dependabot-common 0.112.9 → 0.112.10
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bd7eb33e16f8ff1807f09f20ed43ab05a0698ab0f7c120e47048aa3e44525dcc
|
|
4
|
+
data.tar.gz: 8a3c5defc616266504e0b01c4f751d69416155837902bf4dad4458c4c189e751
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: efd76369fdf023e2b458855a1ad2ad87fb08069e2c63763c0d1a717d1c8d6d3ec0f75205d3d8dd86d83dd759fd019c6efd35a870186c246427dc9ae5d59d9c6d
|
|
7
|
+
data.tar.gz: 9fa11f2ee914d3f7dc6a87a7086e7339506d34175b03bac01fb683f2c37df5f3938a7bb3066e27a4c41c91cebbc85619d2bdd9fb2a40a3b22583f0c2505c5177
|
|
@@ -12,6 +12,7 @@ require "dependabot/source"
|
|
|
12
12
|
require "dependabot/dependency"
|
|
13
13
|
require "dependabot/git_metadata_fetcher"
|
|
14
14
|
|
|
15
|
+
# rubocop:disable Metrics/ClassLength
|
|
15
16
|
module Dependabot
|
|
16
17
|
class GitCommitChecker
|
|
17
18
|
VERSION_REGEX = /
|
|
@@ -58,6 +59,15 @@ module Dependabot
|
|
|
58
59
|
dependency_source_details.fetch(:ref).match?(VERSION_REGEX)
|
|
59
60
|
end
|
|
60
61
|
|
|
62
|
+
def pinned_ref_looks_like_commit_sha?
|
|
63
|
+
return false unless pinned?
|
|
64
|
+
|
|
65
|
+
ref = dependency_source_details.fetch(:ref)
|
|
66
|
+
return false unless ref.match?(/^[0-9a-f]{6,40}$/)
|
|
67
|
+
|
|
68
|
+
local_repo_git_metadata_fetcher.head_commit_for_ref(ref).nil?
|
|
69
|
+
end
|
|
70
|
+
|
|
61
71
|
def branch_or_ref_in_release?(version)
|
|
62
72
|
pinned_ref_in_release?(version) || branch_behind_release?(version)
|
|
63
73
|
end
|
|
@@ -352,3 +362,4 @@ module Dependabot
|
|
|
352
362
|
end
|
|
353
363
|
end
|
|
354
364
|
end
|
|
365
|
+
# rubocop:enable Metrics/ClassLength
|
|
@@ -64,12 +64,12 @@ module Dependabot
|
|
|
64
64
|
# case, the best we can do is return nil.
|
|
65
65
|
return [] unless releases.any?
|
|
66
66
|
|
|
67
|
-
if updated_release && version_class.correct?(
|
|
67
|
+
if updated_release && version_class.correct?(new_version)
|
|
68
68
|
releases = filter_releases_using_updated_release(releases)
|
|
69
69
|
filter_releases_using_updated_version(releases, conservative: true)
|
|
70
70
|
elsif updated_release
|
|
71
71
|
filter_releases_using_updated_release(releases)
|
|
72
|
-
elsif version_class.correct?(
|
|
72
|
+
elsif version_class.correct?(new_version)
|
|
73
73
|
filter_releases_using_updated_version(releases, conservative: false)
|
|
74
74
|
else
|
|
75
75
|
[updated_release].compact
|
|
@@ -77,7 +77,6 @@ module Dependabot
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
def releases_since_previous_version
|
|
80
|
-
previous_version = dependency.previous_version
|
|
81
80
|
return [updated_release].compact unless previous_version
|
|
82
81
|
|
|
83
82
|
if previous_release && version_class.correct?(previous_version)
|
|
@@ -108,8 +107,6 @@ module Dependabot
|
|
|
108
107
|
end
|
|
109
108
|
|
|
110
109
|
def filter_releases_using_previous_version(releases, conservative:)
|
|
111
|
-
previous_version = version_class.new(dependency.previous_version)
|
|
112
|
-
|
|
113
110
|
releases.reject do |release|
|
|
114
111
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
115
112
|
cleaned_name = release.name&.gsub(/^[^0-9]*/, "")
|
|
@@ -125,12 +122,12 @@ module Dependabot
|
|
|
125
122
|
|
|
126
123
|
# Reject any releases that are less than the previous version
|
|
127
124
|
# (e.g., if two major versions are being maintained)
|
|
128
|
-
tag_version <= previous_version
|
|
125
|
+
tag_version <= version_class.new(previous_version)
|
|
129
126
|
end
|
|
130
127
|
end
|
|
131
128
|
|
|
132
129
|
def filter_releases_using_updated_version(releases, conservative:)
|
|
133
|
-
updated_version = version_class.new(
|
|
130
|
+
updated_version = version_class.new(new_version)
|
|
134
131
|
|
|
135
132
|
releases.reject do |release|
|
|
136
133
|
cleaned_tag = release.tag_name.gsub(/^[^0-9]*/, "")
|
|
@@ -152,11 +149,11 @@ module Dependabot
|
|
|
152
149
|
end
|
|
153
150
|
|
|
154
151
|
def updated_release
|
|
155
|
-
release_for_version(
|
|
152
|
+
release_for_version(new_version)
|
|
156
153
|
end
|
|
157
154
|
|
|
158
155
|
def previous_release
|
|
159
|
-
release_for_version(
|
|
156
|
+
release_for_version(previous_version)
|
|
160
157
|
end
|
|
161
158
|
|
|
162
159
|
def release_for_version(version)
|
|
@@ -246,6 +243,48 @@ module Dependabot
|
|
|
246
243
|
[]
|
|
247
244
|
end
|
|
248
245
|
|
|
246
|
+
def previous_version
|
|
247
|
+
# If we don't have a previous version, we *may* still be able to
|
|
248
|
+
# figure one out if a ref was provided and has been changed (in which
|
|
249
|
+
# case the previous ref was essentially the version).
|
|
250
|
+
if dependency.previous_version.nil?
|
|
251
|
+
return ref_changed? ? previous_ref : nil
|
|
252
|
+
end
|
|
253
|
+
|
|
254
|
+
if dependency.previous_version.match?(/^[0-9a-f]{40}$/) &&
|
|
255
|
+
ref_changed?
|
|
256
|
+
previous_ref
|
|
257
|
+
else
|
|
258
|
+
dependency.previous_version
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
def new_version
|
|
263
|
+
if dependency.version.match?(/^[0-9a-f]{40}$/) && ref_changed?
|
|
264
|
+
return new_ref
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
dependency.version
|
|
268
|
+
end
|
|
269
|
+
|
|
270
|
+
def previous_ref
|
|
271
|
+
dependency.previous_requirements.map do |r|
|
|
272
|
+
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
273
|
+
end.compact.first
|
|
274
|
+
end
|
|
275
|
+
|
|
276
|
+
def new_ref
|
|
277
|
+
dependency.requirements.map do |r|
|
|
278
|
+
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
279
|
+
end.compact.first
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
def ref_changed?
|
|
283
|
+
return false unless previous_ref
|
|
284
|
+
|
|
285
|
+
previous_ref != new_ref
|
|
286
|
+
end
|
|
287
|
+
|
|
249
288
|
def gitlab_client
|
|
250
289
|
@gitlab_client ||= Dependabot::Clients::GitlabWithRetries.
|
|
251
290
|
for_gitlab_dot_com(credentials: credentials)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.112.
|
|
4
|
+
version: 0.112.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-08-
|
|
11
|
+
date: 2019-08-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|