dependabot-core 0.87.11 → 0.87.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +25 -8
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1783194f0d2f5c322c54dba670e7ddae806b66ccaa3f3871a0693eae5cf4d347
|
|
4
|
+
data.tar.gz: 61c273c91389114f65424f531dfee8431f0f96b2d5407331c1c3ff6bab8ff294
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c1348a20e951fe55e5fa3ac3cea99e772cfe48ae9c439e30355e067ca8eccc4ea7880430802497f4449434936f1253434f6e722c6c69893db24837ac74201a71
|
|
7
|
+
data.tar.gz: e573a47315cb3efd5f896241b43b4ba1d3d325614404c87f2f26089e9e365d6b374a8ae97f2edc11f976232a1c901b5b3576b69f7dae224d9243d620e2b2d5da
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## v0.87.12, 7 January 2019
|
|
2
|
+
|
|
3
|
+
- Cargo: Handle aliased dependencies better in file preparer
|
|
4
|
+
- Ruby: Handle subdependency updates when the subdep gets removed
|
|
5
|
+
|
|
1
6
|
## v0.87.11, 7 January 2019
|
|
2
7
|
|
|
3
8
|
- PHP: Cowardly ignore of stefandoorn/sitemap-plugin error we can't figure out
|
|
@@ -78,11 +78,17 @@ module Dependabot
|
|
|
78
78
|
in_a_temporary_bundler_context do
|
|
79
79
|
dep = dependency_from_definition
|
|
80
80
|
|
|
81
|
-
# If the dependency wasn't found in the definition,
|
|
82
|
-
# the Gemfile didn't import
|
|
83
|
-
# the
|
|
84
|
-
# the repo was gemspec-only
|
|
85
|
-
|
|
81
|
+
# If the dependency wasn't found in the definition, but *is*
|
|
82
|
+
# included in a gemspec, it's because the Gemfile didn't import
|
|
83
|
+
# the gemspec. This is unusual, but the correct behaviour if/when
|
|
84
|
+
# it happens is to behave as if the repo was gemspec-only.
|
|
85
|
+
if dep.nil? && dependency.requirements.any?
|
|
86
|
+
next latest_version_details
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
# Otherwise, if the dependency wasn't found it's because it is a
|
|
90
|
+
# subdependency that was removed when attempting to update it.
|
|
91
|
+
next nil if dep.nil?
|
|
86
92
|
|
|
87
93
|
# If the old Gemfile index was used then it won't have checked
|
|
88
94
|
# Ruby compatibility. Fix that by doing the check manually (and
|
|
@@ -125,8 +131,11 @@ module Dependabot
|
|
|
125
131
|
).prepared_dependency_files
|
|
126
132
|
end
|
|
127
133
|
|
|
128
|
-
|
|
129
|
-
|
|
134
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
135
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
136
|
+
def dependency_from_definition(unlock_subdependencies: true)
|
|
137
|
+
dependencies_to_unlock = [dependency.name]
|
|
138
|
+
dependencies_to_unlock += subdependencies if unlock_subdependencies
|
|
130
139
|
begin
|
|
131
140
|
definition = build_definition(dependencies_to_unlock)
|
|
132
141
|
definition.resolve_remotely!
|
|
@@ -141,8 +150,16 @@ module Dependabot
|
|
|
141
150
|
retry
|
|
142
151
|
end
|
|
143
152
|
|
|
144
|
-
definition.resolve.find { |d| d.name == dependency.name }
|
|
153
|
+
dep = definition.resolve.find { |d| d.name == dependency.name }
|
|
154
|
+
return dep if dep
|
|
155
|
+
return if dependency.requirements.any? || !unlock_subdependencies
|
|
156
|
+
|
|
157
|
+
# If no definition was found and we're updating a sub-dependency,
|
|
158
|
+
# try again but without unlocking any other sub-dependencies
|
|
159
|
+
dependency_from_definition(unlock_subdependencies: false)
|
|
145
160
|
end
|
|
161
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
162
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
146
163
|
|
|
147
164
|
def unlock_yanked_gem(dependencies_to_unlock, error)
|
|
148
165
|
raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
|
data/lib/dependabot/version.rb
CHANGED