dependabot-bundler 0.292.0 → 0.294.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/v2/monkey_patches/git_source_patch.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +28 -10
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +10 -1
- data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +23 -11
- data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +9 -3
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea55f401ee91f93504d7b0c6ef45f14b1d6b3a729830c5090ce31fe309425add
|
|
4
|
+
data.tar.gz: 89e1acee2cba3451d660f5cfe54ba52b43ebce4aa8e79399a7ff9ece241c4b93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed004691bff5b07c9f3b3e910cc4b2b9d36b067bc012bb1acb76ce2698b0642bdace106c0f91c30891d40faeb61910162b0cc3501c835caec69f06b434f82e23
|
|
7
|
+
data.tar.gz: 8aa29af8206e1ec201e040ab59f8580fcd898f970a54bc60babd21179ba15f1d77415a20f3d147423508f5ed331d2daa6fe01f4512dc9deae7378b7642fd719b
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -7,19 +7,23 @@ module Dependabot
|
|
|
7
7
|
module Bundler
|
|
8
8
|
class FileUpdater
|
|
9
9
|
class GemfileUpdater
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
10
12
|
GEMFILE_FILENAMES = %w(Gemfile gems.rb).freeze
|
|
11
13
|
|
|
12
14
|
require_relative "git_pin_replacer"
|
|
13
15
|
require_relative "git_source_remover"
|
|
14
16
|
require_relative "requirement_replacer"
|
|
15
17
|
|
|
18
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency], gemfile: Dependabot::DependencyFile).void }
|
|
16
19
|
def initialize(dependencies:, gemfile:)
|
|
17
20
|
@dependencies = dependencies
|
|
18
21
|
@gemfile = gemfile
|
|
19
22
|
end
|
|
20
23
|
|
|
24
|
+
sig { returns(String) }
|
|
21
25
|
def updated_gemfile_content
|
|
22
|
-
content = gemfile.content
|
|
26
|
+
content = T.must(gemfile.content)
|
|
23
27
|
|
|
24
28
|
dependencies.each do |dependency|
|
|
25
29
|
content = replace_gemfile_version_requirement(
|
|
@@ -38,21 +42,27 @@ module Dependabot
|
|
|
38
42
|
|
|
39
43
|
private
|
|
40
44
|
|
|
45
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
41
46
|
attr_reader :dependencies
|
|
47
|
+
|
|
48
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
42
49
|
attr_reader :gemfile
|
|
43
50
|
|
|
51
|
+
sig do
|
|
52
|
+
params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
|
|
53
|
+
end
|
|
44
54
|
def replace_gemfile_version_requirement(dependency, file, content)
|
|
45
55
|
return content unless requirement_changed?(file, dependency)
|
|
46
56
|
|
|
47
57
|
updated_requirement =
|
|
48
58
|
dependency.requirements
|
|
49
59
|
.find { |r| r[:file] == file.name }
|
|
50
|
-
|
|
60
|
+
&.fetch(:requirement)
|
|
51
61
|
|
|
52
62
|
previous_requirement =
|
|
53
63
|
dependency.previous_requirements
|
|
54
|
-
|
|
55
|
-
|
|
64
|
+
&.find { |r| r[:file] == file.name }
|
|
65
|
+
&.fetch(:requirement)
|
|
56
66
|
|
|
57
67
|
RequirementReplacer.new(
|
|
58
68
|
dependency: dependency,
|
|
@@ -62,17 +72,19 @@ module Dependabot
|
|
|
62
72
|
).rewrite(content)
|
|
63
73
|
end
|
|
64
74
|
|
|
75
|
+
sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
65
76
|
def requirement_changed?(file, dependency)
|
|
66
77
|
changed_requirements =
|
|
67
|
-
dependency.requirements - dependency.previous_requirements
|
|
78
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
|
68
79
|
|
|
69
80
|
changed_requirements.any? { |f| f[:file] == file.name }
|
|
70
81
|
end
|
|
71
82
|
|
|
83
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
72
84
|
def remove_git_source?(dependency)
|
|
73
85
|
old_gemfile_req =
|
|
74
86
|
dependency.previous_requirements
|
|
75
|
-
|
|
87
|
+
&.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
76
88
|
|
|
77
89
|
return false unless old_gemfile_req&.dig(:source, :type) == "git"
|
|
78
90
|
|
|
@@ -80,9 +92,10 @@ module Dependabot
|
|
|
80
92
|
dependency.requirements
|
|
81
93
|
.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
82
94
|
|
|
83
|
-
new_gemfile_req[:source].nil?
|
|
95
|
+
T.must(new_gemfile_req)[:source].nil?
|
|
84
96
|
end
|
|
85
97
|
|
|
98
|
+
sig { params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile).returns(T::Boolean) }
|
|
86
99
|
def update_git_pin?(dependency, file)
|
|
87
100
|
new_gemfile_req =
|
|
88
101
|
dependency.requirements
|
|
@@ -91,18 +104,23 @@ module Dependabot
|
|
|
91
104
|
|
|
92
105
|
# If the new requirement is a git dependency with a ref then there's
|
|
93
106
|
# no harm in doing an update
|
|
94
|
-
new_gemfile_req.dig(:source, :ref)
|
|
107
|
+
!T.must(new_gemfile_req).dig(:source, :ref).nil?
|
|
95
108
|
end
|
|
96
109
|
|
|
110
|
+
sig { params(dependency: Dependabot::Dependency, content: String).returns(String) }
|
|
97
111
|
def remove_gemfile_git_source(dependency, content)
|
|
98
112
|
GitSourceRemover.new(dependency: dependency).rewrite(content)
|
|
99
113
|
end
|
|
100
114
|
|
|
115
|
+
sig do
|
|
116
|
+
params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
|
|
117
|
+
end
|
|
101
118
|
def update_gemfile_git_pin(dependency, file, content)
|
|
102
119
|
new_pin =
|
|
103
120
|
dependency.requirements
|
|
104
121
|
.find { |f| f[:file] == file.name }
|
|
105
|
-
|
|
122
|
+
&.fetch(:source)
|
|
123
|
+
&.fetch(:ref)
|
|
106
124
|
|
|
107
125
|
GitPinReplacer
|
|
108
126
|
.new(dependency: dependency, new_pin: new_pin)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
@@ -8,13 +8,20 @@ module Dependabot
|
|
|
8
8
|
module Bundler
|
|
9
9
|
class FileUpdater
|
|
10
10
|
class GemspecDependencyNameFinder
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String)) }
|
|
14
|
+
|
|
15
|
+
sig { returns(String) }
|
|
11
16
|
attr_reader :gemspec_content
|
|
12
17
|
|
|
18
|
+
sig { params(gemspec_content: String).void }
|
|
13
19
|
def initialize(gemspec_content:)
|
|
14
20
|
@gemspec_content = gemspec_content
|
|
15
21
|
end
|
|
16
22
|
|
|
17
23
|
# rubocop:disable Security/Eval
|
|
24
|
+
sig { returns(T.nilable(String)) }
|
|
18
25
|
def dependency_name
|
|
19
26
|
ast = Parser::CurrentRuby.parse(gemspec_content)
|
|
20
27
|
dependency_name_node = find_dependency_name_node(ast)
|
|
@@ -30,6 +37,7 @@ module Dependabot
|
|
|
30
37
|
|
|
31
38
|
private
|
|
32
39
|
|
|
40
|
+
sig { params(node: ChildNode).returns(T.nilable(Parser::AST::Node)) }
|
|
33
41
|
def find_dependency_name_node(node)
|
|
34
42
|
return unless node.is_a?(Parser::AST::Node)
|
|
35
43
|
return node if declares_dependency_name?(node)
|
|
@@ -40,6 +48,7 @@ module Dependabot
|
|
|
40
48
|
end
|
|
41
49
|
end
|
|
42
50
|
|
|
51
|
+
sig { params(node: ChildNode).returns(T::Boolean) }
|
|
43
52
|
def declares_dependency_name?(node)
|
|
44
53
|
return false unless node.is_a?(Parser::AST::Node)
|
|
45
54
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -9,13 +9,17 @@ module Dependabot
|
|
|
9
9
|
class GemspecUpdater
|
|
10
10
|
require_relative "requirement_replacer"
|
|
11
11
|
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
14
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency], gemspec: Dependabot::DependencyFile).void }
|
|
12
15
|
def initialize(dependencies:, gemspec:)
|
|
13
|
-
@dependencies = dependencies
|
|
14
|
-
@gemspec = gemspec
|
|
16
|
+
@dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
|
|
17
|
+
@gemspec = T.let(gemspec, Dependabot::DependencyFile)
|
|
15
18
|
end
|
|
16
19
|
|
|
20
|
+
sig { returns(String) }
|
|
17
21
|
def updated_gemspec_content
|
|
18
|
-
content = gemspec.content
|
|
22
|
+
content = T.let(T.must(gemspec.content), String)
|
|
19
23
|
|
|
20
24
|
dependencies.each do |dependency|
|
|
21
25
|
content = replace_gemspec_version_requirement(
|
|
@@ -28,21 +32,28 @@ module Dependabot
|
|
|
28
32
|
|
|
29
33
|
private
|
|
30
34
|
|
|
35
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
31
36
|
attr_reader :dependencies
|
|
37
|
+
|
|
38
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
32
39
|
attr_reader :gemspec
|
|
33
40
|
|
|
41
|
+
sig do
|
|
42
|
+
params(gemspec: Dependabot::DependencyFile, dependency: Dependabot::Dependency,
|
|
43
|
+
content: String).returns(String)
|
|
44
|
+
end
|
|
34
45
|
def replace_gemspec_version_requirement(gemspec, dependency, content)
|
|
35
46
|
return content unless requirement_changed?(gemspec, dependency)
|
|
36
47
|
|
|
37
48
|
updated_requirement =
|
|
38
|
-
dependency.requirements
|
|
39
|
-
.find { |r| r[:file] == gemspec.name }
|
|
40
|
-
|
|
49
|
+
T.must(dependency.requirements
|
|
50
|
+
.find { |r| r[:file] == gemspec.name })
|
|
51
|
+
.fetch(:requirement)
|
|
41
52
|
|
|
42
53
|
previous_requirement =
|
|
43
|
-
dependency.previous_requirements
|
|
44
|
-
.find { |r| r[:file] == gemspec.name }
|
|
45
|
-
|
|
54
|
+
T.must(T.must(dependency.previous_requirements)
|
|
55
|
+
.find { |r| r[:file] == gemspec.name })
|
|
56
|
+
.fetch(:requirement)
|
|
46
57
|
|
|
47
58
|
RequirementReplacer.new(
|
|
48
59
|
dependency: dependency,
|
|
@@ -52,9 +63,10 @@ module Dependabot
|
|
|
52
63
|
).rewrite(content)
|
|
53
64
|
end
|
|
54
65
|
|
|
66
|
+
sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
55
67
|
def requirement_changed?(file, dependency)
|
|
56
68
|
changed_requirements =
|
|
57
|
-
dependency.requirements - dependency.previous_requirements
|
|
69
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
|
58
70
|
|
|
59
71
|
changed_requirements.any? { |f| f[:file] == file.name }
|
|
60
72
|
end
|
|
@@ -9,12 +9,12 @@ module Dependabot
|
|
|
9
9
|
module Bundler
|
|
10
10
|
class FileUpdater
|
|
11
11
|
class RubyRequirementSetter
|
|
12
|
-
class RubyVersionNotFound < StandardError; end
|
|
13
|
-
|
|
14
12
|
RUBY_VERSIONS = %w(
|
|
15
13
|
1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
|
|
16
14
|
).freeze
|
|
17
15
|
|
|
16
|
+
LANGUAGE = "ruby"
|
|
17
|
+
|
|
18
18
|
attr_reader :gemspec
|
|
19
19
|
|
|
20
20
|
def initialize(gemspec:)
|
|
@@ -62,7 +62,13 @@ module Dependabot
|
|
|
62
62
|
.map { |v| Gem::Version.new(v) }.sort
|
|
63
63
|
.find { |v| requirement.satisfied_by?(v) }
|
|
64
64
|
|
|
65
|
-
|
|
65
|
+
unless ruby_version
|
|
66
|
+
raise ToolVersionNotSupported.new(
|
|
67
|
+
LANGUAGE,
|
|
68
|
+
requirement.to_s,
|
|
69
|
+
RUBY_VERSIONS.join(", ")
|
|
70
|
+
)
|
|
71
|
+
end
|
|
66
72
|
|
|
67
73
|
ruby_version
|
|
68
74
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.294.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.294.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.294.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.294.0
|
|
326
326
|
post_install_message:
|
|
327
327
|
rdoc_options: []
|
|
328
328
|
require_paths:
|