dependabot-common 0.123.0 → 0.123.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 103a0b99bbafd483f6b638fabd7aeb5276a4d59794869a42ee7e4d64381b592d
-  data.tar.gz: 419bfa957b475a720c7d469899f1f5ca473e15a2779534d9dc33f10b9d8dd90c
+  metadata.gz: bf06616b587097abdac55ec205266b02b7a601593d49318defc0240415d49e28
+  data.tar.gz: fcb15e0dfd5f07d5836ac4397f2b5ad247593dfd1aca0877299c929329ae5e0d
 SHA512:
-  metadata.gz: 1385b30618626289217bebead094c165ca50bb62ff6e26d805fc52200a64e8e4b7f447cc2959a6d9aa6f863dae73a68b66a34d1f9ce82c8ab256c70c23126b72
-  data.tar.gz: 9d09fbff160f5301a4ea22cdcb6150dc1d87e3a01e8cc316a97ecfa629655a49e2d59b069196d5a923d1076de1992fd3dbb181bd27614835f3ebd787de9184c3
+  metadata.gz: c0caf4d2b293cfef2049a59e7bee8eb05cb3b2e6ab95168fdfe588fb6fb3e232363f9aaab14e20669440b8af84a23e5442eda65c90b76a7bceb51c52c634cf31
+  data.tar.gz: 5e301d79b9fa6fe51dbbdf49e1c901593d4ba796925e131ebad9b6c4258c132849318c311ed557badb8e131e6e46faba3d8ec8f9d51e21d04b0bd930ebeb83fd

data/lib/dependabot/pull_request_creator.rb

@@ -73,7 +73,7 @@ module Dependabot
     end
 
     def check_dependencies_have_previous_version
-      return if library? && dependencies.all? { |d| requirements_changed?(d) }
+      return if dependencies.all? { |d| requirements_changed?(d) }
       return if dependencies.all?(&:previous_version)
 
       raise "Dependencies must have a previous version or changed " \
@@ -214,12 +214,6 @@ module Dependabot
         )
     end
 
-    def library?
-      return true if files.any? { |file| file.name.end_with?(".gemspec") }
-
-      dependencies.any? { |d| !d.appears_in_lockfile? }
-    end
-
     def includes_security_fixes?
       vulnerabilities_fixed.values.flatten.any?
     end

data/lib/dependabot/pull_request_creator/branch_namer.rb

@@ -165,12 +165,12 @@ module Dependabot
         updated_reqs.first[:requirement]
       end
 
-      # TODO: Look into bringing this in line with existing library checks that
-      # we do in the update checkers, which are also overriden by passing an
-      # explicit `requirements_update_strategy`.
+      # TODO: Bring this in line with existing library checks that we do in the
+      # update checkers, which are also overriden by passing an explicit
+      # `requirements_update_strategy`.
+      #
+      # TODO re-use in MessageBuilder
       def library?
-        return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
-
         dependencies.any? { |d| !d.appears_in_lockfile? }
       end
 

data/lib/dependabot/pull_request_creator/message_builder.rb

@@ -459,8 +459,16 @@ module Dependabot
         previous_ref(dependency) != new_ref(dependency)
       end
 
+      # TODO: Bring this in line with existing library checks that we do in the
+      # update checkers, which are also overriden by passing an explicit
+      # `requirements_update_strategy`.
+      #
+      # TODO re-use in BranchNamer
       def library?
-        return true if files.map(&:name).any? { |nm| nm.end_with?(".gemspec") }
+        # Reject any nested child gemspecs/vendored git dependencies
+        root_files = files.map(&:name).
+                     select { |p| Pathname.new(p).dirname.to_s == "." }
+        return true if root_files.select { |nm| nm.end_with?(".gemspec") }.any?
 
         dependencies.any? { |d| previous_version(d).nil? }
       end

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.123.0"
+  VERSION = "0.123.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-common
 version: !ruby/object:Gem::Version
-  version: 0.123.0
+  version: 0.123.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-13 00:00:00.000000000 Z
+date: 2020-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-codecommit