bundler-patch 0.10.0 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -1
- data/BUNDLER.md +113 -9
- data/lib/bundler/patch/cli.rb +5 -1
- data/lib/bundler/patch/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0bef08487b69dc8e1c916b94ff9521b81a98fc32
|
|
4
|
+
data.tar.gz: 0f7b9182907bddeed7c3446888768e52f4a3c5f2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf826e0aea2b3767a36ddbc847dbd81d480375d390629b7c12aa77531fe9ea4f2ef26ad8eec9e0d7762b76dd981ef563f350897c30e6cdbb9a740382a6c3f940
|
|
7
|
+
data.tar.gz: 2d4abd9a98d399a0dcbb3ed4b9e537b8093a571469e710e11f93f24e022103d18ae536f749f75ceaffaac79d558064a478116cfad2bfb4b4aa777326f0da0184
|
data/.travis.yml
CHANGED
data/BUNDLER.md
CHANGED
|
@@ -66,11 +66,11 @@ A list of gem names can be passed to restrict to just those gems.
|
|
|
66
66
|
|
|
67
67
|
### Single Gem
|
|
68
68
|
|
|
69
|
-
| Requirements| Locked | Available
|
|
70
|
-
|
|
71
|
-
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1
|
|
72
|
-
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1
|
|
73
|
-
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1
|
|
69
|
+
| Requirements| Locked | Available | Option | Result |
|
|
70
|
+
|-------------|---------|-----------------------------------|----------|--------|
|
|
71
|
+
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1, 2.0.0 | --patch | 1.4.5 |
|
|
72
|
+
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1, 2.0.0 | --minor | 1.5.1 |
|
|
73
|
+
| foo | 1.4.3 | 1.4.4, 1.4.5, 1.5.0, 1.5.1, 2.0.0 | --major | 2.0.0 |
|
|
74
74
|
|
|
75
75
|
### Two Gems
|
|
76
76
|
|
|
@@ -96,7 +96,7 @@ Gemfile.lock:
|
|
|
96
96
|
| # | Command Line | Result |
|
|
97
97
|
|---|--------------------------------|---------------------------|
|
|
98
98
|
| 1 | bundle update --patch | 'foo 1.4.5', 'bar 2.1.1' |
|
|
99
|
-
| 2 | bundle update --patch foo | 'foo 1.4.
|
|
99
|
+
| 2 | bundle update --patch foo | 'foo 1.4.5', 'bar 2.1.1' |
|
|
100
100
|
| 3 | bundle update --minor | 'foo 1.5.1', 'bar 3.0.0' |
|
|
101
101
|
| 4 | bundle update --minor --strict | 'foo 1.5.0', 'bar 2.1.1' |
|
|
102
102
|
| 5 | bundle update --patch --strict | 'foo 1.4.4', 'bar 2.0.4' |
|
|
@@ -104,8 +104,9 @@ Gemfile.lock:
|
|
|
104
104
|
In case 1, `bar` is upgraded to 2.1.1, a minor version increase, because the
|
|
105
105
|
dependency from `foo` 1.4.5 required it.
|
|
106
106
|
|
|
107
|
-
In case 2, only `foo` is unlocked,
|
|
108
|
-
|
|
107
|
+
In case 2, only `foo` is unlocked, but because no other gem depends on `bar`
|
|
108
|
+
and `bar` is not a declared dependency in the Gemfile, `bar` is free to move,
|
|
109
|
+
and so the result is the same as case 1.
|
|
109
110
|
|
|
110
111
|
In case 3, `bar` goes up a whole major release, because a minor increase is
|
|
111
112
|
preferred now for `foo`, and when it goes to 1.5.1, it requires 3.0.0 of
|
|
@@ -119,13 +120,116 @@ In case 5, both `foo` and `bar` have any minor or major increments removed
|
|
|
119
120
|
from consideration because of the `--strict` flag, so the most they can
|
|
120
121
|
move is up to 1.4.4 and 2.0.4.
|
|
121
122
|
|
|
123
|
+
### Shared Dependencies
|
|
124
|
+
|
|
125
|
+
#### Shared Cannot Move
|
|
126
|
+
|
|
127
|
+
Given the following gem specifications:
|
|
128
|
+
|
|
129
|
+
- foo 1.4.3, requires: ~> shared 2.0, ~> bar 2.0
|
|
130
|
+
- foo 1.4.4, requires: ~> shared 2.0, ~> bar 2.0
|
|
131
|
+
- foo 1.4.5, requires: ~> shared 2.1, ~> bar 2.1
|
|
132
|
+
- foo 1.5.0, requires: ~> shared 2.1, ~> bar 2.1
|
|
133
|
+
- qux 1.0.0, requires: ~> shared 2.0.0
|
|
134
|
+
- bar with versions 2.0.3, 2.0.4, 2.1.0, 2.1.1
|
|
135
|
+
- shared with versions 2.0.3, 2.0.4, 2.1.0, 2.1.1
|
|
136
|
+
|
|
137
|
+
Gemfile:
|
|
138
|
+
|
|
139
|
+
gem 'foo'
|
|
140
|
+
gem 'qux'
|
|
141
|
+
|
|
142
|
+
Gemfile.lock:
|
|
143
|
+
|
|
144
|
+
bar (2.0.3)
|
|
145
|
+
foo (1.4.3)
|
|
146
|
+
bar (~> 2.0)
|
|
147
|
+
shared (~> 2.0)
|
|
148
|
+
qux (1.0.0)
|
|
149
|
+
shared (~> 2.0.0)
|
|
150
|
+
shared (2.0.3)
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
| # | Command Line | Result |
|
|
154
|
+
|---|--------------------------------|-------------------------------------------|
|
|
155
|
+
| 1 | bundle update --patch foo | 'foo 1.4.4', 'bar 2.0.3', 'shared 2.0.3' |
|
|
156
|
+
| 2 | bundle update --patch foo bar | 'foo 1.4.4', 'bar 2.0.4', 'shared 2.0.3' |
|
|
157
|
+
| 3 | bundle update --patch | 'foo 1.4.4', 'bar 2.0.4', 'shared 2.0.4' |
|
|
158
|
+
|
|
159
|
+
In case 1, only `foo` moves. When `foo` 1.4.5 is considered in resolution, it
|
|
160
|
+
would require `shared` 2.1 which isn't allowed because `qux` is incompatible.
|
|
161
|
+
Resolution backs up to `foo` 1.4.4, and that is allowed by the `qux` constraint
|
|
162
|
+
on `shared` so `foo` moves. `bar` could legally move, but since it is locked
|
|
163
|
+
and the current version still satisfies the requirement of `~> 2.0` it stays
|
|
164
|
+
put.
|
|
165
|
+
|
|
166
|
+
In case 2, everything is the same, but `bar` is also unlocked, so it is also
|
|
167
|
+
allowed to increment to 2.0.4 which still satisfies `~> 2.0`.
|
|
168
|
+
|
|
169
|
+
In case 3, everything is unlocked, so `shared` can also bump up a patch version.
|
|
170
|
+
|
|
171
|
+
#### Shared Can Move
|
|
172
|
+
|
|
173
|
+
_*This is exactly the same setup as "Shared Cannot Move" except for one change:*_
|
|
174
|
+
The `qux` gem has a looser requirement of `shared`: `~> 2.0` instead of `~> 2.0.0`.
|
|
175
|
+
|
|
176
|
+
Given the following gem specifications:
|
|
177
|
+
|
|
178
|
+
- foo 1.4.3, requires: ~> shared 2.0, ~> bar 2.0
|
|
179
|
+
- foo 1.4.4, requires: ~> shared 2.0, ~> bar 2.0
|
|
180
|
+
- foo 1.4.5, requires: ~> shared 2.1, ~> bar 2.1
|
|
181
|
+
- foo 1.5.0, requires: ~> shared 2.1, ~> bar 2.1
|
|
182
|
+
- qux 1.0.0, requires: ~> shared 2.0
|
|
183
|
+
- bar with versions 2.0.3, 2.0.4, 2.1.0, 2.1.1
|
|
184
|
+
- shared with versions 2.0.3, 2.0.4, 2.1.0, 2.1.1
|
|
185
|
+
|
|
186
|
+
Gemfile:
|
|
187
|
+
|
|
188
|
+
gem 'foo'
|
|
189
|
+
gem 'qux'
|
|
190
|
+
|
|
191
|
+
Gemfile.lock:
|
|
192
|
+
|
|
193
|
+
bar (2.0.3)
|
|
194
|
+
foo (1.4.3)
|
|
195
|
+
bar (~> 2.0)
|
|
196
|
+
shared (~> 2.0)
|
|
197
|
+
qux (1.0.0)
|
|
198
|
+
shared (~> 2.0)
|
|
199
|
+
shared (2.0.3)
|
|
200
|
+
|
|
201
|
+
|
|
202
|
+
| # | Command Line | Result |
|
|
203
|
+
|---|--------------------------------|-------------------------------------------|
|
|
204
|
+
| 1 | bundle update --patch foo | 'foo 1.4.5', 'bar 2.1.1', 'shared 2.1.1' |
|
|
205
|
+
| 2 | bundle update --patch foo bar | 'foo 1.4.5', 'bar 2.1.1', 'shared 2.1.1' |
|
|
206
|
+
| 3 | bundle update --patch | 'foo 1.4.5', 'bar 2.1.1', 'shared 2.1.1' |
|
|
207
|
+
|
|
208
|
+
In all 3 cases, because `foo` 1.4.5 depends on newer versions of `bar` and
|
|
209
|
+
`shared`, and no requirements from `qux` are restricting those two from moving,
|
|
210
|
+
then all move as far as allowed here.
|
|
211
|
+
|
|
212
|
+
`foo` can only move to 1.4.5 and not 1.5.0 because of the `--patch` flag.
|
|
213
|
+
|
|
214
|
+
As previously demonstrated (see Two Cases) `bar` and `shared` move past the
|
|
215
|
+
`--patch` restriction because `--strict` is not in play, they are not declared
|
|
216
|
+
dependencies in the Gemfile and they need to move to satisfy the new `foo`
|
|
217
|
+
requirement.
|
|
218
|
+
|
|
219
|
+
### Bundle Install Like Conservative Updating
|
|
220
|
+
|
|
221
|
+
As detailed in [Bundle Install Docs](http://bundler.io/v1.13/man/bundle-install.1.html#CONSERVATIVE-UPDATING)
|
|
222
|
+
there is a way to prevent shared dependencies from moving after (a) changing
|
|
223
|
+
a requirement in the Gemfile and (b) using `bundle install`. There's currently
|
|
224
|
+
not an equivalent way to do this with `bundler-patch` or `bundle update` but
|
|
225
|
+
this may change in the future.
|
|
122
226
|
|
|
123
227
|
### Troubleshooting
|
|
124
228
|
|
|
125
229
|
First, make sure the current `bundle` command itself runs to completion on its
|
|
126
230
|
own without any problems.
|
|
127
231
|
|
|
128
|
-
The most frequent problems
|
|
232
|
+
The most frequent problems involve expectations around what
|
|
129
233
|
gems should or shouldn't be upgraded. This can quickly get complicated as even
|
|
130
234
|
a small dependency tree can involve many moving parts, and Bundler works hard
|
|
131
235
|
to find a combination that satisfies all of the dependencies and requirements.
|
data/lib/bundler/patch/cli.rb
CHANGED
|
@@ -100,7 +100,11 @@ module Bundler::Patch
|
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
if all_gem_patches.empty?
|
|
103
|
-
|
|
103
|
+
if options[:vulnerable_gems_only]
|
|
104
|
+
return # nothing to do
|
|
105
|
+
else
|
|
106
|
+
Bundler.ui.info 'Updating all gems conservatively.'
|
|
107
|
+
end
|
|
104
108
|
else
|
|
105
109
|
Bundler.ui.info "Updating '#{all_gem_patches.map(&:gem_name).join(' ')}' conservatively."
|
|
106
110
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-patch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.10.
|
|
4
|
+
version: 0.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- chrismo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-10-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler-advise
|
|
@@ -166,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
166
166
|
version: '0'
|
|
167
167
|
requirements: []
|
|
168
168
|
rubyforge_project:
|
|
169
|
-
rubygems_version: 2.6.
|
|
169
|
+
rubygems_version: 2.6.6
|
|
170
170
|
signing_key:
|
|
171
171
|
specification_version: 4
|
|
172
172
|
summary: Conservative bundler updates
|