dependabot-bundler 0.268.0 → 0.271.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_updater.rb +18 -8
  3. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9ec972207d34861dbccfda640936ec5d4cf4ae37819b68c65af371a487f06d93
4
- data.tar.gz: 2092aeba3d9de6fa7128d814580c92aa33832c4fe5f455100d89ac2f4acfac19
3
+ metadata.gz: c1f910e14e5b0e3f6d85ca51756747ac0598ff4edd45eeee2bdd87ba4a5b3e4f
4
+ data.tar.gz: 7e3f3ad5a35a6e9bd1b3c215fa0b8ba24f29efa3924eac444ff1aabd49876b19
5
5
  SHA512:
6
- metadata.gz: 71e53ea5de97bf359124bbc06b0f0b3059fd97ef2e45639feafe38c30e719a47059f67128be2472198ecbb9777a6730492401e99d9d2ea1a729fe0718ee921f0
7
- data.tar.gz: 85c98c0f9c9eba669473150d53335dcccd6e2998fb5079630470000907075589f88ea31fe23d93ec2d62208538afee8c7555b1ab76d84d09790ab42a51bfa6ec
6
+ metadata.gz: 8ec691e2bc736caab0108898d34ce5530a7d56e3d9fcf9d270d5cdabbdc03db21e32a3a3a846c0d470712e3aeb10061575143b87d6f18bf9582d89d9be87b4ce
7
+ data.tar.gz: 9af2d68ebcebef4bb9273c51ca95a5e4d56ce920ad8debe905f1717e55114a6e672562d2eae7263628e89b5edc1ad0b5d5d02546587ce142c1d8ce556eaa8b43
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -14,14 +14,24 @@ module Dependabot
14
14
  require_relative "file_updater/gemspec_updater"
15
15
  require_relative "file_updater/lockfile_updater"
16
16
 
17
- def self.updated_files_regex
18
- [
19
- /^Gemfile$/,
20
- /^Gemfile\.lock$/,
21
- /^gems\.rb$/,
22
- /^gems\.locked$/,
23
- /^*\.gemspec$/
24
- ]
17
+ def self.updated_files_regex(allowlist_enabled = false)
18
+ if allowlist_enabled
19
+ [
20
+ # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
21
+ %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
22
+ # Matches the same files in any subdirectory
23
+ %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
24
+ ]
25
+ else
26
+ # Old regex. After 100% rollout of the allowlist, this will be removed.
27
+ [
28
+ /^Gemfile$/,
29
+ /^Gemfile\.lock$/,
30
+ /^gems\.rb$/,
31
+ /^gems\.locked$/,
32
+ /^*\.gemspec$/
33
+ ]
34
+ end
25
35
  end
26
36
 
27
37
  # rubocop:disable Metrics/PerceivedComplexity
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.268.0
4
+ version: 0.271.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-02 00:00:00.000000000 Z
11
+ date: 2024-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.268.0
19
+ version: 0.271.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.268.0
26
+ version: 0.271.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.268.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: