dependabot-pub 0.245.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/pub/helpers.rb +5 -4
- data/lib/dependabot/pub/update_checker.rb +21 -12
- data/lib/dependabot/pub/version.rb +7 -28
- metadata +19 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f6e215dc7de64450cf2e318770e5bd616c18c869711c7d447fbb92a015c667dc
|
|
4
|
+
data.tar.gz: dc5b5e7e53a289cb8cb3c739bc53fab506f9c4991432b61a87d1656f5ebb5b77
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3cc484ac858a8b60c58029f558436d4bc937bdd19dc3315100d50062e96a3fdf1f02106e2a7ad92bc9b6510e76cd8bb033c886a798ec318a3b9987e7b0b76918
|
|
7
|
+
data.tar.gz: 3a28dfff5eb5f4bb05f8635924a52b73cfb565226607a983d9e398c07ae22ac9b535e42bbcc35be95bfe610daf15b572e1d991863a04dcac69eb5823b9f3b6bd
|
|
@@ -7,8 +7,9 @@ require "digest"
|
|
|
7
7
|
|
|
8
8
|
require "dependabot/errors"
|
|
9
9
|
require "dependabot/logger"
|
|
10
|
-
require "dependabot/shared_helpers"
|
|
11
10
|
require "dependabot/pub/requirement"
|
|
11
|
+
require "dependabot/requirements_update_strategy"
|
|
12
|
+
require "dependabot/shared_helpers"
|
|
12
13
|
|
|
13
14
|
module Dependabot
|
|
14
15
|
module Pub
|
|
@@ -335,11 +336,11 @@ module Dependabot
|
|
|
335
336
|
# strategies.
|
|
336
337
|
def constraint_field_from_update_strategy(requirements_update_strategy)
|
|
337
338
|
case requirements_update_strategy
|
|
338
|
-
when
|
|
339
|
+
when RequirementsUpdateStrategy::WidenRanges
|
|
339
340
|
"constraintWidened"
|
|
340
|
-
when
|
|
341
|
+
when RequirementsUpdateStrategy::BumpVersions
|
|
341
342
|
"constraintBumped"
|
|
342
|
-
when
|
|
343
|
+
when RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
343
344
|
"constraintBumpedIfNeeded"
|
|
344
345
|
end
|
|
345
346
|
end
|
|
@@ -1,14 +1,20 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "yaml"
|
|
6
|
+
|
|
7
|
+
require "dependabot/pub/helpers"
|
|
8
|
+
require "dependabot/requirements_update_strategy"
|
|
4
9
|
require "dependabot/update_checkers"
|
|
5
10
|
require "dependabot/update_checkers/base"
|
|
6
11
|
require "dependabot/update_checkers/version_filters"
|
|
7
|
-
|
|
8
|
-
require "yaml"
|
|
12
|
+
|
|
9
13
|
module Dependabot
|
|
10
14
|
module Pub
|
|
11
15
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
12
18
|
include Dependabot::Pub::Helpers
|
|
13
19
|
|
|
14
20
|
def latest_version
|
|
@@ -112,13 +118,15 @@ module Dependabot
|
|
|
112
118
|
version_string.match?(/^[0-9a-f]{6,}$/)
|
|
113
119
|
end
|
|
114
120
|
|
|
121
|
+
sig { override.returns(T::Boolean) }
|
|
115
122
|
def latest_version_resolvable_with_full_unlock?
|
|
116
123
|
entry = current_report["multiBreaking"].find { |d| d["name"] == dependency.name }
|
|
117
124
|
# This a bit dumb, but full-unlock is only considered if we can get the
|
|
118
125
|
# latest version!
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
126
|
+
return false unless entry
|
|
127
|
+
|
|
128
|
+
(!git_revision?(entry["version"]) && latest_version == Dependabot::Pub::Version.new(entry["version"])) ||
|
|
129
|
+
latest_version == entry["version"]
|
|
122
130
|
end
|
|
123
131
|
|
|
124
132
|
def updated_dependencies_after_full_unlock
|
|
@@ -150,23 +158,24 @@ module Dependabot
|
|
|
150
158
|
|
|
151
159
|
def resolve_requirements_update_strategy
|
|
152
160
|
raise "Unexpected requirements_update_strategy #{requirements_update_strategy}" unless
|
|
153
|
-
[nil,
|
|
161
|
+
[nil, RequirementsUpdateStrategy::WidenRanges, RequirementsUpdateStrategy::BumpVersions,
|
|
162
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary].include? requirements_update_strategy
|
|
154
163
|
|
|
155
164
|
if requirements_update_strategy.nil?
|
|
156
165
|
# Check for a version field in the pubspec.yaml. If it is present
|
|
157
166
|
# we assume the package is a library, and the requirement update
|
|
158
167
|
# strategy is widening. Otherwise we assume it is an application, and
|
|
159
|
-
# go for
|
|
160
|
-
pubspec = dependency_files.find { |d| d.name == "pubspec.yaml" }
|
|
168
|
+
# go for RequirementsUpdateStrategy::BumpVersions.
|
|
169
|
+
pubspec = T.must(dependency_files.find { |d| d.name == "pubspec.yaml" })
|
|
161
170
|
begin
|
|
162
|
-
parsed_pubspec = YAML.safe_load(pubspec.content, aliases: false)
|
|
171
|
+
parsed_pubspec = YAML.safe_load(T.must(pubspec.content), aliases: false)
|
|
163
172
|
rescue ScriptError
|
|
164
|
-
return
|
|
173
|
+
return RequirementsUpdateStrategy::BumpVersions
|
|
165
174
|
end
|
|
166
175
|
if parsed_pubspec["version"].nil? || parsed_pubspec["publish_to"] == "none"
|
|
167
|
-
|
|
176
|
+
RequirementsUpdateStrategy::BumpVersions
|
|
168
177
|
else
|
|
169
|
-
|
|
178
|
+
RequirementsUpdateStrategy::WidenRanges
|
|
170
179
|
end
|
|
171
180
|
else
|
|
172
181
|
requirements_update_strategy
|
|
@@ -25,20 +25,7 @@ module Dependabot
|
|
|
25
25
|
sig { returns(String) }
|
|
26
26
|
attr_reader :build_info
|
|
27
27
|
|
|
28
|
-
sig
|
|
29
|
-
override
|
|
30
|
-
.overridable
|
|
31
|
-
.params(
|
|
32
|
-
version: T.any(
|
|
33
|
-
String,
|
|
34
|
-
Integer,
|
|
35
|
-
Float,
|
|
36
|
-
Gem::Version,
|
|
37
|
-
NilClass
|
|
38
|
-
)
|
|
39
|
-
)
|
|
40
|
-
.void
|
|
41
|
-
end
|
|
28
|
+
sig { override.params(version: VersionParameter).void }
|
|
42
29
|
def initialize(version)
|
|
43
30
|
@version_string = T.let(version.to_s, String)
|
|
44
31
|
version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
|
|
@@ -46,6 +33,11 @@ module Dependabot
|
|
|
46
33
|
super(T.must(version))
|
|
47
34
|
end
|
|
48
35
|
|
|
36
|
+
sig { override.params(version: VersionParameter).returns(Dependabot::Pub::Version) }
|
|
37
|
+
def self.new(version)
|
|
38
|
+
T.cast(super, Dependabot::Pub::Version)
|
|
39
|
+
end
|
|
40
|
+
|
|
49
41
|
sig { override.returns(String) }
|
|
50
42
|
def to_s
|
|
51
43
|
@version_string
|
|
@@ -56,20 +48,7 @@ module Dependabot
|
|
|
56
48
|
"#<#{self.class} #{@version_string}>"
|
|
57
49
|
end
|
|
58
50
|
|
|
59
|
-
sig
|
|
60
|
-
override
|
|
61
|
-
.overridable
|
|
62
|
-
.params(
|
|
63
|
-
version: T.any(
|
|
64
|
-
String,
|
|
65
|
-
Integer,
|
|
66
|
-
Float,
|
|
67
|
-
Gem::Version,
|
|
68
|
-
NilClass
|
|
69
|
-
)
|
|
70
|
-
)
|
|
71
|
-
.returns(T::Boolean)
|
|
72
|
-
end
|
|
51
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
|
73
52
|
def self.correct?(version)
|
|
74
53
|
return false if version.nil?
|
|
75
54
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-pub
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -242,7 +256,7 @@ licenses:
|
|
|
242
256
|
- Nonstandard
|
|
243
257
|
metadata:
|
|
244
258
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
245
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
259
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
246
260
|
post_install_message:
|
|
247
261
|
rdoc_options: []
|
|
248
262
|
require_paths:
|