dependabot-bundler 0.250.0 → 0.251.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 27d622976d94b8a0aac2be7087c57c6dfa5470f336d473f23543dafbb9082e92
4
- data.tar.gz: 7c50f855e33ee94d51be8905cda9c5faafaa60ae0c64ec7c6c07ce6c2c3493f3
3
+ metadata.gz: ba73dba0b4c1818a3974d48de55ed45907c6313b7a7d93a7e7f438af22cf20ac
4
+ data.tar.gz: 38594d1b08adc8b5e65c1b7716a762c28acd36af9bacde2c38dd88f507407ae7
5
5
  SHA512:
6
- metadata.gz: 8240d0596abf1210238b91370011af2f13e4d92d2459aa8efc40f657fb47dd2f981d2ce2f2bf2dee7251390f96e1f818e26660b73015c97c9d7f9d196d980d59
7
- data.tar.gz: d4c36b887b3e459a61e621a22740c535b72591f5826538efc0dc73a356912d912be44e14faf22f35d8e012a00f098b6c061af9fe5f6eceb33cc5396efad651c8
6
+ metadata.gz: e5a26067edfaaaec12e58558f015f0632f2c17a9c929ed2e9714e3767f425cbb6cd441322ee4b4128a245b54b66ec15a405d3338cae9668a8232ef5564c6a53a
7
+ data.tar.gz: d56e1a245336c959b9c09c89890efde80cadf9ffd851266fa8be959330d89646894ce00c8c8a93b5e579762ad2d26972292669acb79e41861fac29fcbeaa4ec2
@@ -0,0 +1,24 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "digest"
6
+ require "digest/sha2"
7
+ require "bundler/lockfile_parser"
8
+
9
+ module Dependabot
10
+ module Bundler
11
+ class CachedLockfileParser
12
+ extend T::Sig
13
+
14
+ sig { params(lockfile_content: String).returns(::Bundler::LockfileParser) }
15
+ def self.parse(lockfile_content)
16
+ lockfile_hash = Digest::SHA2.hexdigest(lockfile_content)
17
+ @cache ||= T.let({}, T.nilable(T::Hash[String, ::Bundler::LockfileParser]))
18
+ return T.must(@cache[lockfile_hash]) if @cache.key?(lockfile_hash)
19
+
20
+ @cache[lockfile_hash] = ::Bundler::LockfileParser.new(lockfile_content)
21
+ end
22
+ end
23
+ end
24
+ end
@@ -5,6 +5,7 @@ require "sorbet-runtime"
5
5
  require "dependabot/file_fetchers"
6
6
  require "dependabot/file_fetchers/base"
7
7
  require "dependabot/bundler/file_updater/lockfile_updater"
8
+ require "dependabot/bundler/cached_lockfile_parser"
8
9
  require "dependabot/errors"
9
10
 
10
11
  module Dependabot
@@ -162,8 +163,7 @@ module Dependabot
162
163
 
163
164
  def fetch_path_gemspec_paths
164
165
  if lockfile
165
- parsed_lockfile = ::Bundler::LockfileParser
166
- .new(sanitized_lockfile_content)
166
+ parsed_lockfile = CachedLockfileParser.parse(sanitized_lockfile_content)
167
167
  parsed_lockfile.specs
168
168
  .select { |s| s.source.instance_of?(::Bundler::Source::Path) }
169
169
  .map { |s| s.source.path }.uniq
@@ -1,6 +1,7 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "parallel"
4
5
  require "dependabot/dependency"
5
6
  require "dependabot/file_parsers"
6
7
  require "dependabot/file_parsers/base"
@@ -8,6 +9,7 @@ require "dependabot/bundler/file_updater/lockfile_updater"
8
9
  require "dependabot/bundler/native_helpers"
9
10
  require "dependabot/bundler/helpers"
10
11
  require "dependabot/bundler/version"
12
+ require "dependabot/bundler/cached_lockfile_parser"
11
13
  require "dependabot/shared_helpers"
12
14
  require "dependabot/errors"
13
15
 
@@ -74,16 +76,18 @@ module Dependabot
74
76
  end
75
77
 
76
78
  def gemspec_dependencies
77
- dependencies = DependencySet.new
79
+ queue = Queue.new
78
80
 
79
- gemspecs.each do |gemspec|
80
- gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
81
+ SharedHelpers.in_a_temporary_repo_directory(base_directory, repo_contents_path) do
82
+ write_temporary_dependency_files
81
83
 
82
- parsed_gemspec(gemspec).each do |dependency|
83
- next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
84
+ Parallel.map(gemspecs, in_threads: 4) do |gemspec|
85
+ gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
84
86
 
85
- dependencies <<
86
- Dependency.new(
87
+ parsed_gemspec(gemspec).each do |dependency|
88
+ next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
89
+
90
+ queue << Dependency.new(
87
91
  name: dependency.fetch("name"),
88
92
  version: dependency_version(dependency.fetch("name"))&.to_s,
89
93
  requirements: [{
@@ -98,10 +102,13 @@ module Dependabot
98
102
  }],
99
103
  package_manager: "bundler"
100
104
  )
105
+ end
101
106
  end
102
107
  end
103
108
 
104
- dependencies
109
+ dependency_set = DependencySet.new
110
+ dependency_set << queue.pop(true) while queue.size.positive?
111
+ dependency_set
105
112
  end
106
113
 
107
114
  def lockfile_dependencies
@@ -161,23 +168,16 @@ module Dependabot
161
168
  end
162
169
 
163
170
  def parsed_gemspec(file)
164
- @parsed_gemspecs ||= {}
165
- @parsed_gemspecs[file.name] ||=
166
- SharedHelpers.in_a_temporary_repo_directory(base_directory,
167
- repo_contents_path) do
168
- write_temporary_dependency_files
169
-
170
- NativeHelpers.run_bundler_subprocess(
171
- bundler_version: bundler_version,
172
- function: "parsed_gemspec",
173
- options: options,
174
- args: {
175
- gemspec_name: file.name,
176
- lockfile_name: lockfile&.name,
177
- dir: Dir.pwd
178
- }
179
- )
180
- end
171
+ NativeHelpers.run_bundler_subprocess(
172
+ bundler_version: bundler_version,
173
+ function: "parsed_gemspec",
174
+ options: options,
175
+ args: {
176
+ gemspec_name: file.name,
177
+ lockfile_name: lockfile&.name,
178
+ dir: Dir.pwd
179
+ }
180
+ )
181
181
  rescue SharedHelpers::HelperSubprocessFailed => e
182
182
  msg = e.error_class + " with message: " + e.message
183
183
  raise Dependabot::DependencyFileNotEvaluatable, msg
@@ -255,8 +255,7 @@ module Dependabot
255
255
  end
256
256
 
257
257
  def parsed_lockfile
258
- @parsed_lockfile ||=
259
- ::Bundler::LockfileParser.new(sanitized_lockfile_content)
258
+ @parsed_lockfile ||= CachedLockfileParser.parse(sanitized_lockfile_content)
260
259
  end
261
260
 
262
261
  def production_dep_names
@@ -6,6 +6,7 @@ require "bundler"
6
6
  require "dependabot/shared_helpers"
7
7
  require "dependabot/errors"
8
8
  require "dependabot/bundler/file_updater"
9
+ require "dependabot/bundler/cached_lockfile_parser"
9
10
  require "dependabot/bundler/native_helpers"
10
11
  require "dependabot/bundler/helpers"
11
12
 
@@ -216,8 +217,8 @@ module Dependabot
216
217
  .dependency_name || File.basename(path, ".gemspec")
217
218
 
218
219
  gemspec_specs =
219
- ::Bundler::LockfileParser.new(sanitized_lockfile_body).specs
220
- .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
220
+ CachedLockfileParser.parse(sanitized_lockfile_body).specs
221
+ .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
221
222
 
222
223
  gemspec_specs.first&.version || "0.0.1"
223
224
  end
@@ -3,6 +3,7 @@
3
3
 
4
4
  require "dependabot/dependency_file"
5
5
  require "dependabot/bundler/update_checker"
6
+ require "dependabot/bundler/cached_lockfile_parser"
6
7
  require "dependabot/bundler/file_updater/gemspec_sanitizer"
7
8
  require "dependabot/bundler/file_updater/git_pin_replacer"
8
9
  require "dependabot/bundler/file_updater/git_source_remover"
@@ -268,8 +269,8 @@ module Dependabot
268
269
  return "0.0.1" unless lockfile
269
270
 
270
271
  gemspec_specs =
271
- ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
272
- .select { |s| gemspec_sources.include?(s.source.class) }
272
+ CachedLockfileParser.parse(sanitized_lockfile_content).specs
273
+ .select { |s| gemspec_sources.include?(s.source.class) }
273
274
 
274
275
  gem_name =
275
276
  FileUpdater::GemspecDependencyNameFinder
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.250.0
4
+ version: 0.251.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-02 00:00:00.000000000 Z
11
+ date: 2024-04-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.250.0
19
+ version: 0.251.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.250.0
26
+ version: 0.251.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: parallel
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.24'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.24'
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: debug
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -289,6 +303,7 @@ files:
289
303
  - helpers/v2/spec/ruby_version_spec.rb
290
304
  - helpers/v2/spec/shared_contexts.rb
291
305
  - lib/dependabot/bundler.rb
306
+ - lib/dependabot/bundler/cached_lockfile_parser.rb
292
307
  - lib/dependabot/bundler/file_fetcher.rb
293
308
  - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
294
309
  - lib/dependabot/bundler/file_fetcher/gemspec_finder.rb
@@ -327,7 +342,7 @@ licenses:
327
342
  - Nonstandard
328
343
  metadata:
329
344
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
330
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.250.0
345
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.251.0
331
346
  post_install_message:
332
347
  rdoc_options: []
333
348
  require_paths: