dependabot-bundler 0.294.0 → 0.295.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser/file_preparer.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +47 -4
- data/lib/dependabot/bundler/update_checker/force_updater.rb +12 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 532e630972469774f8e29af1f314691ee4ed0ad880860c01675d54c1f10590d8
|
|
4
|
+
data.tar.gz: 2912cadecb1d9fec7fd793ec2ab7e17bf5e807fe0ab86d3cda574e6acbe569d8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 335795149b582fdc7ed996ad5ed20e3ca5736facc4f557aaddb811198eb319ba8ae30dbbf31ae36bba9e06eb67e509c21a6543f8154a7827dea28f2992cc0474
|
|
7
|
+
data.tar.gz: 25e3ca306fecb0e2f4ca0f1c66682d6b43336bbfec71b73674dca2cfbc7d1ee15f03b7110d74639872496692729cad18a613a5ba00fa0050554e880550e13086
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
class GemspecDependencyNameFinder
|
|
11
11
|
extend T::Sig
|
|
12
12
|
|
|
13
|
-
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String)) }
|
|
13
|
+
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String, Integer, Float)) }
|
|
14
14
|
|
|
15
15
|
sig { returns(String) }
|
|
16
16
|
attr_reader :gemspec_content
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
@@ -8,6 +8,8 @@ module Dependabot
|
|
|
8
8
|
module Bundler
|
|
9
9
|
class FileUpdater
|
|
10
10
|
class GemspecSanitizer
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
11
13
|
UNNECESSARY_ASSIGNMENTS = %i(
|
|
12
14
|
bindir=
|
|
13
15
|
cert_chain=
|
|
@@ -23,12 +25,15 @@ module Dependabot
|
|
|
23
25
|
rdoc_options=
|
|
24
26
|
).freeze
|
|
25
27
|
|
|
28
|
+
sig { returns(String) }
|
|
26
29
|
attr_reader :replacement_version
|
|
27
30
|
|
|
31
|
+
sig { params(replacement_version: T.any(String, Integer, Gem::Version)).void }
|
|
28
32
|
def initialize(replacement_version:)
|
|
29
|
-
@replacement_version = replacement_version
|
|
33
|
+
@replacement_version = T.let(replacement_version.to_s, String)
|
|
30
34
|
end
|
|
31
35
|
|
|
36
|
+
sig { params(content: String).returns(String) }
|
|
32
37
|
def rewrite(content)
|
|
33
38
|
buffer = Parser::Source::Buffer.new("(gemspec_content)")
|
|
34
39
|
buffer.source = content
|
|
@@ -47,10 +52,16 @@ module Dependabot
|
|
|
47
52
|
end
|
|
48
53
|
|
|
49
54
|
class Rewriter < Parser::TreeRewriter
|
|
55
|
+
extend T::Sig
|
|
56
|
+
|
|
57
|
+
ParserNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, Integer, String, Float)) }
|
|
58
|
+
|
|
59
|
+
sig { params(replacement_version: String).void }
|
|
50
60
|
def initialize(replacement_version:)
|
|
51
61
|
@replacement_version = replacement_version
|
|
52
62
|
end
|
|
53
63
|
|
|
64
|
+
sig { params(node: Parser::AST::Node).void }
|
|
54
65
|
def on_send(node)
|
|
55
66
|
# Wrap any `require` or `require_relative` calls in a rescue
|
|
56
67
|
# block, as we might not have the required files
|
|
@@ -82,12 +93,15 @@ module Dependabot
|
|
|
82
93
|
|
|
83
94
|
private
|
|
84
95
|
|
|
96
|
+
sig { returns(String) }
|
|
85
97
|
attr_reader :replacement_version
|
|
86
98
|
|
|
99
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
87
100
|
def requires_file?(node)
|
|
88
101
|
%i(require require_relative).include?(node.children[1])
|
|
89
102
|
end
|
|
90
103
|
|
|
104
|
+
sig { params(node: Parser::AST::Node).void }
|
|
91
105
|
def wrap_require(node)
|
|
92
106
|
replace(
|
|
93
107
|
node.loc.expression,
|
|
@@ -98,6 +112,7 @@ module Dependabot
|
|
|
98
112
|
)
|
|
99
113
|
end
|
|
100
114
|
|
|
115
|
+
sig { params(node: ParserNode).void }
|
|
101
116
|
def replace_version_assignments(node)
|
|
102
117
|
return unless node.is_a?(Parser::AST::Node)
|
|
103
118
|
|
|
@@ -106,6 +121,7 @@ module Dependabot
|
|
|
106
121
|
node.children.each { |child| replace_version_assignments(child) }
|
|
107
122
|
end
|
|
108
123
|
|
|
124
|
+
sig { params(node: ParserNode).void }
|
|
109
125
|
def replace_version_constant_references(node)
|
|
110
126
|
return unless node.is_a?(Parser::AST::Node)
|
|
111
127
|
|
|
@@ -116,6 +132,7 @@ module Dependabot
|
|
|
116
132
|
end
|
|
117
133
|
end
|
|
118
134
|
|
|
135
|
+
sig { params(node: ParserNode).void }
|
|
119
136
|
def replace_file_assignments(node)
|
|
120
137
|
return unless node.is_a?(Parser::AST::Node)
|
|
121
138
|
|
|
@@ -124,6 +141,7 @@ module Dependabot
|
|
|
124
141
|
node.children.each { |child| replace_file_assignments(child) }
|
|
125
142
|
end
|
|
126
143
|
|
|
144
|
+
sig { params(node: ParserNode).void }
|
|
127
145
|
def replace_require_paths_assignments(node)
|
|
128
146
|
return unless node.is_a?(Parser::AST::Node)
|
|
129
147
|
|
|
@@ -134,6 +152,7 @@ module Dependabot
|
|
|
134
152
|
end
|
|
135
153
|
end
|
|
136
154
|
|
|
155
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
137
156
|
def node_assigns_to_version_constant?(node)
|
|
138
157
|
return false unless node.is_a?(Parser::AST::Node)
|
|
139
158
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -146,6 +165,7 @@ module Dependabot
|
|
|
146
165
|
node_interpolates_version_constant?(node.children.last)
|
|
147
166
|
end
|
|
148
167
|
|
|
168
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
149
169
|
def node_assigns_files_to_var?(node)
|
|
150
170
|
return false unless node.is_a?(Parser::AST::Node)
|
|
151
171
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -155,6 +175,7 @@ module Dependabot
|
|
|
155
175
|
node_dynamically_lists_files?(node.children[2])
|
|
156
176
|
end
|
|
157
177
|
|
|
178
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
158
179
|
def node_dynamically_lists_files?(node)
|
|
159
180
|
return false unless node.is_a?(Parser::AST::Node)
|
|
160
181
|
|
|
@@ -163,6 +184,7 @@ module Dependabot
|
|
|
163
184
|
node.type == :block && node.children.first&.type == :send
|
|
164
185
|
end
|
|
165
186
|
|
|
187
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
166
188
|
def node_assigns_require_paths?(node)
|
|
167
189
|
return false unless node.is_a?(Parser::AST::Node)
|
|
168
190
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -171,6 +193,7 @@ module Dependabot
|
|
|
171
193
|
node.children[1] == :require_paths=
|
|
172
194
|
end
|
|
173
195
|
|
|
196
|
+
sig { params(node: ParserNode).void }
|
|
174
197
|
def replace_file_reads(node)
|
|
175
198
|
return unless node.is_a?(Parser::AST::Node)
|
|
176
199
|
return if node.children[1] == :version=
|
|
@@ -180,6 +203,7 @@ module Dependabot
|
|
|
180
203
|
node.children.each { |child| replace_file_reads(child) }
|
|
181
204
|
end
|
|
182
205
|
|
|
206
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
183
207
|
def node_reads_a_file?(node)
|
|
184
208
|
return false unless node.is_a?(Parser::AST::Node)
|
|
185
209
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -189,6 +213,7 @@ module Dependabot
|
|
|
189
213
|
node.children[1] == :read
|
|
190
214
|
end
|
|
191
215
|
|
|
216
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
192
217
|
def node_uses_readlines?(node)
|
|
193
218
|
return false unless node.is_a?(Parser::AST::Node)
|
|
194
219
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -198,6 +223,7 @@ module Dependabot
|
|
|
198
223
|
node.children[1] == :readlines
|
|
199
224
|
end
|
|
200
225
|
|
|
226
|
+
sig { params(node: ParserNode).void }
|
|
201
227
|
def replace_json_parses(node)
|
|
202
228
|
return unless node.is_a?(Parser::AST::Node)
|
|
203
229
|
return if node.children[1] == :version=
|
|
@@ -206,6 +232,7 @@ module Dependabot
|
|
|
206
232
|
node.children.each { |child| replace_json_parses(child) }
|
|
207
233
|
end
|
|
208
234
|
|
|
235
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
209
236
|
def node_parses_json?(node)
|
|
210
237
|
return false unless node.is_a?(Parser::AST::Node)
|
|
211
238
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -215,6 +242,7 @@ module Dependabot
|
|
|
215
242
|
node.children[1] == :parse
|
|
216
243
|
end
|
|
217
244
|
|
|
245
|
+
sig { params(node: ParserNode).void }
|
|
218
246
|
def remove_find_dot_find_args(node)
|
|
219
247
|
return unless node.is_a?(Parser::AST::Node)
|
|
220
248
|
return if node.children[1] == :version=
|
|
@@ -223,6 +251,7 @@ module Dependabot
|
|
|
223
251
|
node.children.each { |child| remove_find_dot_find_args(child) }
|
|
224
252
|
end
|
|
225
253
|
|
|
254
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
226
255
|
def node_calls_find_dot_find?(node)
|
|
227
256
|
return false unless node.is_a?(Parser::AST::Node)
|
|
228
257
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -232,6 +261,7 @@ module Dependabot
|
|
|
232
261
|
node.children[1] == :find
|
|
233
262
|
end
|
|
234
263
|
|
|
264
|
+
sig { params(node: ParserNode).void }
|
|
235
265
|
def remove_unnecessary_assignments(node)
|
|
236
266
|
return unless node.is_a?(Parser::AST::Node)
|
|
237
267
|
|
|
@@ -247,8 +277,9 @@ module Dependabot
|
|
|
247
277
|
end
|
|
248
278
|
end
|
|
249
279
|
|
|
280
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
250
281
|
def node_includes_heredoc?(node)
|
|
251
|
-
find_heredoc_end_range(node)
|
|
282
|
+
!!find_heredoc_end_range(node)
|
|
252
283
|
end
|
|
253
284
|
|
|
254
285
|
# Performs a depth-first search for the first heredoc in the given
|
|
@@ -256,6 +287,7 @@ module Dependabot
|
|
|
256
287
|
#
|
|
257
288
|
# Returns a Parser::Source::Range identifying the location of the end
|
|
258
289
|
# of the heredoc, or nil if no heredoc was found.
|
|
290
|
+
sig { params(node: ParserNode).returns(T.nilable(Parser::Source::Range)) }
|
|
259
291
|
def find_heredoc_end_range(node)
|
|
260
292
|
return unless node.is_a?(Parser::AST::Node)
|
|
261
293
|
|
|
@@ -271,6 +303,7 @@ module Dependabot
|
|
|
271
303
|
nil
|
|
272
304
|
end
|
|
273
305
|
|
|
306
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
274
307
|
def unnecessary_assignment?(node)
|
|
275
308
|
return false unless node.is_a?(Parser::AST::Node)
|
|
276
309
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -278,9 +311,10 @@ module Dependabot
|
|
|
278
311
|
return true if node.children.first.type == :lvar &&
|
|
279
312
|
UNNECESSARY_ASSIGNMENTS.include?(node.children[1])
|
|
280
313
|
|
|
281
|
-
node.children[1] == :[]= && node.children.first.children.last
|
|
314
|
+
!!(node.children[1] == :[]= && node.children.first.children.last)
|
|
282
315
|
end
|
|
283
316
|
|
|
317
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
284
318
|
def node_is_version_constant?(node)
|
|
285
319
|
return false unless node.is_a?(Parser::AST::Node)
|
|
286
320
|
return false unless node.type == :const
|
|
@@ -288,6 +322,7 @@ module Dependabot
|
|
|
288
322
|
node.children.last.to_s.match?(/version/i)
|
|
289
323
|
end
|
|
290
324
|
|
|
325
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
291
326
|
def node_calls_version_constant?(node)
|
|
292
327
|
return false unless node.is_a?(Parser::AST::Node)
|
|
293
328
|
return false unless node.type == :send
|
|
@@ -295,6 +330,7 @@ module Dependabot
|
|
|
295
330
|
node.children.any? { |n| node_is_version_constant?(n) }
|
|
296
331
|
end
|
|
297
332
|
|
|
333
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
298
334
|
def node_interpolates_version_constant?(node)
|
|
299
335
|
return false unless node.is_a?(Parser::AST::Node)
|
|
300
336
|
return false unless node.type == :dstr
|
|
@@ -305,6 +341,7 @@ module Dependabot
|
|
|
305
341
|
.any? { |n| node_is_version_constant?(n) }
|
|
306
342
|
end
|
|
307
343
|
|
|
344
|
+
sig { params(node: Parser::AST::Node).void }
|
|
308
345
|
def replace_constant(node)
|
|
309
346
|
case node.children.last&.type
|
|
310
347
|
when :str, :int then nil # no-op
|
|
@@ -318,18 +355,22 @@ module Dependabot
|
|
|
318
355
|
end
|
|
319
356
|
end
|
|
320
357
|
|
|
358
|
+
sig { params(node: Parser::AST::Node).void }
|
|
321
359
|
def replace_file_assignment(node)
|
|
322
360
|
replace(node.children.last.loc.expression, "[]")
|
|
323
361
|
end
|
|
324
362
|
|
|
363
|
+
sig { params(node: Parser::AST::Node).void }
|
|
325
364
|
def replace_require_paths_assignment(node)
|
|
326
365
|
replace(node.children.last.loc.expression, "['lib']")
|
|
327
366
|
end
|
|
328
367
|
|
|
368
|
+
sig { params(node: Parser::AST::Node).void }
|
|
329
369
|
def replace_file_read(node)
|
|
330
370
|
replace(node.loc.expression, %("#{replacement_version}"))
|
|
331
371
|
end
|
|
332
372
|
|
|
373
|
+
sig { params(node: Parser::AST::Node).void }
|
|
333
374
|
def replace_json_parse(node)
|
|
334
375
|
replace(
|
|
335
376
|
node.loc.expression,
|
|
@@ -337,10 +378,12 @@ module Dependabot
|
|
|
337
378
|
)
|
|
338
379
|
end
|
|
339
380
|
|
|
381
|
+
sig { params(node: Parser::AST::Node).void }
|
|
340
382
|
def replace_file_readlines(node)
|
|
341
383
|
replace(node.loc.expression, %(["#{replacement_version}"]))
|
|
342
384
|
end
|
|
343
385
|
|
|
386
|
+
sig { params(node: Parser::AST::Node).void }
|
|
344
387
|
def remove_find_args(node)
|
|
345
388
|
last_arg = node.children.last
|
|
346
389
|
|
|
@@ -52,6 +52,9 @@ module Dependabot
|
|
|
52
52
|
|
|
53
53
|
def force_update
|
|
54
54
|
requirement = dependency.requirements.find { |req| req[:file] == gemfile.name }
|
|
55
|
+
|
|
56
|
+
valid_gem_version?(target_version)
|
|
57
|
+
|
|
55
58
|
manifest_requirement_not_satisfied = requirement && !Requirement.satisfied_by?(requirement, target_version)
|
|
56
59
|
|
|
57
60
|
if manifest_requirement_not_satisfied && requirements_update_strategy.lockfile_only?
|
|
@@ -80,6 +83,15 @@ module Dependabot
|
|
|
80
83
|
end
|
|
81
84
|
end
|
|
82
85
|
|
|
86
|
+
def valid_gem_version?(target_version)
|
|
87
|
+
# to rule out empty, non gem info ending up in as target_version
|
|
88
|
+
return true if target_version.is_a?(Gem::Version)
|
|
89
|
+
|
|
90
|
+
Dependabot.logger.warn("Bundler force update called with a non-Gem::Version #{target_version}")
|
|
91
|
+
|
|
92
|
+
raise Dependabot::DependencyFileNotResolvable
|
|
93
|
+
end
|
|
94
|
+
|
|
83
95
|
def original_dependencies
|
|
84
96
|
@original_dependencies ||=
|
|
85
97
|
FileParser.new(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.295.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.295.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.295.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
|
|
326
326
|
post_install_message:
|
|
327
327
|
rdoc_options: []
|
|
328
328
|
require_paths:
|