dependabot-bundler 0.225.0 → 0.226.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62e7833c9a64fc684512d74fa39ce224e18754731dddb5208d7984f920c54467
|
4
|
+
data.tar.gz: c598beadef625a3c4789a34cc52066bd96cc2b9b5a17e4c47b38ae3e2d96641c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0d86274e3b7f9e971b6add631c155b67843fe5adbbf719b73934517b73824feca2eeb41ca37ab9557c9bb5737b67208f039cc7e852e73d97f3d1b40d4e77a0af
|
7
|
+
data.tar.gz: 105562225882a8b562ff3afdd2851a2fc05d7a0ee0ff61993b9688e4e5df0f6dffcb1f077e6b43a75150758d5ea1960eda2dbb30963a08bded17980d65b339c1
|
data/helpers/v1/run.rb
CHANGED
@@ -21,25 +21,11 @@ require "resolver_spec_group_sane_eql"
|
|
21
21
|
|
22
22
|
require "functions"
|
23
23
|
|
24
|
-
MAX_BUNDLER_VERSION = "2.0.0"
|
25
|
-
|
26
|
-
def validate_bundler_version!
|
27
|
-
return true if correct_bundler_version?
|
28
|
-
|
29
|
-
raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
|
30
|
-
end
|
31
|
-
|
32
|
-
def correct_bundler_version?
|
33
|
-
Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
|
34
|
-
end
|
35
|
-
|
36
24
|
def output(obj)
|
37
25
|
print JSON.dump(obj)
|
38
26
|
end
|
39
27
|
|
40
28
|
begin
|
41
|
-
validate_bundler_version!
|
42
|
-
|
43
29
|
request = JSON.parse($stdin.read)
|
44
30
|
|
45
31
|
function = request["function"]
|
@@ -62,10 +62,13 @@ module Functions
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def cache_vendored_gems(definition)
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
65
|
+
resolve = definition.resolve
|
66
|
+
|
67
|
+
# Dependencies that have been updated (including sub-dependencies)
|
68
|
+
updated_gems = resolve.reject do |spec|
|
69
|
+
lockfile_specs.include?(spec)
|
70
|
+
end.map(&:name).uniq
|
71
|
+
|
69
72
|
bundler_opts = {
|
70
73
|
cache_all: true,
|
71
74
|
cache_all_platforms: true,
|
@@ -76,27 +79,30 @@ module Functions
|
|
76
79
|
# Fetch and cache gems on all platforms without pruning
|
77
80
|
Bundler::Runtime.new(nil, definition).cache
|
78
81
|
|
79
|
-
# Only prune
|
82
|
+
# Only prune updated gems (the original implementation is in
|
80
83
|
# Bundler::Runtime)
|
81
84
|
cache_path = Bundler.app_cache
|
82
|
-
resolve
|
83
|
-
prune_gem_cache(resolve, cache_path, unlocked_gems)
|
85
|
+
prune_gem_cache(resolve, cache_path, updated_gems)
|
84
86
|
prune_git_and_path_cache(resolve, cache_path)
|
85
87
|
end
|
86
88
|
end
|
87
89
|
|
88
90
|
# Copied from Bundler::Runtime: Modified to only prune gems that have
|
89
|
-
# been
|
90
|
-
def prune_gem_cache(resolve, cache_path,
|
91
|
+
# been updated
|
92
|
+
def prune_gem_cache(resolve, cache_path, updated_gems)
|
91
93
|
cached_gems = Dir["#{cache_path}/*.gem"]
|
92
94
|
|
93
|
-
outdated_gems = cached_gems.
|
95
|
+
outdated_gems = cached_gems.select do |path|
|
94
96
|
spec = Bundler.rubygems.spec_from_gem path
|
95
97
|
|
96
|
-
|
98
|
+
caused_by_update = updated_gems.include?(spec.name) && resolve.none? do |s|
|
97
99
|
s.name == spec.name && s.version == spec.version &&
|
98
100
|
!s.source.is_a?(Bundler::Source::Git)
|
99
101
|
end
|
102
|
+
|
103
|
+
caused_by_removal = resolve.none? { |s| s.name == spec.name }
|
104
|
+
|
105
|
+
caused_by_update || caused_by_removal
|
100
106
|
end
|
101
107
|
|
102
108
|
return unless outdated_gems.any?
|
@@ -138,8 +144,7 @@ module Functions
|
|
138
144
|
end
|
139
145
|
|
140
146
|
def unlock_blocking_subdeps(dependencies_to_unlock, error)
|
141
|
-
all_deps =
|
142
|
-
specs.map(&:name).map(&:to_s)
|
147
|
+
all_deps = lockfile_specs.map(&:name).map(&:to_s)
|
143
148
|
top_level = build_definition([]).dependencies.
|
144
149
|
map(&:name).map(&:to_s)
|
145
150
|
allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
|
@@ -215,6 +220,10 @@ module Functions
|
|
215
220
|
sources.all? { |s| s&.fetch("type", nil) == "git" }
|
216
221
|
end
|
217
222
|
|
223
|
+
def lockfile_specs
|
224
|
+
@lockfile_specs ||= Bundler::LockfileParser.new(lockfile).specs
|
225
|
+
end
|
226
|
+
|
218
227
|
def lockfile
|
219
228
|
@lockfile ||= File.read(lockfile_name)
|
220
229
|
end
|
data/helpers/v2/run.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
gem "bundler", "~> 2.
|
3
|
+
gem "bundler", "~> 2.4"
|
4
4
|
require "bundler"
|
5
5
|
require "json"
|
6
6
|
|
@@ -19,25 +19,11 @@ require "git_source_patch"
|
|
19
19
|
|
20
20
|
require "functions"
|
21
21
|
|
22
|
-
MIN_BUNDLER_VERSION = "2.1.0"
|
23
|
-
|
24
|
-
def validate_bundler_version!
|
25
|
-
return true if correct_bundler_version?
|
26
|
-
|
27
|
-
raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
|
28
|
-
end
|
29
|
-
|
30
|
-
def correct_bundler_version?
|
31
|
-
Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
|
32
|
-
end
|
33
|
-
|
34
22
|
def output(obj)
|
35
23
|
print JSON.dump(obj)
|
36
24
|
end
|
37
25
|
|
38
26
|
begin
|
39
|
-
validate_bundler_version!
|
40
|
-
|
41
27
|
request = JSON.parse($stdin.read)
|
42
28
|
|
43
29
|
function = request["function"]
|
@@ -69,13 +69,15 @@ module Dependabot
|
|
69
69
|
end
|
70
70
|
|
71
71
|
def gemfile
|
72
|
-
@gemfile
|
73
|
-
|
72
|
+
return @gemfile if defined?(@gemfile)
|
73
|
+
|
74
|
+
@gemfile = fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile")
|
74
75
|
end
|
75
76
|
|
76
77
|
def lockfile
|
77
|
-
@lockfile
|
78
|
-
|
78
|
+
return @lockfile if defined?(@lockfile)
|
79
|
+
|
80
|
+
@lockfile = fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock")
|
79
81
|
end
|
80
82
|
|
81
83
|
def gemspecs
|
@@ -19,7 +19,9 @@ module Dependabot
|
|
19
19
|
PATH_REGEX = /The path `(?<path>.*)` does not exist/
|
20
20
|
|
21
21
|
module BundlerErrorPatterns
|
22
|
-
|
22
|
+
# The `set --global` optional part can be made required when Bundler 1 support is dropped
|
23
|
+
MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
|
24
|
+
|
23
25
|
BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
|
24
26
|
BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
|
25
27
|
HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.226.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-08-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.226.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.226.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 1.
|
131
|
+
version: 1.18.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 1.
|
138
|
+
version: 1.18.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: stackprof
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -268,7 +268,7 @@ licenses:
|
|
268
268
|
- Nonstandard
|
269
269
|
metadata:
|
270
270
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
271
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
271
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
|
272
272
|
post_install_message:
|
273
273
|
rdoc_options: []
|
274
274
|
require_paths:
|