dependabot-bundler 0.216.2 → 0.218.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d623a62a3b6add7027f10b4257b7100720120d72b61e48d70880843c2e6db4cd
|
4
|
+
data.tar.gz: c1aecfa1fda2c62b69fc0ae5e3d5164c71ab5d35e2b9d2ec3311aca002e47de7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 70fc70d920f2bded048e59bf00c7050f12125a867f6d73d43a81b889fd3ee16077add5fb92603667203387fc031ea55e5ff6b58c10d4f348183a971b2d2bcb8a
|
7
|
+
data.tar.gz: 6502c1aa0a241258a7802f80e597638fe31ff47cef2e5b5647d2cdff4cc3e687e56f783d601a207c49eadf97e0e1316cb4b719559b177d92819d75f888027d27
|
@@ -89,15 +89,10 @@ module Dependabot
|
|
89
89
|
File.write(gemfile.name, prepared_gemfile_content(gemfile))
|
90
90
|
File.write(lockfile.name, sanitized_lockfile_body)
|
91
91
|
|
92
|
-
top_level_gemspecs
|
93
|
-
path = gemspec.name
|
94
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
95
|
-
updated_content = updated_gemspec_content(gemspec)
|
96
|
-
File.write(path, sanitized_gemspec_content(path, updated_content))
|
97
|
-
end
|
98
|
-
|
92
|
+
write_gemspecs(top_level_gemspecs)
|
99
93
|
write_ruby_version_file
|
100
|
-
|
94
|
+
write_gemspecs(path_gemspecs)
|
95
|
+
write_specification_files
|
101
96
|
write_imported_ruby_files
|
102
97
|
|
103
98
|
evaled_gemfiles.each do |file|
|
@@ -115,13 +110,16 @@ module Dependabot
|
|
115
110
|
File.write(path, ruby_version_file.content)
|
116
111
|
end
|
117
112
|
|
118
|
-
def
|
119
|
-
|
113
|
+
def write_gemspecs(files)
|
114
|
+
files.each do |file|
|
120
115
|
path = file.name
|
121
116
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
122
|
-
|
117
|
+
updated_content = updated_gemspec_content(file)
|
118
|
+
File.write(path, sanitized_gemspec_content(path, updated_content))
|
123
119
|
end
|
120
|
+
end
|
124
121
|
|
122
|
+
def write_specification_files
|
125
123
|
specification_files.each do |file|
|
126
124
|
path = file.name
|
127
125
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
@@ -9,7 +9,7 @@ module Dependabot
|
|
9
9
|
class UnfixableRequirement < StandardError; end
|
10
10
|
|
11
11
|
ALLOWED_UPDATE_STRATEGIES =
|
12
|
-
%i(bump_versions bump_versions_if_necessary).freeze
|
12
|
+
%i(lockfile_only bump_versions bump_versions_if_necessary).freeze
|
13
13
|
|
14
14
|
def initialize(requirements:, update_strategy:, updated_source:,
|
15
15
|
latest_version:, latest_resolvable_version:)
|
@@ -27,6 +27,8 @@ module Dependabot
|
|
27
27
|
end
|
28
28
|
|
29
29
|
def updated_requirements
|
30
|
+
return requirements if update_strategy == :lockfile_only
|
31
|
+
|
30
32
|
requirements.map do |req|
|
31
33
|
if req[:file].include?(".gemspec")
|
32
34
|
update_gemspec_requirement(req)
|
@@ -37,6 +37,8 @@ module Dependabot
|
|
37
37
|
@unlock_requirement = unlock_requirement
|
38
38
|
@latest_allowable_version = latest_allowable_version
|
39
39
|
@options = options
|
40
|
+
|
41
|
+
@latest_allowable_version_incompatible_with_ruby = false
|
40
42
|
end
|
41
43
|
|
42
44
|
def latest_resolvable_version_details
|
@@ -44,6 +46,10 @@ module Dependabot
|
|
44
46
|
fetch_latest_resolvable_version_details
|
45
47
|
end
|
46
48
|
|
49
|
+
def latest_allowable_version_incompatible_with_ruby?
|
50
|
+
@latest_allowable_version_incompatible_with_ruby
|
51
|
+
end
|
52
|
+
|
47
53
|
private
|
48
54
|
|
49
55
|
attr_reader :dependency, :unprepared_dependency_files,
|
@@ -208,7 +214,9 @@ module Dependabot
|
|
208
214
|
ruby_requirement = Dependabot::Bundler::Requirement.new(ruby_requirement)
|
209
215
|
current_ruby_version = Dependabot::Bundler::Version.new(details[:ruby_version])
|
210
216
|
|
211
|
-
|
217
|
+
return false if ruby_requirement.satisfied_by?(current_ruby_version)
|
218
|
+
|
219
|
+
@latest_allowable_version_incompatible_with_ruby = true
|
212
220
|
rescue JSON::ParserError, Excon::Error::Socket, Excon::Error::Timeout
|
213
221
|
# Give the benefit of the doubt if something goes wrong fetching
|
214
222
|
# version details (could be that it's a private index, etc.)
|
@@ -73,8 +73,10 @@ module Dependabot
|
|
73
73
|
end
|
74
74
|
|
75
75
|
def requirements_unlocked_or_can_be?
|
76
|
-
|
77
|
-
|
76
|
+
return true if requirements_unlocked?
|
77
|
+
return false if requirements_update_strategy == :lockfile_only
|
78
|
+
|
79
|
+
dependency.specific_requirements.
|
78
80
|
all? do |req|
|
79
81
|
file = dependency_files.find { |f| f.name == req.fetch(:file) }
|
80
82
|
updated = FileUpdater::RequirementReplacer.new(
|
@@ -109,8 +111,13 @@ module Dependabot
|
|
109
111
|
|
110
112
|
private
|
111
113
|
|
114
|
+
def requirements_unlocked?
|
115
|
+
dependency.specific_requirements.none?
|
116
|
+
end
|
117
|
+
|
112
118
|
def latest_version_resolvable_with_full_unlock?
|
113
119
|
return false unless latest_version
|
120
|
+
return false if version_resolver(remove_git_source: false).latest_allowable_version_incompatible_with_ruby?
|
114
121
|
|
115
122
|
updated_dependencies = force_updater.updated_dependencies
|
116
123
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.218.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.218.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.218.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -295,8 +295,8 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
295
295
|
licenses:
|
296
296
|
- Nonstandard
|
297
297
|
metadata:
|
298
|
-
|
299
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/
|
298
|
+
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
299
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.218.0
|
300
300
|
post_install_message:
|
301
301
|
rdoc_options: []
|
302
302
|
require_paths:
|