RubyGems - dependabot-core - Versions diffs - 0.86.18 → 0.86.19 - Mend

dependabot-core 0.86.18 → 0.86.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/dependabot/dependency.rb +1 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +1 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +1 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +1 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +1 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +1 -0
data/lib/dependabot/utils/elixir/requirement.rb +1 -0
data/lib/dependabot/utils/go/requirement.rb +1 -0
data/lib/dependabot/utils/java_script/requirement.rb +4 -0
data/lib/dependabot/utils/php/requirement.rb +1 -0
data/lib/dependabot/utils/ruby/requirement.rb +2 -0
data/lib/dependabot/version.rb +1 -1
data/lib/rubygems_requirement_patch.rb +30 -0
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f21bbdf41e2e8d4af7b0dca36eb0936edbb2b3a8caeece17733698c641e44b2
-  data.tar.gz: bf2d55c6e586d4b205b7b9ade1d8cc3cdc8d0f79f9ff2d156c854cffd307d1bf
+  metadata.gz: 6e7da9e8f60558ab04eb91b6165116d63d09ea25a728266b37a55bb76bd18f8e
+  data.tar.gz: 6d190e57fe9bafeda84f348050b2b8419fa1e97954ca502706ff19c927d06c5d
 SHA512:
-  metadata.gz: '01106807ae7db8c7e7fdc081bd62b67d51c2a492c566c037b6d9c01b49a219f5bec5574d5cb6a0ef67e41157e853408dd750030a437274655bfd81c7c7606772'
-  data.tar.gz: c026e17253882ab49466c5ea32a5d0116ea4820573bd389a15c9a40db4bd765f6c450a3e3388633e89945794a6508898eb62b3efdf8e89fbe5d6d40ab7df19b4
+  metadata.gz: 9315e59ad69ba147d6dc343c652dd54b21ccd00347b3aa385c38b9d36eeddf717a3faf800ee7a0a8ff8b4fe3176d070cc364dd1c298277e2bfcca0bcef039ed9
+  data.tar.gz: 2ccee77f7135e92436ce684607c5474acd742a43f255812c46683d12b72546b527a658d2365854225f277ebfc8dcb0405c1c547c0ad5e065e8d00f8fe5fb539e

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## v0.86.19, 31 December 2018
+- Patch Rubygems requirement equality
 ## v0.86.18, 30 December 2018
 - PHP: Handle > requirements correctly when bumping versions

data/lib/dependabot/dependency.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "rubygems_version_patch"
+require "rubygems_requirement_patch"
 module Dependabot
   class Dependency

data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require "bundler"
 require "bundler_definition_ruby_version_patch"
 require "bundler_definition_bundler_version_patch"
 require "bundler_git_source_patch"
+require "rubygems_requirement_patch"
 require "dependabot/shared_helpers"
 require "dependabot/errors"

data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "bundler_definition_ruby_version_patch"
 require "bundler_definition_bundler_version_patch"
 require "bundler_git_source_patch"
+require "rubygems_requirement_patch"
 require "dependabot/update_checkers/ruby/bundler"
 require "dependabot/update_checkers/ruby/bundler/requirements_updater"

data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "bundler_definition_ruby_version_patch"
 require "bundler_definition_bundler_version_patch"
 require "bundler_git_source_patch"
+require "rubygems_requirement_patch"
 require "excon"

data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "bundler_definition_ruby_version_patch"
 require "bundler_definition_bundler_version_patch"
 require "bundler_git_source_patch"
+require "rubygems_requirement_patch"
 require "excon"

data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "bundler_definition_ruby_version_patch"
 require "bundler_definition_bundler_version_patch"
 require "bundler_git_source_patch"
+require "rubygems_requirement_patch"
 require "excon"

data/lib/dependabot/utils/elixir/requirement.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "dependabot/utils/elixir/version"
+require "rubygems_requirement_patch"
 module Dependabot
   module Utils

data/lib/dependabot/utils/go/requirement.rb CHANGED Viewed

@@ -7,6 +7,7 @@
 ################################################################################
 require "dependabot/utils/go/version"
+require "rubygems_requirement_patch"
 module Dependabot
   module Utils

data/lib/dependabot/utils/java_script/requirement.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "dependabot/utils/java_script/version"
+require "rubygems_requirement_patch"
 module Dependabot
   module Utils
@@ -57,12 +58,14 @@ module Dependabot
         private
         # rubocop:disable Metrics/PerceivedComplexity
+        # rubocop:disable Metrics/CyclomaticComplexity
         def convert_js_constraint_to_ruby_constraint(req_string)
           return req_string if req_string.match?(/^([A-Za-uw-z]|v[^\d])/)
           req_string = req_string.gsub(/(?:\.|^)[xX*]/, "")
           if req_string.empty? then ">= 0"
+          elsif req_string.start_with?("~>") then req_string
           elsif req_string.start_with?("~") then convert_tilde_req(req_string)
           elsif req_string.start_with?("^") then convert_caret_req(req_string)
           elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
@@ -71,6 +74,7 @@ module Dependabot
           end
         end
         # rubocop:enable Metrics/PerceivedComplexity
+        # rubocop:enable Metrics/CyclomaticComplexity
         def convert_tilde_req(req_string)
           version = req_string.gsub(/^~\>?/, "")

data/lib/dependabot/utils/php/requirement.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require "dependabot/utils/php/version"
+require "rubygems_requirement_patch"
 module Dependabot
   module Utils

data/lib/dependabot/utils/ruby/requirement.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "rubygems_requirement_patch"
 module Dependabot
   module Utils
     module Ruby

data/lib/dependabot/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dependabot
-  VERSION = "0.86.18"
+  VERSION = "0.86.19"
 end

data/lib/rubygems_requirement_patch.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require "rubygems/requirement"
+# See https://github.com/rubygems/rubygems/pull/2554
+module Gem
+  class Requirement
+    # rubocop:disable Style/CaseEquality
+    def ==(other)
+      return unless Gem::Requirement === other
+      # An == check is always necessary
+      return false unless requirements == other.requirements
+      # An == check is sufficient unless any requirements use ~>
+      return true unless _tilde_requirements.any?
+      # If any requirements use ~> we use the stricter `#eql?` that also checks
+      # that version precision is the same
+      _tilde_requirements.eql?(other._tilde_requirements)
+    end
+    # rubocop:enable Style/CaseEquality
+    protected
+    def _tilde_requirements
+      requirements.select { |r| r.first == "~>" }
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.86.18
+  version: 0.86.19
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-12-30 00:00:00.000000000 Z
+date: 2018-12-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -498,6 +498,7 @@ files:
 - lib/dependabot/utils/php/version.rb
 - lib/dependabot/utils/ruby/requirement.rb
 - lib/dependabot/version.rb
+- lib/rubygems_requirement_patch.rb
 - lib/rubygems_version_patch.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses: