dependabot-core 0.85.0 → 0.85.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +48 -0
  4. data/lib/dependabot/version.rb +1 -1
  5. metadata +3 -4
  6. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f56e8c0f198f3f66454b6f05ebbc30f455c49aba8f0da9052b392b2b1b61d084
4
- data.tar.gz: f7f3831108f7d86a3435f144dbc9d44ced3a04a43800084c1f6c4d1180be1778
3
+ metadata.gz: 7795dec16ed2faddc3c1aa3faf2269f7e77ab18d2acba712fae3afa3da62afa2
4
+ data.tar.gz: e489fc74f4e04a45e3382df09994c66dac50398f5bc880ff97249a9d27591ce7
5
5
  SHA512:
6
- metadata.gz: 41c9aa7701bb168005b318eab7ee9f3ebd431066f252d6e5c0a9ca600822d780bad7d420d338857e763d9e65eed1a80259c2fc271f733e9b308cf61add8d6f41
7
- data.tar.gz: 2c49b78e5e135cf85b073910781c8368f85f305abfd54a341d1592a95ba776d007e5700fc0ff8e7e075be5be50edf63018542efc4564435fd8e43897a920ec99
6
+ metadata.gz: b5b058a4ee5e64591feb70ed909457f090cbecde3c018603e5c2d9df2696775ec97be33dff70899e7729e44759ba573a67047ae05537da21b6bb779ef1315860
7
+ data.tar.gz: 7def02ef107084e3521b09e7880ba8b6d863262217c23dcaef854d4568e7b0e0a857c3bd07eb03759695e7f89367c4a19460ef0ff5df49a5d6f88e671c32741d
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## v0.85.1, 15 December 2018
2
+
3
+ - JS: Group PRs for tightly couple monorepo deps (currently just Vue)
4
+
1
5
  ## v0.85.0, 14 December 2018
2
6
 
3
7
  - Move Maven into separate gem
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb CHANGED
@@ -20,6 +20,10 @@ module Dependabot
20
20
  class VersionResolver
21
21
  require_relative "latest_version_finder"
22
22
 
23
+ TIGHTLY_COUPLED_MONOREPOS = {
24
+ "vue" => %w(vue vue-template-compiler)
25
+ }.freeze
26
+
23
27
  # Error message from yarn add:
24
28
  # " > @reach/router@1.2.1" has incorrect \
25
29
  # peer dependency "react@15.x || 16.x || 16.4.0-alpha.0911da3"
@@ -55,6 +59,7 @@ module Dependabot
55
59
 
56
60
  def latest_resolvable_version
57
61
  return latest_allowable_version if git_dependency?(dependency)
62
+ return if part_of_tightly_locked_monorepo?
58
63
 
59
64
  unless relevant_unmet_peer_dependencies.any?
60
65
  return latest_allowable_version
@@ -71,6 +76,9 @@ module Dependabot
71
76
 
72
77
  def dependency_updates_from_full_unlock
73
78
  return if git_dependency?(dependency)
79
+ if part_of_tightly_locked_monorepo?
80
+ return updated_monorepo_dependencies
81
+ end
74
82
  return if newly_broken_peer_reqs_from_dep.any?
75
83
 
76
84
  updates =
@@ -108,6 +116,46 @@ module Dependabot
108
116
  )
109
117
  end
110
118
 
119
+ def part_of_tightly_locked_monorepo?
120
+ monorepo_dep_names =
121
+ TIGHTLY_COUPLED_MONOREPOS.values.
122
+ find { |deps| deps.include?(dependency.name) }
123
+ return false unless monorepo_dep_names
124
+
125
+ deps_to_update =
126
+ top_level_dependencies.
127
+ select { |d| monorepo_dep_names.include?(d.name) }
128
+
129
+ deps_to_update.count > 1
130
+ end
131
+
132
+ def updated_monorepo_dependencies
133
+ monorepo_dep_names =
134
+ TIGHTLY_COUPLED_MONOREPOS.values.
135
+ find { |deps| deps.include?(dependency.name) }
136
+
137
+ deps_to_update =
138
+ top_level_dependencies.
139
+ select { |d| monorepo_dep_names.include?(d.name) }
140
+
141
+ updates = []
142
+ deps_to_update.each do |dep|
143
+ next if git_dependency?(dep)
144
+ next if dep.version &&
145
+ version_class.new(dep.version) >= latest_allowable_version
146
+
147
+ updated_version =
148
+ latest_version_finder(dep).
149
+ possible_versions.
150
+ find { |v| v == latest_allowable_version }
151
+ next unless updated_version
152
+
153
+ updates << { dependency: dep, version: updated_version }
154
+ end
155
+
156
+ updates
157
+ end
158
+
111
159
  def peer_dependency_errors
112
160
  return @peer_dependency_errors if @peer_dependency_errors_checked
113
161
 
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.85.0"
4
+ VERSION = "0.85.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.85.0
4
+ version: 0.85.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-14 00:00:00.000000000 Z
11
+ date: 2018-12-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-ecr
@@ -421,7 +421,6 @@ files:
421
421
  - lib/dependabot/file_updaters/php/composer.rb
422
422
  - lib/dependabot/file_updaters/php/composer/lockfile_updater.rb
423
423
  - lib/dependabot/file_updaters/php/composer/manifest_updater.rb
424
- - lib/dependabot/file_updaters/ruby/.DS_Store
425
424
  - lib/dependabot/file_updaters/ruby/bundler.rb
426
425
  - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
427
426
  - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
@@ -519,7 +518,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
519
518
  version: 2.7.3
520
519
  requirements: []
521
520
  rubyforge_project:
522
- rubygems_version: 2.7.6
521
+ rubygems_version: 2.7.7
523
522
  signing_key:
524
523
  specification_version: 4
525
524
  summary: Automated dependency management