dependabot-common 0.143.3 → 0.145.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/config/ignore_condition.rb +26 -32
  3. data/lib/dependabot/config/update_config.rb +4 -3
  4. data/lib/dependabot/pull_request_creator/github.rb +3 -3
  5. data/lib/dependabot/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb8de338ea7c3bb3273bd23ccc824a13d3658cc694f182776b889d3f67414c68
4
- data.tar.gz: 63d9ca895ad038b2ce5d80c3a35bdcb175f8b023e1b09edd85a55d7c387c0609
3
+ metadata.gz: 7b86579e2112d65ed03954f5590dc1dec848a75d78466533af0071a127990d86
4
+ data.tar.gz: 19166a908570f73192e56aaf4cafc6217f324170639798a1ee2b90866db6834c
5
5
  SHA512:
6
- metadata.gz: 7850b7c2b9b02b76453f40347a79e5afca046d295a2ae160c27ec11dd05efc9359d34414ed4e28be46b7678aa8d47abbd8ecb24643cb3cc86573c88d979e7334
7
- data.tar.gz: 34110bdb90cb8fef78980ccb724f98c21753f2bce36be8bca3b5896671daa19e756b4430ff24864fbb35ac2caaa57fdaa67a0f84ba0d1cbb54e0baf8b880160e
6
+ metadata.gz: 31ec99470bd79837c1779aca0c7a15d386b9bcf205de6ca7657412362fd9036b472a2ff918c4209ef17ae23795e5dc987600d39a1092227b5ce4caed08ac7556
7
+ data.tar.gz: 0c8a847875ec3a67dd84dd4113a4044888ed6e529298e503ef6941784cae1f498dd88bfe3a159b36f5d9a8d4a1d567f94a731ae40e1c0b397cd853ace39683cb
data/lib/dependabot/config/ignore_condition.rb CHANGED
@@ -18,7 +18,8 @@ module Dependabot
18
18
  @update_types = update_types || []
19
19
  end
20
20
 
21
- def ignored_versions(dependency)
21
+ def ignored_versions(dependency, security_updates_only)
22
+ return versions if security_updates_only
22
23
  return [ALL_VERSIONS] if versions.empty? && transformed_update_types.empty?
23
24
 
24
25
  versions_by_type(dependency) + versions
@@ -31,6 +32,8 @@ module Dependabot
31
32
  end
32
33
 
33
34
  def versions_by_type(dependency)
35
+ return [] unless dependency.version
36
+
34
37
  transformed_update_types.flat_map do |t|
35
38
  case t
36
39
  when PATCH_VERSION_TYPE
@@ -46,53 +49,44 @@ module Dependabot
46
49
  end
47
50
 
48
51
  def ignore_patch(version)
49
- parts = version.split(".")
50
- return [] unless parts.size > 2
52
+ return [] unless rubygems_compatible?(version)
51
53
 
52
- lower_parts = parts.first(2) + ["a"]
53
- upper_parts = parts.first(2)
54
- upper_parts[1] = upper_parts[1].to_i + 1
55
- lower_bound = ">= #{lower_parts.join('.')}"
54
+ parts = version.split(".")
55
+ version_parts = parts.fill(0, parts.length...2)
56
+ upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1]
57
+ lower_bound = "> #{version}"
56
58
  upper_bound = "< #{upper_parts.join('.')}"
59
+
57
60
  ["#{lower_bound}, #{upper_bound}"]
58
61
  end
59
62
 
60
63
  def ignore_minor(version)
61
- parts = version.split(".")
62
- return [] if parts.size < 2
63
-
64
- if Gem::Version.correct?(version)
65
- lower_parts = parts.first(2) + ["a"]
66
- upper_parts = parts.first(1)
67
- lower_parts[1] = lower_parts[1].to_i + 1
68
- upper_parts[0] = upper_parts[0].to_i + 1
69
- else
70
- lower_parts = parts.first(1) + ["a"]
71
- upper_parts = parts.first(1)
72
- begin
73
- upper_parts[0] = Integer(upper_parts[0]) + 1
74
- rescue ArgumentError
75
- upper_parts.push(999_999)
76
- end
77
- end
64
+ return [] unless rubygems_compatible?(version)
78
65
 
66
+ parts = version.split(".")
67
+ version_parts = parts.fill(0, parts.length...2)
68
+ lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"]
69
+ upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1]
79
70
  lower_bound = ">= #{lower_parts.join('.')}"
80
71
  upper_bound = "< #{upper_parts.join('.')}"
72
+
81
73
  ["#{lower_bound}, #{upper_bound}"]
82
74
  end
83
75
 
84
76
  def ignore_major(version)
85
- parts = version.split(".")
86
- return [] unless parts.size > 1
77
+ return [] unless rubygems_compatible?(version)
87
78
 
88
- lower_parts = parts.first(1) + ["a"]
89
- upper_parts = parts.first(1)
90
- lower_parts[0] = lower_parts[0].to_i + 1
91
- upper_parts[0] = upper_parts[0].to_i + 2
79
+ version_parts = version.split(".")
80
+ lower_parts = [version_parts[0].to_i + 1] + ["a"]
92
81
  lower_bound = ">= #{lower_parts.join('.')}"
93
- upper_bound = "< #{upper_parts.join('.')}"
94
82
 
95
- ["#{lower_bound}, #{upper_bound}"]
83
+ [lower_bound]
84
+ end
85
+
86
+ def rubygems_compatible?(version)
87
+ return false if version.nil? || version.empty?
88
+
89
+ Gem::Version.correct?(version)
96
90
  end
97
91
  end
98
92
  end
data/lib/dependabot/config/update_config.rb CHANGED
@@ -12,12 +12,13 @@ module Dependabot
12
12
  @commit_message_options = commit_message_options
13
13
  end
14
14
 
15
- def ignored_versions_for(dependency)
15
+ def ignored_versions_for(dependency, security_updates_only: false)
16
16
  normalizer = name_normaliser_for(dependency)
17
- dep_name = name_normaliser_for(dependency).call(dependency.name)
17
+ dep_name = normalizer.call(dependency.name)
18
+
18
19
  @ignore_conditions.
19
20
  select { |ic| self.class.wildcard_match?(normalizer.call(ic.dependency_name), dep_name) }.
20
- map { |ic| ic.ignored_versions(dependency) }.
21
+ map { |ic| ic.ignored_versions(dependency, security_updates_only) }.
21
22
  flatten.
22
23
  compact.
23
24
  uniq
data/lib/dependabot/pull_request_creator/github.rb CHANGED
@@ -226,12 +226,12 @@ module Dependabot
226
226
  end
227
227
 
228
228
  def create_branch(commit)
229
- ref = "heads/#{branch_name}"
229
+ ref = "refs/heads/#{branch_name}"
230
230
 
231
231
  begin
232
232
  branch =
233
233
  github_client_for_source.create_ref(source.repo, ref, commit.sha)
234
- @branch_name = ref.gsub(%r{^heads/}, "")
234
+ @branch_name = ref.gsub(%r{^refs/heads/}, "")
235
235
  branch
236
236
  rescue Octokit::UnprocessableEntity => e
237
237
  # Return quietly in the case of a race
@@ -244,7 +244,7 @@ module Dependabot
244
244
 
245
245
  # Branch creation will fail if a branch called `dependabot` already
246
246
  # exists, since git won't be able to create a dir with the same name
247
- ref = "heads/#{SecureRandom.hex[0..3] + branch_name}"
247
+ ref = "refs/heads/#{SecureRandom.hex[0..3] + branch_name}"
248
248
  retry
249
249
  end
250
250
  end
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.143.3"
4
+ VERSION = "0.145.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.143.3
4
+ version: 0.145.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-23 00:00:00.000000000 Z
11
+ date: 2021-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport