dependabot-npm_and_yarn 0.113.4 → 0.113.5
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ac64e12d04bba47b1118d8c6f43a665ee77e52385a9f73a398f15924e867d592
|
|
4
|
+
data.tar.gz: f44b85c4b264d0d97c77ca4fce7aa10acd2c077ec298ab8d9ef675ac267d2f3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bdef2d9798b06557a94fc99ab8ff351bb132f246876d78c6b6667d58477144b52513e23ca185ffc2cff0d7d2e5facbad0f6e6e8777db26fc7a16a08219b4ab5b
|
|
7
|
+
data.tar.gz: 6f53c7b6cd7530b659ee6c313866f974ed3ea7d359bca1d4b7e369cce6721dc196195e6c2eeea82346b63a499723d53e2e4d66aa773f4106db8d3670680fef74
|
|
@@ -73,10 +73,11 @@ module Dependabot
|
|
|
73
73
|
true
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
-
def latest_resolvable_previous_version
|
|
77
|
-
resolve_latest_previous_version(dependency)
|
|
76
|
+
def latest_resolvable_previous_version(updated_version)
|
|
77
|
+
resolve_latest_previous_version(dependency, updated_version)
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
+
# rubocop:disable Metrics/MethodLength
|
|
80
81
|
def dependency_updates_from_full_unlock
|
|
81
82
|
return if git_dependency?(dependency)
|
|
82
83
|
if part_of_tightly_locked_monorepo?
|
|
@@ -87,7 +88,9 @@ module Dependabot
|
|
|
87
88
|
updates = [{
|
|
88
89
|
dependency: dependency,
|
|
89
90
|
version: latest_allowable_version,
|
|
90
|
-
previous_version: latest_resolvable_previous_version
|
|
91
|
+
previous_version: latest_resolvable_previous_version(
|
|
92
|
+
latest_allowable_version
|
|
93
|
+
)
|
|
91
94
|
}]
|
|
92
95
|
newly_broken_peer_reqs_on_dep.each do |peer_req|
|
|
93
96
|
dep_name = peer_req.fetch(:requiring_dep_name)
|
|
@@ -104,11 +107,14 @@ module Dependabot
|
|
|
104
107
|
updates << {
|
|
105
108
|
dependency: dep,
|
|
106
109
|
version: updated_version,
|
|
107
|
-
previous_version: resolve_latest_previous_version(
|
|
110
|
+
previous_version: resolve_latest_previous_version(
|
|
111
|
+
dep, updated_version
|
|
112
|
+
)
|
|
108
113
|
}
|
|
109
114
|
end
|
|
110
115
|
updates.uniq
|
|
111
116
|
end
|
|
117
|
+
# rubocop:enable Metrics/MethodLength
|
|
112
118
|
|
|
113
119
|
private
|
|
114
120
|
|
|
@@ -126,7 +132,7 @@ module Dependabot
|
|
|
126
132
|
)
|
|
127
133
|
end
|
|
128
134
|
|
|
129
|
-
def resolve_latest_previous_version(dep)
|
|
135
|
+
def resolve_latest_previous_version(dep, updated_version)
|
|
130
136
|
if dep.version && version_class.correct?(dep.version)
|
|
131
137
|
return version_class.new(dep.version)
|
|
132
138
|
end
|
|
@@ -143,11 +149,19 @@ module Dependabot
|
|
|
143
149
|
# requirements. This matches the logic when combining the same
|
|
144
150
|
# dependency in DependencySet from multiple manifest files where we
|
|
145
151
|
# pick the lowest version from the duplicates.
|
|
146
|
-
reqs.flat_map do |req|
|
|
152
|
+
latest_previous_version = reqs.flat_map do |req|
|
|
147
153
|
relevant_versions.select do |version|
|
|
148
154
|
req.any? { |r| r.satisfied_by?(version) }
|
|
149
155
|
end.max
|
|
150
156
|
end.min
|
|
157
|
+
|
|
158
|
+
# Handle cases where the latest resolvable previous version is the
|
|
159
|
+
# latest version. This often happens if you don't have lockfiles and
|
|
160
|
+
# have requirements update strategy set to bump_versions, where an
|
|
161
|
+
# update might go from ^1.1.1 to ^1.1.2 (both resolve to 1.1.2).
|
|
162
|
+
return if updated_version == latest_previous_version
|
|
163
|
+
|
|
164
|
+
latest_previous_version
|
|
151
165
|
end
|
|
152
166
|
end
|
|
153
167
|
|
|
@@ -188,7 +202,9 @@ module Dependabot
|
|
|
188
202
|
updates << {
|
|
189
203
|
dependency: dep,
|
|
190
204
|
version: updated_version,
|
|
191
|
-
previous_version: resolve_latest_previous_version(
|
|
205
|
+
previous_version: resolve_latest_previous_version(
|
|
206
|
+
dep, updated_version
|
|
207
|
+
)
|
|
192
208
|
}
|
|
193
209
|
end
|
|
194
210
|
|
|
@@ -54,8 +54,8 @@ module Dependabot
|
|
|
54
54
|
latest_version_finder.latest_version_with_no_unlock
|
|
55
55
|
end
|
|
56
56
|
|
|
57
|
-
def latest_resolvable_previous_version
|
|
58
|
-
version_resolver.latest_resolvable_previous_version
|
|
57
|
+
def latest_resolvable_previous_version(updated_version)
|
|
58
|
+
version_resolver.latest_resolvable_previous_version(updated_version)
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def updated_requirements
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-npm_and_yarn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.113.
|
|
4
|
+
version: 0.113.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-09-
|
|
11
|
+
date: 2019-09-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.113.
|
|
19
|
+
version: 0.113.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.113.
|
|
26
|
+
version: 0.113.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|