dependabot-bundler 0.104.0 → 0.104.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 188b7d26a9b823b918edb744eb45ce401b0763ce98a82d9b836880cfb41f05a4
|
|
4
|
+
data.tar.gz: f7ceb08ce85a9bf0cec07e1825146d0f6e8ed9eba0def89368f63ba89edf95db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b32f991ab5515799312cc8af470eaeb7fc4952860033b86a65bebff1b64a27470aedc340da0121d57b3dcb8ef411482685dd79bd3524b810fc5a486c02b12102
|
|
7
|
+
data.tar.gz: 69fef0900abf881d96bcc632d7f92ad5536711d09f89c47a5e34e7d9b8f1a9cd670128ee17c9bcd6e72467c2738c06927c1f1aa70de46090bef75ce01fa599c8
|
|
@@ -56,29 +56,27 @@ module Dependabot
|
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
def updated_requirements
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
fetch(:version)&.
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
).updated_requirements
|
|
81
|
-
end
|
|
59
|
+
latest_version_for_req_updater =
|
|
60
|
+
if switching_source_from_git_to_rubygems?
|
|
61
|
+
git_commit_checker.local_tag_for_latest_version.fetch(:version).to_s
|
|
62
|
+
else
|
|
63
|
+
latest_version_details&.fetch(:version)&.to_s
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
latest_resolvable_version_for_req_updater =
|
|
67
|
+
if switching_source_from_git_to_rubygems?
|
|
68
|
+
latest_version_for_req_updater
|
|
69
|
+
else
|
|
70
|
+
preferred_resolvable_version_details&.fetch(:version)&.to_s
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
RequirementsUpdater.new(
|
|
74
|
+
requirements: dependency.requirements,
|
|
75
|
+
update_strategy: requirements_update_strategy,
|
|
76
|
+
updated_source: updated_source,
|
|
77
|
+
latest_version: latest_version_for_req_updater,
|
|
78
|
+
latest_resolvable_version: latest_resolvable_version_for_req_updater
|
|
79
|
+
).updated_requirements
|
|
82
80
|
end
|
|
83
81
|
|
|
84
82
|
def requirements_unlocked_or_can_be?
|
|
@@ -142,7 +140,9 @@ module Dependabot
|
|
|
142
140
|
|
|
143
141
|
def resolvable?(version)
|
|
144
142
|
@resolvable ||= {}
|
|
145
|
-
@resolvable[version]
|
|
143
|
+
return @resolvable[version] if @resolvable.key?(version)
|
|
144
|
+
|
|
145
|
+
@resolvable[version] =
|
|
146
146
|
begin
|
|
147
147
|
ForceUpdater.new(
|
|
148
148
|
dependency: dependency,
|
|
@@ -250,17 +250,10 @@ module Dependabot
|
|
|
250
250
|
end
|
|
251
251
|
|
|
252
252
|
def latest_git_tag_is_resolvable?
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
@latest_git_tag_is_resolvable_checked = true
|
|
256
|
-
|
|
257
|
-
return false if git_commit_checker.local_tag_for_latest_version.nil?
|
|
253
|
+
latest_tag_details = git_commit_checker.local_tag_for_latest_version
|
|
254
|
+
return false unless latest_tag_details
|
|
258
255
|
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
@git_tag_resolvable = true
|
|
262
|
-
rescue Dependabot::DependencyFileNotResolvable
|
|
263
|
-
@git_tag_resolvable = false
|
|
256
|
+
resolvable?(latest_tag_details.fetch(:version))
|
|
264
257
|
end
|
|
265
258
|
|
|
266
259
|
def git_branch_or_ref_in_release?(release)
|
|
@@ -303,6 +296,12 @@ module Dependabot
|
|
|
303
296
|
Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
|
|
304
297
|
end
|
|
305
298
|
|
|
299
|
+
def switching_source_from_git_to_rubygems?
|
|
300
|
+
return false unless updated_source&.fetch(:ref, nil)
|
|
301
|
+
|
|
302
|
+
updated_source.fetch(:ref) != dependency_source_details.fetch(:ref)
|
|
303
|
+
end
|
|
304
|
+
|
|
306
305
|
def force_updater
|
|
307
306
|
@force_updater ||=
|
|
308
307
|
ForceUpdater.new(
|
|
@@ -322,21 +321,6 @@ module Dependabot
|
|
|
322
321
|
)
|
|
323
322
|
end
|
|
324
323
|
|
|
325
|
-
def latest_resolvable_version_details_with_updated_git_source
|
|
326
|
-
@latest_resolvable_version_details_with_updated_git_source ||=
|
|
327
|
-
begin
|
|
328
|
-
replacement_tag = git_commit_checker.local_tag_for_latest_version
|
|
329
|
-
|
|
330
|
-
VersionResolver.new(
|
|
331
|
-
dependency: dependency,
|
|
332
|
-
unprepared_dependency_files: dependency_files,
|
|
333
|
-
credentials: credentials,
|
|
334
|
-
ignored_versions: ignored_versions,
|
|
335
|
-
replacement_git_pin: replacement_tag.fetch(:tag)
|
|
336
|
-
).latest_resolvable_version_details
|
|
337
|
-
end
|
|
338
|
-
end
|
|
339
|
-
|
|
340
324
|
def version_resolver(remove_git_source:, unlock_requirement: true)
|
|
341
325
|
@version_resolver ||= {}
|
|
342
326
|
@version_resolver[remove_git_source] ||= {}
|
|
@@ -168,7 +168,10 @@ module Dependabot
|
|
|
168
168
|
new_req = Gem::Requirement.create("= #{target_version}")
|
|
169
169
|
definition.dependencies.
|
|
170
170
|
find { |d| d.name == dependency.name }.
|
|
171
|
-
|
|
171
|
+
tap do |dep|
|
|
172
|
+
dep.instance_variable_set(:@requirement, new_req)
|
|
173
|
+
dep.source = nil if dep.source.is_a?(::Bundler::Source::Git)
|
|
174
|
+
end
|
|
172
175
|
|
|
173
176
|
definition
|
|
174
177
|
end
|
|
@@ -41,8 +41,7 @@ module Dependabot
|
|
|
41
41
|
:ignored_versions, :security_advisories
|
|
42
42
|
|
|
43
43
|
def fetch_latest_version_details
|
|
44
|
-
if dependency_source.is_a?(::Bundler::Source::Git)
|
|
45
|
-
dependency.name != "bundler"
|
|
44
|
+
if dependency_source.is_a?(::Bundler::Source::Git)
|
|
46
45
|
return latest_git_version_details
|
|
47
46
|
end
|
|
48
47
|
|
|
@@ -66,8 +65,9 @@ module Dependabot
|
|
|
66
65
|
end
|
|
67
66
|
|
|
68
67
|
def filter_prerelease_versions(versions_array)
|
|
69
|
-
versions_array
|
|
70
|
-
|
|
68
|
+
return versions_array if wants_prerelease?
|
|
69
|
+
|
|
70
|
+
versions_array.reject(&:prerelease?)
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
def filter_ignored_versions(versions_array)
|
|
@@ -76,13 +76,8 @@ module Dependabot
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def filter_vulnerable_versions(versions_array)
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
security_advisories.each do |advisory|
|
|
82
|
-
arr = arr.reject { |v| advisory.vulnerable?(v) }
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
arr
|
|
79
|
+
versions_array.
|
|
80
|
+
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
|
86
81
|
end
|
|
87
82
|
|
|
88
83
|
def filter_lower_versions(versions_array)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.104.
|
|
4
|
+
version: 0.104.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.104.
|
|
19
|
+
version: 0.104.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.104.
|
|
26
|
+
version: 0.104.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|