dependabot-bundler 0.211.0 → 0.213.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/build +22 -14
  3. data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +1 -1
  4. data/helpers/v1/lib/functions/file_parser.rb +8 -6
  5. data/helpers/v1/lib/functions/lockfile_updater.rb +3 -3
  6. data/helpers/v1/lib/functions/version_resolver.rb +1 -1
  7. data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +1 -1
  8. data/helpers/v1/monkey_patches/git_source_patch.rb +1 -1
  9. data/helpers/v1/spec/native_spec_helper.rb +1 -1
  10. data/helpers/v1/spec/shared_contexts.rb +1 -1
  11. data/helpers/v2/build +24 -14
  12. data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +1 -1
  13. data/helpers/v2/lib/functions/file_parser.rb +8 -6
  14. data/helpers/v2/lib/functions/lockfile_updater.rb +3 -3
  15. data/helpers/v2/lib/functions/version_resolver.rb +6 -6
  16. data/helpers/v2/monkey_patches/git_source_patch.rb +2 -2
  17. data/helpers/v2/run.rb +0 -1
  18. data/helpers/v2/spec/functions_spec.rb +1 -1
  19. data/helpers/v2/spec/shared_contexts.rb +1 -1
  20. data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +2 -2
  21. data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +2 -2
  22. data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +2 -2
  23. data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +23 -19
  24. data/lib/dependabot/bundler/file_parser.rb +4 -4
  25. data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +7 -5
  26. data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +3 -3
  27. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +3 -4
  28. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +2 -2
  29. data/lib/dependabot/bundler/helpers.rb +1 -1
  30. data/lib/dependabot/bundler/metadata_finder.rb +5 -5
  31. data/lib/dependabot/bundler/native_helpers.rb +1 -1
  32. data/lib/dependabot/bundler/requirement.rb +1 -1
  33. data/lib/dependabot/bundler/update_checker/file_preparer.rb +1 -1
  34. data/lib/dependabot/bundler/update_checker/force_updater.rb +2 -2
  35. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +2 -2
  36. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +8 -12
  37. metadata +14 -43
  38. data/helpers/v2/monkey_patches/endpoint_specification_patch.rb +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1b17b4f044523e671c8d5089cd9f4e8f63ce0d03f40c2c0cf98592bbd08e328b
4
- data.tar.gz: c4c07d736246603d2ab6a2222b285f5dd4058cd9466de3ae55e4e01a6c34fe0c
3
+ metadata.gz: 55546e82f289d523c8f13d59a6c60863c9771ebfb0e2e3fd1df0ba7057a5c745
4
+ data.tar.gz: e3e912ae9743390b574d72c93867618838526335ae43f165db59686af1339139
5
5
  SHA512:
6
- metadata.gz: 3493c9d2028172e1f80ced2a7d80585471ea07cc298c47af088e8dcc42471c8c594aafe16e4dc376f63602f68190f0952a56ec1ef6f9b32397bfc4041659ffe0
7
- data.tar.gz: e8a1f7a0657d4bb5d6371a73a6c627d7538a480fa1e4e3d2afe5be11a3fbc5cdb88f561c84869f3e5344183cac1294b638d6f161f9a63be13a210ba6019af5b1
6
+ metadata.gz: b4097b5de54f37b1a1e237ead1dc4c9d62c30f5e49b86597715dd776e827a82358ffcfefaa23cefd0f1fa69a6c1170d547a8720efe6b5f27231c201660a53a27
7
+ data.tar.gz: 9ac94050be3a3d3a35deb72a24ae6884848a736b501cc5d4ae980ec9817d5d13e40cd37b2dd8be1264e03f583a77f38c681496e11622fd46a9e5c1aa0b68734c
data/helpers/v1/build CHANGED
@@ -2,26 +2,34 @@
2
2
 
3
3
  set -e
4
4
 
5
+ helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
6
+
5
7
  if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
- echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
- exit 1
8
+ install_dir="$helpers_dir"
9
+ else
10
+ install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
11
+ mkdir -p "$install_dir"
12
+
13
+ cp -r \
14
+ "$helpers_dir/lib" \
15
+ "$helpers_dir/monkey_patches" \
16
+ "$helpers_dir/run.rb" \
17
+ "$helpers_dir/Gemfile" \
18
+ "$install_dir"
8
19
  fi
9
20
 
10
- install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
11
- mkdir -p "$install_dir"
21
+ cd "$install_dir"
12
22
 
13
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
- cp -r \
15
- "$helpers_dir/lib" \
16
- "$helpers_dir/monkey_patches" \
17
- "$helpers_dir/run.rb" \
18
- "$helpers_dir/Gemfile" \
19
- "$install_dir"
23
+ export GEM_HOME=$install_dir/.bundle
20
24
 
21
- cd "$install_dir"
25
+ gem install bundler -v 1.17.3 --no-document
26
+
27
+ BUNDLER_VERSION=1.17.3 bundle config --local path.system true
28
+
29
+ if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
30
+ BUNDLER_VERSION=1.17.3 bundle config --local without "test"
31
+ fi
22
32
 
23
33
  # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
24
34
  # forcing native helpers to run with the same version
25
- BUNDLER_VERSION=1.17.3 bundle config --local path ".bundle"
26
- BUNDLER_VERSION=1.17.3 bundle config --local without "test"
27
35
  BUNDLER_VERSION=1.17.3 bundle install
@@ -63,7 +63,7 @@ module Functions
63
63
  if spec.name == top_level.name
64
64
  "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
65
65
  else
66
- "#{top_level.name} (#{top_level.version}) requires #{dependency_name} "\
66
+ "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
67
67
  "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
68
68
  end
69
69
  end
@@ -14,13 +14,13 @@ module Functions
14
14
  Bundler::Definition.build(gemfile_name, nil, {}).
15
15
  dependencies.select(&:current_platform?).
16
16
  reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
17
- map(&method(:serialize_bundler_dependency))
17
+ map { |dep| serialize_bundler_dependency(dep) }
18
18
  end
19
19
 
20
20
  def parsed_gemspec(gemspec_name:)
21
21
  Bundler.load_gemspec_uncached(gemspec_name).
22
22
  dependencies.
23
- map(&method(:serialize_bundler_dependency))
23
+ map { |dep| serialize_bundler_dependency(dep) }
24
24
  end
25
25
 
26
26
  private
@@ -71,15 +71,17 @@ module Functions
71
71
  }
72
72
  end
73
73
 
74
+ RUBYGEMS_HOSTS = [
75
+ "rubygems.org",
76
+ "www.rubygems.org"
77
+ ].freeze
78
+
74
79
  def default_rubygems?(source)
75
80
  return true if source.nil?
76
81
  return false unless source.is_a?(Bundler::Source::Rubygems)
77
82
 
78
83
  source.remotes.any? do |r|
79
- [
80
- "rubygems.org",
81
- "www.rubygems.org"
82
- ].include?(URI(r.to_s).host)
84
+ RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
83
85
  end
84
86
  end
85
87
 
@@ -10,7 +10,7 @@ module Functions
10
10
  locked\sto\s(?<name>[^\s]+)\s\(|
11
11
  not\sfind\s(?<name>[^\s]+)-\d|
12
12
  has\s(?<name>[^\s]+)\slocked\sat
13
- /x.freeze
13
+ /x
14
14
 
15
15
  def initialize(gemfile_name:, lockfile_name:, dependencies:)
16
16
  @gemfile_name = gemfile_name
@@ -160,9 +160,9 @@ module Functions
160
160
  potentials_deps =
161
161
  error.cause.conflicts.values.
162
162
  flat_map(&:requirement_trees).
163
- map do |tree|
163
+ filter_map do |tree|
164
164
  tree.find { |req| allowed_new_unlocks.include?(req.name) }
165
- end.compact.map(&:name)
165
+ end.map(&:name)
166
166
 
167
167
  # If there are specific dependencies we can unlock, unlock them
168
168
  return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Functions
4
4
  class VersionResolver
5
- GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
5
+ GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
6
6
 
7
7
  attr_reader :dependency_name, :dependency_requirements,
8
8
  :gemfile_name, :lockfile_name
@@ -11,7 +11,7 @@ module BundlerFileUtilsKeywordSplatPatch
11
11
  opts = {}
12
12
  opts[:encoding] = ::Encoding::UTF_8 if fu_windows?
13
13
  Dir.entries(path, **opts).
14
- reject { |n| [".", ".."].include?(n) }.
14
+ reject { |n| n == "." || n == ".." }.
15
15
  map { |n| self.class.new(prefix, join(rel, n.untaint)) }
16
16
  end
17
17
  end
@@ -51,7 +51,7 @@ module Bundler
51
51
 
52
52
  Bundler.rubygems.set_installed_by_version(spec)
53
53
  Bundler.rubygems.validate(spec)
54
- File.open(spec_path, "wb") { |file| file.write(spec.to_ruby) }
54
+ File.binwrite(spec_path, spec.to_ruby)
55
55
  end
56
56
  $LOAD_PATH.shift until $LOAD_PATH.empty?
57
57
  original_load_paths.each { |p| $LOAD_PATH << p }
@@ -25,7 +25,7 @@ end
25
25
 
26
26
  # Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
27
27
  # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
28
- LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
28
+ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
29
29
 
30
30
  def project_dependency_files(project)
31
31
  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
@@ -9,7 +9,7 @@ RSpec.shared_context "in a temporary bundler directory" do
9
9
  let(:project_name) { "gemfile" }
10
10
 
11
11
  let(:tmp_path) do
12
- Dir.mkdir(TMP_DIR_PATH) unless Dir.exist?(TMP_DIR_PATH)
12
+ FileUtils.mkdir_p(TMP_DIR_PATH)
13
13
  dir = Dir.mktmpdir("native_helper_spec_", TMP_DIR_PATH)
14
14
  Pathname.new(dir).expand_path
15
15
  end
data/helpers/v2/build CHANGED
@@ -2,24 +2,34 @@
2
2
 
3
3
  set -e
4
4
 
5
+ helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
6
+
5
7
  if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
- echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
- exit 1
8
+ install_dir="$helpers_dir"
9
+ else
10
+ install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
11
+ mkdir -p "$install_dir"
12
+
13
+ cp -r \
14
+ "$helpers_dir/lib" \
15
+ "$helpers_dir/monkey_patches" \
16
+ "$helpers_dir/run.rb" \
17
+ "$helpers_dir/Gemfile" \
18
+ "$install_dir"
8
19
  fi
9
20
 
10
- install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
11
- mkdir -p "$install_dir"
21
+ cd "$install_dir"
12
22
 
13
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
- cp -r \
15
- "$helpers_dir/lib" \
16
- "$helpers_dir/monkey_patches" \
17
- "$helpers_dir/run.rb" \
18
- "$helpers_dir/Gemfile" \
19
- "$install_dir"
23
+ default_version=$(ruby -rbundler -e'print Bundler::VERSION')
20
24
 
21
- cd "$install_dir"
25
+ export GEM_HOME=$install_dir/.bundle
26
+
27
+ gem install bundler -v "$default_version" --no-document
28
+
29
+ bundle config --local path.system true
30
+
31
+ if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
32
+ bundle config --local without "test"
33
+ fi
22
34
 
23
- bundle config --local path ".bundle"
24
- bundle config --local without "test"
25
35
  bundle install
@@ -63,7 +63,7 @@ module Functions
63
63
  if spec.name == top_level.name
64
64
  "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
65
65
  else
66
- "#{top_level.name} (#{top_level.version}) requires #{dependency_name} "\
66
+ "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
67
67
  "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
68
68
  end
69
69
  end
@@ -14,13 +14,13 @@ module Functions
14
14
  Bundler::Definition.build(gemfile_name, nil, {}).
15
15
  dependencies.select(&:current_platform?).
16
16
  reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
17
- map(&method(:serialize_bundler_dependency))
17
+ map { |dep| serialize_bundler_dependency(dep) }
18
18
  end
19
19
 
20
20
  def parsed_gemspec(gemspec_name:)
21
21
  Bundler.load_gemspec_uncached(gemspec_name).
22
22
  dependencies.
23
- map(&method(:serialize_bundler_dependency))
23
+ map { |dep| serialize_bundler_dependency(dep) }
24
24
  end
25
25
 
26
26
  private
@@ -72,15 +72,17 @@ module Functions
72
72
  }
73
73
  end
74
74
 
75
+ RUBYGEMS_HOSTS = [
76
+ "rubygems.org",
77
+ "www.rubygems.org"
78
+ ].freeze
79
+
75
80
  def default_rubygems?(source)
76
81
  return true if source.nil?
77
82
  return false unless source.is_a?(Bundler::Source::Rubygems)
78
83
 
79
84
  source.remotes.any? do |r|
80
- [
81
- "rubygems.org",
82
- "www.rubygems.org"
83
- ].include?(URI(r.to_s).host)
85
+ RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
84
86
  end
85
87
  end
86
88
 
@@ -10,7 +10,7 @@ module Functions
10
10
  locked\sto\s(?<name>[^\s]+)\s\(|
11
11
  not\sfind\s(?<name>[^\s]+)-\d|
12
12
  has\s(?<name>[^\s]+)\slocked\sat
13
- /x.freeze
13
+ /x
14
14
  DEPENDENCY_DROPPED = "_dependency_dropped_"
15
15
 
16
16
  def initialize(gemfile_name:, lockfile_name:, dependencies:)
@@ -161,9 +161,9 @@ module Functions
161
161
  potentials_deps =
162
162
  error.cause.conflicts.values.
163
163
  flat_map(&:requirement_trees).
164
- map do |tree|
164
+ filter_map do |tree|
165
165
  tree.find { |req| allowed_new_unlocks.include?(req.name) }
166
- end.compact.map(&:name)
166
+ end.map(&:name)
167
167
 
168
168
  # If there are specific dependencies we can unlock, unlock them
169
169
  return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Functions
4
4
  class VersionResolver
5
- GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
5
+ GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
6
6
 
7
7
  attr_reader :dependency_name, :dependency_requirements,
8
8
  :gemfile_name, :lockfile_name
@@ -16,6 +16,11 @@ module Functions
16
16
  end
17
17
 
18
18
  def version_details
19
+ # If the dependency is Bundler itself then we can't trust the
20
+ # version that has been returned (it's the version Dependabot is
21
+ # running on, rather than the true latest resolvable version).
22
+ return nil if dependency_name == "bundler"
23
+
19
24
  dep = dependency_from_definition
20
25
 
21
26
  # If the dependency wasn't found in the definition, but *is*
@@ -28,11 +33,6 @@ module Functions
28
33
  # subdependency that was removed when attempting to update it.
29
34
  return nil if dep.nil?
30
35
 
31
- # If the dependency is Bundler itself then we can't trust the
32
- # version that has been returned (it's the version Dependabot is
33
- # running on, rather than the true latest resolvable version).
34
- return nil if dep.name == "bundler"
35
-
36
36
  details = {
37
37
  version: dep.version,
38
38
  ruby_version: ruby_version,
@@ -13,7 +13,7 @@ module Bundler
13
13
  # Instead, we convert all `git@github.com:` URLs to use HTTPS.
14
14
  def configured_uri_for(uri)
15
15
  uri = uri.gsub(%r{git@(.*?):/?}, 'https://\1/')
16
- if /https?:/ =~ uri
16
+ if /https?:/.match?(uri)
17
17
  remote = Bundler::URI(uri)
18
18
  config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
19
19
  remote.userinfo ||= config_auth
@@ -50,7 +50,7 @@ module Bundler
50
50
 
51
51
  Bundler.rubygems.set_installed_by_version(spec)
52
52
  Bundler.rubygems.validate(spec)
53
- File.open(spec_path, "wb") { |file| file.write(spec.to_ruby) }
53
+ File.binwrite(spec_path, spec.to_ruby)
54
54
  end
55
55
  $LOAD_PATH.shift until $LOAD_PATH.empty?
56
56
  original_load_paths.each { |p| $LOAD_PATH << p }
data/helpers/v2/run.rb CHANGED
@@ -15,7 +15,6 @@ end
15
15
  # Bundler monkey patches
16
16
  require "definition_ruby_version_patch"
17
17
  require "definition_bundler_version_patch"
18
- require "endpoint_specification_patch"
19
18
  require "git_source_patch"
20
19
 
21
20
  require "functions"
@@ -38,7 +38,7 @@ RSpec.describe Functions do
38
38
  expect(git_specs.size).to eq(count)
39
39
  git_specs.each do |gs|
40
40
  uri = URI.parse(gs[:auth_uri])
41
- expect(uri.scheme).to(satisfy { |s| %w(http https).include?(s) })
41
+ expect(uri.scheme).to(satisfy { |s| s.match?(/https?/o) })
42
42
  end
43
43
  end
44
44
 
@@ -10,7 +10,7 @@ RSpec.shared_context "in a temporary bundler directory" do
10
10
  let(:project_name) { "gemfile" }
11
11
 
12
12
  let(:tmp_path) do
13
- Dir.mkdir(TMP_DIR_PATH) unless Dir.exist?(TMP_DIR_PATH)
13
+ FileUtils.mkdir_p(TMP_DIR_PATH)
14
14
  dir = Dir.mktmpdir("native_helper_spec_", TMP_DIR_PATH)
15
15
  Pathname.new(dir).expand_path
16
16
  end
@@ -33,8 +33,8 @@ module Dependabot
33
33
  path_node = node.children[2]
34
34
  unless path_node.type == :str
35
35
  path = gemfile.path
36
- msg = "Dependabot only supports uninterpolated string arguments "\
37
- "to eval_gemfile. Got "\
36
+ msg = "Dependabot only supports uninterpolated string arguments " \
37
+ "to eval_gemfile. Got " \
38
38
  "`#{path_node.loc.expression.source}`"
39
39
  raise Dependabot::DependencyFileNotParseable.new(path, msg)
40
40
  end
@@ -35,8 +35,8 @@ module Dependabot
35
35
 
36
36
  unless path_node.type == :str
37
37
  path = gemfile.path
38
- msg = "Dependabot only supports uninterpolated string arguments "\
39
- "to gemspec. Got "\
38
+ msg = "Dependabot only supports uninterpolated string arguments " \
39
+ "to gemspec. Got " \
40
40
  "`#{path_node.loc.expression.source}`"
41
41
  raise Dependabot::DependencyFileNotParseable.new(path, msg)
42
42
  end
@@ -34,8 +34,8 @@ module Dependabot
34
34
 
35
35
  unless path_node.type == :str
36
36
  path = gemfile.path
37
- msg = "Dependabot only supports uninterpolated string arguments "\
38
- "for path dependencies. Got "\
37
+ msg = "Dependabot only supports uninterpolated string arguments " \
38
+ "for path dependencies. Got " \
39
39
  "`#{path_node.loc.expression.source}`"
40
40
  raise Dependabot::DependencyFileNotParseable.new(path, msg)
41
41
  end
@@ -8,20 +8,20 @@ module Dependabot
8
8
  class FileParser
9
9
  # Checks whether a dependency is declared in a Gemfile
10
10
  class GemfileDeclarationFinder
11
- def initialize(dependency:, gemfile:)
12
- @dependency = dependency
11
+ def initialize(gemfile:)
13
12
  @gemfile = gemfile
13
+ @declaration_nodes = {}
14
14
  end
15
15
 
16
- def gemfile_includes_dependency?
17
- !declaration_node.nil?
16
+ def gemfile_includes_dependency?(dependency)
17
+ !declaration_node(dependency).nil?
18
18
  end
19
19
 
20
- def enhanced_req_string
21
- return unless gemfile_includes_dependency?
20
+ def enhanced_req_string(dependency)
21
+ return unless gemfile_includes_dependency?(dependency)
22
22
 
23
23
  fallback_string = dependency.fetch("requirement")
24
- req_nodes = declaration_node.children[3..-1]
24
+ req_nodes = declaration_node(dependency).children[3..-1]
25
25
  req_nodes = req_nodes.reject { |child| child.type == :hash }
26
26
 
27
27
  return fallback_string if req_nodes.none?
@@ -39,31 +39,35 @@ module Dependabot
39
39
 
40
40
  private
41
41
 
42
- attr_reader :dependency, :gemfile
42
+ attr_reader :gemfile
43
43
 
44
- def declaration_node
45
- return @declaration_node if defined?(@declaration_node)
46
- return unless Parser::CurrentRuby.parse(gemfile.content)
44
+ def parsed_gemfile
45
+ @parsed_gemfile ||= Parser::CurrentRuby.parse(gemfile.content)
46
+ end
47
+
48
+ def declaration_node(dependency)
49
+ return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
50
+ return unless parsed_gemfile
47
51
 
48
- @declaration_node = nil
49
- Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
50
- @declaration_node = deep_search_for_gem(node)
52
+ @declaration_nodes[dependency] = nil
53
+ parsed_gemfile.children.any? do |node|
54
+ @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
51
55
  end
52
- @declaration_node
56
+ @declaration_nodes[dependency]
53
57
  end
54
58
 
55
- def deep_search_for_gem(node)
56
- return node if declares_targeted_gem?(node)
59
+ def deep_search_for_gem(node, dependency)
60
+ return node if declares_targeted_gem?(node, dependency)
57
61
  return unless node.is_a?(Parser::AST::Node)
58
62
 
59
63
  declaration_node = nil
60
64
  node.children.find do |child_node|
61
- declaration_node = deep_search_for_gem(child_node)
65
+ declaration_node = deep_search_for_gem(child_node, dependency)
62
66
  end
63
67
  declaration_node
64
68
  end
65
69
 
66
- def declares_targeted_gem?(node)
70
+ def declares_targeted_gem?(node, dependency)
67
71
  return false unless node.is_a?(Parser::AST::Node)
68
72
  return false unless node.children[1] == :gem
69
73
 
@@ -60,17 +60,17 @@ module Dependabot
60
60
  return dependencies unless gemfile
61
61
 
62
62
  [gemfile, *evaled_gemfiles].each do |file|
63
+ gemfile_declaration_finder = GemfileDeclarationFinder.new(gemfile: file)
64
+
63
65
  parsed_gemfile.each do |dep|
64
- gemfile_declaration_finder =
65
- GemfileDeclarationFinder.new(dependency: dep, gemfile: file)
66
- next unless gemfile_declaration_finder.gemfile_includes_dependency?
66
+ next unless gemfile_declaration_finder.gemfile_includes_dependency?(dep)
67
67
 
68
68
  dependencies <<
69
69
  Dependency.new(
70
70
  name: dep.fetch("name"),
71
71
  version: dependency_version(dep.fetch("name"))&.to_s,
72
72
  requirements: [{
73
- requirement: gemfile_declaration_finder.enhanced_req_string,
73
+ requirement: gemfile_declaration_finder.enhanced_req_string(dep),
74
74
  groups: dep.fetch("groups").map(&:to_sym),
75
75
  source: dep.fetch("source")&.transform_keys(&:to_sym),
76
76
  file: file.name
@@ -6,6 +6,8 @@ module Dependabot
6
6
  module Bundler
7
7
  class FileUpdater
8
8
  class GemfileUpdater
9
+ GEMFILE_FILENAMES = %w(Gemfile gems.rb).freeze
10
+
9
11
  require_relative "git_pin_replacer"
10
12
  require_relative "git_source_remover"
11
13
  require_relative "requirement_replacer"
@@ -27,7 +29,7 @@ module Dependabot
27
29
 
28
30
  content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency)
29
31
 
30
- content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency)
32
+ content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency, gemfile)
31
33
  end
32
34
 
33
35
  content
@@ -68,21 +70,21 @@ module Dependabot
68
70
  def remove_git_source?(dependency)
69
71
  old_gemfile_req =
70
72
  dependency.previous_requirements.
71
- find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
73
+ find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
72
74
 
73
75
  return false unless old_gemfile_req&.dig(:source, :type) == "git"
74
76
 
75
77
  new_gemfile_req =
76
78
  dependency.requirements.
77
- find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
79
+ find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
78
80
 
79
81
  new_gemfile_req[:source].nil?
80
82
  end
81
83
 
82
- def update_git_pin?(dependency)
84
+ def update_git_pin?(dependency, file)
83
85
  new_gemfile_req =
84
86
  dependency.requirements.
85
- find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
87
+ find { |f| f[:file] == file.name }
86
88
  return false unless new_gemfile_req&.dig(:source, :type) == "git"
87
89
 
88
90
  # If the new requirement is a git dependency with a ref then there's
@@ -90,9 +90,9 @@ module Dependabot
90
90
  def wrap_require(node)
91
91
  replace(
92
92
  node.loc.expression,
93
- "begin\n"\
94
- "#{node.loc.expression.source_line}\n"\
95
- "rescue LoadError\n"\
93
+ "begin\n" \
94
+ "#{node.loc.expression.source_line}\n" \
95
+ "rescue LoadError\n" \
96
96
  "end"
97
97
  )
98
98
  end
@@ -18,10 +18,9 @@ module Dependabot
18
18
  require_relative "gemspec_dependency_name_finder"
19
19
  require_relative "ruby_requirement_setter"
20
20
 
21
- LOCKFILE_ENDING =
22
- /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
23
- GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m.freeze
24
- GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m.freeze
21
+ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
22
+ GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m
23
+ GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m
25
24
 
26
25
  # Can't be a constant because some of these don't exist in bundler
27
26
  # 1.15, which Heroku uses, which causes an exception on boot.
@@ -56,7 +56,7 @@ module Dependabot
56
56
  if length_change.positive?
57
57
  updated_line.sub(/(?<=\s)\s{#{length_change}}#/, "#")
58
58
  elsif length_change.negative?
59
- updated_line.sub(/(?<=\s{2})#/, " " * length_change.abs + "#")
59
+ updated_line.sub(/(?<=\s{2})#/, (" " * length_change.abs) + "#")
60
60
  end
61
61
 
62
62
  updated_lines[updated_line_index] = updated_line
@@ -167,7 +167,7 @@ module Dependabot
167
167
  req_string.include?(" ")
168
168
  end
169
169
 
170
- EQUALITY_OPERATOR = /(?<![<>!])=/.freeze
170
+ EQUALITY_OPERATOR = /(?<![<>!])=/
171
171
 
172
172
  def use_equality_operator?(requirement_nodes)
173
173
  return true if requirement_nodes.none?
@@ -13,7 +13,7 @@ module Dependabot
13
13
  # it was created with an old version that didn't add this information
14
14
  FAILOVER = V1
15
15
 
16
- BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
16
+ BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
17
17
 
18
18
  def self.bundler_version(lockfile)
19
19
  return DEFAULT unless lockfile
@@ -76,7 +76,7 @@ module Dependabot
76
76
  end
77
77
 
78
78
  def find_source_from_git_url
79
- info = dependency.requirements.map { |r| r[:source] }.compact.first
79
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
80
80
 
81
81
  url = info[:url] || info.fetch("url")
82
82
  Source.from_url(url)
@@ -106,8 +106,8 @@ module Dependabot
106
106
 
107
107
  rubygems_marshalled_gemspec_response.gsub("\x06;", "\n").
108
108
  scan(Dependabot::Source::SOURCE_REGEX) do
109
- github_urls << Regexp.last_match.to_s +
110
- Regexp.last_match.post_match.split("\n").first
109
+ github_urls << (Regexp.last_match.to_s +
110
+ Regexp.last_match.post_match.split("\n").first)
111
111
  end
112
112
 
113
113
  github_urls.find do |url|
@@ -124,7 +124,7 @@ module Dependabot
124
124
  return @rubygems_marshalled_gemspec_response if defined?(@rubygems_marshalled_gemspec_response)
125
125
 
126
126
  gemspec_uri =
127
- "#{registry_url}quick/Marshal.4.8/"\
127
+ "#{registry_url}quick/Marshal.4.8/" \
128
128
  "#{dependency.name}-#{dependency.version}.gemspec.rz"
129
129
 
130
130
  response =
@@ -198,7 +198,7 @@ module Dependabot
198
198
  def registry_url
199
199
  return "https://rubygems.org/" if new_source_type == "default"
200
200
 
201
- info = dependency.requirements.map { |r| r[:source] }.compact.first
201
+ info = dependency.requirements.filter_map { |r| r[:source] }.first
202
202
  info[:url] || info.fetch("url")
203
203
  end
204
204
 
@@ -63,7 +63,7 @@ module Dependabot
63
63
  end
64
64
 
65
65
  def self.native_helpers_root
66
- helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
66
+ helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
67
67
  return File.join(helpers_root, "bundler") unless helpers_root.nil?
68
68
 
69
69
  File.expand_path("../../../helpers", __dir__)
@@ -5,7 +5,7 @@ require "dependabot/utils"
5
5
  module Dependabot
6
6
  module Bundler
7
7
  class Requirement < Gem::Requirement
8
- # For consistency with other langauges, we define a requirements array.
8
+ # For consistency with other languages, we define a requirements array.
9
9
  # Ruby doesn't have an `OR` separator for requirements, so it always
10
10
  # contains a single element.
11
11
  def self.requirements_array(requirement_string)
@@ -24,7 +24,7 @@ module Dependabot
24
24
  # version allowed by the gemspec, if the gemspec has a required ruby
25
25
  # version range
26
26
  class FilePreparer
27
- VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
27
+ VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
28
28
 
29
29
  # Can't be a constant because some of these don't exist in bundler
30
30
  # 1.15, which Heroku uses, which causes an exception on boot.
@@ -85,7 +85,7 @@ module Dependabot
85
85
  #
86
86
  # This is kind of a bug in Bundler, and we should try to fix it,
87
87
  # but resolving it won't necessarily be easy.
88
- updated_deps.map do |dep|
88
+ updated_deps.filter_map do |dep|
89
89
  original_dep =
90
90
  original_dependencies.find { |d| d.name == dep.fetch("name") }
91
91
  spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
@@ -93,7 +93,7 @@ module Dependabot
93
93
  next if spec.fetch("version") == original_dep.version
94
94
 
95
95
  build_dependency(original_dep, spec)
96
- end.compact
96
+ end
97
97
  end
98
98
 
99
99
  def build_dependency(original_dep, updated_spec)
@@ -28,7 +28,7 @@ module Dependabot
28
28
 
29
29
  def updated_requirements
30
30
  requirements.map do |req|
31
- if req[:file].match?(/\.gemspec/)
31
+ if req[:file].include?(".gemspec")
32
32
  update_gemspec_requirement(req)
33
33
  else
34
34
  # If a requirement doesn't come from a gemspec, it must be from
@@ -101,7 +101,7 @@ module Dependabot
101
101
  when "!="
102
102
  []
103
103
  else
104
- raise "Unexpected operation for unsatisfied Gemfile "\
104
+ raise "Unexpected operation for unsatisfied Gemfile " \
105
105
  "requirement: #{op}"
106
106
  end
107
107
  end
@@ -14,19 +14,15 @@ module Dependabot
14
14
  module Bundler
15
15
  class UpdateChecker
16
16
  module SharedBundlerHelpers
17
- GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze
18
- GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./.freeze
19
- PATH_REGEX = /The path `(?<path>.*)` does not exist/.freeze
17
+ GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
18
+ GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
19
+ PATH_REGEX = /The path `(?<path>.*)` does not exist/
20
20
 
21
21
  module BundlerErrorPatterns
22
- MISSING_AUTH_REGEX =
23
- /bundle config (?<source>.*) username:password/.freeze
24
- BAD_AUTH_REGEX =
25
- /Bad username or password for (?<source>.*)\.$/.freeze
26
- BAD_CERT_REGEX =
27
- /verify the SSL certificate for (?<source>.*)\.$/.freeze
28
- HTTP_ERR_REGEX =
29
- /Could not fetch specs from (?<source>.*)$/.freeze
22
+ MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
23
+ BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
24
+ BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
25
+ HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
30
26
  end
31
27
 
32
28
  RETRYABLE_ERRORS = %w(
@@ -181,7 +177,7 @@ module Dependabot
181
177
  )
182
178
  git_specs.reject do |spec|
183
179
  uri = URI.parse(spec.fetch("auth_uri"))
184
- next false unless %w(http https).include?(uri.scheme)
180
+ next false unless uri.scheme&.match?(/https?/o)
185
181
 
186
182
  Dependabot::RegistryClient.get(
187
183
  url: uri.to_s
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.211.0
4
+ version: 0.213.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.211.0
19
+ version: 0.213.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.211.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.213.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.11.1
61
+ version: 3.13.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.11.1
68
+ version: 3.13.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.35.1
117
+ version: 1.37.1
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.35.1
124
+ version: 1.37.1
153
125
  - !ruby/object:Gem::Dependency
154
- name: ruby-debug-ide
126
+ name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 0.7.3
131
+ version: 1.15.0
160
132
  type: :development
161
133
  prerelease: false
162
134
  version_requirements: !ruby/object:Gem::Requirement
163
135
  requirements:
164
136
  - - "~>"
165
137
  - !ruby/object:Gem::Version
166
- version: 0.7.3
138
+ version: 1.15.0
167
139
  - !ruby/object:Gem::Dependency
168
140
  name: simplecov
169
141
  requirement: !ruby/object:Gem::Requirement
@@ -276,7 +248,6 @@ files:
276
248
  - helpers/v2/lib/functions/version_resolver.rb
277
249
  - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
278
250
  - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
279
- - helpers/v2/monkey_patches/endpoint_specification_patch.rb
280
251
  - helpers/v2/monkey_patches/git_source_patch.rb
281
252
  - helpers/v2/run.rb
282
253
  - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
@@ -332,14 +303,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
332
303
  requirements:
333
304
  - - ">="
334
305
  - !ruby/object:Gem::Version
335
- version: 2.7.0
306
+ version: 3.1.0
336
307
  required_rubygems_version: !ruby/object:Gem::Requirement
337
308
  requirements:
338
309
  - - ">="
339
310
  - !ruby/object:Gem::Version
340
- version: 2.7.0
311
+ version: 3.1.0
341
312
  requirements: []
342
- rubygems_version: 3.1.6
313
+ rubygems_version: 3.3.7
343
314
  signing_key:
344
315
  specification_version: 4
345
316
  summary: Ruby (bundler) support for dependabot
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "bundler/endpoint_specification"
4
-
5
- module EndpointSpecificationPatch
6
- def required_ruby_version
7
- @required_ruby_version ||= Gem::Requirement.default
8
- end
9
-
10
- def required_rubygems_version
11
- @required_rubygems_version ||= Gem::Requirement.default
12
- end
13
- end
14
-
15
- Bundler::EndpointSpecification.prepend(EndpointSpecificationPatch)