dependabot-common 0.111.44 → 0.111.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/dependency.rb +24 -3
- data/lib/dependabot/file_parsers/base/dependency_set.rb +6 -8
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a45971fdc7d2a17e0c712a72f70338a43103f75080c607f1c48c881a4f8d3769
|
|
4
|
+
data.tar.gz: 1757ca960513d5183a16f15b2136915eb4dba362fe6503386073c3bfd25ad2e8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 521ba407169aa3ec3f4af5772e63a8c1f02cec240e26ace8befb2a17e6bbd1127e548a85d9752fdd0db089a6870167e635b00b4988b5af47339d00693b59afcc
|
|
7
|
+
data.tar.gz: f9f31fe3e9312614d73f4aaa8f7b78bbd33d1e9c4b44c85cd7029a9367d9a4df3ff7f111901a82f877cba0b92b121d021a70c714627db1552b919ec084ba6f80
|
|
@@ -41,7 +41,7 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
43
43
|
previous_version: nil, previous_requirements: nil,
|
|
44
|
-
subdependency_metadata:
|
|
44
|
+
subdependency_metadata: [])
|
|
45
45
|
@name = name
|
|
46
46
|
@version = version
|
|
47
47
|
@requirements = requirements.map { |req| symbolize_keys(req) }
|
|
@@ -49,7 +49,10 @@ module Dependabot
|
|
|
49
49
|
@previous_requirements =
|
|
50
50
|
previous_requirements&.map { |req| symbolize_keys(req) }
|
|
51
51
|
@package_manager = package_manager
|
|
52
|
-
|
|
52
|
+
unless top_level? || subdependency_metadata == []
|
|
53
|
+
@subdependency_metadata = subdependency_metadata&.
|
|
54
|
+
map { |h| symbolize_keys(h) }
|
|
55
|
+
end
|
|
53
56
|
|
|
54
57
|
check_values
|
|
55
58
|
end
|
|
@@ -75,7 +78,7 @@ module Dependabot
|
|
|
75
78
|
end
|
|
76
79
|
|
|
77
80
|
def production?
|
|
78
|
-
return
|
|
81
|
+
return subdependency_production_check unless top_level?
|
|
79
82
|
|
|
80
83
|
groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
|
|
81
84
|
|
|
@@ -84,6 +87,10 @@ module Dependabot
|
|
|
84
87
|
call(groups)
|
|
85
88
|
end
|
|
86
89
|
|
|
90
|
+
def subdependency_production_check
|
|
91
|
+
!subdependency_metadata&.all? { |h| h[:production] == false }
|
|
92
|
+
end
|
|
93
|
+
|
|
87
94
|
def display_name
|
|
88
95
|
display_name_builder =
|
|
89
96
|
self.class.display_name_builder_for_package_manager(package_manager)
|
|
@@ -111,6 +118,11 @@ module Dependabot
|
|
|
111
118
|
raise ArgumentError, "blank strings must not be provided as versions"
|
|
112
119
|
end
|
|
113
120
|
|
|
121
|
+
check_requirement_fields
|
|
122
|
+
check_subdependency_metadata
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
def check_requirement_fields
|
|
114
126
|
requirement_fields = [requirements, previous_requirements].compact
|
|
115
127
|
unless requirement_fields.all? { |r| r.is_a?(Array) } &&
|
|
116
128
|
requirement_fields.flatten.all? { |r| r.is_a?(Hash) }
|
|
@@ -132,6 +144,15 @@ module Dependabot
|
|
|
132
144
|
raise ArgumentError, "blank strings must not be provided as requirements"
|
|
133
145
|
end
|
|
134
146
|
|
|
147
|
+
def check_subdependency_metadata
|
|
148
|
+
return unless subdependency_metadata
|
|
149
|
+
|
|
150
|
+
unless subdependency_metadata.is_a?(Array) &&
|
|
151
|
+
subdependency_metadata.all? { |r| r.is_a?(Hash) }
|
|
152
|
+
raise ArgumentError, "subdependency_metadata must be an array of hashes"
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
|
|
135
156
|
def symbolize_keys(hash)
|
|
136
157
|
Hash[hash.keys.map { |k| [k.to_sym, hash[k]] }]
|
|
137
158
|
end
|
|
@@ -78,12 +78,10 @@ module Dependabot
|
|
|
78
78
|
else new_dep.version
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
-
|
|
82
|
-
subdependency_metadata
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
subdependency_metadata = new_dep.subdependency_metadata
|
|
86
|
-
end
|
|
81
|
+
subdependency_metadata = (
|
|
82
|
+
(old_dep.subdependency_metadata || []) +
|
|
83
|
+
(new_dep.subdependency_metadata || [])
|
|
84
|
+
).uniq
|
|
87
85
|
|
|
88
86
|
Dependency.new(
|
|
89
87
|
name: old_dep.name,
|
|
@@ -93,9 +91,9 @@ module Dependabot
|
|
|
93
91
|
subdependency_metadata: subdependency_metadata
|
|
94
92
|
)
|
|
95
93
|
end
|
|
96
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
97
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
|
98
94
|
# rubocop:enable Metrics/AbcSize
|
|
95
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
96
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
99
97
|
end
|
|
100
98
|
end
|
|
101
99
|
end
|
data/lib/dependabot/version.rb
CHANGED