dependabot-common 0.123.0 → 0.123.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bf06616b587097abdac55ec205266b02b7a601593d49318defc0240415d49e28
|
|
4
|
+
data.tar.gz: fcb15e0dfd5f07d5836ac4397f2b5ad247593dfd1aca0877299c929329ae5e0d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c0caf4d2b293cfef2049a59e7bee8eb05cb3b2e6ab95168fdfe588fb6fb3e232363f9aaab14e20669440b8af84a23e5442eda65c90b76a7bceb51c52c634cf31
|
|
7
|
+
data.tar.gz: 5e301d79b9fa6fe51dbbdf49e1c901593d4ba796925e131ebad9b6c4258c132849318c311ed557badb8e131e6e46faba3d8ec8f9d51e21d04b0bd930ebeb83fd
|
|
@@ -73,7 +73,7 @@ module Dependabot
|
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
def check_dependencies_have_previous_version
|
|
76
|
-
return if
|
|
76
|
+
return if dependencies.all? { |d| requirements_changed?(d) }
|
|
77
77
|
return if dependencies.all?(&:previous_version)
|
|
78
78
|
|
|
79
79
|
raise "Dependencies must have a previous version or changed " \
|
|
@@ -214,12 +214,6 @@ module Dependabot
|
|
|
214
214
|
)
|
|
215
215
|
end
|
|
216
216
|
|
|
217
|
-
def library?
|
|
218
|
-
return true if files.any? { |file| file.name.end_with?(".gemspec") }
|
|
219
|
-
|
|
220
|
-
dependencies.any? { |d| !d.appears_in_lockfile? }
|
|
221
|
-
end
|
|
222
|
-
|
|
223
217
|
def includes_security_fixes?
|
|
224
218
|
vulnerabilities_fixed.values.flatten.any?
|
|
225
219
|
end
|
|
@@ -165,12 +165,12 @@ module Dependabot
|
|
|
165
165
|
updated_reqs.first[:requirement]
|
|
166
166
|
end
|
|
167
167
|
|
|
168
|
-
# TODO:
|
|
169
|
-
#
|
|
170
|
-
#
|
|
168
|
+
# TODO: Bring this in line with existing library checks that we do in the
|
|
169
|
+
# update checkers, which are also overriden by passing an explicit
|
|
170
|
+
# `requirements_update_strategy`.
|
|
171
|
+
#
|
|
172
|
+
# TODO re-use in MessageBuilder
|
|
171
173
|
def library?
|
|
172
|
-
return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
|
|
173
|
-
|
|
174
174
|
dependencies.any? { |d| !d.appears_in_lockfile? }
|
|
175
175
|
end
|
|
176
176
|
|
|
@@ -459,8 +459,16 @@ module Dependabot
|
|
|
459
459
|
previous_ref(dependency) != new_ref(dependency)
|
|
460
460
|
end
|
|
461
461
|
|
|
462
|
+
# TODO: Bring this in line with existing library checks that we do in the
|
|
463
|
+
# update checkers, which are also overriden by passing an explicit
|
|
464
|
+
# `requirements_update_strategy`.
|
|
465
|
+
#
|
|
466
|
+
# TODO re-use in BranchNamer
|
|
462
467
|
def library?
|
|
463
|
-
|
|
468
|
+
# Reject any nested child gemspecs/vendored git dependencies
|
|
469
|
+
root_files = files.map(&:name).
|
|
470
|
+
select { |p| Pathname.new(p).dirname.to_s == "." }
|
|
471
|
+
return true if root_files.select { |nm| nm.end_with?(".gemspec") }.any?
|
|
464
472
|
|
|
465
473
|
dependencies.any? { |d| previous_version(d).nil? }
|
|
466
474
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.123.
|
|
4
|
+
version: 0.123.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-10-
|
|
11
|
+
date: 2020-10-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-codecommit
|