dependabot-core 0.85.2 → 0.85.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +3 -3
- data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +40 -5
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae690b38c7293ceabf4f56d82deb2d613f6da6edea787473ff03f641f2cf49ae
|
|
4
|
+
data.tar.gz: d3a0b0143f332c15f332bdf3fb92f624bd01778016fccbf5d2d8b997d0683a94
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28ded14ae4261b7609e2c778dcb6c2f81600f2e9e8df19a6b12f40549ba668a06b24cd0fae42d1e2a57c1a8b837521c12a8e6fed08296c7e59ee16f6460e48da
|
|
7
|
+
data.tar.gz: 88a74d07d5218c5f2fbbfec86394566b0e06916ef32e65bd53f6906d08803e85a1f209f196868a09c8f051b88763ba10bf4685b16590b2db9cb960166f78b0d6
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## v0.85.3, 17 December 2018
|
|
2
|
+
|
|
3
|
+
- Rust: Ignore aliased dependencies
|
|
4
|
+
- Bump cython from 0.29.1 to 0.29.2 in /python/helpers
|
|
5
|
+
- Ruby: More careful replacement of equality matcher requirements
|
|
6
|
+
|
|
1
7
|
## v0.85.2, 15 December 2018
|
|
2
8
|
|
|
3
9
|
- Switch Ruby RequirementsUpdater logic to use an update strategy, which can be
|
data/README.md
CHANGED
|
@@ -47,9 +47,9 @@ Before running Dependabot Core, install dependencies for the core library and
|
|
|
47
47
|
the helpers:
|
|
48
48
|
|
|
49
49
|
1. `bundle install`
|
|
50
|
-
2. `cd helpers/yarn && yarn install && cd -`
|
|
51
|
-
3. `cd helpers/npm && yarn install && cd -`
|
|
52
|
-
4. `cd helpers/php && composer install && cd -`
|
|
50
|
+
2. `cd helpers/yarn && yarn install --production && cd -`
|
|
51
|
+
3. `cd helpers/npm && yarn install --production && cd -`
|
|
52
|
+
4. `cd helpers/php && composer install --no-dev && cd -`
|
|
53
53
|
5. `cd helpers/python && pyenv exec pip install -r requirements.txt && cd -`
|
|
54
54
|
6. `cd helpers/elixir && mix deps.get && cd -`
|
|
55
55
|
|
|
@@ -101,9 +101,13 @@ module Dependabot
|
|
|
101
101
|
|
|
102
102
|
quote_characters = extract_quote_characters_from(req_nodes)
|
|
103
103
|
space_after_specifier = space_after_specifier?(req_nodes)
|
|
104
|
+
use_equality_operator = use_equality_operator?(req_nodes)
|
|
104
105
|
|
|
105
|
-
new_req =
|
|
106
|
-
|
|
106
|
+
new_req = new_requirement_string(
|
|
107
|
+
quote_characters: quote_characters,
|
|
108
|
+
space_after_specifier: space_after_specifier,
|
|
109
|
+
use_equality_operator: use_equality_operator
|
|
110
|
+
)
|
|
107
111
|
if req_nodes.any?
|
|
108
112
|
replace(range_for(req_nodes), new_req)
|
|
109
113
|
else
|
|
@@ -166,17 +170,48 @@ module Dependabot
|
|
|
166
170
|
req_string.include?(" ")
|
|
167
171
|
end
|
|
168
172
|
|
|
169
|
-
def
|
|
173
|
+
def use_equality_operator?(requirement_nodes)
|
|
174
|
+
return true if requirement_nodes.none?
|
|
175
|
+
|
|
176
|
+
req_string =
|
|
177
|
+
case requirement_nodes.first.type
|
|
178
|
+
when :str, :dstr
|
|
179
|
+
requirement_nodes.first.loc.expression.source
|
|
180
|
+
else
|
|
181
|
+
requirement_nodes.first.children.first.loc.expression.source
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
req_string.match?(/(?<![<>])=/)
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
def new_requirement_string(quote_characters:,
|
|
188
|
+
space_after_specifier:,
|
|
189
|
+
use_equality_operator:)
|
|
170
190
|
open_quote, close_quote = quote_characters
|
|
171
191
|
new_requirement_string =
|
|
172
192
|
updated_requirement.split(",").
|
|
173
|
-
map
|
|
174
|
-
|
|
193
|
+
map do |r|
|
|
194
|
+
req_string = serialized_req(r, use_equality_operator)
|
|
195
|
+
%(#{open_quote}#{req_string}#{close_quote})
|
|
196
|
+
end.join(", ")
|
|
175
197
|
|
|
176
198
|
new_requirement_string.delete!(" ") unless space_after_specifier
|
|
177
199
|
new_requirement_string
|
|
178
200
|
end
|
|
179
201
|
|
|
202
|
+
def serialized_req(req, use_equality_operator)
|
|
203
|
+
tmp_req = req
|
|
204
|
+
|
|
205
|
+
# Gem::Requirement serializes exact matches as a string starting
|
|
206
|
+
# with `=`. We may need to remove that equality operator if it
|
|
207
|
+
# wasn't used originally.
|
|
208
|
+
unless use_equality_operator
|
|
209
|
+
tmp_req = tmp_req.gsub(/(?<![<>])=/, "")
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
tmp_req.strip
|
|
213
|
+
end
|
|
214
|
+
|
|
180
215
|
def range_for(nodes)
|
|
181
216
|
nodes.first.loc.begin.begin.join(nodes.last.loc.expression)
|
|
182
217
|
end
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.85.
|
|
4
|
+
version: 0.85.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-12-
|
|
11
|
+
date: 2018-12-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-ecr
|