dependabot-bundler 0.266.0 → 0.268.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v2/lib/functions/force_updater.rb +22 -11
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ec972207d34861dbccfda640936ec5d4cf4ae37819b68c65af371a487f06d93
|
|
4
|
+
data.tar.gz: 2092aeba3d9de6fa7128d814580c92aa33832c4fe5f455100d89ac2f4acfac19
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 71e53ea5de97bf359124bbc06b0f0b3059fd97ef2e45639feafe38c30e719a47059f67128be2472198ecbb9777a6730492401e99d9d2ea1a729fe0718ee921f0
|
|
7
|
+
data.tar.gz: 85c98c0f9c9eba669473150d53335dcccd6e2998fb5079630470000907075589f88ea31fe23d93ec2d62208538afee8c7555b1ab76d84d09790ab42a51bfa6ec
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
|
|
4
4
|
module Functions
|
|
5
5
|
class ForceUpdater
|
|
6
|
-
class TransitiveDependencyError < StandardError; end
|
|
7
6
|
class TopLevelDependencyDowngradedError < StandardError; end
|
|
8
7
|
|
|
9
8
|
def initialize(dependency_name:, target_version:, gemfile_name:,
|
|
@@ -120,16 +119,28 @@ module Functions
|
|
|
120
119
|
dep = definition.dependencies
|
|
121
120
|
.find { |d| d.name == dependency_name }
|
|
122
121
|
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
122
|
+
if dep
|
|
123
|
+
# Set the requirement for the gem we're forcing an update of
|
|
124
|
+
new_req = Gem::Requirement.create("= #{target_version}")
|
|
125
|
+
dep.instance_variable_set(:@requirement, new_req)
|
|
126
|
+
dep.source = nil if dep.source.is_a?(Bundler::Source::Git)
|
|
127
|
+
|
|
128
|
+
definition
|
|
129
|
+
else
|
|
130
|
+
# If the dependency is not found in the Gemfile it means this is a
|
|
131
|
+
# transitive dependency. To force update it, we recreate a definition
|
|
132
|
+
# from the Gemfile, but add an extra dependency to it that pins the
|
|
133
|
+
# dependency we want to update.
|
|
134
|
+
gemfile = Pathname.new(gemfile_name).expand_path
|
|
135
|
+
builder = Bundler::Dsl.new
|
|
136
|
+
builder.eval_gemfile(gemfile)
|
|
137
|
+
builder.gem dependency_name, "= #{target_version}"
|
|
138
|
+
builder.to_definition(
|
|
139
|
+
lockfile_name,
|
|
140
|
+
gems: gems_to_unlock + subdependencies,
|
|
141
|
+
conservative: true
|
|
142
|
+
)
|
|
143
|
+
end
|
|
133
144
|
end
|
|
134
145
|
|
|
135
146
|
def lockfile
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.268.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-08-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.268.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.268.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -345,7 +345,7 @@ licenses:
|
|
|
345
345
|
- MIT
|
|
346
346
|
metadata:
|
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.268.0
|
|
349
349
|
post_install_message:
|
|
350
350
|
rdoc_options: []
|
|
351
351
|
require_paths:
|