dependabot-core 0.85.1 → 0.85.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/update_checkers/ruby/bundler.rb +13 -6
  4. data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +8 -11
  5. data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +37 -18
  6. data/lib/dependabot/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7795dec16ed2faddc3c1aa3faf2269f7e77ab18d2acba712fae3afa3da62afa2
4
- data.tar.gz: e489fc74f4e04a45e3382df09994c66dac50398f5bc880ff97249a9d27591ce7
3
+ metadata.gz: b4b3dd68b4786b8b1602aa9d0f8c563f66d9ae3798185b264a14d0f8f75959c8
4
+ data.tar.gz: b562a58b0033ab24a006ff16a0670277071d85f057777176f0c44c8bf060e372
5
5
  SHA512:
6
- metadata.gz: b5b058a4ee5e64591feb70ed909457f090cbecde3c018603e5c2d9df2696775ec97be33dff70899e7729e44759ba573a67047ae05537da21b6bb779ef1315860
7
- data.tar.gz: 7def02ef107084e3521b09e7880ba8b6d863262217c23dcaef854d4568e7b0e0a857c3bd07eb03759695e7f89367c4a19460ef0ff5df49a5d6f88e671c32741d
6
+ metadata.gz: 75a95ebfcd8a6a197123e46f92816fe9a12d671b3e2c9183d9157bf56bbd5f4f77102db8033771c049986ece70a1cb124ea894b9ff5c3dfe21ff224d9a68d904
7
+ data.tar.gz: 4759805a3f79fda1817ae8b7eb82e874d2a46dfb7be3d9afab11f0b18a95476dd82feca911dd21e1698de2f374374ade64b0aabb4b3bcb653795cfe0ac18b0d4
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## v0.85.2, 15 December 2018
2
+
3
+ - Switch Ruby RequirementsUpdater logic to use an update strategy, which can be
4
+ provided as either `bump_verions` or `bump_versions_if_necessary`
5
+
1
6
  ## v0.85.1, 15 December 2018
2
7
 
3
8
  - JS: Group PRs for tightly couple monorepo deps (currently just Vue)
data/lib/dependabot/update_checkers/ruby/bundler.rb CHANGED
@@ -46,7 +46,7 @@ module Dependabot
46
46
  def updated_requirements
47
47
  RequirementsUpdater.new(
48
48
  requirements: dependency.requirements,
49
- library: library?,
49
+ update_strategy: requirements_update_strategy,
50
50
  updated_source: updated_source,
51
51
  latest_version: latest_version_details&.fetch(:version)&.to_s,
52
52
  latest_resolvable_version:
@@ -72,6 +72,16 @@ module Dependabot
72
72
  end
73
73
  end
74
74
 
75
+ def requirements_update_strategy
76
+ # If passed in as an option (in the base class) honour that option
77
+ if @requirements_update_strategy
78
+ return @requirements_update_strategy.to_sym
79
+ end
80
+
81
+ # Otherwise, widen ranges for libraries and bump versions for apps
82
+ dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
83
+ end
84
+
75
85
  private
76
86
 
77
87
  def latest_version_resolvable_with_full_unlock?
@@ -90,10 +100,6 @@ module Dependabot
90
100
  false
91
101
  end
92
102
 
93
- def library?
94
- dependency.version.nil?
95
- end
96
-
97
103
  def updated_dependencies_after_full_unlock
98
104
  force_updater.updated_dependencies
99
105
  end
@@ -261,7 +267,8 @@ module Dependabot
261
267
  dependency: dependency,
262
268
  dependency_files: dependency_files,
263
269
  credentials: credentials,
264
- target_version: latest_version
270
+ target_version: latest_version,
271
+ requirements_update_strategy: requirements_update_strategy
265
272
  )
266
273
  end
267
274
 
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb CHANGED
@@ -17,11 +17,12 @@ module Dependabot
17
17
  class Bundler
18
18
  class ForceUpdater
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
- target_version:)
21
- @dependency = dependency
22
- @dependency_files = dependency_files
23
- @credentials = credentials
24
- @target_version = target_version
20
+ target_version:, requirements_update_strategy:)
21
+ @dependency = dependency
22
+ @dependency_files = dependency_files
23
+ @credentials = credentials
24
+ @target_version = target_version
25
+ @requirements_update_strategy = requirements_update_strategy
25
26
  end
26
27
 
27
28
  def updated_dependencies
@@ -31,7 +32,7 @@ module Dependabot
31
32
  private
32
33
 
33
34
  attr_reader :dependency, :dependency_files, :credentials,
34
- :target_version
35
+ :target_version, :requirements_update_strategy
35
36
 
36
37
  def force_update
37
38
  in_a_temporary_bundler_context do
@@ -200,7 +201,7 @@ module Dependabot
200
201
  requirements:
201
202
  RequirementsUpdater.new(
202
203
  requirements: original_dep.requirements,
203
- library: library?,
204
+ update_strategy: requirements_update_strategy,
204
205
  updated_source: source_for(original_dep),
205
206
  latest_version: updated_spec.version.to_s,
206
207
  latest_resolvable_version: updated_spec.version.to_s
@@ -232,10 +233,6 @@ module Dependabot
232
233
  lockfile.content.gsub(re, "")
233
234
  end
234
235
 
235
- def library?
236
- dependency.version.nil?
237
- end
238
-
239
236
  def write_temporary_dependency_files
240
237
  dependency_files.each do |file|
241
238
  path = file.name
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb CHANGED
@@ -9,14 +9,17 @@ module Dependabot
9
9
  class RequirementsUpdater
10
10
  class UnfixableRequirement < StandardError; end
11
11
 
12
- def initialize(requirements:, library:, updated_source:,
12
+ ALLOWED_UPDATE_STRATEGIES =
13
+ %i(bump_versions bump_versions_if_necessary).freeze
14
+
15
+ def initialize(requirements:, update_strategy:, updated_source:,
13
16
  latest_version:, latest_resolvable_version:)
14
17
  @requirements = requirements
15
-
16
- @library = library
17
-
18
18
  @latest_version = Gem::Version.new(latest_version) if latest_version
19
19
  @updated_source = updated_source
20
+ @update_strategy = update_strategy
21
+
22
+ check_update_strategy
20
23
 
21
24
  return unless latest_resolvable_version
22
25
 
@@ -27,11 +30,11 @@ module Dependabot
27
30
  def updated_requirements
28
31
  requirements.map do |req|
29
32
  if req[:file].match?(/\.gemspec/)
30
- updated_gemspec_requirement(req)
33
+ update_gemspec_requirement(req)
31
34
  else
32
35
  # If a requirement doesn't come from a gemspec, it must be from
33
36
  # a Gemfile.
34
- updated_gemfile_requirement(req)
37
+ update_gemfile_requirement(req)
35
38
  end
36
39
  end
37
40
  end
@@ -39,17 +42,35 @@ module Dependabot
39
42
  private
40
43
 
41
44
  attr_reader :requirements, :updated_source,
42
- :latest_version, :latest_resolvable_version
45
+ :latest_version, :latest_resolvable_version,
46
+ :update_strategy
47
+
48
+ def check_update_strategy
49
+ return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
43
50
 
44
- def library?
45
- @library
51
+ raise "Unknown update strategy: #{update_strategy}"
46
52
  end
47
53
 
48
- def updated_gemfile_requirement(req)
54
+ def update_gemfile_requirement(req)
49
55
  req = req.merge(source: updated_source)
50
56
  return req unless latest_resolvable_version
51
- return req if library? && new_version_satisfies?(req)
52
57
 
58
+ case update_strategy
59
+ when :bump_versions
60
+ update_version_requirement(req)
61
+ when :bump_versions_if_necessary
62
+ update_version_requirement_if_needed(req)
63
+ else raise "Unexpected update strategy: #{update_strategy}"
64
+ end
65
+ end
66
+
67
+ def update_version_requirement_if_needed(req)
68
+ return req if new_version_satisfies?(req)
69
+
70
+ update_version_requirement(req)
71
+ end
72
+
73
+ def update_version_requirement(req)
53
74
  requirements =
54
75
  req[:requirement].split(",").map { |r| Gem::Requirement.new(r) }
55
76
 
@@ -106,7 +127,7 @@ module Dependabot
106
127
  end
107
128
 
108
129
  # rubocop:disable Metrics/PerceivedComplexity
109
- def updated_gemspec_requirement(req)
130
+ def update_gemspec_requirement(req)
110
131
  return req unless latest_version && latest_resolvable_version
111
132
 
112
133
  requirements =
@@ -120,10 +141,8 @@ module Dependabot
120
141
  requirements.flat_map do |r|
121
142
  next r if requirement_satisfied?(r, req[:groups])
122
143
 
123
- if req[:groups] == ["development"]
124
- fixed_development_requirements(r)
125
- else
126
- fixed_requirements(r)
144
+ if req[:groups] == ["development"] then bumped_requirements(r)
145
+ else widened_requirements(r)
127
146
  end
128
147
  end
129
148
 
@@ -158,7 +177,7 @@ module Dependabot
158
177
  binding_reqs.sort_by { |r| r.requirements.first.last }
159
178
  end
160
179
 
161
- def fixed_requirements(req)
180
+ def widened_requirements(req)
162
181
  op, version = req.requirements.first
163
182
 
164
183
  case op
@@ -176,7 +195,7 @@ module Dependabot
176
195
  end
177
196
  end
178
197
 
179
- def fixed_development_requirements(req)
198
+ def bumped_requirements(req)
180
199
  op, version = req.requirements.first
181
200
 
182
201
  case op
data/lib/dependabot/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.85.1"
4
+ VERSION = "0.85.2"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.85.1
4
+ version: 0.85.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot