dependabot-bundler 0.260.0 → 0.261.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
- data/helpers/v1/spec/functions/dependency_source_spec.rb +2 -2
- data/helpers/v1/spec/functions/file_parser_spec.rb +2 -2
- data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
- data/helpers/v2/spec/functions/dependency_source_spec.rb +2 -2
- data/helpers/v2/spec/functions/file_parser_spec.rb +3 -3
- data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +36 -7
- data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +17 -6
- data/lib/dependabot/bundler/file_updater/git_source_remover.rb +6 -2
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +15 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a8b215bdea5dc17ab35848e557529c8e22851f703a5fe3ef8965cf5bf9e15331
|
4
|
+
data.tar.gz: d453d01dccec321c438dff7c8f2107b4f6b75cbecaf67823e250988b860f78cd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4319c06b8a84ade9b143ea5949e4be67d01e81a94d85d97f99d477f0fb2f836937bec1a752b61301fc2608183c38516bd13043d3f8fa12dcbc41dd717b262baa
|
7
|
+
data.tar.gz: 96ce46b41f6acec8899157a458fbe47f65812729bd2998d26c4241cb06e39c643b5935b53d358ed09374affb8df5b74862b8133c30419b4fa29ffb6881ec34c2
|
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
42
42
|
let(:target_version) { "6.0.0" }
|
43
43
|
|
44
44
|
it "returns a list of dependencies that block the update" do
|
45
|
-
expect(conflicting_dependencies).to
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
"requirement" => "= 5.2.0"
|
82
|
-
},
|
83
|
-
{
|
84
|
-
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
85
|
-
"name" => "railties",
|
86
|
-
"version" => "5.2.0",
|
87
|
-
"requirement" => "= 5.2.0"
|
88
|
-
}
|
89
|
-
]
|
90
|
-
)
|
45
|
+
expect(conflicting_dependencies).to contain_exactly({
|
46
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
|
47
|
+
"name" => "rails",
|
48
|
+
"requirement" => "= 5.2.0",
|
49
|
+
"version" => "5.2.0"
|
50
|
+
}, {
|
51
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
|
52
|
+
"name" => "actionpack",
|
53
|
+
"version" => "5.2.0",
|
54
|
+
"requirement" => "= 5.2.0"
|
55
|
+
}, {
|
56
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
|
57
|
+
"name" => "actionview",
|
58
|
+
"version" => "5.2.0",
|
59
|
+
"requirement" => "= 5.2.0"
|
60
|
+
}, {
|
61
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
|
62
|
+
"name" => "activejob",
|
63
|
+
"version" => "5.2.0",
|
64
|
+
"requirement" => "= 5.2.0"
|
65
|
+
}, {
|
66
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
|
67
|
+
"name" => "activemodel",
|
68
|
+
"version" => "5.2.0",
|
69
|
+
"requirement" => "= 5.2.0"
|
70
|
+
}, {
|
71
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
|
72
|
+
"name" => "activerecord",
|
73
|
+
"version" => "5.2.0",
|
74
|
+
"requirement" => "= 5.2.0"
|
75
|
+
}, {
|
76
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
77
|
+
"name" => "railties",
|
78
|
+
"version" => "5.2.0",
|
79
|
+
"requirement" => "= 5.2.0"
|
80
|
+
})
|
91
81
|
end
|
92
82
|
end
|
93
83
|
|
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
98
88
|
let(:project_name) { "multiple_blocking" }
|
99
89
|
|
100
90
|
it "returns all of the blocking dependencies" do
|
101
|
-
expect(conflicting_dependencies).to
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
"name" => "activejob",
|
118
|
-
"version" => "5.0.0",
|
119
|
-
"requirement" => "= 5.0.0"
|
120
|
-
}
|
121
|
-
]
|
122
|
-
)
|
91
|
+
expect(conflicting_dependencies).to contain_exactly({
|
92
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
|
93
|
+
"name" => "actionpack",
|
94
|
+
"version" => "5.0.0",
|
95
|
+
"requirement" => "= 5.0.0"
|
96
|
+
}, {
|
97
|
+
"explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
|
98
|
+
"name" => "actionview",
|
99
|
+
"version" => "5.0.0",
|
100
|
+
"requirement" => "= 5.0.0"
|
101
|
+
}, {
|
102
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
|
103
|
+
"name" => "activejob",
|
104
|
+
"version" => "5.0.0",
|
105
|
+
"requirement" => "= 5.0.0"
|
106
|
+
})
|
123
107
|
end
|
124
108
|
end
|
125
109
|
|
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
|
|
40
40
|
end
|
41
41
|
|
42
42
|
it "returns all versions from the private source" do
|
43
|
-
|
43
|
+
expect(private_registry_versions).to eq([
|
44
44
|
Gem::Version.new("1.5.0"),
|
45
45
|
Gem::Version.new("1.9.0"),
|
46
46
|
Gem::Version.new("1.10.0.beta")
|
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
|
|
51
51
|
let(:project_name) { "specified_default_source_no_lockfile" }
|
52
52
|
|
53
53
|
it "returns all versions from the private source" do
|
54
|
-
|
54
|
+
expect(private_registry_versions).to eq([
|
55
55
|
Gem::Version.new("1.5.0"),
|
56
56
|
Gem::Version.new("1.9.0"),
|
57
57
|
Gem::Version.new("1.10.0.beta")
|
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
|
|
39
39
|
type: :runtime
|
40
40
|
}
|
41
41
|
]
|
42
|
-
|
42
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
@@ -69,7 +69,7 @@ RSpec.describe Functions::FileParser do
|
|
69
69
|
type: :runtime
|
70
70
|
}
|
71
71
|
]
|
72
|
-
|
72
|
+
expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion
|
73
73
|
end
|
74
74
|
end
|
75
75
|
end
|
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
42
42
|
let(:target_version) { "6.0.0" }
|
43
43
|
|
44
44
|
it "returns a list of dependencies that block the update" do
|
45
|
-
expect(conflicting_dependencies).to
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
"requirement" => "= 5.2.0"
|
82
|
-
},
|
83
|
-
{
|
84
|
-
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
85
|
-
"name" => "railties",
|
86
|
-
"version" => "5.2.0",
|
87
|
-
"requirement" => "= 5.2.0"
|
88
|
-
}
|
89
|
-
]
|
90
|
-
)
|
45
|
+
expect(conflicting_dependencies).to contain_exactly({
|
46
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
|
47
|
+
"name" => "rails",
|
48
|
+
"requirement" => "= 5.2.0",
|
49
|
+
"version" => "5.2.0"
|
50
|
+
}, {
|
51
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
|
52
|
+
"name" => "actionpack",
|
53
|
+
"version" => "5.2.0",
|
54
|
+
"requirement" => "= 5.2.0"
|
55
|
+
}, {
|
56
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
|
57
|
+
"name" => "actionview",
|
58
|
+
"version" => "5.2.0",
|
59
|
+
"requirement" => "= 5.2.0"
|
60
|
+
}, {
|
61
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
|
62
|
+
"name" => "activejob",
|
63
|
+
"version" => "5.2.0",
|
64
|
+
"requirement" => "= 5.2.0"
|
65
|
+
}, {
|
66
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
|
67
|
+
"name" => "activemodel",
|
68
|
+
"version" => "5.2.0",
|
69
|
+
"requirement" => "= 5.2.0"
|
70
|
+
}, {
|
71
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
|
72
|
+
"name" => "activerecord",
|
73
|
+
"version" => "5.2.0",
|
74
|
+
"requirement" => "= 5.2.0"
|
75
|
+
}, {
|
76
|
+
"explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
|
77
|
+
"name" => "railties",
|
78
|
+
"version" => "5.2.0",
|
79
|
+
"requirement" => "= 5.2.0"
|
80
|
+
})
|
91
81
|
end
|
92
82
|
end
|
93
83
|
|
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
|
|
98
88
|
let(:project_name) { "multiple_blocking" }
|
99
89
|
|
100
90
|
it "returns all of the blocking dependencies" do
|
101
|
-
expect(conflicting_dependencies).to
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
"name" => "activejob",
|
118
|
-
"version" => "5.0.0",
|
119
|
-
"requirement" => "= 5.0.0"
|
120
|
-
}
|
121
|
-
]
|
122
|
-
)
|
91
|
+
expect(conflicting_dependencies).to contain_exactly({
|
92
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
|
93
|
+
"name" => "actionpack",
|
94
|
+
"version" => "5.0.0",
|
95
|
+
"requirement" => "= 5.0.0"
|
96
|
+
}, {
|
97
|
+
"explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
|
98
|
+
"name" => "actionview",
|
99
|
+
"version" => "5.0.0",
|
100
|
+
"requirement" => "= 5.0.0"
|
101
|
+
}, {
|
102
|
+
"explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
|
103
|
+
"name" => "activejob",
|
104
|
+
"version" => "5.0.0",
|
105
|
+
"requirement" => "= 5.0.0"
|
106
|
+
})
|
123
107
|
end
|
124
108
|
end
|
125
109
|
|
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
|
|
40
40
|
end
|
41
41
|
|
42
42
|
it "returns all versions from the private source" do
|
43
|
-
|
43
|
+
expect(private_registry_versions).to eq([
|
44
44
|
Gem::Version.new("1.5.0"),
|
45
45
|
Gem::Version.new("1.9.0"),
|
46
46
|
Gem::Version.new("1.10.0.beta")
|
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
|
|
51
51
|
let(:project_name) { "specified_default_source_no_lockfile" }
|
52
52
|
|
53
53
|
it "returns all versions from the private source" do
|
54
|
-
|
54
|
+
expect(private_registry_versions).to eq([
|
55
55
|
Gem::Version.new("1.5.0"),
|
56
56
|
Gem::Version.new("1.9.0"),
|
57
57
|
Gem::Version.new("1.10.0.beta")
|
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
|
|
39
39
|
type: :runtime
|
40
40
|
}
|
41
41
|
]
|
42
|
-
|
42
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
43
43
|
end
|
44
44
|
|
45
45
|
context "with a git source" do
|
@@ -103,7 +103,7 @@ RSpec.describe Functions::FileParser do
|
|
103
103
|
type: :runtime
|
104
104
|
}
|
105
105
|
]
|
106
|
-
|
106
|
+
expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
107
107
|
end
|
108
108
|
end
|
109
109
|
end
|
@@ -134,7 +134,7 @@ RSpec.describe Functions::FileParser do
|
|
134
134
|
type: :runtime
|
135
135
|
}
|
136
136
|
]
|
137
|
-
|
137
|
+
expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
|
138
138
|
end
|
139
139
|
end
|
140
140
|
end
|
@@ -1,7 +1,9 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "parser/current"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
5
7
|
require "dependabot/file_parsers/base"
|
6
8
|
|
7
9
|
module Dependabot
|
@@ -9,20 +11,26 @@ module Dependabot
|
|
9
11
|
class FileParser < Dependabot::FileParsers::Base
|
10
12
|
# Checks whether a dependency is declared in a Gemfile
|
11
13
|
class GemfileDeclarationFinder
|
14
|
+
extend T::Sig
|
15
|
+
|
16
|
+
sig { params(gemfile: Dependabot::DependencyFile).void }
|
12
17
|
def initialize(gemfile:)
|
13
18
|
@gemfile = gemfile
|
14
|
-
@declaration_nodes = {}
|
19
|
+
@declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
|
15
20
|
end
|
16
21
|
|
22
|
+
sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
|
17
23
|
def gemfile_includes_dependency?(dependency)
|
18
24
|
!declaration_node(dependency).nil?
|
19
25
|
end
|
20
26
|
|
27
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
28
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(String)) }
|
21
29
|
def enhanced_req_string(dependency)
|
22
30
|
return unless gemfile_includes_dependency?(dependency)
|
23
31
|
|
24
32
|
fallback_string = dependency.fetch("requirement")
|
25
|
-
req_nodes = declaration_node(dependency)
|
33
|
+
req_nodes = declaration_node(dependency)&.children&.[](3..-1)
|
26
34
|
req_nodes = req_nodes.reject { |child| child.type == :hash }
|
27
35
|
|
28
36
|
return fallback_string if req_nodes.none?
|
@@ -37,37 +45,58 @@ module Dependabot
|
|
37
45
|
fallback_string
|
38
46
|
end
|
39
47
|
end
|
48
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
40
49
|
|
41
50
|
private
|
42
51
|
|
52
|
+
sig { returns(Dependabot::DependencyFile) }
|
43
53
|
attr_reader :gemfile
|
44
54
|
|
55
|
+
sig { returns(T.nilable(Parser::AST::Node)) }
|
45
56
|
def parsed_gemfile
|
46
|
-
@parsed_gemfile ||=
|
57
|
+
@parsed_gemfile ||= T.let(
|
58
|
+
Parser::CurrentRuby.parse(gemfile.content),
|
59
|
+
T.nilable(Parser::AST::Node)
|
60
|
+
)
|
47
61
|
end
|
48
62
|
|
63
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
49
64
|
def declaration_node(dependency)
|
50
65
|
return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
|
51
66
|
return unless parsed_gemfile
|
52
67
|
|
53
68
|
@declaration_nodes[dependency] = nil
|
54
|
-
parsed_gemfile.children.any? do |node|
|
69
|
+
T.must(parsed_gemfile).children.any? do |node|
|
55
70
|
@declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
|
56
71
|
end
|
57
72
|
@declaration_nodes[dependency]
|
58
73
|
end
|
59
74
|
|
75
|
+
sig do
|
76
|
+
params(
|
77
|
+
node: T.untyped,
|
78
|
+
dependency: T::Hash[String, String]
|
79
|
+
)
|
80
|
+
.returns(T.nilable(Parser::AST::Node))
|
81
|
+
end
|
60
82
|
def deep_search_for_gem(node, dependency)
|
61
|
-
return node if declares_targeted_gem?(node, dependency)
|
83
|
+
return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
|
62
84
|
return unless node.is_a?(Parser::AST::Node)
|
63
85
|
|
64
|
-
declaration_node = nil
|
86
|
+
declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
|
65
87
|
node.children.find do |child_node|
|
66
88
|
declaration_node = deep_search_for_gem(child_node, dependency)
|
67
89
|
end
|
68
90
|
declaration_node
|
69
91
|
end
|
70
92
|
|
93
|
+
sig do
|
94
|
+
params(
|
95
|
+
node: T.untyped,
|
96
|
+
dependency: T::Hash[String, String]
|
97
|
+
)
|
98
|
+
.returns(T::Boolean)
|
99
|
+
end
|
71
100
|
def declares_targeted_gem?(node, dependency)
|
72
101
|
return false unless node.is_a?(Parser::AST::Node)
|
73
102
|
return false unless node.children[1] == :gem
|
@@ -1,7 +1,9 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "parser/current"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
5
7
|
require "dependabot/file_parsers/base"
|
6
8
|
|
7
9
|
module Dependabot
|
@@ -9,45 +11,54 @@ module Dependabot
|
|
9
11
|
class FileParser < Dependabot::FileParsers::Base
|
10
12
|
# Checks whether a dependency is declared in a gemspec file
|
11
13
|
class GemspecDeclarationFinder
|
14
|
+
extend T::Sig
|
15
|
+
|
16
|
+
sig { params(gemspec: Dependabot::DependencyFile).void }
|
12
17
|
def initialize(gemspec:)
|
13
18
|
@gemspec = gemspec
|
14
|
-
@declaration_nodes = {}
|
19
|
+
@declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
|
15
20
|
end
|
16
21
|
|
22
|
+
sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
|
17
23
|
def gemspec_includes_dependency?(dependency)
|
18
24
|
!declaration_node(dependency).nil?
|
19
25
|
end
|
20
26
|
|
21
27
|
private
|
22
28
|
|
29
|
+
sig { returns(Dependabot::DependencyFile) }
|
23
30
|
attr_reader :gemspec
|
24
31
|
|
32
|
+
sig { returns(T.nilable(Parser::AST::Node)) }
|
25
33
|
def parsed_gemspec
|
26
|
-
@parsed_gemspec ||= Parser::CurrentRuby.parse(gemspec.content)
|
34
|
+
@parsed_gemspec ||= T.let(Parser::CurrentRuby.parse(gemspec.content), T.nilable(Parser::AST::Node))
|
27
35
|
end
|
28
36
|
|
37
|
+
sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
29
38
|
def declaration_node(dependency)
|
30
39
|
return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
|
31
40
|
return unless parsed_gemspec
|
32
41
|
|
33
42
|
@declaration_nodes[dependency] = nil
|
34
|
-
parsed_gemspec.children.any? do |node|
|
43
|
+
T.must(parsed_gemspec).children.any? do |node|
|
35
44
|
@declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
|
36
45
|
end
|
37
46
|
@declaration_nodes[dependency]
|
38
47
|
end
|
39
48
|
|
49
|
+
sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
|
40
50
|
def deep_search_for_gem(node, dependency)
|
41
|
-
return node if declares_targeted_gem?(node, dependency)
|
51
|
+
return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
|
42
52
|
return unless node.is_a?(Parser::AST::Node)
|
43
53
|
|
44
|
-
declaration_node = nil
|
54
|
+
declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
|
45
55
|
node.children.find do |child_node|
|
46
56
|
declaration_node = deep_search_for_gem(child_node, dependency)
|
47
57
|
end
|
48
58
|
declaration_node
|
49
59
|
end
|
50
60
|
|
61
|
+
sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T::Boolean) }
|
51
62
|
def declares_targeted_gem?(node, dependency)
|
52
63
|
return false unless node.is_a?(Parser::AST::Node)
|
53
64
|
|
@@ -1,13 +1,17 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "parser/current"
|
5
|
+
require "sorbet-runtime"
|
6
|
+
|
5
7
|
require "dependabot/bundler/file_updater"
|
6
8
|
|
7
9
|
module Dependabot
|
8
10
|
module Bundler
|
9
11
|
class FileUpdater
|
10
12
|
class GitSourceRemover
|
13
|
+
extend T::Sig
|
14
|
+
|
11
15
|
attr_reader :dependency
|
12
16
|
|
13
17
|
def initialize(dependency:)
|
@@ -73,7 +77,7 @@ module Dependabot
|
|
73
77
|
end
|
74
78
|
|
75
79
|
def remove_git_related_kwargs(kwargs_node)
|
76
|
-
good_key_index = nil
|
80
|
+
good_key_index = T.let(nil, T.nilable(Integer))
|
77
81
|
hash_pairs = kwargs_node.children
|
78
82
|
|
79
83
|
hash_pairs.each_with_index do |hash_pair, index|
|
@@ -1,7 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "excon"
|
5
|
+
require "sorbet-runtime"
|
5
6
|
require "uri"
|
6
7
|
|
7
8
|
require "dependabot/bundler/update_checker"
|
@@ -15,6 +16,16 @@ module Dependabot
|
|
15
16
|
module Bundler
|
16
17
|
class UpdateChecker
|
17
18
|
module SharedBundlerHelpers
|
19
|
+
include Kernel
|
20
|
+
|
21
|
+
extend T::Sig
|
22
|
+
extend T::Helpers
|
23
|
+
|
24
|
+
abstract!
|
25
|
+
|
26
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
27
|
+
attr_reader :options
|
28
|
+
|
18
29
|
GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
|
19
30
|
GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
|
20
31
|
PATH_REGEX = /The path `(?<path>.*)` does not exist/
|
@@ -217,6 +228,9 @@ module Dependabot
|
|
217
228
|
end
|
218
229
|
end
|
219
230
|
|
231
|
+
sig { abstract.returns(String) }
|
232
|
+
def bundler_version; end
|
233
|
+
|
220
234
|
def write_temporary_dependency_files
|
221
235
|
dependency_files.each do |file|
|
222
236
|
path = file.name
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.261.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06-
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.261.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.261.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: parallel
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,7 +345,7 @@ licenses:
|
|
345
345
|
- MIT
|
346
346
|
metadata:
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
349
349
|
post_install_message:
|
350
350
|
rdoc_options: []
|
351
351
|
require_paths:
|