dependabot-bundler 0.119.0.beta1 → 0.119.4
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b553f381d51096abea464d29db31481e5e9d0d115994defaedc34817215cd036
|
4
|
+
data.tar.gz: 7316b4fc824c9c0d2d8f503926cced66c76334bd271f866cc296f2ff5892d22e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 715c7aa1a560d963e73feee11280cab3ce03aa3662ae7bfe4d6b2bb0f0a5bf39355ff3446259dbeb671b02cb170e14791d6a8f08c8d94a3c3b7932d57561145b
|
7
|
+
data.tar.gz: 59d1dbd6c9e8fcdd73dc62b27e2a56def85ccc0fdabe56ac2042e1fae07af158493c5bdd83e5abfaf98283259c9862a3fe4464357be53e9ab3c97ddc2e71363e
|
@@ -20,6 +20,7 @@ module Dependabot
|
|
20
20
|
]
|
21
21
|
end
|
22
22
|
|
23
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
23
24
|
def updated_dependency_files
|
24
25
|
updated_files = []
|
25
26
|
|
@@ -59,6 +60,7 @@ module Dependabot
|
|
59
60
|
|
60
61
|
updated_files
|
61
62
|
end
|
63
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
62
64
|
|
63
65
|
private
|
64
66
|
|
@@ -84,13 +86,17 @@ module Dependabot
|
|
84
86
|
Dir.chdir(repo_contents_path) do
|
85
87
|
relative_dir = vendor_cache_dir.sub("#{repo_contents_path}/", "")
|
86
88
|
status = SharedHelpers.run_shell_command(
|
87
|
-
"git status --porcelain=v1 #{relative_dir}"
|
89
|
+
"git status --untracked-files=all --porcelain=v1 #{relative_dir}"
|
88
90
|
)
|
89
91
|
changed_paths = status.split("\n").map { |l| l.split(" ") }
|
90
92
|
changed_paths.map do |type, path|
|
91
93
|
deleted = type == "D"
|
92
|
-
encoding =
|
93
|
-
encoded_content =
|
94
|
+
encoding = ""
|
95
|
+
encoded_content = File.read(path) unless deleted
|
96
|
+
if binary_file?(path)
|
97
|
+
encoding = Dependabot::DependencyFile::ContentEncoding::BASE64
|
98
|
+
encoded_content = Base64.encode64(encoded_content) unless deleted
|
99
|
+
end
|
94
100
|
Dependabot::DependencyFile.new(
|
95
101
|
name: path,
|
96
102
|
content: encoded_content,
|
@@ -102,6 +108,39 @@ module Dependabot
|
|
102
108
|
end
|
103
109
|
end
|
104
110
|
|
111
|
+
# notable filenames without a reliable extension:
|
112
|
+
TEXT_FILE_NAMES = [
|
113
|
+
"Gemfile",
|
114
|
+
"Gemfile.lock",
|
115
|
+
".bundlecache",
|
116
|
+
".gitignore"
|
117
|
+
].freeze
|
118
|
+
|
119
|
+
TEXT_FILE_EXTS = [
|
120
|
+
# code
|
121
|
+
".rb",
|
122
|
+
".erb",
|
123
|
+
".gemspec",
|
124
|
+
".js",
|
125
|
+
".html",
|
126
|
+
# config
|
127
|
+
".json",
|
128
|
+
".xml",
|
129
|
+
".toml",
|
130
|
+
".yaml",
|
131
|
+
".yml",
|
132
|
+
# docs
|
133
|
+
".md",
|
134
|
+
".txt"
|
135
|
+
].freeze
|
136
|
+
|
137
|
+
def binary_file?(path)
|
138
|
+
return false if TEXT_FILE_NAMES.include?(File.basename(path))
|
139
|
+
return false if TEXT_FILE_EXTS.include?(File.extname(path))
|
140
|
+
|
141
|
+
true
|
142
|
+
end
|
143
|
+
|
105
144
|
def check_required_files
|
106
145
|
file_names = dependency_files.map(&:name)
|
107
146
|
|
@@ -170,6 +170,7 @@ module Dependabot
|
|
170
170
|
unlocked_gems = definition.instance_variable_get(:@unlock).
|
171
171
|
fetch(:gems)
|
172
172
|
bundler_opts = {
|
173
|
+
cache_all: true,
|
173
174
|
cache_all_platforms: true,
|
174
175
|
no_prune: true
|
175
176
|
}
|
@@ -203,10 +204,7 @@ module Dependabot
|
|
203
204
|
|
204
205
|
return unless outdated_gems.any?
|
205
206
|
|
206
|
-
puts "Removing outdated .gem files from #{cache_path}"
|
207
|
-
|
208
207
|
outdated_gems.each do |path|
|
209
|
-
puts " * #{File.basename(path)}"
|
210
208
|
File.delete(path)
|
211
209
|
end
|
212
210
|
end
|
@@ -226,11 +224,8 @@ module Dependabot
|
|
226
224
|
|
227
225
|
return unless outdated_git_and_path.any?
|
228
226
|
|
229
|
-
puts "Removing outdated git and path gems from #{cache_path}"
|
230
|
-
|
231
227
|
outdated_git_and_path.each do |path|
|
232
228
|
path = File.dirname(path)
|
233
|
-
puts " * #{File.basename(path)}"
|
234
229
|
FileUtils.rm_rf(path)
|
235
230
|
end
|
236
231
|
end
|
@@ -245,6 +240,7 @@ module Dependabot
|
|
245
240
|
dependencies_to_unlock << gem_name
|
246
241
|
end
|
247
242
|
|
243
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
248
244
|
def unlock_blocking_subdeps(dependencies_to_unlock, error)
|
249
245
|
all_deps = ::Bundler::LockfileParser.new(sanitized_lockfile_body).
|
250
246
|
specs.map(&:name).map(&:to_s)
|
@@ -273,6 +269,7 @@ module Dependabot
|
|
273
269
|
# information to chart the full path through all conflicts unwound
|
274
270
|
dependencies_to_unlock.append(*allowed_new_unlocks)
|
275
271
|
end
|
272
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
276
273
|
|
277
274
|
def build_definition(dependencies_to_unlock)
|
278
275
|
defn = ::Bundler::Definition.build(
|
@@ -412,6 +409,7 @@ module Dependabot
|
|
412
409
|
rewrite(gemspec_content)
|
413
410
|
end
|
414
411
|
|
412
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
415
413
|
def replacement_version_for_gemspec(gemspec_content)
|
416
414
|
return "0.0.1" unless lockfile
|
417
415
|
|
@@ -428,6 +426,7 @@ module Dependabot
|
|
428
426
|
spec = gemspec_specs.find { |s| s.name == gem_name }
|
429
427
|
spec&.version || gemspec_specs.first&.version || "0.0.1"
|
430
428
|
end
|
429
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
431
430
|
|
432
431
|
def relevant_credentials
|
433
432
|
credentials.
|
@@ -214,6 +214,7 @@ module Dependabot
|
|
214
214
|
lower_bound_req + ", <= #{latest_allowable_version}"
|
215
215
|
end
|
216
216
|
|
217
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
217
218
|
def updated_version_req_lower_bound(filename)
|
218
219
|
original_req = dependency.requirements.
|
219
220
|
find { |r| r.fetch(:file) == filename }&.
|
@@ -234,6 +235,7 @@ module Dependabot
|
|
234
235
|
">= #{version_for_requirement || 0}"
|
235
236
|
end
|
236
237
|
end
|
238
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
237
239
|
|
238
240
|
def remove_git_source(content)
|
239
241
|
FileUpdater::GitSourceRemover.new(
|
@@ -261,6 +263,7 @@ module Dependabot
|
|
261
263
|
@lock_ruby_version && file == gemfile
|
262
264
|
end
|
263
265
|
|
266
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
264
267
|
def replacement_version_for_gemspec(gemspec_content)
|
265
268
|
return "0.0.1" unless lockfile
|
266
269
|
|
@@ -278,6 +281,7 @@ module Dependabot
|
|
278
281
|
spec = gemspec_specs.find { |s| s.name == gem_name }
|
279
282
|
spec&.version || gemspec_specs.first&.version || "0.0.1"
|
280
283
|
end
|
284
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
281
285
|
|
282
286
|
def sanitized_lockfile_content
|
283
287
|
re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
|
@@ -252,7 +252,6 @@ module Dependabot
|
|
252
252
|
|
253
253
|
# Updates the version in a "<" or "<=" constraint to allow the given
|
254
254
|
# version
|
255
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
256
255
|
def update_greatest_version(requirement, version_to_be_permitted)
|
257
256
|
if version_to_be_permitted.is_a?(String)
|
258
257
|
version_to_be_permitted = Gem::Version.new(version_to_be_permitted)
|
@@ -278,8 +277,6 @@ module Dependabot
|
|
278
277
|
|
279
278
|
Gem::Requirement.new("#{op} #{new_segments.join('.')}")
|
280
279
|
end
|
281
|
-
|
282
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
283
280
|
end
|
284
281
|
end
|
285
282
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.119.
|
4
|
+
version: 0.119.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.119.
|
19
|
+
version: 0.119.4
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.119.
|
26
|
+
version: 0.119.4
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 0.
|
103
|
+
version: 0.90.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 0.
|
110
|
+
version: 0.90.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: vcr
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -179,7 +179,7 @@ homepage: https://github.com/dependabot/dependabot-core
|
|
179
179
|
licenses:
|
180
180
|
- Nonstandard
|
181
181
|
metadata: {}
|
182
|
-
post_install_message:
|
182
|
+
post_install_message:
|
183
183
|
rdoc_options: []
|
184
184
|
require_paths:
|
185
185
|
- lib
|
@@ -194,8 +194,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
194
194
|
- !ruby/object:Gem::Version
|
195
195
|
version: 2.5.0
|
196
196
|
requirements: []
|
197
|
-
rubygems_version: 3.1.
|
198
|
-
signing_key:
|
197
|
+
rubygems_version: 3.1.2
|
198
|
+
signing_key:
|
199
199
|
specification_version: 4
|
200
200
|
summary: Ruby (bundler) support for dependabot
|
201
201
|
test_files: []
|