dependabot-core 0.85.0 → 0.85.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f56e8c0f198f3f66454b6f05ebbc30f455c49aba8f0da9052b392b2b1b61d084
-  data.tar.gz: f7f3831108f7d86a3435f144dbc9d44ced3a04a43800084c1f6c4d1180be1778
+  metadata.gz: 7795dec16ed2faddc3c1aa3faf2269f7e77ab18d2acba712fae3afa3da62afa2
+  data.tar.gz: e489fc74f4e04a45e3382df09994c66dac50398f5bc880ff97249a9d27591ce7
 SHA512:
-  metadata.gz: 41c9aa7701bb168005b318eab7ee9f3ebd431066f252d6e5c0a9ca600822d780bad7d420d338857e763d9e65eed1a80259c2fc271f733e9b308cf61add8d6f41
-  data.tar.gz: 2c49b78e5e135cf85b073910781c8368f85f305abfd54a341d1592a95ba776d007e5700fc0ff8e7e075be5be50edf63018542efc4564435fd8e43897a920ec99
+  metadata.gz: b5b058a4ee5e64591feb70ed909457f090cbecde3c018603e5c2d9df2696775ec97be33dff70899e7729e44759ba573a67047ae05537da21b6bb779ef1315860
+  data.tar.gz: 7def02ef107084e3521b09e7880ba8b6d863262217c23dcaef854d4568e7b0e0a857c3bd07eb03759695e7f89367c4a19460ef0ff5df49a5d6f88e671c32741d

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## v0.85.1, 15 December 2018
+
+- JS: Group PRs for tightly couple monorepo deps (currently just Vue)
+
 ## v0.85.0, 14 December 2018
 
 - Move Maven into separate gem

data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb

@@ -20,6 +20,10 @@ module Dependabot
         class VersionResolver
           require_relative "latest_version_finder"
 
+          TIGHTLY_COUPLED_MONOREPOS = {
+            "vue" => %w(vue vue-template-compiler)
+          }.freeze
+
           # Error message from yarn add:
           # " > @reach/router@1.2.1" has incorrect \
           # peer dependency "react@15.x || 16.x || 16.4.0-alpha.0911da3"
@@ -55,6 +59,7 @@ module Dependabot
 
           def latest_resolvable_version
             return latest_allowable_version if git_dependency?(dependency)
+            return if part_of_tightly_locked_monorepo?
 
             unless relevant_unmet_peer_dependencies.any?
               return latest_allowable_version
@@ -71,6 +76,9 @@ module Dependabot
 
           def dependency_updates_from_full_unlock
             return if git_dependency?(dependency)
+            if part_of_tightly_locked_monorepo?
+              return updated_monorepo_dependencies
+            end
             return if newly_broken_peer_reqs_from_dep.any?
 
             updates =
@@ -108,6 +116,46 @@ module Dependabot
               )
           end
 
+          def part_of_tightly_locked_monorepo?
+            monorepo_dep_names =
+              TIGHTLY_COUPLED_MONOREPOS.values.
+              find { |deps| deps.include?(dependency.name) }
+            return false unless monorepo_dep_names
+
+            deps_to_update =
+              top_level_dependencies.
+              select { |d| monorepo_dep_names.include?(d.name) }
+
+            deps_to_update.count > 1
+          end
+
+          def updated_monorepo_dependencies
+            monorepo_dep_names =
+              TIGHTLY_COUPLED_MONOREPOS.values.
+              find { |deps| deps.include?(dependency.name) }
+
+            deps_to_update =
+              top_level_dependencies.
+              select { |d| monorepo_dep_names.include?(d.name) }
+
+            updates = []
+            deps_to_update.each do |dep|
+              next if git_dependency?(dep)
+              next if dep.version &&
+                      version_class.new(dep.version) >= latest_allowable_version
+
+              updated_version =
+                latest_version_finder(dep).
+                possible_versions.
+                find { |v| v == latest_allowable_version }
+              next unless updated_version
+
+              updates << { dependency: dep, version: updated_version }
+            end
+
+            updates
+          end
+
           def peer_dependency_errors
             return @peer_dependency_errors if @peer_dependency_errors_checked
 

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.85.0"
+  VERSION = "0.85.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.85.0
+  version: 0.85.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-14 00:00:00.000000000 Z
+date: 2018-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -421,7 +421,6 @@ files:
 - lib/dependabot/file_updaters/php/composer.rb
 - lib/dependabot/file_updaters/php/composer/lockfile_updater.rb
 - lib/dependabot/file_updaters/php/composer/manifest_updater.rb
-- lib/dependabot/file_updaters/ruby/.DS_Store
 - lib/dependabot/file_updaters/ruby/bundler.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
@@ -519,7 +518,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 2.7.3
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Automated dependency management