dependabot-bundler 0.111.44 → 0.111.45
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +38 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 434077da7467bab17f22eb59bc69017a8d8c52986cbc2aa85206e577635919aa
|
|
4
|
+
data.tar.gz: e0cc87b65eb47012f85e8b0a458744641ee08d5dba5f08d95490b5e2efafb8f1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d27744edc8bda9880770cd2a630c0e95c74e5f9937ab4d8b6ac7bc959ae1334bb74fae6277e5a2d03c104f0446607e339b95de92094042fc890b1fa3c57dc8a
|
|
7
|
+
data.tar.gz: 53165e4eaab20842e9a884a263953ac41d75291e7952db2049ae75e14762a5230aee1a262beb7c44054680fe8ca5d2b0f81a00208bc07c73dca727614005dbbe
|
|
@@ -106,7 +106,13 @@ module Dependabot
|
|
|
106
106
|
name: dependency.name,
|
|
107
107
|
version: dependency_version(dependency.name)&.to_s,
|
|
108
108
|
requirements: [],
|
|
109
|
-
package_manager: "bundler"
|
|
109
|
+
package_manager: "bundler",
|
|
110
|
+
subdependency_metadata:
|
|
111
|
+
if production_dependency_names.include?(dependency.name)
|
|
112
|
+
[{ production: true }]
|
|
113
|
+
else
|
|
114
|
+
[{ production: false }]
|
|
115
|
+
end
|
|
110
116
|
)
|
|
111
117
|
end
|
|
112
118
|
|
|
@@ -279,6 +285,36 @@ module Dependabot
|
|
|
279
285
|
::Bundler::LockfileParser.new(sanitized_lockfile_content)
|
|
280
286
|
end
|
|
281
287
|
|
|
288
|
+
def production_dependency_names
|
|
289
|
+
@production_dependency_names ||=
|
|
290
|
+
(gemfile_dependencies + gemspec_dependencies).dependencies.
|
|
291
|
+
select { |dep| production?(dep) }.
|
|
292
|
+
flat_map { |dep| expanded_dependency_names(dep) }.
|
|
293
|
+
uniq
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
def expanded_dependency_names(dep)
|
|
297
|
+
spec = parsed_lockfile.specs.find { |s| s.name == dep.name }
|
|
298
|
+
return [dep.name] unless spec
|
|
299
|
+
|
|
300
|
+
[
|
|
301
|
+
dep.name,
|
|
302
|
+
*spec.dependencies.flat_map { |d| expanded_dependency_names(d) }
|
|
303
|
+
]
|
|
304
|
+
end
|
|
305
|
+
|
|
306
|
+
def production?(dependency)
|
|
307
|
+
groups = dependency.requirements.
|
|
308
|
+
flat_map { |r| r.fetch(:groups) }.
|
|
309
|
+
map(&:to_s)
|
|
310
|
+
|
|
311
|
+
return true if groups.empty?
|
|
312
|
+
return true if groups.include?("runtime")
|
|
313
|
+
return true if groups.include?("default")
|
|
314
|
+
|
|
315
|
+
groups.any? { |g| g.include?("prod") }
|
|
316
|
+
end
|
|
317
|
+
|
|
282
318
|
def sanitized_lockfile_content
|
|
283
319
|
regex = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
|
|
284
320
|
lockfile.content.gsub(regex, "")
|
|
@@ -300,5 +336,4 @@ module Dependabot
|
|
|
300
336
|
end
|
|
301
337
|
end
|
|
302
338
|
|
|
303
|
-
Dependabot::FileParsers.
|
|
304
|
-
register("bundler", Dependabot::Bundler::FileParser)
|
|
339
|
+
Dependabot::FileParsers.register("bundler", Dependabot::Bundler::FileParser)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.111.
|
|
4
|
+
version: 0.111.45
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.111.
|
|
19
|
+
version: 0.111.45
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.111.
|
|
26
|
+
version: 0.111.45
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|