dependabot-bundler 0.259.0 → 0.261.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
- data/helpers/v1/spec/functions/dependency_source_spec.rb +3 -3
- data/helpers/v1/spec/functions/file_parser_spec.rb +2 -2
- data/helpers/v2/lib/functions/lockfile_updater.rb +1 -1
- data/helpers/v2/run.rb +0 -1
- data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
- data/helpers/v2/spec/functions/dependency_source_spec.rb +3 -3
- data/helpers/v2/spec/functions/file_parser_spec.rb +3 -3
- data/helpers/v2/spec/functions/version_resolver_spec.rb +5 -2
- data/helpers/v2/spec/functions_spec.rb +2 -2
- data/helpers/v2/spec/native_spec_helper.rb +0 -1
- data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +36 -7
- data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +17 -6
- data/lib/dependabot/bundler/file_updater/git_source_remover.rb +6 -2
- data/lib/dependabot/bundler/file_updater.rb +3 -3
- data/lib/dependabot/bundler/metadata_finder.rb +4 -4
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +15 -1
- metadata +5 -7
- data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb +0 -23
- data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb +0 -68
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a8b215bdea5dc17ab35848e557529c8e22851f703a5fe3ef8965cf5bf9e15331
|
|
4
|
+
data.tar.gz: d453d01dccec321c438dff7c8f2107b4f6b75cbecaf67823e250988b860f78cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4319c06b8a84ade9b143ea5949e4be67d01e81a94d85d97f99d477f0fb2f836937bec1a752b61301fc2608183c38516bd13043d3f8fa12dcbc41dd717b262baa
|
|
7
|
+
data.tar.gz: 96ce46b41f6acec8899157a458fbe47f65812729bd2998d26c4241cb06e39c643b5935b53d358ed09374affb8df5b74862b8133c30419b4fa29ffb6881ec34c2
|
|
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
|
42
42
|
let(:target_version) { "6.0.0" }
|
|
43
43
|
|
|
44
44
|
it "returns a list of dependencies that block the update" do
|
|
45
|
-
expect(conflicting_dependencies).to
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
"requirement" => "= 5.2.0"
|
|
82
|
-
},
|
|
83
|
-
{
|
|
84
|
-
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
|
85
|
-
"name" => "railties",
|
|
86
|
-
"version" => "5.2.0",
|
|
87
|
-
"requirement" => "= 5.2.0"
|
|
88
|
-
}
|
|
89
|
-
]
|
|
90
|
-
)
|
|
45
|
+
expect(conflicting_dependencies).to contain_exactly({
|
|
46
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
|
|
47
|
+
"name" => "rails",
|
|
48
|
+
"requirement" => "= 5.2.0",
|
|
49
|
+
"version" => "5.2.0"
|
|
50
|
+
}, {
|
|
51
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
|
|
52
|
+
"name" => "actionpack",
|
|
53
|
+
"version" => "5.2.0",
|
|
54
|
+
"requirement" => "= 5.2.0"
|
|
55
|
+
}, {
|
|
56
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
|
|
57
|
+
"name" => "actionview",
|
|
58
|
+
"version" => "5.2.0",
|
|
59
|
+
"requirement" => "= 5.2.0"
|
|
60
|
+
}, {
|
|
61
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
|
|
62
|
+
"name" => "activejob",
|
|
63
|
+
"version" => "5.2.0",
|
|
64
|
+
"requirement" => "= 5.2.0"
|
|
65
|
+
}, {
|
|
66
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
|
|
67
|
+
"name" => "activemodel",
|
|
68
|
+
"version" => "5.2.0",
|
|
69
|
+
"requirement" => "= 5.2.0"
|
|
70
|
+
}, {
|
|
71
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
|
|
72
|
+
"name" => "activerecord",
|
|
73
|
+
"version" => "5.2.0",
|
|
74
|
+
"requirement" => "= 5.2.0"
|
|
75
|
+
}, {
|
|
76
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
|
77
|
+
"name" => "railties",
|
|
78
|
+
"version" => "5.2.0",
|
|
79
|
+
"requirement" => "= 5.2.0"
|
|
80
|
+
})
|
|
91
81
|
end
|
|
92
82
|
end
|
|
93
83
|
|
|
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
|
98
88
|
let(:project_name) { "multiple_blocking" }
|
|
99
89
|
|
|
100
90
|
it "returns all of the blocking dependencies" do
|
|
101
|
-
expect(conflicting_dependencies).to
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
"name" => "activejob",
|
|
118
|
-
"version" => "5.0.0",
|
|
119
|
-
"requirement" => "= 5.0.0"
|
|
120
|
-
}
|
|
121
|
-
]
|
|
122
|
-
)
|
|
91
|
+
expect(conflicting_dependencies).to contain_exactly({
|
|
92
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
|
|
93
|
+
"name" => "actionpack",
|
|
94
|
+
"version" => "5.0.0",
|
|
95
|
+
"requirement" => "= 5.0.0"
|
|
96
|
+
}, {
|
|
97
|
+
"explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
|
|
98
|
+
"name" => "actionview",
|
|
99
|
+
"version" => "5.0.0",
|
|
100
|
+
"requirement" => "= 5.0.0"
|
|
101
|
+
}, {
|
|
102
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
|
|
103
|
+
"name" => "activejob",
|
|
104
|
+
"version" => "5.0.0",
|
|
105
|
+
"requirement" => "= 5.0.0"
|
|
106
|
+
})
|
|
123
107
|
end
|
|
124
108
|
end
|
|
125
109
|
|
|
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
it "returns all versions from the private source" do
|
|
43
|
-
|
|
43
|
+
expect(private_registry_versions).to eq([
|
|
44
44
|
Gem::Version.new("1.5.0"),
|
|
45
45
|
Gem::Version.new("1.9.0"),
|
|
46
46
|
Gem::Version.new("1.10.0.beta")
|
|
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
51
51
|
let(:project_name) { "specified_default_source_no_lockfile" }
|
|
52
52
|
|
|
53
53
|
it "returns all versions from the private source" do
|
|
54
|
-
|
|
54
|
+
expect(private_registry_versions).to eq([
|
|
55
55
|
Gem::Version.new("1.5.0"),
|
|
56
56
|
Gem::Version.new("1.9.0"),
|
|
57
57
|
Gem::Version.new("1.10.0.beta")
|
|
@@ -179,7 +179,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
179
179
|
end
|
|
180
180
|
|
|
181
181
|
it "returns all versions from the private source" do
|
|
182
|
-
expect(private_registry_versions.length).to
|
|
182
|
+
expect(private_registry_versions.length).to be(70)
|
|
183
183
|
expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
|
|
184
184
|
expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
|
|
185
185
|
end
|
|
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
|
|
|
39
39
|
type: :runtime
|
|
40
40
|
}
|
|
41
41
|
]
|
|
42
|
-
|
|
42
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -69,7 +69,7 @@ RSpec.describe Functions::FileParser do
|
|
|
69
69
|
type: :runtime
|
|
70
70
|
}
|
|
71
71
|
]
|
|
72
|
-
|
|
72
|
+
expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
end
|
|
@@ -189,7 +189,7 @@ module Functions
|
|
|
189
189
|
# if those sub-deps are top-level dependencies. We only want true
|
|
190
190
|
# subdeps unlocked, like they were in the UpdateChecker, so we
|
|
191
191
|
# mutate the unlocked gems array.
|
|
192
|
-
unlocked = defn.instance_variable_get(:@
|
|
192
|
+
unlocked = defn.instance_variable_get(:@gems_to_unlock)
|
|
193
193
|
must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
|
|
194
194
|
dependencies_to_unlock
|
|
195
195
|
unlocked.reject! { |n| must_not_unlock.include?(n) }
|
data/helpers/v2/run.rb
CHANGED
|
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
|
42
42
|
let(:target_version) { "6.0.0" }
|
|
43
43
|
|
|
44
44
|
it "returns a list of dependencies that block the update" do
|
|
45
|
-
expect(conflicting_dependencies).to
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
"requirement" => "= 5.2.0"
|
|
82
|
-
},
|
|
83
|
-
{
|
|
84
|
-
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
|
85
|
-
"name" => "railties",
|
|
86
|
-
"version" => "5.2.0",
|
|
87
|
-
"requirement" => "= 5.2.0"
|
|
88
|
-
}
|
|
89
|
-
]
|
|
90
|
-
)
|
|
45
|
+
expect(conflicting_dependencies).to contain_exactly({
|
|
46
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
|
|
47
|
+
"name" => "rails",
|
|
48
|
+
"requirement" => "= 5.2.0",
|
|
49
|
+
"version" => "5.2.0"
|
|
50
|
+
}, {
|
|
51
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
|
|
52
|
+
"name" => "actionpack",
|
|
53
|
+
"version" => "5.2.0",
|
|
54
|
+
"requirement" => "= 5.2.0"
|
|
55
|
+
}, {
|
|
56
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
|
|
57
|
+
"name" => "actionview",
|
|
58
|
+
"version" => "5.2.0",
|
|
59
|
+
"requirement" => "= 5.2.0"
|
|
60
|
+
}, {
|
|
61
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
|
|
62
|
+
"name" => "activejob",
|
|
63
|
+
"version" => "5.2.0",
|
|
64
|
+
"requirement" => "= 5.2.0"
|
|
65
|
+
}, {
|
|
66
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
|
|
67
|
+
"name" => "activemodel",
|
|
68
|
+
"version" => "5.2.0",
|
|
69
|
+
"requirement" => "= 5.2.0"
|
|
70
|
+
}, {
|
|
71
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
|
|
72
|
+
"name" => "activerecord",
|
|
73
|
+
"version" => "5.2.0",
|
|
74
|
+
"requirement" => "= 5.2.0"
|
|
75
|
+
}, {
|
|
76
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
|
77
|
+
"name" => "railties",
|
|
78
|
+
"version" => "5.2.0",
|
|
79
|
+
"requirement" => "= 5.2.0"
|
|
80
|
+
})
|
|
91
81
|
end
|
|
92
82
|
end
|
|
93
83
|
|
|
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
|
98
88
|
let(:project_name) { "multiple_blocking" }
|
|
99
89
|
|
|
100
90
|
it "returns all of the blocking dependencies" do
|
|
101
|
-
expect(conflicting_dependencies).to
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
"name" => "activejob",
|
|
118
|
-
"version" => "5.0.0",
|
|
119
|
-
"requirement" => "= 5.0.0"
|
|
120
|
-
}
|
|
121
|
-
]
|
|
122
|
-
)
|
|
91
|
+
expect(conflicting_dependencies).to contain_exactly({
|
|
92
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
|
|
93
|
+
"name" => "actionpack",
|
|
94
|
+
"version" => "5.0.0",
|
|
95
|
+
"requirement" => "= 5.0.0"
|
|
96
|
+
}, {
|
|
97
|
+
"explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
|
|
98
|
+
"name" => "actionview",
|
|
99
|
+
"version" => "5.0.0",
|
|
100
|
+
"requirement" => "= 5.0.0"
|
|
101
|
+
}, {
|
|
102
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
|
|
103
|
+
"name" => "activejob",
|
|
104
|
+
"version" => "5.0.0",
|
|
105
|
+
"requirement" => "= 5.0.0"
|
|
106
|
+
})
|
|
123
107
|
end
|
|
124
108
|
end
|
|
125
109
|
|
|
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
40
40
|
end
|
|
41
41
|
|
|
42
42
|
it "returns all versions from the private source" do
|
|
43
|
-
|
|
43
|
+
expect(private_registry_versions).to eq([
|
|
44
44
|
Gem::Version.new("1.5.0"),
|
|
45
45
|
Gem::Version.new("1.9.0"),
|
|
46
46
|
Gem::Version.new("1.10.0.beta")
|
|
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
51
51
|
let(:project_name) { "specified_default_source_no_lockfile" }
|
|
52
52
|
|
|
53
53
|
it "returns all versions from the private source" do
|
|
54
|
-
|
|
54
|
+
expect(private_registry_versions).to eq([
|
|
55
55
|
Gem::Version.new("1.5.0"),
|
|
56
56
|
Gem::Version.new("1.9.0"),
|
|
57
57
|
Gem::Version.new("1.10.0.beta")
|
|
@@ -180,7 +180,7 @@ RSpec.describe Functions::DependencySource do
|
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
it "returns all versions from the private source" do
|
|
183
|
-
expect(private_registry_versions.length).to
|
|
183
|
+
expect(private_registry_versions.length).to be(70)
|
|
184
184
|
expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
|
|
185
185
|
expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
|
|
186
186
|
end
|
|
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
|
|
|
39
39
|
type: :runtime
|
|
40
40
|
}
|
|
41
41
|
]
|
|
42
|
-
|
|
42
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
context "with a git source" do
|
|
@@ -103,7 +103,7 @@ RSpec.describe Functions::FileParser do
|
|
|
103
103
|
type: :runtime
|
|
104
104
|
}
|
|
105
105
|
]
|
|
106
|
-
|
|
106
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
end
|
|
@@ -134,7 +134,7 @@ RSpec.describe Functions::FileParser do
|
|
|
134
134
|
type: :runtime
|
|
135
135
|
}
|
|
136
136
|
]
|
|
137
|
-
|
|
137
|
+
expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
|
138
138
|
end
|
|
139
139
|
end
|
|
140
140
|
end
|
|
@@ -36,6 +36,9 @@ RSpec.describe Functions::VersionResolver do
|
|
|
36
36
|
stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.1.gemspec.rz")
|
|
37
37
|
.to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.1.gemspec.rz"))
|
|
38
38
|
|
|
39
|
+
stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.5.gemspec.rz")
|
|
40
|
+
.to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.5.gemspec.rz"))
|
|
41
|
+
|
|
39
42
|
stub_request(:get, %r{quick/Marshal.4.8/business-.*.gemspec.rz})
|
|
40
43
|
.to_return(status: 200, body: fixture("rubygems_responses", "business-1.0.0.gemspec.rz"))
|
|
41
44
|
end
|
|
@@ -102,12 +105,12 @@ RSpec.describe Functions::VersionResolver do
|
|
|
102
105
|
its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
|
|
103
106
|
end
|
|
104
107
|
|
|
105
|
-
context "with
|
|
108
|
+
context "when there's a version conflict with a subdep also listed as a top level dependency" do
|
|
106
109
|
let(:project_name) { "version_conflict_with_listed_subdep" }
|
|
107
110
|
let(:dependency_name) { "rspec-mocks" }
|
|
108
111
|
let(:requirement_string) { ">= 0" }
|
|
109
112
|
|
|
110
|
-
its([:version]) { is_expected.to
|
|
113
|
+
its([:version]) { is_expected.to be > Gem::Version.new("3.6.0") }
|
|
111
114
|
end
|
|
112
115
|
end
|
|
113
116
|
end
|
|
@@ -12,7 +12,7 @@ RSpec.describe Functions do
|
|
|
12
12
|
|
|
13
13
|
it "returns the jfrog source" do
|
|
14
14
|
in_tmp_folder do
|
|
15
|
-
jfrog_source =
|
|
15
|
+
jfrog_source = described_class.jfrog_source(
|
|
16
16
|
dir: tmp_path,
|
|
17
17
|
gemfile_name: "Gemfile",
|
|
18
18
|
credentials: {}
|
|
@@ -26,7 +26,7 @@ RSpec.describe Functions do
|
|
|
26
26
|
describe "#git_specs" do
|
|
27
27
|
subject(:git_specs) do
|
|
28
28
|
in_tmp_folder do
|
|
29
|
-
|
|
29
|
+
described_class.git_specs(
|
|
30
30
|
dir: tmp_path,
|
|
31
31
|
gemfile_name: "Gemfile",
|
|
32
32
|
credentials: {}
|
|
@@ -12,7 +12,6 @@ $LOAD_PATH.unshift(File.expand_path("../../spec_helpers", __dir__))
|
|
|
12
12
|
# Bundler monkey patches
|
|
13
13
|
require "definition_ruby_version_patch"
|
|
14
14
|
require "definition_bundler_version_patch"
|
|
15
|
-
require "definition_bundler_spec_set_patch"
|
|
16
15
|
require "git_source_patch"
|
|
17
16
|
|
|
18
17
|
require "functions"
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
5
|
+
require "sorbet-runtime"
|
|
6
|
+
|
|
5
7
|
require "dependabot/file_parsers/base"
|
|
6
8
|
|
|
7
9
|
module Dependabot
|
|
@@ -9,20 +11,26 @@ module Dependabot
|
|
|
9
11
|
class FileParser < Dependabot::FileParsers::Base
|
|
10
12
|
# Checks whether a dependency is declared in a Gemfile
|
|
11
13
|
class GemfileDeclarationFinder
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
16
|
+
sig { params(gemfile: Dependabot::DependencyFile).void }
|
|
12
17
|
def initialize(gemfile:)
|
|
13
18
|
@gemfile = gemfile
|
|
14
|
-
@declaration_nodes = {}
|
|
19
|
+
@declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
|
|
15
20
|
end
|
|
16
21
|
|
|
22
|
+
sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
|
|
17
23
|
def gemfile_includes_dependency?(dependency)
|
|
18
24
|
!declaration_node(dependency).nil?
|
|
19
25
|
end
|
|
20
26
|
|
|
27
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
28
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(String)) }
|
|
21
29
|
def enhanced_req_string(dependency)
|
|
22
30
|
return unless gemfile_includes_dependency?(dependency)
|
|
23
31
|
|
|
24
32
|
fallback_string = dependency.fetch("requirement")
|
|
25
|
-
req_nodes = declaration_node(dependency)
|
|
33
|
+
req_nodes = declaration_node(dependency)&.children&.[](3..-1)
|
|
26
34
|
req_nodes = req_nodes.reject { |child| child.type == :hash }
|
|
27
35
|
|
|
28
36
|
return fallback_string if req_nodes.none?
|
|
@@ -37,37 +45,58 @@ module Dependabot
|
|
|
37
45
|
fallback_string
|
|
38
46
|
end
|
|
39
47
|
end
|
|
48
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
40
49
|
|
|
41
50
|
private
|
|
42
51
|
|
|
52
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
43
53
|
attr_reader :gemfile
|
|
44
54
|
|
|
55
|
+
sig { returns(T.nilable(Parser::AST::Node)) }
|
|
45
56
|
def parsed_gemfile
|
|
46
|
-
@parsed_gemfile ||=
|
|
57
|
+
@parsed_gemfile ||= T.let(
|
|
58
|
+
Parser::CurrentRuby.parse(gemfile.content),
|
|
59
|
+
T.nilable(Parser::AST::Node)
|
|
60
|
+
)
|
|
47
61
|
end
|
|
48
62
|
|
|
63
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
|
49
64
|
def declaration_node(dependency)
|
|
50
65
|
return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
|
|
51
66
|
return unless parsed_gemfile
|
|
52
67
|
|
|
53
68
|
@declaration_nodes[dependency] = nil
|
|
54
|
-
parsed_gemfile.children.any? do |node|
|
|
69
|
+
T.must(parsed_gemfile).children.any? do |node|
|
|
55
70
|
@declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
|
|
56
71
|
end
|
|
57
72
|
@declaration_nodes[dependency]
|
|
58
73
|
end
|
|
59
74
|
|
|
75
|
+
sig do
|
|
76
|
+
params(
|
|
77
|
+
node: T.untyped,
|
|
78
|
+
dependency: T::Hash[String, String]
|
|
79
|
+
)
|
|
80
|
+
.returns(T.nilable(Parser::AST::Node))
|
|
81
|
+
end
|
|
60
82
|
def deep_search_for_gem(node, dependency)
|
|
61
|
-
return node if declares_targeted_gem?(node, dependency)
|
|
83
|
+
return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
|
|
62
84
|
return unless node.is_a?(Parser::AST::Node)
|
|
63
85
|
|
|
64
|
-
declaration_node = nil
|
|
86
|
+
declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
|
|
65
87
|
node.children.find do |child_node|
|
|
66
88
|
declaration_node = deep_search_for_gem(child_node, dependency)
|
|
67
89
|
end
|
|
68
90
|
declaration_node
|
|
69
91
|
end
|
|
70
92
|
|
|
93
|
+
sig do
|
|
94
|
+
params(
|
|
95
|
+
node: T.untyped,
|
|
96
|
+
dependency: T::Hash[String, String]
|
|
97
|
+
)
|
|
98
|
+
.returns(T::Boolean)
|
|
99
|
+
end
|
|
71
100
|
def declares_targeted_gem?(node, dependency)
|
|
72
101
|
return false unless node.is_a?(Parser::AST::Node)
|
|
73
102
|
return false unless node.children[1] == :gem
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
5
|
+
require "sorbet-runtime"
|
|
6
|
+
|
|
5
7
|
require "dependabot/file_parsers/base"
|
|
6
8
|
|
|
7
9
|
module Dependabot
|
|
@@ -9,45 +11,54 @@ module Dependabot
|
|
|
9
11
|
class FileParser < Dependabot::FileParsers::Base
|
|
10
12
|
# Checks whether a dependency is declared in a gemspec file
|
|
11
13
|
class GemspecDeclarationFinder
|
|
14
|
+
extend T::Sig
|
|
15
|
+
|
|
16
|
+
sig { params(gemspec: Dependabot::DependencyFile).void }
|
|
12
17
|
def initialize(gemspec:)
|
|
13
18
|
@gemspec = gemspec
|
|
14
|
-
@declaration_nodes = {}
|
|
19
|
+
@declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
|
|
15
20
|
end
|
|
16
21
|
|
|
22
|
+
sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
|
|
17
23
|
def gemspec_includes_dependency?(dependency)
|
|
18
24
|
!declaration_node(dependency).nil?
|
|
19
25
|
end
|
|
20
26
|
|
|
21
27
|
private
|
|
22
28
|
|
|
29
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
23
30
|
attr_reader :gemspec
|
|
24
31
|
|
|
32
|
+
sig { returns(T.nilable(Parser::AST::Node)) }
|
|
25
33
|
def parsed_gemspec
|
|
26
|
-
@parsed_gemspec ||= Parser::CurrentRuby.parse(gemspec.content)
|
|
34
|
+
@parsed_gemspec ||= T.let(Parser::CurrentRuby.parse(gemspec.content), T.nilable(Parser::AST::Node))
|
|
27
35
|
end
|
|
28
36
|
|
|
37
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
|
29
38
|
def declaration_node(dependency)
|
|
30
39
|
return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
|
|
31
40
|
return unless parsed_gemspec
|
|
32
41
|
|
|
33
42
|
@declaration_nodes[dependency] = nil
|
|
34
|
-
parsed_gemspec.children.any? do |node|
|
|
43
|
+
T.must(parsed_gemspec).children.any? do |node|
|
|
35
44
|
@declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
|
|
36
45
|
end
|
|
37
46
|
@declaration_nodes[dependency]
|
|
38
47
|
end
|
|
39
48
|
|
|
49
|
+
sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
|
40
50
|
def deep_search_for_gem(node, dependency)
|
|
41
|
-
return node if declares_targeted_gem?(node, dependency)
|
|
51
|
+
return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
|
|
42
52
|
return unless node.is_a?(Parser::AST::Node)
|
|
43
53
|
|
|
44
|
-
declaration_node = nil
|
|
54
|
+
declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
|
|
45
55
|
node.children.find do |child_node|
|
|
46
56
|
declaration_node = deep_search_for_gem(child_node, dependency)
|
|
47
57
|
end
|
|
48
58
|
declaration_node
|
|
49
59
|
end
|
|
50
60
|
|
|
61
|
+
sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T::Boolean) }
|
|
51
62
|
def declares_targeted_gem?(node, dependency)
|
|
52
63
|
return false unless node.is_a?(Parser::AST::Node)
|
|
53
64
|
|
|
@@ -1,13 +1,17 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
5
|
+
require "sorbet-runtime"
|
|
6
|
+
|
|
5
7
|
require "dependabot/bundler/file_updater"
|
|
6
8
|
|
|
7
9
|
module Dependabot
|
|
8
10
|
module Bundler
|
|
9
11
|
class FileUpdater
|
|
10
12
|
class GitSourceRemover
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
11
15
|
attr_reader :dependency
|
|
12
16
|
|
|
13
17
|
def initialize(dependency:)
|
|
@@ -73,7 +77,7 @@ module Dependabot
|
|
|
73
77
|
end
|
|
74
78
|
|
|
75
79
|
def remove_git_related_kwargs(kwargs_node)
|
|
76
|
-
good_key_index = nil
|
|
80
|
+
good_key_index = T.let(nil, T.nilable(Integer))
|
|
77
81
|
hash_pairs = kwargs_node.children
|
|
78
82
|
|
|
79
83
|
hash_pairs.each_with_index do |hash_pair, index|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/file_updaters"
|
|
@@ -27,7 +27,7 @@ module Dependabot
|
|
|
27
27
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
28
28
|
# rubocop:disable Metrics/AbcSize
|
|
29
29
|
def updated_dependency_files
|
|
30
|
-
updated_files = []
|
|
30
|
+
updated_files = T.let([], T::Array[Dependabot::DependencyFile])
|
|
31
31
|
|
|
32
32
|
if gemfile && file_changed?(gemfile)
|
|
33
33
|
updated_files <<
|
|
@@ -58,7 +58,7 @@ module Dependabot
|
|
|
58
58
|
|
|
59
59
|
check_updated_files(updated_files)
|
|
60
60
|
|
|
61
|
-
base_dir = updated_files.first.directory
|
|
61
|
+
base_dir = T.must(updated_files.first).directory
|
|
62
62
|
vendor_updater
|
|
63
63
|
.updated_vendor_cache_files(base_directory: base_dir)
|
|
64
64
|
.each do |file|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
@@ -87,7 +87,7 @@ module Dependabot
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
source_url = github_urls.find do |url|
|
|
90
|
-
repo = Source.from_url(url).repo
|
|
90
|
+
repo = T.must(Source.from_url(url)).repo
|
|
91
91
|
repo.downcase.end_with?(dependency.name)
|
|
92
92
|
end
|
|
93
93
|
return unless source_url
|
|
@@ -102,7 +102,7 @@ module Dependabot
|
|
|
102
102
|
rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
|
|
103
103
|
.scan(Dependabot::Source::SOURCE_REGEX) do
|
|
104
104
|
github_urls << (Regexp.last_match.to_s +
|
|
105
|
-
Regexp.last_match.post_match.split("\n").first)
|
|
105
|
+
T.must(T.must(Regexp.last_match).post_match.split("\n").first))
|
|
106
106
|
end
|
|
107
107
|
|
|
108
108
|
github_urls.find do |url|
|
|
@@ -204,7 +204,7 @@ module Dependabot
|
|
|
204
204
|
cred["type"] == "rubygems_server" && cred.replaces_base?
|
|
205
205
|
end
|
|
206
206
|
host = credential ? credential["host"] : "rubygems.org"
|
|
207
|
-
@base_url = "https://#{host}
|
|
207
|
+
@base_url = "https://#{host}#{host&.end_with?('/') ? '' : '/'}"
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
def registry_auth_headers
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "excon"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
require "uri"
|
|
6
7
|
|
|
7
8
|
require "dependabot/bundler/update_checker"
|
|
@@ -15,6 +16,16 @@ module Dependabot
|
|
|
15
16
|
module Bundler
|
|
16
17
|
class UpdateChecker
|
|
17
18
|
module SharedBundlerHelpers
|
|
19
|
+
include Kernel
|
|
20
|
+
|
|
21
|
+
extend T::Sig
|
|
22
|
+
extend T::Helpers
|
|
23
|
+
|
|
24
|
+
abstract!
|
|
25
|
+
|
|
26
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
27
|
+
attr_reader :options
|
|
28
|
+
|
|
18
29
|
GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
|
|
19
30
|
GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
|
|
20
31
|
PATH_REGEX = /The path `(?<path>.*)` does not exist/
|
|
@@ -217,6 +228,9 @@ module Dependabot
|
|
|
217
228
|
end
|
|
218
229
|
end
|
|
219
230
|
|
|
231
|
+
sig { abstract.returns(String) }
|
|
232
|
+
def bundler_version; end
|
|
233
|
+
|
|
220
234
|
def write_temporary_dependency_files
|
|
221
235
|
dependency_files.each do |file|
|
|
222
236
|
path = file.name
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.261.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.261.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.261.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -292,12 +292,10 @@ files:
|
|
|
292
292
|
- helpers/v2/lib/functions/force_updater.rb
|
|
293
293
|
- helpers/v2/lib/functions/lockfile_updater.rb
|
|
294
294
|
- helpers/v2/lib/functions/version_resolver.rb
|
|
295
|
-
- helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb
|
|
296
295
|
- helpers/v2/monkey_patches/definition_bundler_version_patch.rb
|
|
297
296
|
- helpers/v2/monkey_patches/definition_ruby_version_patch.rb
|
|
298
297
|
- helpers/v2/monkey_patches/git_source_patch.rb
|
|
299
298
|
- helpers/v2/run.rb
|
|
300
|
-
- helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb
|
|
301
299
|
- helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
|
|
302
300
|
- helpers/v2/spec/functions/dependency_source_spec.rb
|
|
303
301
|
- helpers/v2/spec/functions/file_parser_spec.rb
|
|
@@ -347,7 +345,7 @@ licenses:
|
|
|
347
345
|
- MIT
|
|
348
346
|
metadata:
|
|
349
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
350
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
|
351
349
|
post_install_message:
|
|
352
350
|
rdoc_options: []
|
|
353
351
|
require_paths:
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
# typed: false
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require "bundler/spec_set"
|
|
5
|
-
|
|
6
|
-
# monkey patch materialized_for_all_platforms for lazy specification issue resolution
|
|
7
|
-
# https://github.com/dependabot/dependabot-core/pull/9807
|
|
8
|
-
module BundlerSpecSetPatch
|
|
9
|
-
def materialized_for_all_platforms
|
|
10
|
-
@specs.map do |s|
|
|
11
|
-
next s unless s.is_a?(Bundler::LazySpecification)
|
|
12
|
-
|
|
13
|
-
s.source.cached!
|
|
14
|
-
s.source.remote!
|
|
15
|
-
spec = s.materialize_for_installation
|
|
16
|
-
raise Bundler::GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
|
|
17
|
-
|
|
18
|
-
spec
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
Bundler::SpecSet.prepend(BundlerSpecSetPatch)
|
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
# typed: false
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
# rubocop:disable RSpec/FilePath
|
|
5
|
-
# rubocop:disable RSpec/SpecFilePathFormat
|
|
6
|
-
|
|
7
|
-
require "native_spec_helper"
|
|
8
|
-
require "shared_contexts"
|
|
9
|
-
require "bundler/spec_set"
|
|
10
|
-
|
|
11
|
-
RSpec.describe Bundler::SpecSet do
|
|
12
|
-
let(:primary_source) { instance_double(Bundler::Source::Git) }
|
|
13
|
-
let(:secondary_source) { instance_double(Bundler::Source::Path) }
|
|
14
|
-
let(:primary_spec_set) do
|
|
15
|
-
instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-x86_64-linux", source: primary_source)
|
|
16
|
-
end
|
|
17
|
-
let(:secondary_spec_set) do
|
|
18
|
-
instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-arm64-darwin", source: secondary_source)
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
before do
|
|
22
|
-
allow(primary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
|
|
23
|
-
allow(secondary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
|
|
24
|
-
|
|
25
|
-
allow(primary_source).to receive(:cached!)
|
|
26
|
-
allow(primary_source).to receive(:remote!)
|
|
27
|
-
allow(secondary_source).to receive(:cached!)
|
|
28
|
-
allow(secondary_source).to receive(:remote!)
|
|
29
|
-
|
|
30
|
-
allow(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set)
|
|
31
|
-
allow(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
describe "#materialized_for_all_platforms" do
|
|
35
|
-
context "when cache_all_platforms is enabled" do
|
|
36
|
-
let(:spec_set) { described_class.new([primary_spec_set, secondary_spec_set]) }
|
|
37
|
-
|
|
38
|
-
before do
|
|
39
|
-
described_class.prepend(BundlerSpecSetPatch)
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it "uses cached gems for secondary sources" do
|
|
43
|
-
expect(primary_spec_set.source).to receive(:cached!).ordered
|
|
44
|
-
expect(primary_spec_set.source).to receive(:remote!).ordered
|
|
45
|
-
expect(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set).ordered
|
|
46
|
-
|
|
47
|
-
expect(secondary_spec_set.source).to receive(:cached!).ordered
|
|
48
|
-
expect(secondary_spec_set.source).to receive(:remote!).ordered
|
|
49
|
-
expect(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set).ordered
|
|
50
|
-
|
|
51
|
-
result = spec_set.materialized_for_all_platforms
|
|
52
|
-
expect(result).to include(primary_spec_set, secondary_spec_set)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
it "raises an error if a gem cannot be found in any of the sources" do
|
|
56
|
-
allow(primary_spec_set).to receive(:materialize_for_installation).and_return(nil)
|
|
57
|
-
|
|
58
|
-
expect do
|
|
59
|
-
spec_set.materialized_for_all_platforms
|
|
60
|
-
end.to raise_error(Bundler::GemNotFound,
|
|
61
|
-
"Could not find foo-1.0.0-x86_64-linux in any of the sources")
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
# rubocop:enable RSpec/FilePath
|
|
68
|
-
# rubocop:enable RSpec/SpecFilePathFormat
|