bundler-patch 0.7.2 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +19 -5
- data/README.md +24 -18
- data/lib/bundler/patch/advisory_consolidator.rb +3 -2
- data/lib/bundler/patch/cli.rb +19 -11
- data/lib/bundler/patch/conservative_resolver.rb +7 -4
- data/lib/bundler/patch/ruby_version.rb +1 -1
- data/lib/bundler/patch/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7518b9a8efc98963b564ce984cb46ffd3b89a0b2
|
|
4
|
+
data.tar.gz: 462eb26c0f399dc220f70d3ef4a0de0ba567e581
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1d2bab0114e7a132890cf30755d9a96eb400ecaaf5bdc65a44ad522208a43e3e72e7f81a6773254969b924055e7b5673e11bf755c3c26b7b3679ac39d4ed6a7
|
|
7
|
+
data.tar.gz: 72e9bea210641f7d9307256997300a94d1b228e48f682dc441aac3979968faf71fdbf8c99fb7a1db634da5c5d4fe40e97b639fff73d191e1081d2c3540ae19ad
|
data/.travis.yml
CHANGED
|
@@ -1,7 +1,21 @@
|
|
|
1
1
|
language: ruby
|
|
2
|
-
|
|
3
|
-
- 2.1.10
|
|
4
|
-
- 2.2.5
|
|
5
|
-
- 2.3.1
|
|
2
|
+
|
|
6
3
|
before_install:
|
|
7
|
-
- gem
|
|
4
|
+
- for dir in $(echo $GEM_PATH | tr ':' ' '); do gem uninstall -i $dir bundler -a -x; done
|
|
5
|
+
- gem install bundler -v $BUNDLER_TEST_VERSION
|
|
6
|
+
- bundle --version
|
|
7
|
+
|
|
8
|
+
matrix:
|
|
9
|
+
include:
|
|
10
|
+
- rvm: 2.1.10
|
|
11
|
+
env: BUNDLER_TEST_VERSION=1.12.5
|
|
12
|
+
- rvm: 2.2.5
|
|
13
|
+
env: BUNDLER_TEST_VERSION=1.12.5
|
|
14
|
+
- rvm: 2.3.1
|
|
15
|
+
env: BUNDLER_TEST_VERSION=1.10.5
|
|
16
|
+
- rvm: 2.3.1
|
|
17
|
+
env: BUNDLER_TEST_VERSION=1.11.2
|
|
18
|
+
- rvm: 2.3.1
|
|
19
|
+
env: BUNDLER_TEST_VERSION=1.12.5
|
|
20
|
+
- rvm: 2.3.1
|
|
21
|
+
env: BUNDLER_TEST_VERSION=1.13.0.rc.1
|
data/README.md
CHANGED
|
@@ -8,7 +8,7 @@ current version, over the latest minor releases or the latest major releases.
|
|
|
8
8
|
This is somewhat opposite from `bundle update` which prefers newest/major
|
|
9
9
|
versions first.
|
|
10
10
|
|
|
11
|
-
Works with Bundler 1.10.x and higher.
|
|
11
|
+
Works with Bundler 1.10.x and higher.
|
|
12
12
|
|
|
13
13
|
[](https://travis-ci.org/livingsocial/bundler-patch)
|
|
14
14
|
|
|
@@ -125,31 +125,33 @@ Gemfile.lock:
|
|
|
125
125
|
bar (~> 2.0)
|
|
126
126
|
bar (2.0.3)
|
|
127
127
|
|
|
128
|
-
| # | Command Line
|
|
129
|
-
|
|
130
|
-
| 1 | | 'foo 1.4.5', 'bar 2.1.1' |
|
|
131
|
-
| 2 | foo | 'foo 1.4.4', 'bar 2.0.3' |
|
|
132
|
-
| 3 | -m | 'foo 1.5.1', 'bar 3.0.0' |
|
|
133
|
-
| 4 | -m -s | 'foo 1.5.0', 'bar 2.1.1' |
|
|
134
|
-
| 5 | -s | 'foo 1.4.4', 'bar 2.0.4' |
|
|
135
|
-
| 6 | -p | 'foo 1.4.4', 'bar 2.0.4' |
|
|
136
|
-
| 7 | -p -m | 'foo 1.5.0', 'bar 2.1.0' |
|
|
137
|
-
|
|
138
|
-
In case 1, `bar` is upgraded to 2.1.
|
|
128
|
+
| # | Command Line | Result |
|
|
129
|
+
|---|---------------------------|---------------------------|
|
|
130
|
+
| 1 | bundle patch | 'foo 1.4.5', 'bar 2.1.1' |
|
|
131
|
+
| 2 | bundle patch foo | 'foo 1.4.4', 'bar 2.0.3' |
|
|
132
|
+
| 3 | bundle patch -m | 'foo 1.5.1', 'bar 3.0.0' |
|
|
133
|
+
| 4 | bundle patch -m -s | 'foo 1.5.0', 'bar 2.1.1' |
|
|
134
|
+
| 5 | bundle patch -s | 'foo 1.4.4', 'bar 2.0.4' |
|
|
135
|
+
| 6 | bundle patch -p | 'foo 1.4.4', 'bar 2.0.4' |
|
|
136
|
+
| 7 | bundle patch -p -m | 'foo 1.5.0', 'bar 2.1.0' |
|
|
137
|
+
|
|
138
|
+
In case 1, `bar` is upgraded to 2.1.1, a minor version increase, because the
|
|
139
139
|
dependency from `foo` 1.4.5 required it.
|
|
140
140
|
|
|
141
|
-
In case 2, only `foo` is unlocked, so `
|
|
142
|
-
the dependency
|
|
141
|
+
In case 2, only `foo` is unlocked, so `foo` can only go to 1.4.4 to maintain
|
|
142
|
+
the dependency to `bar`.
|
|
143
143
|
|
|
144
144
|
In case 3, `bar` goes up a whole major release, because a minor increase is
|
|
145
|
-
preferred now for `foo
|
|
145
|
+
preferred now for `foo`, and when it goes to 1.5.1, it requires 3.0.0 of
|
|
146
|
+
`bar`.
|
|
146
147
|
|
|
147
148
|
In case 4, `foo` is preferred up to a 1.5.x, but 1.5.1 won't work because the
|
|
148
149
|
strict `-s` flag removes `bar` 3.0.0 from consideration since it's a major
|
|
149
150
|
increment.
|
|
150
151
|
|
|
151
152
|
In case 5, both `foo` and `bar` have any minor or major increments removed
|
|
152
|
-
from consideration, so the most they can
|
|
153
|
+
from consideration because of the `-s` strict flag, so the most they can
|
|
154
|
+
move is up to 1.4.4 and 2.0.4.
|
|
153
155
|
|
|
154
156
|
In case 6, the prefer minimal switch `-p` means they only increment to the
|
|
155
157
|
next available release.
|
|
@@ -178,8 +180,8 @@ logic to the resolution process to achieve its goals. If there's a bug
|
|
|
178
180
|
involved, it's almost certainly in the `bundler-patch` code as Bundler has
|
|
179
181
|
been around a long time and has thorough testing and real world experience.
|
|
180
182
|
|
|
181
|
-
In particular, grep for 'Unwinding for conflict'
|
|
182
|
-
that may be preventing the outcome you expect.
|
|
183
|
+
In particular, grep for 'Unwinding for conflict' in the debug output to
|
|
184
|
+
isolate some key issues that may be preventing the outcome you expect.
|
|
183
185
|
|
|
184
186
|
`bundler-patch` can dump its own debug output, potentially helpful, with
|
|
185
187
|
`DEBUG_PATCH_RESOLVER`.
|
|
@@ -188,6 +190,10 @@ To get additional Bundler debugging output, enable the `DEBUG` env variable.
|
|
|
188
190
|
This will include all of the details of the downloading the full dependency
|
|
189
191
|
data from remote sources.
|
|
190
192
|
|
|
193
|
+
At the end of all of this though, the requirements in the Gemfile trump
|
|
194
|
+
anything else, and the most control you have is by modifying those in the
|
|
195
|
+
Gemfile.
|
|
196
|
+
|
|
191
197
|
|
|
192
198
|
## Development
|
|
193
199
|
|
|
@@ -11,7 +11,7 @@ module Bundler::Patch
|
|
|
11
11
|
def vulnerable_gems
|
|
12
12
|
@all_ads.map do |ads|
|
|
13
13
|
ads.update if ads.repo
|
|
14
|
-
Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile
|
|
14
|
+
File.exist?(Bundler.default_lockfile) ? Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile : []
|
|
15
15
|
end.flatten.map do |advisory|
|
|
16
16
|
patched = advisory.patched_versions.map do |pv|
|
|
17
17
|
# this is a little stupid for compound requirements, but works itself out in consolidate_gemfiles
|
|
@@ -27,7 +27,8 @@ module Bundler::Patch
|
|
|
27
27
|
|
|
28
28
|
def patch_gemfile_and_get_gem_specs_to_patch
|
|
29
29
|
gem_update_specs = vulnerable_gems
|
|
30
|
-
locked =
|
|
30
|
+
locked = File.exist?(Bundler.default_lockfile) ?
|
|
31
|
+
Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs : []
|
|
31
32
|
|
|
32
33
|
gem_update_specs.map(&:update) # modify requirements in Gemfile if necessary
|
|
33
34
|
|
data/lib/bundler/patch/cli.rb
CHANGED
|
@@ -12,6 +12,8 @@ module Bundler::Patch
|
|
|
12
12
|
on '-l', '--list', 'List vulnerable gems and new version target. No updates will be performed.'
|
|
13
13
|
on '-v', '--vulnerable_gems_only', 'Only update vulnerable gems.'
|
|
14
14
|
on '-a=', '--advisory_db_path=', 'Optional custom advisory db path. `gems` dir will be appended to this path.'
|
|
15
|
+
on '-r', '--ruby', 'Update Ruby version in related files.'
|
|
16
|
+
on '--rubies=', 'Supported Ruby versions. Comma delimited or multiple switches.', as: Array, delimiter: ','
|
|
15
17
|
on '-h', 'Show this help'
|
|
16
18
|
on '--help', 'Show README.md'
|
|
17
19
|
end
|
|
@@ -45,20 +47,13 @@ module Bundler::Patch
|
|
|
45
47
|
|
|
46
48
|
return list(options) if options[:list]
|
|
47
49
|
|
|
48
|
-
|
|
50
|
+
patch_ruby(options[:rubies]) if options[:ruby]
|
|
51
|
+
|
|
52
|
+
patch_gems(options)
|
|
49
53
|
end
|
|
50
54
|
|
|
51
55
|
private
|
|
52
56
|
|
|
53
|
-
def conservative_update(gem_patches, options={}, bundler_def=nil)
|
|
54
|
-
prep = DefinitionPrep.new(bundler_def, gem_patches, options).tap { |p| p.prep }
|
|
55
|
-
|
|
56
|
-
# update => true is very important, otherwise without any Gemfile changes, the installer
|
|
57
|
-
# may end up concluding everything can be resolved locally, nothing is changing,
|
|
58
|
-
# and then nothing is done. lib/bundler/cli/update.rb also hard-codes this.
|
|
59
|
-
Bundler::Installer.install(Bundler.root, prep.bundler_def, {'update' => true})
|
|
60
|
-
end
|
|
61
|
-
|
|
62
57
|
def list(options)
|
|
63
58
|
gem_patches = AdvisoryConsolidator.new(options).vulnerable_gems
|
|
64
59
|
|
|
@@ -72,7 +67,11 @@ module Bundler::Patch
|
|
|
72
67
|
end
|
|
73
68
|
end
|
|
74
69
|
|
|
75
|
-
def
|
|
70
|
+
def patch_ruby(supported)
|
|
71
|
+
RubyVersion.new(patched_versions: supported).update
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def patch_gems(options)
|
|
76
75
|
vulnerable_patches = AdvisoryConsolidator.new(options).patch_gemfile_and_get_gem_specs_to_patch
|
|
77
76
|
requested_patches = (options.delete(:gems_to_update) || []).map { |gem_name| GemPatch.new(gem_name: gem_name) }
|
|
78
77
|
|
|
@@ -104,6 +103,15 @@ module Bundler::Patch
|
|
|
104
103
|
end
|
|
105
104
|
conservative_update(all_gem_patches, options)
|
|
106
105
|
end
|
|
106
|
+
|
|
107
|
+
def conservative_update(gem_patches, options={}, bundler_def=nil)
|
|
108
|
+
prep = DefinitionPrep.new(bundler_def, gem_patches, options).tap { |p| p.prep }
|
|
109
|
+
|
|
110
|
+
# update => true is very important, otherwise without any Gemfile changes, the installer
|
|
111
|
+
# may end up concluding everything can be resolved locally, nothing is changing,
|
|
112
|
+
# and then nothing is done. lib/bundler/cli/update.rb also hard-codes this.
|
|
113
|
+
Bundler::Installer.install(Bundler.root, prep.bundler_def, {'update' => true})
|
|
114
|
+
end
|
|
107
115
|
end
|
|
108
116
|
end
|
|
109
117
|
|
|
@@ -3,7 +3,7 @@ module Bundler::Patch
|
|
|
3
3
|
attr_accessor :locked_specs, :gems_to_update, :strict, :minor_preferred, :prefer_minimal
|
|
4
4
|
|
|
5
5
|
def initialize(index, source_requirements, base)
|
|
6
|
-
# hack for 1.10 and 1.11 support
|
|
6
|
+
# hack for 1.10 and 1.11+ support
|
|
7
7
|
case Bundler::Resolver.instance_method(:initialize).arity
|
|
8
8
|
when 3
|
|
9
9
|
super(index, source_requirements, base)
|
|
@@ -17,7 +17,7 @@ module Bundler::Patch
|
|
|
17
17
|
|
|
18
18
|
dep = dependency.dep unless dependency.is_a? Gem::Dependency
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
super_result = "super search_for: #{debug_format_result(dep, res).inspect}"
|
|
21
21
|
|
|
22
22
|
@conservative_search_for ||= {}
|
|
23
23
|
res = @conservative_search_for[dep] ||= begin
|
|
@@ -29,8 +29,11 @@ module Bundler::Patch
|
|
|
29
29
|
|
|
30
30
|
(@strict ?
|
|
31
31
|
filter_specs(res, locked_spec) :
|
|
32
|
-
sort_specs(res, locked_spec)).tap do |
|
|
33
|
-
|
|
32
|
+
sort_specs(res, locked_spec)).tap do |result|
|
|
33
|
+
if ENV['DEBUG_PATCH_RESOLVER']
|
|
34
|
+
STDERR.puts super_result
|
|
35
|
+
STDERR.puts "after search_for: #{debug_format_result(dep, result).inspect}"
|
|
36
|
+
end
|
|
34
37
|
end
|
|
35
38
|
end
|
|
36
39
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bundler-patch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- chrismo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-07-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler-advise
|