dependabot-bundler 0.267.0 → 0.270.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_updater.rb +18 -8
  3. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e357e6fc4d35510809265927eee0e2bb31f6a04e83193b5031966c53b6801f6
4
- data.tar.gz: a6868142bd65fa6c78a9971d5e9cb6872408f4055e1e7fed655ef693a7d762d0
3
+ metadata.gz: 0cf9bb0d3e0fb13d63e11b9b0bb76ada219eb95bfe3021e20abe885f5997582d
4
+ data.tar.gz: cae3edf65fe2b3197906d8c6798128ac3f8eb0aa3071871431f930b440bae1f9
5
5
  SHA512:
6
- metadata.gz: d508e07d23e23125d89b16d43d65ee637315e07a0e78029a6f40b96e167fbd36511803ef83275b303d3df4cdc251dce4ccc0696c0efe68967f461e0a2fb1c70f
7
- data.tar.gz: 92c1f567ebe086f7749110704d3b21d38aacccdcc16f9b6b536505a95c44e19e5630aa4f32872c0dc15ab076ffa1ad758e09ddcd205569007e3a5647ec061d35
6
+ metadata.gz: d2d8d56e1c8f9b294dd30906ecafb208cc5f20ff95661f0edb7060a7b0ef47b3719dbc117ac15289571b9d3275a2ee9744ec00150671efd02e889495cad8e790
7
+ data.tar.gz: ce4afa1024616cb45c505a144e49648e63d53c8e075c0f9c674f0186a28da89d9bb73fc1e44ac44c607db98a019317e870af5973898e75207b353e44689bb7f8
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -14,14 +14,24 @@ module Dependabot
14
14
  require_relative "file_updater/gemspec_updater"
15
15
  require_relative "file_updater/lockfile_updater"
16
16
 
17
- def self.updated_files_regex
18
- [
19
- /^Gemfile$/,
20
- /^Gemfile\.lock$/,
21
- /^gems\.rb$/,
22
- /^gems\.locked$/,
23
- /^*\.gemspec$/
24
- ]
17
+ def self.updated_files_regex(allowlist_enabled = false)
18
+ if allowlist_enabled
19
+ [
20
+ # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
21
+ %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
22
+ # Matches the same files in any subdirectory
23
+ %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
24
+ ]
25
+ else
26
+ # Old regex. After 100% rollout of the allowlist, this will be removed.
27
+ [
28
+ /^Gemfile$/,
29
+ /^Gemfile\.lock$/,
30
+ /^gems\.rb$/,
31
+ /^gems\.locked$/,
32
+ /^*\.gemspec$/
33
+ ]
34
+ end
25
35
  end
26
36
 
27
37
  # rubocop:disable Metrics/PerceivedComplexity
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.267.0
4
+ version: 0.270.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.267.0
19
+ version: 0.270.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.267.0
26
+ version: 0.270.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: