dependabot-bundler 0.154.1 → 0.155.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/spec/functions/force_updater_spec.rb +58 -0
  3. data/helpers/v1/spec/functions/version_resolver_spec.rb +8 -0
  4. data/helpers/v2/spec/functions/force_updater_spec.rb +58 -0
  5. data/helpers/v2/spec/functions/version_resolver_spec.rb +8 -0
  6. data/helpers/v2/spec/functions_spec.rb +33 -0
  7. data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +3 -3
  8. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +3 -6
  9. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +4 -1
  10. metadata +6 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f4c7a6dabbb638051a34a81c9763343a4e598ab7e87b91c870f54aa1e6312cd7
4
- data.tar.gz: eb54e6a2653c30591b9030bc45af955e6a8686c4e6d9e1884c4c255a4322f8cd
3
+ metadata.gz: 151177d2265192564ccf99d2dbc692f62638be0dbfbbc885ee103eea3859c7b2
4
+ data.tar.gz: 2bb1f7f8193cdde62b1b6fb699cbfc9b5d85b2a0b8c09275632fede4d14f6c6c
5
5
  SHA512:
6
- metadata.gz: '083566caefd79a0cb3ecea7fbae3c879e069b4a1271a861d3844e950b2315f7f02a57bd5da74e877d63b6788c9b4b4e9781495a832f9579da36027c1062c744d'
7
- data.tar.gz: 6d737f4077de2c9715fc9f12b340b5e97e999ed19d6762eaea54061b15f9c48e2ab6285eab640c79207991a4357121c28e568e9d0b25ee8376f44ea2aeebbb7f
6
+ metadata.gz: b5b4dfae6b4266a2b05b6a7d4ff133d5ea750521c6861f9a53eacc9207bc7668853704d2640c0a3ebd21ac5ecd9d75c967df3e73a69133d5fce46d413a103b05
7
+ data.tar.gz: f11e8fc386f6ea3b3cc2382e5a91cd5ba024d3b2e838a46c783bffa98aa7d20f9d088fc6217eb238d4f1b78ef4aee4d138f01573a2147c166dce5c3e370cb6e1
data/helpers/v1/spec/functions/force_updater_spec.rb ADDED
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "native_spec_helper"
4
+ require "shared_contexts"
5
+
6
+ RSpec.describe Functions::ForceUpdater do
7
+ include_context "in a temporary bundler directory"
8
+ include_context "stub rubygems compact index"
9
+
10
+ let(:force_updater) do
11
+ described_class.new(
12
+ dependency_name: dependency_name,
13
+ target_version: target_version,
14
+ gemfile_name: gemfile_name,
15
+ lockfile_name: lockfile_name,
16
+ update_multiple_dependencies: update_multiple_dependencies
17
+ )
18
+ end
19
+ let(:gemfile_name) { "Gemfile" }
20
+ let(:lockfile_name) { "Gemfile.lock" }
21
+ let(:update_multiple_dependencies) { true }
22
+
23
+ describe "#run" do
24
+ subject(:force_update) do
25
+ in_tmp_folder { force_updater.run }
26
+ end
27
+
28
+ context "with a version conflict" do
29
+ let(:target_version) { "3.6.0" }
30
+ let(:dependency_name) { "rspec-support" }
31
+ let(:project_name) { "version_conflict" }
32
+
33
+ it "updates the conflicting dependencies" do
34
+ updated_deps, _specs = force_update
35
+ expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
36
+ end
37
+
38
+ context "when updating a single dependency" do
39
+ let(:update_multiple_dependencies) { false }
40
+
41
+ it { expect { force_update }.to raise_error(Bundler::VersionConflict) }
42
+ end
43
+ end
44
+
45
+ context "with a version conflict in gems rb" do
46
+ let(:target_version) { "3.6.0" }
47
+ let(:dependency_name) { "rspec-support" }
48
+ let(:project_name) { "version_conflict_gems_rb" }
49
+ let(:gemfile_name) { "gems.rb" }
50
+ let(:lockfile_name) { "gems.locked" }
51
+
52
+ it "updates the conflicting dependencies" do
53
+ updated_deps, _specs = force_update
54
+ expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
55
+ end
56
+ end
57
+ end
58
+ end
data/helpers/v1/spec/functions/version_resolver_spec.rb CHANGED
@@ -92,5 +92,13 @@ RSpec.describe Functions::VersionResolver do
92
92
  its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
93
93
  its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
94
94
  end
95
+
96
+ context "with no update possible due to a version conflict" do
97
+ let(:project_name) { "version_conflict_with_listed_subdep" }
98
+ let(:dependency_name) { "rspec-mocks" }
99
+ let(:requirement_string) { ">= 0" }
100
+
101
+ its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
102
+ end
95
103
  end
96
104
  end
data/helpers/v2/spec/functions/force_updater_spec.rb ADDED
@@ -0,0 +1,58 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "native_spec_helper"
4
+ require "shared_contexts"
5
+
6
+ RSpec.describe Functions::ForceUpdater do
7
+ include_context "in a temporary bundler directory"
8
+ include_context "stub rubygems compact index"
9
+
10
+ let(:force_updater) do
11
+ described_class.new(
12
+ dependency_name: dependency_name,
13
+ target_version: target_version,
14
+ gemfile_name: gemfile_name,
15
+ lockfile_name: lockfile_name,
16
+ update_multiple_dependencies: update_multiple_dependencies
17
+ )
18
+ end
19
+ let(:gemfile_name) { "Gemfile" }
20
+ let(:lockfile_name) { "Gemfile.lock" }
21
+ let(:update_multiple_dependencies) { true }
22
+
23
+ describe "#run" do
24
+ subject(:force_update) do
25
+ in_tmp_folder { force_updater.run }
26
+ end
27
+
28
+ context "with a version conflict" do
29
+ let(:target_version) { "3.6.0" }
30
+ let(:dependency_name) { "rspec-support" }
31
+ let(:project_name) { "version_conflict" }
32
+
33
+ it "updates the conflicting dependencies" do
34
+ updated_deps, _specs = force_update
35
+ expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
36
+ end
37
+
38
+ context "when updating a single dependency" do
39
+ let(:update_multiple_dependencies) { false }
40
+
41
+ it { expect { force_update }.to raise_error(Bundler::VersionConflict) }
42
+ end
43
+ end
44
+
45
+ context "with a version conflict in gems rb" do
46
+ let(:target_version) { "3.6.0" }
47
+ let(:dependency_name) { "rspec-support" }
48
+ let(:project_name) { "version_conflict_gems_rb" }
49
+ let(:gemfile_name) { "gems.rb" }
50
+ let(:lockfile_name) { "gems.locked" }
51
+
52
+ it "updates the conflicting dependencies" do
53
+ updated_deps, _specs = force_update
54
+ expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
55
+ end
56
+ end
57
+ end
58
+ end
data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED
@@ -92,5 +92,13 @@ RSpec.describe Functions::VersionResolver do
92
92
  its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
93
93
  its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
94
94
  end
95
+
96
+ context "with no update possible due to a version conflict" do
97
+ let(:project_name) { "version_conflict_with_listed_subdep" }
98
+ let(:dependency_name) { "rspec-mocks" }
99
+ let(:requirement_string) { ">= 0" }
100
+
101
+ its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
102
+ end
95
103
  end
96
104
  end
data/helpers/v2/spec/functions_spec.rb CHANGED
@@ -21,4 +21,37 @@ RSpec.describe Functions do
21
21
  end
22
22
  end
23
23
  end
24
+
25
+ describe "#git_specs" do
26
+ let(:project_name) { "git_source" }
27
+ subject(:git_specs) do
28
+ in_tmp_folder do
29
+ Functions.git_specs(
30
+ dir: tmp_path,
31
+ gemfile_name: "Gemfile",
32
+ credentials: {}
33
+ )
34
+ end
35
+ end
36
+
37
+ def expect_specs(count)
38
+ expect(git_specs.size).to eq(count)
39
+ git_specs.each do |gs|
40
+ uri = URI.parse(gs[:auth_uri])
41
+ expect(uri.scheme).to(satisfy { |s| %w(http https).include?(s) })
42
+ end
43
+ end
44
+
45
+ it "returns git specs" do
46
+ expect_specs(4)
47
+ end
48
+
49
+ context "with github shorthand" do
50
+ let(:project_name) { "github_source" }
51
+
52
+ it "returns git specs" do
53
+ expect_specs(1)
54
+ end
55
+ end
56
+ end
24
57
  end
data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb CHANGED
@@ -50,10 +50,10 @@ module Dependabot
50
50
  end
51
51
 
52
52
  def ruby_version
53
- requirement = if !ruby_requirement.is_a?(Gem::Requirement)
54
- Dependabot::Bundler::Requirement.new(ruby_requirement)
55
- else
53
+ requirement = if ruby_requirement.is_a?(Gem::Requirement)
56
54
  ruby_requirement
55
+ else
56
+ Dependabot::Bundler::Requirement.new(ruby_requirement)
57
57
  end
58
58
 
59
59
  ruby_version =
data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require "excon"
4
4
 
5
5
  require "dependabot/bundler/update_checker"
6
+ require "dependabot/update_checkers/version_filters"
6
7
  require "dependabot/bundler/requirement"
7
8
  require "dependabot/shared_helpers"
8
9
  require "dependabot/errors"
@@ -55,7 +56,8 @@ module Dependabot
55
56
 
56
57
  relevant_versions = dependency_source.versions
57
58
  relevant_versions = filter_prerelease_versions(relevant_versions)
58
- relevant_versions = filter_vulnerable_versions(relevant_versions)
59
+ relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
60
+ security_advisories)
59
61
  relevant_versions = filter_ignored_versions(relevant_versions)
60
62
  relevant_versions = filter_lower_versions(relevant_versions)
61
63
 
@@ -78,11 +80,6 @@ module Dependabot
78
80
  filtered
79
81
  end
80
82
 
81
- def filter_vulnerable_versions(versions_array)
82
- versions_array.
83
- reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
84
- end
85
-
86
83
  def filter_lower_versions(versions_array)
87
84
  return versions_array unless dependency.version && Gem::Version.correct?(dependency.version)
88
85
 
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -174,8 +174,11 @@ module Dependabot
174
174
  }
175
175
  )
176
176
  git_specs.reject do |spec|
177
+ uri = URI.parse(spec.fetch("auth_uri"))
178
+ next false unless %w(http https).include?(uri.scheme)
179
+
177
180
  Excon.get(
178
- spec.fetch("auth_uri"),
181
+ uri.to_s,
179
182
  idempotent: true,
180
183
  **SharedHelpers.excon_defaults
181
184
  ).status == 200
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.154.1
4
+ version: 0.155.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-16 00:00:00.000000000 Z
11
+ date: 2021-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.154.1
19
+ version: 0.155.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.154.1
26
+ version: 0.155.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -202,6 +202,7 @@ files:
202
202
  - helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb
203
203
  - helpers/v1/spec/functions/dependency_source_spec.rb
204
204
  - helpers/v1/spec/functions/file_parser_spec.rb
205
+ - helpers/v1/spec/functions/force_updater_spec.rb
205
206
  - helpers/v1/spec/functions/version_resolver_spec.rb
206
207
  - helpers/v1/spec/native_spec_helper.rb
207
208
  - helpers/v1/spec/shared_contexts.rb
@@ -222,6 +223,7 @@ files:
222
223
  - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
223
224
  - helpers/v2/spec/functions/dependency_source_spec.rb
224
225
  - helpers/v2/spec/functions/file_parser_spec.rb
226
+ - helpers/v2/spec/functions/force_updater_spec.rb
225
227
  - helpers/v2/spec/functions/version_resolver_spec.rb
226
228
  - helpers/v2/spec/functions_spec.rb
227
229
  - helpers/v2/spec/native_spec_helper.rb