dependabot-bundler 0.124.8 → 0.125.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bfd94c5167dfdca9cd69f2356d415d06d1199fa3f3dbeb35be649c8e82f62223
4
- data.tar.gz: b3580fedf8dfb482aa4d18d254d6f556abe936599024cb053adde9e01078e19d
3
+ metadata.gz: 80c1fc155e1518d591a60e985401f51bcae4f6332e469e06693ce1e5e1f29b4b
4
+ data.tar.gz: dec9c2bf4c74a475a78378744ec23cc97e2053c75a9fc20e3b58a3349f0df0f9
5
5
  SHA512:
6
- metadata.gz: 85cda0c83145aab4d259cae53dae1bc6c861a2d4a444a61dd235e9f990dc6827efe53b769666ae3ab73acb9f8c8607e050a819c1843a9141574fca256ccb4f51
7
- data.tar.gz: 272ca490bbe6d7f16879dc99f44a84842873b006666bd05925b9d3b418afdd2b61091a75cb1a74ab14dadfe08e6894902e66a069e44c83f581edbffb66ce600b
6
+ metadata.gz: 2deece94900ce3d7c7d1ed93ced8845b5997d840b2453912c7c7b128bc945741e2e9b792d3106f4bc433004fb5138b1293917572ba3f0fe5d1f41e76e78f68e2
7
+ data.tar.gz: fbc107161f3c858edd349623d3a4d00b59ff5c85bd0557caad3dc9eead792defa09784ea412cc9d2ed1b4d349cb1fa564f9ec3ecdf3e8ab25e77a2c50a6ba7b4
@@ -13,6 +13,7 @@ module Dependabot
13
13
  require_relative "update_checker/requirements_updater"
14
14
  require_relative "update_checker/version_resolver"
15
15
  require_relative "update_checker/latest_version_finder"
16
+ require_relative "update_checker/conflicting_dependency_resolver"
16
17
 
17
18
  def latest_version
18
19
  return latest_version_for_git_dependency if git_dependency?
@@ -107,6 +108,17 @@ module Dependabot
107
108
  dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
108
109
  end
109
110
 
111
+ def conflicting_dependencies
112
+ ConflictingDependencyResolver.new(
113
+ dependency_files: dependency_files,
114
+ repo_contents_path: repo_contents_path,
115
+ credentials: credentials
116
+ ).conflicting_dependencies(
117
+ dependency: dependency,
118
+ target_version: lowest_security_fix_version
119
+ )
120
+ end
121
+
110
122
  private
111
123
 
112
124
  def latest_version_resolvable_with_full_unlock?
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/bundler/update_checker"
4
+ require "dependabot/bundler/native_helpers"
5
+ require "dependabot/shared_helpers"
6
+
7
+ module Dependabot
8
+ module Bundler
9
+ class UpdateChecker < UpdateCheckers::Base
10
+ class ConflictingDependencyResolver
11
+ require_relative "shared_bundler_helpers"
12
+ include SharedBundlerHelpers
13
+
14
+ def initialize(dependency_files:, repo_contents_path:, credentials:)
15
+ @dependency_files = dependency_files
16
+ @repo_contents_path = repo_contents_path
17
+ @credentials = credentials
18
+ end
19
+
20
+ # Finds any dependencies in the lockfile that have a subdependency on
21
+ # the given dependency that does not satisfly the target_version.
22
+ #
23
+ # @param dependency [Dependabot::Dependency] the dependency to check
24
+ # @param target_version [String] the version to check
25
+ # @return [Array<Hash{String => String}]
26
+ # * name [String] the blocking dependencies name
27
+ # * version [String] the version of the blocking dependency
28
+ # * requirement [String] the requirement on the target_dependency
29
+ def conflicting_dependencies(dependency:, target_version:)
30
+ in_a_native_bundler_context(error_handling: false) do |tmp_dir|
31
+ SharedHelpers.run_helper_subprocess(
32
+ command: NativeHelpers.helper_path,
33
+ function: "conflicting_dependencies",
34
+ args: {
35
+ dir: tmp_dir,
36
+ dependency_name: dependency.name,
37
+ target_version: target_version,
38
+ credentials: relevant_credentials,
39
+ lockfile_name: lockfile.name,
40
+ using_bundler_2: using_bundler_2?
41
+ }
42
+ )
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.124.8
4
+ version: 0.125.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-04 00:00:00.000000000 Z
11
+ date: 2020-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.124.8
19
+ version: 0.125.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.124.8
26
+ version: 0.125.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -194,6 +194,7 @@ files:
194
194
  - lib/dependabot/bundler/native_helpers.rb
195
195
  - lib/dependabot/bundler/requirement.rb
196
196
  - lib/dependabot/bundler/update_checker.rb
197
+ - lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb
197
198
  - lib/dependabot/bundler/update_checker/file_preparer.rb
198
199
  - lib/dependabot/bundler/update_checker/force_updater.rb
199
200
  - lib/dependabot/bundler/update_checker/latest_version_finder.rb