dependabot-bundler 0.271.0 → 0.273.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_parser/file_preparer.rb +1 -0
  3. data/lib/dependabot/bundler/file_parser.rb +7 -0
  4. data/lib/dependabot/bundler/file_updater.rb +7 -18
  5. data/lib/dependabot/bundler/package_manager.rb +53 -0
  6. data/lib/dependabot/bundler.rb +1 -0
  7. metadata +6 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c1f910e14e5b0e3f6d85ca51756747ac0598ff4edd45eeee2bdd87ba4a5b3e4f
4
- data.tar.gz: 7e3f3ad5a35a6e9bd1b3c215fa0b8ba24f29efa3924eac444ff1aabd49876b19
3
+ metadata.gz: a5554d7f181a363c73cb74d605a85a8062b3a9d8ebdaa44fa751c233e36313fa
4
+ data.tar.gz: '087d2cf82ce414863a7e23252cf879a059c81a206a521f804a6e95ca2fee1d22'
5
5
  SHA512:
6
- metadata.gz: 8ec691e2bc736caab0108898d34ce5530a7d56e3d9fcf9d270d5cdabbdc03db21e32a3a3a846c0d470712e3aeb10061575143b87d6f18bf9582d89d9be87b4ce
7
- data.tar.gz: 9af2d68ebcebef4bb9273c51ca95a5e4d56ce920ad8debe905f1717e55114a6e672562d2eae7263628e89b5edc1ad0b5d5d02546587ce142c1d8ce556eaa8b43
6
+ metadata.gz: e037f93c304cb062d2e79a165b7f3b724c032369c0f31ad5aa2d4d28274aafc431207f46914ad5a7eafeddb929e0c67e4f864b1f34ad6d49aa8b97aac63b3341
7
+ data.tar.gz: 2c9dc3a918092189741123b6fe90662d9547eb48f0ad36428d86f153869372e82d6d87c18c88de70f7380de48b458393c80a4eb12ba6260d6cbaaefc27ab652c
data/lib/dependabot/bundler/file_parser/file_preparer.rb CHANGED
@@ -5,6 +5,7 @@ require "sorbet-runtime"
5
5
  require "dependabot/dependency_file"
6
6
  require "dependabot/file_parsers/base"
7
7
  require "dependabot/bundler/file_updater/gemspec_sanitizer"
8
+ require "dependabot/bundler/package_manager"
8
9
 
9
10
  module Dependabot
10
11
  module Bundler
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -16,11 +16,13 @@ require "dependabot/errors"
16
16
  module Dependabot
17
17
  module Bundler
18
18
  class FileParser < Dependabot::FileParsers::Base
19
+ extend T::Sig
19
20
  require "dependabot/file_parsers/base/dependency_set"
20
21
  require "dependabot/bundler/file_parser/file_preparer"
21
22
  require "dependabot/bundler/file_parser/gemfile_declaration_finder"
22
23
  require "dependabot/bundler/file_parser/gemspec_declaration_finder"
23
24
 
25
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
24
26
  def parse
25
27
  dependency_set = DependencySet.new
26
28
  dependency_set += gemfile_dependencies
@@ -30,6 +32,11 @@ module Dependabot
30
32
  dependency_set.dependencies
31
33
  end
32
34
 
35
+ sig { returns(PackageManagerBase) }
36
+ def package_manager
37
+ PackageManager.new(bundler_version)
38
+ end
39
+
33
40
  private
34
41
 
35
42
  def check_external_code(dependencies)
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -14,24 +14,13 @@ module Dependabot
14
14
  require_relative "file_updater/gemspec_updater"
15
15
  require_relative "file_updater/lockfile_updater"
16
16
 
17
- def self.updated_files_regex(allowlist_enabled = false)
18
- if allowlist_enabled
19
- [
20
- # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
21
- %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
22
- # Matches the same files in any subdirectory
23
- %r{^.*\/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
24
- ]
25
- else
26
- # Old regex. After 100% rollout of the allowlist, this will be removed.
27
- [
28
- /^Gemfile$/,
29
- /^Gemfile\.lock$/,
30
- /^gems\.rb$/,
31
- /^gems\.locked$/,
32
- /^*\.gemspec$/
33
- ]
34
- end
17
+ def self.updated_files_regex
18
+ [
19
+ # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
20
+ %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
21
+ # Matches the same files in any subdirectory
22
+ %r{^.*/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
23
+ ]
35
24
  end
36
25
 
37
26
  # rubocop:disable Metrics/PerceivedComplexity
data/lib/dependabot/bundler/package_manager.rb ADDED
@@ -0,0 +1,53 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/bundler/version"
6
+ require "dependabot/package_manager"
7
+
8
+ module Dependabot
9
+ module Bundler
10
+ PACKAGE_MANAGER = "bundler"
11
+
12
+ SUPPORTED_BUNDLER_VERSIONS = T.let([
13
+ Version.new("2")
14
+ ].freeze, T::Array[Dependabot::Version])
15
+
16
+ DEPRECATED_BUNDLER_VERSIONS = T.let([
17
+ Version.new("1")
18
+ ].freeze, T::Array[Dependabot::Version])
19
+
20
+ class PackageManager < PackageManagerBase
21
+ extend T::Sig
22
+
23
+ sig { params(version: T.any(String, Dependabot::Version)).void }
24
+ def initialize(version)
25
+ @version = T.let(Version.new(version), Dependabot::Version)
26
+ @name = T.let(PACKAGE_MANAGER, String)
27
+ @deprecated_versions = T.let(DEPRECATED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
28
+ @supported_versions = T.let(SUPPORTED_BUNDLER_VERSIONS, T::Array[Dependabot::Version])
29
+ end
30
+
31
+ sig { override.returns(String) }
32
+ attr_reader :name
33
+
34
+ sig { override.returns(Dependabot::Version) }
35
+ attr_reader :version
36
+
37
+ sig { override.returns(T::Array[Dependabot::Version]) }
38
+ attr_reader :deprecated_versions
39
+
40
+ sig { override.returns(T::Array[Dependabot::Version]) }
41
+ attr_reader :supported_versions
42
+
43
+ sig { override.returns(T::Boolean) }
44
+ def deprecated?
45
+ deprecated_versions.include?(version)
46
+ end
47
+ sig { override.returns(T::Boolean) }
48
+ def unsupported?
49
+ !deprecated? && version < supported_versions.first
50
+ end
51
+ end
52
+ end
53
+ end
data/lib/dependabot/bundler.rb CHANGED
@@ -10,6 +10,7 @@ require "dependabot/bundler/file_updater"
10
10
  require "dependabot/bundler/metadata_finder"
11
11
  require "dependabot/bundler/requirement"
12
12
  require "dependabot/bundler/version"
13
+ require "dependabot/bundler/package_manager"
13
14
 
14
15
  require "dependabot/pull_request_creator/labeler"
15
16
  Dependabot::PullRequestCreator::Labeler
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.271.0
4
+ version: 0.273.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-15 00:00:00.000000000 Z
11
+ date: 2024-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.271.0
19
+ version: 0.273.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.271.0
26
+ version: 0.273.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -329,6 +329,7 @@ files:
329
329
  - lib/dependabot/bundler/helpers.rb
330
330
  - lib/dependabot/bundler/metadata_finder.rb
331
331
  - lib/dependabot/bundler/native_helpers.rb
332
+ - lib/dependabot/bundler/package_manager.rb
332
333
  - lib/dependabot/bundler/requirement.rb
333
334
  - lib/dependabot/bundler/update_checker.rb
334
335
  - lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb
@@ -345,7 +346,7 @@ licenses:
345
346
  - MIT
346
347
  metadata:
347
348
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0
349
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
349
350
  post_install_message:
350
351
  rdoc_options: []
351
352
  require_paths: