dependabot-dep 0.124.8 → 0.125.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/dep/file_parser.rb +1 -3
- data/lib/dependabot/dep/file_updater/lockfile_updater.rb +2 -6
- data/lib/dependabot/dep/requirement.rb +1 -3
- data/lib/dependabot/dep/update_checker.rb +5 -15
- data/lib/dependabot/dep/update_checker/file_preparer.rb +1 -3
- data/lib/dependabot/dep/update_checker/latest_version_finder.rb +3 -9
- data/lib/dependabot/dep/update_checker/version_resolver.rb +1 -3
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b730c844d283c6f1a26916e3187582074918cd1ab7d7a7de5fa99987d4c49a3c
|
|
4
|
+
data.tar.gz: b8cd699d6aef0992561892789b2b10e75d7fac18272700b6cf75952da3b397a6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 95a5ae7abae1a238dd1e3c4037723619046a891836a551b70acd79c7f0f1938efca731a6319657704076f28765053847d10702abe2619f9bb4523cf57bf14a0a
|
|
7
|
+
data.tar.gz: 3d2e175c424982f397186b29e732b0a7a91751266794448a353ec033df935207eb712bc3a7c5f00a8e5c3f3f3346e307ed53642abbe13c2a4f323a5c3e12bb5d
|
|
@@ -76,9 +76,7 @@ module Dependabot
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
def requirement_from_declaration(declaration)
|
|
79
|
-
unless declaration.is_a?(Hash)
|
|
80
|
-
raise "Unexpected dependency declaration: #{declaration}"
|
|
81
|
-
end
|
|
79
|
+
raise "Unexpected dependency declaration: #{declaration}" unless declaration.is_a?(Hash)
|
|
82
80
|
|
|
83
81
|
return if git_declaration?(declaration)
|
|
84
82
|
|
|
@@ -137,9 +137,7 @@ module Dependabot
|
|
|
137
137
|
parsed_file(lockfile).fetch("projects").
|
|
138
138
|
find { |p| p["name"] == dep.name }
|
|
139
139
|
|
|
140
|
-
if original_details["source"]
|
|
141
|
-
details["source"] = original_details["source"]
|
|
142
|
-
end
|
|
140
|
+
details["source"] = original_details["source"] if original_details["source"]
|
|
143
141
|
|
|
144
142
|
if original_details["version"]
|
|
145
143
|
details["version"] = dep.version
|
|
@@ -162,9 +160,7 @@ module Dependabot
|
|
|
162
160
|
overrides << override
|
|
163
161
|
end
|
|
164
162
|
|
|
165
|
-
unless override["source"]
|
|
166
|
-
override["source"] = "gopkg.in/fsnotify/fsnotify.v1"
|
|
167
|
-
end
|
|
163
|
+
override["source"] = "gopkg.in/fsnotify/fsnotify.v1" unless override["source"]
|
|
168
164
|
|
|
169
165
|
overrides
|
|
170
166
|
end
|
|
@@ -91,9 +91,7 @@ module Dependabot
|
|
|
91
91
|
def replace_wildcard_in_lower_bound(req_string)
|
|
92
92
|
after_wildcard = false
|
|
93
93
|
|
|
94
|
-
if req_string.start_with?("~")
|
|
95
|
-
req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "")
|
|
96
|
-
end
|
|
94
|
+
req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "") if req_string.start_with?("~")
|
|
97
95
|
|
|
98
96
|
req_string.split(".").
|
|
99
97
|
map do |part|
|
|
@@ -61,9 +61,7 @@ module Dependabot
|
|
|
61
61
|
|
|
62
62
|
def requirements_update_strategy
|
|
63
63
|
# If passed in as an option (in the base class) honour that option
|
|
64
|
-
if @requirements_update_strategy
|
|
65
|
-
return @requirements_update_strategy.to_sym
|
|
66
|
-
end
|
|
64
|
+
return @requirements_update_strategy.to_sym if @requirements_update_strategy
|
|
67
65
|
|
|
68
66
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
69
67
|
library? ? :widen_ranges : :bump_versions
|
|
@@ -109,9 +107,7 @@ module Dependabot
|
|
|
109
107
|
|
|
110
108
|
# Otherwise, if the gem isn't pinned, the latest version is just the
|
|
111
109
|
# latest commit for the specified branch.
|
|
112
|
-
unless git_commit_checker.pinned?
|
|
113
|
-
return latest_resolvable_commit_with_unchanged_git_source
|
|
114
|
-
end
|
|
110
|
+
return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
|
|
115
111
|
|
|
116
112
|
# If the dependency is pinned to a tag that looks like a version then
|
|
117
113
|
# we want to update that tag.
|
|
@@ -129,17 +125,13 @@ module Dependabot
|
|
|
129
125
|
def version_from_tag(tag)
|
|
130
126
|
# To compare with the current version we either use the commit SHA
|
|
131
127
|
# (if that's what the parser picked up) of the tag name.
|
|
132
|
-
if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
|
133
|
-
return tag&.fetch(:commit_sha)
|
|
134
|
-
end
|
|
128
|
+
return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
|
135
129
|
|
|
136
130
|
tag&.fetch(:tag)
|
|
137
131
|
end
|
|
138
132
|
|
|
139
133
|
def latest_resolvable_commit_with_unchanged_git_source
|
|
140
|
-
if @commit_lookup_attempted
|
|
141
|
-
return @latest_resolvable_commit_with_unchanged_git_source
|
|
142
|
-
end
|
|
134
|
+
return @latest_resolvable_commit_with_unchanged_git_source if @commit_lookup_attempted
|
|
143
135
|
|
|
144
136
|
@commit_lookup_attempted = true
|
|
145
137
|
@latest_resolvable_commit_with_unchanged_git_source ||=
|
|
@@ -269,9 +261,7 @@ module Dependabot
|
|
|
269
261
|
end
|
|
270
262
|
|
|
271
263
|
def default_source
|
|
272
|
-
if modules_dependency?
|
|
273
|
-
return { type: "default", source: dependency.name }
|
|
274
|
-
end
|
|
264
|
+
return { type: "default", source: dependency.name } if modules_dependency?
|
|
275
265
|
|
|
276
266
|
original_declaration =
|
|
277
267
|
parsed_file(manifest).
|
|
@@ -138,9 +138,7 @@ module Dependabot
|
|
|
138
138
|
overrides << override
|
|
139
139
|
end
|
|
140
140
|
|
|
141
|
-
unless override["source"]
|
|
142
|
-
override["source"] = "gopkg.in/fsnotify/fsnotify.v1"
|
|
143
|
-
end
|
|
141
|
+
override["source"] = "gopkg.in/fsnotify/fsnotify.v1" unless override["source"]
|
|
144
142
|
|
|
145
143
|
parsed_manifest["override"] = overrides
|
|
146
144
|
TomlRB.dump(parsed_manifest)
|
|
@@ -33,9 +33,7 @@ module Dependabot
|
|
|
33
33
|
:ignored_versions
|
|
34
34
|
|
|
35
35
|
def latest_release_tag_version
|
|
36
|
-
if @latest_release_tag_lookup_attempted
|
|
37
|
-
return @latest_release_tag_version
|
|
38
|
-
end
|
|
36
|
+
return @latest_release_tag_version if @latest_release_tag_lookup_attempted
|
|
39
37
|
|
|
40
38
|
@latest_release_tag_lookup_attempted = true
|
|
41
39
|
|
|
@@ -90,9 +88,7 @@ module Dependabot
|
|
|
90
88
|
|
|
91
89
|
# Otherwise, if the gem isn't pinned, the latest version is just the
|
|
92
90
|
# latest commit for the specified branch.
|
|
93
|
-
unless git_commit_checker.pinned?
|
|
94
|
-
return git_commit_checker.head_commit_for_current_branch
|
|
95
|
-
end
|
|
91
|
+
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
|
96
92
|
|
|
97
93
|
# If the dependency is pinned to a tag that looks like a version
|
|
98
94
|
# then we want to update that tag.
|
|
@@ -113,9 +109,7 @@ module Dependabot
|
|
|
113
109
|
def version_from_tag(tag)
|
|
114
110
|
# To compare with the current version we either use the commit SHA
|
|
115
111
|
# (if that's what the parser picked up) of the tag name.
|
|
116
|
-
if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
|
117
|
-
return tag&.fetch(:commit_sha)
|
|
118
|
-
end
|
|
112
|
+
return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/)
|
|
119
113
|
|
|
120
114
|
tag&.fetch(:tag)
|
|
121
115
|
end
|
|
@@ -22,9 +22,7 @@ module Dependabot
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def latest_resolvable_version
|
|
25
|
-
if defined?(@latest_resolvable_version)
|
|
26
|
-
return @latest_resolvable_version
|
|
27
|
-
end
|
|
25
|
+
return @latest_resolvable_version if defined?(@latest_resolvable_version)
|
|
28
26
|
|
|
29
27
|
@latest_resolvable_version = fetch_latest_resolvable_version
|
|
30
28
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-dep
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.125.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.125.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.125.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.8.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.8.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: vcr
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|