dependabot-cargo 0.105.8 → 0.106.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9ad6b10c46549f96f58f8a85203c1aed3ad784931288b5453d14cb1a245f4b41
|
4
|
+
data.tar.gz: fe9f8e9f82dff4018c10e750592e1b0907694ddc404fbdcadb86ddd579061f24
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 772fa72f987966c4883553fa07795bbe3a20221d47e19b9c1d88720e36d1ec3b692f63d5a3f379962a8e66ccf22d9bdf52e425967fab8779eddd0da9a84f2833
|
7
|
+
data.tar.gz: 7ab49f001d3b4e5b9a333e847e166c5445b71995a40b0c31a82e40655182a0fed36faf4dbc05c74c3567b6b217e543609916abd77ddb870533cb65439990b396
|
@@ -42,6 +42,17 @@ module Dependabot
|
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
45
|
+
def lowest_resolvable_security_fix_version
|
46
|
+
raise "Dependency not vulnerable!" unless vulnerable?
|
47
|
+
|
48
|
+
if defined?(@lowest_resolvable_security_fix_version)
|
49
|
+
return @lowest_resolvable_security_fix_version
|
50
|
+
end
|
51
|
+
|
52
|
+
@lowest_resolvable_security_fix_version =
|
53
|
+
fetch_lowest_resolvable_security_fix_version
|
54
|
+
end
|
55
|
+
|
45
56
|
def latest_resolvable_version_with_no_unlock
|
46
57
|
return if path_dependency?
|
47
58
|
|
@@ -57,9 +68,7 @@ module Dependabot
|
|
57
68
|
RequirementsUpdater.new(
|
58
69
|
requirements: dependency.requirements,
|
59
70
|
updated_source: updated_source,
|
60
|
-
|
61
|
-
latest_version: latest_version&.to_s,
|
62
|
-
library: library?,
|
71
|
+
target_version: target_version,
|
63
72
|
update_strategy: requirement_update_strategy
|
64
73
|
).updated_requirements
|
65
74
|
end
|
@@ -75,6 +84,10 @@ module Dependabot
|
|
75
84
|
raise NotImplementedError
|
76
85
|
end
|
77
86
|
|
87
|
+
def target_version
|
88
|
+
library? ? latest_version&.to_s : preferred_resolvable_version&.to_s
|
89
|
+
end
|
90
|
+
|
78
91
|
def library?
|
79
92
|
# If it has a lockfile, treat it as an application. Otherwise treat it
|
80
93
|
# as a library.
|
@@ -194,6 +207,33 @@ module Dependabot
|
|
194
207
|
).latest_resolvable_version
|
195
208
|
end
|
196
209
|
|
210
|
+
def fetch_lowest_resolvable_security_fix_version
|
211
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
212
|
+
return latest_resolvable_version if fix_version.nil?
|
213
|
+
|
214
|
+
if path_dependency? || git_dependency? || git_subdependency?
|
215
|
+
return latest_resolvable_version
|
216
|
+
end
|
217
|
+
|
218
|
+
prepared_files = FilePreparer.new(
|
219
|
+
dependency_files: dependency_files,
|
220
|
+
dependency: dependency,
|
221
|
+
unlock_requirement: true,
|
222
|
+
latest_allowable_version: fix_version
|
223
|
+
).prepared_dependency_files
|
224
|
+
|
225
|
+
resolved_fix_version = VersionResolver.new(
|
226
|
+
dependency: dependency,
|
227
|
+
prepared_dependency_files: prepared_files,
|
228
|
+
original_dependency_files: dependency_files,
|
229
|
+
credentials: credentials
|
230
|
+
).latest_resolvable_version
|
231
|
+
|
232
|
+
return fix_version if fix_version == resolved_fix_version
|
233
|
+
|
234
|
+
latest_resolvable_version
|
235
|
+
end
|
236
|
+
|
197
237
|
def updated_source
|
198
238
|
# Never need to update source, unless a git_dependency
|
199
239
|
return dependency_source_details unless git_dependency?
|
@@ -21,25 +21,16 @@ module Dependabot
|
|
21
21
|
%i(bump_versions bump_versions_if_necessary).freeze
|
22
22
|
|
23
23
|
def initialize(requirements:, updated_source:, update_strategy:,
|
24
|
-
|
24
|
+
target_version:)
|
25
25
|
@requirements = requirements
|
26
26
|
@updated_source = updated_source
|
27
27
|
@update_strategy = update_strategy
|
28
|
-
@library = library
|
29
28
|
|
30
29
|
check_update_strategy
|
31
30
|
|
32
|
-
|
33
|
-
@latest_version = version_class.new(latest_version)
|
34
|
-
end
|
35
|
-
|
36
|
-
if latest_resolvable_version &&
|
37
|
-
version_class.correct?(latest_resolvable_version)
|
38
|
-
@latest_resolvable_version =
|
39
|
-
version_class.new(latest_resolvable_version)
|
40
|
-
end
|
31
|
+
return unless target_version && version_class.correct?(target_version)
|
41
32
|
|
42
|
-
@
|
33
|
+
@target_version = version_class.new(target_version)
|
43
34
|
end
|
44
35
|
|
45
36
|
def updated_requirements
|
@@ -62,15 +53,8 @@ module Dependabot
|
|
62
53
|
|
63
54
|
private
|
64
55
|
|
65
|
-
attr_reader :requirements, :updated_source, :update_strategy
|
66
|
-
|
67
|
-
def library?
|
68
|
-
@library
|
69
|
-
end
|
70
|
-
|
71
|
-
def target_version
|
72
|
-
library? ? @latest_version : @latest_resolvable_version
|
73
|
-
end
|
56
|
+
attr_reader :requirements, :updated_source, :update_strategy,
|
57
|
+
:target_version
|
74
58
|
|
75
59
|
def check_update_strategy
|
76
60
|
return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-cargo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.106.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.106.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.106.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|