dependabot-common 0.145.2 → 0.147.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ac0eb6a686627e7b673437c5c1da1752c604c1d4efc639c10f20d45afc2476c
-  data.tar.gz: e723d56fac036d1ceaffc0c6bf80ea9dddca274de51ead1c97dd3a4c1ad9b429
+  metadata.gz: 51c62db1008c6a6b0be171942883dbb464f0014fed382fae7267bc2b0c926765
+  data.tar.gz: 76c18bea324cd9f2ac42eccb8e0e0f41751d48a770cc37b9389daaee0674be2a
 SHA512:
-  metadata.gz: 63058f60bf2d7f8697dcab17608f59dfccd5950cac1e68f61d44411d0854179e8de14508a77a885c29a6a06d4d7ac47d77d23772a476014b8400e78ad5c04f2e
-  data.tar.gz: b9e36648341f0b0afa36bc3106ef5c3e090243186831ca1f37400719d0da653eb366d30fd7deff1fa6c9ab20cb3a86d32758626e77f17b08e9e500e508de8b15
+  metadata.gz: d5260d7ee42ffb5ecf8488b06b765a25584f48e99d61a2d08c0c28835561b7f2d7f3acf9e621d9188256cebbb9f4ab44c53b82c28e3110fd2feef19931f4be1e
+  data.tar.gz: 7e1e91c215dcf7fffb90a823ea0fab340662e429a04131a6aba3f02460f3cf53923794131933eb003f66bfc580f80d0f6b374bfa31f99fde35e8a3f16bdcc534

data/lib/dependabot/git_commit_checker.rb

@@ -60,10 +60,10 @@ module Dependabot
     end
 
     def pinned_ref_looks_like_commit_sha?
-      return false unless pinned?
-
       ref = dependency_source_details.fetch(:ref)
-      return false unless ref.match?(/^[0-9a-f]{6,40}$/)
+      return false unless ref&.match?(/^[0-9a-f]{6,40}$/)
+
+      return false unless pinned?
 
       local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
     end
@@ -87,13 +87,16 @@ module Dependabot
     end
 
     # rubocop:disable Metrics/PerceivedComplexity
+    # rubocop:disable Metrics/AbcSize
     def local_tag_for_latest_version
       tags =
         local_tags.
         select { |t| version_tag?(t.name) && matches_existing_prefix?(t.name) }
       filtered = tags.
                  reject { |t| tag_included_in_ignore_requirements?(t) }
-      raise Dependabot::AllVersionsIgnored if @raise_on_ignored && tags.any? && filtered.empty?
+      if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(tags).any?
+        raise Dependabot::AllVersionsIgnored
+      end
 
       tag = filtered.
             reject { |t| tag_is_prerelease?(t) && !wants_prerelease? }.
@@ -113,8 +116,40 @@ module Dependabot
         tag_sha: tag.tag_sha
       }
     end
+    # rubocop:enable Metrics/AbcSize
     # rubocop:enable Metrics/PerceivedComplexity
 
+    def current_version
+      return unless dependency.version && version_tag?(dependency.version)
+
+      version = dependency.version.match(VERSION_REGEX).named_captures.fetch("version")
+      version_class.new(version)
+    end
+
+    def filter_lower_versions(tags)
+      return tags unless current_version
+
+      versions = tags.map do |t|
+        version = t.name.match(VERSION_REGEX).named_captures.fetch("version")
+        version_class.new(version)
+      end
+
+      versions.select do |version|
+        version > current_version
+      end
+    end
+
+    def local_tag_for_pinned_version
+      return unless pinned?
+
+      ref = dependency_source_details.fetch(:ref)
+      tags = local_tags.select { |t| t.commit_sha == ref && version_class.correct?(t.name) }.
+             sort_by { |t| version_class.new(t.name) }
+      return if tags.empty?
+
+      tags[-1].name
+    end
+
     def git_repo_reachable?
       local_upload_pack
       true

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.145.2"
+  VERSION = "0.147.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.145.2
+  version: 0.147.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-07 00:00:00.000000000 Z
+date: 2021-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport