dependabot-common 0.108.16 → 0.108.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency.rb +8 -4
- data/lib/dependabot/file_parsers/base/dependency_set.rb +15 -1
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b104c6fea1ac38e48f4fd43c26eb145aaaf483e1ac89d12ed84b73925acb0cd8
|
|
4
|
+
data.tar.gz: 7be92dfffc8cb5c254df6348a8fa94c1f626851ef2b8474030b24b87fa3a7e8e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51d85f77bb457af3ef71063d0a11ccda9d6d1830313afd63feb873ad019005548ce03bd1aa105bbbabe9a8a2182add39bbc16617febfd7f70238fe6765fccc9b
|
|
7
|
+
data.tar.gz: '068bcaddd580e1d6dae0c66798f6a4b0acf0892ff01aa72eaa7e7950090fc606f61d29b27ce8b3eb842927c91d9c3fe5a23d0c5a0050c71e2fcb1694a0abd9ad'
|
|
@@ -27,10 +27,12 @@ module Dependabot
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
attr_reader :name, :version, :requirements, :package_manager,
|
|
30
|
-
:previous_version, :previous_requirements
|
|
30
|
+
:previous_version, :previous_requirements,
|
|
31
|
+
:subdependency_metadata
|
|
31
32
|
|
|
32
33
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
33
|
-
previous_version: nil, previous_requirements: nil
|
|
34
|
+
previous_version: nil, previous_requirements: nil,
|
|
35
|
+
subdependency_metadata: nil)
|
|
34
36
|
@name = name
|
|
35
37
|
@version = version
|
|
36
38
|
@requirements = requirements.map { |req| symbolize_keys(req) }
|
|
@@ -38,6 +40,7 @@ module Dependabot
|
|
|
38
40
|
@previous_requirements =
|
|
39
41
|
previous_requirements&.map { |req| symbolize_keys(req) }
|
|
40
42
|
@package_manager = package_manager
|
|
43
|
+
@subdependency_metadata = subdependency_metadata unless top_level?
|
|
41
44
|
|
|
42
45
|
check_values
|
|
43
46
|
end
|
|
@@ -53,8 +56,9 @@ module Dependabot
|
|
|
53
56
|
"requirements" => requirements,
|
|
54
57
|
"previous_version" => previous_version,
|
|
55
58
|
"previous_requirements" => previous_requirements,
|
|
56
|
-
"package_manager" => package_manager
|
|
57
|
-
|
|
59
|
+
"package_manager" => package_manager,
|
|
60
|
+
"subdependency_metadata" => subdependency_metadata
|
|
61
|
+
}.compact
|
|
58
62
|
end
|
|
59
63
|
|
|
60
64
|
def appears_in_lockfile?
|
|
@@ -60,6 +60,9 @@ module Dependabot
|
|
|
60
60
|
dependencies.find { |d| d.name&.downcase == name&.downcase }
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
+
# rubocop:disable Metrics/AbcSize
|
|
64
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
65
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
63
66
|
def combined_dependency(old_dep, new_dep)
|
|
64
67
|
package_manager = old_dep.package_manager
|
|
65
68
|
v_cls = Utils.version_class_for_package_manager(package_manager)
|
|
@@ -75,13 +78,24 @@ module Dependabot
|
|
|
75
78
|
else new_dep.version
|
|
76
79
|
end
|
|
77
80
|
|
|
81
|
+
if old_dep.subdependency_metadata
|
|
82
|
+
subdependency_metadata = old_dep.subdependency_metadata.
|
|
83
|
+
merge(new_dep.subdependency_metadata || {})
|
|
84
|
+
elsif new_dep.subdependency_metadata
|
|
85
|
+
subdependency_metadata = new_dep.subdependency_metadata
|
|
86
|
+
end
|
|
87
|
+
|
|
78
88
|
Dependency.new(
|
|
79
89
|
name: old_dep.name,
|
|
80
90
|
version: new_version,
|
|
81
91
|
requirements: (old_dep.requirements + new_dep.requirements).uniq,
|
|
82
|
-
package_manager: package_manager
|
|
92
|
+
package_manager: package_manager,
|
|
93
|
+
subdependency_metadata: subdependency_metadata
|
|
83
94
|
)
|
|
84
95
|
end
|
|
96
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
97
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
98
|
+
# rubocop:enable Metrics/AbcSize
|
|
85
99
|
end
|
|
86
100
|
end
|
|
87
101
|
end
|
data/lib/dependabot/version.rb
CHANGED