dependabot-common 0.123.0 → 0.123.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of dependabot-common might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 103a0b99bbafd483f6b638fabd7aeb5276a4d59794869a42ee7e4d64381b592d
4
- data.tar.gz: 419bfa957b475a720c7d469899f1f5ca473e15a2779534d9dc33f10b9d8dd90c
3
+ metadata.gz: bf06616b587097abdac55ec205266b02b7a601593d49318defc0240415d49e28
4
+ data.tar.gz: fcb15e0dfd5f07d5836ac4397f2b5ad247593dfd1aca0877299c929329ae5e0d
5
5
  SHA512:
6
- metadata.gz: 1385b30618626289217bebead094c165ca50bb62ff6e26d805fc52200a64e8e4b7f447cc2959a6d9aa6f863dae73a68b66a34d1f9ce82c8ab256c70c23126b72
7
- data.tar.gz: 9d09fbff160f5301a4ea22cdcb6150dc1d87e3a01e8cc316a97ecfa629655a49e2d59b069196d5a923d1076de1992fd3dbb181bd27614835f3ebd787de9184c3
6
+ metadata.gz: c0caf4d2b293cfef2049a59e7bee8eb05cb3b2e6ab95168fdfe588fb6fb3e232363f9aaab14e20669440b8af84a23e5442eda65c90b76a7bceb51c52c634cf31
7
+ data.tar.gz: 5e301d79b9fa6fe51dbbdf49e1c901593d4ba796925e131ebad9b6c4258c132849318c311ed557badb8e131e6e46faba3d8ec8f9d51e21d04b0bd930ebeb83fd
@@ -73,7 +73,7 @@ module Dependabot
73
73
  end
74
74
 
75
75
  def check_dependencies_have_previous_version
76
- return if library? && dependencies.all? { |d| requirements_changed?(d) }
76
+ return if dependencies.all? { |d| requirements_changed?(d) }
77
77
  return if dependencies.all?(&:previous_version)
78
78
 
79
79
  raise "Dependencies must have a previous version or changed " \
@@ -214,12 +214,6 @@ module Dependabot
214
214
  )
215
215
  end
216
216
 
217
- def library?
218
- return true if files.any? { |file| file.name.end_with?(".gemspec") }
219
-
220
- dependencies.any? { |d| !d.appears_in_lockfile? }
221
- end
222
-
223
217
  def includes_security_fixes?
224
218
  vulnerabilities_fixed.values.flatten.any?
225
219
  end
@@ -165,12 +165,12 @@ module Dependabot
165
165
  updated_reqs.first[:requirement]
166
166
  end
167
167
 
168
- # TODO: Look into bringing this in line with existing library checks that
169
- # we do in the update checkers, which are also overriden by passing an
170
- # explicit `requirements_update_strategy`.
168
+ # TODO: Bring this in line with existing library checks that we do in the
169
+ # update checkers, which are also overriden by passing an explicit
170
+ # `requirements_update_strategy`.
171
+ #
172
+ # TODO re-use in MessageBuilder
171
173
  def library?
172
- return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
173
-
174
174
  dependencies.any? { |d| !d.appears_in_lockfile? }
175
175
  end
176
176
 
@@ -459,8 +459,16 @@ module Dependabot
459
459
  previous_ref(dependency) != new_ref(dependency)
460
460
  end
461
461
 
462
+ # TODO: Bring this in line with existing library checks that we do in the
463
+ # update checkers, which are also overriden by passing an explicit
464
+ # `requirements_update_strategy`.
465
+ #
466
+ # TODO re-use in BranchNamer
462
467
  def library?
463
- return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
468
+ # Reject any nested child gemspecs/vendored git dependencies
469
+ root_files = files.map(&:name).
470
+ select { |p| Pathname.new(p).dirname.to_s == "." }
471
+ return true if root_files.select { |nm| nm.end_with?(".gemspec") }.any?
464
472
 
465
473
  dependencies.any? { |d| previous_version(d).nil? }
466
474
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.123.0"
4
+ VERSION = "0.123.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-common
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.123.0
4
+ version: 0.123.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-13 00:00:00.000000000 Z
11
+ date: 2020-10-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-codecommit