RubyGems - dependabot-hex - Versions diffs - 0.145.3 → 0.147.1 - Mend

dependabot-hex 0.145.3 → 0.147.1

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/hex/update_checker.rb +18 -7
data/lib/dependabot/hex/update_checker/version_resolver.rb +11 -4
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d256c11d4a442dace41fd5a870fcf08ddddad58d0892700c220e8ec7605e6a94
-  data.tar.gz: 930d29e783e4d316245e98e19f2d603fcc64c69bc64c4e43ce639ec677848f3e
+  metadata.gz: f8b9ddd90611eeb715844a4fc68a28f5357ed9f69055b20429d2faafa864b23f
+  data.tar.gz: cf218f5b7cfdb184e73f41f40bb960382e1b8abb66987f9dd96f9fb6f0b4a606
 SHA512:
-  metadata.gz: 0f67902cc3c622f645ba3fa06c70c6049bc76012bace63846e2a0621513fcf810b12eb2a955b4c9c81ff76ff4b38a5b8024c644f344734a7d1e8e9edff827006
-  data.tar.gz: 04c14e800e3aa1416db2a74a0a139c035b6064cf0269c23746982afc650bf9bce19aad7b1f981e573a986a9e4e99cca4dac6f63ce2c898e2dcd5c3165ccb57e0
+  metadata.gz: 5b97ff9710a8e33190c920dbb6aef08f7a16e0481e3a4b08cf0e1460b8125b242d1fc611ed98f127bba70184bd8f17f273d195c4c56c25c420e7894d26804e4f
+  data.tar.gz: 88a318074fe68f8d402b2289987e314e66b4164d94e405b056eda90db64a58117ab344403e3f79bdb730524ec24042bf625a7d354d97412cd78d9b7cd9e4dea2

data/lib/dependabot/hex/update_checker.rb CHANGED Viewed

@@ -221,13 +221,23 @@ module Dependabot
               ignore_requirements.any? { |r| r.satisfied_by?(v) }
             end
-            raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions.any?
+            if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
+              raise AllVersionsIgnored
+            end
             filtered.max
           end
       end
       # rubocop:enable Metrics/PerceivedComplexity
+      def filter_lower_versions(versions_array)
+        return versions_array unless current_version
+        versions_array.select do |version|
+          version > current_version
+        end
+      end
       def hex_registry_response
         return @hex_registry_response if @hex_registry_requested
@@ -246,13 +256,14 @@ module Dependabot
         nil
       end
+      def current_version
+        return unless dependency.version && version_class.correct?(dependency.version)
+        version_class.new(dependency.version)
+      end
       def wants_prerelease?
-        current_version = dependency.version
-        if current_version &&
-           version_class.correct?(current_version) &&
-           version_class.new(current_version).prerelease?
-          return true
-        end
+        return true if current_version&.prerelease?
         dependency.requirements.any? do |req|
           req[:requirement]&.match?(/\d-[A-Za-z0-9]/)

data/lib/dependabot/hex/update_checker/version_resolver.rb CHANGED Viewed

@@ -74,8 +74,10 @@ module Dependabot
             raise Dependabot::PrivateSourceAuthenticationFailure, org if org
           end
-          # TODO: This isn't pretty. It would be much nicer to catch the
-          # warnings as part of the Elixir module.
+          # TODO: Catch the warnings as part of the Elixir module. This happens
+          # when elixir throws warnings from the manifest files that end up in
+          # stdout and cause run_helper_subprocess to fail parsing the result as
+          # JSON.
           return error_result(error) if includes_result?(error)
           # Ignore dependencies which don't resolve due to mis-matching
@@ -101,8 +103,7 @@ module Dependabot
           result = error.message&.split("\n")&.last
           return false unless result
-          JSON.parse(error.message&.split("\n")&.last)["result"]
-          true
+          JSON.parse(error.message&.split("\n")&.last).key?("result")
         rescue JSON::ParserError
           false
         end
@@ -122,6 +123,12 @@ module Dependabot
           true
         rescue SharedHelpers::HelperSubprocessFailed => e
+          # TODO: Catch the warnings as part of the Elixir module. This happens
+          # when elixir throws warnings from the manifest files that end up in
+          # stdout and cause run_helper_subprocess to fail parsing the result as
+          # JSON.
+          return error_result(e) if includes_result?(e)
           raise Dependabot::DependencyFileNotResolvable, e.message
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.145.3
+  version: 0.147.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-07 00:00:00.000000000 Z
+date: 2021-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.3
+        version: 0.147.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.3
+        version: 0.147.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.0
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.0
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement