dependabot-common 0.210.0 → 0.211.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e1b0e492dee111c834810de7850faa8a0bb5150e281d5eb32e8b44802f2be1f
|
|
4
|
+
data.tar.gz: 2c9c14aeb59e0d6c33b1630c5425529dff45624f9b1657390ae644dd8d0abbbf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 821283e91686501710d6146944b8b10f559cd7ed9e0084edfc5176027083c24b26918a273c823f5fd829f575d5e1a29ead356db403307ba0e36147de30e9e3de
|
|
7
|
+
data.tar.gz: 768791aeb20b739bd36d4b788164f5d9e11f096879b7ac517cc4fbaa81462f58e1e1cb1d03a8fce5183b0af4da2ac5458a482dc31ee36cc6d5bf09697300c5ef
|
|
@@ -41,7 +41,7 @@ module Dependabot
|
|
|
41
41
|
|
|
42
42
|
def initialize(name:, requirements:, package_manager:, version: nil,
|
|
43
43
|
previous_version: nil, previous_requirements: nil,
|
|
44
|
-
subdependency_metadata: [])
|
|
44
|
+
subdependency_metadata: [], removed: false)
|
|
45
45
|
@name = name
|
|
46
46
|
@version = version
|
|
47
47
|
@requirements = requirements.map { |req| symbolize_keys(req) }
|
|
@@ -53,6 +53,7 @@ module Dependabot
|
|
|
53
53
|
@subdependency_metadata = subdependency_metadata&.
|
|
54
54
|
map { |h| symbolize_keys(h) }
|
|
55
55
|
end
|
|
56
|
+
@removed = removed
|
|
56
57
|
|
|
57
58
|
check_values
|
|
58
59
|
end
|
|
@@ -61,6 +62,10 @@ module Dependabot
|
|
|
61
62
|
requirements.any?
|
|
62
63
|
end
|
|
63
64
|
|
|
65
|
+
def removed?
|
|
66
|
+
@removed
|
|
67
|
+
end
|
|
68
|
+
|
|
64
69
|
def to_h
|
|
65
70
|
{
|
|
66
71
|
"name" => name,
|
|
@@ -69,7 +74,8 @@ module Dependabot
|
|
|
69
74
|
"previous_version" => previous_version,
|
|
70
75
|
"previous_requirements" => previous_requirements,
|
|
71
76
|
"package_manager" => package_manager,
|
|
72
|
-
"subdependency_metadata" => subdependency_metadata
|
|
77
|
+
"subdependency_metadata" => subdependency_metadata,
|
|
78
|
+
"removed" => removed? ? true : nil
|
|
73
79
|
}.compact
|
|
74
80
|
end
|
|
75
81
|
|
|
@@ -293,10 +293,14 @@ module Dependabot
|
|
|
293
293
|
return metadata_links_for_dep(dependencies.first) if dependencies.count == 1
|
|
294
294
|
|
|
295
295
|
dependencies.map do |dep|
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
296
|
+
if dep.removed?
|
|
297
|
+
"\n\nRemoves `#{dep.display_name}`"
|
|
298
|
+
else
|
|
299
|
+
"\n\nUpdates `#{dep.display_name}` "\
|
|
300
|
+
"#{from_version_msg(previous_version(dep))}to "\
|
|
301
|
+
"#{new_version(dep)}"\
|
|
302
|
+
"#{metadata_links_for_dep(dep)}"
|
|
303
|
+
end
|
|
300
304
|
end.join
|
|
301
305
|
end
|
|
302
306
|
|
|
@@ -313,9 +317,13 @@ module Dependabot
|
|
|
313
317
|
return metadata_cascades_for_dep(dependencies.first) if dependencies.one?
|
|
314
318
|
|
|
315
319
|
dependencies.map do |dep|
|
|
316
|
-
msg =
|
|
317
|
-
|
|
318
|
-
|
|
320
|
+
msg = if dep.removed?
|
|
321
|
+
"\nRemoves `#{dep.display_name}`"
|
|
322
|
+
else
|
|
323
|
+
"\nUpdates `#{dep.display_name}` "\
|
|
324
|
+
"#{from_version_msg(previous_version(dep))}"\
|
|
325
|
+
"to #{new_version(dep)}"
|
|
326
|
+
end
|
|
319
327
|
|
|
320
328
|
if vulnerabilities_fixed[dep.name]&.one?
|
|
321
329
|
msg += " **This update includes a security fix.**"
|
|
@@ -328,6 +336,8 @@ module Dependabot
|
|
|
328
336
|
end
|
|
329
337
|
|
|
330
338
|
def metadata_cascades_for_dep(dependency)
|
|
339
|
+
return "" if dependency.removed?
|
|
340
|
+
|
|
331
341
|
MetadataPresenter.new(
|
|
332
342
|
dependency: dependency,
|
|
333
343
|
source: source,
|
|
@@ -62,6 +62,9 @@ module Dependabot
|
|
|
62
62
|
# Ignore deps that weren't previously vulnerable
|
|
63
63
|
return false unless affects_version?(dependency.previous_version)
|
|
64
64
|
|
|
65
|
+
# Removing a dependency is a way to fix the vulnerability
|
|
66
|
+
return true if dependency.removed?
|
|
67
|
+
|
|
65
68
|
# Select deps that are now fixed
|
|
66
69
|
!affects_version?(dependency.version)
|
|
67
70
|
end
|
data/lib/dependabot/version.rb
CHANGED