dependabot-bundler 0.98.72 → 0.98.73

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 943a5375daffc453a50ab8ad40e2c85862c074f11377595a5857c7e284238cc2
-  data.tar.gz: 80b23287325f80751ead41a8332d42d623152f02f49d506679e3cda9c162153d
+  metadata.gz: 6c1a4dcd5046c1222343b23c16bfdae7154244ff39594789d7fa5ea1458b57e8
+  data.tar.gz: b4008f0857a88ad092432cdc72265bef37006523c70a9e5c4a2614426adad1d1
 SHA512:
-  metadata.gz: 5925ec9d214b16386cef21de035e23874247c2fe64d6b30165990ca7f2fde6fe7462d265a24f83203451f2f774948779af27fc595df72981e6017ef777fd7740
-  data.tar.gz: 628503b2e06a5be262410e935498a6240fe172954645a1639c313cd2e7a02a634324ced252ac65dfc20155d0250532983886f46d590e5dc0e7649af5bd07bf77
+  metadata.gz: b7d2c90f9888bebb17249a492cb4524c09ffe7c41167bfd0ba8ce01fabeebdd1fd9835471f103b701b5178968ae7a8349c8730f0ed166661de01773a31c04442
+  data.tar.gz: 9c2af0c292c8be3d0ca2cb600b1b30a9c94d07dae312e5ca3deaa174cddfb4350dabfbb8433ac62ea043bef2df682fc2578bacc8be856a9ada12d88bd668bdc3

data/lib/dependabot/bundler/update_checker/force_updater.rb

@@ -98,12 +98,18 @@ module Dependabot
 
         def new_dependencies_to_unlock_from(error:, already_unlocked:)
           potentials_deps =
-            error.cause.conflicts.values.
+            relevant_conflicts(error, already_unlocked).
             flat_map(&:requirement_trees).
             reject do |tree|
-              next true unless tree.last.requirement.specific?
+              # If the final requirement wasn't specific, it can't be binding
+              next true if tree.last.requirement == Gem::Requirement.new(">= 0")
+
+              # If the conflict wasn't for the dependency we're updating then
+              # we don't have enough info to reject it
               next false unless tree.last.name == dependency.name
 
+              # If the final requirement *was* for the dependency we're updating
+              # then we can ignore the tree if it permits the target version
               tree.last.requirement.satisfied_by?(
                 Gem::Version.new(target_version)
               )
@@ -115,6 +121,21 @@ module Dependabot
             uniq
         end
 
+        def relevant_conflicts(error, dependencies_being_unlocked)
+          names = [*dependencies_being_unlocked.map(&:name), dependency.name]
+
+          # For a conflict to be relevant to the updates we're making it must be
+          # 1) caused by a new requirement introduced by our unlocking, or
+          # 2) caused by an old requirement that prohibits the update.
+          # Hence, we look at the beginning and end of the requirement trees
+          error.cause.conflicts.values.
+            select do |conflict|
+              conflict.requirement_trees.any? do |t|
+                names.include?(t.last.name) || names.include?(t.first.name)
+              end
+            end
+        end
+
         def raise_unresolvable_error(error)
           msg = error.error_class + " with message: " + error.error_message
           raise Dependabot::DependencyFileNotResolvable, msg

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.98.72
+  version: 0.98.73
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.72
+        version: 0.98.73
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.98.72
+        version: 0.98.73
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement