bundle_update_interactive 0.9.1 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f45b67dd4da1f56e5bad0b154acfb7dce40b4f518eb1cf9c1101302ec3ee71f4
-  data.tar.gz: 9d763c27460be163b2dc6eaa818e770e81448244bcd0c2c94dee368b148d4a1d
+  metadata.gz: 45766051bc33bd9e477c7e1cf57bb78352732be6c0683c173330a46b6ede55bd
+  data.tar.gz: 40308582e58bd8b027be213c38fd7bdbb375a8b25a5272f30ec0cde2f1e741b9
 SHA512:
-  metadata.gz: 5bf17f343e90aa16f244c470ad9f58590702d61f610e9ac6bb4623990b997f103ea52448433f8c5273880b3f110e467c72c841fa25274c9770e21805c3ce403a
-  data.tar.gz: 248b8e8b066fa56574297c76ce25eab8bbd6b14e10ca1a8d83444679a82dae76ae7117775fa6df9753a1c847a337d2c4730270d87ec55c33186e249e9d002a02
+  metadata.gz: b826b2cd41a7e31c2e875f5d6c5333ddba6df10931bcc6eacdc191e078be51b6bb65d993a3371e587de0825306ddbad383925b45729c62d3dc3a0e8b2bb56316
+  data.tar.gz: '08a986946005d949e9a53c460ea00e338dc71512b11ba7c4ab72f9b31e31291b009cb9da175c35ece600624d8499f6b509080da0731d2cabac9525b7d5bb6c63'

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2024 Matt Brictson
+Copyright (c) 2025 Matt Brictson
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -44,6 +44,7 @@ bundle ui
 
 - `--commit` [applies each gem update in a discrete git commit](#git-commits)
 - `--latest` [modifies the Gemfile if necessary to allow the latest gem versions](#allow-latest-versions)
+- `--only-explicit` [updates Gemfile gems only (excluding indirect dependencies)](#exclude-indirect-dependencies)
 - `-D` / `--exclusively=GROUP` [limits updatable gems by Gemfile groups](#limit-impact-by-gemfile-groups)
 
 ## Features
@@ -145,6 +146,16 @@ https://github.com/rails/rails/compare/5a8d894...77dfa65
 
 This feature currently works for GitHub, GitLab, and Bitbucket repos.
 
+### Exclude indirect dependencies
+
+Just like with `bundle outdated`, you can pass `--only-explicit` to limit updates to only gems that are explicitly listed in the Gemfile.
+
+```sh
+bundle update-interactive --only-explicit
+```
+
+This will omit indirect dependencies from the list of gems that can be updated.
+
 ### Limit impact by Gemfile groups
 
 The effects of `bundle update-interactive` can be limited to one or more Gemfile groups using the `--exclusively` option:

data/lib/bundle_update_interactive/cli/options.rb

@@ -71,6 +71,9 @@ module BundleUpdateInteractive
             parser.on("--latest", "Modify the Gemfile to allow the latest gem versions") do
               options.latest = true
             end
+            parser.on("--only-explicit", "Update Gemfile gems only (no indirect dependencies)") do
+              options.only_explicit = true
+            end
             parser.on(
               "--exclusively=GROUP",
               "Update gems exclusively belonging to the specified Gemfile GROUP(s)"
@@ -94,12 +97,13 @@ module BundleUpdateInteractive
       end
 
       attr_accessor :exclusively
-      attr_writer :commit, :latest
+      attr_writer :commit, :latest, :only_explicit
 
       def initialize
         @exclusively = []
         @commit = false
         @latest = false
+        @only_explicit = false
       end
 
       def commit?
@@ -109,6 +113,10 @@ module BundleUpdateInteractive
       def latest?
         @latest
       end
+
+      def only_explicit?
+        @only_explicit
+      end
     end
   end
 end

data/lib/bundle_update_interactive/cli/table.rb

@@ -47,7 +47,7 @@ module BundleUpdateInteractive
       end
 
       def gem_names
-        rows.keys
+        rows.keys.sort
       end
 
       def render_header
@@ -61,7 +61,7 @@ module BundleUpdateInteractive
 
       def render
         lines = [render_header]
-        rows.keys.sort.each { |name| lines << render_gem(name) }
+        gem_names.each { |name| lines << render_gem(name) }
         lines.join("\n")
       end
 

data/lib/bundle_update_interactive/cli.rb

@@ -61,18 +61,25 @@ module BundleUpdateInteractive
     def generate_report(options)
       whisper "Resolving latest gem versions..."
       updater_class = options.latest? ? Latest::Updater : Updater
-      updater = updater_class.new(groups: options.exclusively)
+      updater = updater_class.new(groups: options.exclusively, only_explicit: options.only_explicit?)
 
       report = updater.generate_report
-      unless report.empty?
-        whisper "Checking for security vulnerabilities..."
-        report.scan_for_vulnerabilities!
-        progress "Finding changelogs", report.all_gems.values, &:changelog_uri
-      end
+      populate_vulnerabilities_and_changelogs_concurrently(report) unless report.empty?
 
       [report, updater]
     end
 
+    def populate_vulnerabilities_and_changelogs_concurrently(report)
+      pool = ThreadPool.new(max_threads: 25)
+      whisper "Checking for security vulnerabilities..."
+      scan_promise = pool.future(report, &:scan_for_vulnerabilities!)
+      changelog_promises = report.all_gems.map do |_, outdated_gem|
+        pool.future(outdated_gem, &:changelog_uri)
+      end
+      progress "Finding changelogs", changelog_promises, &:value!
+      scan_promise.value!
+    end
+
     def whisper(message)
       $stderr.puts(message)
     end

data/lib/bundle_update_interactive/gemfile.rb

@@ -22,5 +22,9 @@ module BundleUpdateInteractive
     def dependencies
       @dependencies.values
     end
+
+    def gem_names
+      dependencies.map(&:name)
+    end
   end
 end

data/lib/bundle_update_interactive/thread_pool.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "concurrent"
+
+module BundleUpdateInteractive
+  class ThreadPool
+    include Concurrent::Promises::FactoryMethods
+
+    def initialize(max_threads:)
+      @executor = Concurrent::ThreadPoolExecutor.new(
+        min_threads: 0,
+        max_threads: max_threads,
+        max_queue: 0
+      )
+    end
+
+    def default_executor
+      @executor
+    end
+  end
+end

data/lib/bundle_update_interactive/updater.rb

@@ -2,7 +2,8 @@
 
 module BundleUpdateInteractive
   class Updater
-    def initialize(groups: [])
+    def initialize(groups: [], only_explicit: false)
+      @only_explicit = only_explicit
       @gemfile = Gemfile.parse
       @current_lockfile = Lockfile.parse
       @candidate_gems = current_lockfile.gems_exclusively_installed_by(gemfile: gemfile, groups: groups) if groups.any?
@@ -32,12 +33,14 @@ module BundleUpdateInteractive
 
     private
 
-    attr_reader :gemfile, :current_lockfile, :candidate_gems
+    attr_reader :gemfile, :current_lockfile, :candidate_gems, :only_explicit
 
     def find_updatable_gems
       return {} if candidate_gems && candidate_gems.empty?
 
-      build_outdated_gems(BundlerCommands.read_updated_lockfile(*Array(candidate_gems)))
+      updatable = build_outdated_gems(BundlerCommands.read_updated_lockfile(*Array(candidate_gems)))
+      updatable = updatable.slice(*gemfile.gem_names) if only_explicit
+      updatable
     end
 
     def build_outdated_gems(lockfile_contents)

data/lib/bundle_update_interactive/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BundleUpdateInteractive
-  VERSION = "0.9.1"
+  VERSION = "0.11.0"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bundle_update_interactive
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.11.0
 platform: ruby
 authors:
 - Matt Brictson
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-11-24 00:00:00.000000000 Z
+date: 2025-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +37,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.4
 - !ruby/object:Gem::Dependency
   name: launchy
   requirement: !ruby/object:Gem::Requirement
@@ -108,7 +121,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
-description:
 email:
 - opensource@mattbrictson.com
 executables:
@@ -142,6 +154,7 @@ files:
 - lib/bundle_update_interactive/report.rb
 - lib/bundle_update_interactive/semver_change.rb
 - lib/bundle_update_interactive/string_helper.rb
+- lib/bundle_update_interactive/thread_pool.rb
 - lib/bundle_update_interactive/updater.rb
 - lib/bundle_update_interactive/version.rb
 homepage: https://github.com/mattbrictson/bundle_update_interactive
@@ -153,7 +166,6 @@ metadata:
   source_code_uri: https://github.com/mattbrictson/bundle_update_interactive
   homepage_uri: https://github.com/mattbrictson/bundle_update_interactive
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -168,8 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.23
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Adds an update-interactive command to Bundler
 test_files: []