dependabot-bundler 0.138.0 → 0.138.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/build +2 -1
- data/helpers/v1/run.rb +16 -0
- data/helpers/v2/.gitignore +8 -0
- data/helpers/v2/Gemfile +12 -0
- data/helpers/v2/build +25 -0
- data/helpers/v2/lib/functions.rb +195 -0
- data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +86 -0
- data/helpers/v2/lib/functions/dependency_source.rb +86 -0
- data/helpers/v2/lib/functions/file_parser.rb +106 -0
- data/helpers/v2/lib/functions/force_updater.rb +167 -0
- data/helpers/v2/lib/functions/lockfile_updater.rb +224 -0
- data/helpers/v2/lib/functions/version_resolver.rb +140 -0
- data/helpers/v2/monkey_patches/definition_bundler_version_patch.rb +15 -0
- data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb +20 -0
- data/helpers/v2/monkey_patches/git_source_patch.rb +62 -0
- data/helpers/v2/run.rb +44 -0
- data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +133 -0
- data/helpers/v2/spec/functions/dependency_source_spec.rb +185 -0
- data/helpers/v2/spec/functions/file_parser_spec.rb +142 -0
- data/helpers/v2/spec/functions/version_resolver_spec.rb +97 -0
- data/helpers/v2/spec/functions_spec.rb +25 -0
- data/helpers/v2/spec/native_spec_helper.rb +49 -0
- data/helpers/v2/spec/shared_contexts.rb +60 -0
- data/lib/dependabot/bundler/file_parser.rb +13 -1
- data/lib/dependabot/bundler/file_updater.rb +3 -2
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +4 -3
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +4 -2
- data/lib/dependabot/bundler/helpers.rb +15 -3
- data/lib/dependabot/bundler/native_helpers.rb +5 -0
- data/lib/dependabot/bundler/update_checker.rb +12 -6
- data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +5 -2
- data/lib/dependabot/bundler/update_checker/force_updater.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -3
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +2 -2
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +3 -5
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +8 -4
- metadata +25 -4
|
@@ -167,6 +167,8 @@ module Dependabot
|
|
|
167
167
|
req_string.include?(" ")
|
|
168
168
|
end
|
|
169
169
|
|
|
170
|
+
EQUALITY_OPERATOR = /(?<![<>!])=/.freeze
|
|
171
|
+
|
|
170
172
|
def use_equality_operator?(requirement_nodes)
|
|
171
173
|
return true if requirement_nodes.none?
|
|
172
174
|
|
|
@@ -178,7 +180,7 @@ module Dependabot
|
|
|
178
180
|
requirement_nodes.first.children.first.loc.expression.source
|
|
179
181
|
end
|
|
180
182
|
|
|
181
|
-
req_string.match?(
|
|
183
|
+
req_string.match?(EQUALITY_OPERATOR)
|
|
182
184
|
end
|
|
183
185
|
|
|
184
186
|
def new_requirement_string(quote_characters:,
|
|
@@ -203,7 +205,7 @@ module Dependabot
|
|
|
203
205
|
# Gem::Requirement serializes exact matches as a string starting
|
|
204
206
|
# with `=`. We may need to remove that equality operator if it
|
|
205
207
|
# wasn't used originally.
|
|
206
|
-
tmp_req = tmp_req.gsub(
|
|
208
|
+
tmp_req = tmp_req.gsub(EQUALITY_OPERATOR, "") unless use_equality_operator
|
|
207
209
|
|
|
208
210
|
tmp_req.strip
|
|
209
211
|
end
|
|
@@ -6,9 +6,21 @@ module Dependabot
|
|
|
6
6
|
V1 = "1"
|
|
7
7
|
V2 = "2"
|
|
8
8
|
|
|
9
|
-
#
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
# NOTE: options is a manditory argument to ensure we pass it from all calling classes
|
|
10
|
+
def self.bundler_version(_lockfile, options:)
|
|
11
|
+
# For now, force V2 if bundler_2_available
|
|
12
|
+
return V2 if options[:bundler_2_available]
|
|
13
|
+
|
|
14
|
+
# TODO: Add support for bundler v2 based on lockfile
|
|
15
|
+
# return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
16
|
+
|
|
17
|
+
V1
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.detected_bundler_version(lockfile)
|
|
21
|
+
return "unknown" unless lockfile
|
|
22
|
+
return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
23
|
+
|
|
12
24
|
V1
|
|
13
25
|
end
|
|
14
26
|
end
|
|
@@ -22,6 +22,11 @@ module Dependabot
|
|
|
22
22
|
"GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
|
|
23
23
|
}
|
|
24
24
|
)
|
|
25
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
26
|
+
# TODO: Remove once we stop stubbing out the V2 native helper
|
|
27
|
+
raise Dependabot::NotImplemented, e.message if e.error_class == "Functions::NotImplementedError"
|
|
28
|
+
|
|
29
|
+
raise
|
|
25
30
|
end
|
|
26
31
|
end
|
|
27
32
|
|
|
@@ -110,7 +110,8 @@ module Dependabot
|
|
|
110
110
|
ConflictingDependencyResolver.new(
|
|
111
111
|
dependency_files: dependency_files,
|
|
112
112
|
repo_contents_path: repo_contents_path,
|
|
113
|
-
credentials: credentials
|
|
113
|
+
credentials: credentials,
|
|
114
|
+
options: options
|
|
114
115
|
).conflicting_dependencies(
|
|
115
116
|
dependency: dependency,
|
|
116
117
|
target_version: lowest_security_fix_version
|
|
@@ -162,7 +163,8 @@ module Dependabot
|
|
|
162
163
|
credentials: credentials,
|
|
163
164
|
target_version: version,
|
|
164
165
|
requirements_update_strategy: requirements_update_strategy,
|
|
165
|
-
update_multiple_dependencies: false
|
|
166
|
+
update_multiple_dependencies: false,
|
|
167
|
+
options: options
|
|
166
168
|
).updated_dependencies
|
|
167
169
|
true
|
|
168
170
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -183,7 +185,8 @@ module Dependabot
|
|
|
183
185
|
credentials: credentials,
|
|
184
186
|
ignored_versions: ignored_versions,
|
|
185
187
|
raise_on_ignored: raise_on_ignored,
|
|
186
|
-
replacement_git_pin: tag
|
|
188
|
+
replacement_git_pin: tag,
|
|
189
|
+
options: options
|
|
187
190
|
).latest_resolvable_version_details
|
|
188
191
|
true
|
|
189
192
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -339,7 +342,8 @@ module Dependabot
|
|
|
339
342
|
repo_contents_path: repo_contents_path,
|
|
340
343
|
credentials: credentials,
|
|
341
344
|
target_version: latest_version,
|
|
342
|
-
requirements_update_strategy: requirements_update_strategy
|
|
345
|
+
requirements_update_strategy: requirements_update_strategy,
|
|
346
|
+
options: options
|
|
343
347
|
)
|
|
344
348
|
end
|
|
345
349
|
|
|
@@ -365,7 +369,8 @@ module Dependabot
|
|
|
365
369
|
raise_on_ignored: raise_on_ignored,
|
|
366
370
|
remove_git_source: remove_git_source,
|
|
367
371
|
unlock_requirement: unlock_requirement,
|
|
368
|
-
latest_allowable_version: latest_version
|
|
372
|
+
latest_allowable_version: latest_version,
|
|
373
|
+
options: options
|
|
369
374
|
)
|
|
370
375
|
end
|
|
371
376
|
end
|
|
@@ -386,7 +391,8 @@ module Dependabot
|
|
|
386
391
|
credentials: credentials,
|
|
387
392
|
ignored_versions: ignored_versions,
|
|
388
393
|
raise_on_ignored: raise_on_ignored,
|
|
389
|
-
security_advisories: security_advisories
|
|
394
|
+
security_advisories: security_advisories,
|
|
395
|
+
options: options
|
|
390
396
|
)
|
|
391
397
|
end
|
|
392
398
|
end
|
|
@@ -12,10 +12,13 @@ module Dependabot
|
|
|
12
12
|
require_relative "shared_bundler_helpers"
|
|
13
13
|
include SharedBundlerHelpers
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
attr_reader :options
|
|
16
|
+
|
|
17
|
+
def initialize(dependency_files:, repo_contents_path:, credentials:, options:)
|
|
16
18
|
@dependency_files = dependency_files
|
|
17
19
|
@repo_contents_path = repo_contents_path
|
|
18
20
|
@credentials = credentials
|
|
21
|
+
@options = options
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
# Finds any dependencies in the lockfile that have a subdependency on
|
|
@@ -47,7 +50,7 @@ module Dependabot
|
|
|
47
50
|
private
|
|
48
51
|
|
|
49
52
|
def bundler_version
|
|
50
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
53
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
51
54
|
end
|
|
52
55
|
end
|
|
53
56
|
end
|
|
@@ -19,7 +19,8 @@ module Dependabot
|
|
|
19
19
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
20
20
|
credentials:, target_version:,
|
|
21
21
|
requirements_update_strategy:,
|
|
22
|
-
update_multiple_dependencies: true
|
|
22
|
+
update_multiple_dependencies: true,
|
|
23
|
+
options:)
|
|
23
24
|
@dependency = dependency
|
|
24
25
|
@dependency_files = dependency_files
|
|
25
26
|
@repo_contents_path = repo_contents_path
|
|
@@ -27,6 +28,7 @@ module Dependabot
|
|
|
27
28
|
@target_version = target_version
|
|
28
29
|
@requirements_update_strategy = requirements_update_strategy
|
|
29
30
|
@update_multiple_dependencies = update_multiple_dependencies
|
|
31
|
+
@options = options
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def updated_dependencies
|
|
@@ -36,7 +38,8 @@ module Dependabot
|
|
|
36
38
|
private
|
|
37
39
|
|
|
38
40
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :target_version, :requirements_update_strategy
|
|
41
|
+
:credentials, :target_version, :requirements_update_strategy,
|
|
42
|
+
:options
|
|
40
43
|
|
|
41
44
|
def update_multiple_dependencies?
|
|
42
45
|
@update_multiple_dependencies
|
|
@@ -149,7 +152,7 @@ module Dependabot
|
|
|
149
152
|
end
|
|
150
153
|
|
|
151
154
|
def bundler_version
|
|
152
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
155
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
153
156
|
end
|
|
154
157
|
end
|
|
155
158
|
end
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
class LatestVersionFinder
|
|
16
16
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
17
17
|
credentials:, ignored_versions:, raise_on_ignored: false,
|
|
18
|
-
security_advisories:)
|
|
18
|
+
security_advisories:, options:)
|
|
19
19
|
@dependency = dependency
|
|
20
20
|
@dependency_files = dependency_files
|
|
21
21
|
@repo_contents_path = repo_contents_path
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
@ignored_versions = ignored_versions
|
|
24
24
|
@raise_on_ignored = raise_on_ignored
|
|
25
25
|
@security_advisories = security_advisories
|
|
26
|
+
@options = options
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def latest_version_details
|
|
@@ -36,7 +37,8 @@ module Dependabot
|
|
|
36
37
|
private
|
|
37
38
|
|
|
38
39
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :ignored_versions, :security_advisories
|
|
40
|
+
:credentials, :ignored_versions, :security_advisories,
|
|
41
|
+
:options
|
|
40
42
|
|
|
41
43
|
def fetch_latest_version_details
|
|
42
44
|
return dependency_source.latest_git_version_details if dependency_source.git?
|
|
@@ -103,7 +105,8 @@ module Dependabot
|
|
|
103
105
|
@dependency_source ||= DependencySource.new(
|
|
104
106
|
dependency: dependency,
|
|
105
107
|
dependency_files: dependency_files,
|
|
106
|
-
credentials: credentials
|
|
108
|
+
credentials: credentials,
|
|
109
|
+
options: options
|
|
107
110
|
)
|
|
108
111
|
end
|
|
109
112
|
|
|
@@ -17,14 +17,16 @@ module Dependabot
|
|
|
17
17
|
OTHER = "other"
|
|
18
18
|
|
|
19
19
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
20
|
-
:credentials
|
|
20
|
+
:credentials, :options
|
|
21
21
|
|
|
22
22
|
def initialize(dependency:,
|
|
23
23
|
dependency_files:,
|
|
24
|
-
credentials
|
|
24
|
+
credentials:,
|
|
25
|
+
options:)
|
|
25
26
|
@dependency = dependency
|
|
26
27
|
@dependency_files = dependency_files
|
|
27
28
|
@credentials = credentials
|
|
29
|
+
@options = options
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
# The latest version details for the dependency from a registry
|
|
@@ -145,7 +147,7 @@ module Dependabot
|
|
|
145
147
|
end
|
|
146
148
|
|
|
147
149
|
def bundler_version
|
|
148
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
150
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
149
151
|
end
|
|
150
152
|
end
|
|
151
153
|
end
|
|
@@ -188,7 +188,7 @@ module Dependabot
|
|
|
188
188
|
req
|
|
189
189
|
end
|
|
190
190
|
when "<", "<=" then [update_greatest_version(req, latest_version)]
|
|
191
|
-
when "~>" then
|
|
191
|
+
when "~>" then convert_twiddle_to_range(req, latest_version)
|
|
192
192
|
when "!=" then []
|
|
193
193
|
when ">", ">=" then raise UnfixableRequirement
|
|
194
194
|
else raise "Unexpected operation for requirement: #{op}"
|
|
@@ -214,7 +214,7 @@ module Dependabot
|
|
|
214
214
|
end
|
|
215
215
|
end
|
|
216
216
|
|
|
217
|
-
def
|
|
217
|
+
def convert_twiddle_to_range(requirement, version_to_be_permitted)
|
|
218
218
|
version = requirement.requirements.first.last
|
|
219
219
|
version = version.release if version.prerelease?
|
|
220
220
|
|
|
@@ -187,7 +187,9 @@ module Dependabot
|
|
|
187
187
|
end
|
|
188
188
|
|
|
189
189
|
def jfrog_source
|
|
190
|
-
|
|
190
|
+
return @jfrog_source unless defined?(@jfrog_source)
|
|
191
|
+
|
|
192
|
+
@jfrog_source = in_a_native_bundler_context(error_handling: false) do |dir|
|
|
191
193
|
NativeHelpers.run_bundler_subprocess(
|
|
192
194
|
bundler_version: bundler_version,
|
|
193
195
|
function: "jfrog_source",
|
|
@@ -237,10 +239,6 @@ module Dependabot
|
|
|
237
239
|
|
|
238
240
|
lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
239
241
|
end
|
|
240
|
-
|
|
241
|
-
def bundler_version
|
|
242
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
243
|
-
end
|
|
244
242
|
end
|
|
245
243
|
end
|
|
246
244
|
end
|
|
@@ -23,7 +23,8 @@ module Dependabot
|
|
|
23
23
|
raise_on_ignored: false,
|
|
24
24
|
replacement_git_pin: nil, remove_git_source: false,
|
|
25
25
|
unlock_requirement: true,
|
|
26
|
-
latest_allowable_version: nil
|
|
26
|
+
latest_allowable_version: nil,
|
|
27
|
+
options:)
|
|
27
28
|
@dependency = dependency
|
|
28
29
|
@unprepared_dependency_files = unprepared_dependency_files
|
|
29
30
|
@credentials = credentials
|
|
@@ -34,6 +35,7 @@ module Dependabot
|
|
|
34
35
|
@remove_git_source = remove_git_source
|
|
35
36
|
@unlock_requirement = unlock_requirement
|
|
36
37
|
@latest_allowable_version = latest_allowable_version
|
|
38
|
+
@options = options
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
def latest_resolvable_version_details
|
|
@@ -45,7 +47,8 @@ module Dependabot
|
|
|
45
47
|
|
|
46
48
|
attr_reader :dependency, :unprepared_dependency_files,
|
|
47
49
|
:repo_contents_path, :credentials, :ignored_versions,
|
|
48
|
-
:replacement_git_pin, :latest_allowable_version
|
|
50
|
+
:replacement_git_pin, :latest_allowable_version,
|
|
51
|
+
:options
|
|
49
52
|
|
|
50
53
|
def remove_git_source?
|
|
51
54
|
@remove_git_source
|
|
@@ -164,7 +167,8 @@ module Dependabot
|
|
|
164
167
|
credentials: credentials,
|
|
165
168
|
ignored_versions: ignored_versions,
|
|
166
169
|
raise_on_ignored: @raise_on_ignored,
|
|
167
|
-
security_advisories: []
|
|
170
|
+
security_advisories: [],
|
|
171
|
+
options: options
|
|
168
172
|
).latest_version_details
|
|
169
173
|
end
|
|
170
174
|
|
|
@@ -221,7 +225,7 @@ module Dependabot
|
|
|
221
225
|
end
|
|
222
226
|
|
|
223
227
|
def bundler_version
|
|
224
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
228
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
225
229
|
end
|
|
226
230
|
end
|
|
227
231
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.138.
|
|
4
|
+
version: 0.138.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-03-
|
|
11
|
+
date: 2021-03-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.138.
|
|
19
|
+
version: 0.138.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.138.
|
|
26
|
+
version: 0.138.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +206,27 @@ files:
|
|
|
206
206
|
- helpers/v1/spec/functions/version_resolver_spec.rb
|
|
207
207
|
- helpers/v1/spec/native_spec_helper.rb
|
|
208
208
|
- helpers/v1/spec/shared_contexts.rb
|
|
209
|
+
- helpers/v2/.gitignore
|
|
210
|
+
- helpers/v2/Gemfile
|
|
211
|
+
- helpers/v2/build
|
|
212
|
+
- helpers/v2/lib/functions.rb
|
|
213
|
+
- helpers/v2/lib/functions/conflicting_dependency_resolver.rb
|
|
214
|
+
- helpers/v2/lib/functions/dependency_source.rb
|
|
215
|
+
- helpers/v2/lib/functions/file_parser.rb
|
|
216
|
+
- helpers/v2/lib/functions/force_updater.rb
|
|
217
|
+
- helpers/v2/lib/functions/lockfile_updater.rb
|
|
218
|
+
- helpers/v2/lib/functions/version_resolver.rb
|
|
219
|
+
- helpers/v2/monkey_patches/definition_bundler_version_patch.rb
|
|
220
|
+
- helpers/v2/monkey_patches/definition_ruby_version_patch.rb
|
|
221
|
+
- helpers/v2/monkey_patches/git_source_patch.rb
|
|
222
|
+
- helpers/v2/run.rb
|
|
223
|
+
- helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
|
|
224
|
+
- helpers/v2/spec/functions/dependency_source_spec.rb
|
|
225
|
+
- helpers/v2/spec/functions/file_parser_spec.rb
|
|
226
|
+
- helpers/v2/spec/functions/version_resolver_spec.rb
|
|
227
|
+
- helpers/v2/spec/functions_spec.rb
|
|
228
|
+
- helpers/v2/spec/native_spec_helper.rb
|
|
229
|
+
- helpers/v2/spec/shared_contexts.rb
|
|
209
230
|
- lib/dependabot/bundler.rb
|
|
210
231
|
- lib/dependabot/bundler/file_fetcher.rb
|
|
211
232
|
- lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
|