dependabot-common 0.95.39 → 0.95.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +46 -20
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 057043eb334d6bcab76bd43dded0ec14c45d73ca404ce828e71f66dead73a12b
|
|
4
|
+
data.tar.gz: 446809f0636d2493dbfb1c65db018da6b3862eaa958bd3878a07647ec8be204a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f5b862b611f07429c82c39e5b6d027d56577f9b878b60dd0ca4ed7eea994d7160076eb64dbc934a6b6ff12aeba46de7656ac7261bb875765d8e7717385a1e21
|
|
7
|
+
data.tar.gz: 402019c43f2351f1d05525db9f4d5bada85c4811a04a6f7089085e200513abe6b37a81c0ff4e61bbf2faf01d786c6e032c69fa2cefa794942dfa1fef725f48ff
|
|
@@ -52,12 +52,14 @@ module Dependabot
|
|
|
52
52
|
def new_tag
|
|
53
53
|
new_version = dependency.version
|
|
54
54
|
|
|
55
|
-
if git_source?(dependency.requirements)
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
55
|
+
return new_version if git_source?(dependency.requirements)
|
|
56
|
+
|
|
57
|
+
tags = dependency_tags.
|
|
58
|
+
select { |t| t =~ version_regex(new_version) }
|
|
59
|
+
|
|
60
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
|
61
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
|
62
|
+
tags.first
|
|
61
63
|
end
|
|
62
64
|
|
|
63
65
|
private
|
|
@@ -70,7 +72,9 @@ module Dependabot
|
|
|
70
72
|
elsif previous_version
|
|
71
73
|
tags = dependency_tags.
|
|
72
74
|
select { |t| t =~ version_regex(previous_version) }
|
|
73
|
-
tags.find { |t| t.include?(dependency.name) } ||
|
|
75
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
|
76
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
|
77
|
+
tags.first
|
|
74
78
|
else
|
|
75
79
|
lowest_tag_satisfying_previous_requirements
|
|
76
80
|
end
|
|
@@ -82,7 +86,9 @@ module Dependabot
|
|
|
82
86
|
select { |t| satisfies_previous_reqs?(version_from_tag(t)) }.
|
|
83
87
|
sort_by { |t| version_from_tag(t) }
|
|
84
88
|
|
|
85
|
-
tags.find { |t| t.include?(dependency.name) } ||
|
|
89
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
|
90
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
|
91
|
+
tags.first
|
|
86
92
|
end
|
|
87
93
|
|
|
88
94
|
def version_from_tag(tag)
|
|
@@ -148,18 +154,17 @@ module Dependabot
|
|
|
148
154
|
end
|
|
149
155
|
|
|
150
156
|
def github_compare_path(new_tag, previous_tag)
|
|
151
|
-
if
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
157
|
+
if part_of_monorepo?
|
|
158
|
+
# If part of a monorepo then we're better off linking to the commits
|
|
159
|
+
# for that directory than trying to put together a compare URL
|
|
160
|
+
Pathname.
|
|
161
|
+
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
|
|
162
|
+
cleanpath.to_path
|
|
163
|
+
elsif new_tag && previous_tag
|
|
164
|
+
"compare/#{previous_tag}...#{new_tag}"
|
|
165
|
+
else
|
|
166
|
+
new_tag ? "commits/#{new_tag}" : "commits"
|
|
158
167
|
end
|
|
159
|
-
|
|
160
|
-
Pathname.
|
|
161
|
-
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
|
|
162
|
-
cleanpath.to_path
|
|
163
168
|
end
|
|
164
169
|
|
|
165
170
|
def bitbucket_compare_path(new_tag, previous_tag)
|
|
@@ -184,7 +189,22 @@ module Dependabot
|
|
|
184
189
|
|
|
185
190
|
def fetch_github_commits
|
|
186
191
|
commits =
|
|
187
|
-
|
|
192
|
+
if part_of_monorepo?
|
|
193
|
+
# If part of a monorepo we make two requests in order to get only
|
|
194
|
+
# the commits relevant to the given path
|
|
195
|
+
path = source.directory.gsub(%r{^[./]+}, "")
|
|
196
|
+
repo = source.repo
|
|
197
|
+
|
|
198
|
+
previous_commit_shas =
|
|
199
|
+
github_client.commits(repo, sha: previous_tag, path: path).
|
|
200
|
+
map(&:sha)
|
|
201
|
+
|
|
202
|
+
github_client.
|
|
203
|
+
commits(repo, sha: new_tag, path: path).
|
|
204
|
+
reject { |c| previous_commit_shas.include?(c.sha) }
|
|
205
|
+
else
|
|
206
|
+
github_client.compare(source.repo, previous_tag, new_tag).commits
|
|
207
|
+
end
|
|
188
208
|
return [] unless commits
|
|
189
209
|
|
|
190
210
|
commits.map do |commit|
|
|
@@ -244,6 +264,12 @@ module Dependabot
|
|
|
244
264
|
for_bitbucket_dot_org(credentials: credentials)
|
|
245
265
|
end
|
|
246
266
|
|
|
267
|
+
def part_of_monorepo?
|
|
268
|
+
return false unless reliable_source_directory?
|
|
269
|
+
|
|
270
|
+
![nil, ".", "/"].include?(source.directory)
|
|
271
|
+
end
|
|
272
|
+
|
|
247
273
|
def version_class
|
|
248
274
|
Utils.version_class_for_package_manager(dependency.package_manager)
|
|
249
275
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.40
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -266,14 +266,14 @@ dependencies:
|
|
|
266
266
|
requirements:
|
|
267
267
|
- - "~>"
|
|
268
268
|
- !ruby/object:Gem::Version
|
|
269
|
-
version:
|
|
269
|
+
version: 0.64.0
|
|
270
270
|
type: :development
|
|
271
271
|
prerelease: false
|
|
272
272
|
version_requirements: !ruby/object:Gem::Requirement
|
|
273
273
|
requirements:
|
|
274
274
|
- - "~>"
|
|
275
275
|
- !ruby/object:Gem::Version
|
|
276
|
-
version:
|
|
276
|
+
version: 0.64.0
|
|
277
277
|
- !ruby/object:Gem::Dependency
|
|
278
278
|
name: vcr
|
|
279
279
|
requirement: !ruby/object:Gem::Requirement
|