dependabot-cargo 0.105.8 → 0.106.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ad6b10c46549f96f58f8a85203c1aed3ad784931288b5453d14cb1a245f4b41
|
|
4
|
+
data.tar.gz: fe9f8e9f82dff4018c10e750592e1b0907694ddc404fbdcadb86ddd579061f24
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 772fa72f987966c4883553fa07795bbe3a20221d47e19b9c1d88720e36d1ec3b692f63d5a3f379962a8e66ccf22d9bdf52e425967fab8779eddd0da9a84f2833
|
|
7
|
+
data.tar.gz: 7ab49f001d3b4e5b9a333e847e166c5445b71995a40b0c31a82e40655182a0fed36faf4dbc05c74c3567b6b217e543609916abd77ddb870533cb65439990b396
|
|
@@ -42,6 +42,17 @@ module Dependabot
|
|
|
42
42
|
end
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
+
def lowest_resolvable_security_fix_version
|
|
46
|
+
raise "Dependency not vulnerable!" unless vulnerable?
|
|
47
|
+
|
|
48
|
+
if defined?(@lowest_resolvable_security_fix_version)
|
|
49
|
+
return @lowest_resolvable_security_fix_version
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
@lowest_resolvable_security_fix_version =
|
|
53
|
+
fetch_lowest_resolvable_security_fix_version
|
|
54
|
+
end
|
|
55
|
+
|
|
45
56
|
def latest_resolvable_version_with_no_unlock
|
|
46
57
|
return if path_dependency?
|
|
47
58
|
|
|
@@ -57,9 +68,7 @@ module Dependabot
|
|
|
57
68
|
RequirementsUpdater.new(
|
|
58
69
|
requirements: dependency.requirements,
|
|
59
70
|
updated_source: updated_source,
|
|
60
|
-
|
|
61
|
-
latest_version: latest_version&.to_s,
|
|
62
|
-
library: library?,
|
|
71
|
+
target_version: target_version,
|
|
63
72
|
update_strategy: requirement_update_strategy
|
|
64
73
|
).updated_requirements
|
|
65
74
|
end
|
|
@@ -75,6 +84,10 @@ module Dependabot
|
|
|
75
84
|
raise NotImplementedError
|
|
76
85
|
end
|
|
77
86
|
|
|
87
|
+
def target_version
|
|
88
|
+
library? ? latest_version&.to_s : preferred_resolvable_version&.to_s
|
|
89
|
+
end
|
|
90
|
+
|
|
78
91
|
def library?
|
|
79
92
|
# If it has a lockfile, treat it as an application. Otherwise treat it
|
|
80
93
|
# as a library.
|
|
@@ -194,6 +207,33 @@ module Dependabot
|
|
|
194
207
|
).latest_resolvable_version
|
|
195
208
|
end
|
|
196
209
|
|
|
210
|
+
def fetch_lowest_resolvable_security_fix_version
|
|
211
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
|
212
|
+
return latest_resolvable_version if fix_version.nil?
|
|
213
|
+
|
|
214
|
+
if path_dependency? || git_dependency? || git_subdependency?
|
|
215
|
+
return latest_resolvable_version
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
prepared_files = FilePreparer.new(
|
|
219
|
+
dependency_files: dependency_files,
|
|
220
|
+
dependency: dependency,
|
|
221
|
+
unlock_requirement: true,
|
|
222
|
+
latest_allowable_version: fix_version
|
|
223
|
+
).prepared_dependency_files
|
|
224
|
+
|
|
225
|
+
resolved_fix_version = VersionResolver.new(
|
|
226
|
+
dependency: dependency,
|
|
227
|
+
prepared_dependency_files: prepared_files,
|
|
228
|
+
original_dependency_files: dependency_files,
|
|
229
|
+
credentials: credentials
|
|
230
|
+
).latest_resolvable_version
|
|
231
|
+
|
|
232
|
+
return fix_version if fix_version == resolved_fix_version
|
|
233
|
+
|
|
234
|
+
latest_resolvable_version
|
|
235
|
+
end
|
|
236
|
+
|
|
197
237
|
def updated_source
|
|
198
238
|
# Never need to update source, unless a git_dependency
|
|
199
239
|
return dependency_source_details unless git_dependency?
|
|
@@ -21,25 +21,16 @@ module Dependabot
|
|
|
21
21
|
%i(bump_versions bump_versions_if_necessary).freeze
|
|
22
22
|
|
|
23
23
|
def initialize(requirements:, updated_source:, update_strategy:,
|
|
24
|
-
|
|
24
|
+
target_version:)
|
|
25
25
|
@requirements = requirements
|
|
26
26
|
@updated_source = updated_source
|
|
27
27
|
@update_strategy = update_strategy
|
|
28
|
-
@library = library
|
|
29
28
|
|
|
30
29
|
check_update_strategy
|
|
31
30
|
|
|
32
|
-
|
|
33
|
-
@latest_version = version_class.new(latest_version)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
if latest_resolvable_version &&
|
|
37
|
-
version_class.correct?(latest_resolvable_version)
|
|
38
|
-
@latest_resolvable_version =
|
|
39
|
-
version_class.new(latest_resolvable_version)
|
|
40
|
-
end
|
|
31
|
+
return unless target_version && version_class.correct?(target_version)
|
|
41
32
|
|
|
42
|
-
@
|
|
33
|
+
@target_version = version_class.new(target_version)
|
|
43
34
|
end
|
|
44
35
|
|
|
45
36
|
def updated_requirements
|
|
@@ -62,15 +53,8 @@ module Dependabot
|
|
|
62
53
|
|
|
63
54
|
private
|
|
64
55
|
|
|
65
|
-
attr_reader :requirements, :updated_source, :update_strategy
|
|
66
|
-
|
|
67
|
-
def library?
|
|
68
|
-
@library
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
def target_version
|
|
72
|
-
library? ? @latest_version : @latest_resolvable_version
|
|
73
|
-
end
|
|
56
|
+
attr_reader :requirements, :updated_source, :update_strategy,
|
|
57
|
+
:target_version
|
|
74
58
|
|
|
75
59
|
def check_update_strategy
|
|
76
60
|
return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-cargo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.106.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-04-
|
|
11
|
+
date: 2019-04-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.106.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.106.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|