dependabot-bundler 0.124.4 → 0.125.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 80c1fc155e1518d591a60e985401f51bcae4f6332e469e06693ce1e5e1f29b4b
|
|
4
|
+
data.tar.gz: dec9c2bf4c74a475a78378744ec23cc97e2053c75a9fc20e3b58a3349f0df0f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2deece94900ce3d7c7d1ed93ced8845b5997d840b2453912c7c7b128bc945741e2e9b792d3106f4bc433004fb5138b1293917572ba3f0fe5d1f41e76e78f68e2
|
|
7
|
+
data.tar.gz: fbc107161f3c858edd349623d3a4d00b59ff5c85bd0557caad3dc9eead792defa09784ea412cc9d2ed1b4d349cb1fa564f9ec3ecdf3e8ab25e77a2c50a6ba7b4
|
|
@@ -13,6 +13,7 @@ module Dependabot
|
|
|
13
13
|
require_relative "update_checker/requirements_updater"
|
|
14
14
|
require_relative "update_checker/version_resolver"
|
|
15
15
|
require_relative "update_checker/latest_version_finder"
|
|
16
|
+
require_relative "update_checker/conflicting_dependency_resolver"
|
|
16
17
|
|
|
17
18
|
def latest_version
|
|
18
19
|
return latest_version_for_git_dependency if git_dependency?
|
|
@@ -107,6 +108,17 @@ module Dependabot
|
|
|
107
108
|
dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
|
|
108
109
|
end
|
|
109
110
|
|
|
111
|
+
def conflicting_dependencies
|
|
112
|
+
ConflictingDependencyResolver.new(
|
|
113
|
+
dependency_files: dependency_files,
|
|
114
|
+
repo_contents_path: repo_contents_path,
|
|
115
|
+
credentials: credentials
|
|
116
|
+
).conflicting_dependencies(
|
|
117
|
+
dependency: dependency,
|
|
118
|
+
target_version: lowest_security_fix_version
|
|
119
|
+
)
|
|
120
|
+
end
|
|
121
|
+
|
|
110
122
|
private
|
|
111
123
|
|
|
112
124
|
def latest_version_resolvable_with_full_unlock?
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/bundler/update_checker"
|
|
4
|
+
require "dependabot/bundler/native_helpers"
|
|
5
|
+
require "dependabot/shared_helpers"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
module Bundler
|
|
9
|
+
class UpdateChecker < UpdateCheckers::Base
|
|
10
|
+
class ConflictingDependencyResolver
|
|
11
|
+
require_relative "shared_bundler_helpers"
|
|
12
|
+
include SharedBundlerHelpers
|
|
13
|
+
|
|
14
|
+
def initialize(dependency_files:, repo_contents_path:, credentials:)
|
|
15
|
+
@dependency_files = dependency_files
|
|
16
|
+
@repo_contents_path = repo_contents_path
|
|
17
|
+
@credentials = credentials
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# Finds any dependencies in the lockfile that have a subdependency on
|
|
21
|
+
# the given dependency that does not satisfly the target_version.
|
|
22
|
+
#
|
|
23
|
+
# @param dependency [Dependabot::Dependency] the dependency to check
|
|
24
|
+
# @param target_version [String] the version to check
|
|
25
|
+
# @return [Array<Hash{String => String}]
|
|
26
|
+
# * name [String] the blocking dependencies name
|
|
27
|
+
# * version [String] the version of the blocking dependency
|
|
28
|
+
# * requirement [String] the requirement on the target_dependency
|
|
29
|
+
def conflicting_dependencies(dependency:, target_version:)
|
|
30
|
+
in_a_native_bundler_context(error_handling: false) do |tmp_dir|
|
|
31
|
+
SharedHelpers.run_helper_subprocess(
|
|
32
|
+
command: NativeHelpers.helper_path,
|
|
33
|
+
function: "conflicting_dependencies",
|
|
34
|
+
args: {
|
|
35
|
+
dir: tmp_dir,
|
|
36
|
+
dependency_name: dependency.name,
|
|
37
|
+
target_version: target_version,
|
|
38
|
+
credentials: relevant_credentials,
|
|
39
|
+
lockfile_name: lockfile.name,
|
|
40
|
+
using_bundler_2: using_bundler_2?
|
|
41
|
+
}
|
|
42
|
+
)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.125.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.125.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.125.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -194,6 +194,7 @@ files:
|
|
|
194
194
|
- lib/dependabot/bundler/native_helpers.rb
|
|
195
195
|
- lib/dependabot/bundler/requirement.rb
|
|
196
196
|
- lib/dependabot/bundler/update_checker.rb
|
|
197
|
+
- lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb
|
|
197
198
|
- lib/dependabot/bundler/update_checker/file_preparer.rb
|
|
198
199
|
- lib/dependabot/bundler/update_checker/force_updater.rb
|
|
199
200
|
- lib/dependabot/bundler/update_checker/latest_version_finder.rb
|