dependabot-bundler 0.117.7 → 0.118.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a6dd2c977c2cfb8b8a0d6627878a012e497e832401ee9fa2af90e1cbedd49386
|
|
4
|
+
data.tar.gz: d371923a5143f85857e27ba14165fc6daf6d927afd62145078f5e0357c87d0f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 947cfd229e9ad50bc411a7ecf2c3d5f27a05c99a0d0d7091a360b4012d591401d524ddc7ba82993b3919439e8e1a8c4f6f94889f5c8ee3281835fbeb65a0e583
|
|
7
|
+
data.tar.gz: b2ed6f3100c6151c040ed0ed35285c4c7cbf663492939cbb9311a2a8f29adbb1c200ff631b8f4d30f646d706a62e6c00b73021f8a9645c652c6c500653bb0fd9
|
|
@@ -159,7 +159,15 @@ module Dependabot
|
|
|
159
159
|
return false unless node.children.first&.type == :lvar
|
|
160
160
|
return false unless node.children[1] == :files=
|
|
161
161
|
|
|
162
|
-
node.children[2]
|
|
162
|
+
node_dynamically_lists_files?(node.children[2])
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
def node_dynamically_lists_files?(node)
|
|
166
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
167
|
+
|
|
168
|
+
return true if node.type == :send
|
|
169
|
+
|
|
170
|
+
node.type == :block && node.children.first&.type == :send
|
|
163
171
|
end
|
|
164
172
|
|
|
165
173
|
def node_assigns_require_paths?(node)
|
|
@@ -167,6 +167,7 @@ module Dependabot
|
|
|
167
167
|
unprepared_dependency_files: dependency_files,
|
|
168
168
|
credentials: credentials,
|
|
169
169
|
ignored_versions: ignored_versions,
|
|
170
|
+
raise_on_ignored: raise_on_ignored,
|
|
170
171
|
replacement_git_pin: tag
|
|
171
172
|
).latest_resolvable_version_details
|
|
172
173
|
true
|
|
@@ -348,6 +349,7 @@ module Dependabot
|
|
|
348
349
|
unprepared_dependency_files: dependency_files,
|
|
349
350
|
credentials: credentials,
|
|
350
351
|
ignored_versions: ignored_versions,
|
|
352
|
+
raise_on_ignored: raise_on_ignored,
|
|
351
353
|
remove_git_source: remove_git_source,
|
|
352
354
|
unlock_requirement: unlock_requirement,
|
|
353
355
|
latest_allowable_version: latest_version
|
|
@@ -369,6 +371,7 @@ module Dependabot
|
|
|
369
371
|
dependency_files: prepared_dependency_files,
|
|
370
372
|
credentials: credentials,
|
|
371
373
|
ignored_versions: ignored_versions,
|
|
374
|
+
raise_on_ignored: raise_on_ignored,
|
|
372
375
|
security_advisories: security_advisories
|
|
373
376
|
)
|
|
374
377
|
end
|
|
@@ -19,11 +19,13 @@ module Dependabot
|
|
|
19
19
|
include SharedBundlerHelpers
|
|
20
20
|
|
|
21
21
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
22
|
-
ignored_versions:,
|
|
22
|
+
ignored_versions:, raise_on_ignored: false,
|
|
23
|
+
security_advisories:)
|
|
23
24
|
@dependency = dependency
|
|
24
25
|
@dependency_files = dependency_files
|
|
25
26
|
@credentials = credentials
|
|
26
27
|
@ignored_versions = ignored_versions
|
|
28
|
+
@raise_on_ignored = raise_on_ignored
|
|
27
29
|
@security_advisories = security_advisories
|
|
28
30
|
end
|
|
29
31
|
|
|
@@ -57,8 +59,8 @@ module Dependabot
|
|
|
57
59
|
|
|
58
60
|
relevant_versions = registry_versions
|
|
59
61
|
relevant_versions = filter_prerelease_versions(relevant_versions)
|
|
60
|
-
relevant_versions = filter_ignored_versions(relevant_versions)
|
|
61
62
|
relevant_versions = filter_vulnerable_versions(relevant_versions)
|
|
63
|
+
relevant_versions = filter_ignored_versions(relevant_versions)
|
|
62
64
|
relevant_versions = filter_lower_versions(relevant_versions)
|
|
63
65
|
|
|
64
66
|
relevant_versions.min
|
|
@@ -71,8 +73,13 @@ module Dependabot
|
|
|
71
73
|
end
|
|
72
74
|
|
|
73
75
|
def filter_ignored_versions(versions_array)
|
|
74
|
-
versions_array.
|
|
75
|
-
|
|
76
|
+
filtered = versions_array.
|
|
77
|
+
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
78
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
79
|
+
raise AllVersionsIgnored
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
filtered
|
|
76
83
|
end
|
|
77
84
|
|
|
78
85
|
def filter_vulnerable_versions(versions_array)
|
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
|
25
25
|
|
|
26
26
|
def initialize(dependency:, unprepared_dependency_files:,
|
|
27
27
|
credentials:, ignored_versions:,
|
|
28
|
+
raise_on_ignored: false,
|
|
28
29
|
replacement_git_pin: nil, remove_git_source: false,
|
|
29
30
|
unlock_requirement: true,
|
|
30
31
|
latest_allowable_version: nil)
|
|
@@ -32,6 +33,7 @@ module Dependabot
|
|
|
32
33
|
@unprepared_dependency_files = unprepared_dependency_files
|
|
33
34
|
@credentials = credentials
|
|
34
35
|
@ignored_versions = ignored_versions
|
|
36
|
+
@raise_on_ignored = raise_on_ignored
|
|
35
37
|
@replacement_git_pin = replacement_git_pin
|
|
36
38
|
@remove_git_source = remove_git_source
|
|
37
39
|
@unlock_requirement = unlock_requirement
|
|
@@ -270,6 +272,7 @@ module Dependabot
|
|
|
270
272
|
dependency_files: dependency_files,
|
|
271
273
|
credentials: credentials,
|
|
272
274
|
ignored_versions: ignored_versions,
|
|
275
|
+
raise_on_ignored: @raise_on_ignored,
|
|
273
276
|
security_advisories: []
|
|
274
277
|
).latest_version_details
|
|
275
278
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.118.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-05-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.118.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.118.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,14 +114,14 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.83.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.83.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|