dependabot-bundler 0.119.0.beta1 → 0.119.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_updater.rb +42 -3
  3. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +5 -6
  4. data/lib/dependabot/bundler/update_checker/file_preparer.rb +4 -0
  5. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +0 -3
  6. metadata +10 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b80518519da7e1a3143ede4da6e1a7dd4df2f926b7fa6a9e8e7afbaab88a578a
4
- data.tar.gz: b3192111c15926ee5ce6bff535654c89f5e6b6f9e4bae4782d65093362b867d5
3
+ metadata.gz: b553f381d51096abea464d29db31481e5e9d0d115994defaedc34817215cd036
4
+ data.tar.gz: 7316b4fc824c9c0d2d8f503926cced66c76334bd271f866cc296f2ff5892d22e
5
5
  SHA512:
6
- metadata.gz: 99e0ae19b66182dda191654dde09ee6c18453c9ae5a6a3c67e3666335b595cd4ee12b3562e651b7f9a8edfd326266014b14667e97d2a57be3c5f71b876fc9c12
7
- data.tar.gz: a48f701129cf5eaf3c44215fe32964a4a27e4c1198909b1e3e910635deba3d219f482227c7f84d64b62a96f1faa69bf40a70ab31295e5209a38a128736bd5559
6
+ metadata.gz: 715c7aa1a560d963e73feee11280cab3ce03aa3662ae7bfe4d6b2bb0f0a5bf39355ff3446259dbeb671b02cb170e14791d6a8f08c8d94a3c3b7932d57561145b
7
+ data.tar.gz: 59d1dbd6c9e8fcdd73dc62b27e2a56def85ccc0fdabe56ac2042e1fae07af158493c5bdd83e5abfaf98283259c9862a3fe4464357be53e9ab3c97ddc2e71363e
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -20,6 +20,7 @@ module Dependabot
20
20
  ]
21
21
  end
22
22
 
23
+ # rubocop:disable Metrics/PerceivedComplexity
23
24
  def updated_dependency_files
24
25
  updated_files = []
25
26
 
@@ -59,6 +60,7 @@ module Dependabot
59
60
 
60
61
  updated_files
61
62
  end
63
+ # rubocop:enable Metrics/PerceivedComplexity
62
64
 
63
65
  private
64
66
 
@@ -84,13 +86,17 @@ module Dependabot
84
86
  Dir.chdir(repo_contents_path) do
85
87
  relative_dir = vendor_cache_dir.sub("#{repo_contents_path}/", "")
86
88
  status = SharedHelpers.run_shell_command(
87
- "git status --porcelain=v1 #{relative_dir}"
89
+ "git status --untracked-files=all --porcelain=v1 #{relative_dir}"
88
90
  )
89
91
  changed_paths = status.split("\n").map { |l| l.split(" ") }
90
92
  changed_paths.map do |type, path|
91
93
  deleted = type == "D"
92
- encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
93
- encoded_content = Base64.encode64(File.read(path)) unless deleted
94
+ encoding = ""
95
+ encoded_content = File.read(path) unless deleted
96
+ if binary_file?(path)
97
+ encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
98
+ encoded_content = Base64.encode64(encoded_content) unless deleted
99
+ end
94
100
  Dependabot::DependencyFile.new(
95
101
  name: path,
96
102
  content: encoded_content,
@@ -102,6 +108,39 @@ module Dependabot
102
108
  end
103
109
  end
104
110
 
111
+ # notable filenames without a reliable extension:
112
+ TEXT_FILE_NAMES = [
113
+ "Gemfile",
114
+ "Gemfile.lock",
115
+ ".bundlecache",
116
+ ".gitignore"
117
+ ].freeze
118
+
119
+ TEXT_FILE_EXTS = [
120
+ # code
121
+ ".rb",
122
+ ".erb",
123
+ ".gemspec",
124
+ ".js",
125
+ ".html",
126
+ # config
127
+ ".json",
128
+ ".xml",
129
+ ".toml",
130
+ ".yaml",
131
+ ".yml",
132
+ # docs
133
+ ".md",
134
+ ".txt"
135
+ ].freeze
136
+
137
+ def binary_file?(path)
138
+ return false if TEXT_FILE_NAMES.include?(File.basename(path))
139
+ return false if TEXT_FILE_EXTS.include?(File.extname(path))
140
+
141
+ true
142
+ end
143
+
105
144
  def check_required_files
106
145
  file_names = dependency_files.map(&:name)
107
146
 
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -170,6 +170,7 @@ module Dependabot
170
170
  unlocked_gems = definition.instance_variable_get(:@unlock).
171
171
  fetch(:gems)
172
172
  bundler_opts = {
173
+ cache_all: true,
173
174
  cache_all_platforms: true,
174
175
  no_prune: true
175
176
  }
@@ -203,10 +204,7 @@ module Dependabot
203
204
 
204
205
  return unless outdated_gems.any?
205
206
 
206
- puts "Removing outdated .gem files from #{cache_path}"
207
-
208
207
  outdated_gems.each do |path|
209
- puts " * #{File.basename(path)}"
210
208
  File.delete(path)
211
209
  end
212
210
  end
@@ -226,11 +224,8 @@ module Dependabot
226
224
 
227
225
  return unless outdated_git_and_path.any?
228
226
 
229
- puts "Removing outdated git and path gems from #{cache_path}"
230
-
231
227
  outdated_git_and_path.each do |path|
232
228
  path = File.dirname(path)
233
- puts " * #{File.basename(path)}"
234
229
  FileUtils.rm_rf(path)
235
230
  end
236
231
  end
@@ -245,6 +240,7 @@ module Dependabot
245
240
  dependencies_to_unlock << gem_name
246
241
  end
247
242
 
243
+ # rubocop:disable Metrics/PerceivedComplexity
248
244
  def unlock_blocking_subdeps(dependencies_to_unlock, error)
249
245
  all_deps = ::Bundler::LockfileParser.new(sanitized_lockfile_body).
250
246
  specs.map(&:name).map(&:to_s)
@@ -273,6 +269,7 @@ module Dependabot
273
269
  # information to chart the full path through all conflicts unwound
274
270
  dependencies_to_unlock.append(*allowed_new_unlocks)
275
271
  end
272
+ # rubocop:enable Metrics/PerceivedComplexity
276
273
 
277
274
  def build_definition(dependencies_to_unlock)
278
275
  defn = ::Bundler::Definition.build(
@@ -412,6 +409,7 @@ module Dependabot
412
409
  rewrite(gemspec_content)
413
410
  end
414
411
 
412
+ # rubocop:disable Metrics/PerceivedComplexity
415
413
  def replacement_version_for_gemspec(gemspec_content)
416
414
  return "0.0.1" unless lockfile
417
415
 
@@ -428,6 +426,7 @@ module Dependabot
428
426
  spec = gemspec_specs.find { |s| s.name == gem_name }
429
427
  spec&.version || gemspec_specs.first&.version || "0.0.1"
430
428
  end
429
+ # rubocop:enable Metrics/PerceivedComplexity
431
430
 
432
431
  def relevant_credentials
433
432
  credentials.
data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED
@@ -214,6 +214,7 @@ module Dependabot
214
214
  lower_bound_req + ", <= #{latest_allowable_version}"
215
215
  end
216
216
 
217
+ # rubocop:disable Metrics/PerceivedComplexity
217
218
  def updated_version_req_lower_bound(filename)
218
219
  original_req = dependency.requirements.
219
220
  find { |r| r.fetch(:file) == filename }&.
@@ -234,6 +235,7 @@ module Dependabot
234
235
  ">= #{version_for_requirement || 0}"
235
236
  end
236
237
  end
238
+ # rubocop:enable Metrics/PerceivedComplexity
237
239
 
238
240
  def remove_git_source(content)
239
241
  FileUpdater::GitSourceRemover.new(
@@ -261,6 +263,7 @@ module Dependabot
261
263
  @lock_ruby_version && file == gemfile
262
264
  end
263
265
 
266
+ # rubocop:disable Metrics/PerceivedComplexity
264
267
  def replacement_version_for_gemspec(gemspec_content)
265
268
  return "0.0.1" unless lockfile
266
269
 
@@ -278,6 +281,7 @@ module Dependabot
278
281
  spec = gemspec_specs.find { |s| s.name == gem_name }
279
282
  spec&.version || gemspec_specs.first&.version || "0.0.1"
280
283
  end
284
+ # rubocop:enable Metrics/PerceivedComplexity
281
285
 
282
286
  def sanitized_lockfile_content
283
287
  re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED
@@ -252,7 +252,6 @@ module Dependabot
252
252
 
253
253
  # Updates the version in a "<" or "<=" constraint to allow the given
254
254
  # version
255
- # rubocop:disable Metrics/PerceivedComplexity
256
255
  def update_greatest_version(requirement, version_to_be_permitted)
257
256
  if version_to_be_permitted.is_a?(String)
258
257
  version_to_be_permitted = Gem::Version.new(version_to_be_permitted)
@@ -278,8 +277,6 @@ module Dependabot
278
277
 
279
278
  Gem::Requirement.new("#{op} #{new_segments.join('.')}")
280
279
  end
281
-
282
- # rubocop:enable Metrics/PerceivedComplexity
283
280
  end
284
281
  end
285
282
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.119.0.beta1
4
+ version: 0.119.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-20 00:00:00.000000000 Z
11
+ date: 2020-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.119.0.beta1
19
+ version: 0.119.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.119.0.beta1
26
+ version: 0.119.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.88.0
103
+ version: 0.90.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.88.0
110
+ version: 0.90.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: vcr
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -179,7 +179,7 @@ homepage: https://github.com/dependabot/dependabot-core
179
179
  licenses:
180
180
  - Nonstandard
181
181
  metadata: {}
182
- post_install_message:
182
+ post_install_message:
183
183
  rdoc_options: []
184
184
  require_paths:
185
185
  - lib
@@ -194,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
194
194
  - !ruby/object:Gem::Version
195
195
  version: 2.5.0
196
196
  requirements: []
197
- rubygems_version: 3.1.4
198
- signing_key:
197
+ rubygems_version: 3.1.2
198
+ signing_key:
199
199
  specification_version: 4
200
200
  summary: Ruby (bundler) support for dependabot
201
201
  test_files: []