dependabot-common 0.95.81 → 0.95.82
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +35 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eb8de31607df04625bc55b3cb97f8219ad0fccef4a8c315c5649b791c4fc1b9e
|
|
4
|
+
data.tar.gz: c5cf91d1b6349880b3d9c5f1c7e32bb7a21ce2fb72d12c59f88bb333b12b991c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 64c8f675cda1f9cee4cf66b0be725c1955b76d841f310032d029d6cffa73ca3dce23d14d002e1581f3ebd55a1ac0b9140229d51e61a0a54cac40b63a193fb9a0
|
|
7
|
+
data.tar.gz: cfa382738bc7e01d418c33b4369f47baa9a8ed584417fd1ff6c2a15f4503157d4e99eeb9e379045bbddf70b17703d9b35e53ce25bb25006ce6fbccc23376a59a
|
|
@@ -52,7 +52,11 @@ module Dependabot
|
|
|
52
52
|
def new_tag
|
|
53
53
|
new_version = dependency.version
|
|
54
54
|
|
|
55
|
-
|
|
55
|
+
if git_source?(dependency.requirements) && git_sha?(new_version)
|
|
56
|
+
return new_version
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
return new_ref if git_source?(dependency.requirements) && ref_changed?
|
|
56
60
|
|
|
57
61
|
tags = dependency_tags.
|
|
58
62
|
select { |t| t =~ version_regex(new_version) }.
|
|
@@ -63,21 +67,28 @@ module Dependabot
|
|
|
63
67
|
|
|
64
68
|
private
|
|
65
69
|
|
|
70
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
71
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
66
72
|
def previous_tag
|
|
67
73
|
previous_version = dependency.previous_version
|
|
68
74
|
|
|
69
|
-
if git_source?(dependency.previous_requirements)
|
|
70
|
-
|
|
75
|
+
if git_source?(dependency.previous_requirements) &&
|
|
76
|
+
git_sha?(previous_version)
|
|
77
|
+
previous_version
|
|
78
|
+
elsif git_source?(dependency.previous_requirements) && ref_changed?
|
|
79
|
+
previous_ref
|
|
71
80
|
elsif previous_version
|
|
72
81
|
tags = dependency_tags.
|
|
73
82
|
select { |t| t =~ version_regex(previous_version) }.
|
|
74
83
|
sort_by(&:length)
|
|
75
84
|
|
|
76
85
|
tags.find { |t| t.include?(dependency.name) } || tags.first
|
|
77
|
-
|
|
86
|
+
elsif !git_source?(dependency.previous_requirements)
|
|
78
87
|
lowest_tag_satisfying_previous_requirements
|
|
79
88
|
end
|
|
80
89
|
end
|
|
90
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
91
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
81
92
|
|
|
82
93
|
def lowest_tag_satisfying_previous_requirements
|
|
83
94
|
tags = dependency_tags.
|
|
@@ -123,6 +134,12 @@ module Dependabot
|
|
|
123
134
|
source_type == "git"
|
|
124
135
|
end
|
|
125
136
|
|
|
137
|
+
def ref_changed?
|
|
138
|
+
return false unless previous_ref && new_ref
|
|
139
|
+
|
|
140
|
+
previous_ref != new_ref
|
|
141
|
+
end
|
|
142
|
+
|
|
126
143
|
def previous_ref
|
|
127
144
|
return unless git_source?(dependency.previous_requirements)
|
|
128
145
|
|
|
@@ -131,6 +148,14 @@ module Dependabot
|
|
|
131
148
|
end.compact.first
|
|
132
149
|
end
|
|
133
150
|
|
|
151
|
+
def new_ref
|
|
152
|
+
return unless git_source?(dependency.previous_requirements)
|
|
153
|
+
|
|
154
|
+
dependency.requirements.map do |r|
|
|
155
|
+
r.dig(:source, "ref") || r.dig(:source, :ref)
|
|
156
|
+
end.compact.first
|
|
157
|
+
end
|
|
158
|
+
|
|
134
159
|
def version_regex(version)
|
|
135
160
|
/(?:[^0-9\.]|\A)#{Regexp.escape(version || "unknown")}\z/
|
|
136
161
|
end
|
|
@@ -279,6 +304,12 @@ module Dependabot
|
|
|
279
304
|
)
|
|
280
305
|
end
|
|
281
306
|
|
|
307
|
+
def git_sha?(version)
|
|
308
|
+
return false unless version
|
|
309
|
+
|
|
310
|
+
version.match?(/^[0-9a-f]{40}$/)
|
|
311
|
+
end
|
|
312
|
+
|
|
282
313
|
def reliable_source_directory?
|
|
283
314
|
MetadataFinders::Base::PACKAGE_MANAGERS_WITH_RELIABLE_DIRECTORIES.
|
|
284
315
|
include?(dependency.package_manager)
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-common
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.82
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-02-
|
|
11
|
+
date: 2019-02-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|