dependabot-bundler 0.225.0 → 0.227.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ba17ad283a50a7c06199c0dd9eb7546616bbc18161b2d475587f67535c4f527
4
- data.tar.gz: e0ec3920c84e0a1df752bebd6f3f9545c50782e34a22f0933f94e3c27932c506
3
+ metadata.gz: 7023595adf12fbe47753c88f1f18a95d56ef336c503a76fdd1335c33b3bb8494
4
+ data.tar.gz: 2e100abbbdf9ac7c9768000c23386556a655c07022240f7a116f33361cbc11cf
5
5
  SHA512:
6
- metadata.gz: f7c2375065f8ce381f6b2c1293f24ba0b279416c14adba367ef6623a915a56b5e2c93ba5e382eef5cfb06487630b3291d5f5af368469db2ade9a139751d35dde
7
- data.tar.gz: 1028997b2e4d5bf9deb4b07eac0532af63aa7e4cc9fa9e59007fb61da7a44adefd6ef2ef4de7720ac6ce5cf3f8d7217c521f99baf4239641fd0197dd63497dc8
6
+ metadata.gz: 2834e755780893f71734a610865eb1575974aa20824b9ebd1a1e340c1c7824700eb7a4ae23546288f74da808228d1258ebe7e446d93af987fb3552db7764badd
7
+ data.tar.gz: d484aa2915784b4cbfafe2105982531471eb2bc86886f369a4d6797b7cce397243299b22edc33cda782e701d7f96fa812796350094bb716fc1cfc2c3f698d8d4
@@ -147,10 +147,10 @@ module Functions
147
147
  return [] unless lockfile
148
148
 
149
149
  all_deps = Bundler::LockfileParser.new(lockfile).
150
- specs.map(&:name).map(&:to_s)
150
+ specs.map { |x| x.name.to_s }
151
151
  top_level = Bundler::Definition.
152
152
  build(gemfile_name, lockfile_name, {}).
153
- dependencies.map(&:name).map(&:to_s)
153
+ dependencies.map { |x| x.name.to_s }
154
154
 
155
155
  all_deps - top_level
156
156
  end
@@ -136,12 +136,11 @@ module Functions
136
136
  dependencies_to_unlock << gem_name
137
137
  end
138
138
 
139
- # rubocop:disable Metrics/PerceivedComplexity
140
139
  def unlock_blocking_subdeps(dependencies_to_unlock, error)
141
140
  all_deps = Bundler::LockfileParser.new(lockfile).
142
- specs.map(&:name).map(&:to_s)
141
+ specs.map { |x| x.name.to_s }
143
142
  top_level = build_definition([]).dependencies.
144
- map(&:name).map(&:to_s)
143
+ map { |x| x.name.to_s }
145
144
  allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
146
145
 
147
146
  raise if allowed_new_unlocks.none?
@@ -163,7 +162,6 @@ module Functions
163
162
  # information to chart the full path through all conflicts unwound
164
163
  dependencies_to_unlock.append(*allowed_new_unlocks)
165
164
  end
166
- # rubocop:enable Metrics/PerceivedComplexity
167
165
 
168
166
  def build_definition(dependencies_to_unlock)
169
167
  defn = Bundler::Definition.build(
@@ -177,7 +175,7 @@ module Functions
177
175
  # subdeps unlocked, like they were in the UpdateChecker, so we
178
176
  # mutate the unlocked gems array.
179
177
  unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
180
- must_not_unlock = defn.dependencies.map(&:name).map(&:to_s) -
178
+ must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
181
179
  dependencies_to_unlock
182
180
  unlocked.reject! { |n| must_not_unlock.include?(n) }
183
181
 
@@ -82,9 +82,9 @@ module Functions
82
82
  return [] unless lockfile
83
83
 
84
84
  all_deps = ::Bundler::LockfileParser.new(lockfile).
85
- specs.map(&:name).map(&:to_s).uniq
85
+ specs.map { |x| x.name.to_s }.uniq
86
86
  top_level = build_definition([]).dependencies.
87
- map(&:name).map(&:to_s)
87
+ map { |x| x.name.to_s }
88
88
 
89
89
  all_deps - top_level
90
90
  end
data/helpers/v1/run.rb CHANGED
@@ -21,25 +21,11 @@ require "resolver_spec_group_sane_eql"
21
21
 
22
22
  require "functions"
23
23
 
24
- MAX_BUNDLER_VERSION = "2.0.0"
25
-
26
- def validate_bundler_version!
27
- return true if correct_bundler_version?
28
-
29
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
30
- end
31
-
32
- def correct_bundler_version?
33
- Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
34
- end
35
-
36
24
  def output(obj)
37
25
  print JSON.dump(obj)
38
26
  end
39
27
 
40
28
  begin
41
- validate_bundler_version!
42
-
43
29
  request = JSON.parse($stdin.read)
44
30
 
45
31
  function = request["function"]
@@ -62,10 +62,13 @@ module Functions
62
62
  end
63
63
 
64
64
  def cache_vendored_gems(definition)
65
- # Dependencies that have been unlocked for the update (including
66
- # sub-dependencies)
67
- unlocked_gems = definition.instance_variable_get(:@unlock).
68
- fetch(:gems)
65
+ resolve = definition.resolve
66
+
67
+ # Dependencies that have been updated (including sub-dependencies)
68
+ updated_gems = resolve.reject do |spec|
69
+ lockfile_specs.include?(spec)
70
+ end.map(&:name).uniq
71
+
69
72
  bundler_opts = {
70
73
  cache_all: true,
71
74
  cache_all_platforms: true,
@@ -76,27 +79,30 @@ module Functions
76
79
  # Fetch and cache gems on all platforms without pruning
77
80
  Bundler::Runtime.new(nil, definition).cache
78
81
 
79
- # Only prune unlocked gems (the original implementation is in
82
+ # Only prune updated gems (the original implementation is in
80
83
  # Bundler::Runtime)
81
84
  cache_path = Bundler.app_cache
82
- resolve = definition.resolve
83
- prune_gem_cache(resolve, cache_path, unlocked_gems)
85
+ prune_gem_cache(resolve, cache_path, updated_gems)
84
86
  prune_git_and_path_cache(resolve, cache_path)
85
87
  end
86
88
  end
87
89
 
88
90
  # Copied from Bundler::Runtime: Modified to only prune gems that have
89
- # been unlocked
90
- def prune_gem_cache(resolve, cache_path, unlocked_gems)
91
+ # been updated
92
+ def prune_gem_cache(resolve, cache_path, updated_gems)
91
93
  cached_gems = Dir["#{cache_path}/*.gem"]
92
94
 
93
- outdated_gems = cached_gems.reject do |path|
95
+ outdated_gems = cached_gems.select do |path|
94
96
  spec = Bundler.rubygems.spec_from_gem path
95
97
 
96
- !unlocked_gems.include?(spec.name) || resolve.any? do |s|
98
+ caused_by_update = updated_gems.include?(spec.name) && resolve.none? do |s|
97
99
  s.name == spec.name && s.version == spec.version &&
98
100
  !s.source.is_a?(Bundler::Source::Git)
99
101
  end
102
+
103
+ caused_by_removal = resolve.none? { |s| s.name == spec.name }
104
+
105
+ caused_by_update || caused_by_removal
100
106
  end
101
107
 
102
108
  return unless outdated_gems.any?
@@ -138,10 +144,9 @@ module Functions
138
144
  end
139
145
 
140
146
  def unlock_blocking_subdeps(dependencies_to_unlock, error)
141
- all_deps = Bundler::LockfileParser.new(lockfile).
142
- specs.map(&:name).map(&:to_s)
147
+ all_deps = lockfile_specs.map { |x| x.name.to_s }
143
148
  top_level = build_definition([]).dependencies.
144
- map(&:name).map(&:to_s)
149
+ map { |x| x.name.to_s }
145
150
  allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
146
151
 
147
152
  raise if allowed_new_unlocks.none?
@@ -182,7 +187,7 @@ module Functions
182
187
  # subdeps unlocked, like they were in the UpdateChecker, so we
183
188
  # mutate the unlocked gems array.
184
189
  unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
185
- must_not_unlock = defn.dependencies.map(&:name).map(&:to_s) -
190
+ must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
186
191
  dependencies_to_unlock
187
192
  unlocked.reject! { |n| must_not_unlock.include?(n) }
188
193
 
@@ -215,6 +220,10 @@ module Functions
215
220
  sources.all? { |s| s&.fetch("type", nil) == "git" }
216
221
  end
217
222
 
223
+ def lockfile_specs
224
+ @lockfile_specs ||= Bundler::LockfileParser.new(lockfile).specs
225
+ end
226
+
218
227
  def lockfile
219
228
  @lockfile ||= File.read(lockfile_name)
220
229
  end
@@ -82,9 +82,9 @@ module Functions
82
82
  return [] unless lockfile
83
83
 
84
84
  all_deps = ::Bundler::LockfileParser.new(lockfile).
85
- specs.map(&:name).map(&:to_s).uniq
85
+ specs.map { |x| x.name.to_s }.uniq
86
86
  top_level = build_definition([]).dependencies.
87
- map(&:name).map(&:to_s)
87
+ map { |x| x.name.to_s }
88
88
 
89
89
  all_deps - top_level
90
90
  end
data/helpers/v2/run.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- gem "bundler", "~> 2.3"
3
+ gem "bundler", "~> 2.4"
4
4
  require "bundler"
5
5
  require "json"
6
6
 
@@ -19,25 +19,11 @@ require "git_source_patch"
19
19
 
20
20
  require "functions"
21
21
 
22
- MIN_BUNDLER_VERSION = "2.1.0"
23
-
24
- def validate_bundler_version!
25
- return true if correct_bundler_version?
26
-
27
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
28
- end
29
-
30
- def correct_bundler_version?
31
- Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
32
- end
33
-
34
22
  def output(obj)
35
23
  print JSON.dump(obj)
36
24
  end
37
25
 
38
26
  begin
39
- validate_bundler_version!
40
-
41
27
  request = JSON.parse($stdin.read)
42
28
 
43
29
  function = request["function"]
@@ -69,13 +69,15 @@ module Dependabot
69
69
  end
70
70
 
71
71
  def gemfile
72
- @gemfile ||= fetch_file_if_present("gems.rb") ||
73
- fetch_file_if_present("Gemfile")
72
+ return @gemfile if defined?(@gemfile)
73
+
74
+ @gemfile = fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile")
74
75
  end
75
76
 
76
77
  def lockfile
77
- @lockfile ||= fetch_file_if_present("gems.locked") ||
78
- fetch_file_if_present("Gemfile.lock")
78
+ return @lockfile if defined?(@lockfile)
79
+
80
+ @lockfile = fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock")
79
81
  end
80
82
 
81
83
  def gemspecs
@@ -19,7 +19,9 @@ module Dependabot
19
19
  PATH_REGEX = /The path `(?<path>.*)` does not exist/
20
20
 
21
21
  module BundlerErrorPatterns
22
- MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
22
+ # The `set --global` optional part can be made required when Bundler 1 support is dropped
23
+ MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
24
+
23
25
  BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
24
26
  BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
25
27
  HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.225.0
4
+ version: 0.227.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-31 00:00:00.000000000 Z
11
+ date: 2023-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.225.0
19
+ version: 0.227.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.225.0
26
+ version: 0.227.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.19.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.19.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -268,7 +268,7 @@ licenses:
268
268
  - Nonstandard
269
269
  metadata:
270
270
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
271
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
271
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
272
272
  post_install_message:
273
273
  rdoc_options: []
274
274
  require_paths: