dependabot-bundler 0.213.0 → 0.215.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 55546e82f289d523c8f13d59a6c60863c9771ebfb0e2e3fd1df0ba7057a5c745
4
- data.tar.gz: e3e912ae9743390b574d72c93867618838526335ae43f165db59686af1339139
3
+ metadata.gz: 0b2a5932ecc497e8d807922680efc95126f022b55860e3e270f3ff905bafb958
4
+ data.tar.gz: f54e71c5c027e3ca7455ec0265a1b9d160a019709b9d7739d4582b0f5202168e
5
5
  SHA512:
6
- metadata.gz: b4097b5de54f37b1a1e237ead1dc4c9d62c30f5e49b86597715dd776e827a82358ffcfefaa23cefd0f1fa69a6c1170d547a8720efe6b5f27231c201660a53a27
7
- data.tar.gz: 9ac94050be3a3d3a35deb72a24ae6884848a736b501cc5d4ae980ec9817d5d13e40cd37b2dd8be1264e03f583a77f38c681496e11622fd46a9e5c1aa0b68734c
6
+ metadata.gz: 8f42c1615b336fdae9490acfce61098228d29a7016ff3d2c0d236239750b207522cdcc47193eefa5b3b680215992e4f7630d73c9572d162d0fc4257bf1ec9e73
7
+ data.tar.gz: 37c4ee937da2a029f96e916ba8e3040cf8e1d32354dec01c7d4c7dd9c196a6bf7f8240ec36ef292872347b3f83fd40b1dd7b549d0b3ccfa139740ea97c12aa94
@@ -66,7 +66,7 @@ module Functions
66
66
  def git_source_details(source)
67
67
  {
68
68
  url: source.uri,
69
- branch: source.branch || "master",
69
+ branch: source.branch,
70
70
  ref: source.ref
71
71
  }
72
72
  end
@@ -11,8 +11,9 @@ module BundlerDefinitionRubyVersionPatch
11
11
  Gem::Specification.new("ruby\0", requested_version)
12
12
  end
13
13
 
14
- sources.metadata_source.specs <<
15
- Gem::Specification.new("ruby\0", "2.5.3p105")
14
+ %w(2.5.3p105 2.6.10p210 2.7.6p219 3.0.4p208).each do |version|
15
+ sources.metadata_source.specs << Gem::Specification.new("ruby\0", version)
16
+ end
16
17
  end
17
18
  end
18
19
  end
@@ -63,12 +63,11 @@ module Functions
63
63
  details
64
64
  end
65
65
 
66
- # TODO: Remove default `master` branch
67
66
  def git_source_details(source)
68
67
  {
69
68
  url: source.uri,
70
- branch: source.branch || "master",
71
- ref: source.ref || "master"
69
+ branch: source.branch,
70
+ ref: source.ref
72
71
  }
73
72
  end
74
73
 
@@ -6,9 +6,7 @@ require "bundler/definition"
6
6
  # version available to us is the one we're using).
7
7
  module BundlerDefinitionBundlerVersionPatch
8
8
  def expanded_dependencies
9
- @expanded_dependencies ||=
10
- expand_dependencies(dependencies + metadata_dependencies, @remote).
11
- reject { |d| d.name == "bundler" }
9
+ @expanded_dependencies ||= (dependencies + metadata_dependencies).reject { |d| d.name == "bundler" }
12
10
  end
13
11
  end
14
12
 
@@ -10,8 +10,9 @@ module BundlerDefinitionRubyVersionPatch
10
10
  Gem::Specification.new("Ruby\0", requested_version)
11
11
  end
12
12
 
13
- sources.metadata_source.specs <<
14
- Gem::Specification.new("Ruby\0", "2.5.3")
13
+ %w(2.5.3 2.6.10 2.7.6 3.0.4).each do |version|
14
+ sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
15
+ end
15
16
 
16
17
  super
17
18
  end
@@ -51,7 +51,7 @@ RSpec.describe Functions::FileParser do
51
51
  name: "business",
52
52
  requirement: Gem::Requirement.new("~> 1.6.0"),
53
53
  source: {
54
- branch: "master",
54
+ branch: nil,
55
55
  ref: "a1b78a9",
56
56
  type: "git",
57
57
  url: "git@github.com:dependabot-fixtures/business"
@@ -70,8 +70,8 @@ RSpec.describe Functions::FileParser do
70
70
  name: "prius",
71
71
  requirement: Gem::Requirement.new(">= 0"),
72
72
  source: {
73
- branch: "master",
74
- ref: "master",
73
+ branch: nil,
74
+ ref: nil,
75
75
  type: "git",
76
76
  url: "https://github.com/dependabot-fixtures/prius"
77
77
  },
@@ -82,7 +82,7 @@ RSpec.describe Functions::FileParser do
82
82
  name: "que",
83
83
  requirement: Gem::Requirement.new(">= 0"),
84
84
  source: {
85
- branch: "master",
85
+ branch: nil,
86
86
  ref: "v0.11.6",
87
87
  type: "git",
88
88
  url: "git@github.com:dependabot-fixtures/que"
@@ -94,8 +94,8 @@ RSpec.describe Functions::FileParser do
94
94
  name: "uk_phone_numbers",
95
95
  requirement: Gem::Requirement.new(">= 0"),
96
96
  source: {
97
- branch: "master",
98
- ref: "master",
97
+ branch: nil,
98
+ ref: nil,
99
99
  type: "git",
100
100
  url: "http://github.com/dependabot-fixtures/uk_phone_numbers"
101
101
  },
@@ -0,0 +1,61 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "parser/current"
4
+
5
+ module Dependabot
6
+ module Bundler
7
+ class FileParser
8
+ # Checks whether a dependency is declared in a gemspec file
9
+ class GemspecDeclarationFinder
10
+ def initialize(gemspec:)
11
+ @gemspec = gemspec
12
+ @declaration_nodes = {}
13
+ end
14
+
15
+ def gemspec_includes_dependency?(dependency)
16
+ !declaration_node(dependency).nil?
17
+ end
18
+
19
+ private
20
+
21
+ attr_reader :gemspec
22
+
23
+ def parsed_gemspec
24
+ @parsed_gemspec ||= Parser::CurrentRuby.parse(gemspec.content)
25
+ end
26
+
27
+ def declaration_node(dependency)
28
+ return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
29
+ return unless parsed_gemspec
30
+
31
+ @declaration_nodes[dependency] = nil
32
+ parsed_gemspec.children.any? do |node|
33
+ @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
34
+ end
35
+ @declaration_nodes[dependency]
36
+ end
37
+
38
+ def deep_search_for_gem(node, dependency)
39
+ return node if declares_targeted_gem?(node, dependency)
40
+ return unless node.is_a?(Parser::AST::Node)
41
+
42
+ declaration_node = nil
43
+ node.children.find do |child_node|
44
+ declaration_node = deep_search_for_gem(child_node, dependency)
45
+ end
46
+ declaration_node
47
+ end
48
+
49
+ def declares_targeted_gem?(node, dependency)
50
+ return false unless node.is_a?(Parser::AST::Node)
51
+
52
+ second_child = node.children[1]
53
+ allowed_declarations = %i(add_dependency add_runtime_dependency add_development_dependency)
54
+ return false unless allowed_declarations.include?(second_child)
55
+
56
+ node.children[2].children.first == dependency.fetch("name")
57
+ end
58
+ end
59
+ end
60
+ end
61
+ end
@@ -16,6 +16,7 @@ module Dependabot
16
16
  require "dependabot/file_parsers/base/dependency_set"
17
17
  require "dependabot/bundler/file_parser/file_preparer"
18
18
  require "dependabot/bundler/file_parser/gemfile_declaration_finder"
19
+ require "dependabot/bundler/file_parser/gemspec_declaration_finder"
19
20
 
20
21
  def parse
21
22
  dependency_set = DependencySet.new
@@ -87,7 +88,11 @@ module Dependabot
87
88
  dependencies = DependencySet.new
88
89
 
89
90
  gemspecs.each do |gemspec|
91
+ gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
92
+
90
93
  parsed_gemspec(gemspec).each do |dependency|
94
+ next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
95
+
91
96
  dependencies <<
92
97
  Dependency.new(
93
98
  name: dependency.fetch("name"),
@@ -196,12 +196,22 @@ module Dependabot
196
196
  end
197
197
 
198
198
  def registry_url
199
- return "https://rubygems.org/" if new_source_type == "default"
199
+ return base_url if new_source_type == "default"
200
200
 
201
201
  info = dependency.requirements.filter_map { |r| r[:source] }.first
202
202
  info[:url] || info.fetch("url")
203
203
  end
204
204
 
205
+ def base_url
206
+ return @base_url if defined?(@base_url)
207
+
208
+ credential = credentials.find do |cred|
209
+ cred["type"] == "rubygems_server" && cred["replaces-base"] == true
210
+ end
211
+ host = credential ? credential["host"] : "rubygems.org"
212
+ @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))
213
+ end
214
+
205
215
  def registry_auth_headers
206
216
  return {} unless new_source_type == "rubygems"
207
217
 
@@ -31,6 +31,8 @@ module Dependabot
31
31
  # * version [String] the version of the blocking dependency
32
32
  # * requirement [String] the requirement on the target_dependency
33
33
  def conflicting_dependencies(dependency:, target_version:)
34
+ return [] if lockfile.nil?
35
+
34
36
  in_a_native_bundler_context(error_handling: false) do |tmp_dir|
35
37
  NativeHelpers.run_bundler_subprocess(
36
38
  bundler_version: bundler_version,
@@ -81,18 +81,17 @@ module Dependabot
81
81
  end
82
82
 
83
83
  def filter_lower_versions(versions_array)
84
- return versions_array unless dependency.version && Gem::Version.correct?(dependency.version)
84
+ return versions_array unless dependency.numeric_version
85
85
 
86
86
  versions_array.
87
- select { |version| version > Gem::Version.new(dependency.version) }
87
+ select { |version| version > dependency.numeric_version }
88
88
  end
89
89
 
90
90
  def wants_prerelease?
91
91
  @wants_prerelease ||=
92
92
  begin
93
- current_version = dependency.version
94
- if current_version && Gem::Version.correct?(current_version) &&
95
- Gem::Version.new(current_version).prerelease?
93
+ current_version = dependency.numeric_version
94
+ if current_version&.prerelease?
96
95
  true
97
96
  else
98
97
  dependency.requirements.any? do |req|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.213.0
4
+ version: 0.215.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-31 00:00:00.000000000 Z
11
+ date: 2022-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.213.0
19
+ version: 0.215.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.213.0
26
+ version: 0.215.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 3.13.0
61
+ version: 4.0.0
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 3.13.0
68
+ version: 4.0.0
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.37.1
117
+ version: 1.39.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.37.1
124
+ version: 1.39.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -267,6 +267,7 @@ files:
267
267
  - lib/dependabot/bundler/file_parser.rb
268
268
  - lib/dependabot/bundler/file_parser/file_preparer.rb
269
269
  - lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb
270
+ - lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb
270
271
  - lib/dependabot/bundler/file_updater.rb
271
272
  - lib/dependabot/bundler/file_updater/gemfile_updater.rb
272
273
  - lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb