dependabot-common 0.210.0 → 0.211.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e1b0e492dee111c834810de7850faa8a0bb5150e281d5eb32e8b44802f2be1f
|
|
4
|
+
data.tar.gz: 2c9c14aeb59e0d6c33b1630c5425529dff45624f9b1657390ae644dd8d0abbbf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 821283e91686501710d6146944b8b10f559cd7ed9e0084edfc5176027083c24b26918a273c823f5fd829f575d5e1a29ead356db403307ba0e36147de30e9e3de
|
|
7
|
+
data.tar.gz: 768791aeb20b739bd36d4b788164f5d9e11f096879b7ac517cc4fbaa81462f58e1e1cb1d03a8fce5183b0af4da2ac5458a482dc31ee36cc6d5bf09697300c5ef
|
|
@@ -41,7 +41,7 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
43
43
|
previous_version: nil, previous_requirements: nil,
|
|
44
|
-
subdependency_metadata: [])
|
|
44
|
+
subdependency_metadata: [], removed: false)
|
|
45
45
|
@name = name
|
|
46
46
|
@version = version
|
|
47
47
|
@requirements = requirements.map { |req| symbolize_keys(req) }
|
|
@@ -53,6 +53,7 @@ module Dependabot
|
|
|
53
53
|
@subdependency_metadata = subdependency_metadata&.
|
|
54
54
|
map { |h| symbolize_keys(h) }
|
|
55
55
|
end
|
|
56
|
+
@removed = removed
|
|
56
57
|
|
|
57
58
|
check_values
|
|
58
59
|
end
|
|
@@ -61,6 +62,10 @@ module Dependabot
|
|
|
61
62
|
requirements.any?
|
|
62
63
|
end
|
|
63
64
|
|
|
65
|
+
def removed?
|
|
66
|
+
@removed
|
|
67
|
+
end
|
|
68
|
+
|
|
64
69
|
def to_h
|
|
65
70
|
{
|
|
66
71
|
"name" => name,
|
|
@@ -69,7 +74,8 @@ module Dependabot
|
|
|
69
74
|
"previous_version" => previous_version,
|
|
70
75
|
"previous_requirements" => previous_requirements,
|
|
71
76
|
"package_manager" => package_manager,
|
|
72
|
-
"subdependency_metadata" => subdependency_metadata
|
|
77
|
+
"subdependency_metadata" => subdependency_metadata,
|
|
78
|
+
"removed" => removed? ? true : nil
|
|
73
79
|
}.compact
|
|
74
80
|
end
|
|
75
81
|
|
|
@@ -293,10 +293,14 @@ module Dependabot
|
|
|
293
293
|
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
|
|
294
294
|
|
|
295
295
|
dependencies.map do |dep|
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
296
|
+
if dep.removed?
|
|
297
|
+
"\n\nRemoves `#{dep.display_name}`"
|
|
298
|
+
else
|
|
299
|
+
"\n\nUpdates `#{dep.display_name}` "\
|
|
300
|
+
"#{from_version_msg(previous_version(dep))}to "\
|
|
301
|
+
"#{new_version(dep)}"\
|
|
302
|
+
"#{metadata_links_for_dep(dep)}"
|
|
303
|
+
end
|
|
300
304
|
end.join
|
|
301
305
|
end
|
|
302
306
|
|
|
@@ -313,9 +317,13 @@ module Dependabot
|
|
|
313
317
|
return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
|
|
314
318
|
|
|
315
319
|
dependencies.map do |dep|
|
|
316
|
-
msg =
|
|
317
|
-
|
|
318
|
-
|
|
320
|
+
msg = if dep.removed?
|
|
321
|
+
"\nRemoves `#{dep.display_name}`"
|
|
322
|
+
else
|
|
323
|
+
"\nUpdates `#{dep.display_name}` "\
|
|
324
|
+
"#{from_version_msg(previous_version(dep))}"\
|
|
325
|
+
"to #{new_version(dep)}"
|
|
326
|
+
end
|
|
319
327
|
|
|
320
328
|
if vulnerabilities_fixed[dep.name]&.one?
|
|
321
329
|
msg += " **This update includes a security fix.**"
|
|
@@ -328,6 +336,8 @@ module Dependabot
|
|
|
328
336
|
end
|
|
329
337
|
|
|
330
338
|
def metadata_cascades_for_dep(dependency)
|
|
339
|
+
return "" if dependency.removed?
|
|
340
|
+
|
|
331
341
|
MetadataPresenter.new(
|
|
332
342
|
dependency: dependency,
|
|
333
343
|
source: source,
|
|
@@ -62,6 +62,9 @@ module Dependabot
|
|
|
62
62
|
# Ignore deps that weren't previously vulnerable
|
|
63
63
|
return false unless affects_version?(dependency.previous_version)
|
|
64
64
|
|
|
65
|
+
# Removing a dependency is a way to fix the vulnerability
|
|
66
|
+
return true if dependency.removed?
|
|
67
|
+
|
|
65
68
|
# Select deps that are now fixed
|
|
66
69
|
!affects_version?(dependency.version)
|
|
67
70
|
end
|
data/lib/dependabot/version.rb
CHANGED