dependabot-composer 0.246.0 → 0.247.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 118a4d16af508e1bcb354b4c3df9ad8592ea6496b531dd10226614b8647d0027
|
|
4
|
+
data.tar.gz: 7940777e44b23cd0c483a8300a34f0c897396487bbc52675c82f405285bf634c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a538299023942027e90ae24dfdb09805384a9adec19c94ce3022237959732fec0b4ea7666982f172a4f38d8984aafc56c1fd60f910565e8c4788bc014b32304
|
|
7
|
+
data.tar.gz: b6ac252eea9883d506350c0983c3955d74b896e0fe59b09f31ade5d67598156971f30b6c40b262c288d7cf54a1948da2100e40df985aecec4f54bbeb1ef00a5d
|
|
@@ -6,21 +6,33 @@
|
|
|
6
6
|
# https://getcomposer.org/doc/articles/versions.md#writing-version-constraints #
|
|
7
7
|
################################################################################
|
|
8
8
|
|
|
9
|
+
require "sorbet-runtime"
|
|
10
|
+
|
|
11
|
+
require "dependabot/composer/requirement"
|
|
9
12
|
require "dependabot/composer/update_checker"
|
|
10
13
|
require "dependabot/composer/version"
|
|
11
|
-
require "dependabot/
|
|
14
|
+
require "dependabot/requirements_update_strategy"
|
|
12
15
|
|
|
13
16
|
module Dependabot
|
|
14
17
|
module Composer
|
|
15
18
|
class UpdateChecker
|
|
16
19
|
class RequirementsUpdater
|
|
20
|
+
extend T::Sig
|
|
21
|
+
|
|
17
22
|
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
|
|
18
23
|
VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
|
|
19
24
|
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
|
20
25
|
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
|
21
26
|
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
|
|
22
|
-
ALLOWED_UPDATE_STRATEGIES =
|
|
23
|
-
|
|
27
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
|
28
|
+
[
|
|
29
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
|
30
|
+
RequirementsUpdateStrategy::WidenRanges,
|
|
31
|
+
RequirementsUpdateStrategy::BumpVersions,
|
|
32
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
33
|
+
].freeze,
|
|
34
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
|
35
|
+
)
|
|
24
36
|
|
|
25
37
|
def initialize(requirements:, update_strategy:,
|
|
26
38
|
latest_resolvable_version:)
|
|
@@ -36,7 +48,7 @@ module Dependabot
|
|
|
36
48
|
end
|
|
37
49
|
|
|
38
50
|
def updated_requirements
|
|
39
|
-
return requirements if update_strategy ==
|
|
51
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
40
52
|
return requirements unless latest_resolvable_version
|
|
41
53
|
|
|
42
54
|
requirements.map { |req| updated_requirement(req) }
|
|
@@ -67,13 +79,13 @@ module Dependabot
|
|
|
67
79
|
return req if numeric_or_string_reqs.none?
|
|
68
80
|
return updated_alias(req) if req_string.match?(ALIAS_REGEX)
|
|
69
81
|
return req if req_satisfied_by_latest_resolvable?(req_string) &&
|
|
70
|
-
update_strategy !=
|
|
82
|
+
update_strategy != RequirementsUpdateStrategy::BumpVersions
|
|
71
83
|
|
|
72
84
|
new_req =
|
|
73
85
|
case update_strategy
|
|
74
|
-
when
|
|
86
|
+
when RequirementsUpdateStrategy::WidenRanges
|
|
75
87
|
widen_requirement(req, or_separator)
|
|
76
|
-
when
|
|
88
|
+
when RequirementsUpdateStrategy::BumpVersions, RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
77
89
|
update_requirement_version(req, or_separator)
|
|
78
90
|
end
|
|
79
91
|
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
5
|
+
|
|
6
|
+
require "dependabot/errors"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
8
|
+
require "dependabot/shared_helpers"
|
|
5
9
|
require "dependabot/update_checkers"
|
|
6
10
|
require "dependabot/update_checkers/base"
|
|
7
|
-
require "dependabot/shared_helpers"
|
|
8
|
-
require "dependabot/errors"
|
|
9
11
|
|
|
10
12
|
module Dependabot
|
|
11
13
|
module Composer
|
|
@@ -70,15 +72,15 @@ module Dependabot
|
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
def requirements_unlocked_or_can_be?
|
|
73
|
-
requirements_update_strategy !=
|
|
75
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
|
74
76
|
end
|
|
75
77
|
|
|
76
78
|
def requirements_update_strategy
|
|
77
79
|
# If passed in as an option (in the base class) honour that option
|
|
78
|
-
return @requirements_update_strategy
|
|
80
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
|
79
81
|
|
|
80
82
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
81
|
-
library? ?
|
|
83
|
+
library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
82
84
|
end
|
|
83
85
|
|
|
84
86
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -272,7 +286,7 @@ licenses:
|
|
|
272
286
|
- Nonstandard
|
|
273
287
|
metadata:
|
|
274
288
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
275
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
289
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
276
290
|
post_install_message:
|
|
277
291
|
rdoc_options: []
|
|
278
292
|
require_paths:
|