dependabot-bundler 0.111.44 → 0.111.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +38 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 434077da7467bab17f22eb59bc69017a8d8c52986cbc2aa85206e577635919aa
|
|
4
|
+
data.tar.gz: e0cc87b65eb47012f85e8b0a458744641ee08d5dba5f08d95490b5e2efafb8f1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1d27744edc8bda9880770cd2a630c0e95c74e5f9937ab4d8b6ac7bc959ae1334bb74fae6277e5a2d03c104f0446607e339b95de92094042fc890b1fa3c57dc8a
|
|
7
|
+
data.tar.gz: 53165e4eaab20842e9a884a263953ac41d75291e7952db2049ae75e14762a5230aee1a262beb7c44054680fe8ca5d2b0f81a00208bc07c73dca727614005dbbe
|
|
@@ -106,7 +106,13 @@ module Dependabot
|
|
|
106
106
|
name: dependency.name,
|
|
107
107
|
version: dependency_version(dependency.name)&.to_s,
|
|
108
108
|
requirements: [],
|
|
109
|
-
package_manager: "bundler"
|
|
109
|
+
package_manager: "bundler",
|
|
110
|
+
subdependency_metadata:
|
|
111
|
+
if production_dependency_names.include?(dependency.name)
|
|
112
|
+
[{ production: true }]
|
|
113
|
+
else
|
|
114
|
+
[{ production: false }]
|
|
115
|
+
end
|
|
110
116
|
)
|
|
111
117
|
end
|
|
112
118
|
|
|
@@ -279,6 +285,36 @@ module Dependabot
|
|
|
279
285
|
::Bundler::LockfileParser.new(sanitized_lockfile_content)
|
|
280
286
|
end
|
|
281
287
|
|
|
288
|
+
def production_dependency_names
|
|
289
|
+
@production_dependency_names ||=
|
|
290
|
+
(gemfile_dependencies + gemspec_dependencies).dependencies.
|
|
291
|
+
select { |dep| production?(dep) }.
|
|
292
|
+
flat_map { |dep| expanded_dependency_names(dep) }.
|
|
293
|
+
uniq
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
def expanded_dependency_names(dep)
|
|
297
|
+
spec = parsed_lockfile.specs.find { |s| s.name == dep.name }
|
|
298
|
+
return [dep.name] unless spec
|
|
299
|
+
|
|
300
|
+
[
|
|
301
|
+
dep.name,
|
|
302
|
+
*spec.dependencies.flat_map { |d| expanded_dependency_names(d) }
|
|
303
|
+
]
|
|
304
|
+
end
|
|
305
|
+
|
|
306
|
+
def production?(dependency)
|
|
307
|
+
groups = dependency.requirements.
|
|
308
|
+
flat_map { |r| r.fetch(:groups) }.
|
|
309
|
+
map(&:to_s)
|
|
310
|
+
|
|
311
|
+
return true if groups.empty?
|
|
312
|
+
return true if groups.include?("runtime")
|
|
313
|
+
return true if groups.include?("default")
|
|
314
|
+
|
|
315
|
+
groups.any? { |g| g.include?("prod") }
|
|
316
|
+
end
|
|
317
|
+
|
|
282
318
|
def sanitized_lockfile_content
|
|
283
319
|
regex = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
|
|
284
320
|
lockfile.content.gsub(regex, "")
|
|
@@ -300,5 +336,4 @@ module Dependabot
|
|
|
300
336
|
end
|
|
301
337
|
end
|
|
302
338
|
|
|
303
|
-
Dependabot::FileParsers.
|
|
304
|
-
register("bundler", Dependabot::Bundler::FileParser)
|
|
339
|
+
Dependabot::FileParsers.register("bundler", Dependabot::Bundler::FileParser)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.111.
|
|
4
|
+
version: 0.111.45
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.111.
|
|
19
|
+
version: 0.111.45
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.111.
|
|
26
|
+
version: 0.111.45
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|