bundler-audited_update 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1643d8c2c255b6e6b6aa935f7f9d9703a9218e4f28fbd9b3985922d59e98abdf
-  data.tar.gz: 2e45069ebfc4b3d036173628837f5fabb97397b16e99181d9145969601309909
+  metadata.gz: 55ee9261d8740b888e04057710f5a0b25b6155ca49fcae312702afba4ff9762b
+  data.tar.gz: dc14cf4a44acb080253bf2ae3f369f8b4ae62f948c532a98a1bb36d665795f34
 SHA512:
-  metadata.gz: c8febdb50ed26521ef4be10736d606ebcd8d3a5960f6d73a4eb32415ac092e314c83302d301042058c429f6c4ecf0fdf26e98a802586231a82f706e7339efab3
-  data.tar.gz: 6e9bbb78c2f333555143ed05c88b922417430c13929da830210e873a07d238148fe08ca006463a9942c9bc110106eceef293421c02fa35ef96b73c1c3f02ca2e
+  metadata.gz: 2f256a3a79e6f20e4a5d054fc4e519e364ce902f006be752098ff3d9e17b93887079d16e0a1b7fd869f1de49d1f4e7f8f194abce6a4996c37a45afa492521783
+  data.tar.gz: a97bdd6cf867e5f4661741c8f643adb83c5d618fed11ea9aa0d373fdd4f56b19576123c74a0ad432470112546c2be38a9af9b023c61a5b835b07bdfb09e66b4f

data/bin/audited_bundle_update

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-require "bundler/audited_update"
+require 'bundler/audited_update'
 
 Bundler::AuditedUpdate.new.run!

data/lib/bundler/audited_update.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 require 'bundler'
 require 'bundler/lockfile_parser'
-require "bundler/cli"
-require "bundler/cli/update"
-require "open-uri"
+require 'bundler/cli'
+require 'bundler/cli/update'
+require 'open-uri'
 require 'net/http'
 require 'json'
 require 'versionomy'
@@ -10,25 +12,31 @@ require 'launchy'
 
 module Bundler
   class AuditedUpdate
+    CHANGELOG_URLS = {
+      "graphql-pro" => "https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG-pro.md",
+      "sidekiq" => "https://github.com/mperham/sidekiq/blob/main/Changes.md",
+      "faraday" => "https://github.com/lostisland/faraday/releases"
+    }
+
     def run!
       @before_specs = gem_specs
       bundle_update
       @after_specs = gem_specs
 
-      @output = ""
+      @output = ''
       @output += "# Gem Changes\n"
       @output += "\n"
 
-      output_gems("Added Gems", added_gems)
-      output_gems("Removed Gems", removed_gems)
+      output_gems('Added Gems', added_gems)
+      output_gems('Removed Gems', removed_gems)
       output_changed_gems(changed_gems)
 
       puts "\n\n\n\n\n"
 
-      puts "--------------------------------"
-      puts "Upgraded Gems"
-      puts "(Generated with bundler-audited_updated https://github.com/bmulholland/audited_bundle_update)"
-      puts "--------------------------------"
+      puts '--------------------------------'
+      puts 'Upgraded Gems'
+      puts '(Generated with bundler-audited_updated https://github.com/bmulholland/audited_bundle_update)'
+      puts '--------------------------------'
 
       puts @output
     end
@@ -46,16 +54,20 @@ module Bundler
     def output_changed_gems(gems)
       return if gems.empty?
 
-      major_upgrades = gems.select {|_, versions| versions[:before].major != versions[:after].major }
-      minor_upgrades = gems.select {|name, versions| !major_upgrades.keys.include?(name) && versions[:before].minor != versions[:after].minor }
-      point_upgrades = gems.reject { |name, _| major_upgrades.keys.include?(name) || minor_upgrades.keys.include?(name) }
+      major_upgrades = gems.reject { |_, versions| versions[:before].major == versions[:after].major }
+      minor_upgrades = gems.select do |name, versions|
+        !major_upgrades.keys.include?(name) && versions[:before].minor != versions[:after].minor
+      end
+      point_upgrades = gems.reject do |name, _|
+        major_upgrades.keys.include?(name) || minor_upgrades.keys.include?(name)
+      end
 
       @output += "## Upgraded Gems\n"
       @output += "\n"
 
-      output_changed_gems_section("Major", major_upgrades)
-      output_changed_gems_section("Minor", minor_upgrades)
-      output_changed_gems_section("Point", point_upgrades)
+      output_changed_gems_section('Major', major_upgrades)
+      output_changed_gems_section('Minor', minor_upgrades)
+      output_changed_gems_section('Point', point_upgrades)
 
       @output += "\n"
     end
@@ -69,82 +81,137 @@ module Bundler
     end
 
     def gem_output(name, version)
-      if version.is_a? Hash
-        version_string = "#{version[:before]} -> #{version[:after]}"
-        info = gem_info(name, version[:after])
+      # gems that are continuously released and therefore have no helpful
+      # changelog
+      continuously_released_gems = %w[aws-partitions aws-sdk-core sorbet sorbet-runtime
+                                      sorbet-static-and-runtime]
+
+      if continuously_released_gems.include?(name)
+        puts "\n\n\n"
+        puts '--------------------------------'
+        puts "#{name} updated"
+        puts '--------------------------------'
+
+        if version.is_a? Hash
+          info = gem_info(name, version[:after])
+          version_string = "#{version[:before]} -> #{version[:after]}"
+        else
+          info = gem_info(name, version)
+          version_string = version
+        end
 
         guessed_source = gem_source_url(info)
+        change_detail = guessed_source
 
-        if guessed_source
-          changelog_text, changelog_url = guess_changelog(guessed_source)
-
-          if changelog_text && !changelog_text.empty?
-            puts "\n\n\n"
-            puts "--------------------------------"
-            puts "#{name} changes from #{version_string}"
-            puts "--------------------------------"
-            # Output the changelog text from top until the line that contains the previous version
-            changelog_output = changelog_text.split(/^.*#{Regexp.escape(version[:before].to_s)}/, 2).first
-              # Max 200 lines
-              changelog_output = changelog_output.lines.to_a[0...200].join
-            puts changelog_output
-            impact = nil
-            while impact.nil?
-              puts "Does #{name} #{version_string} impact your application? (y/n/[o]pen in browser)"
-              answer = gets
-              answer = answer.downcase.strip
-              if answer == "y"
-                puts "What's a short description of the impact?"
-                impact = gets
-              elsif answer == "n"
-                impact = "No impact"
-              elsif answer == "o"
-                Launchy.open(changelog_url)
-              else
-                puts "Invalid answer"
-              end
-            end
+        puts 'This gem is continuously updated, with no meaningful changelog.'
+
+        impact = nil
+        while impact.nil?
+          puts "Does #{name} #{version_string} impact your application? (y/n/[o]pen in browser)"
+          answer = gets
+          answer = answer.downcase.strip
+          case answer
+          when 'y'
+            puts "What's a short description of the impact?"
+            impact = gets
+          when 'n'
+            impact = 'No impact'
+          when 'o'
+            Launchy.open(guessed_source)
+          else
+            puts 'Invalid answer'
+          end
+        end
+
+        change_detail = impact
 
-            change_detail = impact
+      elsif version.is_a? Hash
+        version_string = "#{version[:before]} -> #{version[:after]}"
+        info = gem_info(name, version[:after])
+
+        changelog_text, changelog_url = guess_changelog(
+          name, gem_source_url(info)
+        )
+
+        if changelog_text && !changelog_text.empty?
+          puts "\n\n\n"
+          puts '--------------------------------'
+          puts "#{name} changes from #{version_string}"
+          puts '--------------------------------'
+
+          # Output the changelog text from top until the line that contains the previous version
+          changelog_output = changelog_text.split(/^.*#{Regexp.escape(version[:before].to_s)}/, 2).first
+
+          # Max 200 lines
+          changelog_output = changelog_output.lines.to_a[0...200].join
+
+          puts changelog_output
+          impact = nil
+          while impact.nil?
+            puts "Does #{name} #{version_string} impact your application? (y/n/[o]pen in browser)"
+            answer = gets
+            answer = answer.downcase.strip
+            case answer
+            when 'y'
+              puts "What's a short description of the impact?"
+              impact = gets
+            when 'n'
+              impact = 'No impact'
+            when 'o'
+              Launchy.open(changelog_url)
+            else
+              puts 'Invalid answer'
+            end
           end
+
+          change_detail = impact
         end
 
       else
         version_string = version
         info = gem_info(name, version)
-        guessed_source = gem_source_url(info)
-        change_detail = guessed_source
+        change_detail = gem_source_url(info)
       end
 
-      change_detail ||= "Unsupported source URL, cannot search for changelog"
-
+      change_detail ||= 'Unsupported source URL, cannot search for changelog'
 
       @output += "* #{name} (#{version_string}): #{change_detail}\n"
     end
 
-    def guess_changelog(root_url)
-      filenames = %w{
-      CHANGELOG
-      CHANGELOG.md
-      Changelog
-      Changelog.md
-      History
-      History.md
-      HISTORY.md
-      History.rdoc
-      Changes
-      CHANGES
-      CHANGES.md
-      NEWS
-      }
+    def guess_changelog(name, root_url)
+      # There are always going to be exceptions, so just hardcode those.
+      root_url = CHANGELOG_URLS[name] if CHANGELOG_URLS.key?(name)
+
+      return nil unless root_url
+
+      filenames = %w[
+        CHANGELOG
+        CHANGELOG.md
+        Changelog
+        Changelog.md
+        History
+        History.md
+        HISTORY.md
+        History.rdoc
+        Changes
+        CHANGES
+        CHANGES.md
+        NEWS
+      ]
       changelog_text = nil
       changelog_url = nil
 
-      filenames.each do |filename|
-        changelog_text = try_changelog_url(root_url, filename)
-        if changelog_text
-          changelog_url = changelog_url_for(root_url, filename)
-          break
+      root_url_is_releases_page = root_url.end_with?("/releases")
+
+      changelog_url = root_url if root_url_is_releases_page
+
+      unless changelog_url
+        filenames.each do |filename|
+          changelog_text = try_changelog_url(root_url, filename)
+          if changelog_text
+            changelog_url = changelog_url_for(root_url, filename)
+            break
+          end
         end
       end
 
@@ -154,7 +221,7 @@ module Bundler
       end
 
       unless changelog_text
-        changelog_text = "Could not find changelog URL, try manually"
+        changelog_text = 'Could not find changelog URL, try manually'
         changelog_url = root_url
       end
 
@@ -162,8 +229,10 @@ module Bundler
     end
 
     def gem_source_url(info)
-      source_url_guess = info["source_code_uri"] || info["homepage_uri"]
-      if source_url_guess&.include?("github.com")
+      return nil unless info
+
+      source_url_guess = info['source_code_uri'] || info['homepage_uri']
+      if source_url_guess&.include?('github.com')
         source_url_guess
       else
         # Unsupported source URL
@@ -172,22 +241,22 @@ module Bundler
     end
 
     def added_gems
-      @after_specs.reject {|spec| @before_specs.map(&:name).include?(spec.name) }
+      @after_specs.reject { |spec| @before_specs.map(&:name).include?(spec.name) }
     end
 
     def removed_gems
-      @before_specs.reject {|spec| @after_specs.map(&:name).include?(spec.name) }
+      @before_specs.reject { |spec| @after_specs.map(&:name).include?(spec.name) }
     end
 
     def changed_gems
       gems = @after_specs.reject do |after_spec|
-        before_spec = @before_specs.find {|before_spec| before_spec && before_spec.name == after_spec.name }
+        before_spec = @before_specs.find { |before_spec| before_spec && before_spec.name == after_spec.name }
         !before_spec || before_spec.version == after_spec.version
       end
 
       gems.map! do |the_gem|
-        before_gem = @before_specs.find {|before_spec| before_spec.name == the_gem.name }
-        after_gem = @after_specs.find {|after_spec| after_spec.name == the_gem.name }
+        before_gem = @before_specs.find { |before_spec| before_spec.name == the_gem.name }
+        after_gem = @after_specs.find { |after_spec| after_spec.name == the_gem.name }
         versions = {
           before: Versionomy.parse(before_gem.version.to_s),
           after: Versionomy.parse(after_gem.version.to_s)
@@ -199,42 +268,47 @@ module Bundler
     end
 
     def github_releases_url(source_root)
-      api_source_root = source_root.gsub("github.com/", "api.github.com/repos/")
-      "#{api_source_root}/releases"
+      api_source_root = source_root.gsub('github.com/', 'api.github.com/repos/')
+      api_source_root.end_with?("/releases") ? api_source_root : "#{api_source_root}/releases"
     end
 
     def github_releases_bodies(source_root)
       response = ::URI.parse(github_releases_url(source_root)).read
       releases = JSON.parse(response)
-      release_notes = ""
+      release_notes = ''
       releases.each do |release|
-        next unless release["body"]
-        release_notes += release["name"]
+        next unless release['body']
+
+        release_notes += release['name']
         release_notes += "\n"
-        release_notes += release["body"]
+        release_notes += release['body']
         release_notes += "\n"
         release_notes += "\n"
       end
       release_notes
     rescue OpenURI::HTTPError
-      return nil
+      nil
     end
 
     def changelog_url_for(source_root, filename)
-      raw_source_root = source_root.gsub("github.com", "raw.githubusercontent.com")
+      raw_source_root = source_root.gsub('github.com', 'raw.githubusercontent.com')
       url = "#{raw_source_root}/master/#{filename}"
     end
 
     def try_changelog_url(source_root, filename)
       ::URI.parse(changelog_url_for(source_root, filename)).read
     rescue OpenURI::HTTPError
-      return nil
+      nil
     end
 
     def gem_info(name, version)
       gem_url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}"
       response = ::URI.parse(gem_url).read
       JSON.parse(response)
+    rescue OpenURI::HTTPError => e
+      # return nil for 404 - which means the gem doens't exist on rubygems,
+      # probably private
+      raise unless e.message.include?('404')
     end
 
     def gem_specs

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundler-audited_update
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Brendan Mulholland
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-07 00:00:00.000000000 Z
+date: 2022-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: versionomy
+  name: launchy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: launchy
+  name: versionomy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -79,7 +79,8 @@ files:
 homepage: http://rubygems.org/gems/bundler-audited_update
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -95,7 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Streamlined bundler audit with Changelog detection and summary ouput