dependabot-core 0.76.8 → 0.76.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +1 -1
  4. data/lib/dependabot/update_checkers/python/pip.rb +1 -1
  5. data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +1 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ad3c731aaf6e231e58e492f66c340298ae97adb594ad378bcc872ef060577228
4
- data.tar.gz: 37090c354d45763a163bdc30323532ce953d762c5a0af97496359fae180a15b8
3
+ metadata.gz: 8263437314badd3211ef9b05a237001109779594a212dd43647aaa4a3540f024
4
+ data.tar.gz: dea9808860771764d44ecf99ad672a02534f35d1aab936bb80a7e6e46de180be
5
5
  SHA512:
6
- metadata.gz: 9b16a7ee8bb5a809efe74153d7ceded814736f8d0f01579134b8a6284bc7a96bc44f8433dd5181d5778b20ec460c0136f218885097c03b314f514c5523394007
7
- data.tar.gz: 17e73ab1ef67a9cc065dd1fcca7e484cefb83b41a54a1e993aba10a8b74e34d6eb76820b2ab47bda550729dcc00adf83ae3dd60fac717448214297fcf9042923
6
+ metadata.gz: 3dc45b44c8463d94a5cb93dd78ab74daa46edcaf4299f3b072e8c37ee62daec83eccd02b3d0eaa64d1d11df91f11405797e0c31b855dfeb7af96c7e508e25269
7
+ data.tar.gz: fa949117d4e16394d55b6027dfc72aa58321508ebf84828c946b810c273fe54a0321ee66552134c64bb3507a9a1199c92270b77b4335e833a88ea6fb6df861e2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## v0.76.9, 6 December 2018
2
+
3
+ - Python: Handle bare version requirements in the RequirementUpdater
4
+
1
5
  ## v0.76.8, 6 December 2018
2
6
 
3
7
  - JS: Build relative paths for path dependencies of unfetchable path
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb CHANGED
@@ -79,7 +79,7 @@ module Dependabot
79
79
  end
80
80
 
81
81
  # If an unfetchable path dependency itself has path dependencies
82
- # then the paths in the yarn.lock for them will be absolute, not
82
+ # then the paths in the yarn.lock for them will be absolute, not
83
83
  # relative. Worse, they may point to the user's local cache.
84
84
  # We work around this by constructing a relative path to the
85
85
  # (second-level) path dependencies.
data/lib/dependabot/update_checkers/python/pip.rb CHANGED
@@ -78,7 +78,7 @@ module Dependabot
78
78
  latest_version: latest_version&.to_s,
79
79
  latest_resolvable_version: latest_resolvable_version&.to_s,
80
80
  update_strategy: requirements_update_strategy,
81
- has_lockfile: pipfile_lock || poetry_lock || pyproject_lock
81
+ has_lockfile: !(pipfile_lock || poetry_lock || pyproject_lock).nil?
82
82
  ).updated_requirements
83
83
  end
84
84
 
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb CHANGED
@@ -194,7 +194,7 @@ module Dependabot
194
194
  requirement_strings = req[:requirement].split(",").map(&:strip)
195
195
 
196
196
  new_requirement =
197
- if requirement_strings.any? { |r| r.start_with?("=") }
197
+ if requirement_strings.any? { |r| r.match?(/^[=\d]/) }
198
198
  find_and_update_equality_match(requirement_strings)
199
199
  elsif requirement_strings.any? { |r| r.start_with?("~=") }
200
200
  tw_req = requirement_strings.find { |r| r.start_with?("~=") }
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.76.8"
4
+ VERSION = "0.76.9"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.76.8
4
+ version: 0.76.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot