dependabot-pub 0.176.0 → 0.178.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pub/file_parser.rb +1 -1
- data/lib/dependabot/pub/helpers.rb +43 -1
- data/lib/dependabot/pub/update_checker.rb +33 -3
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 31ffa4593f22cc94484726e6e07659a3496a59dfbb0c436cf66257d9d0f93b0c
|
|
4
|
+
data.tar.gz: 7eebb17b499d5e9bb230401b10daf6600da5b43da1afab1311d00f163603da3e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bb123ba84f206fb13dd704382c7d117826cff3ba35cb4826b010f48b290b588b3c4a493ac9604ff3fae9e3f17b5df11a11de07ee9be5e45769f00cc2af9f2314
|
|
7
|
+
data.tar.gz: 132a51dd172e134988cd438b962b30ce2026b48525a56be5a86860d2cc1470de459b452b357afe819d26ab6e7b4e19b9936648e1038fb9e43d864b07f960b682
|
|
@@ -77,13 +77,15 @@ module Dependabot
|
|
|
77
77
|
end
|
|
78
78
|
end
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
# Parses a dependency as listed by `dependency_services list`.
|
|
81
|
+
def parse_listed_dependency(json)
|
|
81
82
|
params = {
|
|
82
83
|
name: json["name"],
|
|
83
84
|
version: json["version"],
|
|
84
85
|
package_manager: "pub",
|
|
85
86
|
requirements: []
|
|
86
87
|
}
|
|
88
|
+
|
|
87
89
|
if json["kind"] != "transitive" && !json["constraint"].nil?
|
|
88
90
|
constraint = json["constraint"]
|
|
89
91
|
params[:requirements] << {
|
|
@@ -93,6 +95,33 @@ module Dependabot
|
|
|
93
95
|
file: "pubspec.yaml"
|
|
94
96
|
}
|
|
95
97
|
end
|
|
98
|
+
Dependency.new(**params)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
# Parses the updated dependencies returned by
|
|
102
|
+
# `dependency_services report`.
|
|
103
|
+
#
|
|
104
|
+
# The `requirements_update_strategy`` is
|
|
105
|
+
# used to chose the right updated constraint.
|
|
106
|
+
def parse_updated_dependency(json, requirements_update_strategy: nil)
|
|
107
|
+
params = {
|
|
108
|
+
name: json["name"],
|
|
109
|
+
version: json["version"],
|
|
110
|
+
package_manager: "pub",
|
|
111
|
+
requirements: []
|
|
112
|
+
}
|
|
113
|
+
constraint_field = constraint_field_from_update_strategy(requirements_update_strategy)
|
|
114
|
+
|
|
115
|
+
if json["kind"] != "transitive" && !json[constraint_field].nil?
|
|
116
|
+
constraint = json[constraint_field]
|
|
117
|
+
params[:requirements] << {
|
|
118
|
+
requirement: constraint,
|
|
119
|
+
groups: [json["kind"]],
|
|
120
|
+
source: nil, # TODO: Expose some information about the source
|
|
121
|
+
file: "pubspec.yaml"
|
|
122
|
+
}
|
|
123
|
+
end
|
|
124
|
+
|
|
96
125
|
if json["previousVersion"]
|
|
97
126
|
params = {
|
|
98
127
|
**params,
|
|
@@ -112,6 +141,19 @@ module Dependabot
|
|
|
112
141
|
Dependency.new(**params)
|
|
113
142
|
end
|
|
114
143
|
|
|
144
|
+
# expects "auto" to already have been resolved to one of the other
|
|
145
|
+
# strategies.
|
|
146
|
+
def constraint_field_from_update_strategy(requirements_update_strategy)
|
|
147
|
+
case requirements_update_strategy
|
|
148
|
+
when "widen_ranges"
|
|
149
|
+
"constraintWidened"
|
|
150
|
+
when "bump_versions"
|
|
151
|
+
"constraintBumped"
|
|
152
|
+
when "bump_versions_if_necessary"
|
|
153
|
+
"constraintBumpedIfNeeded"
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
|
|
115
157
|
def dependencies_to_json(dependencies)
|
|
116
158
|
if dependencies.nil?
|
|
117
159
|
nil
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
require "dependabot/update_checkers"
|
|
4
4
|
require "dependabot/update_checkers/base"
|
|
5
5
|
require "dependabot/pub/helpers"
|
|
6
|
-
|
|
6
|
+
require "yaml"
|
|
7
7
|
module Dependabot
|
|
8
8
|
module Pub
|
|
9
9
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
@@ -49,7 +49,8 @@ module Dependabot
|
|
|
49
49
|
entry = current_report["singleBreaking"].find { |d| d["name"] == dependency.name }
|
|
50
50
|
return unless entry
|
|
51
51
|
|
|
52
|
-
|
|
52
|
+
parse_updated_dependency(entry, requirements_update_strategy: resolved_requirements_update_strategy).
|
|
53
|
+
requirements
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
private
|
|
@@ -67,7 +68,7 @@ module Dependabot
|
|
|
67
68
|
d["kind"] == "transitive"
|
|
68
69
|
end
|
|
69
70
|
direct_deps.map do |d|
|
|
70
|
-
|
|
71
|
+
parse_updated_dependency(d, requirements_update_strategy: resolved_requirements_update_strategy)
|
|
71
72
|
end
|
|
72
73
|
end
|
|
73
74
|
|
|
@@ -78,6 +79,35 @@ module Dependabot
|
|
|
78
79
|
def current_report
|
|
79
80
|
report.find { |d| d["name"] == dependency.name }
|
|
80
81
|
end
|
|
82
|
+
|
|
83
|
+
def resolved_requirements_update_strategy
|
|
84
|
+
@resolved_requirements_update_strategy ||= resolve_requirements_update_strategy
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
def resolve_requirements_update_strategy
|
|
88
|
+
raise "Unexpected requirements_update_strategy #{requirements_update_strategy}" unless
|
|
89
|
+
[nil, "widen_ranges", "bump_versions", "bump_versions_if_necessary"].include? requirements_update_strategy
|
|
90
|
+
|
|
91
|
+
if requirements_update_strategy.nil?
|
|
92
|
+
# Check for a version field in the pubspec.yaml. If it is present
|
|
93
|
+
# we assume the package is a library, and the requirement update
|
|
94
|
+
# strategy is widening. Otherwise we assume it is an application, and
|
|
95
|
+
# go for "bump_versions".
|
|
96
|
+
pubspec = dependency_files.find { |d| d.name == "pubspec.yaml" }
|
|
97
|
+
begin
|
|
98
|
+
parsed_pubspec = YAML.safe_load(pubspec.content, aliases: false)
|
|
99
|
+
rescue ScriptError
|
|
100
|
+
return "bump_versions"
|
|
101
|
+
end
|
|
102
|
+
if parsed_pubspec["version"].nil?
|
|
103
|
+
"bump_versions"
|
|
104
|
+
else
|
|
105
|
+
"widen_ranges"
|
|
106
|
+
end
|
|
107
|
+
else
|
|
108
|
+
requirements_update_strategy
|
|
109
|
+
end
|
|
110
|
+
end
|
|
81
111
|
end
|
|
82
112
|
end
|
|
83
113
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-pub
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.178.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.178.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.178.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -198,7 +198,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
|
198
198
|
licenses:
|
|
199
199
|
- Nonstandard
|
|
200
200
|
metadata: {}
|
|
201
|
-
post_install_message:
|
|
201
|
+
post_install_message:
|
|
202
202
|
rdoc_options: []
|
|
203
203
|
require_paths:
|
|
204
204
|
- lib
|
|
@@ -213,8 +213,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
213
213
|
- !ruby/object:Gem::Version
|
|
214
214
|
version: 2.5.0
|
|
215
215
|
requirements: []
|
|
216
|
-
rubygems_version: 3.
|
|
217
|
-
signing_key:
|
|
216
|
+
rubygems_version: 3.2.32
|
|
217
|
+
signing_key:
|
|
218
218
|
specification_version: 4
|
|
219
219
|
summary: Dart (pub) support for dependabot
|
|
220
220
|
test_files: []
|