dependabot-bundler 0.235.0 → 0.236.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4fd34dd5e86ac6b391a703c276d062a73f797c3f936658aebc25680ee886edc6
|
4
|
+
data.tar.gz: f06e52b4ddfaba21629b65ccc739eede69faccc75eb542cb2da726f3a1611cba
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e6ec483cbd9483321846361ade36c24bf9fca1c355e43bbffcfc7a3d25c7c8ec08f3e88137913d3538928fdde6b00bb3f82edb912fccff856ade082a5b00ba6
|
7
|
+
data.tar.gz: 1581d435a66c7753929a5adece2b9b9387477fad411de498afb85f9972ba99a1f6df9482597acbab5bacaf0b8cbda2a6f42e6de080b41572da9ac2255e3a9694
|
@@ -4,6 +4,7 @@
|
|
4
4
|
module Functions
|
5
5
|
class ForceUpdater
|
6
6
|
class TransitiveDependencyError < StandardError; end
|
7
|
+
class TopLevelDependencyDowngradedError < StandardError; end
|
7
8
|
|
8
9
|
def initialize(dependency_name:, target_version:, gemfile_name:,
|
9
10
|
lockfile_name:, update_multiple_dependencies:)
|
@@ -21,13 +22,21 @@ module Functions
|
|
21
22
|
definition = build_definition(dependencies_to_unlock: dependencies_to_unlock)
|
22
23
|
definition.resolve_remotely!
|
23
24
|
specs = definition.resolve
|
24
|
-
updates = ([dependency_name, *dependencies_to_unlock] - subdependencies).uniq
|
25
|
+
updates = ([dependency_name, *dependencies_to_unlock] - subdependencies + extra_top_level_deps(specs)).uniq
|
26
|
+
|
27
|
+
updates = updates.map do |name|
|
28
|
+
{
|
29
|
+
name: name
|
30
|
+
}
|
31
|
+
end
|
32
|
+
|
25
33
|
specs = specs.map do |dep|
|
26
34
|
{
|
27
35
|
name: dep.name,
|
28
36
|
version: dep.version
|
29
37
|
}
|
30
38
|
end
|
39
|
+
|
31
40
|
[updates, specs]
|
32
41
|
rescue Bundler::SolveFailure => e
|
33
42
|
raise unless update_multiple_dependencies?
|
@@ -53,6 +62,24 @@ module Functions
|
|
53
62
|
:update_multiple_dependencies
|
54
63
|
alias update_multiple_dependencies? update_multiple_dependencies
|
55
64
|
|
65
|
+
def extra_top_level_deps(specs)
|
66
|
+
top_level_dep_names.reject do |name|
|
67
|
+
original_version = original_specs.find { |s| s.name == name }&.version
|
68
|
+
new_version = specs[name].first&.version
|
69
|
+
|
70
|
+
if original_version == new_version
|
71
|
+
true
|
72
|
+
else
|
73
|
+
original_version = Gem::Version.new(original_version)
|
74
|
+
new_version = Gem::Version.new(new_version)
|
75
|
+
|
76
|
+
raise TopLevelDependencyDowngradedError if new_version < original_version
|
77
|
+
|
78
|
+
false
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
56
83
|
def new_dependencies_to_unlock_from(error:, already_unlocked:)
|
57
84
|
names = [*already_unlocked, dependency_name]
|
58
85
|
extra_names_to_unlock = []
|
@@ -118,13 +145,15 @@ module Functions
|
|
118
145
|
# subdependencies
|
119
146
|
return [] unless lockfile
|
120
147
|
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
148
|
+
original_specs.map(&:name) - top_level_dep_names
|
149
|
+
end
|
150
|
+
|
151
|
+
def top_level_dep_names
|
152
|
+
@top_level_dep_names ||= Bundler::Definition.build(gemfile_name, lockfile_name, {}).dependencies.map(&:name)
|
153
|
+
end
|
126
154
|
|
127
|
-
|
155
|
+
def original_specs
|
156
|
+
@original_specs ||= Bundler::LockfileParser.new(lockfile).specs
|
128
157
|
end
|
129
158
|
|
130
159
|
def unlock_gem(definition:, gem_name:)
|
@@ -78,15 +78,6 @@ module Dependabot
|
|
78
78
|
).parse
|
79
79
|
end
|
80
80
|
|
81
|
-
def top_level_dependencies
|
82
|
-
@top_level_dependencies ||=
|
83
|
-
FileParser.new(
|
84
|
-
dependency_files: dependency_files.reject { |file| file.name == lockfile.name },
|
85
|
-
credentials: credentials,
|
86
|
-
source: nil
|
87
|
-
).parse
|
88
|
-
end
|
89
|
-
|
90
81
|
def dependencies_from(updated_deps, specs)
|
91
82
|
# You might think we'd want to remove dependencies whose version
|
92
83
|
# hadn't changed from this array. We don't. We still need to unlock
|
@@ -95,17 +86,14 @@ module Dependabot
|
|
95
86
|
#
|
96
87
|
# This is kind of a bug in Bundler, and we should try to fix it,
|
97
88
|
# but resolving it won't necessarily be easy.
|
89
|
+
updated_deps.filter_map do |dep|
|
90
|
+
original_dep =
|
91
|
+
original_dependencies.find { |d| d.name == dep.fetch("name") }
|
92
|
+
spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
|
98
93
|
|
99
|
-
|
100
|
-
index = specs.index { |dep| dep["name"] == updated_deps.first["name"] }
|
101
|
-
specs.unshift(specs.delete_at(index))
|
102
|
-
specs.filter_map do |dep|
|
103
|
-
next unless top_level_dependencies.find { |d| d.name == dep.fetch("name") }
|
104
|
-
|
105
|
-
original_dep = original_dependencies.find { |d| d.name == dep.fetch("name") }
|
106
|
-
next if dep.fetch("version") == original_dep.version
|
94
|
+
next if spec.fetch("version") == original_dep.version
|
107
95
|
|
108
|
-
build_dependency(original_dep,
|
96
|
+
build_dependency(original_dep, spec)
|
109
97
|
end
|
110
98
|
end
|
111
99
|
|
data/lib/dependabot/bundler.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.236.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-10-
|
11
|
+
date: 2023-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.236.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.236.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -282,7 +282,7 @@ licenses:
|
|
282
282
|
- Nonstandard
|
283
283
|
metadata:
|
284
284
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
285
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
285
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
|
286
286
|
post_install_message:
|
287
287
|
rdoc_options: []
|
288
288
|
require_paths:
|