RubyGems - dependabot-hex - Versions diffs - 0.145.4 → 0.148.0 - Mend

dependabot-hex 0.145.4 → 0.148.0

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/hex/update_checker.rb +18 -7
data/lib/dependabot/hex/update_checker/version_resolver.rb +11 -4
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f29d0322357a9e4b71399c72d8de8cd79be68a5c95efe9c27f7dfce32da8fb98
-  data.tar.gz: ed46d84117e538ce4f1fe6baaf1c8b4a1df3c5fa2967998d59ce7dcbc9cccc8c
+  metadata.gz: a2edf0893bc51df3268805f2fb91878d584dd61844e30284e31efb18c6d37615
+  data.tar.gz: 5f4a648eac8e5c46b94460ee9500cbc22f030b7a765f196966544e46c0d35e28
 SHA512:
-  metadata.gz: 5eb32acb505f7676970083682dac0c222275cfbf85fc5511729f18ddcb85642c04ad0a6693f7d2b447c13ecb2cb6d27245c4a9df9938d8506e6df96e052ab337
-  data.tar.gz: 769299c4108a7693ae6f8eb3c96620686f6d3bd1e54f6ac706587c83911a91a0ceddbfb953b88039e817747ae5b41b3734e232372d9abf2d610f60cafd88ed1d
+  metadata.gz: 5bd0ec2946829269fe7022174e55d39ad8c9ec12ed8773d89fcf7696c374564583c7cf3f18f605ba12063b54ce6be1f52579d0fabd0f33ca3ae4f6952f79aca4
+  data.tar.gz: 48ea38dda72025efa0063f9c18cdecaeb66176350e2bc174c0ca008fcead0398f966b7f524e058f8c96c7e16376f7fe87d84b5da7dff604b6758b686bbd61127

data/lib/dependabot/hex/update_checker.rb CHANGED Viewed

@@ -221,13 +221,23 @@ module Dependabot
               ignore_requirements.any? { |r| r.satisfied_by?(v) }
             end
-            raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions.any?
+            if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions).any?
+              raise AllVersionsIgnored
+            end
             filtered.max
           end
       end
       # rubocop:enable Metrics/PerceivedComplexity
+      def filter_lower_versions(versions_array)
+        return versions_array unless current_version
+        versions_array.select do |version|
+          version > current_version
+        end
+      end
       def hex_registry_response
         return @hex_registry_response if @hex_registry_requested
@@ -246,13 +256,14 @@ module Dependabot
         nil
       end
+      def current_version
+        return unless dependency.version && version_class.correct?(dependency.version)
+        version_class.new(dependency.version)
+      end
       def wants_prerelease?
-        current_version = dependency.version
-        if current_version &&
-           version_class.correct?(current_version) &&
-           version_class.new(current_version).prerelease?
-          return true
-        end
+        return true if current_version&.prerelease?
         dependency.requirements.any? do |req|
           req[:requirement]&.match?(/\d-[A-Za-z0-9]/)

data/lib/dependabot/hex/update_checker/version_resolver.rb CHANGED Viewed

@@ -74,8 +74,10 @@ module Dependabot
             raise Dependabot::PrivateSourceAuthenticationFailure, org if org
           end
-          # TODO: This isn't pretty. It would be much nicer to catch the
-          # warnings as part of the Elixir module.
+          # TODO: Catch the warnings as part of the Elixir module. This happens
+          # when elixir throws warnings from the manifest files that end up in
+          # stdout and cause run_helper_subprocess to fail parsing the result as
+          # JSON.
           return error_result(error) if includes_result?(error)
           # Ignore dependencies which don't resolve due to mis-matching
@@ -101,8 +103,7 @@ module Dependabot
           result = error.message&.split("\n")&.last
           return false unless result
-          JSON.parse(error.message&.split("\n")&.last)["result"]
-          true
+          JSON.parse(error.message&.split("\n")&.last).key?("result")
         rescue JSON::ParserError
           false
         end
@@ -122,6 +123,12 @@ module Dependabot
           true
         rescue SharedHelpers::HelperSubprocessFailed => e
+          # TODO: Catch the warnings as part of the Elixir module. This happens
+          # when elixir throws warnings from the manifest files that end up in
+          # stdout and cause run_helper_subprocess to fail parsing the result as
+          # JSON.
+          return error_result(e) if includes_result?(e)
           raise Dependabot::DependencyFileNotResolvable, e.message
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.145.4
+  version: 0.148.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.4
+        version: 0.148.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.4
+        version: 0.148.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.0
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.0
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement