dependabot-bundler 0.266.0 → 0.267.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba47a31a93ed895b0a42732b8956e5a766b89b65f25d7c64980b2f647ba4f1f2
4
- data.tar.gz: aa00f8412609b36613dca3335e8eaebf93cddf28937b9760b4231fb01ff9a168
3
+ metadata.gz: 1e357e6fc4d35510809265927eee0e2bb31f6a04e83193b5031966c53b6801f6
4
+ data.tar.gz: a6868142bd65fa6c78a9971d5e9cb6872408f4055e1e7fed655ef693a7d762d0
5
5
  SHA512:
6
- metadata.gz: 800dad7720d941227c3d22e6e214033989dd16ad9a2f006d573e1cc34ba946394db64419bf50644836951698df70cd8f78035fd040304b14e0ff2690beb4e2c0
7
- data.tar.gz: bd9c28a9b6d5e82d7505aa3b7dde9ce50e192ed05283070aac60f04ae957698ff454e52923d0c70f9fa5a2790e21d66e7ac68f5dd7150d9618a622cdf4d83f19
6
+ metadata.gz: d508e07d23e23125d89b16d43d65ee637315e07a0e78029a6f40b96e167fbd36511803ef83275b303d3df4cdc251dce4ccc0696c0efe68967f461e0a2fb1c70f
7
+ data.tar.gz: 92c1f567ebe086f7749110704d3b21d38aacccdcc16f9b6b536505a95c44e19e5630aa4f32872c0dc15ab076ffa1ad758e09ddcd205569007e3a5647ec061d35
@@ -3,7 +3,6 @@
3
3
 
4
4
  module Functions
5
5
  class ForceUpdater
6
- class TransitiveDependencyError < StandardError; end
7
6
  class TopLevelDependencyDowngradedError < StandardError; end
8
7
 
9
8
  def initialize(dependency_name:, target_version:, gemfile_name:,
@@ -120,16 +119,28 @@ module Functions
120
119
  dep = definition.dependencies
121
120
  .find { |d| d.name == dependency_name }
122
121
 
123
- # If the dependency is not found in the Gemfile it means this is a
124
- # transitive dependency that we can't force update.
125
- raise TransitiveDependencyError unless dep
126
-
127
- # Set the requirement for the gem we're forcing an update of
128
- new_req = Gem::Requirement.create("= #{target_version}")
129
- dep.instance_variable_set(:@requirement, new_req)
130
- dep.source = nil if dep.source.is_a?(Bundler::Source::Git)
131
-
132
- definition
122
+ if dep
123
+ # Set the requirement for the gem we're forcing an update of
124
+ new_req = Gem::Requirement.create("= #{target_version}")
125
+ dep.instance_variable_set(:@requirement, new_req)
126
+ dep.source = nil if dep.source.is_a?(Bundler::Source::Git)
127
+
128
+ definition
129
+ else
130
+ # If the dependency is not found in the Gemfile it means this is a
131
+ # transitive dependency. To force update it, we recreate a definition
132
+ # from the Gemfile, but add an extra dependency to it that pins the
133
+ # dependency we want to update.
134
+ gemfile = Pathname.new(gemfile_name).expand_path
135
+ builder = Bundler::Dsl.new
136
+ builder.eval_gemfile(gemfile)
137
+ builder.gem dependency_name, "= #{target_version}"
138
+ builder.to_definition(
139
+ lockfile_name,
140
+ gems: gems_to_unlock + subdependencies,
141
+ conservative: true
142
+ )
143
+ end
133
144
  end
134
145
 
135
146
  def lockfile
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.266.0
4
+ version: 0.267.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-18 00:00:00.000000000 Z
11
+ date: 2024-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.266.0
19
+ version: 0.267.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.266.0
26
+ version: 0.267.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: