dependabot-common 0.95.39 → 0.95.40
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +46 -20
- data/lib/dependabot/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 057043eb334d6bcab76bd43dded0ec14c45d73ca404ce828e71f66dead73a12b
|
4
|
+
data.tar.gz: 446809f0636d2493dbfb1c65db018da6b3862eaa958bd3878a07647ec8be204a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6f5b862b611f07429c82c39e5b6d027d56577f9b878b60dd0ca4ed7eea994d7160076eb64dbc934a6b6ff12aeba46de7656ac7261bb875765d8e7717385a1e21
|
7
|
+
data.tar.gz: 402019c43f2351f1d05525db9f4d5bada85c4811a04a6f7089085e200513abe6b37a81c0ff4e61bbf2faf01d786c6e032c69fa2cefa794942dfa1fef725f48ff
|
@@ -52,12 +52,14 @@ module Dependabot
|
|
52
52
|
def new_tag
|
53
53
|
new_version = dependency.version
|
54
54
|
|
55
|
-
if git_source?(dependency.requirements)
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
55
|
+
return new_version if git_source?(dependency.requirements)
|
56
|
+
|
57
|
+
tags = dependency_tags.
|
58
|
+
select { |t| t =~ version_regex(new_version) }
|
59
|
+
|
60
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
61
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
62
|
+
tags.first
|
61
63
|
end
|
62
64
|
|
63
65
|
private
|
@@ -70,7 +72,9 @@ module Dependabot
|
|
70
72
|
elsif previous_version
|
71
73
|
tags = dependency_tags.
|
72
74
|
select { |t| t =~ version_regex(previous_version) }
|
73
|
-
tags.find { |t| t.include?(dependency.name) } ||
|
75
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
76
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
77
|
+
tags.first
|
74
78
|
else
|
75
79
|
lowest_tag_satisfying_previous_requirements
|
76
80
|
end
|
@@ -82,7 +86,9 @@ module Dependabot
|
|
82
86
|
select { |t| satisfies_previous_reqs?(version_from_tag(t)) }.
|
83
87
|
sort_by { |t| version_from_tag(t) }
|
84
88
|
|
85
|
-
tags.find { |t| t.include?(dependency.name) } ||
|
89
|
+
tags.find { |t| t.include?("#{dependency.name}@") } ||
|
90
|
+
tags.find { |t| t.include?(dependency.name) } ||
|
91
|
+
tags.first
|
86
92
|
end
|
87
93
|
|
88
94
|
def version_from_tag(tag)
|
@@ -148,18 +154,17 @@ module Dependabot
|
|
148
154
|
end
|
149
155
|
|
150
156
|
def github_compare_path(new_tag, previous_tag)
|
151
|
-
if
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
157
|
+
if part_of_monorepo?
|
158
|
+
# If part of a monorepo then we're better off linking to the commits
|
159
|
+
# for that directory than trying to put together a compare URL
|
160
|
+
Pathname.
|
161
|
+
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
|
162
|
+
cleanpath.to_path
|
163
|
+
elsif new_tag && previous_tag
|
164
|
+
"compare/#{previous_tag}...#{new_tag}"
|
165
|
+
else
|
166
|
+
new_tag ? "commits/#{new_tag}" : "commits"
|
158
167
|
end
|
159
|
-
|
160
|
-
Pathname.
|
161
|
-
new(File.join("commits/#{new_tag || 'HEAD'}", source.directory)).
|
162
|
-
cleanpath.to_path
|
163
168
|
end
|
164
169
|
|
165
170
|
def bitbucket_compare_path(new_tag, previous_tag)
|
@@ -184,7 +189,22 @@ module Dependabot
|
|
184
189
|
|
185
190
|
def fetch_github_commits
|
186
191
|
commits =
|
187
|
-
|
192
|
+
if part_of_monorepo?
|
193
|
+
# If part of a monorepo we make two requests in order to get only
|
194
|
+
# the commits relevant to the given path
|
195
|
+
path = source.directory.gsub(%r{^[./]+}, "")
|
196
|
+
repo = source.repo
|
197
|
+
|
198
|
+
previous_commit_shas =
|
199
|
+
github_client.commits(repo, sha: previous_tag, path: path).
|
200
|
+
map(&:sha)
|
201
|
+
|
202
|
+
github_client.
|
203
|
+
commits(repo, sha: new_tag, path: path).
|
204
|
+
reject { |c| previous_commit_shas.include?(c.sha) }
|
205
|
+
else
|
206
|
+
github_client.compare(source.repo, previous_tag, new_tag).commits
|
207
|
+
end
|
188
208
|
return [] unless commits
|
189
209
|
|
190
210
|
commits.map do |commit|
|
@@ -244,6 +264,12 @@ module Dependabot
|
|
244
264
|
for_bitbucket_dot_org(credentials: credentials)
|
245
265
|
end
|
246
266
|
|
267
|
+
def part_of_monorepo?
|
268
|
+
return false unless reliable_source_directory?
|
269
|
+
|
270
|
+
![nil, ".", "/"].include?(source.directory)
|
271
|
+
end
|
272
|
+
|
247
273
|
def version_class
|
248
274
|
Utils.version_class_for_package_manager(dependency.package_manager)
|
249
275
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-common
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.95.
|
4
|
+
version: 0.95.40
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -266,14 +266,14 @@ dependencies:
|
|
266
266
|
requirements:
|
267
267
|
- - "~>"
|
268
268
|
- !ruby/object:Gem::Version
|
269
|
-
version:
|
269
|
+
version: 0.64.0
|
270
270
|
type: :development
|
271
271
|
prerelease: false
|
272
272
|
version_requirements: !ruby/object:Gem::Requirement
|
273
273
|
requirements:
|
274
274
|
- - "~>"
|
275
275
|
- !ruby/object:Gem::Version
|
276
|
-
version:
|
276
|
+
version: 0.64.0
|
277
277
|
- !ruby/object:Gem::Dependency
|
278
278
|
name: vcr
|
279
279
|
requirement: !ruby/object:Gem::Requirement
|