dependabot-bundler 0.266.0 → 0.267.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/v2/lib/functions/force_updater.rb +22 -11
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e357e6fc4d35510809265927eee0e2bb31f6a04e83193b5031966c53b6801f6
|
|
4
|
+
data.tar.gz: a6868142bd65fa6c78a9971d5e9cb6872408f4055e1e7fed655ef693a7d762d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d508e07d23e23125d89b16d43d65ee637315e07a0e78029a6f40b96e167fbd36511803ef83275b303d3df4cdc251dce4ccc0696c0efe68967f461e0a2fb1c70f
|
|
7
|
+
data.tar.gz: 92c1f567ebe086f7749110704d3b21d38aacccdcc16f9b6b536505a95c44e19e5630aa4f32872c0dc15ab076ffa1ad758e09ddcd205569007e3a5647ec061d35
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
|
|
4
4
|
module Functions
|
|
5
5
|
class ForceUpdater
|
|
6
|
-
class TransitiveDependencyError < StandardError; end
|
|
7
6
|
class TopLevelDependencyDowngradedError < StandardError; end
|
|
8
7
|
|
|
9
8
|
def initialize(dependency_name:, target_version:, gemfile_name:,
|
|
@@ -120,16 +119,28 @@ module Functions
|
|
|
120
119
|
dep = definition.dependencies
|
|
121
120
|
.find { |d| d.name == dependency_name }
|
|
122
121
|
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
122
|
+
if dep
|
|
123
|
+
# Set the requirement for the gem we're forcing an update of
|
|
124
|
+
new_req = Gem::Requirement.create("= #{target_version}")
|
|
125
|
+
dep.instance_variable_set(:@requirement, new_req)
|
|
126
|
+
dep.source = nil if dep.source.is_a?(Bundler::Source::Git)
|
|
127
|
+
|
|
128
|
+
definition
|
|
129
|
+
else
|
|
130
|
+
# If the dependency is not found in the Gemfile it means this is a
|
|
131
|
+
# transitive dependency. To force update it, we recreate a definition
|
|
132
|
+
# from the Gemfile, but add an extra dependency to it that pins the
|
|
133
|
+
# dependency we want to update.
|
|
134
|
+
gemfile = Pathname.new(gemfile_name).expand_path
|
|
135
|
+
builder = Bundler::Dsl.new
|
|
136
|
+
builder.eval_gemfile(gemfile)
|
|
137
|
+
builder.gem dependency_name, "= #{target_version}"
|
|
138
|
+
builder.to_definition(
|
|
139
|
+
lockfile_name,
|
|
140
|
+
gems: gems_to_unlock + subdependencies,
|
|
141
|
+
conservative: true
|
|
142
|
+
)
|
|
143
|
+
end
|
|
133
144
|
end
|
|
134
145
|
|
|
135
146
|
def lockfile
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.267.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-07-
|
|
11
|
+
date: 2024-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.267.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.267.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -345,7 +345,7 @@ licenses:
|
|
|
345
345
|
- MIT
|
|
346
346
|
metadata:
|
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
|
|
349
349
|
post_install_message:
|
|
350
350
|
rdoc_options: []
|
|
351
351
|
require_paths:
|