dependabot-bundler 0.261.0 → 0.262.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a8b215bdea5dc17ab35848e557529c8e22851f703a5fe3ef8965cf5bf9e15331
4
- data.tar.gz: d453d01dccec321c438dff7c8f2107b4f6b75cbecaf67823e250988b860f78cd
3
+ metadata.gz: f3110295d89e7d09947a48ccb7a3c623684e62392a2467e5708dc83ca1d1c698
4
+ data.tar.gz: d675d23e1adab94cad313a607d02cc1712491f90d3fcd9649d6bd6874de223f9
5
5
  SHA512:
6
- metadata.gz: 4319c06b8a84ade9b143ea5949e4be67d01e81a94d85d97f99d477f0fb2f836937bec1a752b61301fc2608183c38516bd13043d3f8fa12dcbc41dd717b262baa
7
- data.tar.gz: 96ce46b41f6acec8899157a458fbe47f65812729bd2998d26c4241cb06e39c643b5935b53d358ed09374affb8df5b74862b8133c30419b4fa29ffb6881ec34c2
6
+ metadata.gz: 7c3680e4726f1b5999721dee5a0d2df0587f6ed4391a59a5ff3af16116c965088dd2cb582147e1ad7eb73c10b67bf05a9ac100d71a4229daf2ea63680c6a9f1e
7
+ data.tar.gz: 3a2e33646daacd25c82ae4be8a664f21ce41b185dba0d24ae2adee045e5c70c3be1e4baf3adfcd2f9cc65f53ba3ebb812041158564dd59e28dfe767f43ce2d9b
@@ -1,10 +1,11 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "pathname"
5
5
  require "parser/current"
6
6
  require "dependabot/bundler/file_fetcher"
7
7
  require "dependabot/errors"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Bundler
@@ -12,32 +13,38 @@ module Dependabot
12
13
  # Finds the paths of any Gemfiles declared using `eval_gemfile` in the
13
14
  # passed Gemfile.
14
15
  class ChildGemfileFinder
16
+ extend T::Sig
17
+
18
+ sig { params(gemfile: Dependabot::DependencyFile).void }
15
19
  def initialize(gemfile:)
16
20
  @gemfile = gemfile
17
21
  end
18
22
 
23
+ sig { returns(T::Array[String]) }
19
24
  def child_gemfile_paths
20
- ast = Parser::CurrentRuby.parse(gemfile.content)
25
+ ast = Parser::CurrentRuby.parse(gemfile&.content)
21
26
  find_child_gemfile_paths(ast)
22
27
  rescue Parser::SyntaxError
23
- raise Dependabot::DependencyFileNotParseable, gemfile.path
28
+ raise Dependabot::DependencyFileNotParseable, T.must(gemfile&.path)
24
29
  end
25
30
 
26
31
  private
27
32
 
33
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
28
34
  attr_reader :gemfile
29
35
 
36
+ sig { params(node: T.untyped).returns(T::Array[String]) }
30
37
  def find_child_gemfile_paths(node)
31
38
  return [] unless node.is_a?(Parser::AST::Node)
32
39
 
33
40
  if declares_eval_gemfile?(node)
34
41
  path_node = node.children[2]
35
42
  unless path_node.type == :str
36
- path = gemfile.path
43
+ path = gemfile&.path
37
44
  msg = "Dependabot only supports uninterpolated string arguments " \
38
45
  "to eval_gemfile. Got " \
39
46
  "`#{path_node.loc.expression.source}`"
40
- raise Dependabot::DependencyFileNotParseable.new(path, msg)
47
+ raise Dependabot::DependencyFileNotParseable.new(T.must(path), msg)
41
48
  end
42
49
 
43
50
  path = path_node.loc.expression.source.gsub(/['"]/, "")
@@ -50,12 +57,14 @@ module Dependabot
50
57
  end
51
58
  end
52
59
 
60
+ sig { returns(T.nilable(String)) }
53
61
  def current_dir
54
- @current_dir ||= gemfile.name.rpartition("/").first
62
+ @current_dir ||= T.let(gemfile&.name&.rpartition("/")&.first, T.nilable(String))
55
63
  @current_dir = nil if @current_dir == ""
56
64
  @current_dir
57
65
  end
58
66
 
67
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
59
68
  def declares_eval_gemfile?(node)
60
69
  return false unless node.is_a?(Parser::AST::Node)
61
70
 
@@ -1,10 +1,11 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "pathname"
5
5
  require "parser/current"
6
6
  require "dependabot/bundler/file_fetcher"
7
7
  require "dependabot/errors"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Bundler
@@ -12,21 +13,27 @@ module Dependabot
12
13
  # Finds the directories of any gemspecs declared using `gemspec` in the
13
14
  # passed Gemfile.
14
15
  class GemspecFinder
16
+ extend T::Sig
17
+
18
+ sig { params(gemfile: Dependabot::DependencyFile).void }
15
19
  def initialize(gemfile:)
16
20
  @gemfile = gemfile
17
21
  end
18
22
 
23
+ sig { returns(T::Array[String]) }
19
24
  def gemspec_directories
20
- ast = Parser::CurrentRuby.parse(gemfile.content)
25
+ ast = Parser::CurrentRuby.parse(T.must(gemfile).content)
21
26
  find_gemspec_paths(ast)
22
27
  rescue Parser::SyntaxError
23
- raise Dependabot::DependencyFileNotParseable, gemfile.path
28
+ raise Dependabot::DependencyFileNotParseable, T.must(gemfile).path
24
29
  end
25
30
 
26
31
  private
27
32
 
33
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
28
34
  attr_reader :gemfile
29
35
 
36
+ sig { params(node: T.untyped).returns(T::Array[T.untyped]) }
30
37
  def find_gemspec_paths(node)
31
38
  return [] unless node.is_a?(Parser::AST::Node)
32
39
 
@@ -35,7 +42,7 @@ module Dependabot
35
42
  return [clean_path(".")] unless path_node
36
43
 
37
44
  unless path_node.type == :str
38
- path = gemfile.path
45
+ path = T.must(gemfile).path
39
46
  msg = "Dependabot only supports uninterpolated string arguments " \
40
47
  "to gemspec. Got " \
41
48
  "`#{path_node.loc.expression.source}`"
@@ -51,18 +58,21 @@ module Dependabot
51
58
  end
52
59
  end
53
60
 
61
+ sig { returns(T.nilable(String)) }
54
62
  def current_dir
55
- @current_dir ||= gemfile.name.rpartition("/").first
63
+ @current_dir ||= T.let(gemfile&.name&.rpartition("/")&.first, T.nilable(String))
56
64
  @current_dir = nil if @current_dir == ""
57
65
  @current_dir
58
66
  end
59
67
 
68
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
60
69
  def declares_gemspec_dependency?(node)
61
70
  return false unless node.is_a?(Parser::AST::Node)
62
71
 
63
72
  node.children[1] == :gemspec
64
73
  end
65
74
 
75
+ sig { params(path: String).returns(Pathname) }
66
76
  def clean_path(path)
67
77
  if Pathname.new(path).absolute?
68
78
  base_path = Pathname.new(File.expand_path(Dir.pwd))
@@ -72,6 +82,7 @@ module Dependabot
72
82
  Pathname.new(path).cleanpath
73
83
  end
74
84
 
85
+ sig { params(node: Parser::AST::Node).returns(T.nilable(Parser::AST::Node)) }
75
86
  def path_node_for_gem_declaration(node)
76
87
  return unless node.children.last.is_a?(Parser::AST::Node)
77
88
  return unless node.children.last.type == :hash
@@ -87,6 +98,7 @@ module Dependabot
87
98
  path_hash_pair.children.last
88
99
  end
89
100
 
101
+ sig { params(node: Parser::AST::Node).returns(Symbol) }
90
102
  def key_from_hash_pair(node)
91
103
  node.children.first.children.first.to_sym
92
104
  end
@@ -1,10 +1,11 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "pathname"
5
5
  require "parser/current"
6
6
  require "dependabot/bundler/file_fetcher"
7
7
  require "dependabot/errors"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Bundler
@@ -12,10 +13,14 @@ module Dependabot
12
13
  # Finds the paths of any files included using `require_relative` in the
13
14
  # passed file.
14
15
  class RequireRelativeFinder
16
+ extend T::Sig
17
+
18
+ sig { params(file: Dependabot::DependencyFile).void }
15
19
  def initialize(file:)
16
20
  @file = file
17
21
  end
18
22
 
23
+ sig { returns(T::Array[String]) }
19
24
  def require_relative_paths
20
25
  ast = Parser::CurrentRuby.parse(file.content)
21
26
  find_require_relative_paths(ast)
@@ -25,8 +30,10 @@ module Dependabot
25
30
 
26
31
  private
27
32
 
33
+ sig { returns(Dependabot::DependencyFile) }
28
34
  attr_reader :file
29
35
 
36
+ sig { params(node: T.untyped).returns(T::Array[T.untyped]) }
30
37
  def find_require_relative_paths(node)
31
38
  return [] unless node.is_a?(Parser::AST::Node)
32
39
 
@@ -44,12 +51,14 @@ module Dependabot
44
51
  end
45
52
  end
46
53
 
54
+ sig { returns(T.nilable(String)) }
47
55
  def current_dir
48
- @current_dir ||= file.name.rpartition("/").first
56
+ @current_dir ||= T.let(file.name.rpartition("/").first, T.nilable(String))
49
57
  @current_dir = nil if @current_dir == ""
50
58
  @current_dir
51
59
  end
52
60
 
61
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
53
62
  def declares_require_relative?(node)
54
63
  return false unless node.is_a?(Parser::AST::Node)
55
64
 
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/dependency_file"
5
6
  require "dependabot/file_parsers/base"
6
7
  require "dependabot/bundler/file_updater/gemspec_sanitizer"
@@ -9,15 +10,19 @@ module Dependabot
9
10
  module Bundler
10
11
  class FileParser < Dependabot::FileParsers::Base
11
12
  class FilePreparer
13
+ extend T::Sig
14
+
15
+ sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
12
16
  def initialize(dependency_files:)
13
17
  @dependency_files = dependency_files
14
18
  end
15
19
 
20
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
16
21
  def prepared_dependency_files
17
22
  files = gemspecs.compact.map do |file|
18
23
  DependencyFile.new(
19
24
  name: file.name,
20
- content: sanitize_gemspec_content(file.content),
25
+ content: sanitize_gemspec_content(T.must(file.content)),
21
26
  directory: file.directory,
22
27
  support_file: file.support_file?
23
28
  )
@@ -36,13 +41,16 @@ module Dependabot
36
41
 
37
42
  private
38
43
 
44
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
39
45
  attr_reader :dependency_files
40
46
 
47
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
41
48
  def gemfile
42
49
  dependency_files.find { |f| f.name == "Gemfile" } ||
43
50
  dependency_files.find { |f| f.name == "gems.rb" }
44
51
  end
45
52
 
53
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
46
54
  def evaled_gemfiles
47
55
  dependency_files
48
56
  .reject { |f| f.name.end_with?(".gemspec") }
@@ -54,33 +62,40 @@ module Dependabot
54
62
  .reject(&:support_file?)
55
63
  end
56
64
 
65
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
57
66
  def specification_files
58
67
  dependency_files.select { |f| f.name.end_with?(".specification") }
59
68
  end
60
69
 
70
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
61
71
  def lockfile
62
72
  dependency_files.find { |f| f.name == "Gemfile.lock" } ||
63
73
  dependency_files.find { |f| f.name == "gems.locked" }
64
74
  end
65
75
 
76
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
66
77
  def gemspecs
67
78
  dependency_files.select { |f| f.name.end_with?(".gemspec") }
68
79
  end
69
80
 
81
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
70
82
  def ruby_version_file
71
83
  dependency_files.find { |f| f.name == ".ruby-version" }
72
84
  end
73
85
 
86
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
74
87
  def tool_versions_file
75
88
  dependency_files.find { |f| f.name == ".tool-versions" }
76
89
  end
77
90
 
91
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
78
92
  def imported_ruby_files
79
93
  dependency_files
80
94
  .select { |f| f.name.end_with?(".rb") }
81
95
  .reject { |f| f.name == "gems.rb" }
82
96
  end
83
97
 
98
+ sig { params(gemspec_content: String).returns(String) }
84
99
  def sanitize_gemspec_content(gemspec_content)
85
100
  # No need to set the version correctly - this is just an update
86
101
  # check so we're not going to persist any changes to the lockfile.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.261.0
4
+ version: 0.262.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-13 00:00:00.000000000 Z
11
+ date: 2024-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.261.0
19
+ version: 0.262.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.261.0
26
+ version: 0.262.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.262.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: