8
+  data.tar.gz: 94ad2b16d5397402fd2fa9eb82719c97e7b065a1fd43658d4d3d09d1a9a0df934a76c04080be548f15832454be09df68e3e8a9fe08b68b93fd6504e5ec982ae1

data/lib/dependabot/bun/file_updater/package_json_updater.rb CHANGED Viewed

@@ -41,8 +41,6 @@ module Dependabot
         sig { returns(T::Array[Dependabot::Dependency]) }
         attr_reader :dependencies
-        # rubocop:disable Metrics/PerceivedComplexity
         sig { returns(T.nilable(String)) }
         def updated_package_json_content
           # checks if we are updating single dependency in package.json
@@ -59,27 +57,14 @@ module Dependabot
                 new_req: new_req
               )
-              if Dependabot::Experiments.enabled?(:avoid_duplicate_updates_package_json) &&
-                 content == new_content && unique_deps_count > 1
-                # (we observed that) package.json does not always contains the same dependencies compared to
-                # "dependencies" list, for example, dependencies object can contain same name dependency "dep"=> "1.0.0"
-                # and "dev" => "1.0.1" while package.json can only contain "dep" => "1.0.0",the other dependency is
-                # not present in package.json so we don't have to update it, this is most likely (as observed)
-                # a transitive dependency which only needs update in lockfile, So we avoid throwing exception and let
-                # the update continue.
-                Dependabot.logger.info(
-                  "experiment: avoid_duplicate_updates_package_json.
-                Updating package.json for #{dep.name} "
-                )
-                raise "Expected content to change!"
-              end
-              if !Dependabot::Experiments.enabled?(:avoid_duplicate_updates_package_json) && (content == new_content)
-                raise "Expected content to change!"
-              end
+              # package.json does not always contain the same dependencies compared to the
+              # "dependencies" list. For example, the dependencies object can contain same name dependency
+              # "dep" => "1.0.0" and "dev" => "1.0.1" while package.json can only contain "dep" => "1.0.0".
+              # The other dependency is not present in package.json so we don't have to update it — this is
+              # most likely a transitive dependency which only needs an update in the lockfile. For a batch
+              # with a single unique dependency name we tolerate this no-op update, but when multiple unique
+              # dependencies are being updated and none change the content we treat that as unexpected and raise.
+              raise "Expected content to change!" if content == new_content && unique_deps_count > 1
               content = new_content
             end
@@ -98,7 +83,6 @@ module Dependabot
             content
           end
         end
-        # rubocop:enable Metrics/PerceivedComplexity
         sig do
           params(
             dependency: Dependabot::Dependency,

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bun
 version: !ruby/object:Gem::Version
-  version: 0.365.0
+  version: 0.366.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.365.0
+        version: 0.366.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.365.0
+        version: 0.366.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -347,7 +347,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.365.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.366.0
 rdoc_options: []
 require_paths:
 - lib