dependabot-bundler 0.283.0 → 0.284.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +16 -3
- data/lib/dependabot/bundler/package_manager.rb +11 -26
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48a9435c67c8a6b58134c7a80486d74ab609273e937c10eed74191426d6cded8
|
|
4
|
+
data.tar.gz: a139d9cc839fddffc0e0ca6ef3b8a7ab87d9a1ae2d82e5404e16b1823502cf2e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9612d984f30f3e0cfa5079a1c34be49112fe4de0e93aabca848a70f5438ae722acd958746950f7ff94404f66ce14bc50ec8604014e933e7877d7fb0cdf013bdc
|
|
7
|
+
data.tar.gz: c2edeee8f3df7b37c19b747b4e54a6d34846efde4ab76a26d14302124432b77901c57afedc3cad21a95695c619f445b7d08e10dfa72e882fe8fc7688367b5e9c
|
|
@@ -32,13 +32,24 @@ module Dependabot
|
|
|
32
32
|
dependency_set.dependencies
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
sig { returns(
|
|
36
|
-
def
|
|
37
|
-
|
|
35
|
+
sig { returns(Ecosystem) }
|
|
36
|
+
def ecosystem
|
|
37
|
+
@ecosystem ||= T.let(
|
|
38
|
+
Ecosystem.new(
|
|
39
|
+
name: ECOSYSTEM,
|
|
40
|
+
package_manager: package_manager
|
|
41
|
+
),
|
|
42
|
+
T.nilable(Ecosystem)
|
|
43
|
+
)
|
|
38
44
|
end
|
|
39
45
|
|
|
40
46
|
private
|
|
41
47
|
|
|
48
|
+
sig { returns(Ecosystem::VersionManager) }
|
|
49
|
+
def package_manager
|
|
50
|
+
PackageManager.new(bundler_version)
|
|
51
|
+
end
|
|
52
|
+
|
|
42
53
|
def check_external_code(dependencies)
|
|
43
54
|
return unless @reject_external_code
|
|
44
55
|
return unless git_source?(dependencies)
|
|
@@ -309,12 +320,14 @@ module Dependabot
|
|
|
309
320
|
.select { |file| file.name.end_with?(".gemspec") }
|
|
310
321
|
end
|
|
311
322
|
|
|
323
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
312
324
|
def imported_ruby_files
|
|
313
325
|
dependency_files
|
|
314
326
|
.select { |f| f.name.end_with?(".rb") }
|
|
315
327
|
.reject { |f| f.name == "gems.rb" }
|
|
316
328
|
end
|
|
317
329
|
|
|
330
|
+
sig { returns(String) }
|
|
318
331
|
def bundler_version
|
|
319
332
|
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
320
333
|
end
|
|
@@ -3,10 +3,11 @@
|
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/bundler/version"
|
|
6
|
-
require "dependabot/
|
|
6
|
+
require "dependabot/ecosystem"
|
|
7
7
|
|
|
8
8
|
module Dependabot
|
|
9
9
|
module Bundler
|
|
10
|
+
ECOSYSTEM = "bundler"
|
|
10
11
|
PACKAGE_MANAGER = "bundler"
|
|
11
12
|
|
|
12
13
|
# Keep versions in ascending order
|
|
@@ -18,33 +19,17 @@ module Dependabot
|
|
|
18
19
|
# DEPRECATED_BUNDLER_VERSIONS = T.let([Version.new("1")].freeze, T::Array[Dependabot::Version])
|
|
19
20
|
DEPRECATED_BUNDLER_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
|
20
21
|
|
|
21
|
-
class PackageManager <
|
|
22
|
+
class PackageManager < Dependabot::Ecosystem::VersionManager
|
|
22
23
|
extend T::Sig
|
|
23
24
|
|
|
24
|
-
sig { params(
|
|
25
|
-
def initialize(
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
sig { override.returns(String) }
|
|
33
|
-
attr_reader :name
|
|
34
|
-
|
|
35
|
-
sig { override.returns(Dependabot::Version) }
|
|
36
|
-
attr_reader :version
|
|
37
|
-
|
|
38
|
-
sig { override.returns(T::Array[Dependabot::Version]) }
|
|
39
|
-
attr_reader :deprecated_versions
|
|
40
|
-
|
|
41
|
-
sig { override.returns(T::Array[Dependabot::Version]) }
|
|
42
|
-
attr_reader :supported_versions
|
|
43
|
-
|
|
44
|
-
sig { override.returns(T::Boolean) }
|
|
45
|
-
def unsupported?
|
|
46
|
-
# Check if the version is not supported
|
|
47
|
-
supported_versions.all? { |supported| supported > version }
|
|
25
|
+
sig { params(raw_version: String).void }
|
|
26
|
+
def initialize(raw_version)
|
|
27
|
+
super(
|
|
28
|
+
PACKAGE_MANAGER,
|
|
29
|
+
Version.new(raw_version),
|
|
30
|
+
DEPRECATED_BUNDLER_VERSIONS,
|
|
31
|
+
SUPPORTED_BUNDLER_VERSIONS,
|
|
32
|
+
)
|
|
48
33
|
end
|
|
49
34
|
end
|
|
50
35
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.284.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.284.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.284.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -321,7 +321,7 @@ licenses:
|
|
|
321
321
|
- MIT
|
|
322
322
|
metadata:
|
|
323
323
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
324
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
324
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
|
|
325
325
|
post_install_message:
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|