dependabot-composer 0.106.47 → 0.107.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/update_checker.rb +31 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b5433910777689666563f4a6076c46ec065304d4b265b5cae3e2825911acee6d
|
|
4
|
+
data.tar.gz: 47754d7e6ff3c6e51f3495ccfa0fea9b116092b8c6de44ba9a8631fa5a4e3749
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7cb25a8496fc6cc25ea969ddff03cdacb77b9a3614bd141bfaa14724b450eddc14e783f0015d301dad63b54efd6b236377a8d7e9ce7ded9a43e5260a3b044d04
|
|
7
|
+
data.tar.gz: 23ed281604bb229dd0722e55d7b60da365dcd22855d2c255cb14868e5e9fc5d64d3a6f3fee25ab3ffe2f095f13d1fc1ec81d10c546b43c7e9e32b2f7db30f640
|
|
@@ -33,6 +33,17 @@ module Dependabot
|
|
|
33
33
|
).latest_resolvable_version
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
def lowest_resolvable_security_fix_version
|
|
37
|
+
raise "Dependency not vulnerable!" unless vulnerable?
|
|
38
|
+
|
|
39
|
+
if defined?(@lowest_resolvable_security_fix_version)
|
|
40
|
+
return @lowest_resolvable_security_fix_version
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
@lowest_resolvable_security_fix_version =
|
|
44
|
+
fetch_lowest_resolvable_security_fix_version
|
|
45
|
+
end
|
|
46
|
+
|
|
36
47
|
def latest_resolvable_version_with_no_unlock
|
|
37
48
|
return nil if path_dependency?
|
|
38
49
|
|
|
@@ -49,7 +60,7 @@ module Dependabot
|
|
|
49
60
|
def updated_requirements
|
|
50
61
|
RequirementsUpdater.new(
|
|
51
62
|
requirements: dependency.requirements,
|
|
52
|
-
latest_resolvable_version:
|
|
63
|
+
latest_resolvable_version: preferred_resolvable_version&.to_s,
|
|
53
64
|
update_strategy: requirements_update_strategy
|
|
54
65
|
).updated_requirements
|
|
55
66
|
end
|
|
@@ -89,6 +100,25 @@ module Dependabot
|
|
|
89
100
|
)
|
|
90
101
|
end
|
|
91
102
|
|
|
103
|
+
def fetch_lowest_resolvable_security_fix_version
|
|
104
|
+
return nil if path_dependency?
|
|
105
|
+
|
|
106
|
+
fix_version = latest_version_finder.lowest_security_fix_version
|
|
107
|
+
return latest_resolvable_version if fix_version.nil?
|
|
108
|
+
|
|
109
|
+
resolved_fix_version = VersionResolver.new(
|
|
110
|
+
credentials: credentials,
|
|
111
|
+
dependency: dependency,
|
|
112
|
+
dependency_files: dependency_files,
|
|
113
|
+
latest_allowable_version: fix_version,
|
|
114
|
+
requirements_to_unlock: :own
|
|
115
|
+
).latest_resolvable_version
|
|
116
|
+
|
|
117
|
+
return fix_version if fix_version == resolved_fix_version
|
|
118
|
+
|
|
119
|
+
latest_resolvable_version
|
|
120
|
+
end
|
|
121
|
+
|
|
92
122
|
def path_dependency?
|
|
93
123
|
dependency.requirements.any? { |r| r.dig(:source, :type) == "path" }
|
|
94
124
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.107.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.107.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.107.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|