dependabot-common 0.326.0 → 0.326.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/dependency_file.rb +12 -2
  3. data/lib/dependabot.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: af0660511361baf03f9ff425ee0bf50981ccc6cc31b352141b190d8aed14b3f1
4
- data.tar.gz: d6ec33f6856d9e6bbcbada71e64b318f728485e8bdd9f1c9acb729eae6deb3ae
3
+ metadata.gz: 3695212089e3d38adf8800ef559aa7a5b7810bbb858cbcb7da59dd892e70dbb7
4
+ data.tar.gz: f85bfcb72c316ce232598fe58ccbf26bb7f567feb7ead474cb9e90bcf83d4948
5
5
  SHA512:
6
- metadata.gz: ad74d68c2cce87d57b0315c8b7d1dc4623b5756d47173b6ab96e7d3006423c48c11ed077ee690633138006f922e483dba29fc2abd7de9f30cfd8849f675fcab1
7
- data.tar.gz: d821725eb6b9ffcb436c27761bcbdabc10279610bbb10e8479595397e8ec9c38ab7ea4d5aadb61d74eb7666ee004e4f1dc558809cb26a2117a7871f79e286dcd
6
+ metadata.gz: 4f60dee3b855b61b43f618b76d9a96f72861f25f2a986ae29e87e65ab19aa6a49c0023390878c1550070acc44d98d861e4acbb26a1f9f006f1c061fb81b09ecb
7
+ data.tar.gz: 41d051c22efaf95ac33638d3fa17b4e6068845c87bbe643f980dac94d99c3bd842b34006a0e9d7a37b3780bc43970d9e371319382124d0803688a5e499b7a126
data/lib/dependabot/dependency_file.rb CHANGED
@@ -28,6 +28,14 @@ module Dependabot
28
28
  sig { returns(T::Boolean) }
29
29
  attr_accessor :vendored_file
30
30
 
31
+ # Dependency file priority is used to determine which files are relevant when generating a dependency graph for the
32
+ # project - only the highest priority files will be graphed for each directory.
33
+ #
34
+ # This allows us to default to treating all dependency files as relevant unless the ecosystem's file parser tells
35
+ # us otherwise, for example indicating that a Gemfile.lock fully supersedes its peered Gemfile.
36
+ sig { returns(Integer) }
37
+ attr_accessor :priority
38
+
31
39
  sig { returns(T.nilable(String)) }
32
40
  attr_accessor :symlink_target
33
41
 
@@ -78,14 +86,15 @@ module Dependabot
78
86
  content_encoding: String,
79
87
  deleted: T::Boolean,
80
88
  operation: String,
81
- mode: T.nilable(String)
89
+ mode: T.nilable(String),
90
+ priority: Integer
82
91
  )
83
92
  .void
84
93
  end
85
94
  def initialize(name:, content:, directory: "/", type: "file",
86
95
  support_file: false, vendored_file: false, symlink_target: nil,
87
96
  content_encoding: ContentEncoding::UTF_8, deleted: false,
88
- operation: Operation::UPDATE, mode: nil)
97
+ operation: Operation::UPDATE, mode: nil, priority: 0)
89
98
  @name = name
90
99
  @content = content
91
100
  @directory = T.let(clean_directory(directory), String)
@@ -96,6 +105,7 @@ module Dependabot
96
105
  @operation = operation
97
106
  @mode = mode
98
107
  @dependencies = T.let(Set.new, T::Set[T.untyped])
108
+ @priority = priority
99
109
  raise ArgumentError, "Invalid Git mode: #{mode}" if mode && !VALID_MODES.include?(mode)
100
110
 
101
111
  # Make deleted override the operation. Deleted is kept when operation
data/lib/dependabot.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
- VERSION = "0.326.0"
5
+ VERSION = "0.326.1"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.326.0
4
+ version: 0.326.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -625,7 +625,7 @@ licenses:
625
625
  - MIT
626
626
  metadata:
627
627
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
628
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.0
628
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.326.1
629
629
  rdoc_options: []
630
630
  require_paths:
631
631
  - lib