bundle_update_interactive 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +87 -2
  3. data/lib/bundle_update_interactive/changelog_locator.rb +2 -2
  4. data/lib/bundle_update_interactive/outdated_gem.rb +1 -1
  5. data/lib/bundle_update_interactive/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29c88bba35c4c9dc4c8240fc82afaa24c6ca1285ceceef1a43eef812b40cf090
4
- data.tar.gz: a2fe1b8c99049ace9618297eebe954f3f744219eb11dc7298364611069ed0eb8
3
+ metadata.gz: 24de9c6dde2b3514ffad21a64256359200e2bb717b1a0385caa8d032776d5fe6
4
+ data.tar.gz: 4a1a1c65bd89e4c7e17d563c2a854c80e07edeb7d04e6b4ffdf3cbef1d47ddee
5
5
  SHA512:
6
- metadata.gz: 534ea176d1c50e3caaafcf10c35fbd4f3ca5732cde8beab21bb3889ea6c85e7011dd52118f1d161dad9f0fb93a2046115fa3e30fc5b637764c02cb35d646b21f
7
- data.tar.gz: 2c9fee79c3d3404daac0558c44ed79717e493d47155d58a73fa4485470e119d51cd6be315e4830f449c3c8f96a18ea726eb56bd992db3485d0e3e1cfe692ccf2
6
+ metadata.gz: 493421b5621ff128b56ed96041fd4c1e776de8c0160f330d8458d40963248e2c2e779dc64c7f7afd390c2f98d62a6203b3495534e7b57051f79add6edc729715
7
+ data.tar.gz: 638b235f21664177f8b9de29a0b69b9229ef1b57fc985c4ba6c73678ca2142a926caff18626a809b4ab4fdd2aeff4573e7a4137c471ca569d62b95e55322e0ec
data/README.md CHANGED
@@ -5,13 +5,15 @@
5
5
  [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/mattbrictson/bundle_update_interactive/ci.yml)](https://github.com/mattbrictson/bundle_update_interactive/actions/workflows/ci.yml)
6
6
  [![Code Climate maintainability](https://img.shields.io/codeclimate/maintainability/mattbrictson/bundle_update_interactive)](https://codeclimate.com/github/mattbrictson/bundle_update_interactive)
7
7
 
8
- This gem adds an `update-interactive` command to [Bundler](https://bundler.io).
8
+ **This gem adds an `update-interactive` command to [Bundler](https://bundler.io).** Run it to see what gems can be updated, then pick and choose which ones to update. If you've used `yarn upgrade-interactive`, the interface should be very familiar.
9
9
 
10
- https://github.com/user-attachments/assets/3ec11073-b365-4f92-be76-60c9ac73d1be
10
+ <img src="images/update-interactive.png" alt="Screenshot of update-interactive UI" width="1154" />
11
11
 
12
12
  ---
13
13
 
14
14
  - [Quick start](#quick-start)
15
+ - [Features](#features)
16
+ - [Prior art](#prior-art)
15
17
  - [Support](#support)
16
18
  - [License](#license)
17
19
  - [Code of conduct](#code-of-conduct)
@@ -37,6 +39,85 @@ Or the shorthand:
37
39
  bundle ui
38
40
  ```
39
41
 
42
+ ## Features
43
+
44
+ ### Semver highlighting
45
+
46
+ `bundle update-interactive` highlights each gem according the severity of its version upgrade.
47
+
48
+ <img src="images/semver.png" alt="Severities are in red, yellow, and green" width="480" />
49
+
50
+ Gems sourced from Git repositories are highlighted in cyan, regardless of the semver change, due to the fact that new commits pulled from the Git repo may not yet be officially released. In this case the semver information is unknown.
51
+
52
+ `bundle update-interactive` also highlights the exact portion of the version number that has changed, so you can quickly scan gem versions for important differences.
53
+
54
+ <img src="images/version-highlight.png" alt="Screenshot of highlighted version numbers" width="70" />
55
+
56
+ ### Security vulnerabilities
57
+
58
+ `bundle update-interactive` uses [bundler-audit](https://github.com/rubysec/bundler-audit) internally to search for outdated gems that have known security vulnerabilities. These gems are highlighted prominently with white text on a red background.
59
+
60
+ <img src="images/security.png" alt="Screenshot of security vulnerability highlighted in red" width="402" />
61
+
62
+ Some gems, notably `rails`, are composed of smaller gems like `actionpack`, `activesupport`, `railties`, etc. Because of how these component gem versions are constrained, you cannot update just one of them; they all must be updated together.
63
+
64
+ Therefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.
65
+
66
+ ### Changelogs
67
+
68
+ `bundle update-interactive` will do its best to find an appropriate changelog for each gem.
69
+
70
+ It prefers the `changelog_uri` [metadata](https://guides.rubygems.org/specification-reference/#metadata) published in the gem itself. However, this metadata field is optional, and many gem authors do not provide it.
71
+
72
+ As a fallback, `bundle update-interactive` will check if the gem's source code is hosted on GitHub, and scans the GitHub repo for obvious changelog files like `CHANGELOG.md`, `NEWS`, etc. Finally, if the project is actively documenting versions using GitHub Releases, the Releases URL will be used.
73
+
74
+ If you discover a gem that is missing a changelog in `bundle update-interactive`, [log an issue](https://github.com/mattbrictson/bundle_update_interactive/issues) and I'll see if the algorithm can be improved.
75
+
76
+ ### Git diffs
77
+
78
+ If your `Gemfile` sources a gem from a GitHub repo like this:
79
+
80
+ ```ruby
81
+ gem "rails", github: "rails/rails", branch: "7-1-stable"
82
+ ```
83
+
84
+ Then `bundle update-interactive` will show a GitHub diff link instead of a changelog, so you can see exactly what changed when the gem is updated. For example:
85
+
86
+ https://github.com/rails/rails/compare/5a8d894...77dfa65
87
+
88
+ Currently only GitHub repos are supported, but I'm considering adding GitLab and BitBucket as well.
89
+
90
+ ### Conservative updates
91
+
92
+ `bundle update-interactive` updates the gems you select by running `bundle update --conservative [GEMS...]`. This means that only those specific gems will be updated. Indirect dependencies shared with other gems will not be affected.
93
+
94
+ <img src="images/conservative.png" alt="Screenshot of gems being updated" width="762" />
95
+
96
+ An exception is made for "meta gems" like `rails` that are composed of dependencies locked at exact versions. For example, if you chose to upgrade `rails`, the actual command issued to Bundler will be:
97
+
98
+ ```
99
+ bundle update --conservative \
100
+ rails \
101
+ actioncable \
102
+ actionmailbox \
103
+ actionmailer \
104
+ actionpack \
105
+ actiontext \
106
+ actionview \
107
+ activejob \
108
+ activemodel \
109
+ activerecord \
110
+ activestorage \
111
+ activesupport \
112
+ railties
113
+ ```
114
+
115
+ ## Prior art
116
+
117
+ This project was inspired by [yarn upgrade-interactive](https://classic.yarnpkg.com/lang/en/docs/cli/upgrade-interactive/), and borrows many of its interface ideas.
118
+
119
+ Before creating `bundle update-interactive`, I published [bundleup](https://github.com/mattbrictson/bundleup), a gem that serves a similar purpose but with a simpler, non-interactive approach.
120
+
40
121
  ## Support
41
122
 
42
123
  If you want to report a bug, or have ideas, feedback or questions about the gem, [let me know via GitHub issues](https://github.com/mattbrictson/bundle_update_interactive/issues/new) and I will do my best to provide a helpful answer. Happy hacking!
@@ -52,3 +133,7 @@ Everyone interacting in this project’s codebases, issue trackers, chat rooms a
52
133
  ## Contribution guide
53
134
 
54
135
  Pull requests are welcome!
136
+
137
+ To test your locally cloned version of `bundle update-interactive`, run `rake install`. This will install the gem and its executable so that you can try it out on other local projects.
138
+
139
+ Before submitting a PR, make sure to run `rake` to see if there are any RuboCop or test failures.
data/lib/bundle_update_interactive/changelog_locator.rb CHANGED
@@ -5,8 +5,8 @@ require "json"
5
5
 
6
6
  GITHUB_PATTERN = %r{^(?:https?://)?github\.com/([^/]+/[^/]+)(?:\.git)?/?}.freeze
7
7
  URI_KEYS = %w[source_code_uri homepage_uri bug_tracker_uri wiki_uri].freeze
8
- FILE_PATTERN = /(?:changelog|changes|history|news|release)/.freeze
9
- EXT_PATTERN = /(?:md|txt|rdoc)/.freeze
8
+ FILE_PATTERN = /changelog|changes|history|news|release/i.freeze
9
+ EXT_PATTERN = /md|txt|rdoc/i.freeze
10
10
 
11
11
  module BundleUpdateInteractive
12
12
  class ChangelogLocator
data/lib/bundle_update_interactive/outdated_gem.rb CHANGED
@@ -35,7 +35,7 @@ module BundleUpdateInteractive
35
35
  return @changelog_uri if defined?(@changelog_uri)
36
36
 
37
37
  @changelog_uri =
38
- if git_version_changed?
38
+ if git_version_changed? && github_repo
39
39
  "https://github.com/#{github_repo}/compare/#{current_git_version}...#{updated_git_version}"
40
40
  elsif rubygems_source?
41
41
  changelog_locator.find_changelog_uri(name: name, version: updated_version.to_s)
data/lib/bundle_update_interactive/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module BundleUpdateInteractive
4
- VERSION = "0.2.0"
4
+ VERSION = "0.2.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundle_update_interactive
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Brictson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-07-14 00:00:00.000000000 Z
11
+ date: 2024-07-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler