dependabot-bundler 0.250.0 → 0.252.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/cached_lockfile_parser.rb +24 -0
  3. data/lib/dependabot/bundler/file_fetcher.rb +2 -2
  4. data/lib/dependabot/bundler/file_parser.rb +29 -28
  5. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +3 -2
  6. data/lib/dependabot/bundler/helpers.rb +2 -2
  7. data/lib/dependabot/bundler/update_checker/file_preparer.rb +3 -2
  8. metadata +20 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 27d622976d94b8a0aac2be7087c57c6dfa5470f336d473f23543dafbb9082e92
4
- data.tar.gz: 7c50f855e33ee94d51be8905cda9c5faafaa60ae0c64ec7c6c07ce6c2c3493f3
3
+ metadata.gz: b8e04e23d1f71c28bcb994eadce915c249dbd83cb497c57bf867cfc1bd636803
4
+ data.tar.gz: f720b46fe22dc7e062bde5e8ca67e2aba538751d383ec2785d1665bd95923bcc
5
5
  SHA512:
6
- metadata.gz: 8240d0596abf1210238b91370011af2f13e4d92d2459aa8efc40f657fb47dd2f981d2ce2f2bf2dee7251390f96e1f818e26660b73015c97c9d7f9d196d980d59
7
- data.tar.gz: d4c36b887b3e459a61e621a22740c535b72591f5826538efc0dc73a356912d912be44e14faf22f35d8e012a00f098b6c061af9fe5f6eceb33cc5396efad651c8
6
+ metadata.gz: 99fa4125ec571a7b73930e5471e71ea3176ee976ce636dab34b93853490391c096f69816d0332619981e904f9a2d89d704385eace1e6d4df23457c530fe96250
7
+ data.tar.gz: 2037aaa0ce2eaca9df55f1aa14c6a152adf3bbde9cf1a36f6fa37f317b90c8632af2d15a04bb8126d083a7008559df6942c0224cda3a94aad2e1d808d64abcb1
data/lib/dependabot/bundler/cached_lockfile_parser.rb ADDED
@@ -0,0 +1,24 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "digest"
6
+ require "digest/sha2"
7
+ require "bundler/lockfile_parser"
8
+
9
+ module Dependabot
10
+ module Bundler
11
+ class CachedLockfileParser
12
+ extend T::Sig
13
+
14
+ sig { params(lockfile_content: String).returns(::Bundler::LockfileParser) }
15
+ def self.parse(lockfile_content)
16
+ lockfile_hash = Digest::SHA2.hexdigest(lockfile_content)
17
+ @cache ||= T.let({}, T.nilable(T::Hash[String, ::Bundler::LockfileParser]))
18
+ return T.must(@cache[lockfile_hash]) if @cache.key?(lockfile_hash)
19
+
20
+ @cache[lockfile_hash] = ::Bundler::LockfileParser.new(lockfile_content)
21
+ end
22
+ end
23
+ end
24
+ end
data/lib/dependabot/bundler/file_fetcher.rb CHANGED
@@ -5,6 +5,7 @@ require "sorbet-runtime"
5
5
  require "dependabot/file_fetchers"
6
6
  require "dependabot/file_fetchers/base"
7
7
  require "dependabot/bundler/file_updater/lockfile_updater"
8
+ require "dependabot/bundler/cached_lockfile_parser"
8
9
  require "dependabot/errors"
9
10
 
10
11
  module Dependabot
@@ -162,8 +163,7 @@ module Dependabot
162
163
 
163
164
  def fetch_path_gemspec_paths
164
165
  if lockfile
165
- parsed_lockfile = ::Bundler::LockfileParser
166
- .new(sanitized_lockfile_content)
166
+ parsed_lockfile = CachedLockfileParser.parse(sanitized_lockfile_content)
167
167
  parsed_lockfile.specs
168
168
  .select { |s| s.source.instance_of?(::Bundler::Source::Path) }
169
169
  .map { |s| s.source.path }.uniq
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "parallel"
4
5
  require "dependabot/dependency"
5
6
  require "dependabot/file_parsers"
6
7
  require "dependabot/file_parsers/base"
@@ -8,6 +9,7 @@ require "dependabot/bundler/file_updater/lockfile_updater"
8
9
  require "dependabot/bundler/native_helpers"
9
10
  require "dependabot/bundler/helpers"
10
11
  require "dependabot/bundler/version"
12
+ require "dependabot/bundler/cached_lockfile_parser"
11
13
  require "dependabot/shared_helpers"
12
14
  require "dependabot/errors"
13
15
 
@@ -73,17 +75,21 @@ module Dependabot
73
75
  dependencies
74
76
  end
75
77
 
76
- def gemspec_dependencies
77
- dependencies = DependencySet.new
78
+ def gemspec_dependencies # rubocop:disable Metrics/PerceivedComplexity
79
+ return @gemspec_dependencies if defined?(@gemspec_dependencies)
78
80
 
79
- gemspecs.each do |gemspec|
80
- gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
81
+ queue = Queue.new
81
82
 
82
- parsed_gemspec(gemspec).each do |dependency|
83
- next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
83
+ SharedHelpers.in_a_temporary_repo_directory(base_directory, repo_contents_path) do
84
+ write_temporary_dependency_files
84
85
 
85
- dependencies <<
86
- Dependency.new(
86
+ Parallel.map(gemspecs, in_threads: 4) do |gemspec|
87
+ gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
88
+
89
+ parsed_gemspec(gemspec).each do |dependency|
90
+ next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
91
+
92
+ queue << Dependency.new(
87
93
  name: dependency.fetch("name"),
88
94
  version: dependency_version(dependency.fetch("name"))&.to_s,
89
95
  requirements: [{
@@ -98,10 +104,13 @@ module Dependabot
98
104
  }],
99
105
  package_manager: "bundler"
100
106
  )
107
+ end
101
108
  end
102
109
  end
103
110
 
104
- dependencies
111
+ dependency_set = DependencySet.new
112
+ dependency_set << queue.pop(true) while queue.size.positive?
113
+ @gemspec_dependencies ||= dependency_set
105
114
  end
106
115
 
107
116
  def lockfile_dependencies
@@ -161,23 +170,16 @@ module Dependabot
161
170
  end
162
171
 
163
172
  def parsed_gemspec(file)
164
- @parsed_gemspecs ||= {}
165
- @parsed_gemspecs[file.name] ||=
166
- SharedHelpers.in_a_temporary_repo_directory(base_directory,
167
- repo_contents_path) do
168
- write_temporary_dependency_files
169
-
170
- NativeHelpers.run_bundler_subprocess(
171
- bundler_version: bundler_version,
172
- function: "parsed_gemspec",
173
- options: options,
174
- args: {
175
- gemspec_name: file.name,
176
- lockfile_name: lockfile&.name,
177
- dir: Dir.pwd
178
- }
179
- )
180
- end
173
+ NativeHelpers.run_bundler_subprocess(
174
+ bundler_version: bundler_version,
175
+ function: "parsed_gemspec",
176
+ options: options,
177
+ args: {
178
+ gemspec_name: file.name,
179
+ lockfile_name: lockfile&.name,
180
+ dir: Dir.pwd
181
+ }
182
+ )
181
183
  rescue SharedHelpers::HelperSubprocessFailed => e
182
184
  msg = e.error_class + " with message: " + e.message
183
185
  raise Dependabot::DependencyFileNotEvaluatable, msg
@@ -255,8 +257,7 @@ module Dependabot
255
257
  end
256
258
 
257
259
  def parsed_lockfile
258
- @parsed_lockfile ||=
259
- ::Bundler::LockfileParser.new(sanitized_lockfile_content)
260
+ @parsed_lockfile ||= CachedLockfileParser.parse(sanitized_lockfile_content)
260
261
  end
261
262
 
262
263
  def production_dep_names
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -6,6 +6,7 @@ require "bundler"
6
6
  require "dependabot/shared_helpers"
7
7
  require "dependabot/errors"
8
8
  require "dependabot/bundler/file_updater"
9
+ require "dependabot/bundler/cached_lockfile_parser"
9
10
  require "dependabot/bundler/native_helpers"
10
11
  require "dependabot/bundler/helpers"
11
12
 
@@ -216,8 +217,8 @@ module Dependabot
216
217
  .dependency_name || File.basename(path, ".gemspec")
217
218
 
218
219
  gemspec_specs =
219
- ::Bundler::LockfileParser.new(sanitized_lockfile_body).specs
220
- .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
220
+ CachedLockfileParser.parse(sanitized_lockfile_body).specs
221
+ .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
221
222
 
222
223
  gemspec_specs.first&.version || "0.0.1"
223
224
  end
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -30,9 +30,9 @@ module Dependabot
30
30
  return "unknown" unless lockfile
31
31
 
32
32
  if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
33
- matches[:version]
33
+ matches[:version].to_i.to_s
34
34
  else
35
- "1"
35
+ "unspecified"
36
36
  end
37
37
  end
38
38
  end
data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED
@@ -3,6 +3,7 @@
3
3
 
4
4
  require "dependabot/dependency_file"
5
5
  require "dependabot/bundler/update_checker"
6
+ require "dependabot/bundler/cached_lockfile_parser"
6
7
  require "dependabot/bundler/file_updater/gemspec_sanitizer"
7
8
  require "dependabot/bundler/file_updater/git_pin_replacer"
8
9
  require "dependabot/bundler/file_updater/git_source_remover"
@@ -268,8 +269,8 @@ module Dependabot
268
269
  return "0.0.1" unless lockfile
269
270
 
270
271
  gemspec_specs =
271
- ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
272
- .select { |s| gemspec_sources.include?(s.source.class) }
272
+ CachedLockfileParser.parse(sanitized_lockfile_content).specs
273
+ .select { |s| gemspec_sources.include?(s.source.class) }
273
274
 
274
275
  gem_name =
275
276
  FileUpdater::GemspecDependencyNameFinder
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.250.0
4
+ version: 0.252.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-02 00:00:00.000000000 Z
11
+ date: 2024-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.250.0
19
+ version: 0.252.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.250.0
26
+ version: 0.252.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: parallel
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.24'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.24'
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: debug
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -289,6 +303,7 @@ files:
289
303
  - helpers/v2/spec/ruby_version_spec.rb
290
304
  - helpers/v2/spec/shared_contexts.rb
291
305
  - lib/dependabot/bundler.rb
306
+ - lib/dependabot/bundler/cached_lockfile_parser.rb
292
307
  - lib/dependabot/bundler/file_fetcher.rb
293
308
  - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
294
309
  - lib/dependabot/bundler/file_fetcher/gemspec_finder.rb
@@ -327,7 +342,7 @@ licenses:
327
342
  - Nonstandard
328
343
  metadata:
329
344
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
330
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.250.0
345
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.252.0
331
346
  post_install_message:
332
347
  rdoc_options: []
333
348
  require_paths: