dependabot-bundler 0.283.0 → 0.284.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +16 -3
- data/lib/dependabot/bundler/package_manager.rb +11 -26
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48a9435c67c8a6b58134c7a80486d74ab609273e937c10eed74191426d6cded8
|
|
4
|
+
data.tar.gz: a139d9cc839fddffc0e0ca6ef3b8a7ab87d9a1ae2d82e5404e16b1823502cf2e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9612d984f30f3e0cfa5079a1c34be49112fe4de0e93aabca848a70f5438ae722acd958746950f7ff94404f66ce14bc50ec8604014e933e7877d7fb0cdf013bdc
|
|
7
|
+
data.tar.gz: c2edeee8f3df7b37c19b747b4e54a6d34846efde4ab76a26d14302124432b77901c57afedc3cad21a95695c619f445b7d08e10dfa72e882fe8fc7688367b5e9c
|
|
@@ -32,13 +32,24 @@ module Dependabot
|
|
|
32
32
|
dependency_set.dependencies
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
sig { returns(
|
|
36
|
-
def
|
|
37
|
-
|
|
35
|
+
sig { returns(Ecosystem) }
|
|
36
|
+
def ecosystem
|
|
37
|
+
@ecosystem ||= T.let(
|
|
38
|
+
Ecosystem.new(
|
|
39
|
+
name: ECOSYSTEM,
|
|
40
|
+
package_manager: package_manager
|
|
41
|
+
),
|
|
42
|
+
T.nilable(Ecosystem)
|
|
43
|
+
)
|
|
38
44
|
end
|
|
39
45
|
|
|
40
46
|
private
|
|
41
47
|
|
|
48
|
+
sig { returns(Ecosystem::VersionManager) }
|
|
49
|
+
def package_manager
|
|
50
|
+
PackageManager.new(bundler_version)
|
|
51
|
+
end
|
|
52
|
+
|
|
42
53
|
def check_external_code(dependencies)
|
|
43
54
|
return unless @reject_external_code
|
|
44
55
|
return unless git_source?(dependencies)
|
|
@@ -309,12 +320,14 @@ module Dependabot
|
|
|
309
320
|
.select { |file| file.name.end_with?(".gemspec") }
|
|
310
321
|
end
|
|
311
322
|
|
|
323
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
312
324
|
def imported_ruby_files
|
|
313
325
|
dependency_files
|
|
314
326
|
.select { |f| f.name.end_with?(".rb") }
|
|
315
327
|
.reject { |f| f.name == "gems.rb" }
|
|
316
328
|
end
|
|
317
329
|
|
|
330
|
+
sig { returns(String) }
|
|
318
331
|
def bundler_version
|
|
319
332
|
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
320
333
|
end
|
|
@@ -3,10 +3,11 @@
|
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/bundler/version"
|
|
6
|
-
require "dependabot/
|
|
6
|
+
require "dependabot/ecosystem"
|
|
7
7
|
|
|
8
8
|
module Dependabot
|
|
9
9
|
module Bundler
|
|
10
|
+
ECOSYSTEM = "bundler"
|
|
10
11
|
PACKAGE_MANAGER = "bundler"
|
|
11
12
|
|
|
12
13
|
# Keep versions in ascending order
|
|
@@ -18,33 +19,17 @@ module Dependabot
|
|
|
18
19
|
# DEPRECATED_BUNDLER_VERSIONS = T.let([Version.new("1")].freeze, T::Array[Dependabot::Version])
|
|
19
20
|
DEPRECATED_BUNDLER_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
20
21
|
|
|
21
|
-
class PackageManager <
|
|
22
|
+
class PackageManager < Dependabot::Ecosystem::VersionManager
|
|
22
23
|
extend T::Sig
|
|
23
24
|
|
|
24
|
-
sig { params(
|
|
25
|
-
def initialize(
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
sig { override.returns(String) }
|
|
33
|
-
attr_reader :name
|
|
34
|
-
|
|
35
|
-
sig { override.returns(Dependabot::Version) }
|
|
36
|
-
attr_reader :version
|
|
37
|
-
|
|
38
|
-
sig { override.returns(T::Array[Dependabot::Version]) }
|
|
39
|
-
attr_reader :deprecated_versions
|
|
40
|
-
|
|
41
|
-
sig { override.returns(T::Array[Dependabot::Version]) }
|
|
42
|
-
attr_reader :supported_versions
|
|
43
|
-
|
|
44
|
-
sig { override.returns(T::Boolean) }
|
|
45
|
-
def unsupported?
|
|
46
|
-
# Check if the version is not supported
|
|
47
|
-
supported_versions.all? { |supported| supported > version }
|
|
25
|
+
sig { params(raw_version: String).void }
|
|
26
|
+
def initialize(raw_version)
|
|
27
|
+
super(
|
|
28
|
+
PACKAGE_MANAGER,
|
|
29
|
+
Version.new(raw_version),
|
|
30
|
+
DEPRECATED_BUNDLER_VERSIONS,
|
|
31
|
+
SUPPORTED_BUNDLER_VERSIONS,
|
|
32
|
+
)
|
|
48
33
|
end
|
|
49
34
|
end
|
|
50
35
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.284.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.284.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.284.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -321,7 +321,7 @@ licenses:
|
|
|
321
321
|
- MIT
|
|
322
322
|
metadata:
|
|
323
323
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
324
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
324
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
|
|
325
325
|
post_install_message:
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|