dependabot-core 0.85.2 → 0.85.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +3 -3
- data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +40 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae690b38c7293ceabf4f56d82deb2d613f6da6edea787473ff03f641f2cf49ae
|
|
4
|
+
data.tar.gz: d3a0b0143f332c15f332bdf3fb92f624bd01778016fccbf5d2d8b997d0683a94
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28ded14ae4261b7609e2c778dcb6c2f81600f2e9e8df19a6b12f40549ba668a06b24cd0fae42d1e2a57c1a8b837521c12a8e6fed08296c7e59ee16f6460e48da
|
|
7
|
+
data.tar.gz: 88a74d07d5218c5f2fbbfec86394566b0e06916ef32e65bd53f6906d08803e85a1f209f196868a09c8f051b88763ba10bf4685b16590b2db9cb960166f78b0d6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## v0.85.3, 17 December 2018
|
|
2
|
+
|
|
3
|
+
- Rust: Ignore aliased dependencies
|
|
4
|
+
- Bump cython from 0.29.1 to 0.29.2 in /python/helpers
|
|
5
|
+
- Ruby: More careful replacement of equality matcher requirements
|
|
6
|
+
|
|
1
7
|
## v0.85.2, 15 December 2018
|
|
2
8
|
|
|
3
9
|
- Switch Ruby RequirementsUpdater logic to use an update strategy, which can be
|
data/README.md
CHANGED
|
@@ -47,9 +47,9 @@ Before running Dependabot Core, install dependencies for the core library and
|
|
|
47
47
|
the helpers:
|
|
48
48
|
|
|
49
49
|
1. `bundle install`
|
|
50
|
-
2. `cd helpers/yarn && yarn install && cd -`
|
|
51
|
-
3. `cd helpers/npm && yarn install && cd -`
|
|
52
|
-
4. `cd helpers/php && composer install && cd -`
|
|
50
|
+
2. `cd helpers/yarn && yarn install --production && cd -`
|
|
51
|
+
3. `cd helpers/npm && yarn install --production && cd -`
|
|
52
|
+
4. `cd helpers/php && composer install --no-dev && cd -`
|
|
53
53
|
5. `cd helpers/python && pyenv exec pip install -r requirements.txt && cd -`
|
|
54
54
|
6. `cd helpers/elixir && mix deps.get && cd -`
|
|
55
55
|
|
|
@@ -101,9 +101,13 @@ module Dependabot
|
|
|
101
101
|
|
|
102
102
|
quote_characters = extract_quote_characters_from(req_nodes)
|
|
103
103
|
space_after_specifier = space_after_specifier?(req_nodes)
|
|
104
|
+
use_equality_operator = use_equality_operator?(req_nodes)
|
|
104
105
|
|
|
105
|
-
new_req =
|
|
106
|
-
|
|
106
|
+
new_req = new_requirement_string(
|
|
107
|
+
quote_characters: quote_characters,
|
|
108
|
+
space_after_specifier: space_after_specifier,
|
|
109
|
+
use_equality_operator: use_equality_operator
|
|
110
|
+
)
|
|
107
111
|
if req_nodes.any?
|
|
108
112
|
replace(range_for(req_nodes), new_req)
|
|
109
113
|
else
|
|
@@ -166,17 +170,48 @@ module Dependabot
|
|
|
166
170
|
req_string.include?(" ")
|
|
167
171
|
end
|
|
168
172
|
|
|
169
|
-
def
|
|
173
|
+
def use_equality_operator?(requirement_nodes)
|
|
174
|
+
return true if requirement_nodes.none?
|
|
175
|
+
|
|
176
|
+
req_string =
|
|
177
|
+
case requirement_nodes.first.type
|
|
178
|
+
when :str, :dstr
|
|
179
|
+
requirement_nodes.first.loc.expression.source
|
|
180
|
+
else
|
|
181
|
+
requirement_nodes.first.children.first.loc.expression.source
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
req_string.match?(/(?<![<>])=/)
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
def new_requirement_string(quote_characters:,
|
|
188
|
+
space_after_specifier:,
|
|
189
|
+
use_equality_operator:)
|
|
170
190
|
open_quote, close_quote = quote_characters
|
|
171
191
|
new_requirement_string =
|
|
172
192
|
updated_requirement.split(",").
|
|
173
|
-
map
|
|
174
|
-
|
|
193
|
+
map do |r|
|
|
194
|
+
req_string = serialized_req(r, use_equality_operator)
|
|
195
|
+
%(#{open_quote}#{req_string}#{close_quote})
|
|
196
|
+
end.join(", ")
|
|
175
197
|
|
|
176
198
|
new_requirement_string.delete!(" ") unless space_after_specifier
|
|
177
199
|
new_requirement_string
|
|
178
200
|
end
|
|
179
201
|
|
|
202
|
+
def serialized_req(req, use_equality_operator)
|
|
203
|
+
tmp_req = req
|
|
204
|
+
|
|
205
|
+
# Gem::Requirement serializes exact matches as a string starting
|
|
206
|
+
# with `=`. We may need to remove that equality operator if it
|
|
207
|
+
# wasn't used originally.
|
|
208
|
+
unless use_equality_operator
|
|
209
|
+
tmp_req = tmp_req.gsub(/(?<![<>])=/, "")
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
tmp_req.strip
|
|
213
|
+
end
|
|
214
|
+
|
|
180
215
|
def range_for(nodes)
|
|
181
216
|
nodes.first.loc.begin.begin.join(nodes.last.loc.expression)
|
|
182
217
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.85.
|
|
4
|
+
version: 0.85.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-12-
|
|
11
|
+
date: 2018-12-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|