dependabot-bundler 0.217.0 → 0.219.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +9 -11
  3. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +3 -1
  4. data/lib/dependabot/bundler/update_checker/version_resolver.rb +9 -1
  5. data/lib/dependabot/bundler/update_checker.rb +9 -2
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fc4045411c16c5c5d69967b8b7694692fea34cc37585ecf2ab1523c83b5de265
4
- data.tar.gz: ca89213aada1cbdd4c8b012bf8cdc68ea06e7192bbc9db4fb01a9994f6f242dd
3
+ metadata.gz: 405561659bfd74c15f22fdd5879be9a3d238159a18c6b2a57af1a9b6868122cd
4
+ data.tar.gz: 3cce94b0751d9b2b26bc96c322f8956b8c764d5ce93e1e997723e154b610d022
5
5
  SHA512:
6
- metadata.gz: 61280bebf02b003e7913724a4b9f628ecc93d41ac3e8147d92b002ba283b1c7334b4b8b4fc552c568732ae55d3a8bad1439b54ad48b3e897a671394fe2de3724
7
- data.tar.gz: 18e729dfb58e8b2debf30d1fcfee40fd44de8fec097fadd625d81fdbce4f5c9ab7edcad6fb3f21e0209b0d7606ec4e7b201209f19092cd7899be1c9a1eb15383
6
+ metadata.gz: 68e3db074b5b6076aa283117a3ec027257a36c526753d387ae787eb8eaeabfc0f39e47b13f14bfb6c4df88ba35c815dae490bd93dd3f640af35b4a693f35eeb9
7
+ data.tar.gz: a599a89231f374a2afb742ad42e228315d4a03edb86c936e1eaee8f00625afe61bd02c691ccec49a8d87bd08c511cf78da582e8c8fe6f9ec8a46a8e8b0c63e56
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -89,15 +89,10 @@ module Dependabot
89
89
  File.write(gemfile.name, prepared_gemfile_content(gemfile))
90
90
  File.write(lockfile.name, sanitized_lockfile_body)
91
91
 
92
- top_level_gemspecs.each do |gemspec|
93
- path = gemspec.name
94
- FileUtils.mkdir_p(Pathname.new(path).dirname)
95
- updated_content = updated_gemspec_content(gemspec)
96
- File.write(path, sanitized_gemspec_content(path, updated_content))
97
- end
98
-
92
+ write_gemspecs(top_level_gemspecs)
99
93
  write_ruby_version_file
100
- write_path_gemspecs
94
+ write_gemspecs(path_gemspecs)
95
+ write_specification_files
101
96
  write_imported_ruby_files
102
97
 
103
98
  evaled_gemfiles.each do |file|
@@ -115,13 +110,16 @@ module Dependabot
115
110
  File.write(path, ruby_version_file.content)
116
111
  end
117
112
 
118
- def write_path_gemspecs
119
- path_gemspecs.each do |file|
113
+ def write_gemspecs(files)
114
+ files.each do |file|
120
115
  path = file.name
121
116
  FileUtils.mkdir_p(Pathname.new(path).dirname)
122
- File.write(path, sanitized_gemspec_content(path, file.content))
117
+ updated_content = updated_gemspec_content(file)
118
+ File.write(path, sanitized_gemspec_content(path, updated_content))
123
119
  end
120
+ end
124
121
 
122
+ def write_specification_files
125
123
  specification_files.each do |file|
126
124
  path = file.name
127
125
  FileUtils.mkdir_p(Pathname.new(path).dirname)
data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED
@@ -9,7 +9,7 @@ module Dependabot
9
9
  class UnfixableRequirement < StandardError; end
10
10
 
11
11
  ALLOWED_UPDATE_STRATEGIES =
12
- %i(bump_versions bump_versions_if_necessary).freeze
12
+ %i(lockfile_only bump_versions bump_versions_if_necessary).freeze
13
13
 
14
14
  def initialize(requirements:, update_strategy:, updated_source:,
15
15
  latest_version:, latest_resolvable_version:)
@@ -27,6 +27,8 @@ module Dependabot
27
27
  end
28
28
 
29
29
  def updated_requirements
30
+ return requirements if update_strategy == :lockfile_only
31
+
30
32
  requirements.map do |req|
31
33
  if req[:file].include?(".gemspec")
32
34
  update_gemspec_requirement(req)
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -37,6 +37,8 @@ module Dependabot
37
37
  @unlock_requirement = unlock_requirement
38
38
  @latest_allowable_version = latest_allowable_version
39
39
  @options = options
40
+
41
+ @latest_allowable_version_incompatible_with_ruby = false
40
42
  end
41
43
 
42
44
  def latest_resolvable_version_details
@@ -44,6 +46,10 @@ module Dependabot
44
46
  fetch_latest_resolvable_version_details
45
47
  end
46
48
 
49
+ def latest_allowable_version_incompatible_with_ruby?
50
+ @latest_allowable_version_incompatible_with_ruby
51
+ end
52
+
47
53
  private
48
54
 
49
55
  attr_reader :dependency, :unprepared_dependency_files,
@@ -208,7 +214,9 @@ module Dependabot
208
214
  ruby_requirement = Dependabot::Bundler::Requirement.new(ruby_requirement)
209
215
  current_ruby_version = Dependabot::Bundler::Version.new(details[:ruby_version])
210
216
 
211
- !ruby_requirement.satisfied_by?(current_ruby_version)
217
+ return false if ruby_requirement.satisfied_by?(current_ruby_version)
218
+
219
+ @latest_allowable_version_incompatible_with_ruby = true
212
220
  rescue JSON::ParserError, Excon::Error::Socket, Excon::Error::Timeout
213
221
  # Give the benefit of the doubt if something goes wrong fetching
214
222
  # version details (could be that it's a private index, etc.)
data/lib/dependabot/bundler/update_checker.rb CHANGED
@@ -73,8 +73,10 @@ module Dependabot
73
73
  end
74
74
 
75
75
  def requirements_unlocked_or_can_be?
76
- dependency.requirements.
77
- select { |r| requirement_class.new(r[:requirement]).specific? }.
76
+ return true if requirements_unlocked?
77
+ return false if requirements_update_strategy == :lockfile_only
78
+
79
+ dependency.specific_requirements.
78
80
  all? do |req|
79
81
  file = dependency_files.find { |f| f.name == req.fetch(:file) }
80
82
  updated = FileUpdater::RequirementReplacer.new(
@@ -109,8 +111,13 @@ module Dependabot
109
111
 
110
112
  private
111
113
 
114
+ def requirements_unlocked?
115
+ dependency.specific_requirements.none?
116
+ end
117
+
112
118
  def latest_version_resolvable_with_full_unlock?
113
119
  return false unless latest_version
120
+ return false if version_resolver(remove_git_source: false).latest_allowable_version_incompatible_with_ruby?
114
121
 
115
122
  updated_dependencies = force_updater.updated_dependencies
116
123
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.217.0
4
+ version: 0.219.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-24 00:00:00.000000000 Z
11
+ date: 2023-06-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.217.0
19
+ version: 0.219.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.217.0
26
+ version: 0.219.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -295,8 +295,8 @@ homepage: https://github.com/dependabot/dependabot-core
295
295
  licenses:
296
296
  - Nonstandard
297
297
  metadata:
298
- issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
299
- changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
298
+ bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
299
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.219.0
300
300
  post_install_message:
301
301
  rdoc_options: []
302
302
  require_paths: