dependabot-bundler 0.118.14 → 0.119.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_parser.rb +4 -2
  3. data/lib/dependabot/bundler/file_updater.rb +84 -0
  4. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +81 -3
  5. data/lib/dependabot/bundler/update_checker.rb +5 -0
  6. data/lib/dependabot/bundler/update_checker/force_updater.rb +8 -5
  7. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +5 -4
  8. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +4 -2
  9. data/lib/dependabot/bundler/update_checker/version_resolver.rb +6 -4
  10. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cf0c2e5d5e9b812a8867099e01722ff07bafd24aa38546ab8ba3624413407ab3
4
- data.tar.gz: 93b728f0b7f563ec01ce7dd687ef6704c43c9c32b358292c26ccb86f5c52034b
3
+ metadata.gz: f919e2701e7212b322c404cbaad0bd3f4e956701a24061e5f5221119b72dcb55
4
+ data.tar.gz: f25342c61a6084654e8430342b0cb1b2d9c24daa9e4dc6dff00611623edf95cb
5
5
  SHA512:
6
- metadata.gz: dde0403ef4aae7a13ee512cd6d57ee49718a62636387a31f5125ff39866e38ddee05996b9fb9c95fe67d608e2a6176cc6f98737550968b17ab0497d20ab9b8be
7
- data.tar.gz: a2053d2f187fee45cde6ae86cd5fa0db131316c4922a727370e1a3a49f4cfaf9072895839158863bc1a3c6aada7bed54eaed55130a694e409a8c42d66f81a731
6
+ metadata.gz: f3e907de666befff04da6cf7114d3466bd44fdb5617da3566ed3f941aa0853b8894783b83c9c61e2f445b8db5bf3604d39babcf9f662b04ea0c7a866fcd9d25c
7
+ data.tar.gz: 624ca9a38656e9d9c6e1bc53b7affd15aef79fc9498694d6eff4a9885e9cae836d2826dd717f12ce3d9b49bdf78c715a5e2fa4c48e0ccbb7655350e5b6dc85e6
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -118,7 +118,8 @@ module Dependabot
118
118
 
119
119
  def parsed_gemfile
120
120
  @parsed_gemfile ||=
121
- SharedHelpers.in_a_temporary_directory(base_directory) do
121
+ SharedHelpers.in_a_temporary_repo_directory(base_directory,
122
+ repo_contents_path) do
122
123
  write_temporary_dependency_files
123
124
 
124
125
  SharedHelpers.in_a_forked_process do
@@ -150,7 +151,8 @@ module Dependabot
150
151
  def parsed_gemspec(file)
151
152
  @parsed_gemspecs ||= {}
152
153
  @parsed_gemspecs[file.name] ||=
153
- SharedHelpers.in_a_temporary_directory(base_directory) do
154
+ SharedHelpers.in_a_temporary_repo_directory(base_directory,
155
+ repo_contents_path) do
154
156
  [file, *imported_ruby_files].each do |f|
155
157
  path = f.name
156
158
  FileUtils.mkdir_p(Pathname.new(path).dirname)
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -51,11 +51,94 @@ module Dependabot
51
51
  end
52
52
 
53
53
  check_updated_files(updated_files)
54
+
55
+ base_dir = updated_files.first.directory
56
+ updated_vendor_cache_files(base_directory: base_dir).each do |file|
57
+ updated_files << file
58
+ end
59
+
54
60
  updated_files
55
61
  end
56
62
 
57
63
  private
58
64
 
65
+ # Dynamically fetch the vendor cache folder from bundler
66
+ def vendor_cache_dir
67
+ return @vendor_cache_dir if defined?(@vendor_cache_dir)
68
+
69
+ @vendor_cache_dir =
70
+ SharedHelpers.in_a_forked_process do
71
+ # Set the path for path gemspec correctly
72
+ ::Bundler.instance_variable_set(:@root, repo_contents_path)
73
+ ::Bundler.app_cache
74
+ end
75
+ end
76
+
77
+ # Returns changed files in the vendor/cache folder
78
+ #
79
+ # @param base_directory [String] Update config base directory
80
+ # @return [Array<Dependabot::DependencyFile>]
81
+ def updated_vendor_cache_files(base_directory:)
82
+ return [] unless repo_contents_path && vendor_cache_dir
83
+
84
+ Dir.chdir(repo_contents_path) do
85
+ relative_dir = vendor_cache_dir.sub("#{repo_contents_path}/", "")
86
+ status = SharedHelpers.run_shell_command(
87
+ "git status --untracked-files=all --porcelain=v1 #{relative_dir}"
88
+ )
89
+ changed_paths = status.split("\n").map { |l| l.split(" ") }
90
+ changed_paths.map do |type, path|
91
+ deleted = type == "D"
92
+ encoding = ""
93
+ encoded_content = File.read(path) unless deleted
94
+ if binary_file?(path)
95
+ encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
96
+ encoded_content = Base64.encode64(encoded_content) unless deleted
97
+ end
98
+ Dependabot::DependencyFile.new(
99
+ name: path,
100
+ content: encoded_content,
101
+ directory: base_directory,
102
+ deleted: deleted,
103
+ content_encoding: encoding
104
+ )
105
+ end
106
+ end
107
+ end
108
+
109
+ # notable filenames without a reliable extension:
110
+ TEXT_FILE_NAMES = [
111
+ "Gemfile",
112
+ "Gemfile.lock",
113
+ ".bundlecache",
114
+ ".gitignore"
115
+ ].freeze
116
+
117
+ TEXT_FILE_EXTS = [
118
+ # code
119
+ ".rb",
120
+ ".erb",
121
+ ".gemspec",
122
+ ".js",
123
+ ".html",
124
+ # config
125
+ ".json",
126
+ ".xml",
127
+ ".toml",
128
+ ".yaml",
129
+ ".yml",
130
+ # docs
131
+ ".md",
132
+ ".txt"
133
+ ].freeze
134
+
135
+ def binary_file?(path)
136
+ return false if TEXT_FILE_NAMES.include?(File.basename(path))
137
+ return false if TEXT_FILE_EXTS.include?(File.extname(path))
138
+
139
+ true
140
+ end
141
+
59
142
  def check_required_files
60
143
  file_names = dependency_files.map(&:name)
61
144
 
@@ -116,6 +199,7 @@ module Dependabot
116
199
  LockfileUpdater.new(
117
200
  dependencies: dependencies,
118
201
  dependency_files: dependency_files,
202
+ repo_contents_path: repo_contents_path,
119
203
  credentials: credentials
120
204
  ).updated_lockfile_content
121
205
  end
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -13,6 +13,7 @@ require "dependabot/git_commit_checker"
13
13
  module Dependabot
14
14
  module Bundler
15
15
  class FileUpdater
16
+ # rubocop:disable Metrics/ClassLength
16
17
  class LockfileUpdater
17
18
  require_relative "gemfile_updater"
18
19
  require_relative "gemspec_updater"
@@ -41,9 +42,11 @@ module Dependabot
41
42
  ]
42
43
  end
43
44
 
44
- def initialize(dependencies:, dependency_files:, credentials:)
45
+ def initialize(dependencies:, dependency_files:,
46
+ repo_contents_path: nil, credentials:)
45
47
  @dependencies = dependencies
46
48
  @dependency_files = dependency_files
49
+ @repo_contents_path = repo_contents_path
47
50
  @credentials = credentials
48
51
  end
49
52
 
@@ -62,12 +65,16 @@ module Dependabot
62
65
 
63
66
  private
64
67
 
65
- attr_reader :dependencies, :dependency_files, :credentials
68
+ attr_reader :dependencies, :dependency_files, :repo_contents_path,
69
+ :credentials
66
70
 
67
71
  def build_updated_lockfile
68
72
  base_dir = dependency_files.first.directory
69
73
  lockfile_body =
70
- SharedHelpers.in_a_temporary_directory(base_dir) do |tmp_dir|
74
+ SharedHelpers.in_a_temporary_repo_directory(
75
+ base_dir,
76
+ repo_contents_path
77
+ ) do |tmp_dir|
71
78
  write_temporary_dependency_files
72
79
 
73
80
  SharedHelpers.in_a_forked_process do
@@ -122,6 +129,7 @@ module Dependabot
122
129
  end
123
130
  end
124
131
 
132
+ # rubocop:disable Metrics/PerceivedComplexity
125
133
  def generate_lockfile
126
134
  dependencies_to_unlock = dependencies.map(&:name)
127
135
 
@@ -139,6 +147,8 @@ module Dependabot
139
147
  end
140
148
  end
141
149
 
150
+ cache_vendored_gems(definition) if ::Bundler.app_cache.exist?
151
+
142
152
  definition.to_lock
143
153
  rescue ::Bundler::GemNotFound => e
144
154
  unlock_yanked_gem(dependencies_to_unlock, e) && retry
@@ -152,6 +162,73 @@ module Dependabot
152
162
  retry
153
163
  end
154
164
  end
165
+ # rubocop:enable Metrics/PerceivedComplexity
166
+
167
+ def cache_vendored_gems(definition)
168
+ # Dependencies that have been unlocked for the update (including
169
+ # sub-dependencies)
170
+ unlocked_gems = definition.instance_variable_get(:@unlock).
171
+ fetch(:gems)
172
+ bundler_opts = {
173
+ cache_all: true,
174
+ cache_all_platforms: true,
175
+ no_prune: true
176
+ }
177
+
178
+ ::Bundler.settings.temporary(**bundler_opts) do
179
+ # Fetch and cache gems on all platforms without pruning
180
+ ::Bundler::Runtime.new(nil, definition).cache
181
+
182
+ # Only prune unlocked gems (the original implementation is in
183
+ # Bundler::Runtime)
184
+ cache_path = ::Bundler.app_cache
185
+ resolve = definition.resolve
186
+ prune_gem_cache(resolve, cache_path, unlocked_gems)
187
+ prune_git_and_path_cache(resolve, cache_path)
188
+ end
189
+ end
190
+
191
+ # Copied from Bundler::Runtime: Modified to only prune gems that have
192
+ # been unlocked
193
+ def prune_gem_cache(resolve, cache_path, unlocked_gems)
194
+ cached_gems = Dir["#{cache_path}/*.gem"]
195
+
196
+ outdated_gems = cached_gems.reject do |path|
197
+ spec = ::Bundler.rubygems.spec_from_gem path
198
+
199
+ !unlocked_gems.include?(spec.name) || resolve.any? do |s|
200
+ s.name == spec.name && s.version == spec.version &&
201
+ !s.source.is_a?(::Bundler::Source::Git)
202
+ end
203
+ end
204
+
205
+ return unless outdated_gems.any?
206
+
207
+ outdated_gems.each do |path|
208
+ File.delete(path)
209
+ end
210
+ end
211
+
212
+ # Copied from Bundler::Runtime
213
+ def prune_git_and_path_cache(resolve, cache_path)
214
+ cached_git_and_path = Dir["#{cache_path}/*/.bundlecache"]
215
+
216
+ outdated_git_and_path = cached_git_and_path.reject do |path|
217
+ name = File.basename(File.dirname(path))
218
+
219
+ resolve.any? do |s|
220
+ s.source.respond_to?(:app_cache_dirname) &&
221
+ s.source.app_cache_dirname == name
222
+ end
223
+ end
224
+
225
+ return unless outdated_git_and_path.any?
226
+
227
+ outdated_git_and_path.each do |path|
228
+ path = File.dirname(path)
229
+ FileUtils.rm_rf(path)
230
+ end
231
+ end
155
232
 
156
233
  def unlock_yanked_gem(dependencies_to_unlock, error)
157
234
  raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
@@ -453,6 +530,7 @@ module Dependabot
453
530
  lockfile.content.match?(/BUNDLED WITH\s+2/m)
454
531
  end
455
532
  end
533
+ # rubocop:enable Metrics/ClassLength
456
534
  end
457
535
  end
458
536
  end
data/lib/dependabot/bundler/update_checker.rb CHANGED
@@ -145,6 +145,7 @@ module Dependabot
145
145
  ForceUpdater.new(
146
146
  dependency: dependency,
147
147
  dependency_files: dependency_files,
148
+ repo_contents_path: repo_contents_path,
148
149
  credentials: credentials,
149
150
  target_version: version,
150
151
  requirements_update_strategy: requirements_update_strategy,
@@ -165,6 +166,7 @@ module Dependabot
165
166
  VersionResolver.new(
166
167
  dependency: dependency,
167
168
  unprepared_dependency_files: dependency_files,
169
+ repo_contents_path: repo_contents_path,
168
170
  credentials: credentials,
169
171
  ignored_versions: ignored_versions,
170
172
  raise_on_ignored: raise_on_ignored,
@@ -325,6 +327,7 @@ module Dependabot
325
327
  ForceUpdater.new(
326
328
  dependency: dependency,
327
329
  dependency_files: dependency_files,
330
+ repo_contents_path: repo_contents_path,
328
331
  credentials: credentials,
329
332
  target_version: latest_version,
330
333
  requirements_update_strategy: requirements_update_strategy
@@ -347,6 +350,7 @@ module Dependabot
347
350
  VersionResolver.new(
348
351
  dependency: dependency,
349
352
  unprepared_dependency_files: dependency_files,
353
+ repo_contents_path: repo_contents_path,
350
354
  credentials: credentials,
351
355
  ignored_versions: ignored_versions,
352
356
  raise_on_ignored: raise_on_ignored,
@@ -369,6 +373,7 @@ module Dependabot
369
373
  LatestVersionFinder.new(
370
374
  dependency: dependency,
371
375
  dependency_files: prepared_dependency_files,
376
+ repo_contents_path: repo_contents_path,
372
377
  credentials: credentials,
373
378
  ignored_versions: ignored_versions,
374
379
  raise_on_ignored: raise_on_ignored,
data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED
@@ -15,11 +15,13 @@ module Dependabot
15
15
  module Bundler
16
16
  class UpdateChecker
17
17
  class ForceUpdater
18
- def initialize(dependency:, dependency_files:, credentials:,
19
- target_version:, requirements_update_strategy:,
18
+ def initialize(dependency:, dependency_files:, repo_contents_path: nil,
19
+ credentials:, target_version:,
20
+ requirements_update_strategy:,
20
21
  update_multiple_dependencies: true)
21
22
  @dependency = dependency
22
23
  @dependency_files = dependency_files
24
+ @repo_contents_path = repo_contents_path
23
25
  @credentials = credentials
24
26
  @target_version = target_version
25
27
  @requirements_update_strategy = requirements_update_strategy
@@ -32,8 +34,8 @@ module Dependabot
32
34
 
33
35
  private
34
36
 
35
- attr_reader :dependency, :dependency_files, :credentials,
36
- :target_version, :requirements_update_strategy
37
+ attr_reader :dependency, :dependency_files, :repo_contents_path,
38
+ :credentials, :target_version, :requirements_update_strategy
37
39
 
38
40
  def update_multiple_dependencies?
39
41
  @update_multiple_dependencies
@@ -74,7 +76,8 @@ module Dependabot
74
76
 
75
77
  def in_a_temporary_bundler_context
76
78
  base_directory = dependency_files.first.directory
77
- SharedHelpers.in_a_temporary_directory(base_directory) do
79
+ SharedHelpers.in_a_temporary_repo_directory(base_directory,
80
+ repo_contents_path) do
78
81
  write_temporary_dependency_files
79
82
 
80
83
  SharedHelpers.in_a_forked_process do
data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED
@@ -18,11 +18,12 @@ module Dependabot
18
18
  require_relative "shared_bundler_helpers"
19
19
  include SharedBundlerHelpers
20
20
 
21
- def initialize(dependency:, dependency_files:, credentials:,
22
- ignored_versions:, raise_on_ignored: false,
21
+ def initialize(dependency:, dependency_files:, repo_contents_path: nil,
22
+ credentials:, ignored_versions:, raise_on_ignored: false,
23
23
  security_advisories:)
24
24
  @dependency = dependency
25
25
  @dependency_files = dependency_files
26
+ @repo_contents_path = repo_contents_path
26
27
  @credentials = credentials
27
28
  @ignored_versions = ignored_versions
28
29
  @raise_on_ignored = raise_on_ignored
@@ -39,8 +40,8 @@ module Dependabot
39
40
 
40
41
  private
41
42
 
42
- attr_reader :dependency, :dependency_files, :credentials,
43
- :ignored_versions, :security_advisories
43
+ attr_reader :dependency, :dependency_files, :repo_contents_path,
44
+ :credentials, :ignored_versions, :security_advisories
44
45
 
45
46
  def fetch_latest_version_details
46
47
  if dependency_source.is_a?(::Bundler::Source::Git)
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -29,14 +29,16 @@ module Dependabot
29
29
  Bundler::Fetcher::FallbackError
30
30
  ).freeze
31
31
 
32
- attr_reader :dependency_files, :credentials
32
+ attr_reader :dependency_files, :repo_contents_path, :credentials
33
33
 
34
34
  #########################
35
35
  # Bundler context setup #
36
36
  #########################
37
37
 
38
38
  def in_a_temporary_bundler_context(error_handling: true)
39
- SharedHelpers.in_a_temporary_directory(base_directory) do |tmp_dir|
39
+ SharedHelpers.
40
+ in_a_temporary_repo_directory(base_directory,
41
+ repo_contents_path) do |tmp_dir|
40
42
  write_temporary_dependency_files
41
43
 
42
44
  SharedHelpers.in_a_forked_process do
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -24,7 +24,7 @@ module Dependabot
24
24
  GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
25
25
 
26
26
  def initialize(dependency:, unprepared_dependency_files:,
27
- credentials:, ignored_versions:,
27
+ repo_contents_path: nil, credentials:, ignored_versions:,
28
28
  raise_on_ignored: false,
29
29
  replacement_git_pin: nil, remove_git_source: false,
30
30
  unlock_requirement: true,
@@ -32,6 +32,7 @@ module Dependabot
32
32
  @dependency = dependency
33
33
  @unprepared_dependency_files = unprepared_dependency_files
34
34
  @credentials = credentials
35
+ @repo_contents_path = repo_contents_path
35
36
  @ignored_versions = ignored_versions
36
37
  @raise_on_ignored = raise_on_ignored
37
38
  @replacement_git_pin = replacement_git_pin
@@ -47,9 +48,9 @@ module Dependabot
47
48
 
48
49
  private
49
50
 
50
- attr_reader :dependency, :unprepared_dependency_files, :credentials,
51
- :ignored_versions, :replacement_git_pin,
52
- :latest_allowable_version
51
+ attr_reader :dependency, :unprepared_dependency_files,
52
+ :repo_contents_path, :credentials, :ignored_versions,
53
+ :replacement_git_pin, :latest_allowable_version
53
54
 
54
55
  def remove_git_source?
55
56
  @remove_git_source
@@ -268,6 +269,7 @@ module Dependabot
268
269
  LatestVersionFinder.new(
269
270
  dependency: dependency,
270
271
  dependency_files: dependency_files,
272
+ repo_contents_path: repo_contents_path,
271
273
  credentials: credentials,
272
274
  ignored_versions: ignored_versions,
273
275
  raise_on_ignored: @raise_on_ignored,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.14
4
+ version: 0.119.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2020-08-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.14
19
+ version: 0.119.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.14
26
+ version: 0.119.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement