dependabot-bundler 0.325.1 → 0.326.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +26 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c9dbdde726b9ffb25da2452580a4c921aae56bbe85c4f26ef2d395e899f1876c
|
|
4
|
+
data.tar.gz: 416a5f9458abb3d30c6d2477e4d4aa89d543722c49d7b5e0003c57d80bba7460
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: daa28d5323b6dd08bd21f2fc94aec1e6f055dd0bbcd8c38d6d30eb45c96ae10da83229762a385af467157a062bdb3529cdb2391449bbc691a33dad394f534b73
|
|
7
|
+
data.tar.gz: 338f1fb84443362403fd16cb1f3c7441ad523a22197eff7ff7258957e44dbbb06aab015122e9386c3580f14d03ad667436d67223d3402aeb1f92f7eb2303ee79
|
|
@@ -122,7 +122,7 @@ module Dependabot
|
|
|
122
122
|
parsed_gemfile.each do |dep|
|
|
123
123
|
next unless gemfile_declaration_finder.gemfile_includes_dependency?(dep)
|
|
124
124
|
|
|
125
|
-
|
|
125
|
+
dep =
|
|
126
126
|
Dependency.new(
|
|
127
127
|
name: dep.fetch("name"),
|
|
128
128
|
version: dependency_version(dep.fetch("name"))&.to_s,
|
|
@@ -134,6 +134,9 @@ module Dependabot
|
|
|
134
134
|
}],
|
|
135
135
|
package_manager: "bundler"
|
|
136
136
|
)
|
|
137
|
+
|
|
138
|
+
file.dependencies << dep
|
|
139
|
+
dependencies << dep
|
|
137
140
|
end
|
|
138
141
|
end
|
|
139
142
|
|
|
@@ -141,7 +144,7 @@ module Dependabot
|
|
|
141
144
|
end
|
|
142
145
|
|
|
143
146
|
sig { returns(DependencySet) }
|
|
144
|
-
def gemspec_dependencies # rubocop:disable Metrics/PerceivedComplexity
|
|
147
|
+
def gemspec_dependencies # rubocop:disable Metrics/PerceivedComplexity,Metrics/AbcSize
|
|
145
148
|
@gemspec_dependencies = T.let(@gemspec_dependencies, T.nilable(DependencySet))
|
|
146
149
|
return @gemspec_dependencies if @gemspec_dependencies
|
|
147
150
|
|
|
@@ -156,7 +159,7 @@ module Dependabot
|
|
|
156
159
|
parsed_gemspec(gemspec).each do |dependency|
|
|
157
160
|
next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
|
|
158
161
|
|
|
159
|
-
|
|
162
|
+
dep = Dependency.new(
|
|
160
163
|
name: dependency.fetch("name"),
|
|
161
164
|
version: dependency_version(dependency.fetch("name"))&.to_s,
|
|
162
165
|
requirements: [{
|
|
@@ -171,6 +174,9 @@ module Dependabot
|
|
|
171
174
|
}],
|
|
172
175
|
package_manager: "bundler"
|
|
173
176
|
)
|
|
177
|
+
|
|
178
|
+
gemspec.dependencies << dep
|
|
179
|
+
queue << dep
|
|
174
180
|
end
|
|
175
181
|
end
|
|
176
182
|
end
|
|
@@ -192,16 +198,23 @@ module Dependabot
|
|
|
192
198
|
parsed_lockfile.specs.each do |dependency|
|
|
193
199
|
next if dependency.source.is_a?(::Bundler::Source::Path)
|
|
194
200
|
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
201
|
+
# if a dependency is listed in the lockfiles' DEPENDENCIES section,
|
|
202
|
+
# then it is a direct dependency & we want to keep track of that fact
|
|
203
|
+
is_direct = parsed_lockfile.dependencies.key?(dependency.name)
|
|
204
|
+
|
|
205
|
+
dep = Dependency.new(
|
|
206
|
+
name: dependency.name,
|
|
207
|
+
version: dependency_version(dependency.name)&.to_s,
|
|
208
|
+
requirements: [],
|
|
209
|
+
package_manager: "bundler",
|
|
210
|
+
subdependency_metadata: [{
|
|
211
|
+
production: production_dep_names.include?(dependency.name)
|
|
212
|
+
}],
|
|
213
|
+
direct_relationship: is_direct
|
|
214
|
+
)
|
|
215
|
+
|
|
216
|
+
T.must(lockfile).dependencies << dep
|
|
217
|
+
dependencies << dep
|
|
205
218
|
end
|
|
206
219
|
|
|
207
220
|
dependencies
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.326.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.326.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.326.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|