dependabot-bundler 0.332.0 → 0.333.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher.rb +23 -3
- data/lib/dependabot/bundler/file_parser.rb +1 -0
- data/lib/dependabot/bundler/metadata_finder.rb +1 -1
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/bundler/update_checker.rb +72 -19
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed2db4c89c832c17cf73a1183c1ca6645f8f8c141a357526eb997691227dade6
|
|
4
|
+
data.tar.gz: 41f43a96a647a712ba845860aaecd0bcca8a5aa316c93e578c271f5f7aabd50d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8e1ed157de7a72eb7d78ca0cafce120e2517e1142a1f38a2fb676edd787db470da46f782f091123028c9a45c647d77f15740e4ee12fa189be9dbd1176f77aae8
|
|
7
|
+
data.tar.gz: 99d4ccb5ccb39ed52adca7aaaeb84e34356b7efa263541fbdd7a00cbca100b818d52311c3145f2abc73da100fb8e318b05c2fa9fbc5d501c5a7a0d06ff936bad
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/file_fetchers"
|
|
6
6
|
require "dependabot/file_fetchers/base"
|
|
7
|
+
require "dependabot/file_filtering"
|
|
7
8
|
require "dependabot/bundler/file_updater/lockfile_updater"
|
|
8
9
|
require "dependabot/bundler/cached_lockfile_parser"
|
|
9
10
|
require "dependabot/errors"
|
|
@@ -52,7 +53,13 @@ module Dependabot
|
|
|
52
53
|
fetched_files += path_gemspecs
|
|
53
54
|
fetched_files += find_included_files(fetched_files)
|
|
54
55
|
|
|
55
|
-
|
|
56
|
+
# Filter excluded files from final collection
|
|
57
|
+
unique_files = uniq_files(fetched_files)
|
|
58
|
+
filtered_files = unique_files.reject do |file|
|
|
59
|
+
Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
filtered_files
|
|
56
63
|
end
|
|
57
64
|
|
|
58
65
|
private
|
|
@@ -174,8 +181,12 @@ module Dependabot
|
|
|
174
181
|
end
|
|
175
182
|
|
|
176
183
|
@find_included_files ||= T.let(
|
|
177
|
-
paths.
|
|
178
|
-
|
|
184
|
+
paths.filter_map do |path|
|
|
185
|
+
# Skip excluded included files
|
|
186
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(path, "included file", @exclude_paths)
|
|
187
|
+
|
|
188
|
+
fetch_file_from_host(path)
|
|
189
|
+
end.tap { |req_files| req_files.each { |f| f.support_file = true } }, # rubocop:disable Style/MultilineBlockChain
|
|
179
190
|
T.nilable(T::Array[DependencyFile])
|
|
180
191
|
)
|
|
181
192
|
end
|
|
@@ -238,6 +249,15 @@ module Dependabot
|
|
|
238
249
|
next if previously_fetched_files.map(&:name).include?(path)
|
|
239
250
|
next if file.name == path
|
|
240
251
|
|
|
252
|
+
# Skip excluded child Gemfiles
|
|
253
|
+
if Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files) &&
|
|
254
|
+
!@exclude_paths.empty? && Dependabot::FileFiltering.exclude_path?(path, @exclude_paths)
|
|
255
|
+
raise Dependabot::DependencyFileNotEvaluatable,
|
|
256
|
+
"Cannot process requirements: '#{file.name}' references excluded file '#{path}'. " \
|
|
257
|
+
"Please either remove the reference from '#{file.name}' " \
|
|
258
|
+
"or update your exclude_paths configuration."
|
|
259
|
+
end
|
|
260
|
+
|
|
241
261
|
fetched_file = fetch_file_from_host(path)
|
|
242
262
|
grandchild_gemfiles = fetch_child_gemfiles(
|
|
243
263
|
file: fetched_file,
|
|
@@ -20,6 +20,7 @@ module Dependabot
|
|
|
20
20
|
module Bundler
|
|
21
21
|
class FileParser < Dependabot::FileParsers::Base # rubocop:disable Metrics/ClassLength
|
|
22
22
|
extend T::Sig
|
|
23
|
+
|
|
23
24
|
require "dependabot/file_parsers/base/dependency_set"
|
|
24
25
|
require "dependabot/bundler/file_parser/file_preparer"
|
|
25
26
|
require "dependabot/bundler/file_parser/gemfile_declaration_finder"
|
|
@@ -204,7 +204,7 @@ module Dependabot
|
|
|
204
204
|
cred["type"] == "rubygems_server" && cred.replaces_base?
|
|
205
205
|
end
|
|
206
206
|
host = credential ? credential["host"] : "rubygems.org"
|
|
207
|
-
@base_url = "https://#{host}#{host&.end_with?('/')
|
|
207
|
+
@base_url = "https://#{host}#{'/' unless host&.end_with?('/')}"
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
def registry_auth_headers
|
|
@@ -122,12 +122,8 @@ module Dependabot
|
|
|
122
122
|
@wants_prerelease ||= T.let(
|
|
123
123
|
begin
|
|
124
124
|
current_version = dependency.numeric_version
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
else
|
|
128
|
-
dependency.requirements.any? do |req|
|
|
129
|
-
req[:requirement].match?(/[a-z]/i)
|
|
130
|
-
end
|
|
125
|
+
current_version&.prerelease? || dependency.requirements.any? do |req|
|
|
126
|
+
req[:requirement].match?(/[a-z]/i)
|
|
131
127
|
end
|
|
132
128
|
end, T.nilable(T::Boolean)
|
|
133
129
|
)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/bundler/file_updater/requirement_replacer"
|
|
@@ -17,40 +17,53 @@ module Dependabot
|
|
|
17
17
|
require_relative "update_checker/version_resolver"
|
|
18
18
|
require_relative "update_checker/latest_version_finder"
|
|
19
19
|
require_relative "update_checker/conflicting_dependency_resolver"
|
|
20
|
+
extend T::Sig
|
|
20
21
|
|
|
22
|
+
sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
|
|
21
23
|
def latest_version
|
|
22
24
|
return latest_version_for_git_dependency if git_dependency?
|
|
23
25
|
|
|
24
26
|
latest_version_details&.fetch(:version)
|
|
25
27
|
end
|
|
26
28
|
|
|
29
|
+
sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
|
|
27
30
|
def latest_resolvable_version
|
|
28
31
|
return latest_resolvable_version_for_git_dependency if git_dependency?
|
|
29
32
|
|
|
30
33
|
latest_resolvable_version_details&.fetch(:version)
|
|
31
34
|
end
|
|
32
35
|
|
|
36
|
+
sig { override.returns(T.nilable(Dependabot::Bundler::Version)) }
|
|
33
37
|
def lowest_security_fix_version
|
|
34
|
-
|
|
35
|
-
.lowest_security_fix_version
|
|
38
|
+
T.cast(
|
|
39
|
+
latest_version_finder(remove_git_source: false).lowest_security_fix_version,
|
|
40
|
+
T.nilable(Dependabot::Bundler::Version)
|
|
41
|
+
)
|
|
36
42
|
end
|
|
37
43
|
|
|
44
|
+
sig { override.returns(T.nilable(Dependabot::Bundler::Version)) }
|
|
38
45
|
def lowest_resolvable_security_fix_version
|
|
39
46
|
raise "Dependency not vulnerable!" unless vulnerable?
|
|
40
|
-
return latest_resolvable_version if git_dependency?
|
|
47
|
+
return T.cast(latest_resolvable_version, T.nilable(Dependabot::Bundler::Version)) if git_dependency?
|
|
41
48
|
|
|
42
49
|
lowest_fix =
|
|
43
50
|
latest_version_finder(remove_git_source: false)
|
|
44
51
|
.lowest_security_fix_version
|
|
45
|
-
return unless lowest_fix && resolvable?(lowest_fix)
|
|
52
|
+
return unless lowest_fix && resolvable?(T.cast(lowest_fix, Dependabot::Bundler::Version))
|
|
46
53
|
|
|
47
|
-
lowest_fix
|
|
54
|
+
T.cast(lowest_fix, Dependabot::Bundler::Version)
|
|
48
55
|
end
|
|
49
56
|
|
|
57
|
+
sig { override.returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
|
|
50
58
|
def latest_resolvable_version_with_no_unlock
|
|
51
59
|
current_ver = dependency.version
|
|
52
60
|
return current_ver if git_dependency? && git_commit_checker.pinned?
|
|
53
61
|
|
|
62
|
+
@latest_resolvable_version_detail_with_no_unlock = T.let(
|
|
63
|
+
@latest_resolvable_version_detail_with_no_unlock,
|
|
64
|
+
T.nilable(T::Hash[Symbol, T.untyped])
|
|
65
|
+
)
|
|
66
|
+
|
|
54
67
|
@latest_resolvable_version_detail_with_no_unlock ||=
|
|
55
68
|
version_resolver(remove_git_source: false, unlock_requirement: false)
|
|
56
69
|
.latest_resolvable_version_details
|
|
@@ -62,6 +75,7 @@ module Dependabot
|
|
|
62
75
|
end
|
|
63
76
|
end
|
|
64
77
|
|
|
78
|
+
sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
65
79
|
def updated_requirements
|
|
66
80
|
latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
|
|
67
81
|
latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s
|
|
@@ -75,9 +89,10 @@ module Dependabot
|
|
|
75
89
|
).updated_requirements
|
|
76
90
|
end
|
|
77
91
|
|
|
92
|
+
sig { returns(T::Boolean) }
|
|
78
93
|
def requirements_unlocked_or_can_be?
|
|
79
94
|
return true if requirements_unlocked?
|
|
80
|
-
return false if requirements_update_strategy.lockfile_only?
|
|
95
|
+
return false if T.must(requirements_update_strategy).lockfile_only?
|
|
81
96
|
|
|
82
97
|
dependency.specific_requirements
|
|
83
98
|
.all? do |req|
|
|
@@ -92,6 +107,7 @@ module Dependabot
|
|
|
92
107
|
end
|
|
93
108
|
end
|
|
94
109
|
|
|
110
|
+
sig { returns(T.nilable(Dependabot::RequirementsUpdateStrategy)) }
|
|
95
111
|
def requirements_update_strategy
|
|
96
112
|
# If passed in as an option (in the base class) honour that option
|
|
97
113
|
return @requirements_update_strategy if @requirements_update_strategy
|
|
@@ -104,6 +120,7 @@ module Dependabot
|
|
|
104
120
|
end
|
|
105
121
|
end
|
|
106
122
|
|
|
123
|
+
sig { override.returns(T::Array[T::Hash[String, String]]) }
|
|
107
124
|
def conflicting_dependencies
|
|
108
125
|
ConflictingDependencyResolver.new(
|
|
109
126
|
dependency_files: dependency_files,
|
|
@@ -112,16 +129,18 @@ module Dependabot
|
|
|
112
129
|
options: options
|
|
113
130
|
).conflicting_dependencies(
|
|
114
131
|
dependency: dependency,
|
|
115
|
-
target_version: lowest_security_fix_version
|
|
132
|
+
target_version: lowest_security_fix_version.to_s # Convert Version to String
|
|
116
133
|
)
|
|
117
134
|
end
|
|
118
135
|
|
|
119
136
|
private
|
|
120
137
|
|
|
138
|
+
sig { returns(T::Boolean) }
|
|
121
139
|
def requirements_unlocked?
|
|
122
140
|
dependency.specific_requirements.none?
|
|
123
141
|
end
|
|
124
142
|
|
|
143
|
+
sig { override.returns(T::Boolean) }
|
|
125
144
|
def latest_version_resolvable_with_full_unlock?
|
|
126
145
|
return false unless latest_version
|
|
127
146
|
return false if version_resolver(remove_git_source: false).latest_allowable_version_incompatible_with_ruby?
|
|
@@ -139,22 +158,26 @@ module Dependabot
|
|
|
139
158
|
false
|
|
140
159
|
end
|
|
141
160
|
|
|
161
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
|
142
162
|
def updated_dependencies_after_full_unlock
|
|
143
163
|
force_updater.updated_dependencies
|
|
144
164
|
end
|
|
145
165
|
|
|
166
|
+
sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
146
167
|
def preferred_resolvable_version_details
|
|
147
168
|
return { version: lowest_resolvable_security_fix_version } if vulnerable?
|
|
148
169
|
|
|
149
170
|
latest_resolvable_version_details
|
|
150
171
|
end
|
|
151
172
|
|
|
173
|
+
sig { returns(T::Boolean) }
|
|
152
174
|
def git_dependency?
|
|
153
175
|
git_commit_checker.git_dependency?
|
|
154
176
|
end
|
|
155
177
|
|
|
178
|
+
sig { params(version: Dependabot::Bundler::Version).returns(T.untyped) }
|
|
156
179
|
def resolvable?(version)
|
|
157
|
-
@resolvable ||= {}
|
|
180
|
+
@resolvable ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
158
181
|
return @resolvable[version] if @resolvable.key?(version)
|
|
159
182
|
|
|
160
183
|
@resolvable[version] =
|
|
@@ -165,7 +188,7 @@ module Dependabot
|
|
|
165
188
|
repo_contents_path: repo_contents_path,
|
|
166
189
|
credentials: credentials,
|
|
167
190
|
target_version: version,
|
|
168
|
-
requirements_update_strategy: requirements_update_strategy,
|
|
191
|
+
requirements_update_strategy: T.must(requirements_update_strategy),
|
|
169
192
|
update_multiple_dependencies: false,
|
|
170
193
|
options: options
|
|
171
194
|
).updated_dependencies
|
|
@@ -175,8 +198,9 @@ module Dependabot
|
|
|
175
198
|
end
|
|
176
199
|
end
|
|
177
200
|
|
|
201
|
+
sig { params(tag: T.nilable(String)).returns(T.untyped) }
|
|
178
202
|
def git_tag_resolvable?(tag)
|
|
179
|
-
@git_tag_resolvable ||= {}
|
|
203
|
+
@git_tag_resolvable ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
180
204
|
return @git_tag_resolvable[tag] if @git_tag_resolvable.key?(tag)
|
|
181
205
|
|
|
182
206
|
@git_tag_resolvable[tag] =
|
|
@@ -198,20 +222,23 @@ module Dependabot
|
|
|
198
222
|
end
|
|
199
223
|
end
|
|
200
224
|
|
|
225
|
+
sig { params(remove_git_source: T::Boolean).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
201
226
|
def latest_version_details(remove_git_source: false)
|
|
202
|
-
@latest_version_details ||= {}
|
|
227
|
+
@latest_version_details ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
203
228
|
@latest_version_details[remove_git_source] ||=
|
|
204
229
|
latest_version_finder(remove_git_source: remove_git_source)
|
|
205
230
|
.latest_version_details
|
|
206
231
|
end
|
|
207
232
|
|
|
233
|
+
sig { params(remove_git_source: T::Boolean).returns(T.nilable(T::Hash[Symbol, T.untyped])) }
|
|
208
234
|
def latest_resolvable_version_details(remove_git_source: false)
|
|
209
|
-
@latest_resolvable_version_details ||= {}
|
|
235
|
+
@latest_resolvable_version_details ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
210
236
|
@latest_resolvable_version_details[remove_git_source] ||=
|
|
211
237
|
version_resolver(remove_git_source: remove_git_source)
|
|
212
238
|
.latest_resolvable_version_details
|
|
213
239
|
end
|
|
214
240
|
|
|
241
|
+
sig { returns(T.nilable(T.any(String, Dependabot::Bundler::Version))) }
|
|
215
242
|
def latest_version_for_git_dependency
|
|
216
243
|
latest_release =
|
|
217
244
|
latest_version_details(remove_git_source: true)
|
|
@@ -238,6 +265,7 @@ module Dependabot
|
|
|
238
265
|
dependency.version
|
|
239
266
|
end
|
|
240
267
|
|
|
268
|
+
sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
|
|
241
269
|
def latest_resolvable_version_for_git_dependency
|
|
242
270
|
latest_release = latest_resolvable_version_without_git_source
|
|
243
271
|
|
|
@@ -255,7 +283,7 @@ module Dependabot
|
|
|
255
283
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
256
284
|
latest_git_tag_is_resolvable?
|
|
257
285
|
new_tag = git_commit_checker.local_tag_for_latest_version
|
|
258
|
-
return new_tag
|
|
286
|
+
return new_tag&.fetch(:tag_sha)
|
|
259
287
|
end
|
|
260
288
|
|
|
261
289
|
# If the dependency is pinned to a tag that doesn't look like a
|
|
@@ -263,6 +291,7 @@ module Dependabot
|
|
|
263
291
|
dependency.version
|
|
264
292
|
end
|
|
265
293
|
|
|
294
|
+
sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
|
|
266
295
|
def latest_resolvable_version_without_git_source
|
|
267
296
|
return nil unless latest_version.is_a?(Gem::Version)
|
|
268
297
|
|
|
@@ -272,6 +301,7 @@ module Dependabot
|
|
|
272
301
|
nil
|
|
273
302
|
end
|
|
274
303
|
|
|
304
|
+
sig { returns(T.any(String, T.nilable(Dependabot::Bundler::Version))) }
|
|
275
305
|
def latest_resolvable_commit_with_unchanged_git_source
|
|
276
306
|
details = latest_resolvable_version_details(remove_git_source: false)
|
|
277
307
|
|
|
@@ -285,6 +315,7 @@ module Dependabot
|
|
|
285
315
|
nil
|
|
286
316
|
end
|
|
287
317
|
|
|
318
|
+
sig { returns(T::Boolean) }
|
|
288
319
|
def latest_git_tag_is_resolvable?
|
|
289
320
|
latest_tag_details = git_commit_checker.local_tag_for_latest_version
|
|
290
321
|
return false unless latest_tag_details
|
|
@@ -292,12 +323,14 @@ module Dependabot
|
|
|
292
323
|
git_tag_resolvable?(latest_tag_details.fetch(:tag))
|
|
293
324
|
end
|
|
294
325
|
|
|
326
|
+
sig { params(release: T.untyped).returns(T::Boolean) }
|
|
295
327
|
def git_branch_or_ref_in_release?(release)
|
|
296
328
|
return false unless release
|
|
297
329
|
|
|
298
330
|
git_commit_checker.branch_or_ref_in_release?(release)
|
|
299
331
|
end
|
|
300
332
|
|
|
333
|
+
sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
|
|
301
334
|
def updated_source
|
|
302
335
|
# Never need to update source, unless a git_dependency
|
|
303
336
|
return dependency_source_details unless git_dependency?
|
|
@@ -306,31 +339,42 @@ module Dependabot
|
|
|
306
339
|
if git_commit_checker.pinned_ref_looks_like_version? &&
|
|
307
340
|
latest_git_tag_is_resolvable?
|
|
308
341
|
new_tag = git_commit_checker.local_tag_for_latest_version
|
|
309
|
-
return dependency_source_details.merge(ref: new_tag.fetch(:tag))
|
|
342
|
+
return T.must(dependency_source_details).merge(ref: T.must(new_tag).fetch(:tag))
|
|
310
343
|
end
|
|
311
344
|
|
|
312
345
|
# Otherwise return the original source
|
|
313
346
|
dependency_source_details
|
|
314
347
|
end
|
|
315
348
|
|
|
349
|
+
sig { returns(T.nilable(T::Hash[T.any(String, Symbol), T.untyped])) }
|
|
316
350
|
def dependency_source_details
|
|
317
351
|
dependency.source_details
|
|
318
352
|
end
|
|
319
353
|
|
|
354
|
+
sig { returns(Dependabot::Bundler::UpdateChecker::ForceUpdater) }
|
|
320
355
|
def force_updater
|
|
356
|
+
if @force_updater.nil?
|
|
357
|
+
@force_updater = T.let(@force_updater,
|
|
358
|
+
T.nilable(Dependabot::Bundler::UpdateChecker::ForceUpdater))
|
|
359
|
+
end
|
|
321
360
|
@force_updater ||=
|
|
322
361
|
ForceUpdater.new(
|
|
323
362
|
dependency: dependency,
|
|
324
363
|
dependency_files: dependency_files,
|
|
325
364
|
repo_contents_path: repo_contents_path,
|
|
326
365
|
credentials: credentials,
|
|
327
|
-
target_version: latest_version,
|
|
328
|
-
requirements_update_strategy: requirements_update_strategy,
|
|
366
|
+
target_version: T.cast(latest_version, Dependabot::Version),
|
|
367
|
+
requirements_update_strategy: T.must(requirements_update_strategy),
|
|
329
368
|
options: options
|
|
330
369
|
)
|
|
331
370
|
end
|
|
332
371
|
|
|
372
|
+
sig { returns(Dependabot::GitCommitChecker) }
|
|
333
373
|
def git_commit_checker
|
|
374
|
+
if @git_commit_checker.nil?
|
|
375
|
+
@git_commit_checker = T.let(@git_commit_checker,
|
|
376
|
+
T.nilable(Dependabot::GitCommitChecker))
|
|
377
|
+
end
|
|
334
378
|
@git_commit_checker ||=
|
|
335
379
|
GitCommitChecker.new(
|
|
336
380
|
dependency: dependency,
|
|
@@ -338,8 +382,9 @@ module Dependabot
|
|
|
338
382
|
)
|
|
339
383
|
end
|
|
340
384
|
|
|
385
|
+
sig { params(remove_git_source: T::Boolean, unlock_requirement: T::Boolean).returns(T.untyped) }
|
|
341
386
|
def version_resolver(remove_git_source:, unlock_requirement: true)
|
|
342
|
-
@version_resolver ||= {}
|
|
387
|
+
@version_resolver ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
343
388
|
@version_resolver[remove_git_source] ||= {}
|
|
344
389
|
@version_resolver[remove_git_source][unlock_requirement] ||=
|
|
345
390
|
VersionResolver.new(
|
|
@@ -357,8 +402,9 @@ module Dependabot
|
|
|
357
402
|
)
|
|
358
403
|
end
|
|
359
404
|
|
|
405
|
+
sig { params(remove_git_source: T::Boolean).returns(Dependabot::Bundler::UpdateChecker::LatestVersionFinder) }
|
|
360
406
|
def latest_version_finder(remove_git_source:)
|
|
361
|
-
@latest_version_finder ||= {}
|
|
407
|
+
@latest_version_finder ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
|
|
362
408
|
@latest_version_finder[remove_git_source] ||=
|
|
363
409
|
begin
|
|
364
410
|
prepared_dependency_files = prepared_dependency_files(
|
|
@@ -379,6 +425,13 @@ module Dependabot
|
|
|
379
425
|
end
|
|
380
426
|
end
|
|
381
427
|
|
|
428
|
+
sig do
|
|
429
|
+
params(
|
|
430
|
+
remove_git_source: T::Boolean,
|
|
431
|
+
unlock_requirement: T::Boolean,
|
|
432
|
+
latest_allowable_version: T.nilable(T.any(String, Dependabot::Bundler::Version))
|
|
433
|
+
).returns(T::Array[Dependabot::DependencyFile])
|
|
434
|
+
end
|
|
382
435
|
def prepared_dependency_files(remove_git_source:, unlock_requirement:,
|
|
383
436
|
latest_allowable_version: nil)
|
|
384
437
|
FilePreparer.new(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.333.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.333.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.333.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -225,14 +225,14 @@ dependencies:
|
|
|
225
225
|
requirements:
|
|
226
226
|
- - "~>"
|
|
227
227
|
- !ruby/object:Gem::Version
|
|
228
|
-
version: '3.
|
|
228
|
+
version: '3.25'
|
|
229
229
|
type: :development
|
|
230
230
|
prerelease: false
|
|
231
231
|
version_requirements: !ruby/object:Gem::Requirement
|
|
232
232
|
requirements:
|
|
233
233
|
- - "~>"
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
|
-
version: '3.
|
|
235
|
+
version: '3.25'
|
|
236
236
|
- !ruby/object:Gem::Dependency
|
|
237
237
|
name: webrick
|
|
238
238
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|