dependabot-bundler 0.270.0 → 0.272.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_parser/file_preparer.rb +1 -0
  3. data/lib/dependabot/bundler/file_parser.rb +7 -0
  4. data/lib/dependabot/bundler/file_updater.rb +7 -18
  5. data/lib/dependabot/bundler/package_manager.rb +53 -0
  6. data/lib/dependabot/bundler.rb +1 -0
  7. metadata +6 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0cf9bb0d3e0fb13d63e11b9b0bb76ada219eb95bfe3021e20abe885f5997582d
4
- data.tar.gz: cae3edf65fe2b3197906d8c6798128ac3f8eb0aa3071871431f930b440bae1f9
3
+ metadata.gz: 75c8c544efaa87f9da00a193ac437b1978a0c3be6bf6c1d243eadfadbafaea86
4
+ data.tar.gz: d96dd90d64184986f2b2d2b93515cd086654af60e92040894522d61bc6fe29cb
5
5
  SHA512:
6
- metadata.gz: d2d8d56e1c8f9b294dd30906ecafb208cc5f20ff95661f0edb7060a7b0ef47b3719dbc117ac15289571b9d3275a2ee9744ec00150671efd02e889495cad8e790
7
- data.tar.gz: ce4afa1024616cb45c505a144e49648e63d53c8e075c0f9c674f0186a28da89d9bb73fc1e44ac44c607db98a019317e870af5973898e75207b353e44689bb7f8
6
+ metadata.gz: 002d895d792d36afef336906a6fe8de9613e4732212e87f725271ad9dd16fbe6e02c72701a5e2866cedb9f4234f96287cb33264d5823aac2def2dd6569130ad9
7
+ data.tar.gz: d74e3785f13d60e1d905c761883d028f3653a2a7bff5bf7aef1cf63f807703419d17e4ba055291a11af36a81c3875af93130c875948ca1b9a87fc620e2ca1340
data/lib/dependabot/bundler/file_parser/file_preparer.rb CHANGED
@@ -5,6 +5,7 @@ require "sorbet-runtime"
5
5
  require "dependabot/dependency_file"
6
6
  require "dependabot/file_parsers/base"
7
7
  require "dependabot/bundler/file_updater/gemspec_sanitizer"
8
+ require "dependabot/bundler/package_manager"
8
9
 
9
10
  module Dependabot
10
11
  module Bundler
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -16,11 +16,13 @@ require "dependabot/errors"
16
16
  module Dependabot
17
17
  module Bundler
18
18
  class FileParser < Dependabot::FileParsers::Base
19
+ extend T::Sig
19
20
  require "dependabot/file_parsers/base/dependency_set"
20
21
  require "dependabot/bundler/file_parser/file_preparer"
21
22
  require "dependabot/bundler/file_parser/gemfile_declaration_finder"
22
23
  require "dependabot/bundler/file_parser/gemspec_declaration_finder"
23
24
 
25
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
24
26
  def parse
25
27
  dependency_set = DependencySet.new
26
28
  dependency_set += gemfile_dependencies
@@ -30,6 +32,11 @@ module Dependabot
30
32
  dependency_set.dependencies
31
33
  end
32
34
 
35
+ sig { returns(PackageManagerBase) }
36
+ def package_manager
37
+ PackageManager.new(bundler_version)
38
+ end
39
+
33
40
  private
34
41
 
35
42
  def check_external_code(dependencies)
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -14,24 +14,13 @@ module Dependabot
14
14
  require_relative "file_updater/gemspec_updater"
15
15
  require_relative "file_updater/lockfile_updater"
16
16
 
17
- def self.updated_files_regex(allowlist_enabled = false)
18
- if allowlist_enabled
19
- [
20
- # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
21
- %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
22
- # Matches the same files in any subdirectory
23
- %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
24
- ]
25
- else
26
- # Old regex. After 100% rollout of the allowlist, this will be removed.
27
- [
28
- /^Gemfile$/,
29
- /^Gemfile\.lock$/,
30
- /^gems\.rb$/,
31
- /^gems\.locked$/,
32
- /^*\.gemspec$/
33
- ]
34
- end
17
+ def self.updated_files_regex
18
+ [
19
+ # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
20
+ %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
21
+ # Matches the same files in any subdirectory
22
+ %r{^.*/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
23
+ ]
35
24
  end
36
25
 
37
26
  # rubocop:disable Metrics/PerceivedComplexity
data/lib/dependabot/bundler/package_manager.rb ADDED
@@ -0,0 +1,53 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/bundler/version"
6
+ require "dependabot/package_manager"
7
+
8
+ module Dependabot
9
+ module Bundler
10
+ PACKAGE_MANAGER = "bundler"
11
+
12
+ SUPPORTED_BUNDLER_VERSIONS = T.let([
13
+ Version.new("2")
14
+ ].freeze, T::Array[Dependabot::Version])
15
+
16
+ DEPRECATED_BUNDLER_VERSIONS = T.let([
17
+ Version.new("1")
18
+ ].freeze, T::Array[Dependabot::Version])
19
+
20
+ class PackageManager < PackageManagerBase
21
+ extend T::Sig
22
+
23
+ sig { params(version: T.any(String, Dependabot::Version)).void }
24
+ def initialize(version)
25
+ @version = T.let(Version.new(version), Dependabot::Version)
26
+ @name = T.let(PACKAGE_MANAGER, String)
27
+ @deprecated_versions = T.let(DEPRECATED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
28
+ @supported_versions = T.let(SUPPORTED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
29
+ end
30
+
31
+ sig { override.returns(String) }
32
+ attr_reader :name
33
+
34
+ sig { override.returns(Dependabot::Version) }
35
+ attr_reader :version
36
+
37
+ sig { override.returns(T::Array[Dependabot::Version]) }
38
+ attr_reader :deprecated_versions
39
+
40
+ sig { override.returns(T::Array[Dependabot::Version]) }
41
+ attr_reader :supported_versions
42
+
43
+ sig { override.returns(T::Boolean) }
44
+ def deprecated?
45
+ deprecated_versions.include?(version)
46
+ end
47
+ sig { override.returns(T::Boolean) }
48
+ def unsupported?
49
+ !deprecated? && version < supported_versions.first
50
+ end
51
+ end
52
+ end
53
+ end
data/lib/dependabot/bundler.rb CHANGED
@@ -10,6 +10,7 @@ require "dependabot/bundler/file_updater"
10
10
  require "dependabot/bundler/metadata_finder"
11
11
  require "dependabot/bundler/requirement"
12
12
  require "dependabot/bundler/version"
13
+ require "dependabot/bundler/package_manager"
13
14
 
14
15
  require "dependabot/pull_request_creator/labeler"
15
16
  Dependabot::PullRequestCreator::Labeler
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.270.0
4
+ version: 0.272.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-15 00:00:00.000000000 Z
11
+ date: 2024-08-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.270.0
19
+ version: 0.272.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.270.0
26
+ version: 0.272.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -329,6 +329,7 @@ files:
329
329
  - lib/dependabot/bundler/helpers.rb
330
330
  - lib/dependabot/bundler/metadata_finder.rb
331
331
  - lib/dependabot/bundler/native_helpers.rb
332
+ - lib/dependabot/bundler/package_manager.rb
332
333
  - lib/dependabot/bundler/requirement.rb
333
334
  - lib/dependabot/bundler/update_checker.rb
334
335
  - lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb
@@ -345,7 +346,7 @@ licenses:
345
346
  - MIT
346
347
  metadata:
347
348
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
349
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.272.0
349
350
  post_install_message:
350
351
  rdoc_options: []
351
352
  require_paths: