bundle_update_interactive 0.4.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5eb0324c92b1a60c3611ce47993022fef9c3d69aeba735a752252cc2cffe8158
-  data.tar.gz: f68c74d7fc286abf743796b3323bed579736bf548ccc2a405b8a2433bf3eddf1
+  metadata.gz: e71278ee6c0ffbfb39537712a8d97e956c57062dad9723d358d97474cf63b69c
+  data.tar.gz: 13491cad6f990d97fb3a2c918913fb4bc5eb5048829a18dd8c5400f6e5f9fadf
 SHA512:
-  metadata.gz: 874b63b22b4ff2ad9101f9a5a51b2947cf27009ff37096ae0ff3f00e3f5de5ba2ea32a4e2a2adae0d46bf4a523868deb5f8f7ec45599f988719a983e1bb9e16f
-  data.tar.gz: 7f134fec1b5304ed93921506a4e763a1f7ef7954f812b679cb63e271c99fc76bd291f68f1e9fd51a532a3d63a55e74ad01657767250924cd8a2a0d0d7baa69ce
+  metadata.gz: 9bf5c295484ae3aa19d12d5891afd7883873204d0a9314babcf111b832cab60b89be13afcb6f33e8a8d2cbc7b702df9b0c800ca0639a2c8148e56adb6964cde4
+  data.tar.gz: 0caebaf4d1bbc2a2d3cd6a5820ed031491a41a43286d7ba6f3e7bf419c28c5627ac58b8bed0407658d46efdc01d105f75857c66784b61b98eb581c00fe0ec575

data/lib/bundle_update_interactive/bundler_commands.rb

@@ -1,22 +1,31 @@
 # frozen_string_literal: true
 
+require "bundler"
 require "shellwords"
 
 module BundleUpdateInteractive
   module BundlerCommands
     class << self
       def update_gems_conservatively(*gems)
-        system "bundle update --conservative #{gems.flatten.map(&:shellescape).join(' ')}"
+        system "#{bundle_bin.shellescape} update --conservative #{gems.flatten.map(&:shellescape).join(' ')}"
       end
 
       def read_updated_lockfile(*gems)
-        command = ["bundle lock --print"]
+        command = ["#{bundle_bin.shellescape} lock --print"]
         command << "--conservative" if gems.any?
         command << "--update"
         command.push(*gems.flatten.map(&:shellescape))
 
         `#{command.join(" ")}`.tap { raise "bundle lock command failed" unless Process.last_status.success? }
       end
+
+      private
+
+      def bundle_bin
+        Gem.bin_path("bundler", "bundle", Bundler::VERSION)
+      rescue Gem::GemNotFoundException
+        "bundle"
+      end
     end
   end
 end

data/lib/bundle_update_interactive/changelog_locator.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "faraday"
 require "json"
 
 module BundleUpdateInteractive
@@ -32,16 +31,16 @@ module BundleUpdateInteractive
         return "https://github.com/#{changelog_path}" if changelog_path
 
         releases_url = "https://github.com/#{path}/releases"
-        releases_url if Faraday.head("#{releases_url}/tag/v#{version}").success?
+        releases_url if HTTP.head("#{releases_url}/tag/v#{version}").success?
       end
 
       private
 
       def fetch_repo_html(follow_redirect:)
-        response = Faraday.get("https://github.com/#{path}")
+        response = HTTP.get("https://github.com/#{path}")
 
-        if response.status == 301 && follow_redirect
-          @path = response.headers["Location"][GITHUB_PATTERN, 1]
+        if response.code == "301" && follow_redirect
+          @path = response["Location"][GITHUB_PATTERN, 1]
           return fetch_repo_html(follow_redirect: false)
         end
 
@@ -69,7 +68,7 @@ module BundleUpdateInteractive
                   "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
                 end
 
-      response = Faraday.get(api_url)
+      response = HTTP.get(api_url)
 
       # Try again without the version in case the version does not exist at rubygems for some reason.
       # This can happen when using a pre-release Ruby that has a bundled gem newer than the published version.

data/lib/bundle_update_interactive/cli/multi_select.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "launchy"
 require "pastel"
 require "tty/prompt"
 require "tty/screen"
@@ -8,6 +9,7 @@ class BundleUpdateInteractive::CLI
   class MultiSelect
     class List < TTY::Prompt::MultiList
       def initialize(prompt, **options)
+        @opener = options.delete(:opener)
         defaults = {
           cycle: true,
           help_color: :itself.to_proc,
@@ -21,48 +23,64 @@ class BundleUpdateInteractive::CLI
       def selected_names
         ""
       end
+
+      # Unregister tty-prompt's default ctrl-a and ctrl-r bindings
+      alias select_all keyctrl_a
+      alias reverse_selection keyctrl_r
+      def keyctrl_a(*); end
+      def keyctrl_r(*); end
+
+      def keypress(event)
+        case event.value
+        when "k", "p" then keyup
+        when "j", "n" then keydown
+        when "a" then select_all
+        when "r" then reverse_selection
+        when "o" then opener&.call(choices[@active - 1].value)
+        end
+      end
+
+      private
+
+      attr_reader :opener
     end
 
-    def self.prompt_for_gems_to_update(outdated_gems)
+    def self.prompt_for_gems_to_update(outdated_gems, prompt: nil)
       table = Table.new(outdated_gems)
       title = "#{outdated_gems.length} gems can be updated."
-      chosen = new(title: title, table: table).prompt
+      opener = lambda do |gem|
+        url = outdated_gems[gem].changelog_uri
+        Launchy.open(url) unless url.nil?
+      end
+      chosen = new(title: title, table: table, prompt: prompt, opener: opener).prompt
       outdated_gems.slice(*chosen)
     end
 
-    def initialize(title:, table:)
+    def initialize(title:, table:, opener: nil, prompt: nil)
       @title = title
       @table = table
-      @tty_prompt = TTY::Prompt.new(
+      @opener = opener
+      @tty_prompt = prompt || TTY::Prompt.new(
         interrupt: lambda {
           puts
           exit(130)
         }
       )
-      add_keybindings
-
       @pastel = BundleUpdateInteractive.pastel
     end
 
     def prompt
       choices = table.gem_names.to_h { |name| [table.render_gem(name), name] }
-      tty_prompt.invoke_select(List, title, choices, help: help)
+      tty_prompt.invoke_select(List, title, choices, help: help, opener: opener)
     end
 
     private
 
-    attr_reader :pastel, :table, :tty_prompt, :title
-
-    def add_keybindings
-      tty_prompt.on(:keypress) do |event|
-        tty_prompt.trigger(:keyup) if %w[k p].include?(event.value)
-        tty_prompt.trigger(:keydown) if %w[j n].include?(event.value)
-      end
-    end
+    attr_reader :pastel, :table, :opener, :tty_prompt, :title
 
     def help
       [
-        pastel.dim("\nPress <space> to select, ↑/↓ move, <ctrl-a> all, <ctrl-r> reverse, <enter> to finish."),
+        pastel.dim("\nPress <space> to select, ↑/↓ move, <a> all, <r> reverse, <o> open url, <enter> to finish."),
         "\n    ",
         table.render_header
       ].join

data/lib/bundle_update_interactive/cli/options.rb

@@ -13,30 +13,70 @@ module BundleUpdateInteractive
         options.freeze
       end
 
+      def summary
+        build_parser(new).summarize.join.gsub(/^\s+-.*?  /, pastel.yellow('\0'))
+      end
+
+      def help # rubocop:disable Metrics/AbcSize
+        <<~HELP
+          Provides an easy way to update gems to their latest versions.
+
+          #{pastel.bold.underline('USAGE')}
+            #{pastel.green('bundle update-interactive')} #{pastel.yellow('[options]')}
+            #{pastel.green('bundle ui')} #{pastel.yellow('[options]')}
+
+          #{pastel.bold.underline('OPTIONS')}
+          #{summary}
+          #{pastel.bold.underline('DESCRIPTION')}
+            Displays the list of gems that would be updated by `bundle update`, allowing you
+            to navigate them by keyboard and pick which ones to update. A changelog URL,
+            when available, is displayed alongside each update. Gems with known security
+            vulnerabilities are also highlighted.
+
+            Your Gemfile.lock will be updated conservatively based on the gems you select.
+            Transitive dependencies are not affected.
+
+            More information: #{pastel.blue('https://github.com/mattbrictson/bundle_update_interactive')}
+
+          #{pastel.bold.underline('EXAMPLES')}
+            Show all gems that can be updated.
+            #{pastel.green('bundle update-interactive')}
+
+            The "ui" command alias can also be used.
+            #{pastel.green('bundle ui')}
+
+            Show updates for development and test gems only, leaving production gems untouched.
+            #{pastel.green('bundle update-interactive')} #{pastel.yellow('-D')}
+
+        HELP
+      end
+
       private
 
-      def build_parser(options) # rubocop:disable Metrics/MethodLength
+      def pastel
+        BundleUpdateInteractive.pastel
+      end
+
+      def build_parser(options) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
         OptionParser.new do |parser|
-          parser.banner = "Usage: bundle update-interactive"
+          parser.summary_indent = "  "
+          parser.summary_width = 24
           parser.on(
             "--exclusively=GROUP",
-            "Update gems that exclusively belong to the specified Gemfile GROUP(s) (comma-separated)"
+            "Update gems exclusively belonging to the specified Gemfile GROUP(s)"
           ) do |value|
             options.exclusively = value.split(",").map(&:strip).reject(&:empty?).map(&:to_sym)
           end
-          parser.on(
-            "-D",
-            "Update development and test gems only; short for --exclusively=development,test"
-          ) do
+          parser.on("-D", "Shorthand for --exclusively=development,test") do
             options.exclusively = %i[development test]
           end
-          parser.on("-v", "--version", "Display bundle_update_interactive version") do
+          parser.on("-v", "--version", "Display version") do
             require "bundler"
             puts "bundle_update_interactive/#{VERSION} bundler/#{Bundler::VERSION} #{RUBY_DESCRIPTION}"
             exit
           end
           parser.on("-h", "--help", "Show this help") do
-            puts parser
+            puts help
             exit
           end
         end

data/lib/bundle_update_interactive/http.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "uri"
+
+module BundleUpdateInteractive
+  module HTTP
+    module Success
+      def success?
+        code.start_with?("2")
+      end
+    end
+
+    class << self
+      def get(url)
+        http(:get, url)
+      end
+
+      def head(url)
+        http(:head, url)
+      end
+
+      private
+
+      def http(method, url_string)
+        uri = URI(url_string)
+        response = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme.end_with?("s")) do |http|
+          http.public_send(method, uri.request_uri)
+        end
+        response.extend(Success)
+      end
+    end
+  end
+end

data/lib/bundle_update_interactive/outdated_gem.rb

@@ -10,7 +10,7 @@ module BundleUpdateInteractive
                   :updated_version,
                   :updated_git_version
 
-    attr_writer :rubygems_source, :vulnerable
+    attr_writer :changelog_uri, :rubygems_source, :vulnerable
 
     def initialize(**attrs)
       @vulnerable = nil

data/lib/bundle_update_interactive/semver_change.rb

@@ -10,10 +10,12 @@ module BundleUpdateInteractive
 
       @same_segments = new_segments.take_while.with_index { |seg, i| seg == old_segments[i] }
       @diff_segments = new_segments[same_segments.length..]
+
+      @changed = diff_segments.any? || old_segments.length != new_segments.length
     end
 
     def severity
-      return nil if diff_segments.empty?
+      return nil unless @changed
 
       SEVERITIES[same_segments.length] || :patch
     end

data/lib/bundle_update_interactive/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BundleUpdateInteractive
-  VERSION = "0.4.0"
+  VERSION = "0.6.0"
 end

data/lib/bundle_update_interactive.rb

@@ -8,6 +8,7 @@ module BundleUpdateInteractive
   autoload :CLI, "bundle_update_interactive/cli"
   autoload :Error, "bundle_update_interactive/error"
   autoload :Gemfile, "bundle_update_interactive/gemfile"
+  autoload :HTTP, "bundle_update_interactive/http"
   autoload :Lockfile, "bundle_update_interactive/lockfile"
   autoload :LockfileEntry, "bundle_update_interactive/lockfile_entry"
   autoload :OutdatedGem, "bundle_update_interactive/outdated_gem"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundle_update_interactive
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Matt Brictson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-30 00:00:00.000000000 Z
+date: 2024-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -39,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.9.1
 - !ruby/object:Gem::Dependency
-  name: faraday
+  name: launchy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 2.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 2.5.0
 - !ruby/object:Gem::Dependency
   name: pastel
   requirement: !ruby/object:Gem::Requirement
@@ -117,6 +117,7 @@ files:
 - lib/bundle_update_interactive/cli/table.rb
 - lib/bundle_update_interactive/error.rb
 - lib/bundle_update_interactive/gemfile.rb
+- lib/bundle_update_interactive/http.rb
 - lib/bundle_update_interactive/lockfile.rb
 - lib/bundle_update_interactive/lockfile_entry.rb
 - lib/bundle_update_interactive/outdated_gem.rb