dependabot-bundler 0.279.0 → 0.281.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/helpers.rb +1 -13
  3. data/lib/dependabot/bundler/package_manager.rb +6 -6
  4. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +1 -2
  5. metadata +7 -32
  6. data/helpers/v1/.gitignore +0 -8
  7. data/helpers/v1/Gemfile +0 -7
  8. data/helpers/v1/build +0 -29
  9. data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +0 -89
  10. data/helpers/v1/lib/functions/dependency_source.rb +0 -90
  11. data/helpers/v1/lib/functions/file_parser.rb +0 -119
  12. data/helpers/v1/lib/functions/force_updater.rb +0 -173
  13. data/helpers/v1/lib/functions/lockfile_updater.rb +0 -218
  14. data/helpers/v1/lib/functions/version_resolver.rb +0 -141
  15. data/helpers/v1/lib/functions.rb +0 -172
  16. data/helpers/v1/monkey_patches/definition_bundler_version_patch.rb +0 -16
  17. data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +0 -22
  18. data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +0 -20
  19. data/helpers/v1/monkey_patches/git_source_patch.rb +0 -62
  20. data/helpers/v1/monkey_patches/object_untaint_patch.rb +0 -17
  21. data/helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb +0 -18
  22. data/helpers/v1/patched_bundler +0 -34
  23. data/helpers/v1/run.rb +0 -38
  24. data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +0 -118
  25. data/helpers/v1/spec/functions/dependency_source_spec.rb +0 -188
  26. data/helpers/v1/spec/functions/file_parser_spec.rb +0 -75
  27. data/helpers/v1/spec/functions/force_updater_spec.rb +0 -59
  28. data/helpers/v1/spec/functions/version_resolver_spec.rb +0 -105
  29. data/helpers/v1/spec/native_spec_helper.rb +0 -56
  30. data/helpers/v1/spec/shared_contexts.rb +0 -60
@@ -1,218 +0,0 @@
1
- # typed: true
2
- # frozen_string_literal: true
3
-
4
- require "fileutils"
5
-
6
- module Functions
7
- class LockfileUpdater
8
- RETRYABLE_ERRORS = [Bundler::HTTPError].freeze
9
- GEM_NOT_FOUND_ERROR_REGEX =
10
- /
11
- locked\sto\s(?<name>[^\s]+)\s\(|
12
- not\sfind\s(?<name>[^\s]+)-\d|
13
- has\s(?<name>[^\s]+)\slocked\sat
14
- /x
15
-
16
- def initialize(gemfile_name:, lockfile_name:, dependencies:)
17
- @gemfile_name = gemfile_name
18
- @lockfile_name = lockfile_name
19
- @dependencies = dependencies
20
- end
21
-
22
- def run
23
- generate_lockfile
24
- end
25
-
26
- private
27
-
28
- attr_reader :gemfile_name
29
- attr_reader :lockfile_name
30
- attr_reader :dependencies
31
-
32
- def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
33
- dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
34
-
35
- begin
36
- definition = build_definition(dependencies_to_unlock)
37
-
38
- old_reqs = lock_deps_being_updated_to_exact_versions(definition)
39
-
40
- definition.resolve_remotely!
41
-
42
- old_reqs.each do |dep_name, old_req|
43
- d_dep = definition.dependencies.find { |d| d.name == dep_name }
44
- if old_req == :none then definition.dependencies.delete(d_dep)
45
- else
46
- d_dep.instance_variable_set(:@requirement, old_req)
47
- end
48
- end
49
-
50
- cache_vendored_gems(definition) if Bundler.app_cache.exist?
51
-
52
- definition.to_lock
53
- rescue Bundler::GemNotFound => e
54
- unlock_yanked_gem(dependencies_to_unlock, e) && retry
55
- rescue Bundler::VersionConflict => e
56
- unlock_blocking_subdeps(dependencies_to_unlock, e) && retry
57
- rescue *RETRYABLE_ERRORS
58
- raise if @retrying
59
-
60
- @retrying = true
61
- sleep(rand(1.0..5.0))
62
- retry
63
- end
64
- end
65
-
66
- def cache_vendored_gems(definition)
67
- # Dependencies that have been unlocked for the update (including
68
- # sub-dependencies)
69
- unlocked_gems = definition.instance_variable_get(:@unlock)
70
- .fetch(:gems)
71
- bundler_opts = {
72
- cache_all: true,
73
- cache_all_platforms: true,
74
- no_prune: true
75
- }
76
-
77
- Bundler.settings.temporary(**bundler_opts) do
78
- # Fetch and cache gems on all platforms without pruning
79
- Bundler::Runtime.new(nil, definition).cache
80
-
81
- # Only prune unlocked gems (the original implementation is in
82
- # Bundler::Runtime)
83
- cache_path = Bundler.app_cache
84
- resolve = definition.resolve
85
- prune_gem_cache(resolve, cache_path, unlocked_gems)
86
- prune_git_and_path_cache(resolve, cache_path)
87
- end
88
- end
89
-
90
- # Copied from Bundler::Runtime: Modified to only prune gems that have
91
- # been unlocked
92
- def prune_gem_cache(resolve, cache_path, unlocked_gems)
93
- cached_gems = Dir["#{cache_path}/*.gem"]
94
-
95
- outdated_gems = cached_gems.reject do |path|
96
- spec = Bundler.rubygems.spec_from_gem path
97
-
98
- !unlocked_gems.include?(spec.name) || resolve.any? do |s|
99
- s.name == spec.name && s.version == spec.version &&
100
- !s.source.is_a?(Bundler::Source::Git)
101
- end
102
- end
103
-
104
- return unless outdated_gems.any?
105
-
106
- outdated_gems.each do |path|
107
- File.delete(path)
108
- end
109
- end
110
-
111
- # Copied from Bundler::Runtime
112
- def prune_git_and_path_cache(resolve, cache_path)
113
- cached_git_and_path = Dir["#{cache_path}/*/.bundlecache"]
114
-
115
- outdated_git_and_path = cached_git_and_path.reject do |path|
116
- name = File.basename(File.dirname(path))
117
-
118
- resolve.any? do |s|
119
- s.source.respond_to?(:app_cache_dirname) &&
120
- s.source.app_cache_dirname == name
121
- end
122
- end
123
-
124
- return unless outdated_git_and_path.any?
125
-
126
- outdated_git_and_path.each do |path|
127
- path = File.dirname(path)
128
- FileUtils.rm_rf(path)
129
- end
130
- end
131
-
132
- def unlock_yanked_gem(dependencies_to_unlock, error)
133
- raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
134
-
135
- gem_name = error.message.match(GEM_NOT_FOUND_ERROR_REGEX)
136
- .named_captures["name"]
137
- raise if dependencies_to_unlock.include?(gem_name)
138
-
139
- dependencies_to_unlock << gem_name
140
- end
141
-
142
- def unlock_blocking_subdeps(dependencies_to_unlock, error)
143
- all_deps = Bundler::LockfileParser.new(lockfile)
144
- .specs.map { |x| x.name.to_s }
145
- top_level = build_definition([]).dependencies
146
- .map { |x| x.name.to_s }
147
- allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
148
-
149
- raise if allowed_new_unlocks.none?
150
-
151
- # Unlock any sub-dependencies that Bundler reports caused the
152
- # conflict
153
- potentials_deps =
154
- error.cause.conflicts.values
155
- .flat_map(&:requirement_trees)
156
- .filter_map do |tree|
157
- tree.find { |req| allowed_new_unlocks.include?(req.name) }
158
- end.map(&:name)
159
-
160
- # If there are specific dependencies we can unlock, unlock them
161
- return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
162
-
163
- # Fall back to unlocking *all* sub-dependencies. This is required
164
- # because Bundler's VersionConflict objects don't include enough
165
- # information to chart the full path through all conflicts unwound
166
- dependencies_to_unlock.append(*allowed_new_unlocks)
167
- end
168
-
169
- def build_definition(dependencies_to_unlock)
170
- defn = Bundler::Definition.build(
171
- gemfile_name,
172
- lockfile_name,
173
- gems: dependencies_to_unlock
174
- )
175
-
176
- # Bundler unlocks the sub-dependencies of gems it is passed even
177
- # if those sub-deps are top-level dependencies. We only want true
178
- # subdeps unlocked, like they were in the UpdateChecker, so we
179
- # mutate the unlocked gems array.
180
- unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
181
- must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
182
- dependencies_to_unlock
183
- unlocked.reject! { |n| must_not_unlock.include?(n) }
184
-
185
- defn
186
- end
187
-
188
- def lock_deps_being_updated_to_exact_versions(definition)
189
- dependencies.each_with_object({}) do |dep, old_reqs|
190
- defn_dep = definition.dependencies.find do |d|
191
- d.name == dep.fetch("name")
192
- end
193
-
194
- if defn_dep.nil?
195
- definition.dependencies <<
196
- Bundler::Dependency.new(dep.fetch("name"), dep.fetch("version"))
197
- old_reqs[dep.fetch("name")] = :none
198
- elsif git_dependency?(dep) &&
199
- defn_dep.source.is_a?(Bundler::Source::Git)
200
- defn_dep.source.unlock!
201
- elsif Gem::Version.correct?(dep.fetch("version"))
202
- new_req = Gem::Requirement.create("= #{dep.fetch('version')}")
203
- old_reqs[dep.fetch("name")] = defn_dep.requirement
204
- defn_dep.instance_variable_set(:@requirement, new_req)
205
- end
206
- end
207
- end
208
-
209
- def git_dependency?(dep)
210
- sources = dep.fetch("requirements").map { |r| r.fetch("source") }
211
- sources.all? { |s| s&.fetch("type", nil) == "git" }
212
- end
213
-
214
- def lockfile
215
- @lockfile ||= File.read(lockfile_name)
216
- end
217
- end
218
- end
@@ -1,141 +0,0 @@
1
- # typed: true
2
- # frozen_string_literal: true
3
-
4
- module Functions
5
- class VersionResolver
6
- GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
7
-
8
- attr_reader :dependency_name
9
- attr_reader :dependency_requirements
10
- attr_reader :gemfile_name
11
- attr_reader :lockfile_name
12
-
13
- def initialize(dependency_name:, dependency_requirements:,
14
- gemfile_name:, lockfile_name:)
15
- @dependency_name = dependency_name
16
- @dependency_requirements = dependency_requirements
17
- @gemfile_name = gemfile_name
18
- @lockfile_name = lockfile_name
19
- end
20
-
21
- def version_details
22
- dep = dependency_from_definition
23
-
24
- # If the dependency wasn't found in the definition, but *is*
25
- # included in a gemspec, it's because the Gemfile didn't import
26
- # the gemspec. This is unusual, but the correct behaviour if/when
27
- # it happens is to behave as if the repo was gemspec-only.
28
- return "latest" if dep.nil? && dependency_requirements.any?
29
-
30
- # Otherwise, if the dependency wasn't found it's because it is a
31
- # subdependency that was removed when attempting to update it.
32
- return nil if dep.nil?
33
-
34
- # If the dependency is Bundler itself then we can't trust the
35
- # version that has been returned (it's the version Dependabot is
36
- # running on, rather than the true latest resolvable version).
37
- return nil if dep.name == "bundler"
38
-
39
- details = {
40
- version: dep.version,
41
- ruby_version: ruby_version,
42
- fetcher: fetcher_class(dep)
43
- }
44
- details[:commit_sha] = dep.source.revision if dep.source.instance_of?(::Bundler::Source::Git)
45
- details
46
- end
47
-
48
- private
49
-
50
- # rubocop:disable Metrics/PerceivedComplexity
51
- def dependency_from_definition(unlock_subdependencies: true)
52
- dependencies_to_unlock = [dependency_name]
53
- dependencies_to_unlock += subdependencies if unlock_subdependencies
54
- begin
55
- definition = build_definition(dependencies_to_unlock)
56
- definition.resolve_remotely!
57
- rescue ::Bundler::GemNotFound => e
58
- unlock_yanked_gem(dependencies_to_unlock, e) && retry
59
- rescue ::Bundler::HTTPError => e
60
- # Retry network errors
61
- # Note: in_a_native_bundler_context will also retry `Bundler::HTTPError` errors
62
- # up to three times meaning we'll end up retrying this error up to six times
63
- # TODO: Could we get rid of this retry logic and only rely on
64
- # SharedBundlerHelpers.in_a_native_bundler_context
65
- attempt ||= 1
66
- attempt += 1
67
- raise if attempt > 3 || !e.message.include?("Network error")
68
-
69
- retry
70
- end
71
-
72
- dep = definition.resolve.find { |d| d.name == dependency_name }
73
- return dep if dep
74
- return if dependency_requirements.any? || !unlock_subdependencies
75
-
76
- # If no definition was found and we're updating a sub-dependency,
77
- # try again but without unlocking any other sub-dependencies
78
- dependency_from_definition(unlock_subdependencies: false)
79
- end
80
- # rubocop:enable Metrics/PerceivedComplexity
81
-
82
- def subdependencies
83
- # If there's no lockfile we don't need to worry about
84
- # subdependencies
85
- return [] unless lockfile
86
-
87
- all_deps = ::Bundler::LockfileParser.new(lockfile)
88
- .specs.map { |x| x.name.to_s }.uniq
89
- top_level = build_definition([]).dependencies
90
- .map { |x| x.name.to_s }
91
-
92
- all_deps - top_level
93
- end
94
-
95
- def build_definition(dependencies_to_unlock)
96
- # NOTE: we lock shared dependencies to avoid any top-level
97
- # dependencies getting unlocked (which would happen if they were
98
- # also subdependencies of the dependency being unlocked)
99
- ::Bundler::Definition.build(
100
- gemfile_name,
101
- lockfile_name,
102
- gems: dependencies_to_unlock,
103
- lock_shared_dependencies: true
104
- )
105
- end
106
-
107
- def unlock_yanked_gem(dependencies_to_unlock, error)
108
- raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
109
-
110
- gem_name = error.message.match(GEM_NOT_FOUND_ERROR_REGEX)
111
- .named_captures["name"]
112
- raise if dependencies_to_unlock.include?(gem_name)
113
-
114
- dependencies_to_unlock << gem_name
115
- end
116
-
117
- def lockfile
118
- return @lockfile if defined?(@lockfile)
119
-
120
- @lockfile =
121
- begin
122
- return unless lockfile_name
123
- return unless File.exist?(lockfile_name)
124
-
125
- File.read(lockfile_name)
126
- end
127
- end
128
-
129
- def fetcher_class(dep)
130
- return unless dep.source.is_a?(::Bundler::Source::Rubygems)
131
-
132
- dep.source.fetchers.first.fetchers.first.class.to_s
133
- end
134
-
135
- def ruby_version
136
- return nil unless gemfile_name
137
-
138
- @ruby_version ||= build_definition([]).ruby_version&.gem_version
139
- end
140
- end
141
- end
@@ -1,172 +0,0 @@
1
- # typed: true
2
- # frozen_string_literal: true
3
-
4
- require "functions/file_parser"
5
- require "functions/force_updater"
6
- require "functions/lockfile_updater"
7
- require "functions/dependency_source"
8
- require "functions/version_resolver"
9
- require "functions/conflicting_dependency_resolver"
10
-
11
- module Functions
12
- def self.parsed_gemfile(**args)
13
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: [])
14
- FileParser.new(lockfile_name: args.fetch(:lockfile_name))
15
- .parsed_gemfile(gemfile_name: args.fetch(:gemfile_name))
16
- end
17
-
18
- def self.parsed_gemspec(**args)
19
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: [])
20
- FileParser.new(lockfile_name: args.fetch(:lockfile_name))
21
- .parsed_gemspec(gemspec_name: args.fetch(:gemspec_name))
22
- end
23
-
24
- def self.vendor_cache_dir(**args)
25
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: [])
26
- Bundler.settings.app_cache_path
27
- end
28
-
29
- def self.update_lockfile(**args)
30
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
31
- LockfileUpdater.new(
32
- gemfile_name: args.fetch(:gemfile_name),
33
- lockfile_name: args.fetch(:lockfile_name),
34
- dependencies: args.fetch(:dependencies)
35
- ).run
36
- end
37
-
38
- def self.force_update(**args)
39
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
40
- ForceUpdater.new(
41
- dependency_name: args.fetch(:dependency_name),
42
- target_version: args.fetch(:target_version),
43
- gemfile_name: args.fetch(:gemfile_name),
44
- lockfile_name: args.fetch(:lockfile_name),
45
- update_multiple_dependencies: args.fetch(:update_multiple_dependencies)
46
- ).run
47
- end
48
-
49
- def self.dependency_source_type(**args)
50
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
51
-
52
- DependencySource.new(
53
- gemfile_name: args.fetch(:gemfile_name),
54
- dependency_name: args.fetch(:dependency_name)
55
- ).type
56
- end
57
-
58
- def self.dependency_source_latest_git_version(**args)
59
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
60
- DependencySource.new(
61
- gemfile_name: args.fetch(:gemfile_name),
62
- dependency_name: args.fetch(:dependency_name)
63
- ).latest_git_version(
64
- dependency_source_url: args.fetch(:dependency_source_url),
65
- dependency_source_branch: args.fetch(:dependency_source_branch)
66
- )
67
- end
68
-
69
- def self.private_registry_versions(**args)
70
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
71
-
72
- DependencySource.new(
73
- gemfile_name: args.fetch(:gemfile_name),
74
- dependency_name: args.fetch(:dependency_name)
75
- ).private_registry_versions
76
- end
77
-
78
- def self.resolve_version(**args)
79
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
80
- VersionResolver.new(
81
- dependency_name: args.fetch(:dependency_name),
82
- dependency_requirements: args.fetch(:dependency_requirements),
83
- gemfile_name: args.fetch(:gemfile_name),
84
- lockfile_name: args.fetch(:lockfile_name)
85
- ).version_details
86
- end
87
-
88
- def self.jfrog_source(**args)
89
- # Set flags and credentials
90
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
91
-
92
- Bundler::Definition.build(args.fetch(:gemfile_name), nil, {})
93
- .send(:sources)
94
- .rubygems_remotes
95
- .find { |uri| uri.host.include?("jfrog") }
96
- &.host
97
- end
98
-
99
- def self.git_specs(**args)
100
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
101
-
102
- git_specs = Bundler::Definition.build(args.fetch(:gemfile_name), nil, {}).dependencies
103
- .select do |spec|
104
- spec.source.is_a?(Bundler::Source::Git)
105
- end
106
- git_specs.map do |spec|
107
- # Piggy-back off some private Bundler methods to configure the
108
- # URI with auth details in the same way Bundler does.
109
- git_proxy = spec.source.send(:git_proxy)
110
- auth_uri = spec.source.uri.gsub("git://", "https://")
111
- auth_uri = git_proxy.send(:configured_uri_for, auth_uri)
112
- auth_uri += ".git" unless auth_uri.end_with?(".git")
113
- auth_uri += "/info/refs?service=git-upload-pack"
114
- {
115
- uri: spec.source.uri,
116
- auth_uri: auth_uri
117
- }
118
- end
119
- end
120
-
121
- def self.conflicting_dependencies(**args)
122
- set_bundler_flags_and_credentials(dir: args.fetch(:dir), credentials: args.fetch(:credentials))
123
- ConflictingDependencyResolver.new(
124
- dependency_name: args.fetch(:dependency_name),
125
- target_version: args.fetch(:target_version),
126
- lockfile_name: args.fetch(:lockfile_name)
127
- ).conflicting_dependencies
128
- end
129
-
130
- def self.set_bundler_flags_and_credentials(dir:, credentials:)
131
- dir = Pathname.new(dir) if dir
132
- Bundler.instance_variable_set(:@root, dir)
133
-
134
- # Remove installed gems from the default Rubygems index
135
- Gem::Specification.all =
136
- Gem::Specification.send(:default_stubs, "*.gemspec")
137
-
138
- # Set auth details
139
- relevant_credentials(credentials).each do |cred|
140
- token = cred["token"] ||
141
- "#{cred['username']}:#{cred['password']}"
142
-
143
- Bundler.settings.set_command_option(
144
- cred.fetch("host"),
145
- token.gsub("@", "%40F").gsub("?", "%3F")
146
- )
147
- end
148
-
149
- # Use HTTPS for GitHub if lockfile
150
- Bundler.settings.set_command_option("github.https", "true")
151
-
152
- # Native helpers rely on dependency unlocking, so Bundler should never be frozen
153
- Bundler.settings.set_command_option("frozen", "false")
154
- end
155
-
156
- def self.relevant_credentials(credentials)
157
- [
158
- *git_source_credentials(credentials),
159
- *private_registry_credentials(credentials)
160
- ].select { |cred| cred["password"] || cred["token"] }
161
- end
162
-
163
- def self.private_registry_credentials(credentials)
164
- credentials
165
- .select { |cred| cred["type"] == "rubygems_server" }
166
- end
167
-
168
- def self.git_source_credentials(credentials)
169
- credentials
170
- .select { |cred| cred["type"] == "git_source" }
171
- end
172
- end
@@ -1,16 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- require "bundler/definition"
5
-
6
- # Ignore the Bundler version specified in the Gemfile (since the only Bundler
7
- # version available to us is the one we're using).
8
- module BundlerDefinitionBundlerVersionPatch
9
- def expanded_dependencies
10
- @expanded_dependencies ||=
11
- expand_dependencies(dependencies + metadata_dependencies, @remote)
12
- .reject { |d| d.name == "bundler" }
13
- end
14
- end
15
-
16
- Bundler::Definition.prepend(BundlerDefinitionBundlerVersionPatch)
@@ -1,22 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- require "bundler/definition"
5
-
6
- module BundlerDefinitionRubyVersionPatch
7
- def index
8
- @index ||= super.tap do
9
- if ruby_version
10
- requested_version = ruby_version.to_gem_version_with_patchlevel
11
- sources.metadata_source.specs <<
12
- Gem::Specification.new("ruby\0", requested_version)
13
- end
14
-
15
- %w(2.5.3p105 2.6.10p210 2.7.6p219 3.0.7p220 3.1.5p252 3.2.4p170).each do |version|
16
- sources.metadata_source.specs << Gem::Specification.new("ruby\0", version)
17
- end
18
- end
19
- end
20
- end
21
-
22
- Bundler::Definition.prepend(BundlerDefinitionRubyVersionPatch)
@@ -1,20 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- require "bundler/vendor/fileutils/lib/fileutils"
5
-
6
- # Port
7
- # https://github.com/ruby/fileutils/commit/a5eca84a4240e29bb7886c3ef7085d464a972dd0
8
- # to fix keyword argument errors on Ruby 3.1
9
-
10
- module BundlerFileUtilsKeywordSplatPatch
11
- def entries
12
- opts = {}
13
- opts[:encoding] = ::Encoding::UTF_8 if fu_windows?
14
- Dir.entries(path, **opts)
15
- .reject { |n| n == "." || n == ".." }
16
- .map { |n| self.class.new(prefix, join(rel, n.untaint)) }
17
- end
18
- end
19
-
20
- Bundler::FileUtils::Entry_.prepend(BundlerFileUtilsKeywordSplatPatch)
@@ -1,62 +0,0 @@
1
- # typed: true
2
- # frozen_string_literal: true
3
-
4
- require "bundler/source"
5
-
6
- module Bundler
7
- class Source
8
- class Git
9
- class GitProxy
10
- private
11
-
12
- # Bundler allows ssh authentication when talking to GitHub but there's
13
- # no way for Dependabot to do so (it doesn't have any ssh keys).
14
- # Instead, we convert all `git@github.com:` URLs to use HTTPS.
15
- def configured_uri_for(uri)
16
- uri = uri.gsub(%r{git@(.*?):/?}, 'https://\1/')
17
- if uri.match?(/https?:/)
18
- remote = ::URI.parse(uri)
19
- config_auth =
20
- Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
21
- remote.userinfo ||= config_auth
22
- remote.to_s
23
- else
24
- uri
25
- end
26
- end
27
- end
28
- end
29
- end
30
- end
31
-
32
- module Bundler
33
- class Source
34
- class Git < Path
35
- private
36
-
37
- def serialize_gemspecs_in(destination)
38
- original_load_paths = $LOAD_PATH.dup
39
- reduced_load_paths = original_load_paths
40
- .reject { |p| p.include?("/gems/") }
41
-
42
- $LOAD_PATH.shift until $LOAD_PATH.empty?
43
- reduced_load_paths.each { |p| $LOAD_PATH << p }
44
-
45
- destination = destination.expand_path(Bundler.root) if destination.relative?
46
- Dir["#{destination}/#{@glob}"].each do |spec_path|
47
- # Evaluate gemspecs and cache the result. Gemspecs
48
- # in git might require git or other dependencies.
49
- # The gemspecs we cache should already be evaluated.
50
- spec = Bundler.load_gemspec(spec_path)
51
- next unless spec
52
-
53
- Bundler.rubygems.set_installed_by_version(spec)
54
- Bundler.rubygems.validate(spec)
55
- File.binwrite(spec_path, spec.to_ruby)
56
- end
57
- $LOAD_PATH.shift until $LOAD_PATH.empty?
58
- original_load_paths.each { |p| $LOAD_PATH << p }
59
- end
60
- end
61
- end
62
- end
@@ -1,17 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- # Bundler v1 uses the `untaint` method on objects in `Bundler::SharedHelpers`.
5
- # This method has been deprecated for a long time, and is actually a no-op in
6
- # ruby versions 2.7+. In Ruby 3.3 it was finally removed, and it's now causing
7
- # bundler v1 to error.
8
- #
9
- # In order to keep the old behavior, we're monkey patching `Object` to add a
10
- # no-op implementation of untaint.
11
- module ObjectUntaintPatch
12
- def untaint
13
- self
14
- end
15
- end
16
-
17
- Object.prepend(ObjectUntaintPatch)
@@ -1,18 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- require "bundler/resolver/spec_group"
5
-
6
- # Port
7
- # https://github.com/rubygems/bundler/commit/30a690edbdf5ee64ea54afc7d0c91d910ff2b80e
8
- # to fix flaky failures on Bundler 1
9
-
10
- module BundlerResolverSpecGroupSaneEql
11
- def eql?(other)
12
- return false unless other.is_a?(self.class)
13
-
14
- super
15
- end
16
- end
17
-
18
- Bundler::Resolver::SpecGroup.prepend(BundlerResolverSpecGroupSaneEql)