dependabot-common 0.210.0 → 0.211.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7369765c3ef555fff544754deaaa6799522339a173a04bfded0c396761dcf01c
4
- data.tar.gz: 9559d1cfbe38f273223ba271e5efc2257ae48998e52d7792ceaab0ce07d01367
3
+ metadata.gz: 6e1b0e492dee111c834810de7850faa8a0bb5150e281d5eb32e8b44802f2be1f
4
+ data.tar.gz: 2c9c14aeb59e0d6c33b1630c5425529dff45624f9b1657390ae644dd8d0abbbf
5
5
  SHA512:
6
- metadata.gz: 8ff7f02f8a6303c8a231ea2a36d46b1539bd188a53bbe6c4cd3be6c3d42ff35004b02e8de392b6adaf20cf589b7796cff504144bdc0112e477b24dada73ea037
7
- data.tar.gz: eea82aeb98e253cc8a101e1358a21454787d2c3b9ce510b7d39ea84b5c819bfa9a82e5d694e7765072e61fe5ed37018bf13ab72e661082916e48f0445fbd495c
6
+ metadata.gz: 821283e91686501710d6146944b8b10f559cd7ed9e0084edfc5176027083c24b26918a273c823f5fd829f575d5e1a29ead356db403307ba0e36147de30e9e3de
7
+ data.tar.gz: 768791aeb20b739bd36d4b788164f5d9e11f096879b7ac517cc4fbaa81462f58e1e1cb1d03a8fce5183b0af4da2ac5458a482dc31ee36cc6d5bf09697300c5ef
@@ -41,7 +41,7 @@ module Dependabot
41
41
 
42
42
  def initialize(name:, requirements:, package_manager:, version: nil,
43
43
  previous_version: nil, previous_requirements: nil,
44
- subdependency_metadata: [])
44
+ subdependency_metadata: [], removed: false)
45
45
  @name = name
46
46
  @version = version
47
47
  @requirements = requirements.map { |req| symbolize_keys(req) }
@@ -53,6 +53,7 @@ module Dependabot
53
53
  @subdependency_metadata = subdependency_metadata&.
54
54
  map { |h| symbolize_keys(h) }
55
55
  end
56
+ @removed = removed
56
57
 
57
58
  check_values
58
59
  end
@@ -61,6 +62,10 @@ module Dependabot
61
62
  requirements.any?
62
63
  end
63
64
 
65
+ def removed?
66
+ @removed
67
+ end
68
+
64
69
  def to_h
65
70
  {
66
71
  "name" => name,
@@ -69,7 +74,8 @@ module Dependabot
69
74
  "previous_version" => previous_version,
70
75
  "previous_requirements" => previous_requirements,
71
76
  "package_manager" => package_manager,
72
- "subdependency_metadata" => subdependency_metadata
77
+ "subdependency_metadata" => subdependency_metadata,
78
+ "removed" => removed? ? true : nil
73
79
  }.compact
74
80
  end
75
81
 
@@ -293,10 +293,14 @@ module Dependabot
293
293
  return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
294
294
 
295
295
  dependencies.map do |dep|
296
- "\n\nUpdates `#{dep.display_name}` "\
297
- "#{from_version_msg(previous_version(dep))}to "\
298
- "#{new_version(dep)}"\
299
- "#{metadata_links_for_dep(dep)}"
296
+ if dep.removed?
297
+ "\n\nRemoves `#{dep.display_name}`"
298
+ else
299
+ "\n\nUpdates `#{dep.display_name}` "\
300
+ "#{from_version_msg(previous_version(dep))}to "\
301
+ "#{new_version(dep)}"\
302
+ "#{metadata_links_for_dep(dep)}"
303
+ end
300
304
  end.join
301
305
  end
302
306
 
@@ -313,9 +317,13 @@ module Dependabot
313
317
  return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
314
318
 
315
319
  dependencies.map do |dep|
316
- msg = "\nUpdates `#{dep.display_name}` "\
317
- "#{from_version_msg(previous_version(dep))}"\
318
- "to #{new_version(dep)}"
320
+ msg = if dep.removed?
321
+ "\nRemoves `#{dep.display_name}`"
322
+ else
323
+ "\nUpdates `#{dep.display_name}` "\
324
+ "#{from_version_msg(previous_version(dep))}"\
325
+ "to #{new_version(dep)}"
326
+ end
319
327
 
320
328
  if vulnerabilities_fixed[dep.name]&.one?
321
329
  msg += " **This update includes a security fix.**"
@@ -328,6 +336,8 @@ module Dependabot
328
336
  end
329
337
 
330
338
  def metadata_cascades_for_dep(dependency)
339
+ return "" if dependency.removed?
340
+
331
341
  MetadataPresenter.new(
332
342
  dependency: dependency,
333
343
  source: source,
@@ -62,6 +62,9 @@ module Dependabot
62
62
  # Ignore deps that weren't previously vulnerable
63
63
  return false unless affects_version?(dependency.previous_version)
64
64
 
65
+ # Removing a dependency is a way to fix the vulnerability
66
+ return true if dependency.removed?
67
+
65
68
  # Select deps that are now fixed
66
69
  !affects_version?(dependency.version)
67
70
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.210.0"
4
+ VERSION = "0.211.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.210.0
4
+ version: 0.211.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot