dependabot-bundler 0.98.72 → 0.98.73
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/update_checker/force_updater.rb +23 -2
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6c1a4dcd5046c1222343b23c16bfdae7154244ff39594789d7fa5ea1458b57e8
|
|
4
|
+
data.tar.gz: b4008f0857a88ad092432cdc72265bef37006523c70a9e5c4a2614426adad1d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7d2c90f9888bebb17249a492cb4524c09ffe7c41167bfd0ba8ce01fabeebdd1fd9835471f103b701b5178968ae7a8349c8730f0ed166661de01773a31c04442
|
|
7
|
+
data.tar.gz: 9c2af0c292c8be3d0ca2cb600b1b30a9c94d07dae312e5ca3deaa174cddfb4350dabfbb8433ac62ea043bef2df682fc2578bacc8be856a9ada12d88bd668bdc3
|
|
@@ -98,12 +98,18 @@ module Dependabot
|
|
|
98
98
|
|
|
99
99
|
def new_dependencies_to_unlock_from(error:, already_unlocked:)
|
|
100
100
|
potentials_deps =
|
|
101
|
-
error.
|
|
101
|
+
relevant_conflicts(error, already_unlocked).
|
|
102
102
|
flat_map(&:requirement_trees).
|
|
103
103
|
reject do |tree|
|
|
104
|
-
|
|
104
|
+
# If the final requirement wasn't specific, it can't be binding
|
|
105
|
+
next true if tree.last.requirement == Gem::Requirement.new(">= 0")
|
|
106
|
+
|
|
107
|
+
# If the conflict wasn't for the dependency we're updating then
|
|
108
|
+
# we don't have enough info to reject it
|
|
105
109
|
next false unless tree.last.name == dependency.name
|
|
106
110
|
|
|
111
|
+
# If the final requirement *was* for the dependency we're updating
|
|
112
|
+
# then we can ignore the tree if it permits the target version
|
|
107
113
|
tree.last.requirement.satisfied_by?(
|
|
108
114
|
Gem::Version.new(target_version)
|
|
109
115
|
)
|
|
@@ -115,6 +121,21 @@ module Dependabot
|
|
|
115
121
|
uniq
|
|
116
122
|
end
|
|
117
123
|
|
|
124
|
+
def relevant_conflicts(error, dependencies_being_unlocked)
|
|
125
|
+
names = [*dependencies_being_unlocked.map(&:name), dependency.name]
|
|
126
|
+
|
|
127
|
+
# For a conflict to be relevant to the updates we're making it must be
|
|
128
|
+
# 1) caused by a new requirement introduced by our unlocking, or
|
|
129
|
+
# 2) caused by an old requirement that prohibits the update.
|
|
130
|
+
# Hence, we look at the beginning and end of the requirement trees
|
|
131
|
+
error.cause.conflicts.values.
|
|
132
|
+
select do |conflict|
|
|
133
|
+
conflict.requirement_trees.any? do |t|
|
|
134
|
+
names.include?(t.last.name) || names.include?(t.first.name)
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
118
139
|
def raise_unresolvable_error(error)
|
|
119
140
|
msg = error.error_class + " with message: " + error.error_message
|
|
120
141
|
raise Dependabot::DependencyFileNotResolvable, msg
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.98.
|
|
4
|
+
version: 0.98.73
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.98.
|
|
19
|
+
version: 0.98.73
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.98.
|
|
26
|
+
version: 0.98.73
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|