dependabot-common 0.143.3 → 0.145.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/ignore_condition.rb +26 -32
  3. data/lib/dependabot/config/update_config.rb +4 -3
  4. data/lib/dependabot/pull_request_creator/github.rb +3 -3
  5. data/lib/dependabot/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb8de338ea7c3bb3273bd23ccc824a13d3658cc694f182776b889d3f67414c68
4
- data.tar.gz: 63d9ca895ad038b2ce5d80c3a35bdcb175f8b023e1b09edd85a55d7c387c0609
3
+ metadata.gz: 7b86579e2112d65ed03954f5590dc1dec848a75d78466533af0071a127990d86
4
+ data.tar.gz: 19166a908570f73192e56aaf4cafc6217f324170639798a1ee2b90866db6834c
5
5
  SHA512:
6
- metadata.gz: 7850b7c2b9b02b76453f40347a79e5afca046d295a2ae160c27ec11dd05efc9359d34414ed4e28be46b7678aa8d47abbd8ecb24643cb3cc86573c88d979e7334
7
- data.tar.gz: 34110bdb90cb8fef78980ccb724f98c21753f2bce36be8bca3b5896671daa19e756b4430ff24864fbb35ac2caaa57fdaa67a0f84ba0d1cbb54e0baf8b880160e
6
+ metadata.gz: 31ec99470bd79837c1779aca0c7a15d386b9bcf205de6ca7657412362fd9036b472a2ff918c4209ef17ae23795e5dc987600d39a1092227b5ce4caed08ac7556
7
+ data.tar.gz: 0c8a847875ec3a67dd84dd4113a4044888ed6e529298e503ef6941784cae1f498dd88bfe3a159b36f5d9a8d4a1d567f94a731ae40e1c0b397cd853ace39683cb
data/lib/dependabot/config/ignore_condition.rb CHANGED
@@ -18,7 +18,8 @@ module Dependabot
18
18
  @update_types = update_types || []
19
19
  end
20
20
 
21
- def ignored_versions(dependency)
21
+ def ignored_versions(dependency, security_updates_only)
22
+ return versions if security_updates_only
22
23
  return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
23
24
 
24
25
  versions_by_type(dependency) + versions
@@ -31,6 +32,8 @@ module Dependabot
31
32
  end
32
33
 
33
34
  def versions_by_type(dependency)
35
+ return [] unless dependency.version
36
+
34
37
  transformed_update_types.flat_map do |t|
35
38
  case t
36
39
  when PATCH_VERSION_TYPE
@@ -46,53 +49,44 @@ module Dependabot
46
49
  end
47
50
 
48
51
  def ignore_patch(version)
49
- parts = version.split(".")
50
- return [] unless parts.size > 2
52
+ return [] unless rubygems_compatible?(version)
51
53
 
52
- lower_parts = parts.first(2) + ["a"]
53
- upper_parts = parts.first(2)
54
- upper_parts[1] = upper_parts[1].to_i + 1
55
- lower_bound = ">= #{lower_parts.join('.')}"
54
+ parts = version.split(".")
55
+ version_parts = parts.fill(0, parts.length...2)
56
+ upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
57
+ lower_bound = "> #{version}"
56
58
  upper_bound = "< #{upper_parts.join('.')}"
59
+
57
60
  ["#{lower_bound}, #{upper_bound}"]
58
61
  end
59
62
 
60
63
  def ignore_minor(version)
61
- parts = version.split(".")
62
- return [] if parts.size < 2
63
-
64
- if Gem::Version.correct?(version)
65
- lower_parts = parts.first(2) + ["a"]
66
- upper_parts = parts.first(1)
67
- lower_parts[1] = lower_parts[1].to_i + 1
68
- upper_parts[0] = upper_parts[0].to_i + 1
69
- else
70
- lower_parts = parts.first(1) + ["a"]
71
- upper_parts = parts.first(1)
72
- begin
73
- upper_parts[0] = Integer(upper_parts[0]) + 1
74
- rescue ArgumentError
75
- upper_parts.push(999_999)
76
- end
77
- end
64
+ return [] unless rubygems_compatible?(version)
78
65
 
66
+ parts = version.split(".")
67
+ version_parts = parts.fill(0, parts.length...2)
68
+ lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
69
+ upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
79
70
  lower_bound = ">= #{lower_parts.join('.')}"
80
71
  upper_bound = "< #{upper_parts.join('.')}"
72
+
81
73
  ["#{lower_bound}, #{upper_bound}"]
82
74
  end
83
75
 
84
76
  def ignore_major(version)
85
- parts = version.split(".")
86
- return [] unless parts.size > 1
77
+ return [] unless rubygems_compatible?(version)
87
78
 
88
- lower_parts = parts.first(1) + ["a"]
89
- upper_parts = parts.first(1)
90
- lower_parts[0] = lower_parts[0].to_i + 1
91
- upper_parts[0] = upper_parts[0].to_i + 2
79
+ version_parts = version.split(".")
80
+ lower_parts = [version_parts[0].to_i + 1] + ["a"]
92
81
  lower_bound = ">= #{lower_parts.join('.')}"
93
- upper_bound = "< #{upper_parts.join('.')}"
94
82
 
95
- ["#{lower_bound}, #{upper_bound}"]
83
+ [lower_bound]
84
+ end
85
+
86
+ def rubygems_compatible?(version)
87
+ return false if version.nil? || version.empty?
88
+
89
+ Gem::Version.correct?(version)
96
90
  end
97
91
  end
98
92
  end
data/lib/dependabot/config/update_config.rb CHANGED
@@ -12,12 +12,13 @@ module Dependabot
12
12
  @commit_message_options = commit_message_options
13
13
  end
14
14
 
15
- def ignored_versions_for(dependency)
15
+ def ignored_versions_for(dependency, security_updates_only: false)
16
16
  normalizer = name_normaliser_for(dependency)
17
- dep_name = name_normaliser_for(dependency).call(dependency.name)
17
+ dep_name = normalizer.call(dependency.name)
18
+
18
19
  @ignore_conditions.
19
20
  select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
20
- map { |ic| ic.ignored_versions(dependency) }.
21
+ map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
21
22
  flatten.
22
23
  compact.
23
24
  uniq
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -226,12 +226,12 @@ module Dependabot
226
226
  end
227
227
 
228
228
  def create_branch(commit)
229
- ref = "heads/#{branch_name}"
229
+ ref = "refs/heads/#{branch_name}"
230
230
 
231
231
  begin
232
232
  branch =
233
233
  github_client_for_source.create_ref(source.repo, ref, commit.sha)
234
- @branch_name = ref.gsub(%r{^heads/}, "")
234
+ @branch_name = ref.gsub(%r{^refs/heads/}, "")
235
235
  branch
236
236
  rescue Octokit::UnprocessableEntity => e
237
237
  # Return quietly in the case of a race
@@ -244,7 +244,7 @@ module Dependabot
244
244
 
245
245
  # Branch creation will fail if a branch called `dependabot` already
246
246
  # exists, since git won't be able to create a dir with the same name
247
- ref = "heads/#{SecureRandom.hex[0..3] + branch_name}"
247
+ ref = "refs/heads/#{SecureRandom.hex[0..3] + branch_name}"
248
248
  retry
249
249
  end
250
250
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.143.3"
4
+ VERSION = "0.145.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.143.3
4
+ version: 0.145.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-23 00:00:00.000000000 Z
11
+ date: 2021-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport