dependabot-bundler 0.230.0 → 0.232.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +1 -0
- data/helpers/v1/lib/functions/dependency_source.rb +10 -9
- data/helpers/v1/lib/functions/file_parser.rb +8 -7
- data/helpers/v1/lib/functions/force_updater.rb +22 -21
- data/helpers/v1/lib/functions/lockfile_updater.rb +12 -11
- data/helpers/v1/lib/functions/version_resolver.rb +7 -6
- data/helpers/v1/lib/functions.rb +16 -15
- data/helpers/v1/monkey_patches/definition_bundler_version_patch.rb +3 -2
- data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +1 -0
- data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +4 -3
- data/helpers/v1/monkey_patches/git_source_patch.rb +3 -2
- data/helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb +1 -0
- data/helpers/v1/run.rb +1 -0
- data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +1 -0
- data/helpers/v1/spec/functions/dependency_source_spec.rb +66 -65
- data/helpers/v1/spec/functions/file_parser_spec.rb +1 -0
- data/helpers/v1/spec/functions/force_updater_spec.rb +1 -0
- data/helpers/v1/spec/functions/version_resolver_spec.rb +15 -14
- data/helpers/v1/spec/native_spec_helper.rb +1 -0
- data/helpers/v1/spec/shared_contexts.rb +7 -6
- data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +1 -0
- data/helpers/v2/lib/functions/dependency_source.rb +10 -9
- data/helpers/v2/lib/functions/file_parser.rb +8 -7
- data/helpers/v2/lib/functions/force_updater.rb +10 -9
- data/helpers/v2/lib/functions/lockfile_updater.rb +5 -4
- data/helpers/v2/lib/functions/version_resolver.rb +7 -6
- data/helpers/v2/lib/functions.rb +16 -15
- data/helpers/v2/monkey_patches/definition_bundler_version_patch.rb +1 -0
- data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb +1 -0
- data/helpers/v2/monkey_patches/git_source_patch.rb +3 -2
- data/helpers/v2/run.rb +1 -0
- data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +1 -0
- data/helpers/v2/spec/functions/dependency_source_spec.rb +67 -66
- data/helpers/v2/spec/functions/file_parser_spec.rb +1 -0
- data/helpers/v2/spec/functions/force_updater_spec.rb +1 -0
- data/helpers/v2/spec/functions/version_resolver_spec.rb +19 -18
- data/helpers/v2/spec/functions_spec.rb +1 -0
- data/helpers/v2/spec/native_spec_helper.rb +1 -0
- data/helpers/v2/spec/shared_contexts.rb +7 -6
- data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +1 -0
- data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +3 -2
- data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +3 -2
- data/lib/dependabot/bundler/file_fetcher/require_relative_finder.rb +1 -0
- data/lib/dependabot/bundler/file_fetcher.rb +25 -24
- data/lib/dependabot/bundler/file_parser/file_preparer.rb +15 -14
- data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +1 -0
- data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +1 -0
- data/lib/dependabot/bundler/file_parser.rb +23 -22
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +19 -18
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +1 -0
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +8 -7
- data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +7 -6
- data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +4 -3
- data/lib/dependabot/bundler/file_updater/git_source_remover.rb +1 -0
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +22 -21
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +5 -4
- data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +4 -3
- data/lib/dependabot/bundler/file_updater.rb +16 -15
- data/lib/dependabot/bundler/helpers.rb +1 -0
- data/lib/dependabot/bundler/metadata_finder.rb +24 -23
- data/lib/dependabot/bundler/native_helpers.rb +4 -3
- data/lib/dependabot/bundler/requirement.rb +3 -2
- data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +1 -0
- data/lib/dependabot/bundler/update_checker/file_preparer.rb +33 -32
- data/lib/dependabot/bundler/update_checker/force_updater.rb +4 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -4
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +5 -4
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +6 -5
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +15 -14
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +4 -3
- data/lib/dependabot/bundler/update_checker.rb +27 -26
- data/lib/dependabot/bundler/version.rb +3 -2
- data/lib/dependabot/bundler.rb +3 -2
- metadata +19 -5
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "tmpdir"
|
|
@@ -29,8 +30,8 @@ end
|
|
|
29
30
|
RSpec.shared_context "without caching rubygems" do
|
|
30
31
|
before do
|
|
31
32
|
# Stub Bundler to stop it using a cached versions of Rubygems
|
|
32
|
-
allow_any_instance_of(Bundler::CompactIndexClient::Updater)
|
|
33
|
-
to receive(:etag_for).and_return("")
|
|
33
|
+
allow_any_instance_of(Bundler::CompactIndexClient::Updater)
|
|
34
|
+
.to receive(:etag_for).and_return("")
|
|
34
35
|
end
|
|
35
36
|
end
|
|
36
37
|
|
|
@@ -39,8 +40,8 @@ RSpec.shared_context "stub rubygems compact index" do
|
|
|
39
40
|
|
|
40
41
|
before do
|
|
41
42
|
# Stub the Rubygems index
|
|
42
|
-
stub_request(:get, "https://index.rubygems.org/versions")
|
|
43
|
-
to_return(
|
|
43
|
+
stub_request(:get, "https://index.rubygems.org/versions")
|
|
44
|
+
.to_return(
|
|
44
45
|
status: 200,
|
|
45
46
|
body: fixture("rubygems_responses", "index")
|
|
46
47
|
)
|
|
@@ -50,8 +51,8 @@ RSpec.shared_context "stub rubygems compact index" do
|
|
|
50
51
|
Dir[File.join("../../spec", "fixtures", "rubygems_responses", "info-*")]
|
|
51
52
|
fixtures.each do |path|
|
|
52
53
|
dep_name = path.split("/").last.gsub("info-", "")
|
|
53
|
-
stub_request(:get, "https://index.rubygems.org/info/#{dep_name}")
|
|
54
|
-
to_return(
|
|
54
|
+
stub_request(:get, "https://index.rubygems.org/info/#{dep_name}")
|
|
55
|
+
.to_return(
|
|
55
56
|
status: 200,
|
|
56
57
|
body: fixture("rubygems_responses", "info-#{dep_name}")
|
|
57
58
|
)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "pathname"
|
|
@@ -78,8 +79,8 @@ module Dependabot
|
|
|
78
79
|
kwargs_node = node.children.last
|
|
79
80
|
|
|
80
81
|
path_hash_pair =
|
|
81
|
-
kwargs_node.children
|
|
82
|
-
|
|
82
|
+
kwargs_node.children
|
|
83
|
+
.find { |hash_pair| key_from_hash_pair(hash_pair) == :path }
|
|
83
84
|
|
|
84
85
|
return unless path_hash_pair
|
|
85
86
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "pathname"
|
|
@@ -77,8 +78,8 @@ module Dependabot
|
|
|
77
78
|
kwargs_node = node.children.last
|
|
78
79
|
|
|
79
80
|
path_hash_pair =
|
|
80
|
-
kwargs_node.children
|
|
81
|
-
|
|
81
|
+
kwargs_node.children
|
|
82
|
+
.find { |hash_pair| key_from_hash_pair(hash_pair) == :path }
|
|
82
83
|
|
|
83
84
|
return unless path_hash_pair
|
|
84
85
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/file_fetchers"
|
|
@@ -56,15 +57,15 @@ module Dependabot
|
|
|
56
57
|
|
|
57
58
|
def uniq_files(fetched_files)
|
|
58
59
|
uniq_files = fetched_files.reject(&:support_file?).uniq
|
|
59
|
-
uniq_files += fetched_files
|
|
60
|
-
reject { |f| uniq_files.map(&:name).include?(f.name) }
|
|
60
|
+
uniq_files += fetched_files
|
|
61
|
+
.reject { |f| uniq_files.map(&:name).include?(f.name) }
|
|
61
62
|
end
|
|
62
63
|
|
|
63
64
|
def check_required_files_present
|
|
64
65
|
return if gemfile || gemspecs.any?
|
|
65
66
|
|
|
66
|
-
path = Pathname.new(File.join(directory, "Gemfile"))
|
|
67
|
-
|
|
67
|
+
path = Pathname.new(File.join(directory, "Gemfile"))
|
|
68
|
+
.cleanpath.to_path
|
|
68
69
|
raise Dependabot::DependencyFileNotFound, path
|
|
69
70
|
end
|
|
70
71
|
|
|
@@ -84,11 +85,11 @@ module Dependabot
|
|
|
84
85
|
return @gemspecs if defined?(@gemspecs)
|
|
85
86
|
|
|
86
87
|
gemspecs_paths =
|
|
87
|
-
gemspec_directories
|
|
88
|
-
flat_map do |d|
|
|
89
|
-
repo_contents(dir: d)
|
|
90
|
-
select { |f| f.name.end_with?(".gemspec") }
|
|
91
|
-
map { |f| File.join(d, f.name) }
|
|
88
|
+
gemspec_directories
|
|
89
|
+
.flat_map do |d|
|
|
90
|
+
repo_contents(dir: d)
|
|
91
|
+
.select { |f| f.name.end_with?(".gemspec") }
|
|
92
|
+
.map { |f| File.join(d, f.name) }
|
|
92
93
|
end
|
|
93
94
|
|
|
94
95
|
@gemspecs = gemspecs_paths.map { |n| fetch_file_from_host(n) }
|
|
@@ -111,8 +112,8 @@ module Dependabot
|
|
|
111
112
|
return unless gemfile.content.include?(".ruby-version")
|
|
112
113
|
|
|
113
114
|
@ruby_version_file ||=
|
|
114
|
-
fetch_file_if_present(".ruby-version")
|
|
115
|
-
tap { |f| f.support_file = true }
|
|
115
|
+
fetch_file_if_present(".ruby-version")
|
|
116
|
+
&.tap { |f| f.support_file = true }
|
|
116
117
|
end
|
|
117
118
|
|
|
118
119
|
def path_gemspecs
|
|
@@ -125,8 +126,8 @@ module Dependabot
|
|
|
125
126
|
|
|
126
127
|
# Get any gemspecs nested one level deeper
|
|
127
128
|
nested_directories =
|
|
128
|
-
repo_contents(dir: path)
|
|
129
|
-
select { |f| f.type == "dir" }
|
|
129
|
+
repo_contents(dir: path)
|
|
130
|
+
.select { |f| f.type == "dir" }
|
|
130
131
|
|
|
131
132
|
nested_directories.each do |dir|
|
|
132
133
|
dir_path = File.join(path, dir.name)
|
|
@@ -159,24 +160,24 @@ module Dependabot
|
|
|
159
160
|
end
|
|
160
161
|
|
|
161
162
|
@require_relative_files ||=
|
|
162
|
-
paths.map { |path| fetch_file_from_host(path) }
|
|
163
|
-
|
|
163
|
+
paths.map { |path| fetch_file_from_host(path) }
|
|
164
|
+
.tap { |req_files| req_files.each { |f| f.support_file = true } }
|
|
164
165
|
end
|
|
165
166
|
|
|
166
167
|
def fetch_gemspecs_from_directory(dir_path)
|
|
167
|
-
repo_contents(dir: dir_path, fetch_submodules: true)
|
|
168
|
-
select { |f| f.name.end_with?(".gemspec", ".specification") }
|
|
169
|
-
map { |f| File.join(dir_path, f.name) }
|
|
170
|
-
map { |fp| fetch_file_from_host(fp, fetch_submodules: true) }
|
|
168
|
+
repo_contents(dir: dir_path, fetch_submodules: true)
|
|
169
|
+
.select { |f| f.name.end_with?(".gemspec", ".specification") }
|
|
170
|
+
.map { |f| File.join(dir_path, f.name) }
|
|
171
|
+
.map { |fp| fetch_file_from_host(fp, fetch_submodules: true) }
|
|
171
172
|
end
|
|
172
173
|
|
|
173
174
|
def fetch_path_gemspec_paths
|
|
174
175
|
if lockfile
|
|
175
|
-
parsed_lockfile = ::Bundler::LockfileParser
|
|
176
|
-
new(sanitized_lockfile_content)
|
|
177
|
-
parsed_lockfile.specs
|
|
178
|
-
|
|
179
|
-
|
|
176
|
+
parsed_lockfile = ::Bundler::LockfileParser
|
|
177
|
+
.new(sanitized_lockfile_content)
|
|
178
|
+
parsed_lockfile.specs
|
|
179
|
+
.select { |s| s.source.instance_of?(::Bundler::Source::Path) }
|
|
180
|
+
.map { |s| s.source.path }.uniq
|
|
180
181
|
else
|
|
181
182
|
gemfiles = ([gemfile] + child_gemfiles).compact
|
|
182
183
|
gemfiles.flat_map do |file|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/dependency_file"
|
|
@@ -44,14 +45,14 @@ module Dependabot
|
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
def evaled_gemfiles
|
|
47
|
-
dependency_files
|
|
48
|
-
reject { |f| f.name.end_with?(".gemspec") }
|
|
49
|
-
reject { |f| f.name.end_with?(".specification") }
|
|
50
|
-
reject { |f| f.name.end_with?(".lock") }
|
|
51
|
-
reject { |f| f.name.end_with?(".ruby-version") }
|
|
52
|
-
reject { |f| f.name == "Gemfile" }
|
|
53
|
-
reject { |f| f.name == "gems.rb" }
|
|
54
|
-
reject { |f| f.name == "gems.locked" }
|
|
48
|
+
dependency_files
|
|
49
|
+
.reject { |f| f.name.end_with?(".gemspec") }
|
|
50
|
+
.reject { |f| f.name.end_with?(".specification") }
|
|
51
|
+
.reject { |f| f.name.end_with?(".lock") }
|
|
52
|
+
.reject { |f| f.name.end_with?(".ruby-version") }
|
|
53
|
+
.reject { |f| f.name == "Gemfile" }
|
|
54
|
+
.reject { |f| f.name == "gems.rb" }
|
|
55
|
+
.reject { |f| f.name == "gems.locked" }
|
|
55
56
|
end
|
|
56
57
|
|
|
57
58
|
def specification_files
|
|
@@ -72,17 +73,17 @@ module Dependabot
|
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def imported_ruby_files
|
|
75
|
-
dependency_files
|
|
76
|
-
select { |f| f.name.end_with?(".rb") }
|
|
77
|
-
reject { |f| f.name == "gems.rb" }
|
|
76
|
+
dependency_files
|
|
77
|
+
.select { |f| f.name.end_with?(".rb") }
|
|
78
|
+
.reject { |f| f.name == "gems.rb" }
|
|
78
79
|
end
|
|
79
80
|
|
|
80
81
|
def sanitize_gemspec_content(gemspec_content)
|
|
81
82
|
# No need to set the version correctly - this is just an update
|
|
82
83
|
# check so we're not going to persist any changes to the lockfile.
|
|
83
|
-
FileUpdater::GemspecSanitizer
|
|
84
|
-
new(replacement_version: "0.0.1")
|
|
85
|
-
rewrite(gemspec_content)
|
|
84
|
+
FileUpdater::GemspecSanitizer
|
|
85
|
+
.new(replacement_version: "0.0.1")
|
|
86
|
+
.rewrite(gemspec_content)
|
|
86
87
|
end
|
|
87
88
|
end
|
|
88
89
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/dependency"
|
|
@@ -188,8 +189,8 @@ module Dependabot
|
|
|
188
189
|
|
|
189
190
|
def prepared_dependency_files
|
|
190
191
|
@prepared_dependency_files ||=
|
|
191
|
-
FilePreparer.new(dependency_files: dependency_files)
|
|
192
|
-
|
|
192
|
+
FilePreparer.new(dependency_files: dependency_files)
|
|
193
|
+
.prepared_dependency_files
|
|
193
194
|
end
|
|
194
195
|
|
|
195
196
|
def write_temporary_dependency_files
|
|
@@ -238,14 +239,14 @@ module Dependabot
|
|
|
238
239
|
end
|
|
239
240
|
|
|
240
241
|
def evaled_gemfiles
|
|
241
|
-
dependency_files
|
|
242
|
-
reject { |f| f.name.end_with?(".gemspec") }
|
|
243
|
-
reject { |f| f.name.end_with?(".specification") }
|
|
244
|
-
reject { |f| f.name.end_with?(".lock") }
|
|
245
|
-
reject { |f| f.name.end_with?(".ruby-version") }
|
|
246
|
-
reject { |f| f.name == "Gemfile" }
|
|
247
|
-
reject { |f| f.name == "gems.rb" }
|
|
248
|
-
reject { |f| f.name == "gems.locked" }
|
|
242
|
+
dependency_files
|
|
243
|
+
.reject { |f| f.name.end_with?(".gemspec") }
|
|
244
|
+
.reject { |f| f.name.end_with?(".specification") }
|
|
245
|
+
.reject { |f| f.name.end_with?(".lock") }
|
|
246
|
+
.reject { |f| f.name.end_with?(".ruby-version") }
|
|
247
|
+
.reject { |f| f.name == "Gemfile" }
|
|
248
|
+
.reject { |f| f.name == "gems.rb" }
|
|
249
|
+
.reject { |f| f.name == "gems.locked" }
|
|
249
250
|
end
|
|
250
251
|
|
|
251
252
|
def lockfile
|
|
@@ -260,10 +261,10 @@ module Dependabot
|
|
|
260
261
|
|
|
261
262
|
def production_dep_names
|
|
262
263
|
@production_dep_names ||=
|
|
263
|
-
(gemfile_dependencies + gemspec_dependencies).dependencies
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
264
|
+
(gemfile_dependencies + gemspec_dependencies).dependencies
|
|
265
|
+
.select { |dep| production?(dep) }
|
|
266
|
+
.flat_map { |dep| expanded_dependency_names(dep) }
|
|
267
|
+
.uniq
|
|
267
268
|
end
|
|
268
269
|
|
|
269
270
|
def expanded_dependency_names(dep)
|
|
@@ -277,9 +278,9 @@ module Dependabot
|
|
|
277
278
|
end
|
|
278
279
|
|
|
279
280
|
def production?(dependency)
|
|
280
|
-
groups = dependency.requirements
|
|
281
|
-
|
|
282
|
-
|
|
281
|
+
groups = dependency.requirements
|
|
282
|
+
.flat_map { |r| r.fetch(:groups) }
|
|
283
|
+
.map(&:to_s)
|
|
283
284
|
|
|
284
285
|
return true if groups.empty?
|
|
285
286
|
return true if groups.include?("runtime")
|
|
@@ -296,14 +297,14 @@ module Dependabot
|
|
|
296
297
|
|
|
297
298
|
def gemspecs
|
|
298
299
|
# Path gemspecs are excluded (they're supporting files)
|
|
299
|
-
@gemspecs ||= prepared_dependency_files
|
|
300
|
-
select { |file| file.name.end_with?(".gemspec") }
|
|
300
|
+
@gemspecs ||= prepared_dependency_files
|
|
301
|
+
.select { |file| file.name.end_with?(".gemspec") }
|
|
301
302
|
end
|
|
302
303
|
|
|
303
304
|
def imported_ruby_files
|
|
304
|
-
dependency_files
|
|
305
|
-
select { |f| f.name.end_with?(".rb") }
|
|
306
|
-
reject { |f| f.name == "gems.rb" }
|
|
305
|
+
dependency_files
|
|
306
|
+
.select { |f| f.name.end_with?(".rb") }
|
|
307
|
+
.reject { |f| f.name == "gems.rb" }
|
|
307
308
|
end
|
|
308
309
|
|
|
309
310
|
def bundler_version
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -43,14 +44,14 @@ module Dependabot
|
|
|
43
44
|
return content unless requirement_changed?(file, dependency)
|
|
44
45
|
|
|
45
46
|
updated_requirement =
|
|
46
|
-
dependency.requirements
|
|
47
|
-
|
|
48
|
-
|
|
47
|
+
dependency.requirements
|
|
48
|
+
.find { |r| r[:file] == file.name }
|
|
49
|
+
.fetch(:requirement)
|
|
49
50
|
|
|
50
51
|
previous_requirement =
|
|
51
|
-
dependency.previous_requirements
|
|
52
|
-
|
|
53
|
-
|
|
52
|
+
dependency.previous_requirements
|
|
53
|
+
.find { |r| r[:file] == file.name }
|
|
54
|
+
.fetch(:requirement)
|
|
54
55
|
|
|
55
56
|
RequirementReplacer.new(
|
|
56
57
|
dependency: dependency,
|
|
@@ -69,22 +70,22 @@ module Dependabot
|
|
|
69
70
|
|
|
70
71
|
def remove_git_source?(dependency)
|
|
71
72
|
old_gemfile_req =
|
|
72
|
-
dependency.previous_requirements
|
|
73
|
-
|
|
73
|
+
dependency.previous_requirements
|
|
74
|
+
.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
74
75
|
|
|
75
76
|
return false unless old_gemfile_req&.dig(:source, :type) == "git"
|
|
76
77
|
|
|
77
78
|
new_gemfile_req =
|
|
78
|
-
dependency.requirements
|
|
79
|
-
|
|
79
|
+
dependency.requirements
|
|
80
|
+
.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
80
81
|
|
|
81
82
|
new_gemfile_req[:source].nil?
|
|
82
83
|
end
|
|
83
84
|
|
|
84
85
|
def update_git_pin?(dependency, file)
|
|
85
86
|
new_gemfile_req =
|
|
86
|
-
dependency.requirements
|
|
87
|
-
|
|
87
|
+
dependency.requirements
|
|
88
|
+
.find { |f| f[:file] == file.name }
|
|
88
89
|
return false unless new_gemfile_req&.dig(:source, :type) == "git"
|
|
89
90
|
|
|
90
91
|
# If the new requirement is a git dependency with a ref then there's
|
|
@@ -98,13 +99,13 @@ module Dependabot
|
|
|
98
99
|
|
|
99
100
|
def update_gemfile_git_pin(dependency, file, content)
|
|
100
101
|
new_pin =
|
|
101
|
-
dependency.requirements
|
|
102
|
-
|
|
103
|
-
|
|
102
|
+
dependency.requirements
|
|
103
|
+
.find { |f| f[:file] == file.name }
|
|
104
|
+
.fetch(:source).fetch(:ref)
|
|
104
105
|
|
|
105
|
-
GitPinReplacer
|
|
106
|
-
new(dependency: dependency, new_pin: new_pin)
|
|
107
|
-
rewrite(content)
|
|
106
|
+
GitPinReplacer
|
|
107
|
+
.new(dependency: dependency, new_pin: new_pin)
|
|
108
|
+
.rewrite(content)
|
|
108
109
|
end
|
|
109
110
|
end
|
|
110
111
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "parser/current"
|
|
@@ -34,9 +35,9 @@ module Dependabot
|
|
|
34
35
|
ast = Parser::CurrentRuby.new.parse(buffer)
|
|
35
36
|
|
|
36
37
|
updated_content =
|
|
37
|
-
Rewriter
|
|
38
|
-
new(replacement_version: replacement_version)
|
|
39
|
-
rewrite(buffer, ast)
|
|
38
|
+
Rewriter
|
|
39
|
+
.new(replacement_version: replacement_version)
|
|
40
|
+
.rewrite(buffer, ast)
|
|
40
41
|
|
|
41
42
|
# Remove any constants from strings
|
|
42
43
|
updated_content.gsub(
|
|
@@ -298,10 +299,10 @@ module Dependabot
|
|
|
298
299
|
return false unless node.is_a?(Parser::AST::Node)
|
|
299
300
|
return false unless node.type == :dstr
|
|
300
301
|
|
|
301
|
-
node.children
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
302
|
+
node.children
|
|
303
|
+
.select { |n| n.type == :begin }
|
|
304
|
+
.flat_map(&:children)
|
|
305
|
+
.any? { |n| node_is_version_constant?(n) }
|
|
305
306
|
end
|
|
306
307
|
|
|
307
308
|
def replace_constant(node)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -33,14 +34,14 @@ module Dependabot
|
|
|
33
34
|
return content unless requirement_changed?(gemspec, dependency)
|
|
34
35
|
|
|
35
36
|
updated_requirement =
|
|
36
|
-
dependency.requirements
|
|
37
|
-
|
|
38
|
-
|
|
37
|
+
dependency.requirements
|
|
38
|
+
.find { |r| r[:file] == gemspec.name }
|
|
39
|
+
.fetch(:requirement)
|
|
39
40
|
|
|
40
41
|
previous_requirement =
|
|
41
|
-
dependency.previous_requirements
|
|
42
|
-
|
|
43
|
-
|
|
42
|
+
dependency.previous_requirements
|
|
43
|
+
.find { |r| r[:file] == gemspec.name }
|
|
44
|
+
.fetch(:requirement)
|
|
44
45
|
|
|
45
46
|
RequirementReplacer.new(
|
|
46
47
|
dependency: dependency,
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "parser/current"
|
|
@@ -19,9 +20,9 @@ module Dependabot
|
|
|
19
20
|
buffer.source = content
|
|
20
21
|
ast = Parser::CurrentRuby.new.parse(buffer)
|
|
21
22
|
|
|
22
|
-
Rewriter
|
|
23
|
-
new(dependency: dependency, new_pin: new_pin)
|
|
24
|
-
rewrite(buffer, ast)
|
|
23
|
+
Rewriter
|
|
24
|
+
.new(dependency: dependency, new_pin: new_pin)
|
|
25
|
+
.rewrite(buffer, ast)
|
|
25
26
|
end
|
|
26
27
|
|
|
27
28
|
class Rewriter < Parser::TreeRewriter
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "bundler"
|
|
@@ -141,14 +142,14 @@ module Dependabot
|
|
|
141
142
|
end
|
|
142
143
|
|
|
143
144
|
def imported_ruby_files
|
|
144
|
-
dependency_files
|
|
145
|
-
select { |f| f.name.end_with?(".rb") }
|
|
146
|
-
reject { |f| f.name == "gems.rb" }
|
|
145
|
+
dependency_files
|
|
146
|
+
.select { |f| f.name.end_with?(".rb") }
|
|
147
|
+
.reject { |f| f.name == "gems.rb" }
|
|
147
148
|
end
|
|
148
149
|
|
|
149
150
|
def top_level_gemspecs
|
|
150
|
-
dependency_files
|
|
151
|
-
select { |file| file.name.end_with?(".gemspec") && Pathname.new(file.name).dirname.to_s == "." }
|
|
151
|
+
dependency_files
|
|
152
|
+
.select { |file| file.name.end_with?(".gemspec") && Pathname.new(file.name).dirname.to_s == "." }
|
|
152
153
|
end
|
|
153
154
|
|
|
154
155
|
def ruby_version_file
|
|
@@ -199,21 +200,21 @@ module Dependabot
|
|
|
199
200
|
def sanitized_gemspec_content(path, gemspec_content)
|
|
200
201
|
new_version = replacement_version_for_gemspec(path, gemspec_content)
|
|
201
202
|
|
|
202
|
-
GemspecSanitizer
|
|
203
|
-
new(replacement_version: new_version)
|
|
204
|
-
rewrite(gemspec_content)
|
|
203
|
+
GemspecSanitizer
|
|
204
|
+
.new(replacement_version: new_version)
|
|
205
|
+
.rewrite(gemspec_content)
|
|
205
206
|
end
|
|
206
207
|
|
|
207
208
|
def replacement_version_for_gemspec(path, gemspec_content)
|
|
208
209
|
return "0.0.1" unless lockfile
|
|
209
210
|
|
|
210
211
|
gem_name =
|
|
211
|
-
GemspecDependencyNameFinder.new(gemspec_content: gemspec_content)
|
|
212
|
-
|
|
212
|
+
GemspecDependencyNameFinder.new(gemspec_content: gemspec_content)
|
|
213
|
+
.dependency_name || File.basename(path, ".gemspec")
|
|
213
214
|
|
|
214
215
|
gemspec_specs =
|
|
215
|
-
::Bundler::LockfileParser.new(sanitized_lockfile_body).specs
|
|
216
|
-
|
|
216
|
+
::Bundler::LockfileParser.new(sanitized_lockfile_body).specs
|
|
217
|
+
.select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
|
|
217
218
|
|
|
218
219
|
gemspec_specs.first&.version || "0.0.1"
|
|
219
220
|
end
|
|
@@ -260,15 +261,15 @@ module Dependabot
|
|
|
260
261
|
|
|
261
262
|
def evaled_gemfiles
|
|
262
263
|
@evaled_gemfiles ||=
|
|
263
|
-
dependency_files
|
|
264
|
-
reject { |f| f.name.end_with?(".gemspec") }
|
|
265
|
-
reject { |f| f.name.end_with?(".specification") }
|
|
266
|
-
reject { |f| f.name.end_with?(".lock") }
|
|
267
|
-
reject { |f| f.name.end_with?(".ruby-version") }
|
|
268
|
-
reject { |f| f.name == "Gemfile" }
|
|
269
|
-
reject { |f| f.name == "gems.rb" }
|
|
270
|
-
reject { |f| f.name == "gems.locked" }
|
|
271
|
-
reject(&:support_file?)
|
|
264
|
+
dependency_files
|
|
265
|
+
.reject { |f| f.name.end_with?(".gemspec") }
|
|
266
|
+
.reject { |f| f.name.end_with?(".specification") }
|
|
267
|
+
.reject { |f| f.name.end_with?(".lock") }
|
|
268
|
+
.reject { |f| f.name.end_with?(".ruby-version") }
|
|
269
|
+
.reject { |f| f.name == "Gemfile" }
|
|
270
|
+
.reject { |f| f.name == "gems.rb" }
|
|
271
|
+
.reject { |f| f.name == "gems.locked" }
|
|
272
|
+
.reject(&:support_file?)
|
|
272
273
|
end
|
|
273
274
|
|
|
274
275
|
def specification_files
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "parser/current"
|
|
@@ -48,8 +49,8 @@ module Dependabot
|
|
|
48
49
|
|
|
49
50
|
updated_lines = updated_content.lines
|
|
50
51
|
updated_line_index =
|
|
51
|
-
updated_lines.length
|
|
52
|
-
|
|
52
|
+
updated_lines.length
|
|
53
|
+
.times.find { |i| content.lines[i] != updated_content.lines[i] }
|
|
53
54
|
updated_line = updated_lines[updated_line_index]
|
|
54
55
|
|
|
55
56
|
updated_line =
|
|
@@ -188,8 +189,8 @@ module Dependabot
|
|
|
188
189
|
use_equality_operator:)
|
|
189
190
|
open_quote, close_quote = quote_characters
|
|
190
191
|
new_requirement_string =
|
|
191
|
-
updated_requirement.split(",")
|
|
192
|
-
|
|
192
|
+
updated_requirement.split(",")
|
|
193
|
+
.map do |r|
|
|
193
194
|
req_string = serialized_req(r, use_equality_operator)
|
|
194
195
|
req_string = %(#{open_quote}#{req_string}#{close_quote})
|
|
195
196
|
req_string = req_string.delete(" ") unless space_after_specifier
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "parser/current"
|
|
@@ -57,9 +58,9 @@ module Dependabot
|
|
|
57
58
|
end
|
|
58
59
|
|
|
59
60
|
ruby_version =
|
|
60
|
-
RUBY_VERSIONS
|
|
61
|
-
map { |v| Gem::Version.new(v) }.sort
|
|
62
|
-
find { |v| requirement.satisfied_by?(v) }
|
|
61
|
+
RUBY_VERSIONS
|
|
62
|
+
.map { |v| Gem::Version.new(v) }.sort
|
|
63
|
+
.find { |v| requirement.satisfied_by?(v) }
|
|
63
64
|
|
|
64
65
|
raise RubyVersionNotFound unless ruby_version
|
|
65
66
|
|