dependabot-core 0.86.17 → 0.86.18
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/helpers/npm/package.json +1 -1
- data/helpers/npm/yarn.lock +4 -4
- data/helpers/yarn/package.json +1 -1
- data/helpers/yarn/yarn.lock +4 -4
- data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +35 -20
- data/lib/dependabot/update_checkers/php/composer.rb +11 -1
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f21bbdf41e2e8d4af7b0dca36eb0936edbb2b3a8caeece17733698c641e44b2
|
4
|
+
data.tar.gz: bf2d55c6e586d4b205b7b9ade1d8cc3cdc8d0f79f9ff2d156c854cffd307d1bf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '01106807ae7db8c7e7fdc081bd62b67d51c2a492c566c037b6d9c01b49a219f5bec5574d5cb6a0ef67e41157e853408dd750030a437274655bfd81c7c7606772'
|
7
|
+
data.tar.gz: c026e17253882ab49466c5ea32a5d0116ea4820573bd389a15c9a40db4bd765f6c450a3e3388633e89945794a6508898eb62b3efdf8e89fbe5d6d40ab7df19b4
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
## v0.86.18, 30 December 2018
|
2
|
+
|
3
|
+
- PHP: Handle > requirements correctly when bumping versions
|
4
|
+
- PHP: Add widen_ranges update strategy to PHP
|
5
|
+
- PHP: Allow update strategy to be passed as an option
|
6
|
+
|
1
7
|
## v0.86.17, 27 December 2018
|
2
8
|
|
3
9
|
- Add ext-sqlite3 support for PHP by adding in Dockerfile
|
data/helpers/npm/package.json
CHANGED
data/helpers/npm/yarn.lock
CHANGED
@@ -1453,10 +1453,10 @@ escodegen@^1.9.0:
|
|
1453
1453
|
optionalDependencies:
|
1454
1454
|
source-map "~0.6.1"
|
1455
1455
|
|
1456
|
-
eslint-plugin-prettier@3.0.
|
1457
|
-
version "3.0.
|
1458
|
-
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.
|
1459
|
-
integrity sha512
|
1456
|
+
eslint-plugin-prettier@3.0.1:
|
1457
|
+
version "3.0.1"
|
1458
|
+
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.1.tgz#19d521e3981f69dd6d14f64aec8c6a6ac6eb0b0d"
|
1459
|
+
integrity sha512-/PMttrarPAY78PLvV3xfWibMOdMDl57hmlQ2XqFeA37wd+CJ7WSxV7txqjVPHi/AAFKd2lX0ZqfsOc/i5yFCSQ==
|
1460
1460
|
dependencies:
|
1461
1461
|
prettier-linter-helpers "^1.0.0"
|
1462
1462
|
|
data/helpers/yarn/package.json
CHANGED
data/helpers/yarn/yarn.lock
CHANGED
@@ -1256,10 +1256,10 @@ escodegen@^1.9.0:
|
|
1256
1256
|
optionalDependencies:
|
1257
1257
|
source-map "~0.5.6"
|
1258
1258
|
|
1259
|
-
eslint-plugin-prettier@3.0.
|
1260
|
-
version "3.0.
|
1261
|
-
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.
|
1262
|
-
integrity sha512
|
1259
|
+
eslint-plugin-prettier@3.0.1:
|
1260
|
+
version "3.0.1"
|
1261
|
+
resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.1.tgz#19d521e3981f69dd6d14f64aec8c6a6ac6eb0b0d"
|
1262
|
+
integrity sha512-/PMttrarPAY78PLvV3xfWibMOdMDl57hmlQ2XqFeA37wd+CJ7WSxV7txqjVPHi/AAFKd2lX0ZqfsOc/i5yFCSQ==
|
1263
1263
|
dependencies:
|
1264
1264
|
prettier-linter-helpers "^1.0.0"
|
1265
1265
|
|
@@ -21,11 +21,15 @@ module Dependabot
|
|
21
21
|
/(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
|
22
22
|
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
|
23
23
|
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
|
24
|
+
ALLOWED_UPDATE_STRATEGIES =
|
25
|
+
%i(widen_ranges bump_versions bump_versions_if_necessary).freeze
|
24
26
|
|
25
|
-
def initialize(requirements:,
|
27
|
+
def initialize(requirements:, update_strategy:,
|
26
28
|
latest_version:, latest_resolvable_version:)
|
27
29
|
@requirements = requirements
|
28
|
-
@
|
30
|
+
@update_strategy = update_strategy
|
31
|
+
|
32
|
+
check_update_strategy
|
29
33
|
|
30
34
|
if latest_version
|
31
35
|
@latest_version = version_class.new(latest_version)
|
@@ -45,9 +49,17 @@ module Dependabot
|
|
45
49
|
|
46
50
|
private
|
47
51
|
|
48
|
-
attr_reader :requirements, :
|
52
|
+
attr_reader :requirements, :update_strategy,
|
53
|
+
:latest_version, :latest_resolvable_version
|
54
|
+
|
55
|
+
def check_update_strategy
|
56
|
+
return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
|
57
|
+
|
58
|
+
raise "Unknown update strategy: #{update_strategy}"
|
59
|
+
end
|
49
60
|
|
50
61
|
# rubocop:disable Metrics/PerceivedComplexity
|
62
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
51
63
|
def updated_requirement(req)
|
52
64
|
req_string = req[:requirement].strip
|
53
65
|
or_string_reqs = req_string.split(OR_SEPARATOR)
|
@@ -60,11 +72,15 @@ module Dependabot
|
|
60
72
|
return req unless req_string.match?(/\d/)
|
61
73
|
return req if numeric_or_string_reqs.none?
|
62
74
|
return updated_alias(req) if req_string.match?(ALIAS_REGEX)
|
63
|
-
return req if req_satisfied_by_latest_resolvable?(req_string)
|
75
|
+
return req if req_satisfied_by_latest_resolvable?(req_string) &&
|
76
|
+
update_strategy != :bump_versions
|
64
77
|
|
65
78
|
new_req =
|
66
|
-
|
67
|
-
|
79
|
+
case update_strategy
|
80
|
+
when :widen_ranges
|
81
|
+
widen_requirement(req, or_separator)
|
82
|
+
when :bump_versions, :bump_versions_if_necessary
|
83
|
+
update_requirement_version(req, or_separator)
|
68
84
|
end
|
69
85
|
|
70
86
|
new_req_string =
|
@@ -72,6 +88,7 @@ module Dependabot
|
|
72
88
|
new_req.merge(requirement: new_req_string)
|
73
89
|
end
|
74
90
|
# rubocop:enable Metrics/PerceivedComplexity
|
91
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
75
92
|
|
76
93
|
def updated_alias(req)
|
77
94
|
req_string = req[:requirement]
|
@@ -86,17 +103,17 @@ module Dependabot
|
|
86
103
|
req.merge(requirement: new_req)
|
87
104
|
end
|
88
105
|
|
89
|
-
def
|
90
|
-
@library
|
91
|
-
end
|
92
|
-
|
93
|
-
def updated_app_requirement(req, or_separator)
|
106
|
+
def widen_requirement(req, or_separator)
|
94
107
|
current_requirement = req[:requirement]
|
95
108
|
reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
|
96
109
|
|
97
110
|
updated_requirement =
|
98
|
-
if reqs.
|
99
|
-
|
111
|
+
if reqs.any? { |r| r.start_with?("^") }
|
112
|
+
update_caret_requirement(current_requirement, or_separator)
|
113
|
+
elsif reqs.any? { |r| r.start_with?("~") }
|
114
|
+
update_tilda_requirement(current_requirement, or_separator)
|
115
|
+
elsif reqs.any? { |r| r.include?("*") }
|
116
|
+
update_wildcard_requirement(current_requirement, or_separator)
|
100
117
|
elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
|
101
118
|
update_range_requirement(current_requirement, or_separator)
|
102
119
|
else
|
@@ -106,19 +123,17 @@ module Dependabot
|
|
106
123
|
req.merge(requirement: updated_requirement)
|
107
124
|
end
|
108
125
|
|
109
|
-
def
|
126
|
+
def update_requirement_version(req, or_separator)
|
110
127
|
current_requirement = req[:requirement]
|
111
128
|
reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
|
112
129
|
|
113
130
|
updated_requirement =
|
114
|
-
if reqs.
|
115
|
-
|
116
|
-
elsif reqs.any? { |r| r.start_with?("~") }
|
117
|
-
update_tilda_requirement(current_requirement, or_separator)
|
118
|
-
elsif reqs.any? { |r| r.include?("*") }
|
119
|
-
update_wildcard_requirement(current_requirement, or_separator)
|
131
|
+
if reqs.count > 1
|
132
|
+
"^#{latest_resolvable_version}"
|
120
133
|
elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
|
121
134
|
update_range_requirement(current_requirement, or_separator)
|
135
|
+
elsif reqs.any? { |r| r.match?(/>[^=]/) }
|
136
|
+
current_requirement
|
122
137
|
else
|
123
138
|
update_version_string(current_requirement)
|
124
139
|
end
|
@@ -52,10 +52,20 @@ module Dependabot
|
|
52
52
|
requirements: dependency.requirements,
|
53
53
|
latest_version: latest_version&.to_s,
|
54
54
|
latest_resolvable_version: latest_resolvable_version&.to_s,
|
55
|
-
|
55
|
+
update_strategy: requirements_update_strategy
|
56
56
|
).updated_requirements
|
57
57
|
end
|
58
58
|
|
59
|
+
def requirements_update_strategy
|
60
|
+
# If passed in as an option (in the base class) honour that option
|
61
|
+
if @requirements_update_strategy
|
62
|
+
return @requirements_update_strategy.to_sym
|
63
|
+
end
|
64
|
+
|
65
|
+
# Otherwise, widen ranges for libraries and bump versions for apps
|
66
|
+
library? ? :widen_ranges : :bump_versions_if_necessary
|
67
|
+
end
|
68
|
+
|
59
69
|
private
|
60
70
|
|
61
71
|
def latest_version_resolvable_with_full_unlock?
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.86.
|
4
|
+
version: 0.86.18
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-12-
|
11
|
+
date: 2018-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-ecr
|