dependabot-bundler 0.246.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +4 -1
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +14 -1
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +16 -5
- data/lib/dependabot/bundler/update_checker.rb +11 -5
- metadata +19 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dcd4f16b3bd7636cd65c77255a1d3b37888a0b3b0294ac4974035e9642debd02
|
|
4
|
+
data.tar.gz: 011fb6db795058131d051d1533973d0df2c61a5bb976bfc7b6a15d4ca337206b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a59aa6f31d04899347ea046f1b94211d1816bae26a23f7ef228adc8ed2204e8835dc456de2047b467a7d0a5a8f7532b2aa148a554d7d988094b8055aa824bd4
|
|
7
|
+
data.tar.gz: b2896086152ffa5138f47e1eea0b628869eab812348c7e988f834b5aa69c54f1971d7937251670ee08453f93e6d3e03df54ccec309d229768435f36d951a83cd
|
|
@@ -4,12 +4,15 @@
|
|
|
4
4
|
require "dependabot/registry_client"
|
|
5
5
|
require "dependabot/bundler/native_helpers"
|
|
6
6
|
require "dependabot/bundler/helpers"
|
|
7
|
+
require "sorbet-runtime"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Bundler
|
|
10
11
|
class UpdateChecker
|
|
11
12
|
class LatestVersionFinder
|
|
12
13
|
class DependencySource
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
13
16
|
require_relative "../shared_bundler_helpers"
|
|
14
17
|
include SharedBundlerHelpers
|
|
15
18
|
|
|
@@ -33,7 +36,7 @@ module Dependabot
|
|
|
33
36
|
|
|
34
37
|
# The latest version details for the dependency from a registry
|
|
35
38
|
#
|
|
36
|
-
|
|
39
|
+
sig { returns(T::Array[Gem::Version]) }
|
|
37
40
|
def versions
|
|
38
41
|
return rubygems_versions if dependency.name == "bundler"
|
|
39
42
|
return rubygems_versions unless gemfile
|
|
@@ -10,11 +10,14 @@ require "dependabot/shared_helpers"
|
|
|
10
10
|
require "dependabot/errors"
|
|
11
11
|
require "dependabot/bundler/update_checker/latest_version_finder/" \
|
|
12
12
|
"dependency_source"
|
|
13
|
+
require "sorbet-runtime"
|
|
13
14
|
|
|
14
15
|
module Dependabot
|
|
15
16
|
module Bundler
|
|
16
17
|
class UpdateChecker
|
|
17
18
|
class LatestVersionFinder
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
18
21
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
19
22
|
credentials:, ignored_versions:, raise_on_ignored: false,
|
|
20
23
|
security_advisories:, options:)
|
|
@@ -65,12 +68,18 @@ module Dependabot
|
|
|
65
68
|
relevant_versions.min
|
|
66
69
|
end
|
|
67
70
|
|
|
71
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
68
72
|
def filter_prerelease_versions(versions_array)
|
|
69
73
|
return versions_array if wants_prerelease?
|
|
70
74
|
|
|
71
|
-
versions_array.reject(&:prerelease?)
|
|
75
|
+
filtered = versions_array.reject(&:prerelease?)
|
|
76
|
+
if versions_array.count > filtered.count
|
|
77
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
|
78
|
+
end
|
|
79
|
+
filtered
|
|
72
80
|
end
|
|
73
81
|
|
|
82
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
74
83
|
def filter_ignored_versions(versions_array)
|
|
75
84
|
filtered = versions_array
|
|
76
85
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
@@ -78,6 +87,10 @@ module Dependabot
|
|
|
78
87
|
raise AllVersionsIgnored
|
|
79
88
|
end
|
|
80
89
|
|
|
90
|
+
if versions_array.count > filtered.count
|
|
91
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
|
92
|
+
end
|
|
93
|
+
|
|
81
94
|
filtered
|
|
82
95
|
end
|
|
83
96
|
|
|
@@ -1,16 +1,27 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/bundler/update_checker"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
5
8
|
|
|
6
9
|
module Dependabot
|
|
7
10
|
module Bundler
|
|
8
11
|
class UpdateChecker
|
|
9
12
|
class RequirementsUpdater
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
10
15
|
class UnfixableRequirement < StandardError; end
|
|
11
16
|
|
|
12
|
-
ALLOWED_UPDATE_STRATEGIES =
|
|
13
|
-
|
|
17
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
|
18
|
+
[
|
|
19
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
|
20
|
+
RequirementsUpdateStrategy::BumpVersions,
|
|
21
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
22
|
+
].freeze,
|
|
23
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
|
24
|
+
)
|
|
14
25
|
|
|
15
26
|
def initialize(requirements:, update_strategy:, updated_source:,
|
|
16
27
|
latest_version:, latest_resolvable_version:)
|
|
@@ -28,7 +39,7 @@ module Dependabot
|
|
|
28
39
|
end
|
|
29
40
|
|
|
30
41
|
def updated_requirements
|
|
31
|
-
return requirements if update_strategy ==
|
|
42
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
32
43
|
|
|
33
44
|
requirements.map do |req|
|
|
34
45
|
if req[:file].include?(".gemspec")
|
|
@@ -58,9 +69,9 @@ module Dependabot
|
|
|
58
69
|
return req unless latest_resolvable_version
|
|
59
70
|
|
|
60
71
|
case update_strategy
|
|
61
|
-
when
|
|
72
|
+
when RequirementsUpdateStrategy::BumpVersions
|
|
62
73
|
update_version_requirement(req)
|
|
63
|
-
when
|
|
74
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
64
75
|
update_version_requirement_if_needed(req)
|
|
65
76
|
else raise "Unexpected update strategy: #{update_strategy}"
|
|
66
77
|
end
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require "dependabot/update_checkers"
|
|
5
|
-
require "dependabot/update_checkers/base"
|
|
6
4
|
require "dependabot/bundler/file_updater/requirement_replacer"
|
|
7
5
|
require "dependabot/bundler/version"
|
|
8
6
|
require "dependabot/git_commit_checker"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
8
|
+
require "dependabot/update_checkers"
|
|
9
|
+
require "dependabot/update_checkers/base"
|
|
10
|
+
|
|
9
11
|
module Dependabot
|
|
10
12
|
module Bundler
|
|
11
13
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
@@ -75,7 +77,7 @@ module Dependabot
|
|
|
75
77
|
|
|
76
78
|
def requirements_unlocked_or_can_be?
|
|
77
79
|
return true if requirements_unlocked?
|
|
78
|
-
return false if requirements_update_strategy ==
|
|
80
|
+
return false if requirements_update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
79
81
|
|
|
80
82
|
dependency.specific_requirements
|
|
81
83
|
.all? do |req|
|
|
@@ -92,10 +94,14 @@ module Dependabot
|
|
|
92
94
|
|
|
93
95
|
def requirements_update_strategy
|
|
94
96
|
# If passed in as an option (in the base class) honour that option
|
|
95
|
-
return @requirements_update_strategy
|
|
97
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
|
96
98
|
|
|
97
99
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
98
|
-
dependency.version.nil?
|
|
100
|
+
if dependency.version.nil?
|
|
101
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
102
|
+
else
|
|
103
|
+
RequirementsUpdateStrategy::BumpVersions
|
|
104
|
+
end
|
|
99
105
|
end
|
|
100
106
|
|
|
101
107
|
def conflicting_dependencies
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -313,7 +327,7 @@ licenses:
|
|
|
313
327
|
- Nonstandard
|
|
314
328
|
metadata:
|
|
315
329
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
316
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
330
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
317
331
|
post_install_message:
|
|
318
332
|
rdoc_options: []
|
|
319
333
|
require_paths:
|