dependabot-composer 0.117.10 → 0.117.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c87f0556952c8baab0e3469f8a5d2d08de39fa1559e07e868fdae452688fc369
|
|
4
|
+
data.tar.gz: 8a4762c7eeb64e9af67aa9d8248d15a29dc390c843a5503491c171d3f2e51a88
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9edd3151a6df388c5c03698d0951a46636a1a9e6b8d2137540fdf28548e1eeb1856260957ae3e1256c9a05724634242962378178dc1f11ad846dfcd8171bbe97
|
|
7
|
+
data.tar.gz: 9c2cfe616ab20320f49c427a3ae945e814154fb4225854bc38d0b81006008fd1657839895c17dacbaed237670f31598fc0760ccf593b598ec4b9381e1abb2fbd
|
|
@@ -97,6 +97,7 @@ module Dependabot
|
|
|
97
97
|
dependency_files: dependency_files,
|
|
98
98
|
credentials: credentials,
|
|
99
99
|
ignored_versions: ignored_versions,
|
|
100
|
+
raise_on_ignored: raise_on_ignored,
|
|
100
101
|
security_advisories: security_advisories
|
|
101
102
|
)
|
|
102
103
|
end
|
|
@@ -166,7 +167,8 @@ module Dependabot
|
|
|
166
167
|
@git_commit_checker ||= Dependabot::GitCommitChecker.new(
|
|
167
168
|
dependency: dependency,
|
|
168
169
|
credentials: credentials,
|
|
169
|
-
ignored_versions: ignored_versions
|
|
170
|
+
ignored_versions: ignored_versions,
|
|
171
|
+
raise_on_ignored: raise_on_ignored
|
|
170
172
|
)
|
|
171
173
|
end
|
|
172
174
|
end
|
|
@@ -12,11 +12,13 @@ module Dependabot
|
|
|
12
12
|
class UpdateChecker
|
|
13
13
|
class LatestVersionFinder
|
|
14
14
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
15
|
-
ignored_versions:,
|
|
15
|
+
ignored_versions:, raise_on_ignored: false,
|
|
16
|
+
security_advisories:)
|
|
16
17
|
@dependency = dependency
|
|
17
18
|
@dependency_files = dependency_files
|
|
18
19
|
@credentials = credentials
|
|
19
20
|
@ignored_versions = ignored_versions
|
|
21
|
+
@raise_on_ignored = raise_on_ignored
|
|
20
22
|
@security_advisories = security_advisories
|
|
21
23
|
end
|
|
22
24
|
|
|
@@ -43,8 +45,8 @@ module Dependabot
|
|
|
43
45
|
def fetch_lowest_security_fix_version
|
|
44
46
|
versions = available_versions
|
|
45
47
|
versions = filter_prerelease_versions(versions)
|
|
46
|
-
versions = filter_ignored_versions(versions)
|
|
47
48
|
versions = filter_vulnerable_versions(versions)
|
|
49
|
+
versions = filter_ignored_versions(versions)
|
|
48
50
|
versions = filter_lower_versions(versions)
|
|
49
51
|
versions.min
|
|
50
52
|
end
|
|
@@ -56,8 +58,15 @@ module Dependabot
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def filter_ignored_versions(versions_array)
|
|
59
|
-
|
|
61
|
+
filtered =
|
|
62
|
+
versions_array.
|
|
60
63
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
64
|
+
|
|
65
|
+
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
66
|
+
raise AllVersionsIgnored
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
filtered
|
|
61
70
|
end
|
|
62
71
|
|
|
63
72
|
def filter_vulnerable_versions(versions_array)
|
|
@@ -288,7 +288,8 @@ module Dependabot
|
|
|
288
288
|
|
|
289
289
|
source = url.gsub(%r{/packages.json$}, "")
|
|
290
290
|
raise Dependabot::PrivateSourceTimedOut, source
|
|
291
|
-
elsif error.message.start_with?("Allowed memory size")
|
|
291
|
+
elsif error.message.start_with?("Allowed memory size") ||
|
|
292
|
+
error.message.start_with?("Out of memory")
|
|
292
293
|
raise Dependabot::OutOfMemory
|
|
293
294
|
elsif error.message.start_with?("Package not found in updated") &&
|
|
294
295
|
!dependency.top_level?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|