dependabot-nuget 0.117.10 → 0.117.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '086c2197a6a562a6de05fa612462f340728ff5887bd9472a771394d56db84432'
|
|
4
|
+
data.tar.gz: 440a0ff6854def8b4af4b50f5735dcac5545e6da9f2f9e0c121b7e411cc77d5e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 116976d7995552011f5b9eaee9ce37e92ea1a7c17143998c70d8095bbe762407bd909ea8564f21a229a8ec420a375fa9e5dda4097375ece0e235711175b2cda8
|
|
7
|
+
data.tar.gz: 32af20a089e8013688f1b468e9e62259559241ea95c0e7caaa5869fc196a31844cd7195d4562abab9b1af2e0003cfdd1d4d87df7a0cf951de16a7a32727733f7
|
|
@@ -95,6 +95,7 @@ module Dependabot
|
|
|
95
95
|
dependency_files: dependency_files,
|
|
96
96
|
credentials: credentials,
|
|
97
97
|
ignored_versions: ignored_versions,
|
|
98
|
+
raise_on_ignored: @raise_on_ignored,
|
|
98
99
|
security_advisories: security_advisories
|
|
99
100
|
)
|
|
100
101
|
end
|
|
@@ -106,7 +107,8 @@ module Dependabot
|
|
|
106
107
|
dependency_files: dependency_files,
|
|
107
108
|
target_version_details: latest_version_details,
|
|
108
109
|
credentials: credentials,
|
|
109
|
-
ignored_versions: ignored_versions
|
|
110
|
+
ignored_versions: ignored_versions,
|
|
111
|
+
raise_on_ignored: @raise_on_ignored
|
|
110
112
|
)
|
|
111
113
|
end
|
|
112
114
|
|
|
@@ -11,11 +11,13 @@ module Dependabot
|
|
|
11
11
|
require_relative "requirements_updater"
|
|
12
12
|
|
|
13
13
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
14
|
-
target_version_details:, ignored_versions
|
|
14
|
+
target_version_details:, ignored_versions:,
|
|
15
|
+
raise_on_ignored: false)
|
|
15
16
|
@dependency = dependency
|
|
16
17
|
@dependency_files = dependency_files
|
|
17
18
|
@credentials = credentials
|
|
18
19
|
@ignored_versions = ignored_versions
|
|
20
|
+
@raise_on_ignored = raise_on_ignored
|
|
19
21
|
@target_version = target_version_details&.fetch(:version)
|
|
20
22
|
@source_details = target_version_details&.
|
|
21
23
|
slice(:nuspec_url, :repo_url, :source_url)
|
|
@@ -31,6 +33,7 @@ module Dependabot
|
|
|
31
33
|
dependency_files: dependency_files,
|
|
32
34
|
credentials: credentials,
|
|
33
35
|
ignored_versions: ignored_versions,
|
|
36
|
+
raise_on_ignored: @raise_on_ignored,
|
|
34
37
|
security_advisories: []
|
|
35
38
|
).versions.map { |v| v.fetch(:version) }
|
|
36
39
|
|
|
@@ -15,11 +15,13 @@ module Dependabot
|
|
|
15
15
|
require_relative "repository_finder"
|
|
16
16
|
|
|
17
17
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
18
|
-
ignored_versions:,
|
|
18
|
+
ignored_versions:, raise_on_ignored: false,
|
|
19
|
+
security_advisories:)
|
|
19
20
|
@dependency = dependency
|
|
20
21
|
@dependency_files = dependency_files
|
|
21
22
|
@credentials = credentials
|
|
22
23
|
@ignored_versions = ignored_versions
|
|
24
|
+
@raise_on_ignored = raise_on_ignored
|
|
23
25
|
@security_advisories = security_advisories
|
|
24
26
|
end
|
|
25
27
|
|
|
@@ -38,8 +40,8 @@ module Dependabot
|
|
|
38
40
|
begin
|
|
39
41
|
possible_versions = versions
|
|
40
42
|
possible_versions = filter_prereleases(possible_versions)
|
|
41
|
-
possible_versions = filter_ignored_versions(possible_versions)
|
|
42
43
|
possible_versions = filter_vulnerable_versions(possible_versions)
|
|
44
|
+
possible_versions = filter_ignored_versions(possible_versions)
|
|
43
45
|
possible_versions = filter_lower_versions(possible_versions)
|
|
44
46
|
possible_versions.min_by { |hash| hash.fetch(:version) }
|
|
45
47
|
end
|
|
@@ -62,16 +64,20 @@ module Dependabot
|
|
|
62
64
|
end
|
|
63
65
|
|
|
64
66
|
def filter_ignored_versions(possible_versions)
|
|
65
|
-
|
|
67
|
+
filtered = possible_versions
|
|
66
68
|
|
|
67
69
|
ignored_versions.each do |req|
|
|
68
70
|
ignore_req = requirement_class.new(req.split(","))
|
|
69
|
-
|
|
70
|
-
|
|
71
|
+
filtered =
|
|
72
|
+
filtered.
|
|
71
73
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
|
72
74
|
end
|
|
73
75
|
|
|
74
|
-
|
|
76
|
+
if @raise_on_ignored && filtered.empty? && possible_versions.any?
|
|
77
|
+
raise AllVersionsIgnored
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
filtered
|
|
75
81
|
end
|
|
76
82
|
|
|
77
83
|
def filter_vulnerable_versions(possible_versions)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.117.
|
|
4
|
+
version: 0.117.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05-
|
|
11
|
+
date: 2020-05-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.117.
|
|
19
|
+
version: 0.117.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.117.
|
|
26
|
+
version: 0.117.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|