dependabot-bundler 0.223.0 → 0.224.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23ce0d39fdead4b32fc1c52df64211e60bf4230da2ad1893c14f7b2d5ef58683
4
- data.tar.gz: 10da25c6e318ddf4a0028789ff6f3180469ca703f72c93fca750b18ae35bfe44
3
+ metadata.gz: fe41f546784766646a331b7b9b278bd0a0be01d13c0b9f51da8457a83db4db16
4
+ data.tar.gz: b15f4967d4c25a5e7bf87ba352b649c186e10b843964ba5910c381537340d0f7
5
5
  SHA512:
6
- metadata.gz: 6b5ef015097c78c7ebbf1db0ca446bf1b6f4c46a798fb4f2b7f4ba3eb2dbf48a5e85ca3c2d4bd54c41a106df1a667445c4cc3eb27f6b34e9fc1af19a6dc6809c
7
- data.tar.gz: ba36300ab2907b311051e2f3f63400410bc0c1d830657bc5b9d0fd39212304a555d43f3dee6bcc1454625be862330eb9bf721475653f243945d7bb94fcc0241d
6
+ metadata.gz: cc3ea7c204c643484527dfe5f90eec51fcf968ae1d1bccaf42709c1101bcb7ec2dec3015cc20eb2a6cce40d58e505a8da0d28b59cae8ca4540a69db6e6eeac97
7
+ data.tar.gz: e88b57ec7b8fff13d5353ba46654ebc9b82bb975ed16f80be20e73e9b568919f8743defe09a4489f4514fd05bd927c4716eb984847b401b430f7d309088a4196
@@ -9,7 +9,7 @@ module Dependabot
9
9
  # newest version we support
10
10
  DEFAULT = V2
11
11
  # If we are updating a project with a Gemfile.lock that does not specify
12
- # the version it was bundled with, with failover to V1 on the assumption
12
+ # the version it was bundled with, we failover to V1 on the assumption
13
13
  # it was created with an old version that didn't add this information
14
14
  FAILOVER = V1
15
15
 
@@ -77,6 +77,15 @@ module Dependabot
77
77
  ).parse
78
78
  end
79
79
 
80
+ def top_level_dependencies
81
+ @top_level_dependencies ||=
82
+ FileParser.new(
83
+ dependency_files: dependency_files.reject { |file| file.name == lockfile.name },
84
+ credentials: credentials,
85
+ source: nil
86
+ ).parse
87
+ end
88
+
80
89
  def dependencies_from(updated_deps, specs)
81
90
  # You might think we'd want to remove dependencies whose version
82
91
  # hadn't changed from this array. We don't. We still need to unlock
@@ -85,14 +94,17 @@ module Dependabot
85
94
  #
86
95
  # This is kind of a bug in Bundler, and we should try to fix it,
87
96
  # but resolving it won't necessarily be easy.
88
- updated_deps.filter_map do |dep|
89
- original_dep =
90
- original_dependencies.find { |d| d.name == dep.fetch("name") }
91
- spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
92
97
 
93
- next if spec.fetch("version") == original_dep.version
98
+ # put the lead dependency first
99
+ index = specs.index { |dep| dep["name"] == updated_deps.first["name"] }
100
+ specs.unshift(specs.delete_at(index))
101
+ specs.filter_map do |dep|
102
+ next unless top_level_dependencies.find { |d| d.name == dep.fetch("name") }
103
+
104
+ original_dep = original_dependencies.find { |d| d.name == dep.fetch("name") }
105
+ next if dep.fetch("version") == original_dep.version
94
106
 
95
- build_dependency(original_dep, spec)
107
+ build_dependency(original_dep, dep)
96
108
  end
97
109
  end
98
110
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.223.0
4
+ version: 0.224.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-25 00:00:00.000000000 Z
11
+ date: 2023-07-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.223.0
19
+ version: 0.224.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.223.0
26
+ version: 0.224.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -268,7 +268,7 @@ licenses:
268
268
  - Nonstandard
269
269
  metadata:
270
270
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
271
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.223.0
271
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
272
272
  post_install_message:
273
273
  rdoc_options: []
274
274
  require_paths: