RubyGems - dependabot-bundler - Versions diffs - 0.230.0 → 0.232.0 - Mend

dependabot-bundler 0.230.0 → 0.232.0

Files changed (75) hide show

data/lib/dependabot/bundler/file_updater.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 require "dependabot/file_updaters"
@@ -58,9 +59,9 @@ module Dependabot
         check_updated_files(updated_files)
         base_dir = updated_files.first.directory
-        vendor_updater.
-          updated_vendor_cache_files(base_directory: base_dir).
-          each do |file|
+        vendor_updater
+          .updated_vendor_cache_files(base_directory: base_dir)
+          .each do |file|
           updated_files << file
         end
@@ -122,14 +123,14 @@ module Dependabot
       def evaled_gemfiles
         @evaled_gemfiles ||=
-          dependency_files.
-          reject { |f| f.name.end_with?(".gemspec") }.
-          reject { |f| f.name.end_with?(".specification") }.
-          reject { |f| f.name.end_with?(".lock") }.
-          reject { |f| f.name.end_with?(".ruby-version") }.
-          reject { |f| f.name == "Gemfile" }.
-          reject { |f| f.name == "gems.rb" }.
-          reject { |f| f.name == "gems.locked" }
+          dependency_files
+          .reject { |f| f.name.end_with?(".gemspec") }
+          .reject { |f| f.name.end_with?(".specification") }
+          .reject { |f| f.name.end_with?(".lock") }
+          .reject { |f| f.name.end_with?(".ruby-version") }
+          .reject { |f| f.name == "Gemfile" }
+          .reject { |f| f.name == "gems.rb" }
+          .reject { |f| f.name == "gems.locked" }
       end
       def updated_gemfile_content(file)
@@ -158,8 +159,8 @@ module Dependabot
       end
       def top_level_gemspecs
-        dependency_files.
-          select { |file| file.name.end_with?(".gemspec") }
+        dependency_files
+          .select { |file| file.name.end_with?(".gemspec") }
       end
       def bundler_version
@@ -169,5 +170,5 @@ module Dependabot
   end
 end
-Dependabot::FileUpdaters.
-  register("bundler", Dependabot::Bundler::FileUpdater)
+Dependabot::FileUpdaters
+  .register("bundler", Dependabot::Bundler::FileUpdater)

data/lib/dependabot/bundler/helpers.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 module Dependabot

data/lib/dependabot/bundler/metadata_finder.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 require "excon"
@@ -61,10 +62,10 @@ module Dependabot
       end
       def find_source_from_rubygems_api_response
-        source_url = rubygems_api_response.
-                     values_at(*SOURCE_KEYS).
-                     compact.
-                     find { |url| Source.from_url(url) }
+        source_url = rubygems_api_response
+                     .values_at(*SOURCE_KEYS)
+                     .compact
+                     .find { |url| Source.from_url(url) }
         Source.from_url(source_url)
       end
@@ -80,10 +81,10 @@ module Dependabot
         github_urls = []
         return unless rubygems_marshalled_gemspec_response
-        rubygems_marshalled_gemspec_response.gsub("\x06;", "\n").
-          scan(Source::SOURCE_REGEX) do
-            github_urls << Regexp.last_match.to_s
-          end
+        rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
+                                            .scan(Source::SOURCE_REGEX) do
+          github_urls << Regexp.last_match.to_s
+        end
         source_url = github_urls.find do |url|
           repo = Source.from_url(url).repo
@@ -98,11 +99,11 @@ module Dependabot
         github_urls = []
         return unless rubygems_marshalled_gemspec_response
-        rubygems_marshalled_gemspec_response.gsub("\x06;", "\n").
-          scan(Dependabot::Source::SOURCE_REGEX) do
-            github_urls << (Regexp.last_match.to_s +
-                           Regexp.last_match.post_match.split("\n").first)
-          end
+        rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
+                                            .scan(Dependabot::Source::SOURCE_REGEX) do
+          github_urls << (Regexp.last_match.to_s +
+                         Regexp.last_match.post_match.split("\n").first)
+        end
         github_urls.find do |url|
           names = MetadataFinders::Base::ChangelogFinder::CHANGELOG_NAMES
@@ -172,10 +173,10 @@ module Dependabot
         digest = parsed_body.values_at("version", "authors", "info").hash
-        source_url = parsed_body.
-                     values_at(*SOURCE_KEYS).
-                     compact.
-                     find { |url| Source.from_url(url) }
+        source_url = parsed_body
+                     .values_at(*SOURCE_KEYS)
+                     .compact
+                     .find { |url| Source.from_url(url) }
         return response_body if source_url
         rubygems_response =
@@ -212,10 +213,10 @@ module Dependabot
         registry_host = URI(registry_url).host
         token =
-          credentials.
-          select { |cred| cred["type"] == "rubygems_server" }.
-          find { |cred| registry_host == cred["host"] }&.
-          fetch("token", nil)
+          credentials
+          .select { |cred| cred["type"] == "rubygems_server" }
+          .find { |cred| registry_host == cred["host"] }
+          &.fetch("token", nil)
         return {} unless token
@@ -227,5 +228,5 @@ module Dependabot
   end
 end
-Dependabot::MetadataFinders.
-  register("bundler", Dependabot::Bundler::MetadataFinder)
+Dependabot::MetadataFinders
+  .register("bundler", Dependabot::Bundler::MetadataFinder)

data/lib/dependabot/bundler/native_helpers.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "bundler"
@@ -37,9 +38,9 @@ module Dependabot
         # Run helper suprocess with all bundler-related ENV variables removed
         helpers_path = versioned_helper_path(bundler_version)
         ::Bundler.with_original_env do
-          command = BundleCommand.
-                    new(options[:timeout_per_operation_seconds]).
-                    build(File.join(helpers_path, "run.rb"))
+          command = BundleCommand
+                    .new(options[:timeout_per_operation_seconds])
+                    .build(File.join(helpers_path, "run.rb"))
           SharedHelpers.run_helper_subprocess(
             command: command,
             function: function,

data/lib/dependabot/bundler/requirement.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/utils"
@@ -25,5 +26,5 @@ module Dependabot
   end
 end
-Dependabot::Utils.
-  register_requirement_class("bundler", Dependabot::Bundler::Requirement)
+Dependabot::Utils
+  .register_requirement_class("bundler", Dependabot::Bundler::Requirement)

data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/bundler/update_checker"

data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/dependency_file"
@@ -122,14 +123,14 @@ module Dependabot
         end
         def evaled_gemfiles
-          dependency_files.
-            reject { |f| f.name.end_with?(".gemspec") }.
-            reject { |f| f.name.end_with?(".specification") }.
-            reject { |f| f.name.end_with?(".lock") }.
-            reject { |f| f.name.end_with?(".ruby-version") }.
-            reject { |f| f.name == "Gemfile" }.
-            reject { |f| f.name == "gems.rb" }.
-            reject { |f| f.name == "gems.locked" }
+          dependency_files
+            .reject { |f| f.name.end_with?(".gemspec") }
+            .reject { |f| f.name.end_with?(".specification") }
+            .reject { |f| f.name.end_with?(".lock") }
+            .reject { |f| f.name.end_with?(".ruby-version") }
+            .reject { |f| f.name == "Gemfile" }
+            .reject { |f| f.name == "gems.rb" }
+            .reject { |f| f.name == "gems.locked" }
         end
         def lockfile
@@ -142,8 +143,8 @@ module Dependabot
         end
         def top_level_gemspecs
-          dependency_files.
-            select { |f| f.name.end_with?(".gemspec") }
+          dependency_files
+            .select { |f| f.name.end_with?(".gemspec") }
         end
         def ruby_version_file
@@ -156,9 +157,9 @@ module Dependabot
         end
         def imported_ruby_files
-          dependency_files.
-            select { |f| f.name.end_with?(".rb") }.
-            reject { |f| f.name == "gems.rb" }
+          dependency_files
+            .select { |f| f.name.end_with?(".rb") }
+            .reject { |f| f.name == "gems.rb" }
         end
         def gemfile_content_for_update_check(file)
@@ -197,9 +198,9 @@ module Dependabot
         def sanitize_gemspec_content(gemspec_content)
           new_version = replacement_version_for_gemspec(gemspec_content)
-          FileUpdater::GemspecSanitizer.
-            new(replacement_version: new_version).
-            rewrite(gemspec_content)
+          FileUpdater::GemspecSanitizer
+            .new(replacement_version: new_version)
+            .rewrite(gemspec_content)
         end
         def updated_version_requirement_string(filename)
@@ -213,21 +214,21 @@ module Dependabot
         # rubocop:disable Metrics/PerceivedComplexity
         def updated_version_req_lower_bound(filename)
-          original_req = dependency.requirements.
-                         find { |r| r.fetch(:file) == filename }&.
-                         fetch(:requirement)
+          original_req = dependency.requirements
+                                   .find { |r| r.fetch(:file) == filename }
+                         &.fetch(:requirement)
           if original_req && !unlock_requirement? then original_req
           elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
           elsif dependency.version then ">= #{dependency.version}"
           else
             version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
+              dependency.requirements.map { |r| r[:requirement] }
+                        .reject { |req_string| req_string.start_with?("<") }
+                        .select { |req_string| req_string.match?(VERSION_REGEX) }
+                        .map { |req_string| req_string.match(VERSION_REGEX) }
+                        .select { |version| Gem::Version.correct?(version) }
+                        .max_by { |version| Gem::Version.new(version) }
             ">= #{version_for_requirement || 0}"
           end
@@ -249,8 +250,8 @@ module Dependabot
         def lock_ruby_version(gemfile_content)
           top_level_gemspecs.each do |gs|
-            gemfile_content = FileUpdater::RubyRequirementSetter.
-                              new(gemspec: gs).rewrite(gemfile_content)
+            gemfile_content = FileUpdater::RubyRequirementSetter
+                              .new(gemspec: gs).rewrite(gemfile_content)
           end
           gemfile_content
@@ -265,13 +266,13 @@ module Dependabot
           return "0.0.1" unless lockfile
           gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs.
-            select { |s| gemspec_sources.include?(s.source.class) }
+            ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
+                                     .select { |s| gemspec_sources.include?(s.source.class) }
           gem_name =
-            FileUpdater::GemspecDependencyNameFinder.
-            new(gemspec_content: gemspec_content).
-            dependency_name
+            FileUpdater::GemspecDependencyNameFinder
+            .new(gemspec_content: gemspec_content)
+            .dependency_name
           return gemspec_specs.first&.version || "0.0.1" unless gem_name

data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/bundler/file_parser"
@@ -127,9 +128,9 @@ module Dependabot
         end
         def source_for(dependency)
-          dependency.requirements.
-            find { |r| r.fetch(:source) }&.
-            fetch(:source)
+          dependency.requirements
+                    .find { |r| r.fetch(:source) }
+            &.fetch(:source)
         end
         def gemfile

data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/registry_client"
@@ -54,8 +55,8 @@ module Dependabot
             return unless git?
             source_details =
-              dependency.requirements.map { |r| r.fetch(:source) }.
-              uniq.compact.first
+              dependency.requirements.map { |r| r.fetch(:source) }
+                        .uniq.compact.first
             SharedHelpers.with_git_configured(credentials: credentials) do
               in_a_native_bundler_context do |tmp_dir|
@@ -89,8 +90,8 @@ module Dependabot
                   url: dependency_rubygems_uri
                 )
-                JSON.parse(response.body).
-                  map { |d| Gem::Version.new(d["number"]) }
+                JSON.parse(response.body)
+                    .map { |d| Gem::Version.new(d["number"]) }
               end
           rescue JSON::ParserError, Excon::Error::Timeout
             @rubygems_versions = []

data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "excon"
@@ -71,8 +72,8 @@ module Dependabot
         end
         def filter_ignored_versions(versions_array)
-          filtered = versions_array.
-                     reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
+          filtered = versions_array
+                     .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
           if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
             raise AllVersionsIgnored
           end
@@ -83,8 +84,8 @@ module Dependabot
         def filter_lower_versions(versions_array)
           return versions_array unless dependency.numeric_version
-          versions_array.
-            select { |version| version > dependency.numeric_version }
+          versions_array
+            .select { |version| version > dependency.numeric_version }
         end
         def wants_prerelease?

data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/bundler/update_checker"
@@ -112,17 +113,17 @@ module Dependabot
         end
         def at_same_precision(new_version, old_version)
-          release_precision = old_version.to_s.split(".").
-                              take_while { |i| i.match?(/^\d+$/) }.count
+          release_precision = old_version.to_s.split(".")
+                                         .take_while { |i| i.match?(/^\d+$/) }.count
           prerelease_precision =
             old_version.to_s.split(".").count - release_precision
           new_release =
             new_version.to_s.split(".").first(release_precision)
           new_prerelease =
-            new_version.to_s.split(".").
-            drop_while { |i| i.match?(/^\d+$/) }.
-            first([prerelease_precision, 1].max)
+            new_version.to_s.split(".")
+                       .drop_while { |i| i.match?(/^\d+$/) }
+                       .first([prerelease_precision, 1].max)
           [*new_release, *new_prerelease].join(".")
         end

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: false
 # frozen_string_literal: true
 require "excon"
@@ -46,9 +47,9 @@ module Dependabot
         #########################
         def in_a_native_bundler_context(error_handling: true)
-          SharedHelpers.
-            in_a_temporary_repo_directory(base_directory,
-                                          repo_contents_path) do |tmp_dir|
+          SharedHelpers
+            .in_a_temporary_repo_directory(base_directory,
+                                           repo_contents_path) do |tmp_dir|
             write_temporary_dependency_files
             yield(tmp_dir)
@@ -92,24 +93,24 @@ module Dependabot
             raise Dependabot::DependencyFileNotEvaluatable, msg
           when "Bundler::Source::Git::MissingGitRevisionError"
             gem_name =
-              error.message.match(GIT_REF_REGEX).
-              named_captures["path"].
-              split("/").last
+              error.message.match(GIT_REF_REGEX)
+                   .named_captures["path"]
+                   .split("/").last
             raise GitDependencyReferenceNotFound, gem_name
           when "Bundler::PathError"
             gem_name =
-              error.message.match(PATH_REGEX).
-              named_captures["path"].
-              split("/").last.split("-")[0..-2].join
+              error.message.match(PATH_REGEX)
+                   .named_captures["path"]
+                   .split("/").last.split("-")[0..-2].join
             raise Dependabot::PathDependenciesNotReachable, [gem_name]
           when "Bundler::Source::Git::GitCommandError"
             if error.message.match?(GIT_REGEX)
               # We couldn't find the specified branch / commit (or the two
               # weren't compatible).
               gem_name =
-                error.message.match(GIT_REGEX).
-                named_captures["path"].
-                split("/").last.split("-")[0..-2].join
+                error.message.match(GIT_REGEX)
+                     .named_captures["path"]
+                     .split("/").last.split("-")[0..-2].join
               raise GitDependencyReferenceNotFound, gem_name
             end
@@ -219,8 +220,8 @@ module Dependabot
         end
         def private_registry_credentials
-          credentials.
-            select { |cred| cred["type"] == "rubygems_server" }
+          credentials
+            .select { |cred| cred["type"] == "rubygems_server" }
         end
         def gemfile

data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "excon"
@@ -203,9 +204,9 @@ module Dependabot
           return false unless versions.status == 200
           ruby_requirement =
-            JSON.parse(versions.body).
-            find { |version| version["number"] == details[:version] }&.
-            fetch("ruby_version", nil)
+            JSON.parse(versions.body)
+                .find { |version| version["number"] == details[:version] }
+            &.fetch("ruby_version", nil)
           # Give the benefit of the doubt if we can't find the version's
           # required Ruby version.

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/update_checkers"
@@ -28,8 +29,8 @@ module Dependabot
       end
       def lowest_security_fix_version
-        latest_version_finder(remove_git_source: false).
-          lowest_security_fix_version
+        latest_version_finder(remove_git_source: false)
+          .lowest_security_fix_version
       end
       def lowest_resolvable_security_fix_version
@@ -37,8 +38,8 @@ module Dependabot
         return latest_resolvable_version if git_dependency?
         lowest_fix =
-          latest_version_finder(remove_git_source: false).
-          lowest_security_fix_version
+          latest_version_finder(remove_git_source: false)
+          .lowest_security_fix_version
         return unless lowest_fix
         resolvable?(lowest_fix) ? lowest_fix : latest_resolvable_version
@@ -49,8 +50,8 @@ module Dependabot
         return current_ver if git_dependency? && git_commit_checker.pinned?
         @latest_resolvable_version_detail_with_no_unlock ||=
-          version_resolver(remove_git_source: false, unlock_requirement: false).
-          latest_resolvable_version_details
+          version_resolver(remove_git_source: false, unlock_requirement: false)
+          .latest_resolvable_version_details
         if git_dependency?
           @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
@@ -76,17 +77,17 @@ module Dependabot
         return true if requirements_unlocked?
         return false if requirements_update_strategy == :lockfile_only
-        dependency.specific_requirements.
-          all? do |req|
-            file = dependency_files.find { |f| f.name == req.fetch(:file) }
-            updated = FileUpdater::RequirementReplacer.new(
-              dependency: dependency,
-              file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
-              updated_requirement: "whatever"
-            ).rewrite(file.content)
+        dependency.specific_requirements
+                  .all? do |req|
+          file = dependency_files.find { |f| f.name == req.fetch(:file) }
+          updated = FileUpdater::RequirementReplacer.new(
+            dependency: dependency,
+            file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
+            updated_requirement: "whatever"
+          ).rewrite(file.content)
-            updated != file.content
-          end
+          updated != file.content
+        end
       end
       def requirements_update_strategy
@@ -193,21 +194,21 @@ module Dependabot
       def latest_version_details(remove_git_source: false)
         @latest_version_details ||= {}
         @latest_version_details[remove_git_source] ||=
-          latest_version_finder(remove_git_source: remove_git_source).
-          latest_version_details
+          latest_version_finder(remove_git_source: remove_git_source)
+          .latest_version_details
       end
       def latest_resolvable_version_details(remove_git_source: false)
         @latest_resolvable_version_details ||= {}
         @latest_resolvable_version_details[remove_git_source] ||=
-          version_resolver(remove_git_source: remove_git_source).
-          latest_resolvable_version_details
+          version_resolver(remove_git_source: remove_git_source)
+          .latest_resolvable_version_details
       end
       def latest_version_for_git_dependency
         latest_release =
-          latest_version_details(remove_git_source: true)&.
-          fetch(:version)
+          latest_version_details(remove_git_source: true)
+          &.fetch(:version)
         # If there's been a release that includes the current pinned ref or
         # that the current branch is behind, we switch to that release.
@@ -258,8 +259,8 @@ module Dependabot
       def latest_resolvable_version_without_git_source
         return nil unless latest_version.is_a?(Gem::Version)
-        latest_resolvable_version_details(remove_git_source: true)&.
-        fetch(:version)
+        latest_resolvable_version_details(remove_git_source: true)
+        &.fetch(:version)
       rescue Dependabot::DependencyFileNotResolvable
         nil
       end
@@ -384,5 +385,5 @@ module Dependabot
   end
 end
-Dependabot::UpdateCheckers.
-  register("bundler", Dependabot::Bundler::UpdateChecker)
+Dependabot::UpdateCheckers
+  .register("bundler", Dependabot::Bundler::UpdateChecker)

data/lib/dependabot/bundler/version.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 require "dependabot/version"
@@ -10,5 +11,5 @@ module Dependabot
   end
 end
-Dependabot::Utils.
-  register_version_class("bundler", Dependabot::Bundler::Version)
+Dependabot::Utils
+  .register_version_class("bundler", Dependabot::Bundler::Version)

data/lib/dependabot/bundler.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# typed: true
 # frozen_string_literal: true
 # These all need to be required so the various classes can be registered in a
@@ -11,8 +12,8 @@ require "dependabot/bundler/requirement"
 require "dependabot/bundler/version"
 require "dependabot/pull_request_creator/labeler"
-Dependabot::PullRequestCreator::Labeler.
-  register_label_details("bundler", name: "ruby", colour: "ce2d2d")
+Dependabot::PullRequestCreator::Labeler
+  .register_label_details("bundler", name: "ruby", colour: "ce2d2d")
 require "dependabot/dependency"
 Dependabot::Dependency.register_production_check(