dependabot-common 0.112.9 → 0.112.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd7eb33e16f8ff1807f09f20ed43ab05a0698ab0f7c120e47048aa3e44525dcc
|
|
4
|
+
data.tar.gz: 8a3c5defc616266504e0b01c4f751d69416155837902bf4dad4458c4c189e751
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: efd76369fdf023e2b458855a1ad2ad87fb08069e2c63763c0d1a717d1c8d6d3ec0f75205d3d8dd86d83dd759fd019c6efd35a870186c246427dc9ae5d59d9c6d
|
|
7
|
+
data.tar.gz: 9fa11f2ee914d3f7dc6a87a7086e7339506d34175b03bac01fb683f2c37df5f3938a7bb3066e27a4c41c91cebbc85619d2bdd9fb2a40a3b22583f0c2505c5177
|
|
@@ -12,6 +12,7 @@ require "dependabot/source"
|
|
|
12
12
|
require "dependabot/dependency"
|
|
13
13
|
require "dependabot/git_metadata_fetcher"
|
|
14
14
|
|
|
15
|
+
# rubocop:disable Metrics/ClassLength
|
|
15
16
|
module Dependabot
|
|
16
17
|
class GitCommitChecker
|
|
17
18
|
VERSION_REGEX = /
|
|
@@ -58,6 +59,15 @@ module Dependabot
|
|
|
58
59
|
dependency_source_details.fetch(:ref).match?(VERSION_REGEX)
|
|
59
60
|
end
|
|
60
61
|
|
|
62
|
+
def pinned_ref_looks_like_commit_sha?
|
|
63
|
+
return false unless pinned?
|
|
64
|
+
|
|
65
|
+
ref = dependency_source_details.fetch(:ref)
|
|
66
|
+
return false unless ref.match?(/^[0-9a-f]{6,40}$/)
|
|
67
|
+
|
|
68
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
|
69
|
+
end
|
|
70
|
+
|
|
61
71
|
def branch_or_ref_in_release?(version)
|
|
62
72
|
pinned_ref_in_release?(version) || branch_behind_release?(version)
|
|
63
73
|
end
|
|
@@ -352,3 +362,4 @@ module Dependabot
|
|
|
352
362
|
end
|
|
353
363
|
end
|
|
354
364
|
end
|
|
365
|
+
# rubocop:enable Metrics/ClassLength
|
|
@@ -64,12 +64,12 @@ module Dependabot
|
|
|
64
64
|
# case, the best we can do is return nil.
|
|
65
65
|
return [] unless releases.any?
|
|
66
66
|
|
|
67
|
-
if updated_release && version_class.correct?(
|
|
67
|
+
if updated_release && version_class.correct?(new_version)
|
|
68
68
|
releases = filter_releases_using_updated_release(releases)
|
|
69
69
|
filter_releases_using_updated_version(releases, conservative: true)
|
|
70
70
|
elsif updated_release
|
|
71
71
|
filter_releases_using_updated_release(releases)
|
|
72
|
-
elsif version_class.correct?(
|
|
72
|
+
elsif version_class.correct?(new_version)
|
|
73
73
|
filter_releases_using_updated_version(releases, conservative: false)
|
|
74
74
|
else
|
|
75
75
|
[updated_release].compact
|
|
@@ -77,7 +77,6 @@ module Dependabot
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
def releases_since_previous_version
|
|
80
|
-
previous_version = dependency.previous_version
|
|
81
80
|
return [updated_release].compact unless previous_version
|
|
82
81
|
|
|
83
82
|
if previous_release && version_class.correct?(previous_version)
|
|
@@ -108,8 +107,6 @@ module Dependabot
|
|
|
108
107
|
end
|
|
109
108
|
|
|
110
109
|
def filter_releases_using_previous_version(releases, conservative:)
|
|
111
|
-
previous_version = version_class.new(dependency.previous_version)
|
|
112
|
-
|
|
113
110
|
releases.reject do |release|
|
|
114
111
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
115
112
|
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
|
@@ -125,12 +122,12 @@ module Dependabot
|
|
|
125
122
|
|
|
126
123
|
# Reject any releases that are less than the previous version
|
|
127
124
|
# (e.g., if two major versions are being maintained)
|
|
128
|
-
tag_version <= previous_version
|
|
125
|
+
tag_version <= version_class.new(previous_version)
|
|
129
126
|
end
|
|
130
127
|
end
|
|
131
128
|
|
|
132
129
|
def filter_releases_using_updated_version(releases, conservative:)
|
|
133
|
-
updated_version = version_class.new(
|
|
130
|
+
updated_version = version_class.new(new_version)
|
|
134
131
|
|
|
135
132
|
releases.reject do |release|
|
|
136
133
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
@@ -152,11 +149,11 @@ module Dependabot
|
|
|
152
149
|
end
|
|
153
150
|
|
|
154
151
|
def updated_release
|
|
155
|
-
release_for_version(
|
|
152
|
+
release_for_version(new_version)
|
|
156
153
|
end
|
|
157
154
|
|
|
158
155
|
def previous_release
|
|
159
|
-
release_for_version(
|
|
156
|
+
release_for_version(previous_version)
|
|
160
157
|
end
|
|
161
158
|
|
|
162
159
|
def release_for_version(version)
|
|
@@ -246,6 +243,48 @@ module Dependabot
|
|
|
246
243
|
[]
|
|
247
244
|
end
|
|
248
245
|
|
|
246
|
+
def previous_version
|
|
247
|
+
# If we don't have a previous version, we *may* still be able to
|
|
248
|
+
# figure one out if a ref was provided and has been changed (in which
|
|
249
|
+
# case the previous ref was essentially the version).
|
|
250
|
+
if dependency.previous_version.nil?
|
|
251
|
+
return ref_changed? ? previous_ref : nil
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
if dependency.previous_version.match?(/^[0-9a-f]{40}$/) &&
|
|
255
|
+
ref_changed?
|
|
256
|
+
previous_ref
|
|
257
|
+
else
|
|
258
|
+
dependency.previous_version
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
def new_version
|
|
263
|
+
if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed?
|
|
264
|
+
return new_ref
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
dependency.version
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
def previous_ref
|
|
271
|
+
dependency.previous_requirements.map do |r|
|
|
272
|
+
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
273
|
+
end.compact.first
|
|
274
|
+
end
|
|
275
|
+
|
|
276
|
+
def new_ref
|
|
277
|
+
dependency.requirements.map do |r|
|
|
278
|
+
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
279
|
+
end.compact.first
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
def ref_changed?
|
|
283
|
+
return false unless previous_ref
|
|
284
|
+
|
|
285
|
+
previous_ref != new_ref
|
|
286
|
+
end
|
|
287
|
+
|
|
249
288
|
def gitlab_client
|
|
250
289
|
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
|
|
251
290
|
for_gitlab_dot_com(credentials: credentials)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.112.
|
|
4
|
+
version: 0.112.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|