dependabot-bundler 0.118.15 → 0.119.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +4 -2
- data/lib/dependabot/bundler/file_updater.rb +84 -0
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +81 -3
- data/lib/dependabot/bundler/update_checker.rb +5 -0
- data/lib/dependabot/bundler/update_checker/force_updater.rb +8 -5
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +5 -4
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +4 -2
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +6 -4
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 81dd1f983805adb8ee9e479d66b405c80f55d6c3b972d949b5586070c3fa4034
|
4
|
+
data.tar.gz: baa4354d85f38c2f35f635ad0c32aa3d2722cc56e6702e1819f9730af52a39ad
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 757fba80ee34d60b843624d9ab42c37efbbe69986e95b049e94633f346ba30baff4ac5e52ac11f34b5fbfef5daa3171e9bda4439cb17e4db9f615dcf4dd33cd0
|
7
|
+
data.tar.gz: 4fa22789fb9c1ebc467e1aae77c51a36944f4e8c16561f6865b9a8e35fab84ac8ac10c65aed8899bf9ef316ce3786f8df116811554b45755e32696a13c5e4130
|
@@ -118,7 +118,8 @@ module Dependabot
|
|
118
118
|
|
119
119
|
def parsed_gemfile
|
120
120
|
@parsed_gemfile ||=
|
121
|
-
SharedHelpers.
|
121
|
+
SharedHelpers.in_a_temporary_repo_directory(base_directory,
|
122
|
+
repo_contents_path) do
|
122
123
|
write_temporary_dependency_files
|
123
124
|
|
124
125
|
SharedHelpers.in_a_forked_process do
|
@@ -150,7 +151,8 @@ module Dependabot
|
|
150
151
|
def parsed_gemspec(file)
|
151
152
|
@parsed_gemspecs ||= {}
|
152
153
|
@parsed_gemspecs[file.name] ||=
|
153
|
-
SharedHelpers.
|
154
|
+
SharedHelpers.in_a_temporary_repo_directory(base_directory,
|
155
|
+
repo_contents_path) do
|
154
156
|
[file, *imported_ruby_files].each do |f|
|
155
157
|
path = f.name
|
156
158
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
@@ -51,11 +51,94 @@ module Dependabot
|
|
51
51
|
end
|
52
52
|
|
53
53
|
check_updated_files(updated_files)
|
54
|
+
|
55
|
+
base_dir = updated_files.first.directory
|
56
|
+
updated_vendor_cache_files(base_directory: base_dir).each do |file|
|
57
|
+
updated_files << file
|
58
|
+
end
|
59
|
+
|
54
60
|
updated_files
|
55
61
|
end
|
56
62
|
|
57
63
|
private
|
58
64
|
|
65
|
+
# Dynamically fetch the vendor cache folder from bundler
|
66
|
+
def vendor_cache_dir
|
67
|
+
return @vendor_cache_dir if defined?(@vendor_cache_dir)
|
68
|
+
|
69
|
+
@vendor_cache_dir =
|
70
|
+
SharedHelpers.in_a_forked_process do
|
71
|
+
# Set the path for path gemspec correctly
|
72
|
+
::Bundler.instance_variable_set(:@root, repo_contents_path)
|
73
|
+
::Bundler.app_cache
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
# Returns changed files in the vendor/cache folder
|
78
|
+
#
|
79
|
+
# @param base_directory [String] Update config base directory
|
80
|
+
# @return [Array<Dependabot::DependencyFile>]
|
81
|
+
def updated_vendor_cache_files(base_directory:)
|
82
|
+
return [] unless repo_contents_path && vendor_cache_dir
|
83
|
+
|
84
|
+
Dir.chdir(repo_contents_path) do
|
85
|
+
relative_dir = vendor_cache_dir.sub("#{repo_contents_path}/", "")
|
86
|
+
status = SharedHelpers.run_shell_command(
|
87
|
+
"git status --untracked-files=all --porcelain=v1 #{relative_dir}"
|
88
|
+
)
|
89
|
+
changed_paths = status.split("\n").map { |l| l.split(" ") }
|
90
|
+
changed_paths.map do |type, path|
|
91
|
+
deleted = type == "D"
|
92
|
+
encoding = ""
|
93
|
+
encoded_content = File.read(path) unless deleted
|
94
|
+
if binary_file?(path)
|
95
|
+
encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
|
96
|
+
encoded_content = Base64.encode64(encoded_content) unless deleted
|
97
|
+
end
|
98
|
+
Dependabot::DependencyFile.new(
|
99
|
+
name: path,
|
100
|
+
content: encoded_content,
|
101
|
+
directory: base_directory,
|
102
|
+
deleted: deleted,
|
103
|
+
content_encoding: encoding
|
104
|
+
)
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
# notable filenames without a reliable extension:
|
110
|
+
TEXT_FILE_NAMES = [
|
111
|
+
"Gemfile",
|
112
|
+
"Gemfile.lock",
|
113
|
+
".bundlecache",
|
114
|
+
".gitignore"
|
115
|
+
].freeze
|
116
|
+
|
117
|
+
TEXT_FILE_EXTS = [
|
118
|
+
# code
|
119
|
+
".rb",
|
120
|
+
".erb",
|
121
|
+
".gemspec",
|
122
|
+
".js",
|
123
|
+
".html",
|
124
|
+
# config
|
125
|
+
".json",
|
126
|
+
".xml",
|
127
|
+
".toml",
|
128
|
+
".yaml",
|
129
|
+
".yml",
|
130
|
+
# docs
|
131
|
+
".md",
|
132
|
+
".txt"
|
133
|
+
].freeze
|
134
|
+
|
135
|
+
def binary_file?(path)
|
136
|
+
return false if TEXT_FILE_NAMES.include?(File.basename(path))
|
137
|
+
return false if TEXT_FILE_EXTS.include?(File.extname(path))
|
138
|
+
|
139
|
+
true
|
140
|
+
end
|
141
|
+
|
59
142
|
def check_required_files
|
60
143
|
file_names = dependency_files.map(&:name)
|
61
144
|
|
@@ -116,6 +199,7 @@ module Dependabot
|
|
116
199
|
LockfileUpdater.new(
|
117
200
|
dependencies: dependencies,
|
118
201
|
dependency_files: dependency_files,
|
202
|
+
repo_contents_path: repo_contents_path,
|
119
203
|
credentials: credentials
|
120
204
|
).updated_lockfile_content
|
121
205
|
end
|
@@ -13,6 +13,7 @@ require "dependabot/git_commit_checker"
|
|
13
13
|
module Dependabot
|
14
14
|
module Bundler
|
15
15
|
class FileUpdater
|
16
|
+
# rubocop:disable Metrics/ClassLength
|
16
17
|
class LockfileUpdater
|
17
18
|
require_relative "gemfile_updater"
|
18
19
|
require_relative "gemspec_updater"
|
@@ -41,9 +42,11 @@ module Dependabot
|
|
41
42
|
]
|
42
43
|
end
|
43
44
|
|
44
|
-
def initialize(dependencies:, dependency_files:,
|
45
|
+
def initialize(dependencies:, dependency_files:,
|
46
|
+
repo_contents_path: nil, credentials:)
|
45
47
|
@dependencies = dependencies
|
46
48
|
@dependency_files = dependency_files
|
49
|
+
@repo_contents_path = repo_contents_path
|
47
50
|
@credentials = credentials
|
48
51
|
end
|
49
52
|
|
@@ -62,12 +65,16 @@ module Dependabot
|
|
62
65
|
|
63
66
|
private
|
64
67
|
|
65
|
-
attr_reader :dependencies, :dependency_files, :
|
68
|
+
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
69
|
+
:credentials
|
66
70
|
|
67
71
|
def build_updated_lockfile
|
68
72
|
base_dir = dependency_files.first.directory
|
69
73
|
lockfile_body =
|
70
|
-
SharedHelpers.
|
74
|
+
SharedHelpers.in_a_temporary_repo_directory(
|
75
|
+
base_dir,
|
76
|
+
repo_contents_path
|
77
|
+
) do |tmp_dir|
|
71
78
|
write_temporary_dependency_files
|
72
79
|
|
73
80
|
SharedHelpers.in_a_forked_process do
|
@@ -122,6 +129,7 @@ module Dependabot
|
|
122
129
|
end
|
123
130
|
end
|
124
131
|
|
132
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
125
133
|
def generate_lockfile
|
126
134
|
dependencies_to_unlock = dependencies.map(&:name)
|
127
135
|
|
@@ -139,6 +147,8 @@ module Dependabot
|
|
139
147
|
end
|
140
148
|
end
|
141
149
|
|
150
|
+
cache_vendored_gems(definition) if ::Bundler.app_cache.exist?
|
151
|
+
|
142
152
|
definition.to_lock
|
143
153
|
rescue ::Bundler::GemNotFound => e
|
144
154
|
unlock_yanked_gem(dependencies_to_unlock, e) && retry
|
@@ -152,6 +162,73 @@ module Dependabot
|
|
152
162
|
retry
|
153
163
|
end
|
154
164
|
end
|
165
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
166
|
+
|
167
|
+
def cache_vendored_gems(definition)
|
168
|
+
# Dependencies that have been unlocked for the update (including
|
169
|
+
# sub-dependencies)
|
170
|
+
unlocked_gems = definition.instance_variable_get(:@unlock).
|
171
|
+
fetch(:gems)
|
172
|
+
bundler_opts = {
|
173
|
+
cache_all: true,
|
174
|
+
cache_all_platforms: true,
|
175
|
+
no_prune: true
|
176
|
+
}
|
177
|
+
|
178
|
+
::Bundler.settings.temporary(**bundler_opts) do
|
179
|
+
# Fetch and cache gems on all platforms without pruning
|
180
|
+
::Bundler::Runtime.new(nil, definition).cache
|
181
|
+
|
182
|
+
# Only prune unlocked gems (the original implementation is in
|
183
|
+
# Bundler::Runtime)
|
184
|
+
cache_path = ::Bundler.app_cache
|
185
|
+
resolve = definition.resolve
|
186
|
+
prune_gem_cache(resolve, cache_path, unlocked_gems)
|
187
|
+
prune_git_and_path_cache(resolve, cache_path)
|
188
|
+
end
|
189
|
+
end
|
190
|
+
|
191
|
+
# Copied from Bundler::Runtime: Modified to only prune gems that have
|
192
|
+
# been unlocked
|
193
|
+
def prune_gem_cache(resolve, cache_path, unlocked_gems)
|
194
|
+
cached_gems = Dir["#{cache_path}/*.gem"]
|
195
|
+
|
196
|
+
outdated_gems = cached_gems.reject do |path|
|
197
|
+
spec = ::Bundler.rubygems.spec_from_gem path
|
198
|
+
|
199
|
+
!unlocked_gems.include?(spec.name) || resolve.any? do |s|
|
200
|
+
s.name == spec.name && s.version == spec.version &&
|
201
|
+
!s.source.is_a?(::Bundler::Source::Git)
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
205
|
+
return unless outdated_gems.any?
|
206
|
+
|
207
|
+
outdated_gems.each do |path|
|
208
|
+
File.delete(path)
|
209
|
+
end
|
210
|
+
end
|
211
|
+
|
212
|
+
# Copied from Bundler::Runtime
|
213
|
+
def prune_git_and_path_cache(resolve, cache_path)
|
214
|
+
cached_git_and_path = Dir["#{cache_path}/*/.bundlecache"]
|
215
|
+
|
216
|
+
outdated_git_and_path = cached_git_and_path.reject do |path|
|
217
|
+
name = File.basename(File.dirname(path))
|
218
|
+
|
219
|
+
resolve.any? do |s|
|
220
|
+
s.source.respond_to?(:app_cache_dirname) &&
|
221
|
+
s.source.app_cache_dirname == name
|
222
|
+
end
|
223
|
+
end
|
224
|
+
|
225
|
+
return unless outdated_git_and_path.any?
|
226
|
+
|
227
|
+
outdated_git_and_path.each do |path|
|
228
|
+
path = File.dirname(path)
|
229
|
+
FileUtils.rm_rf(path)
|
230
|
+
end
|
231
|
+
end
|
155
232
|
|
156
233
|
def unlock_yanked_gem(dependencies_to_unlock, error)
|
157
234
|
raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
|
@@ -453,6 +530,7 @@ module Dependabot
|
|
453
530
|
lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
454
531
|
end
|
455
532
|
end
|
533
|
+
# rubocop:enable Metrics/ClassLength
|
456
534
|
end
|
457
535
|
end
|
458
536
|
end
|
@@ -145,6 +145,7 @@ module Dependabot
|
|
145
145
|
ForceUpdater.new(
|
146
146
|
dependency: dependency,
|
147
147
|
dependency_files: dependency_files,
|
148
|
+
repo_contents_path: repo_contents_path,
|
148
149
|
credentials: credentials,
|
149
150
|
target_version: version,
|
150
151
|
requirements_update_strategy: requirements_update_strategy,
|
@@ -165,6 +166,7 @@ module Dependabot
|
|
165
166
|
VersionResolver.new(
|
166
167
|
dependency: dependency,
|
167
168
|
unprepared_dependency_files: dependency_files,
|
169
|
+
repo_contents_path: repo_contents_path,
|
168
170
|
credentials: credentials,
|
169
171
|
ignored_versions: ignored_versions,
|
170
172
|
raise_on_ignored: raise_on_ignored,
|
@@ -325,6 +327,7 @@ module Dependabot
|
|
325
327
|
ForceUpdater.new(
|
326
328
|
dependency: dependency,
|
327
329
|
dependency_files: dependency_files,
|
330
|
+
repo_contents_path: repo_contents_path,
|
328
331
|
credentials: credentials,
|
329
332
|
target_version: latest_version,
|
330
333
|
requirements_update_strategy: requirements_update_strategy
|
@@ -347,6 +350,7 @@ module Dependabot
|
|
347
350
|
VersionResolver.new(
|
348
351
|
dependency: dependency,
|
349
352
|
unprepared_dependency_files: dependency_files,
|
353
|
+
repo_contents_path: repo_contents_path,
|
350
354
|
credentials: credentials,
|
351
355
|
ignored_versions: ignored_versions,
|
352
356
|
raise_on_ignored: raise_on_ignored,
|
@@ -369,6 +373,7 @@ module Dependabot
|
|
369
373
|
LatestVersionFinder.new(
|
370
374
|
dependency: dependency,
|
371
375
|
dependency_files: prepared_dependency_files,
|
376
|
+
repo_contents_path: repo_contents_path,
|
372
377
|
credentials: credentials,
|
373
378
|
ignored_versions: ignored_versions,
|
374
379
|
raise_on_ignored: raise_on_ignored,
|
@@ -15,11 +15,13 @@ module Dependabot
|
|
15
15
|
module Bundler
|
16
16
|
class UpdateChecker
|
17
17
|
class ForceUpdater
|
18
|
-
def initialize(dependency:, dependency_files:,
|
19
|
-
|
18
|
+
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
19
|
+
credentials:, target_version:,
|
20
|
+
requirements_update_strategy:,
|
20
21
|
update_multiple_dependencies: true)
|
21
22
|
@dependency = dependency
|
22
23
|
@dependency_files = dependency_files
|
24
|
+
@repo_contents_path = repo_contents_path
|
23
25
|
@credentials = credentials
|
24
26
|
@target_version = target_version
|
25
27
|
@requirements_update_strategy = requirements_update_strategy
|
@@ -32,8 +34,8 @@ module Dependabot
|
|
32
34
|
|
33
35
|
private
|
34
36
|
|
35
|
-
attr_reader :dependency, :dependency_files, :
|
36
|
-
:target_version, :requirements_update_strategy
|
37
|
+
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
38
|
+
:credentials, :target_version, :requirements_update_strategy
|
37
39
|
|
38
40
|
def update_multiple_dependencies?
|
39
41
|
@update_multiple_dependencies
|
@@ -74,7 +76,8 @@ module Dependabot
|
|
74
76
|
|
75
77
|
def in_a_temporary_bundler_context
|
76
78
|
base_directory = dependency_files.first.directory
|
77
|
-
SharedHelpers.
|
79
|
+
SharedHelpers.in_a_temporary_repo_directory(base_directory,
|
80
|
+
repo_contents_path) do
|
78
81
|
write_temporary_dependency_files
|
79
82
|
|
80
83
|
SharedHelpers.in_a_forked_process do
|
@@ -18,11 +18,12 @@ module Dependabot
|
|
18
18
|
require_relative "shared_bundler_helpers"
|
19
19
|
include SharedBundlerHelpers
|
20
20
|
|
21
|
-
def initialize(dependency:, dependency_files:,
|
22
|
-
ignored_versions:, raise_on_ignored: false,
|
21
|
+
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
22
|
+
credentials:, ignored_versions:, raise_on_ignored: false,
|
23
23
|
security_advisories:)
|
24
24
|
@dependency = dependency
|
25
25
|
@dependency_files = dependency_files
|
26
|
+
@repo_contents_path = repo_contents_path
|
26
27
|
@credentials = credentials
|
27
28
|
@ignored_versions = ignored_versions
|
28
29
|
@raise_on_ignored = raise_on_ignored
|
@@ -39,8 +40,8 @@ module Dependabot
|
|
39
40
|
|
40
41
|
private
|
41
42
|
|
42
|
-
attr_reader :dependency, :dependency_files, :
|
43
|
-
:ignored_versions, :security_advisories
|
43
|
+
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
44
|
+
:credentials, :ignored_versions, :security_advisories
|
44
45
|
|
45
46
|
def fetch_latest_version_details
|
46
47
|
if dependency_source.is_a?(::Bundler::Source::Git)
|
@@ -29,14 +29,16 @@ module Dependabot
|
|
29
29
|
Bundler::Fetcher::FallbackError
|
30
30
|
).freeze
|
31
31
|
|
32
|
-
attr_reader :dependency_files, :credentials
|
32
|
+
attr_reader :dependency_files, :repo_contents_path, :credentials
|
33
33
|
|
34
34
|
#########################
|
35
35
|
# Bundler context setup #
|
36
36
|
#########################
|
37
37
|
|
38
38
|
def in_a_temporary_bundler_context(error_handling: true)
|
39
|
-
SharedHelpers.
|
39
|
+
SharedHelpers.
|
40
|
+
in_a_temporary_repo_directory(base_directory,
|
41
|
+
repo_contents_path) do |tmp_dir|
|
40
42
|
write_temporary_dependency_files
|
41
43
|
|
42
44
|
SharedHelpers.in_a_forked_process do
|
@@ -24,7 +24,7 @@ module Dependabot
|
|
24
24
|
GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
|
25
25
|
|
26
26
|
def initialize(dependency:, unprepared_dependency_files:,
|
27
|
-
credentials:, ignored_versions:,
|
27
|
+
repo_contents_path: nil, credentials:, ignored_versions:,
|
28
28
|
raise_on_ignored: false,
|
29
29
|
replacement_git_pin: nil, remove_git_source: false,
|
30
30
|
unlock_requirement: true,
|
@@ -32,6 +32,7 @@ module Dependabot
|
|
32
32
|
@dependency = dependency
|
33
33
|
@unprepared_dependency_files = unprepared_dependency_files
|
34
34
|
@credentials = credentials
|
35
|
+
@repo_contents_path = repo_contents_path
|
35
36
|
@ignored_versions = ignored_versions
|
36
37
|
@raise_on_ignored = raise_on_ignored
|
37
38
|
@replacement_git_pin = replacement_git_pin
|
@@ -47,9 +48,9 @@ module Dependabot
|
|
47
48
|
|
48
49
|
private
|
49
50
|
|
50
|
-
attr_reader :dependency, :unprepared_dependency_files,
|
51
|
-
:
|
52
|
-
:latest_allowable_version
|
51
|
+
attr_reader :dependency, :unprepared_dependency_files,
|
52
|
+
:repo_contents_path, :credentials, :ignored_versions,
|
53
|
+
:replacement_git_pin, :latest_allowable_version
|
53
54
|
|
54
55
|
def remove_git_source?
|
55
56
|
@remove_git_source
|
@@ -268,6 +269,7 @@ module Dependabot
|
|
268
269
|
LatestVersionFinder.new(
|
269
270
|
dependency: dependency,
|
270
271
|
dependency_files: dependency_files,
|
272
|
+
repo_contents_path: repo_contents_path,
|
271
273
|
credentials: credentials,
|
272
274
|
ignored_versions: ignored_versions,
|
273
275
|
raise_on_ignored: @raise_on_ignored,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.119.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.119.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.119.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|