dependabot-core 0.85.1 → 0.85.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7795dec16ed2faddc3c1aa3faf2269f7e77ab18d2acba712fae3afa3da62afa2
-  data.tar.gz: e489fc74f4e04a45e3382df09994c66dac50398f5bc880ff97249a9d27591ce7
+  metadata.gz: b4b3dd68b4786b8b1602aa9d0f8c563f66d9ae3798185b264a14d0f8f75959c8
+  data.tar.gz: b562a58b0033ab24a006ff16a0670277071d85f057777176f0c44c8bf060e372
 SHA512:
-  metadata.gz: b5b058a4ee5e64591feb70ed909457f090cbecde3c018603e5c2d9df2696775ec97be33dff70899e7729e44759ba573a67047ae05537da21b6bb779ef1315860
-  data.tar.gz: 7def02ef107084e3521b09e7880ba8b6d863262217c23dcaef854d4568e7b0e0a857c3bd07eb03759695e7f89367c4a19460ef0ff5df49a5d6f88e671c32741d
+  metadata.gz: 75a95ebfcd8a6a197123e46f92816fe9a12d671b3e2c9183d9157bf56bbd5f4f77102db8033771c049986ece70a1cb124ea894b9ff5c3dfe21ff224d9a68d904
+  data.tar.gz: 4759805a3f79fda1817ae8b7eb82e874d2a46dfb7be3d9afab11f0b18a95476dd82feca911dd21e1698de2f374374ade64b0aabb4b3bcb653795cfe0ac18b0d4

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## v0.85.2, 15 December 2018
+
+- Switch Ruby RequirementsUpdater logic to use an update strategy, which can be
+  provided as either `bump_verions` or `bump_versions_if_necessary`
+
 ## v0.85.1, 15 December 2018
 
 - JS: Group PRs for tightly couple monorepo deps (currently just Vue)

data/lib/dependabot/update_checkers/ruby/bundler.rb

@@ -46,7 +46,7 @@ module Dependabot
         def updated_requirements
           RequirementsUpdater.new(
             requirements: dependency.requirements,
-            library: library?,
+            update_strategy: requirements_update_strategy,
             updated_source: updated_source,
             latest_version: latest_version_details&.fetch(:version)&.to_s,
             latest_resolvable_version:
@@ -72,6 +72,16 @@ module Dependabot
             end
         end
 
+        def requirements_update_strategy
+          # If passed in as an option (in the base class) honour that option
+          if @requirements_update_strategy
+            return @requirements_update_strategy.to_sym
+          end
+
+          # Otherwise, widen ranges for libraries and bump versions for apps
+          dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
+        end
+
         private
 
         def latest_version_resolvable_with_full_unlock?
@@ -90,10 +100,6 @@ module Dependabot
           false
         end
 
-        def library?
-          dependency.version.nil?
-        end
-
         def updated_dependencies_after_full_unlock
           force_updater.updated_dependencies
         end
@@ -261,7 +267,8 @@ module Dependabot
               dependency: dependency,
               dependency_files: dependency_files,
               credentials: credentials,
-              target_version: latest_version
+              target_version: latest_version,
+              requirements_update_strategy: requirements_update_strategy
             )
         end
 

data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb

@@ -17,11 +17,12 @@ module Dependabot
       class Bundler
         class ForceUpdater
           def initialize(dependency:, dependency_files:, credentials:,
-                         target_version:)
-            @dependency       = dependency
-            @dependency_files = dependency_files
-            @credentials      = credentials
-            @target_version   = target_version
+                         target_version:, requirements_update_strategy:)
+            @dependency                   = dependency
+            @dependency_files             = dependency_files
+            @credentials                  = credentials
+            @target_version               = target_version
+            @requirements_update_strategy = requirements_update_strategy
           end
 
           def updated_dependencies
@@ -31,7 +32,7 @@ module Dependabot
           private
 
           attr_reader :dependency, :dependency_files, :credentials,
-                      :target_version
+                      :target_version, :requirements_update_strategy
 
           def force_update
             in_a_temporary_bundler_context do
@@ -200,7 +201,7 @@ module Dependabot
               requirements:
                 RequirementsUpdater.new(
                   requirements: original_dep.requirements,
-                  library: library?,
+                  update_strategy: requirements_update_strategy,
                   updated_source: source_for(original_dep),
                   latest_version: updated_spec.version.to_s,
                   latest_resolvable_version: updated_spec.version.to_s
@@ -232,10 +233,6 @@ module Dependabot
             lockfile.content.gsub(re, "")
           end
 
-          def library?
-            dependency.version.nil?
-          end
-
           def write_temporary_dependency_files
             dependency_files.each do |file|
               path = file.name

data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb

@@ -9,14 +9,17 @@ module Dependabot
         class RequirementsUpdater
           class UnfixableRequirement < StandardError; end
 
-          def initialize(requirements:, library:, updated_source:,
+          ALLOWED_UPDATE_STRATEGIES =
+            %i(bump_versions bump_versions_if_necessary).freeze
+
+          def initialize(requirements:, update_strategy:, updated_source:,
                          latest_version:, latest_resolvable_version:)
             @requirements = requirements
-
-            @library = library
-
             @latest_version = Gem::Version.new(latest_version) if latest_version
             @updated_source = updated_source
+            @update_strategy = update_strategy
+
+            check_update_strategy
 
             return unless latest_resolvable_version
 
@@ -27,11 +30,11 @@ module Dependabot
           def updated_requirements
             requirements.map do |req|
               if req[:file].match?(/\.gemspec/)
-                updated_gemspec_requirement(req)
+                update_gemspec_requirement(req)
               else
                 # If a requirement doesn't come from a gemspec, it must be from
                 # a Gemfile.
-                updated_gemfile_requirement(req)
+                update_gemfile_requirement(req)
               end
             end
           end
@@ -39,17 +42,35 @@ module Dependabot
           private
 
           attr_reader :requirements, :updated_source,
-                      :latest_version, :latest_resolvable_version
+                      :latest_version, :latest_resolvable_version,
+                      :update_strategy
+
+          def check_update_strategy
+            return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
 
-          def library?
-            @library
+            raise "Unknown update strategy: #{update_strategy}"
           end
 
-          def updated_gemfile_requirement(req)
+          def update_gemfile_requirement(req)
             req = req.merge(source: updated_source)
             return req unless latest_resolvable_version
-            return req if library? && new_version_satisfies?(req)
 
+            case update_strategy
+            when :bump_versions
+              update_version_requirement(req)
+            when :bump_versions_if_necessary
+              update_version_requirement_if_needed(req)
+            else raise "Unexpected update strategy: #{update_strategy}"
+            end
+          end
+
+          def update_version_requirement_if_needed(req)
+            return req if new_version_satisfies?(req)
+
+            update_version_requirement(req)
+          end
+
+          def update_version_requirement(req)
             requirements =
               req[:requirement].split(",").map { |r| Gem::Requirement.new(r) }
 
@@ -106,7 +127,7 @@ module Dependabot
           end
 
           # rubocop:disable Metrics/PerceivedComplexity
-          def updated_gemspec_requirement(req)
+          def update_gemspec_requirement(req)
             return req unless latest_version && latest_resolvable_version
 
             requirements =
@@ -120,10 +141,8 @@ module Dependabot
               requirements.flat_map do |r|
                 next r if requirement_satisfied?(r, req[:groups])
 
-                if req[:groups] == ["development"]
-                  fixed_development_requirements(r)
-                else
-                  fixed_requirements(r)
+                if req[:groups] == ["development"] then bumped_requirements(r)
+                else widened_requirements(r)
                 end
               end
 
@@ -158,7 +177,7 @@ module Dependabot
             binding_reqs.sort_by { |r| r.requirements.first.last }
           end
 
-          def fixed_requirements(req)
+          def widened_requirements(req)
             op, version = req.requirements.first
 
             case op
@@ -176,7 +195,7 @@ module Dependabot
             end
           end
 
-          def fixed_development_requirements(req)
+          def bumped_requirements(req)
             op, version = req.requirements.first
 
             case op

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.85.1"
+  VERSION = "0.85.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.85.1
+  version: 0.85.2
 platform: ruby
 authors:
 - Dependabot