dependabot-core 0.76.8 → 0.76.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +1 -1
  4. data/lib/dependabot/update_checkers/python/pip.rb +1 -1
  5. data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +1 -1
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ad3c731aaf6e231e58e492f66c340298ae97adb594ad378bcc872ef060577228
4
- data.tar.gz: 37090c354d45763a163bdc30323532ce953d762c5a0af97496359fae180a15b8
3
+ metadata.gz: 8263437314badd3211ef9b05a237001109779594a212dd43647aaa4a3540f024
4
+ data.tar.gz: dea9808860771764d44ecf99ad672a02534f35d1aab936bb80a7e6e46de180be
5
5
  SHA512:
6
- metadata.gz: 9b16a7ee8bb5a809efe74153d7ceded814736f8d0f01579134b8a6284bc7a96bc44f8433dd5181d5778b20ec460c0136f218885097c03b314f514c5523394007
7
- data.tar.gz: 17e73ab1ef67a9cc065dd1fcca7e484cefb83b41a54a1e993aba10a8b74e34d6eb76820b2ab47bda550729dcc00adf83ae3dd60fac717448214297fcf9042923
6
+ metadata.gz: 3dc45b44c8463d94a5cb93dd78ab74daa46edcaf4299f3b072e8c37ee62daec83eccd02b3d0eaa64d1d11df91f11405797e0c31b855dfeb7af96c7e508e25269
7
+ data.tar.gz: fa949117d4e16394d55b6027dfc72aa58321508ebf84828c946b810c273fe54a0321ee66552134c64bb3507a9a1199c92270b77b4335e833a88ea6fb6df861e2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## v0.76.9, 6 December 2018
2
+
3
+ - Python: Handle bare version requirements in the RequirementUpdater
4
+
1
5
  ## v0.76.8, 6 December 2018
2
6
 
3
7
  - JS: Build relative paths for path dependencies of unfetchable path
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb CHANGED
@@ -79,7 +79,7 @@ module Dependabot
79
79
  end
80
80
 
81
81
  # If an unfetchable path dependency itself has path dependencies
82
- # then the paths in the yarn.lock for them will be absolute, not
82
+ # then the paths in the yarn.lock for them will be absolute, not
83
83
  # relative. Worse, they may point to the user's local cache.
84
84
  # We work around this by constructing a relative path to the
85
85
  # (second-level) path dependencies.
data/lib/dependabot/update_checkers/python/pip.rb CHANGED
@@ -78,7 +78,7 @@ module Dependabot
78
78
  latest_version: latest_version&.to_s,
79
79
  latest_resolvable_version: latest_resolvable_version&.to_s,
80
80
  update_strategy: requirements_update_strategy,
81
- has_lockfile: pipfile_lock || poetry_lock || pyproject_lock
81
+ has_lockfile: !(pipfile_lock || poetry_lock || pyproject_lock).nil?
82
82
  ).updated_requirements
83
83
  end
84
84
 
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb CHANGED
@@ -194,7 +194,7 @@ module Dependabot
194
194
  requirement_strings = req[:requirement].split(",").map(&:strip)
195
195
 
196
196
  new_requirement =
197
- if requirement_strings.any? { |r| r.start_with?("=") }
197
+ if requirement_strings.any? { |r| r.match?(/^[=\d]/) }
198
198
  find_and_update_equality_match(requirement_strings)
199
199
  elsif requirement_strings.any? { |r| r.start_with?("~=") }
200
200
  tw_req = requirement_strings.find { |r| r.start_with?("~=") }
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.76.8"
4
+ VERSION = "0.76.9"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.76.8
4
+ version: 0.76.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot