dependabot-bundler 0.117.10 → 0.117.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2948a844ac190f6d04d4aca42fc77129cfee23da3ade8ae92abed1570f2ad7f6
|
|
4
|
+
data.tar.gz: 7578230a33de7b16aed1026c8e2c9341b96e1f2a45893ea08c29eb68481186b3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6562f412cd62871c0e27bbfc6a378b8e625ca93e7868b001c65403d39f823bf782c75bc07edc374ae13e946114691b9f95655d1625a121dd9a74d8ce3aabd145
|
|
7
|
+
data.tar.gz: 5a6d586ad3b76c2dde0f7e29a292a0ea722ba50635d1660176a8d0acad6834d713f1ea615c405a1e78b76d331c7434d7ac3829c6c05b8ab9d8394972dc15ffe0
|
|
@@ -167,6 +167,7 @@ module Dependabot
|
|
|
167
167
|
unprepared_dependency_files: dependency_files,
|
|
168
168
|
credentials: credentials,
|
|
169
169
|
ignored_versions: ignored_versions,
|
|
170
|
+
raise_on_ignored: raise_on_ignored,
|
|
170
171
|
replacement_git_pin: tag
|
|
171
172
|
).latest_resolvable_version_details
|
|
172
173
|
true
|
|
@@ -348,6 +349,7 @@ module Dependabot
|
|
|
348
349
|
unprepared_dependency_files: dependency_files,
|
|
349
350
|
credentials: credentials,
|
|
350
351
|
ignored_versions: ignored_versions,
|
|
352
|
+
raise_on_ignored: raise_on_ignored,
|
|
351
353
|
remove_git_source: remove_git_source,
|
|
352
354
|
unlock_requirement: unlock_requirement,
|
|
353
355
|
latest_allowable_version: latest_version
|
|
@@ -369,6 +371,7 @@ module Dependabot
|
|
|
369
371
|
dependency_files: prepared_dependency_files,
|
|
370
372
|
credentials: credentials,
|
|
371
373
|
ignored_versions: ignored_versions,
|
|
374
|
+
raise_on_ignored: raise_on_ignored,
|
|
372
375
|
security_advisories: security_advisories
|
|
373
376
|
)
|
|
374
377
|
end
|
|
@@ -19,11 +19,13 @@ module Dependabot
|
|
|
19
19
|
include SharedBundlerHelpers
|
|
20
20
|
|
|
21
21
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
22
|
-
ignored_versions:,
|
|
22
|
+
ignored_versions:, raise_on_ignored: false,
|
|
23
|
+
security_advisories:)
|
|
23
24
|
@dependency = dependency
|
|
24
25
|
@dependency_files = dependency_files
|
|
25
26
|
@credentials = credentials
|
|
26
27
|
@ignored_versions = ignored_versions
|
|
28
|
+
@raise_on_ignored = raise_on_ignored
|
|
27
29
|
@security_advisories = security_advisories
|
|
28
30
|
end
|
|
29
31
|
|
|
@@ -57,8 +59,8 @@ module Dependabot
|
|
|
57
59
|
|
|
58
60
|
relevant_versions = registry_versions
|
|
59
61
|
relevant_versions = filter_prerelease_versions(relevant_versions)
|
|
60
|
-
relevant_versions = filter_ignored_versions(relevant_versions)
|
|
61
62
|
relevant_versions = filter_vulnerable_versions(relevant_versions)
|
|
63
|
+
relevant_versions = filter_ignored_versions(relevant_versions)
|
|
62
64
|
relevant_versions = filter_lower_versions(relevant_versions)
|
|
63
65
|
|
|
64
66
|
relevant_versions.min
|
|
@@ -71,8 +73,13 @@ module Dependabot
|
|
|
71
73
|
end
|
|
72
74
|
|
|
73
75
|
def filter_ignored_versions(versions_array)
|
|
74
|
-
versions_array.
|
|
75
|
-
|
|
76
|
+
filtered = versions_array.
|
|
77
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
78
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
79
|
+
raise AllVersionsIgnored
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
filtered
|
|
76
83
|
end
|
|
77
84
|
|
|
78
85
|
def filter_vulnerable_versions(versions_array)
|
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
|
25
25
|
|
|
26
26
|
def initialize(dependency:, unprepared_dependency_files:,
|
|
27
27
|
credentials:, ignored_versions:,
|
|
28
|
+
raise_on_ignored: false,
|
|
28
29
|
replacement_git_pin: nil, remove_git_source: false,
|
|
29
30
|
unlock_requirement: true,
|
|
30
31
|
latest_allowable_version: nil)
|
|
@@ -32,6 +33,7 @@ module Dependabot
|
|
|
32
33
|
@unprepared_dependency_files = unprepared_dependency_files
|
|
33
34
|
@credentials = credentials
|
|
34
35
|
@ignored_versions = ignored_versions
|
|
36
|
+
@raise_on_ignored = raise_on_ignored
|
|
35
37
|
@replacement_git_pin = replacement_git_pin
|
|
36
38
|
@remove_git_source = remove_git_source
|
|
37
39
|
@unlock_requirement = unlock_requirement
|
|
@@ -270,6 +272,7 @@ module Dependabot
|
|
|
270
272
|
dependency_files: dependency_files,
|
|
271
273
|
credentials: credentials,
|
|
272
274
|
ignored_versions: ignored_versions,
|
|
275
|
+
raise_on_ignored: @raise_on_ignored,
|
|
273
276
|
security_advisories: []
|
|
274
277
|
).latest_version_details
|
|
275
278
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|