dependabot-bundler 0.104.0 → 0.104.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 188b7d26a9b823b918edb744eb45ce401b0763ce98a82d9b836880cfb41f05a4
|
|
4
|
+
data.tar.gz: f7ceb08ce85a9bf0cec07e1825146d0f6e8ed9eba0def89368f63ba89edf95db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b32f991ab5515799312cc8af470eaeb7fc4952860033b86a65bebff1b64a27470aedc340da0121d57b3dcb8ef411482685dd79bd3524b810fc5a486c02b12102
|
|
7
|
+
data.tar.gz: 69fef0900abf881d96bcc632d7f92ad5536711d09f89c47a5e34e7d9b8f1a9cd670128ee17c9bcd6e72467c2738c06927c1f1aa70de46090bef75ce01fa599c8
|
|
@@ -56,29 +56,27 @@ module Dependabot
|
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
def updated_requirements
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
fetch(:version)&.
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
).updated_requirements
|
|
81
|
-
end
|
|
59
|
+
latest_version_for_req_updater =
|
|
60
|
+
if switching_source_from_git_to_rubygems?
|
|
61
|
+
git_commit_checker.local_tag_for_latest_version.fetch(:version).to_s
|
|
62
|
+
else
|
|
63
|
+
latest_version_details&.fetch(:version)&.to_s
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
latest_resolvable_version_for_req_updater =
|
|
67
|
+
if switching_source_from_git_to_rubygems?
|
|
68
|
+
latest_version_for_req_updater
|
|
69
|
+
else
|
|
70
|
+
preferred_resolvable_version_details&.fetch(:version)&.to_s
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
RequirementsUpdater.new(
|
|
74
|
+
requirements: dependency.requirements,
|
|
75
|
+
update_strategy: requirements_update_strategy,
|
|
76
|
+
updated_source: updated_source,
|
|
77
|
+
latest_version: latest_version_for_req_updater,
|
|
78
|
+
latest_resolvable_version: latest_resolvable_version_for_req_updater
|
|
79
|
+
).updated_requirements
|
|
82
80
|
end
|
|
83
81
|
|
|
84
82
|
def requirements_unlocked_or_can_be?
|
|
@@ -142,7 +140,9 @@ module Dependabot
|
|
|
142
140
|
|
|
143
141
|
def resolvable?(version)
|
|
144
142
|
@resolvable ||= {}
|
|
145
|
-
@resolvable[version]
|
|
143
|
+
return @resolvable[version] if @resolvable.key?(version)
|
|
144
|
+
|
|
145
|
+
@resolvable[version] =
|
|
146
146
|
begin
|
|
147
147
|
ForceUpdater.new(
|
|
148
148
|
dependency: dependency,
|
|
@@ -250,17 +250,10 @@ module Dependabot
|
|
|
250
250
|
end
|
|
251
251
|
|
|
252
252
|
def latest_git_tag_is_resolvable?
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
@latest_git_tag_is_resolvable_checked = true
|
|
256
|
-
|
|
257
|
-
return false if git_commit_checker.local_tag_for_latest_version.nil?
|
|
253
|
+
latest_tag_details = git_commit_checker.local_tag_for_latest_version
|
|
254
|
+
return false unless latest_tag_details
|
|
258
255
|
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
@git_tag_resolvable = true
|
|
262
|
-
rescue Dependabot::DependencyFileNotResolvable
|
|
263
|
-
@git_tag_resolvable = false
|
|
256
|
+
resolvable?(latest_tag_details.fetch(:version))
|
|
264
257
|
end
|
|
265
258
|
|
|
266
259
|
def git_branch_or_ref_in_release?(release)
|
|
@@ -303,6 +296,12 @@ module Dependabot
|
|
|
303
296
|
Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
|
|
304
297
|
end
|
|
305
298
|
|
|
299
|
+
def switching_source_from_git_to_rubygems?
|
|
300
|
+
return false unless updated_source&.fetch(:ref, nil)
|
|
301
|
+
|
|
302
|
+
updated_source.fetch(:ref) != dependency_source_details.fetch(:ref)
|
|
303
|
+
end
|
|
304
|
+
|
|
306
305
|
def force_updater
|
|
307
306
|
@force_updater ||=
|
|
308
307
|
ForceUpdater.new(
|
|
@@ -322,21 +321,6 @@ module Dependabot
|
|
|
322
321
|
)
|
|
323
322
|
end
|
|
324
323
|
|
|
325
|
-
def latest_resolvable_version_details_with_updated_git_source
|
|
326
|
-
@latest_resolvable_version_details_with_updated_git_source ||=
|
|
327
|
-
begin
|
|
328
|
-
replacement_tag = git_commit_checker.local_tag_for_latest_version
|
|
329
|
-
|
|
330
|
-
VersionResolver.new(
|
|
331
|
-
dependency: dependency,
|
|
332
|
-
unprepared_dependency_files: dependency_files,
|
|
333
|
-
credentials: credentials,
|
|
334
|
-
ignored_versions: ignored_versions,
|
|
335
|
-
replacement_git_pin: replacement_tag.fetch(:tag)
|
|
336
|
-
).latest_resolvable_version_details
|
|
337
|
-
end
|
|
338
|
-
end
|
|
339
|
-
|
|
340
324
|
def version_resolver(remove_git_source:, unlock_requirement: true)
|
|
341
325
|
@version_resolver ||= {}
|
|
342
326
|
@version_resolver[remove_git_source] ||= {}
|
|
@@ -168,7 +168,10 @@ module Dependabot
|
|
|
168
168
|
new_req = Gem::Requirement.create("= #{target_version}")
|
|
169
169
|
definition.dependencies.
|
|
170
170
|
find { |d| d.name == dependency.name }.
|
|
171
|
-
|
|
171
|
+
tap do |dep|
|
|
172
|
+
dep.instance_variable_set(:@requirement, new_req)
|
|
173
|
+
dep.source = nil if dep.source.is_a?(::Bundler::Source::Git)
|
|
174
|
+
end
|
|
172
175
|
|
|
173
176
|
definition
|
|
174
177
|
end
|
|
@@ -41,8 +41,7 @@ module Dependabot
|
|
|
41
41
|
:ignored_versions, :security_advisories
|
|
42
42
|
|
|
43
43
|
def fetch_latest_version_details
|
|
44
|
-
if dependency_source.is_a?(::Bundler::Source::Git)
|
|
45
|
-
dependency.name != "bundler"
|
|
44
|
+
if dependency_source.is_a?(::Bundler::Source::Git)
|
|
46
45
|
return latest_git_version_details
|
|
47
46
|
end
|
|
48
47
|
|
|
@@ -66,8 +65,9 @@ module Dependabot
|
|
|
66
65
|
end
|
|
67
66
|
|
|
68
67
|
def filter_prerelease_versions(versions_array)
|
|
69
|
-
versions_array
|
|
70
|
-
|
|
68
|
+
return versions_array if wants_prerelease?
|
|
69
|
+
|
|
70
|
+
versions_array.reject(&:prerelease?)
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
def filter_ignored_versions(versions_array)
|
|
@@ -76,13 +76,8 @@ module Dependabot
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def filter_vulnerable_versions(versions_array)
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
security_advisories.each do |advisory|
|
|
82
|
-
arr = arr.reject { |v| advisory.vulnerable?(v) }
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
arr
|
|
79
|
+
versions_array.
|
|
80
|
+
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
|
86
81
|
end
|
|
87
82
|
|
|
88
83
|
def filter_lower_versions(versions_array)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.104.
|
|
4
|
+
version: 0.104.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.104.
|
|
19
|
+
version: 0.104.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.104.
|
|
26
|
+
version: 0.104.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|