dependabot-bundler 0.384.0 → 0.385.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 497069e0c24769d144719c23a99658721135d964311c543b79e8e79118b57ff4
|
|
4
|
+
data.tar.gz: 3fb99af5f766180db6928c1f7d22ccc835feb0829eba150ed4d7a56b8fc3ebf7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 336c256aeae0398b830cb8fe398f98d8e4bbba385cfa94f11ea6e415985bc567700f34c92b89f7e5ecd0521ed3e90eaa024e4c2a6049ab3a533ebfff25e971fd
|
|
7
|
+
data.tar.gz: 682c35977db40d6fce2b12792ca1b310a5b0db198e6a784cb27c55d11c63f2c712a68cda48d7e73b53db5447bcb62ff083c5b7fec824493c424e1cbac9ad5b01
|
|
@@ -72,6 +72,15 @@ module Functions
|
|
|
72
72
|
lockfile_specs.include?(spec)
|
|
73
73
|
end.map(&:name).uniq
|
|
74
74
|
|
|
75
|
+
cache_path = Bundler.app_cache
|
|
76
|
+
|
|
77
|
+
# Snapshot the gems already vendored in the repo before we re-cache.
|
|
78
|
+
# `cache_all_platforms` re-fetches every platform variant of every gem,
|
|
79
|
+
# which adds gem files for platforms the repo may never have vendored.
|
|
80
|
+
# We only want to add platform variants for gems this update actually
|
|
81
|
+
# changed, so anything else newly added is reverted below.
|
|
82
|
+
pre_existing_gems = Dir["#{cache_path}/*.gem"]
|
|
83
|
+
|
|
75
84
|
bundler_opts = {
|
|
76
85
|
cache_all: true,
|
|
77
86
|
cache_all_platforms: true,
|
|
@@ -84,10 +93,30 @@ module Functions
|
|
|
84
93
|
|
|
85
94
|
# Only prune updated gems (the original implementation is in
|
|
86
95
|
# Bundler::Runtime)
|
|
87
|
-
cache_path = Bundler.app_cache
|
|
88
96
|
prune_gem_cache(resolve, cache_path, updated_gems)
|
|
89
97
|
prune_git_and_path_cache(resolve, cache_path)
|
|
90
98
|
end
|
|
99
|
+
|
|
100
|
+
# Revert gem files newly added by the all-platforms re-cache that belong
|
|
101
|
+
# to dependencies this update didn't touch. Without this a single-gem
|
|
102
|
+
# update re-vendors missing platform variants for *every* gem, producing
|
|
103
|
+
# large diffs unrelated to the update on repos that don't vendor every
|
|
104
|
+
# platform.
|
|
105
|
+
prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
# Removes gem files added by the all-platforms re-cache that were not
|
|
109
|
+
# present before and don't belong to an updated dependency (including
|
|
110
|
+
# sub-dependencies). Pre-existing vendored gems are always left untouched.
|
|
111
|
+
def prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
|
|
112
|
+
Dir["#{cache_path}/*.gem"].each do |path|
|
|
113
|
+
next if pre_existing_gems.include?(path)
|
|
114
|
+
|
|
115
|
+
spec = Bundler.rubygems.spec_from_gem(path)
|
|
116
|
+
next if updated_gems.include?(spec.name)
|
|
117
|
+
|
|
118
|
+
File.delete(path)
|
|
119
|
+
end
|
|
91
120
|
end
|
|
92
121
|
|
|
93
122
|
# Copied from Bundler::Runtime: Modified to only prune gems that have
|
|
@@ -72,6 +72,15 @@ module Functions
|
|
|
72
72
|
lockfile_specs.include?(spec)
|
|
73
73
|
end.map(&:name).uniq
|
|
74
74
|
|
|
75
|
+
cache_path = Bundler.app_cache
|
|
76
|
+
|
|
77
|
+
# Snapshot the gems already vendored in the repo before we re-cache.
|
|
78
|
+
# `cache_all_platforms` re-fetches every platform variant of every gem,
|
|
79
|
+
# which adds gem files for platforms the repo may never have vendored.
|
|
80
|
+
# We only want to add platform variants for gems this update actually
|
|
81
|
+
# changed, so anything else newly added is reverted below.
|
|
82
|
+
pre_existing_gems = Dir["#{cache_path}/*.gem"]
|
|
83
|
+
|
|
75
84
|
bundler_opts = {
|
|
76
85
|
cache_all: true,
|
|
77
86
|
cache_all_platforms: true,
|
|
@@ -84,10 +93,30 @@ module Functions
|
|
|
84
93
|
|
|
85
94
|
# Only prune updated gems (the original implementation is in
|
|
86
95
|
# Bundler::Runtime)
|
|
87
|
-
cache_path = Bundler.app_cache
|
|
88
96
|
prune_gem_cache(resolve, cache_path, updated_gems)
|
|
89
97
|
prune_git_and_path_cache(resolve, cache_path)
|
|
90
98
|
end
|
|
99
|
+
|
|
100
|
+
# Revert gem files newly added by the all-platforms re-cache that belong
|
|
101
|
+
# to dependencies this update didn't touch. Without this a single-gem
|
|
102
|
+
# update re-vendors missing platform variants for *every* gem, producing
|
|
103
|
+
# large diffs unrelated to the update on repos that don't vendor every
|
|
104
|
+
# platform.
|
|
105
|
+
prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
# Removes gem files added by the all-platforms re-cache that were not
|
|
109
|
+
# present before and don't belong to an updated dependency (including
|
|
110
|
+
# sub-dependencies). Pre-existing vendored gems are always left untouched.
|
|
111
|
+
def prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
|
|
112
|
+
Dir["#{cache_path}/*.gem"].each do |path|
|
|
113
|
+
next if pre_existing_gems.include?(path)
|
|
114
|
+
|
|
115
|
+
spec = Bundler.rubygems.spec_from_gem(path)
|
|
116
|
+
next if updated_gems.include?(spec.name)
|
|
117
|
+
|
|
118
|
+
File.delete(path)
|
|
119
|
+
end
|
|
91
120
|
end
|
|
92
121
|
|
|
93
122
|
# Copied from Bundler::Runtime: Modified to only prune gems that have
|
|
@@ -255,10 +255,8 @@ module Dependabot
|
|
|
255
255
|
# If the dependency is pinned to a tag that looks like a version then
|
|
256
256
|
# we want to update that tag. The latest version will then be the SHA
|
|
257
257
|
# of the latest tag that looks like a version.
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
return latest_tag&.fetch(:tag_sha) || dependency.version
|
|
261
|
-
end
|
|
258
|
+
latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
|
|
259
|
+
return latest_tag.fetch(:tag_sha) || dependency.version if latest_tag
|
|
262
260
|
|
|
263
261
|
# If the dependency is pinned to a tag that doesn't look like a
|
|
264
262
|
# version then there's nothing we can do.
|
|
@@ -280,9 +278,8 @@ module Dependabot
|
|
|
280
278
|
# If the dependency is pinned to a tag that looks like a version then
|
|
281
279
|
# we want to update that tag. The latest version will then be the SHA
|
|
282
280
|
# of the latest tag that looks like a version.
|
|
283
|
-
if
|
|
284
|
-
|
|
285
|
-
new_tag = git_commit_checker.local_tag_for_latest_version
|
|
281
|
+
if latest_git_tag_is_resolvable?
|
|
282
|
+
new_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
|
|
286
283
|
return new_tag&.fetch(:tag_sha)
|
|
287
284
|
end
|
|
288
285
|
|
|
@@ -317,7 +314,7 @@ module Dependabot
|
|
|
317
314
|
|
|
318
315
|
sig { returns(T::Boolean) }
|
|
319
316
|
def latest_git_tag_is_resolvable?
|
|
320
|
-
latest_tag_details = git_commit_checker.
|
|
317
|
+
latest_tag_details = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
|
|
321
318
|
return false unless latest_tag_details
|
|
322
319
|
|
|
323
320
|
git_tag_resolvable?(latest_tag_details.fetch(:tag))
|
|
@@ -336,9 +333,8 @@ module Dependabot
|
|
|
336
333
|
return dependency_source_details unless git_dependency?
|
|
337
334
|
|
|
338
335
|
# Update the git tag if updating a pinned version
|
|
339
|
-
if
|
|
340
|
-
|
|
341
|
-
new_tag = git_commit_checker.local_tag_for_latest_version
|
|
336
|
+
if latest_git_tag_is_resolvable?
|
|
337
|
+
new_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
|
|
342
338
|
return T.must(dependency_source_details).merge(ref: T.must(new_tag).fetch(:tag))
|
|
343
339
|
end
|
|
344
340
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.385.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.385.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.385.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -351,7 +351,7 @@ licenses:
|
|
|
351
351
|
- MIT
|
|
352
352
|
metadata:
|
|
353
353
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
354
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
354
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
|
|
355
355
|
rdoc_options: []
|
|
356
356
|
require_paths:
|
|
357
357
|
- lib
|