dependabot-swift 0.368.0 → 0.369.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ffba3e2d47abede16d8578f4604ab638a59d08873d56dadb884f2b7a4750714b
|
|
4
|
+
data.tar.gz: d3df9f2a33ebb10871918caa8946d284457760403bc77b772d0d6be6a435820b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2f8b488b086c3d49adff713335088ea164884842d7ab07e592a29231b9a462b41cc46d0c8d314afbc5b4394b0ca8b595fcfda0cc80ee50ad6384e3933ba137d
|
|
7
|
+
data.tar.gz: 94eafc46297bc99402cea427f9d8c9cf8013101912e2edb712dbc406335954a6cec2fd1b0a532857da6820a0edfe9925fcc70ac211f52d3090fbf1b2f9953051
|
|
@@ -6,6 +6,7 @@ require "dependabot/git_commit_checker"
|
|
|
6
6
|
require "dependabot/swift/update_checker"
|
|
7
7
|
require "dependabot/swift/requirement"
|
|
8
8
|
require "dependabot/swift/version"
|
|
9
|
+
require "dependabot/swift/xcode_file_helpers"
|
|
9
10
|
require "dependabot/update_checkers/version_filters"
|
|
10
11
|
|
|
11
12
|
module Dependabot
|
|
@@ -145,12 +146,32 @@ module Dependabot
|
|
|
145
146
|
# Only versionRange has an explicit upper bound that should be respected.
|
|
146
147
|
return true if %w(exactVersion upToNextMajorVersion upToNextMinorVersion).include?(kind)
|
|
147
148
|
|
|
149
|
+
# For sub-dependencies that are not declared directly in project.pbxproj
|
|
150
|
+
# (e.g., transitive dependencies of local packages), kind will be nil and
|
|
151
|
+
# the requirement comes from Package.resolved as an equality pin.
|
|
152
|
+
# In this case, we allow updates since the actual constraint lives in
|
|
153
|
+
# the local package's Package.swift, which we don't have access to.
|
|
154
|
+
# This may produce a pin that is not resolvable for the full package graph.
|
|
155
|
+
# In Xcode mode we intentionally defer that validation to downstream
|
|
156
|
+
# SwiftPM/Xcode resolution.
|
|
157
|
+
return true if kind.nil? && package_resolved_requirement?
|
|
158
|
+
|
|
148
159
|
requirement = dependency_requirement
|
|
149
160
|
return true unless requirement
|
|
150
161
|
|
|
151
162
|
requirement.satisfied_by?(version)
|
|
152
163
|
end
|
|
153
164
|
|
|
165
|
+
# Returns true if the dependency's requirement originates from an
|
|
166
|
+
# Xcode-managed Package.resolved file (rather than project.pbxproj).
|
|
167
|
+
sig { returns(T::Boolean) }
|
|
168
|
+
def package_resolved_requirement?
|
|
169
|
+
dependency.requirements.any? do |req|
|
|
170
|
+
file = req[:file]
|
|
171
|
+
file.is_a?(String) && XcodeFileHelpers.xcode_resolved_path?(file)
|
|
172
|
+
end
|
|
173
|
+
end
|
|
174
|
+
|
|
154
175
|
sig do
|
|
155
176
|
params(
|
|
156
177
|
tags: T::Array[T::Hash[Symbol, T.untyped]]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-swift
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.369.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.369.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.369.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -274,7 +274,7 @@ licenses:
|
|
|
274
274
|
- MIT
|
|
275
275
|
metadata:
|
|
276
276
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
277
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.369.0
|
|
278
278
|
rdoc_options: []
|
|
279
279
|
require_paths:
|
|
280
280
|
- lib
|