dependabot-common 0.112.1 → 0.112.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +22 -10
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b9c1b409eefe151a39267df4d64c54d948d4b395c4ff2f358679686394016aee
|
4
|
+
data.tar.gz: 51e297f97a8ae38bbd2ec46be093a68c1f21ff6e562ad096485363a3caac6017
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6886ca987112530341fbb228d1cc934927dd41cdd3b8cd38ffbf677d0b2d3970819624cad335616694449928a508b934c9533d5f024f2063acdbb4bb24bb0fac
|
7
|
+
data.tar.gz: 40fa2fe0dbece30ff0a7c6c6db87def7ed975ae89489edfe7f28288757450891c219918a107e3b53193e413ff5fa1ff10920f7ad01623a31ba245c6ac4b9c11b
|
@@ -543,22 +543,28 @@ module Dependabot
|
|
543
543
|
)
|
544
544
|
end
|
545
545
|
|
546
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
546
547
|
def previous_version(dependency)
|
548
|
+
# If we don't have a previous version, we *may* still be able to figure
|
549
|
+
# one out if a ref was provided and has been changed (in which case the
|
550
|
+
# previous ref was essentially the version).
|
551
|
+
if dependency.previous_version.nil?
|
552
|
+
return ref_changed?(dependency) ? previous_ref(dependency) : nil
|
553
|
+
end
|
554
|
+
|
547
555
|
if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
|
548
556
|
return previous_ref(dependency) if ref_changed?(dependency)
|
549
557
|
|
550
558
|
"`#{dependency.previous_version[0..6]}`"
|
551
559
|
elsif dependency.version == dependency.previous_version &&
|
552
560
|
package_manager == "docker"
|
553
|
-
digest =
|
554
|
-
dependency.previous_requirements.
|
555
|
-
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
556
|
-
compact.first
|
561
|
+
digest = docker_digest_from_reqs(dependency.previous_requirements)
|
557
562
|
"`#{digest.split(':').last[0..6]}`"
|
558
563
|
else
|
559
564
|
dependency.previous_version
|
560
565
|
end
|
561
566
|
end
|
567
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
562
568
|
|
563
569
|
def new_version(dependency)
|
564
570
|
if dependency.version.match?(/^[0-9a-f]{40}$/)
|
@@ -567,16 +573,19 @@ module Dependabot
|
|
567
573
|
"`#{dependency.version[0..6]}`"
|
568
574
|
elsif dependency.version == dependency.previous_version &&
|
569
575
|
package_manager == "docker"
|
570
|
-
digest =
|
571
|
-
dependency.requirements.
|
572
|
-
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
573
|
-
compact.first
|
576
|
+
digest = docker_digest_from_reqs(dependency.requirements)
|
574
577
|
"`#{digest.split(':').last[0..6]}`"
|
575
578
|
else
|
576
579
|
dependency.version
|
577
580
|
end
|
578
581
|
end
|
579
582
|
|
583
|
+
def docker_digest_from_reqs(requirements)
|
584
|
+
requirements.
|
585
|
+
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
586
|
+
compact.first
|
587
|
+
end
|
588
|
+
|
580
589
|
def previous_ref(dependency)
|
581
590
|
dependency.previous_requirements.map do |r|
|
582
591
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
@@ -668,11 +677,14 @@ module Dependabot
|
|
668
677
|
def library?
|
669
678
|
return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
|
670
679
|
|
671
|
-
dependencies.any? { |d|
|
680
|
+
dependencies.any? { |d| previous_version(d).nil? }
|
672
681
|
end
|
673
682
|
|
674
683
|
def switching_from_ref_to_release?(dependency)
|
675
|
-
|
684
|
+
unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
|
685
|
+
dependency.previous_version.nil? && previous_ref(dependency)
|
686
|
+
return false
|
687
|
+
end
|
676
688
|
|
677
689
|
Gem::Version.correct?(dependency.version)
|
678
690
|
end
|
data/lib/dependabot/version.rb
CHANGED