dependabot-bundler 0.229.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +1 -0
- data/helpers/v1/lib/functions/dependency_source.rb +10 -9
- data/helpers/v1/lib/functions/file_parser.rb +8 -7
- data/helpers/v1/lib/functions/force_updater.rb +22 -21
- data/helpers/v1/lib/functions/lockfile_updater.rb +12 -11
- data/helpers/v1/lib/functions/version_resolver.rb +7 -6
- data/helpers/v1/lib/functions.rb +16 -15
- data/helpers/v1/monkey_patches/definition_bundler_version_patch.rb +3 -2
- data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +1 -0
- data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +4 -3
- data/helpers/v1/monkey_patches/git_source_patch.rb +3 -2
- data/helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb +1 -0
- data/helpers/v1/run.rb +1 -0
- data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +1 -0
- data/helpers/v1/spec/functions/dependency_source_spec.rb +66 -65
- data/helpers/v1/spec/functions/file_parser_spec.rb +1 -0
- data/helpers/v1/spec/functions/force_updater_spec.rb +1 -0
- data/helpers/v1/spec/functions/version_resolver_spec.rb +15 -14
- data/helpers/v1/spec/native_spec_helper.rb +1 -0
- data/helpers/v1/spec/shared_contexts.rb +7 -6
- data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +1 -0
- data/helpers/v2/lib/functions/dependency_source.rb +10 -9
- data/helpers/v2/lib/functions/file_parser.rb +8 -7
- data/helpers/v2/lib/functions/force_updater.rb +10 -9
- data/helpers/v2/lib/functions/lockfile_updater.rb +5 -4
- data/helpers/v2/lib/functions/version_resolver.rb +7 -6
- data/helpers/v2/lib/functions.rb +16 -15
- data/helpers/v2/monkey_patches/definition_bundler_version_patch.rb +1 -0
- data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb +1 -0
- data/helpers/v2/monkey_patches/git_source_patch.rb +3 -2
- data/helpers/v2/run.rb +1 -0
- data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +1 -0
- data/helpers/v2/spec/functions/dependency_source_spec.rb +67 -66
- data/helpers/v2/spec/functions/file_parser_spec.rb +1 -0
- data/helpers/v2/spec/functions/force_updater_spec.rb +1 -0
- data/helpers/v2/spec/functions/version_resolver_spec.rb +19 -18
- data/helpers/v2/spec/functions_spec.rb +1 -0
- data/helpers/v2/spec/native_spec_helper.rb +1 -0
- data/helpers/v2/spec/shared_contexts.rb +7 -6
- data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +1 -0
- data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +3 -2
- data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +3 -2
- data/lib/dependabot/bundler/file_fetcher/require_relative_finder.rb +1 -0
- data/lib/dependabot/bundler/file_fetcher.rb +25 -24
- data/lib/dependabot/bundler/file_parser/file_preparer.rb +15 -14
- data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +1 -0
- data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +1 -0
- data/lib/dependabot/bundler/file_parser.rb +23 -22
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +19 -18
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +1 -0
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +8 -7
- data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +7 -6
- data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +4 -3
- data/lib/dependabot/bundler/file_updater/git_source_remover.rb +1 -0
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +22 -21
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +5 -4
- data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +5 -4
- data/lib/dependabot/bundler/file_updater.rb +16 -15
- data/lib/dependabot/bundler/helpers.rb +1 -0
- data/lib/dependabot/bundler/metadata_finder.rb +24 -23
- data/lib/dependabot/bundler/native_helpers.rb +4 -3
- data/lib/dependabot/bundler/requirement.rb +3 -2
- data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +1 -0
- data/lib/dependabot/bundler/update_checker/file_preparer.rb +33 -32
- data/lib/dependabot/bundler/update_checker/force_updater.rb +4 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -4
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +5 -4
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +6 -5
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +15 -14
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +4 -3
- data/lib/dependabot/bundler/update_checker.rb +27 -26
- data/lib/dependabot/bundler/version.rb +3 -2
- data/lib/dependabot/bundler.rb +3 -2
- metadata +19 -5
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/file_updaters"
|
|
@@ -58,9 +59,9 @@ module Dependabot
|
|
|
58
59
|
check_updated_files(updated_files)
|
|
59
60
|
|
|
60
61
|
base_dir = updated_files.first.directory
|
|
61
|
-
vendor_updater
|
|
62
|
-
updated_vendor_cache_files(base_directory: base_dir)
|
|
63
|
-
each do |file|
|
|
62
|
+
vendor_updater
|
|
63
|
+
.updated_vendor_cache_files(base_directory: base_dir)
|
|
64
|
+
.each do |file|
|
|
64
65
|
updated_files << file
|
|
65
66
|
end
|
|
66
67
|
|
|
@@ -122,14 +123,14 @@ module Dependabot
|
|
|
122
123
|
|
|
123
124
|
def evaled_gemfiles
|
|
124
125
|
@evaled_gemfiles ||=
|
|
125
|
-
dependency_files
|
|
126
|
-
reject { |f| f.name.end_with?(".gemspec") }
|
|
127
|
-
reject { |f| f.name.end_with?(".specification") }
|
|
128
|
-
reject { |f| f.name.end_with?(".lock") }
|
|
129
|
-
reject { |f| f.name.end_with?(".ruby-version") }
|
|
130
|
-
reject { |f| f.name == "Gemfile" }
|
|
131
|
-
reject { |f| f.name == "gems.rb" }
|
|
132
|
-
reject { |f| f.name == "gems.locked" }
|
|
126
|
+
dependency_files
|
|
127
|
+
.reject { |f| f.name.end_with?(".gemspec") }
|
|
128
|
+
.reject { |f| f.name.end_with?(".specification") }
|
|
129
|
+
.reject { |f| f.name.end_with?(".lock") }
|
|
130
|
+
.reject { |f| f.name.end_with?(".ruby-version") }
|
|
131
|
+
.reject { |f| f.name == "Gemfile" }
|
|
132
|
+
.reject { |f| f.name == "gems.rb" }
|
|
133
|
+
.reject { |f| f.name == "gems.locked" }
|
|
133
134
|
end
|
|
134
135
|
|
|
135
136
|
def updated_gemfile_content(file)
|
|
@@ -158,8 +159,8 @@ module Dependabot
|
|
|
158
159
|
end
|
|
159
160
|
|
|
160
161
|
def top_level_gemspecs
|
|
161
|
-
dependency_files
|
|
162
|
-
select { |file| file.name.end_with?(".gemspec") }
|
|
162
|
+
dependency_files
|
|
163
|
+
.select { |file| file.name.end_with?(".gemspec") }
|
|
163
164
|
end
|
|
164
165
|
|
|
165
166
|
def bundler_version
|
|
@@ -169,5 +170,5 @@ module Dependabot
|
|
|
169
170
|
end
|
|
170
171
|
end
|
|
171
172
|
|
|
172
|
-
Dependabot::FileUpdaters
|
|
173
|
-
register("bundler", Dependabot::Bundler::FileUpdater)
|
|
173
|
+
Dependabot::FileUpdaters
|
|
174
|
+
.register("bundler", Dependabot::Bundler::FileUpdater)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "excon"
|
|
@@ -61,10 +62,10 @@ module Dependabot
|
|
|
61
62
|
end
|
|
62
63
|
|
|
63
64
|
def find_source_from_rubygems_api_response
|
|
64
|
-
source_url = rubygems_api_response
|
|
65
|
-
values_at(*SOURCE_KEYS)
|
|
66
|
-
compact
|
|
67
|
-
find { |url| Source.from_url(url) }
|
|
65
|
+
source_url = rubygems_api_response
|
|
66
|
+
.values_at(*SOURCE_KEYS)
|
|
67
|
+
.compact
|
|
68
|
+
.find { |url| Source.from_url(url) }
|
|
68
69
|
|
|
69
70
|
Source.from_url(source_url)
|
|
70
71
|
end
|
|
@@ -80,10 +81,10 @@ module Dependabot
|
|
|
80
81
|
github_urls = []
|
|
81
82
|
return unless rubygems_marshalled_gemspec_response
|
|
82
83
|
|
|
83
|
-
rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
84
|
+
rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
|
|
85
|
+
.scan(Source::SOURCE_REGEX) do
|
|
86
|
+
github_urls << Regexp.last_match.to_s
|
|
87
|
+
end
|
|
87
88
|
|
|
88
89
|
source_url = github_urls.find do |url|
|
|
89
90
|
repo = Source.from_url(url).repo
|
|
@@ -98,11 +99,11 @@ module Dependabot
|
|
|
98
99
|
github_urls = []
|
|
99
100
|
return unless rubygems_marshalled_gemspec_response
|
|
100
101
|
|
|
101
|
-
rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
102
|
+
rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
|
|
103
|
+
.scan(Dependabot::Source::SOURCE_REGEX) do
|
|
104
|
+
github_urls << (Regexp.last_match.to_s +
|
|
105
|
+
Regexp.last_match.post_match.split("\n").first)
|
|
106
|
+
end
|
|
106
107
|
|
|
107
108
|
github_urls.find do |url|
|
|
108
109
|
names = MetadataFinders::Base::ChangelogFinder::CHANGELOG_NAMES
|
|
@@ -172,10 +173,10 @@ module Dependabot
|
|
|
172
173
|
|
|
173
174
|
digest = parsed_body.values_at("version", "authors", "info").hash
|
|
174
175
|
|
|
175
|
-
source_url = parsed_body
|
|
176
|
-
values_at(*SOURCE_KEYS)
|
|
177
|
-
compact
|
|
178
|
-
find { |url| Source.from_url(url) }
|
|
176
|
+
source_url = parsed_body
|
|
177
|
+
.values_at(*SOURCE_KEYS)
|
|
178
|
+
.compact
|
|
179
|
+
.find { |url| Source.from_url(url) }
|
|
179
180
|
return response_body if source_url
|
|
180
181
|
|
|
181
182
|
rubygems_response =
|
|
@@ -212,10 +213,10 @@ module Dependabot
|
|
|
212
213
|
registry_host = URI(registry_url).host
|
|
213
214
|
|
|
214
215
|
token =
|
|
215
|
-
credentials
|
|
216
|
-
select { |cred| cred["type"] == "rubygems_server" }
|
|
217
|
-
find { |cred| registry_host == cred["host"] }
|
|
218
|
-
fetch("token", nil)
|
|
216
|
+
credentials
|
|
217
|
+
.select { |cred| cred["type"] == "rubygems_server" }
|
|
218
|
+
.find { |cred| registry_host == cred["host"] }
|
|
219
|
+
&.fetch("token", nil)
|
|
219
220
|
|
|
220
221
|
return {} unless token
|
|
221
222
|
|
|
@@ -227,5 +228,5 @@ module Dependabot
|
|
|
227
228
|
end
|
|
228
229
|
end
|
|
229
230
|
|
|
230
|
-
Dependabot::MetadataFinders
|
|
231
|
-
register("bundler", Dependabot::Bundler::MetadataFinder)
|
|
231
|
+
Dependabot::MetadataFinders
|
|
232
|
+
.register("bundler", Dependabot::Bundler::MetadataFinder)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "bundler"
|
|
@@ -37,9 +38,9 @@ module Dependabot
|
|
|
37
38
|
# Run helper suprocess with all bundler-related ENV variables removed
|
|
38
39
|
helpers_path = versioned_helper_path(bundler_version)
|
|
39
40
|
::Bundler.with_original_env do
|
|
40
|
-
command = BundleCommand
|
|
41
|
-
new(options[:timeout_per_operation_seconds])
|
|
42
|
-
build(File.join(helpers_path, "run.rb"))
|
|
41
|
+
command = BundleCommand
|
|
42
|
+
.new(options[:timeout_per_operation_seconds])
|
|
43
|
+
.build(File.join(helpers_path, "run.rb"))
|
|
43
44
|
SharedHelpers.run_helper_subprocess(
|
|
44
45
|
command: command,
|
|
45
46
|
function: function,
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/utils"
|
|
@@ -25,5 +26,5 @@ module Dependabot
|
|
|
25
26
|
end
|
|
26
27
|
end
|
|
27
28
|
|
|
28
|
-
Dependabot::Utils
|
|
29
|
-
register_requirement_class("bundler", Dependabot::Bundler::Requirement)
|
|
29
|
+
Dependabot::Utils
|
|
30
|
+
.register_requirement_class("bundler", Dependabot::Bundler::Requirement)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/dependency_file"
|
|
@@ -122,14 +123,14 @@ module Dependabot
|
|
|
122
123
|
end
|
|
123
124
|
|
|
124
125
|
def evaled_gemfiles
|
|
125
|
-
dependency_files
|
|
126
|
-
reject { |f| f.name.end_with?(".gemspec") }
|
|
127
|
-
reject { |f| f.name.end_with?(".specification") }
|
|
128
|
-
reject { |f| f.name.end_with?(".lock") }
|
|
129
|
-
reject { |f| f.name.end_with?(".ruby-version") }
|
|
130
|
-
reject { |f| f.name == "Gemfile" }
|
|
131
|
-
reject { |f| f.name == "gems.rb" }
|
|
132
|
-
reject { |f| f.name == "gems.locked" }
|
|
126
|
+
dependency_files
|
|
127
|
+
.reject { |f| f.name.end_with?(".gemspec") }
|
|
128
|
+
.reject { |f| f.name.end_with?(".specification") }
|
|
129
|
+
.reject { |f| f.name.end_with?(".lock") }
|
|
130
|
+
.reject { |f| f.name.end_with?(".ruby-version") }
|
|
131
|
+
.reject { |f| f.name == "Gemfile" }
|
|
132
|
+
.reject { |f| f.name == "gems.rb" }
|
|
133
|
+
.reject { |f| f.name == "gems.locked" }
|
|
133
134
|
end
|
|
134
135
|
|
|
135
136
|
def lockfile
|
|
@@ -142,8 +143,8 @@ module Dependabot
|
|
|
142
143
|
end
|
|
143
144
|
|
|
144
145
|
def top_level_gemspecs
|
|
145
|
-
dependency_files
|
|
146
|
-
select { |f| f.name.end_with?(".gemspec") }
|
|
146
|
+
dependency_files
|
|
147
|
+
.select { |f| f.name.end_with?(".gemspec") }
|
|
147
148
|
end
|
|
148
149
|
|
|
149
150
|
def ruby_version_file
|
|
@@ -156,9 +157,9 @@ module Dependabot
|
|
|
156
157
|
end
|
|
157
158
|
|
|
158
159
|
def imported_ruby_files
|
|
159
|
-
dependency_files
|
|
160
|
-
select { |f| f.name.end_with?(".rb") }
|
|
161
|
-
reject { |f| f.name == "gems.rb" }
|
|
160
|
+
dependency_files
|
|
161
|
+
.select { |f| f.name.end_with?(".rb") }
|
|
162
|
+
.reject { |f| f.name == "gems.rb" }
|
|
162
163
|
end
|
|
163
164
|
|
|
164
165
|
def gemfile_content_for_update_check(file)
|
|
@@ -197,9 +198,9 @@ module Dependabot
|
|
|
197
198
|
def sanitize_gemspec_content(gemspec_content)
|
|
198
199
|
new_version = replacement_version_for_gemspec(gemspec_content)
|
|
199
200
|
|
|
200
|
-
FileUpdater::GemspecSanitizer
|
|
201
|
-
new(replacement_version: new_version)
|
|
202
|
-
rewrite(gemspec_content)
|
|
201
|
+
FileUpdater::GemspecSanitizer
|
|
202
|
+
.new(replacement_version: new_version)
|
|
203
|
+
.rewrite(gemspec_content)
|
|
203
204
|
end
|
|
204
205
|
|
|
205
206
|
def updated_version_requirement_string(filename)
|
|
@@ -213,21 +214,21 @@ module Dependabot
|
|
|
213
214
|
|
|
214
215
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
215
216
|
def updated_version_req_lower_bound(filename)
|
|
216
|
-
original_req = dependency.requirements
|
|
217
|
-
|
|
218
|
-
fetch(:requirement)
|
|
217
|
+
original_req = dependency.requirements
|
|
218
|
+
.find { |r| r.fetch(:file) == filename }
|
|
219
|
+
&.fetch(:requirement)
|
|
219
220
|
|
|
220
221
|
if original_req && !unlock_requirement? then original_req
|
|
221
222
|
elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
|
|
222
223
|
elsif dependency.version then ">= #{dependency.version}"
|
|
223
224
|
else
|
|
224
225
|
version_for_requirement =
|
|
225
|
-
dependency.requirements.map { |r| r[:requirement] }
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
226
|
+
dependency.requirements.map { |r| r[:requirement] }
|
|
227
|
+
.reject { |req_string| req_string.start_with?("<") }
|
|
228
|
+
.select { |req_string| req_string.match?(VERSION_REGEX) }
|
|
229
|
+
.map { |req_string| req_string.match(VERSION_REGEX) }
|
|
230
|
+
.select { |version| Gem::Version.correct?(version) }
|
|
231
|
+
.max_by { |version| Gem::Version.new(version) }
|
|
231
232
|
|
|
232
233
|
">= #{version_for_requirement || 0}"
|
|
233
234
|
end
|
|
@@ -249,8 +250,8 @@ module Dependabot
|
|
|
249
250
|
|
|
250
251
|
def lock_ruby_version(gemfile_content)
|
|
251
252
|
top_level_gemspecs.each do |gs|
|
|
252
|
-
gemfile_content = FileUpdater::RubyRequirementSetter
|
|
253
|
-
new(gemspec: gs).rewrite(gemfile_content)
|
|
253
|
+
gemfile_content = FileUpdater::RubyRequirementSetter
|
|
254
|
+
.new(gemspec: gs).rewrite(gemfile_content)
|
|
254
255
|
end
|
|
255
256
|
|
|
256
257
|
gemfile_content
|
|
@@ -265,13 +266,13 @@ module Dependabot
|
|
|
265
266
|
return "0.0.1" unless lockfile
|
|
266
267
|
|
|
267
268
|
gemspec_specs =
|
|
268
|
-
::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
|
|
269
|
-
|
|
269
|
+
::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
|
|
270
|
+
.select { |s| gemspec_sources.include?(s.source.class) }
|
|
270
271
|
|
|
271
272
|
gem_name =
|
|
272
|
-
FileUpdater::GemspecDependencyNameFinder
|
|
273
|
-
new(gemspec_content: gemspec_content)
|
|
274
|
-
dependency_name
|
|
273
|
+
FileUpdater::GemspecDependencyNameFinder
|
|
274
|
+
.new(gemspec_content: gemspec_content)
|
|
275
|
+
.dependency_name
|
|
275
276
|
|
|
276
277
|
return gemspec_specs.first&.version || "0.0.1" unless gem_name
|
|
277
278
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/bundler/file_parser"
|
|
@@ -127,9 +128,9 @@ module Dependabot
|
|
|
127
128
|
end
|
|
128
129
|
|
|
129
130
|
def source_for(dependency)
|
|
130
|
-
dependency.requirements
|
|
131
|
-
|
|
132
|
-
fetch(:source)
|
|
131
|
+
dependency.requirements
|
|
132
|
+
.find { |r| r.fetch(:source) }
|
|
133
|
+
&.fetch(:source)
|
|
133
134
|
end
|
|
134
135
|
|
|
135
136
|
def gemfile
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/registry_client"
|
|
@@ -54,8 +55,8 @@ module Dependabot
|
|
|
54
55
|
return unless git?
|
|
55
56
|
|
|
56
57
|
source_details =
|
|
57
|
-
dependency.requirements.map { |r| r.fetch(:source) }
|
|
58
|
-
|
|
58
|
+
dependency.requirements.map { |r| r.fetch(:source) }
|
|
59
|
+
.uniq.compact.first
|
|
59
60
|
|
|
60
61
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
61
62
|
in_a_native_bundler_context do |tmp_dir|
|
|
@@ -89,8 +90,8 @@ module Dependabot
|
|
|
89
90
|
url: dependency_rubygems_uri
|
|
90
91
|
)
|
|
91
92
|
|
|
92
|
-
JSON.parse(response.body)
|
|
93
|
-
|
|
93
|
+
JSON.parse(response.body)
|
|
94
|
+
.map { |d| Gem::Version.new(d["number"]) }
|
|
94
95
|
end
|
|
95
96
|
rescue JSON::ParserError, Excon::Error::Timeout
|
|
96
97
|
@rubygems_versions = []
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "excon"
|
|
@@ -71,8 +72,8 @@ module Dependabot
|
|
|
71
72
|
end
|
|
72
73
|
|
|
73
74
|
def filter_ignored_versions(versions_array)
|
|
74
|
-
filtered = versions_array
|
|
75
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
75
|
+
filtered = versions_array
|
|
76
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
|
76
77
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
|
|
77
78
|
raise AllVersionsIgnored
|
|
78
79
|
end
|
|
@@ -83,8 +84,8 @@ module Dependabot
|
|
|
83
84
|
def filter_lower_versions(versions_array)
|
|
84
85
|
return versions_array unless dependency.numeric_version
|
|
85
86
|
|
|
86
|
-
versions_array
|
|
87
|
-
select { |version| version > dependency.numeric_version }
|
|
87
|
+
versions_array
|
|
88
|
+
.select { |version| version > dependency.numeric_version }
|
|
88
89
|
end
|
|
89
90
|
|
|
90
91
|
def wants_prerelease?
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/bundler/update_checker"
|
|
@@ -112,17 +113,17 @@ module Dependabot
|
|
|
112
113
|
end
|
|
113
114
|
|
|
114
115
|
def at_same_precision(new_version, old_version)
|
|
115
|
-
release_precision = old_version.to_s.split(".")
|
|
116
|
-
|
|
116
|
+
release_precision = old_version.to_s.split(".")
|
|
117
|
+
.take_while { |i| i.match?(/^\d+$/) }.count
|
|
117
118
|
prerelease_precision =
|
|
118
119
|
old_version.to_s.split(".").count - release_precision
|
|
119
120
|
|
|
120
121
|
new_release =
|
|
121
122
|
new_version.to_s.split(".").first(release_precision)
|
|
122
123
|
new_prerelease =
|
|
123
|
-
new_version.to_s.split(".")
|
|
124
|
-
|
|
125
|
-
|
|
124
|
+
new_version.to_s.split(".")
|
|
125
|
+
.drop_while { |i| i.match?(/^\d+$/) }
|
|
126
|
+
.first([prerelease_precision, 1].max)
|
|
126
127
|
|
|
127
128
|
[*new_release, *new_prerelease].join(".")
|
|
128
129
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "excon"
|
|
@@ -46,9 +47,9 @@ module Dependabot
|
|
|
46
47
|
#########################
|
|
47
48
|
|
|
48
49
|
def in_a_native_bundler_context(error_handling: true)
|
|
49
|
-
SharedHelpers
|
|
50
|
-
in_a_temporary_repo_directory(base_directory,
|
|
51
|
-
|
|
50
|
+
SharedHelpers
|
|
51
|
+
.in_a_temporary_repo_directory(base_directory,
|
|
52
|
+
repo_contents_path) do |tmp_dir|
|
|
52
53
|
write_temporary_dependency_files
|
|
53
54
|
|
|
54
55
|
yield(tmp_dir)
|
|
@@ -92,24 +93,24 @@ module Dependabot
|
|
|
92
93
|
raise Dependabot::DependencyFileNotEvaluatable, msg
|
|
93
94
|
when "Bundler::Source::Git::MissingGitRevisionError"
|
|
94
95
|
gem_name =
|
|
95
|
-
error.message.match(GIT_REF_REGEX)
|
|
96
|
-
|
|
97
|
-
|
|
96
|
+
error.message.match(GIT_REF_REGEX)
|
|
97
|
+
.named_captures["path"]
|
|
98
|
+
.split("/").last
|
|
98
99
|
raise GitDependencyReferenceNotFound, gem_name
|
|
99
100
|
when "Bundler::PathError"
|
|
100
101
|
gem_name =
|
|
101
|
-
error.message.match(PATH_REGEX)
|
|
102
|
-
|
|
103
|
-
|
|
102
|
+
error.message.match(PATH_REGEX)
|
|
103
|
+
.named_captures["path"]
|
|
104
|
+
.split("/").last.split("-")[0..-2].join
|
|
104
105
|
raise Dependabot::PathDependenciesNotReachable, [gem_name]
|
|
105
106
|
when "Bundler::Source::Git::GitCommandError"
|
|
106
107
|
if error.message.match?(GIT_REGEX)
|
|
107
108
|
# We couldn't find the specified branch / commit (or the two
|
|
108
109
|
# weren't compatible).
|
|
109
110
|
gem_name =
|
|
110
|
-
error.message.match(GIT_REGEX)
|
|
111
|
-
|
|
112
|
-
|
|
111
|
+
error.message.match(GIT_REGEX)
|
|
112
|
+
.named_captures["path"]
|
|
113
|
+
.split("/").last.split("-")[0..-2].join
|
|
113
114
|
raise GitDependencyReferenceNotFound, gem_name
|
|
114
115
|
end
|
|
115
116
|
|
|
@@ -219,8 +220,8 @@ module Dependabot
|
|
|
219
220
|
end
|
|
220
221
|
|
|
221
222
|
def private_registry_credentials
|
|
222
|
-
credentials
|
|
223
|
-
select { |cred| cred["type"] == "rubygems_server" }
|
|
223
|
+
credentials
|
|
224
|
+
.select { |cred| cred["type"] == "rubygems_server" }
|
|
224
225
|
end
|
|
225
226
|
|
|
226
227
|
def gemfile
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "excon"
|
|
@@ -203,9 +204,9 @@ module Dependabot
|
|
|
203
204
|
return false unless versions.status == 200
|
|
204
205
|
|
|
205
206
|
ruby_requirement =
|
|
206
|
-
JSON.parse(versions.body)
|
|
207
|
-
|
|
208
|
-
fetch("ruby_version", nil)
|
|
207
|
+
JSON.parse(versions.body)
|
|
208
|
+
.find { |version| version["number"] == details[:version] }
|
|
209
|
+
&.fetch("ruby_version", nil)
|
|
209
210
|
|
|
210
211
|
# Give the benefit of the doubt if we can't find the version's
|
|
211
212
|
# required Ruby version.
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/update_checkers"
|
|
@@ -28,8 +29,8 @@ module Dependabot
|
|
|
28
29
|
end
|
|
29
30
|
|
|
30
31
|
def lowest_security_fix_version
|
|
31
|
-
latest_version_finder(remove_git_source: false)
|
|
32
|
-
lowest_security_fix_version
|
|
32
|
+
latest_version_finder(remove_git_source: false)
|
|
33
|
+
.lowest_security_fix_version
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def lowest_resolvable_security_fix_version
|
|
@@ -37,8 +38,8 @@ module Dependabot
|
|
|
37
38
|
return latest_resolvable_version if git_dependency?
|
|
38
39
|
|
|
39
40
|
lowest_fix =
|
|
40
|
-
latest_version_finder(remove_git_source: false)
|
|
41
|
-
lowest_security_fix_version
|
|
41
|
+
latest_version_finder(remove_git_source: false)
|
|
42
|
+
.lowest_security_fix_version
|
|
42
43
|
return unless lowest_fix
|
|
43
44
|
|
|
44
45
|
resolvable?(lowest_fix) ? lowest_fix : latest_resolvable_version
|
|
@@ -49,8 +50,8 @@ module Dependabot
|
|
|
49
50
|
return current_ver if git_dependency? && git_commit_checker.pinned?
|
|
50
51
|
|
|
51
52
|
@latest_resolvable_version_detail_with_no_unlock ||=
|
|
52
|
-
version_resolver(remove_git_source: false, unlock_requirement: false)
|
|
53
|
-
latest_resolvable_version_details
|
|
53
|
+
version_resolver(remove_git_source: false, unlock_requirement: false)
|
|
54
|
+
.latest_resolvable_version_details
|
|
54
55
|
|
|
55
56
|
if git_dependency?
|
|
56
57
|
@latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
|
|
@@ -76,17 +77,17 @@ module Dependabot
|
|
|
76
77
|
return true if requirements_unlocked?
|
|
77
78
|
return false if requirements_update_strategy == :lockfile_only
|
|
78
79
|
|
|
79
|
-
dependency.specific_requirements
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
80
|
+
dependency.specific_requirements
|
|
81
|
+
.all? do |req|
|
|
82
|
+
file = dependency_files.find { |f| f.name == req.fetch(:file) }
|
|
83
|
+
updated = FileUpdater::RequirementReplacer.new(
|
|
84
|
+
dependency: dependency,
|
|
85
|
+
file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
|
|
86
|
+
updated_requirement: "whatever"
|
|
87
|
+
).rewrite(file.content)
|
|
87
88
|
|
|
88
|
-
|
|
89
|
-
|
|
89
|
+
updated != file.content
|
|
90
|
+
end
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def requirements_update_strategy
|
|
@@ -193,21 +194,21 @@ module Dependabot
|
|
|
193
194
|
def latest_version_details(remove_git_source: false)
|
|
194
195
|
@latest_version_details ||= {}
|
|
195
196
|
@latest_version_details[remove_git_source] ||=
|
|
196
|
-
latest_version_finder(remove_git_source: remove_git_source)
|
|
197
|
-
latest_version_details
|
|
197
|
+
latest_version_finder(remove_git_source: remove_git_source)
|
|
198
|
+
.latest_version_details
|
|
198
199
|
end
|
|
199
200
|
|
|
200
201
|
def latest_resolvable_version_details(remove_git_source: false)
|
|
201
202
|
@latest_resolvable_version_details ||= {}
|
|
202
203
|
@latest_resolvable_version_details[remove_git_source] ||=
|
|
203
|
-
version_resolver(remove_git_source: remove_git_source)
|
|
204
|
-
latest_resolvable_version_details
|
|
204
|
+
version_resolver(remove_git_source: remove_git_source)
|
|
205
|
+
.latest_resolvable_version_details
|
|
205
206
|
end
|
|
206
207
|
|
|
207
208
|
def latest_version_for_git_dependency
|
|
208
209
|
latest_release =
|
|
209
|
-
latest_version_details(remove_git_source: true)
|
|
210
|
-
fetch(:version)
|
|
210
|
+
latest_version_details(remove_git_source: true)
|
|
211
|
+
&.fetch(:version)
|
|
211
212
|
|
|
212
213
|
# If there's been a release that includes the current pinned ref or
|
|
213
214
|
# that the current branch is behind, we switch to that release.
|
|
@@ -258,8 +259,8 @@ module Dependabot
|
|
|
258
259
|
def latest_resolvable_version_without_git_source
|
|
259
260
|
return nil unless latest_version.is_a?(Gem::Version)
|
|
260
261
|
|
|
261
|
-
latest_resolvable_version_details(remove_git_source: true)
|
|
262
|
-
fetch(:version)
|
|
262
|
+
latest_resolvable_version_details(remove_git_source: true)
|
|
263
|
+
&.fetch(:version)
|
|
263
264
|
rescue Dependabot::DependencyFileNotResolvable
|
|
264
265
|
nil
|
|
265
266
|
end
|
|
@@ -384,5 +385,5 @@ module Dependabot
|
|
|
384
385
|
end
|
|
385
386
|
end
|
|
386
387
|
|
|
387
|
-
Dependabot::UpdateCheckers
|
|
388
|
-
register("bundler", Dependabot::Bundler::UpdateChecker)
|
|
388
|
+
Dependabot::UpdateCheckers
|
|
389
|
+
.register("bundler", Dependabot::Bundler::UpdateChecker)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/version"
|
|
@@ -10,5 +11,5 @@ module Dependabot
|
|
|
10
11
|
end
|
|
11
12
|
end
|
|
12
13
|
|
|
13
|
-
Dependabot::Utils
|
|
14
|
-
register_version_class("bundler", Dependabot::Bundler::Version)
|
|
14
|
+
Dependabot::Utils
|
|
15
|
+
.register_version_class("bundler", Dependabot::Bundler::Version)
|
data/lib/dependabot/bundler.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
|
@@ -11,8 +12,8 @@ require "dependabot/bundler/requirement"
|
|
|
11
12
|
require "dependabot/bundler/version"
|
|
12
13
|
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
|
15
|
-
register_label_details("bundler", name: "ruby", colour: "ce2d2d")
|
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
|
16
|
+
.register_label_details("bundler", name: "ruby", colour: "ce2d2d")
|
|
16
17
|
|
|
17
18
|
require "dependabot/dependency"
|
|
18
19
|
Dependabot::Dependency.register_production_check(
|