dependabot-bundler 0.246.0 → 0.247.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +4 -1
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +14 -1
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +16 -5
- data/lib/dependabot/bundler/update_checker.rb +11 -5
- metadata +19 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dcd4f16b3bd7636cd65c77255a1d3b37888a0b3b0294ac4974035e9642debd02
|
|
4
|
+
data.tar.gz: 011fb6db795058131d051d1533973d0df2c61a5bb976bfc7b6a15d4ca337206b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9a59aa6f31d04899347ea046f1b94211d1816bae26a23f7ef228adc8ed2204e8835dc456de2047b467a7d0a5a8f7532b2aa148a554d7d988094b8055aa824bd4
|
|
7
|
+
data.tar.gz: b2896086152ffa5138f47e1eea0b628869eab812348c7e988f834b5aa69c54f1971d7937251670ee08453f93e6d3e03df54ccec309d229768435f36d951a83cd
|
|
@@ -4,12 +4,15 @@
|
|
|
4
4
|
require "dependabot/registry_client"
|
|
5
5
|
require "dependabot/bundler/native_helpers"
|
|
6
6
|
require "dependabot/bundler/helpers"
|
|
7
|
+
require "sorbet-runtime"
|
|
7
8
|
|
|
8
9
|
module Dependabot
|
|
9
10
|
module Bundler
|
|
10
11
|
class UpdateChecker
|
|
11
12
|
class LatestVersionFinder
|
|
12
13
|
class DependencySource
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
13
16
|
require_relative "../shared_bundler_helpers"
|
|
14
17
|
include SharedBundlerHelpers
|
|
15
18
|
|
|
@@ -33,7 +36,7 @@ module Dependabot
|
|
|
33
36
|
|
|
34
37
|
# The latest version details for the dependency from a registry
|
|
35
38
|
#
|
|
36
|
-
|
|
39
|
+
sig { returns(T::Array[Gem::Version]) }
|
|
37
40
|
def versions
|
|
38
41
|
return rubygems_versions if dependency.name == "bundler"
|
|
39
42
|
return rubygems_versions unless gemfile
|
|
@@ -10,11 +10,14 @@ require "dependabot/shared_helpers"
|
|
|
10
10
|
require "dependabot/errors"
|
|
11
11
|
require "dependabot/bundler/update_checker/latest_version_finder/" \
|
|
12
12
|
"dependency_source"
|
|
13
|
+
require "sorbet-runtime"
|
|
13
14
|
|
|
14
15
|
module Dependabot
|
|
15
16
|
module Bundler
|
|
16
17
|
class UpdateChecker
|
|
17
18
|
class LatestVersionFinder
|
|
19
|
+
extend T::Sig
|
|
20
|
+
|
|
18
21
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
19
22
|
credentials:, ignored_versions:, raise_on_ignored: false,
|
|
20
23
|
security_advisories:, options:)
|
|
@@ -65,12 +68,18 @@ module Dependabot
|
|
|
65
68
|
relevant_versions.min
|
|
66
69
|
end
|
|
67
70
|
|
|
71
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
68
72
|
def filter_prerelease_versions(versions_array)
|
|
69
73
|
return versions_array if wants_prerelease?
|
|
70
74
|
|
|
71
|
-
versions_array.reject(&:prerelease?)
|
|
75
|
+
filtered = versions_array.reject(&:prerelease?)
|
|
76
|
+
if versions_array.count > filtered.count
|
|
77
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} pre-release versions")
|
|
78
|
+
end
|
|
79
|
+
filtered
|
|
72
80
|
end
|
|
73
81
|
|
|
82
|
+
sig { params(versions_array: T::Array[Gem::Version]).returns(T::Array[Gem::Version]) }
|
|
74
83
|
def filter_ignored_versions(versions_array)
|
|
75
84
|
filtered = versions_array
|
|
76
85
|
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
@@ -78,6 +87,10 @@ module Dependabot
|
|
|
78
87
|
raise AllVersionsIgnored
|
|
79
88
|
end
|
|
80
89
|
|
|
90
|
+
if versions_array.count > filtered.count
|
|
91
|
+
Dependabot.logger.info("Filtered out #{versions_array.count - filtered.count} ignored versions")
|
|
92
|
+
end
|
|
93
|
+
|
|
81
94
|
filtered
|
|
82
95
|
end
|
|
83
96
|
|
|
@@ -1,16 +1,27 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/bundler/update_checker"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
5
8
|
|
|
6
9
|
module Dependabot
|
|
7
10
|
module Bundler
|
|
8
11
|
class UpdateChecker
|
|
9
12
|
class RequirementsUpdater
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
10
15
|
class UnfixableRequirement < StandardError; end
|
|
11
16
|
|
|
12
|
-
ALLOWED_UPDATE_STRATEGIES =
|
|
13
|
-
|
|
17
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
|
18
|
+
[
|
|
19
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
|
20
|
+
RequirementsUpdateStrategy::BumpVersions,
|
|
21
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
22
|
+
].freeze,
|
|
23
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
|
24
|
+
)
|
|
14
25
|
|
|
15
26
|
def initialize(requirements:, update_strategy:, updated_source:,
|
|
16
27
|
latest_version:, latest_resolvable_version:)
|
|
@@ -28,7 +39,7 @@ module Dependabot
|
|
|
28
39
|
end
|
|
29
40
|
|
|
30
41
|
def updated_requirements
|
|
31
|
-
return requirements if update_strategy ==
|
|
42
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
32
43
|
|
|
33
44
|
requirements.map do |req|
|
|
34
45
|
if req[:file].include?(".gemspec")
|
|
@@ -58,9 +69,9 @@ module Dependabot
|
|
|
58
69
|
return req unless latest_resolvable_version
|
|
59
70
|
|
|
60
71
|
case update_strategy
|
|
61
|
-
when
|
|
72
|
+
when RequirementsUpdateStrategy::BumpVersions
|
|
62
73
|
update_version_requirement(req)
|
|
63
|
-
when
|
|
74
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
64
75
|
update_version_requirement_if_needed(req)
|
|
65
76
|
else raise "Unexpected update strategy: #{update_strategy}"
|
|
66
77
|
end
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require "dependabot/update_checkers"
|
|
5
|
-
require "dependabot/update_checkers/base"
|
|
6
4
|
require "dependabot/bundler/file_updater/requirement_replacer"
|
|
7
5
|
require "dependabot/bundler/version"
|
|
8
6
|
require "dependabot/git_commit_checker"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
8
|
+
require "dependabot/update_checkers"
|
|
9
|
+
require "dependabot/update_checkers/base"
|
|
10
|
+
|
|
9
11
|
module Dependabot
|
|
10
12
|
module Bundler
|
|
11
13
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
@@ -75,7 +77,7 @@ module Dependabot
|
|
|
75
77
|
|
|
76
78
|
def requirements_unlocked_or_can_be?
|
|
77
79
|
return true if requirements_unlocked?
|
|
78
|
-
return false if requirements_update_strategy ==
|
|
80
|
+
return false if requirements_update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
79
81
|
|
|
80
82
|
dependency.specific_requirements
|
|
81
83
|
.all? do |req|
|
|
@@ -92,10 +94,14 @@ module Dependabot
|
|
|
92
94
|
|
|
93
95
|
def requirements_update_strategy
|
|
94
96
|
# If passed in as an option (in the base class) honour that option
|
|
95
|
-
return @requirements_update_strategy
|
|
97
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
|
96
98
|
|
|
97
99
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
98
|
-
dependency.version.nil?
|
|
100
|
+
if dependency.version.nil?
|
|
101
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
102
|
+
else
|
|
103
|
+
RequirementsUpdateStrategy::BumpVersions
|
|
104
|
+
end
|
|
99
105
|
end
|
|
100
106
|
|
|
101
107
|
def conflicting_dependencies
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -313,7 +327,7 @@ licenses:
|
|
|
313
327
|
- Nonstandard
|
|
314
328
|
metadata:
|
|
315
329
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
316
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
330
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
317
331
|
post_install_message:
|
|
318
332
|
rdoc_options: []
|
|
319
333
|
require_paths:
|