bundler-patch 0.7.2 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 22e0f2d411e2e52b0a3d2ba2344d2f1c9bb9ceca
4
- data.tar.gz: 37235b8053d27fa07a6fc48c74934ca8c8d8cf3f
3
+ metadata.gz: 7518b9a8efc98963b564ce984cb46ffd3b89a0b2
4
+ data.tar.gz: 462eb26c0f399dc220f70d3ef4a0de0ba567e581
5
5
  SHA512:
6
- metadata.gz: 5e21f129bd9b325e8d5f576f935795c7b6a590cfb0c5c0881e7dcc8742f660964efb2915b4afd9ac999980695dd322486bf2785f2f9e6139b5e24f4d929bc1be
7
- data.tar.gz: 380d5b23d3d55da4cff3e7cfc862696bb074867f22e5ccef024d36c469c4f858b0fe532d86b027bf472347cbf8fd741e29d909a6b441a217c7acd27801d9de51
6
+ metadata.gz: d1d2bab0114e7a132890cf30755d9a96eb400ecaaf5bdc65a44ad522208a43e3e72e7f81a6773254969b924055e7b5673e11bf755c3c26b7b3679ac39d4ed6a7
7
+ data.tar.gz: 72e9bea210641f7d9307256997300a94d1b228e48f682dc441aac3979968faf71fdbf8c99fb7a1db634da5c5d4fe40e97b639fff73d191e1081d2c3540ae19ad
data/.travis.yml CHANGED
@@ -1,7 +1,21 @@
1
1
  language: ruby
2
- rvm:
3
- - 2.1.10
4
- - 2.2.5
5
- - 2.3.1
2
+
6
3
  before_install:
7
- - gem install bundler -v 1.11.2
4
+ - for dir in $(echo $GEM_PATH | tr ':' ' '); do gem uninstall -i $dir bundler -a -x; done
5
+ - gem install bundler -v $BUNDLER_TEST_VERSION
6
+ - bundle --version
7
+
8
+ matrix:
9
+ include:
10
+ - rvm: 2.1.10
11
+ env: BUNDLER_TEST_VERSION=1.12.5
12
+ - rvm: 2.2.5
13
+ env: BUNDLER_TEST_VERSION=1.12.5
14
+ - rvm: 2.3.1
15
+ env: BUNDLER_TEST_VERSION=1.10.5
16
+ - rvm: 2.3.1
17
+ env: BUNDLER_TEST_VERSION=1.11.2
18
+ - rvm: 2.3.1
19
+ env: BUNDLER_TEST_VERSION=1.12.5
20
+ - rvm: 2.3.1
21
+ env: BUNDLER_TEST_VERSION=1.13.0.rc.1
data/README.md CHANGED
@@ -8,7 +8,7 @@ current version, over the latest minor releases or the latest major releases.
8
8
  This is somewhat opposite from `bundle update` which prefers newest/major
9
9
  versions first.
10
10
 
11
- Works with Bundler 1.10.x and higher. Last confirmed with 1.12.0.rc.4.
11
+ Works with Bundler 1.10.x and higher.
12
12
 
13
13
  [![Build Status](https://travis-ci.org/livingsocial/bundler-patch.svg?branch=master)](https://travis-ci.org/livingsocial/bundler-patch)
14
14
 
@@ -125,31 +125,33 @@ Gemfile.lock:
125
125
  bar (~> 2.0)
126
126
  bar (2.0.3)
127
127
 
128
- | # | Command Line | Result |
129
- |---|--------------|---------------------------|
130
- | 1 | | 'foo 1.4.5', 'bar 2.1.1' |
131
- | 2 | foo | 'foo 1.4.4', 'bar 2.0.3' |
132
- | 3 | -m | 'foo 1.5.1', 'bar 3.0.0' |
133
- | 4 | -m -s | 'foo 1.5.0', 'bar 2.1.1' |
134
- | 5 | -s | 'foo 1.4.4', 'bar 2.0.4' |
135
- | 6 | -p | 'foo 1.4.4', 'bar 2.0.4' |
136
- | 7 | -p -m | 'foo 1.5.0', 'bar 2.1.0' |
137
-
138
- In case 1, `bar` is upgraded to 2.1.0, a minor version increase, because the
128
+ | # | Command Line | Result |
129
+ |---|---------------------------|---------------------------|
130
+ | 1 | bundle patch | 'foo 1.4.5', 'bar 2.1.1' |
131
+ | 2 | bundle patch foo | 'foo 1.4.4', 'bar 2.0.3' |
132
+ | 3 | bundle patch -m | 'foo 1.5.1', 'bar 3.0.0' |
133
+ | 4 | bundle patch -m -s | 'foo 1.5.0', 'bar 2.1.1' |
134
+ | 5 | bundle patch -s | 'foo 1.4.4', 'bar 2.0.4' |
135
+ | 6 | bundle patch -p | 'foo 1.4.4', 'bar 2.0.4' |
136
+ | 7 | bundle patch -p -m | 'foo 1.5.0', 'bar 2.1.0' |
137
+
138
+ In case 1, `bar` is upgraded to 2.1.1, a minor version increase, because the
139
139
  dependency from `foo` 1.4.5 required it.
140
140
 
141
- In case 2, only `foo` is unlocked, so `bar` can only go to 1.4.4 to satisfy
142
- the dependency from `foo`.
141
+ In case 2, only `foo` is unlocked, so `foo` can only go to 1.4.4 to maintain
142
+ the dependency to `bar`.
143
143
 
144
144
  In case 3, `bar` goes up a whole major release, because a minor increase is
145
- preferred now for `foo`.
145
+ preferred now for `foo`, and when it goes to 1.5.1, it requires 3.0.0 of
146
+ `bar`.
146
147
 
147
148
  In case 4, `foo` is preferred up to a 1.5.x, but 1.5.1 won't work because the
148
149
  strict `-s` flag removes `bar` 3.0.0 from consideration since it's a major
149
150
  increment.
150
151
 
151
152
  In case 5, both `foo` and `bar` have any minor or major increments removed
152
- from consideration, so the most they can move is up to 1.4.4 and 2.0.4.
153
+ from consideration because of the `-s` strict flag, so the most they can
154
+ move is up to 1.4.4 and 2.0.4.
153
155
 
154
156
  In case 6, the prefer minimal switch `-p` means they only increment to the
155
157
  next available release.
@@ -178,8 +180,8 @@ logic to the resolution process to achieve its goals. If there's a bug
178
180
  involved, it's almost certainly in the `bundler-patch` code as Bundler has
179
181
  been around a long time and has thorough testing and real world experience.
180
182
 
181
- In particular, grep for 'Unwinding for conflict' to isolate some key issues
182
- that may be preventing the outcome you expect.
183
+ In particular, grep for 'Unwinding for conflict' in the debug output to
184
+ isolate some key issues that may be preventing the outcome you expect.
183
185
 
184
186
  `bundler-patch` can dump its own debug output, potentially helpful, with
185
187
  `DEBUG_PATCH_RESOLVER`.
@@ -188,6 +190,10 @@ To get additional Bundler debugging output, enable the `DEBUG` env variable.
188
190
  This will include all of the details of the downloading the full dependency
189
191
  data from remote sources.
190
192
 
193
+ At the end of all of this though, the requirements in the Gemfile trump
194
+ anything else, and the most control you have is by modifying those in the
195
+ Gemfile.
196
+
191
197
 
192
198
  ## Development
193
199
 
@@ -11,7 +11,7 @@ module Bundler::Patch
11
11
  def vulnerable_gems
12
12
  @all_ads.map do |ads|
13
13
  ads.update if ads.repo
14
- Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile
14
+ File.exist?(Bundler.default_lockfile) ? Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile : []
15
15
  end.flatten.map do |advisory|
16
16
  patched = advisory.patched_versions.map do |pv|
17
17
  # this is a little stupid for compound requirements, but works itself out in consolidate_gemfiles
@@ -27,7 +27,8 @@ module Bundler::Patch
27
27
 
28
28
  def patch_gemfile_and_get_gem_specs_to_patch
29
29
  gem_update_specs = vulnerable_gems
30
- locked = Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs
30
+ locked = File.exist?(Bundler.default_lockfile) ?
31
+ Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs : []
31
32
 
32
33
  gem_update_specs.map(&:update) # modify requirements in Gemfile if necessary
33
34
 
@@ -12,6 +12,8 @@ module Bundler::Patch
12
12
  on '-l', '--list', 'List vulnerable gems and new version target. No updates will be performed.'
13
13
  on '-v', '--vulnerable_gems_only', 'Only update vulnerable gems.'
14
14
  on '-a=', '--advisory_db_path=', 'Optional custom advisory db path. `gems` dir will be appended to this path.'
15
+ on '-r', '--ruby', 'Update Ruby version in related files.'
16
+ on '--rubies=', 'Supported Ruby versions. Comma delimited or multiple switches.', as: Array, delimiter: ','
15
17
  on '-h', 'Show this help'
16
18
  on '--help', 'Show README.md'
17
19
  end
@@ -45,20 +47,13 @@ module Bundler::Patch
45
47
 
46
48
  return list(options) if options[:list]
47
49
 
48
- _patch(options)
50
+ patch_ruby(options[:rubies]) if options[:ruby]
51
+
52
+ patch_gems(options)
49
53
  end
50
54
 
51
55
  private
52
56
 
53
- def conservative_update(gem_patches, options={}, bundler_def=nil)
54
- prep = DefinitionPrep.new(bundler_def, gem_patches, options).tap { |p| p.prep }
55
-
56
- # update => true is very important, otherwise without any Gemfile changes, the installer
57
- # may end up concluding everything can be resolved locally, nothing is changing,
58
- # and then nothing is done. lib/bundler/cli/update.rb also hard-codes this.
59
- Bundler::Installer.install(Bundler.root, prep.bundler_def, {'update' => true})
60
- end
61
-
62
57
  def list(options)
63
58
  gem_patches = AdvisoryConsolidator.new(options).vulnerable_gems
64
59
 
@@ -72,7 +67,11 @@ module Bundler::Patch
72
67
  end
73
68
  end
74
69
 
75
- def _patch(options)
70
+ def patch_ruby(supported)
71
+ RubyVersion.new(patched_versions: supported).update
72
+ end
73
+
74
+ def patch_gems(options)
76
75
  vulnerable_patches = AdvisoryConsolidator.new(options).patch_gemfile_and_get_gem_specs_to_patch
77
76
  requested_patches = (options.delete(:gems_to_update) || []).map { |gem_name| GemPatch.new(gem_name: gem_name) }
78
77
 
@@ -104,6 +103,15 @@ module Bundler::Patch
104
103
  end
105
104
  conservative_update(all_gem_patches, options)
106
105
  end
106
+
107
+ def conservative_update(gem_patches, options={}, bundler_def=nil)
108
+ prep = DefinitionPrep.new(bundler_def, gem_patches, options).tap { |p| p.prep }
109
+
110
+ # update => true is very important, otherwise without any Gemfile changes, the installer
111
+ # may end up concluding everything can be resolved locally, nothing is changing,
112
+ # and then nothing is done. lib/bundler/cli/update.rb also hard-codes this.
113
+ Bundler::Installer.install(Bundler.root, prep.bundler_def, {'update' => true})
114
+ end
107
115
  end
108
116
  end
109
117
 
@@ -3,7 +3,7 @@ module Bundler::Patch
3
3
  attr_accessor :locked_specs, :gems_to_update, :strict, :minor_preferred, :prefer_minimal
4
4
 
5
5
  def initialize(index, source_requirements, base)
6
- # hack for 1.10 and 1.11 support
6
+ # hack for 1.10 and 1.11+ support
7
7
  case Bundler::Resolver.instance_method(:initialize).arity
8
8
  when 3
9
9
  super(index, source_requirements, base)
@@ -17,7 +17,7 @@ module Bundler::Patch
17
17
 
18
18
  dep = dependency.dep unless dependency.is_a? Gem::Dependency
19
19
 
20
- STDERR.puts "super search_for: #{debug_format_result(dep, res).inspect}" if ENV['DEBUG_RESOLVER']
20
+ super_result = "super search_for: #{debug_format_result(dep, res).inspect}"
21
21
 
22
22
  @conservative_search_for ||= {}
23
23
  res = @conservative_search_for[dep] ||= begin
@@ -29,8 +29,11 @@ module Bundler::Patch
29
29
 
30
30
  (@strict ?
31
31
  filter_specs(res, locked_spec) :
32
- sort_specs(res, locked_spec)).tap do |res|
33
- STDERR.puts "after search_for: #{debug_format_result(dep, res).inspect}" if ENV['DEBUG_PATCH_RESOLVER']
32
+ sort_specs(res, locked_spec)).tap do |result|
33
+ if ENV['DEBUG_PATCH_RESOLVER']
34
+ STDERR.puts super_result
35
+ STDERR.puts "after search_for: #{debug_format_result(dep, result).inspect}"
36
+ end
34
37
  end
35
38
  end
36
39
 
@@ -3,7 +3,7 @@ module Bundler::Patch
3
3
  def self.files
4
4
  {
5
5
  '.ruby-version' => [/.*/],
6
- '.jenkins.xml' => [/\<string\>(.*)\<\/string\>/, /rvm.*\>ruby-(.*)@/, /version.*rbenv.*\>(.*)\</]
6
+ 'Gemfile' => [/ruby\s+["'](.*)['"]/]
7
7
  }
8
8
  end
9
9
 
@@ -1,5 +1,5 @@
1
1
  module Bundler
2
2
  module Patch
3
- VERSION = '0.7.2'
3
+ VERSION = '0.8.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-patch
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.2
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - chrismo
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-04-29 00:00:00.000000000 Z
11
+ date: 2016-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-advise