dependabot-bundler 0.248.0 → 0.249.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +3 -1
- data/helpers/v1/lib/functions/dependency_source.rb +2 -1
- data/helpers/v1/lib/functions/force_updater.rb +6 -3
- data/helpers/v1/lib/functions/lockfile_updater.rb +3 -1
- data/helpers/v1/lib/functions/version_resolver.rb +4 -2
- data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +3 -1
- data/helpers/v2/lib/functions/dependency_source.rb +2 -1
- data/helpers/v2/lib/functions/force_updater.rb +6 -3
- data/helpers/v2/lib/functions/lockfile_updater.rb +3 -1
- data/helpers/v2/lib/functions/version_resolver.rb +4 -2
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +2 -1
- data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +2 -1
- data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +4 -2
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +5 -2
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +7 -3
- data/lib/dependabot/bundler/update_checker/file_preparer.rb +4 -2
- data/lib/dependabot/bundler/update_checker/force_updater.rb +7 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -2
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +7 -3
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +5 -3
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +3 -1
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +8 -4
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 50db9496d0a2c1f3ecfb49e52507a415b6e358decd88c34193657d1a2ab6dc73
|
4
|
+
data.tar.gz: b429248eb9208ac6a41531d629b982460d8b26e2cdd076c5825e18e75cfcd16c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4d859f27c4d5b3795decbfc0b544bfe1c78a283d8a1ae8164180903da6d62a26160b4e37db30b9abadd21fb43d6dc3b777d8a1f5e39fecd81d020719a5cb99ed
|
7
|
+
data.tar.gz: f1891f3e228c16c200ae5f5a699009ba6efdce98dbe64020693f1735b6eeb0d40d03fca41037a52d27f9b936c7bd22fb737dc981b74e3a68da964b284f1c95d7
|
@@ -34,7 +34,9 @@ module Functions
|
|
34
34
|
|
35
35
|
private
|
36
36
|
|
37
|
-
attr_reader :dependency_name
|
37
|
+
attr_reader :dependency_name
|
38
|
+
attr_reader :target_version
|
39
|
+
attr_reader :lockfile_name
|
38
40
|
|
39
41
|
def parent_specs
|
40
42
|
version = Gem::Version.new(target_version)
|
@@ -56,9 +56,12 @@ module Functions
|
|
56
56
|
|
57
57
|
private
|
58
58
|
|
59
|
-
attr_reader :dependency_name
|
60
|
-
|
61
|
-
|
59
|
+
attr_reader :dependency_name
|
60
|
+
attr_reader :target_version
|
61
|
+
attr_reader :gemfile_name
|
62
|
+
attr_reader :lockfile_name
|
63
|
+
attr_reader :credentials
|
64
|
+
attr_reader :update_multiple_dependencies
|
62
65
|
alias update_multiple_dependencies? update_multiple_dependencies
|
63
66
|
|
64
67
|
def new_dependencies_to_unlock_from(error:, already_unlocked:)
|
@@ -25,7 +25,9 @@ module Functions
|
|
25
25
|
|
26
26
|
private
|
27
27
|
|
28
|
-
attr_reader :gemfile_name
|
28
|
+
attr_reader :gemfile_name
|
29
|
+
attr_reader :lockfile_name
|
30
|
+
attr_reader :dependencies
|
29
31
|
|
30
32
|
def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
|
31
33
|
dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
|
@@ -5,8 +5,10 @@ module Functions
|
|
5
5
|
class VersionResolver
|
6
6
|
GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
|
7
7
|
|
8
|
-
attr_reader :dependency_name
|
9
|
-
|
8
|
+
attr_reader :dependency_name
|
9
|
+
attr_reader :dependency_requirements
|
10
|
+
attr_reader :gemfile_name
|
11
|
+
attr_reader :lockfile_name
|
10
12
|
|
11
13
|
def initialize(dependency_name:, dependency_requirements:,
|
12
14
|
gemfile_name:, lockfile_name:)
|
@@ -32,7 +32,9 @@ module Functions
|
|
32
32
|
|
33
33
|
private
|
34
34
|
|
35
|
-
attr_reader :dependency_name
|
35
|
+
attr_reader :dependency_name
|
36
|
+
attr_reader :target_version
|
37
|
+
attr_reader :lockfile_name
|
36
38
|
|
37
39
|
def parent_specs
|
38
40
|
version = Gem::Version.new(target_version)
|
@@ -57,9 +57,12 @@ module Functions
|
|
57
57
|
|
58
58
|
private
|
59
59
|
|
60
|
-
attr_reader :dependency_name
|
61
|
-
|
62
|
-
|
60
|
+
attr_reader :dependency_name
|
61
|
+
attr_reader :target_version
|
62
|
+
attr_reader :gemfile_name
|
63
|
+
attr_reader :lockfile_name
|
64
|
+
attr_reader :credentials
|
65
|
+
attr_reader :update_multiple_dependencies
|
63
66
|
alias update_multiple_dependencies? update_multiple_dependencies
|
64
67
|
|
65
68
|
def extra_top_level_deps(specs)
|
@@ -26,7 +26,9 @@ module Functions
|
|
26
26
|
|
27
27
|
private
|
28
28
|
|
29
|
-
attr_reader :gemfile_name
|
29
|
+
attr_reader :gemfile_name
|
30
|
+
attr_reader :lockfile_name
|
31
|
+
attr_reader :dependencies
|
30
32
|
|
31
33
|
def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
|
32
34
|
dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
|
@@ -5,8 +5,10 @@ module Functions
|
|
5
5
|
class VersionResolver
|
6
6
|
GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
|
7
7
|
|
8
|
-
attr_reader :dependency_name
|
9
|
-
|
8
|
+
attr_reader :dependency_name
|
9
|
+
attr_reader :dependency_requirements
|
10
|
+
attr_reader :gemfile_name
|
11
|
+
attr_reader :lockfile_name
|
10
12
|
|
11
13
|
def initialize(dependency_name:, dependency_requirements:,
|
12
14
|
gemfile_name:, lockfile_name:)
|
@@ -38,7 +38,8 @@ module Dependabot
|
|
38
38
|
|
39
39
|
private
|
40
40
|
|
41
|
-
attr_reader :dependencies
|
41
|
+
attr_reader :dependencies
|
42
|
+
attr_reader :gemfile
|
42
43
|
|
43
44
|
def replace_gemfile_version_requirement(dependency, file, content)
|
44
45
|
return content unless requirement_changed?(file, dependency)
|
@@ -28,7 +28,8 @@ module Dependabot
|
|
28
28
|
|
29
29
|
private
|
30
30
|
|
31
|
-
attr_reader :dependencies
|
31
|
+
attr_reader :dependencies
|
32
|
+
attr_reader :gemspec
|
32
33
|
|
33
34
|
def replace_gemspec_version_requirement(gemspec, dependency, content)
|
34
35
|
return content unless requirement_changed?(gemspec, dependency)
|
@@ -8,7 +8,8 @@ module Dependabot
|
|
8
8
|
module Bundler
|
9
9
|
class FileUpdater
|
10
10
|
class GitPinReplacer
|
11
|
-
attr_reader :dependency
|
11
|
+
attr_reader :dependency
|
12
|
+
attr_reader :new_pin
|
12
13
|
|
13
14
|
def initialize(dependency:, new_pin:)
|
14
15
|
@dependency = dependency
|
@@ -27,7 +28,8 @@ module Dependabot
|
|
27
28
|
|
28
29
|
class Rewriter < Parser::TreeRewriter
|
29
30
|
PIN_KEYS = %i(ref tag).freeze
|
30
|
-
attr_reader :dependency
|
31
|
+
attr_reader :dependency
|
32
|
+
attr_reader :new_pin
|
31
33
|
|
32
34
|
def initialize(dependency:, new_pin:)
|
33
35
|
@dependency = dependency
|
@@ -54,8 +54,11 @@ module Dependabot
|
|
54
54
|
|
55
55
|
private
|
56
56
|
|
57
|
-
attr_reader :dependencies
|
58
|
-
|
57
|
+
attr_reader :dependencies
|
58
|
+
attr_reader :dependency_files
|
59
|
+
attr_reader :repo_contents_path
|
60
|
+
attr_reader :credentials
|
61
|
+
attr_reader :options
|
59
62
|
|
60
63
|
def build_updated_lockfile
|
61
64
|
base_dir = dependency_files.first.directory
|
@@ -8,8 +8,10 @@ module Dependabot
|
|
8
8
|
module Bundler
|
9
9
|
class FileUpdater
|
10
10
|
class RequirementReplacer
|
11
|
-
attr_reader :dependency
|
12
|
-
|
11
|
+
attr_reader :dependency
|
12
|
+
attr_reader :file_type
|
13
|
+
attr_reader :updated_requirement
|
14
|
+
attr_reader :previous_requirement
|
13
15
|
|
14
16
|
def initialize(dependency:, file_type:, updated_requirement:,
|
15
17
|
previous_requirement: nil, insert_if_bare: false)
|
@@ -115,7 +117,9 @@ module Dependabot
|
|
115
117
|
|
116
118
|
private
|
117
119
|
|
118
|
-
attr_reader :dependency
|
120
|
+
attr_reader :dependency
|
121
|
+
attr_reader :file_type
|
122
|
+
attr_reader :updated_requirement
|
119
123
|
|
120
124
|
def insert_if_bare?
|
121
125
|
@insert_if_bare
|
@@ -102,8 +102,10 @@ module Dependabot
|
|
102
102
|
|
103
103
|
private
|
104
104
|
|
105
|
-
attr_reader :dependency_files
|
106
|
-
|
105
|
+
attr_reader :dependency_files
|
106
|
+
attr_reader :dependency
|
107
|
+
attr_reader :replacement_git_pin
|
108
|
+
attr_reader :latest_allowable_version
|
107
109
|
|
108
110
|
def remove_git_source?
|
109
111
|
@remove_git_source
|
@@ -38,9 +38,13 @@ module Dependabot
|
|
38
38
|
|
39
39
|
private
|
40
40
|
|
41
|
-
attr_reader :dependency
|
42
|
-
|
43
|
-
|
41
|
+
attr_reader :dependency
|
42
|
+
attr_reader :dependency_files
|
43
|
+
attr_reader :repo_contents_path
|
44
|
+
attr_reader :credentials
|
45
|
+
attr_reader :target_version
|
46
|
+
attr_reader :requirements_update_strategy
|
47
|
+
attr_reader :options
|
44
48
|
|
45
49
|
def update_multiple_dependencies?
|
46
50
|
@update_multiple_dependencies
|
@@ -21,8 +21,11 @@ module Dependabot
|
|
21
21
|
GIT = "git"
|
22
22
|
OTHER = "other"
|
23
23
|
|
24
|
-
attr_reader :dependency
|
25
|
-
|
24
|
+
attr_reader :dependency
|
25
|
+
attr_reader :dependency_files
|
26
|
+
attr_reader :repo_contents_path
|
27
|
+
attr_reader :credentials
|
28
|
+
attr_reader :options
|
26
29
|
|
27
30
|
def initialize(dependency:,
|
28
31
|
dependency_files:,
|
@@ -41,9 +41,13 @@ module Dependabot
|
|
41
41
|
|
42
42
|
private
|
43
43
|
|
44
|
-
attr_reader :dependency
|
45
|
-
|
46
|
-
|
44
|
+
attr_reader :dependency
|
45
|
+
attr_reader :dependency_files
|
46
|
+
attr_reader :repo_contents_path
|
47
|
+
attr_reader :credentials
|
48
|
+
attr_reader :ignored_versions
|
49
|
+
attr_reader :security_advisories
|
50
|
+
attr_reader :options
|
47
51
|
|
48
52
|
def fetch_latest_version_details
|
49
53
|
return dependency_source.latest_git_version_details if dependency_source.git?
|
@@ -54,9 +54,11 @@ module Dependabot
|
|
54
54
|
|
55
55
|
private
|
56
56
|
|
57
|
-
attr_reader :requirements
|
58
|
-
|
59
|
-
|
57
|
+
attr_reader :requirements
|
58
|
+
attr_reader :updated_source
|
59
|
+
attr_reader :latest_version
|
60
|
+
attr_reader :latest_resolvable_version
|
61
|
+
attr_reader :update_strategy
|
60
62
|
|
61
63
|
def check_update_strategy
|
62
64
|
return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
|
@@ -41,7 +41,9 @@ module Dependabot
|
|
41
41
|
Bundler::Fetcher::FallbackError
|
42
42
|
).freeze
|
43
43
|
|
44
|
-
attr_reader :dependency_files
|
44
|
+
attr_reader :dependency_files
|
45
|
+
attr_reader :repo_contents_path
|
46
|
+
attr_reader :credentials
|
45
47
|
|
46
48
|
#########################
|
47
49
|
# Bundler context setup #
|
@@ -53,10 +53,14 @@ module Dependabot
|
|
53
53
|
|
54
54
|
private
|
55
55
|
|
56
|
-
attr_reader :dependency
|
57
|
-
|
58
|
-
|
59
|
-
|
56
|
+
attr_reader :dependency
|
57
|
+
attr_reader :unprepared_dependency_files
|
58
|
+
attr_reader :repo_contents_path
|
59
|
+
attr_reader :credentials
|
60
|
+
attr_reader :ignored_versions
|
61
|
+
attr_reader :replacement_git_pin
|
62
|
+
attr_reader :latest_allowable_version
|
63
|
+
attr_reader :options
|
60
64
|
|
61
65
|
def remove_git_source?
|
62
66
|
@remove_git_source
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.249.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.249.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.249.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -327,7 +327,7 @@ licenses:
|
|
327
327
|
- Nonstandard
|
328
328
|
metadata:
|
329
329
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
330
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
330
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
|
331
331
|
post_install_message:
|
332
332
|
rdoc_options: []
|
333
333
|
require_paths:
|