dependabot-bundler 0.138.5 → 0.139.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '083378164b40be43b7bd9664acb7362adf0f527b5be6467c9b906f44ce512658'
|
4
|
+
data.tar.gz: 209c8ffeaa0ef853229399eaae8463f3b9fee47d3fc60b7e4010567b82e4f127
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cee6300b6ca97e55f812b423afb9d9f0c08a9741eefb1f5272b5810db574a0fe6922f4f52b239b02a6959d9257a1df9273c3c27c26dd043da7986710aa50aa20
|
7
|
+
data.tar.gz: a283086fd52124201c6c5d8b54c447ce8447722db053bd825bfed400c598a9e5e4eaca243d083fc745bf21bddccb21e9c95a1f122001ff28f48419145eabac55
|
@@ -27,6 +27,9 @@ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
|
27
27
|
|
28
28
|
def project_dependency_files(project)
|
29
29
|
project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
|
30
|
+
|
31
|
+
raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
|
32
|
+
|
30
33
|
Dir.chdir(project_path) do
|
31
34
|
# NOTE: Include dotfiles (e.g. .npmrc)
|
32
35
|
files = Dir.glob("**/*", File::FNM_DOTMATCH)
|
data/helpers/v2/run.rb
CHANGED
@@ -26,7 +26,11 @@ end
|
|
26
26
|
LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
27
27
|
|
28
28
|
def project_dependency_files(project)
|
29
|
+
# TODO: Retrieve files from bundler2 folder once it is fully up to date
|
29
30
|
project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
|
31
|
+
|
32
|
+
raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
|
33
|
+
|
30
34
|
Dir.chdir(project_path) do
|
31
35
|
# NOTE: Include dotfiles (e.g. .npmrc)
|
32
36
|
files = Dir.glob("**/*", File::FNM_DOTMATCH)
|
@@ -5,23 +5,37 @@ module Dependabot
|
|
5
5
|
module Helpers
|
6
6
|
V1 = "1"
|
7
7
|
V2 = "2"
|
8
|
+
# If we are updating a project with no Gemfile.lock, we default to the
|
9
|
+
# newest version we support
|
10
|
+
DEFAULT = V2
|
11
|
+
# If we are updating a project with a Gemfile.lock that does not specify
|
12
|
+
# the version it was bundled with, with failover to V1 on the assumption
|
13
|
+
# it was created with an old version that didn't add this information
|
14
|
+
FAILOVER = V1
|
8
15
|
|
9
|
-
|
10
|
-
def self.bundler_version(_lockfile, options:)
|
11
|
-
# For now, force V2 if bundler_2_available
|
12
|
-
return V2 if options[:bundler_2_available]
|
16
|
+
BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
|
13
17
|
|
14
|
-
|
15
|
-
|
18
|
+
# NOTE: options is a manditory argument to ensure we pass it from all calling classes
|
19
|
+
def self.bundler_version(lockfile, options:)
|
20
|
+
# TODO: Remove once bundler 2 is fully supported
|
21
|
+
return V1 unless options[:bundler_2_available]
|
22
|
+
return DEFAULT unless lockfile
|
16
23
|
|
17
|
-
|
24
|
+
if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
|
25
|
+
matches[:version].to_i >= 2 ? V2 : V1
|
26
|
+
else
|
27
|
+
FAILOVER
|
28
|
+
end
|
18
29
|
end
|
19
30
|
|
20
31
|
def self.detected_bundler_version(lockfile)
|
21
32
|
return "unknown" unless lockfile
|
22
|
-
return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
23
33
|
|
24
|
-
|
34
|
+
if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
|
35
|
+
matches[:version]
|
36
|
+
else
|
37
|
+
FAILOVER
|
38
|
+
end
|
25
39
|
end
|
26
40
|
end
|
27
41
|
end
|
@@ -359,20 +359,18 @@ module Dependabot
|
|
359
359
|
@version_resolver ||= {}
|
360
360
|
@version_resolver[remove_git_source] ||= {}
|
361
361
|
@version_resolver[remove_git_source][unlock_requirement] ||=
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
)
|
375
|
-
end
|
362
|
+
VersionResolver.new(
|
363
|
+
dependency: dependency,
|
364
|
+
unprepared_dependency_files: dependency_files,
|
365
|
+
repo_contents_path: repo_contents_path,
|
366
|
+
credentials: credentials,
|
367
|
+
ignored_versions: ignored_versions,
|
368
|
+
raise_on_ignored: raise_on_ignored,
|
369
|
+
remove_git_source: remove_git_source,
|
370
|
+
unlock_requirement: unlock_requirement,
|
371
|
+
latest_allowable_version: latest_version,
|
372
|
+
options: options
|
373
|
+
)
|
376
374
|
end
|
377
375
|
|
378
376
|
def latest_version_finder(remove_git_source:)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.139.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.139.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.139.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
103
|
+
version: 1.12.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
110
|
+
version: 1.12.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: simplecov
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|