dependabot-bundler 0.223.0 → 0.224.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fe41f546784766646a331b7b9b278bd0a0be01d13c0b9f51da8457a83db4db16
|
|
4
|
+
data.tar.gz: b15f4967d4c25a5e7bf87ba352b649c186e10b843964ba5910c381537340d0f7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc3ea7c204c643484527dfe5f90eec51fcf968ae1d1bccaf42709c1101bcb7ec2dec3015cc20eb2a6cce40d58e505a8da0d28b59cae8ca4540a69db6e6eeac97
|
|
7
|
+
data.tar.gz: e88b57ec7b8fff13d5353ba46654ebc9b82bb975ed16f80be20e73e9b568919f8743defe09a4489f4514fd05bd927c4716eb984847b401b430f7d309088a4196
|
|
@@ -9,7 +9,7 @@ module Dependabot
|
|
|
9
9
|
# newest version we support
|
|
10
10
|
DEFAULT = V2
|
|
11
11
|
# If we are updating a project with a Gemfile.lock that does not specify
|
|
12
|
-
# the version it was bundled with,
|
|
12
|
+
# the version it was bundled with, we failover to V1 on the assumption
|
|
13
13
|
# it was created with an old version that didn't add this information
|
|
14
14
|
FAILOVER = V1
|
|
15
15
|
|
|
@@ -77,6 +77,15 @@ module Dependabot
|
|
|
77
77
|
).parse
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
+
def top_level_dependencies
|
|
81
|
+
@top_level_dependencies ||=
|
|
82
|
+
FileParser.new(
|
|
83
|
+
dependency_files: dependency_files.reject { |file| file.name == lockfile.name },
|
|
84
|
+
credentials: credentials,
|
|
85
|
+
source: nil
|
|
86
|
+
).parse
|
|
87
|
+
end
|
|
88
|
+
|
|
80
89
|
def dependencies_from(updated_deps, specs)
|
|
81
90
|
# You might think we'd want to remove dependencies whose version
|
|
82
91
|
# hadn't changed from this array. We don't. We still need to unlock
|
|
@@ -85,14 +94,17 @@ module Dependabot
|
|
|
85
94
|
#
|
|
86
95
|
# This is kind of a bug in Bundler, and we should try to fix it,
|
|
87
96
|
# but resolving it won't necessarily be easy.
|
|
88
|
-
updated_deps.filter_map do |dep|
|
|
89
|
-
original_dep =
|
|
90
|
-
original_dependencies.find { |d| d.name == dep.fetch("name") }
|
|
91
|
-
spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
|
|
92
97
|
|
|
93
|
-
|
|
98
|
+
# put the lead dependency first
|
|
99
|
+
index = specs.index { |dep| dep["name"] == updated_deps.first["name"] }
|
|
100
|
+
specs.unshift(specs.delete_at(index))
|
|
101
|
+
specs.filter_map do |dep|
|
|
102
|
+
next unless top_level_dependencies.find { |d| d.name == dep.fetch("name") }
|
|
103
|
+
|
|
104
|
+
original_dep = original_dependencies.find { |d| d.name == dep.fetch("name") }
|
|
105
|
+
next if dep.fetch("version") == original_dep.version
|
|
94
106
|
|
|
95
|
-
build_dependency(original_dep,
|
|
107
|
+
build_dependency(original_dep, dep)
|
|
96
108
|
end
|
|
97
109
|
end
|
|
98
110
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.224.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.224.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.224.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -268,7 +268,7 @@ licenses:
|
|
|
268
268
|
- Nonstandard
|
|
269
269
|
metadata:
|
|
270
270
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
271
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
271
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.224.0
|
|
272
272
|
post_install_message:
|
|
273
273
|
rdoc_options: []
|
|
274
274
|
require_paths:
|