dependabot-pub 0.244.0 → 0.246.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/pub/helpers.rb +3 -3
- data/lib/dependabot/pub/update_checker.rb +15 -9
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13881b97957d0429074e6b29683bcc426c68fbf127d316ebca66e63eb11d856a
|
|
4
|
+
data.tar.gz: 9426bd1a93490e3f1be891271e7c7d43659291a1e8eb5c73a841d8d948f12a31
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 38b71c5e0c52f49315b208aceccc767282f2ed872599b435b4d14100ae3d79042f717e9922622242edfa831d0cc08e832acc79126b0eec8ba55688031ee01a68
|
|
7
|
+
data.tar.gz: 15731cc0c819e8c96591b249116330cbaa695fc0de049238a7a9636ed24e49264d11ed41f997c8da677acc0a2c1690b5c5d29ffdccad51f792078bfdc8067b98
|
|
@@ -335,11 +335,11 @@ module Dependabot
|
|
|
335
335
|
# strategies.
|
|
336
336
|
def constraint_field_from_update_strategy(requirements_update_strategy)
|
|
337
337
|
case requirements_update_strategy
|
|
338
|
-
when
|
|
338
|
+
when :widen_ranges
|
|
339
339
|
"constraintWidened"
|
|
340
|
-
when
|
|
340
|
+
when :bump_versions
|
|
341
341
|
"constraintBumped"
|
|
342
|
-
when
|
|
342
|
+
when :bump_versions_if_necessary
|
|
343
343
|
"constraintBumpedIfNeeded"
|
|
344
344
|
end
|
|
345
345
|
end
|
|
@@ -5,10 +5,14 @@ require "dependabot/update_checkers"
|
|
|
5
5
|
require "dependabot/update_checkers/base"
|
|
6
6
|
require "dependabot/update_checkers/version_filters"
|
|
7
7
|
require "dependabot/pub/helpers"
|
|
8
|
+
require "sorbet-runtime"
|
|
8
9
|
require "yaml"
|
|
10
|
+
|
|
9
11
|
module Dependabot
|
|
10
12
|
module Pub
|
|
11
13
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
12
16
|
include Dependabot::Pub::Helpers
|
|
13
17
|
|
|
14
18
|
def latest_version
|
|
@@ -112,13 +116,15 @@ module Dependabot
|
|
|
112
116
|
version_string.match?(/^[0-9a-f]{6,}$/)
|
|
113
117
|
end
|
|
114
118
|
|
|
119
|
+
sig { override.returns(T::Boolean) }
|
|
115
120
|
def latest_version_resolvable_with_full_unlock?
|
|
116
121
|
entry = current_report["multiBreaking"].find { |d| d["name"] == dependency.name }
|
|
117
122
|
# This a bit dumb, but full-unlock is only considered if we can get the
|
|
118
123
|
# latest version!
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
124
|
+
return false unless entry
|
|
125
|
+
|
|
126
|
+
(!git_revision?(entry["version"]) && latest_version == Dependabot::Pub::Version.new(entry["version"])) ||
|
|
127
|
+
latest_version == entry["version"]
|
|
122
128
|
end
|
|
123
129
|
|
|
124
130
|
def updated_dependencies_after_full_unlock
|
|
@@ -150,23 +156,23 @@ module Dependabot
|
|
|
150
156
|
|
|
151
157
|
def resolve_requirements_update_strategy
|
|
152
158
|
raise "Unexpected requirements_update_strategy #{requirements_update_strategy}" unless
|
|
153
|
-
[nil,
|
|
159
|
+
[nil, :widen_ranges, :bump_versions, :bump_versions_if_necessary].include? requirements_update_strategy
|
|
154
160
|
|
|
155
161
|
if requirements_update_strategy.nil?
|
|
156
162
|
# Check for a version field in the pubspec.yaml. If it is present
|
|
157
163
|
# we assume the package is a library, and the requirement update
|
|
158
164
|
# strategy is widening. Otherwise we assume it is an application, and
|
|
159
165
|
# go for "bump_versions".
|
|
160
|
-
pubspec = dependency_files.find { |d| d.name == "pubspec.yaml" }
|
|
166
|
+
pubspec = T.must(dependency_files.find { |d| d.name == "pubspec.yaml" })
|
|
161
167
|
begin
|
|
162
|
-
parsed_pubspec = YAML.safe_load(pubspec.content, aliases: false)
|
|
168
|
+
parsed_pubspec = YAML.safe_load(T.must(pubspec.content), aliases: false)
|
|
163
169
|
rescue ScriptError
|
|
164
|
-
return
|
|
170
|
+
return :bump_versions
|
|
165
171
|
end
|
|
166
172
|
if parsed_pubspec["version"].nil? || parsed_pubspec["publish_to"] == "none"
|
|
167
|
-
|
|
173
|
+
:bump_versions
|
|
168
174
|
else
|
|
169
|
-
|
|
175
|
+
:widen_ranges
|
|
170
176
|
end
|
|
171
177
|
else
|
|
172
178
|
requirements_update_strategy
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-pub
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.246.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-03-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.246.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.246.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -242,7 +242,7 @@ licenses:
|
|
|
242
242
|
- Nonstandard
|
|
243
243
|
metadata:
|
|
244
244
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
245
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
245
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
|
|
246
246
|
post_install_message:
|
|
247
247
|
rdoc_options: []
|
|
248
248
|
require_paths:
|