dependabot-gradle 0.117.10 → 0.117.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 73ceddef50730fd232ebcd9f8b65169f61820834347053bacb74da4251237ba7
|
|
4
|
+
data.tar.gz: f10977319651772a0218e9d86fce12963e3e5f45d46e8b566de84f19f59c772e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0dec625a3618186fa8eedb97e007772e9d6a48dac9b12d49e01b18909959fd364b60f26cd4575ff1ec2932d6b5b021c9050d377b9715b9a488bccb1996467580
|
|
7
|
+
data.tar.gz: 271fa52f45a9a38115a12ee081d4ed916b7689b06a824a43ae44a4b6bd9c081799ec2150245140dd76132ce18b3403adb74405a46dd903b2c56a6bfab9ec8ddb
|
|
@@ -117,6 +117,7 @@ module Dependabot
|
|
|
117
117
|
dependency_files: dependency_files,
|
|
118
118
|
credentials: credentials,
|
|
119
119
|
ignored_versions: ignored_versions,
|
|
120
|
+
raise_on_ignored: raise_on_ignored,
|
|
120
121
|
security_advisories: security_advisories
|
|
121
122
|
)
|
|
122
123
|
end
|
|
@@ -128,7 +129,8 @@ module Dependabot
|
|
|
128
129
|
dependency_files: dependency_files,
|
|
129
130
|
credentials: credentials,
|
|
130
131
|
target_version_details: latest_version_details,
|
|
131
|
-
ignored_versions: ignored_versions
|
|
132
|
+
ignored_versions: ignored_versions,
|
|
133
|
+
raise_on_ignored: raise_on_ignored
|
|
132
134
|
)
|
|
133
135
|
end
|
|
134
136
|
|
|
@@ -11,13 +11,15 @@ module Dependabot
|
|
|
11
11
|
require_relative "requirements_updater"
|
|
12
12
|
|
|
13
13
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
14
|
-
target_version_details:, ignored_versions
|
|
14
|
+
target_version_details:, ignored_versions:,
|
|
15
|
+
raise_on_ignored: false)
|
|
15
16
|
@dependency = dependency
|
|
16
17
|
@dependency_files = dependency_files
|
|
17
18
|
@credentials = credentials
|
|
18
19
|
@target_version = target_version_details&.fetch(:version)
|
|
19
20
|
@source_url = target_version_details&.fetch(:source_url)
|
|
20
21
|
@ignored_versions = ignored_versions
|
|
22
|
+
@raise_on_ignored = raise_on_ignored
|
|
21
23
|
end
|
|
22
24
|
|
|
23
25
|
def update_possible?
|
|
@@ -30,6 +32,7 @@ module Dependabot
|
|
|
30
32
|
dependency_files: dependency_files,
|
|
31
33
|
credentials: credentials,
|
|
32
34
|
ignored_versions: ignored_versions,
|
|
35
|
+
raise_on_ignored: @raise_on_ignored,
|
|
33
36
|
security_advisories: []
|
|
34
37
|
).versions.
|
|
35
38
|
map { |v| v.fetch(:version) }.
|
|
@@ -16,11 +16,13 @@ module Dependabot
|
|
|
16
16
|
TYPE_SUFFICES = %w(jre android java).freeze
|
|
17
17
|
|
|
18
18
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
19
|
-
ignored_versions:,
|
|
19
|
+
ignored_versions:, raise_on_ignored: false,
|
|
20
|
+
security_advisories:)
|
|
20
21
|
@dependency = dependency
|
|
21
22
|
@dependency_files = dependency_files
|
|
22
23
|
@credentials = credentials
|
|
23
24
|
@ignored_versions = ignored_versions
|
|
25
|
+
@raise_on_ignored = raise_on_ignored
|
|
24
26
|
@security_advisories = security_advisories
|
|
25
27
|
@forbidden_urls = []
|
|
26
28
|
end
|
|
@@ -42,8 +44,8 @@ module Dependabot
|
|
|
42
44
|
possible_versions = filter_prereleases(possible_versions)
|
|
43
45
|
possible_versions = filter_date_based_versions(possible_versions)
|
|
44
46
|
possible_versions = filter_version_types(possible_versions)
|
|
45
|
-
possible_versions = filter_ignored_versions(possible_versions)
|
|
46
47
|
possible_versions = filter_vulnerable_versions(possible_versions)
|
|
48
|
+
possible_versions = filter_ignored_versions(possible_versions)
|
|
47
49
|
possible_versions = filter_lower_versions(possible_versions)
|
|
48
50
|
|
|
49
51
|
possible_versions.first
|
|
@@ -92,16 +94,20 @@ module Dependabot
|
|
|
92
94
|
end
|
|
93
95
|
|
|
94
96
|
def filter_ignored_versions(possible_versions)
|
|
95
|
-
|
|
97
|
+
filtered = possible_versions
|
|
96
98
|
|
|
97
99
|
ignored_versions.each do |req|
|
|
98
100
|
ignore_req = Gradle::Requirement.new(req.split(","))
|
|
99
|
-
|
|
100
|
-
|
|
101
|
+
filtered =
|
|
102
|
+
filtered.
|
|
101
103
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
|
102
104
|
end
|
|
103
105
|
|
|
104
|
-
|
|
106
|
+
if @raise_on_ignored && filtered.empty? && possible_versions.any?
|
|
107
|
+
raise AllVersionsIgnored
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
filtered
|
|
105
111
|
end
|
|
106
112
|
|
|
107
113
|
def filter_vulnerable_versions(possible_versions)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|