dependabot-common 0.112.1 → 0.112.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/pull_request_creator/message_builder.rb +22 -10
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b9c1b409eefe151a39267df4d64c54d948d4b395c4ff2f358679686394016aee
|
4
|
+
data.tar.gz: 51e297f97a8ae38bbd2ec46be093a68c1f21ff6e562ad096485363a3caac6017
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6886ca987112530341fbb228d1cc934927dd41cdd3b8cd38ffbf677d0b2d3970819624cad335616694449928a508b934c9533d5f024f2063acdbb4bb24bb0fac
|
7
|
+
data.tar.gz: 40fa2fe0dbece30ff0a7c6c6db87def7ed975ae89489edfe7f28288757450891c219918a107e3b53193e413ff5fa1ff10920f7ad01623a31ba245c6ac4b9c11b
|
@@ -543,22 +543,28 @@ module Dependabot
|
|
543
543
|
)
|
544
544
|
end
|
545
545
|
|
546
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
546
547
|
def previous_version(dependency)
|
548
|
+
# If we don't have a previous version, we *may* still be able to figure
|
549
|
+
# one out if a ref was provided and has been changed (in which case the
|
550
|
+
# previous ref was essentially the version).
|
551
|
+
if dependency.previous_version.nil?
|
552
|
+
return ref_changed?(dependency) ? previous_ref(dependency) : nil
|
553
|
+
end
|
554
|
+
|
547
555
|
if dependency.previous_version.match?(/^[0-9a-f]{40}$/)
|
548
556
|
return previous_ref(dependency) if ref_changed?(dependency)
|
549
557
|
|
550
558
|
"`#{dependency.previous_version[0..6]}`"
|
551
559
|
elsif dependency.version == dependency.previous_version &&
|
552
560
|
package_manager == "docker"
|
553
|
-
digest =
|
554
|
-
dependency.previous_requirements.
|
555
|
-
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
556
|
-
compact.first
|
561
|
+
digest = docker_digest_from_reqs(dependency.previous_requirements)
|
557
562
|
"`#{digest.split(':').last[0..6]}`"
|
558
563
|
else
|
559
564
|
dependency.previous_version
|
560
565
|
end
|
561
566
|
end
|
567
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
562
568
|
|
563
569
|
def new_version(dependency)
|
564
570
|
if dependency.version.match?(/^[0-9a-f]{40}$/)
|
@@ -567,16 +573,19 @@ module Dependabot
|
|
567
573
|
"`#{dependency.version[0..6]}`"
|
568
574
|
elsif dependency.version == dependency.previous_version &&
|
569
575
|
package_manager == "docker"
|
570
|
-
digest =
|
571
|
-
dependency.requirements.
|
572
|
-
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
573
|
-
compact.first
|
576
|
+
digest = docker_digest_from_reqs(dependency.requirements)
|
574
577
|
"`#{digest.split(':').last[0..6]}`"
|
575
578
|
else
|
576
579
|
dependency.version
|
577
580
|
end
|
578
581
|
end
|
579
582
|
|
583
|
+
def docker_digest_from_reqs(requirements)
|
584
|
+
requirements.
|
585
|
+
map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }.
|
586
|
+
compact.first
|
587
|
+
end
|
588
|
+
|
580
589
|
def previous_ref(dependency)
|
581
590
|
dependency.previous_requirements.map do |r|
|
582
591
|
r.dig(:source, "ref") || r.dig(:source, :ref)
|
@@ -668,11 +677,14 @@ module Dependabot
|
|
668
677
|
def library?
|
669
678
|
return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
|
670
679
|
|
671
|
-
dependencies.any? { |d|
|
680
|
+
dependencies.any? { |d| previous_version(d).nil? }
|
672
681
|
end
|
673
682
|
|
674
683
|
def switching_from_ref_to_release?(dependency)
|
675
|
-
|
684
|
+
unless dependency.previous_version&.match?(/^[0-9a-f]{40}$/) ||
|
685
|
+
dependency.previous_version.nil? && previous_ref(dependency)
|
686
|
+
return false
|
687
|
+
end
|
676
688
|
|
677
689
|
Gem::Version.correct?(dependency.version)
|
678
690
|
end
|
data/lib/dependabot/version.rb
CHANGED