dependabot-core 0.87.11 → 0.87.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +25 -8
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1783194f0d2f5c322c54dba670e7ddae806b66ccaa3f3871a0693eae5cf4d347
|
4
|
+
data.tar.gz: 61c273c91389114f65424f531dfee8431f0f96b2d5407331c1c3ff6bab8ff294
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c1348a20e951fe55e5fa3ac3cea99e772cfe48ae9c439e30355e067ca8eccc4ea7880430802497f4449434936f1253434f6e722c6c69893db24837ac74201a71
|
7
|
+
data.tar.gz: e573a47315cb3efd5f896241b43b4ba1d3d325614404c87f2f26089e9e365d6b374a8ae97f2edc11f976232a1c901b5b3576b69f7dae224d9243d620e2b2d5da
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
## v0.87.12, 7 January 2019
|
2
|
+
|
3
|
+
- Cargo: Handle aliased dependencies better in file preparer
|
4
|
+
- Ruby: Handle subdependency updates when the subdep gets removed
|
5
|
+
|
1
6
|
## v0.87.11, 7 January 2019
|
2
7
|
|
3
8
|
- PHP: Cowardly ignore of stefandoorn/sitemap-plugin error we can't figure out
|
@@ -78,11 +78,17 @@ module Dependabot
|
|
78
78
|
in_a_temporary_bundler_context do
|
79
79
|
dep = dependency_from_definition
|
80
80
|
|
81
|
-
# If the dependency wasn't found in the definition,
|
82
|
-
# the Gemfile didn't import
|
83
|
-
# the
|
84
|
-
# the repo was gemspec-only
|
85
|
-
|
81
|
+
# If the dependency wasn't found in the definition, but *is*
|
82
|
+
# included in a gemspec, it's because the Gemfile didn't import
|
83
|
+
# the gemspec. This is unusual, but the correct behaviour if/when
|
84
|
+
# it happens is to behave as if the repo was gemspec-only.
|
85
|
+
if dep.nil? && dependency.requirements.any?
|
86
|
+
next latest_version_details
|
87
|
+
end
|
88
|
+
|
89
|
+
# Otherwise, if the dependency wasn't found it's because it is a
|
90
|
+
# subdependency that was removed when attempting to update it.
|
91
|
+
next nil if dep.nil?
|
86
92
|
|
87
93
|
# If the old Gemfile index was used then it won't have checked
|
88
94
|
# Ruby compatibility. Fix that by doing the check manually (and
|
@@ -125,8 +131,11 @@ module Dependabot
|
|
125
131
|
).prepared_dependency_files
|
126
132
|
end
|
127
133
|
|
128
|
-
|
129
|
-
|
134
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
135
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
136
|
+
def dependency_from_definition(unlock_subdependencies: true)
|
137
|
+
dependencies_to_unlock = [dependency.name]
|
138
|
+
dependencies_to_unlock += subdependencies if unlock_subdependencies
|
130
139
|
begin
|
131
140
|
definition = build_definition(dependencies_to_unlock)
|
132
141
|
definition.resolve_remotely!
|
@@ -141,8 +150,16 @@ module Dependabot
|
|
141
150
|
retry
|
142
151
|
end
|
143
152
|
|
144
|
-
definition.resolve.find { |d| d.name == dependency.name }
|
153
|
+
dep = definition.resolve.find { |d| d.name == dependency.name }
|
154
|
+
return dep if dep
|
155
|
+
return if dependency.requirements.any? || !unlock_subdependencies
|
156
|
+
|
157
|
+
# If no definition was found and we're updating a sub-dependency,
|
158
|
+
# try again but without unlocking any other sub-dependencies
|
159
|
+
dependency_from_definition(unlock_subdependencies: false)
|
145
160
|
end
|
161
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
162
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
146
163
|
|
147
164
|
def unlock_yanked_gem(dependencies_to_unlock, error)
|
148
165
|
raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
|
data/lib/dependabot/version.rb
CHANGED