dependabot-bundler 0.294.0 → 0.296.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser/file_preparer.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +47 -4
- data/lib/dependabot/bundler/update_checker/force_updater.rb +12 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f81229f56a0ef5c8b7c2d61f120e69e5c4b6402549e8fd7479e7b87bd009a66c
|
|
4
|
+
data.tar.gz: 230ebc7b7952bd7e82036ee2637c667b9218f126a8a69218bcd686e365fa0136
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7bbf770c8aa7b5c247db7cd6aaecf07a66548bc22b332d403735be3241344d0b6f3ef0b99d5213c61d1c2749bdba0900b4f1edc1a3ab2780048d15e3bb511988
|
|
7
|
+
data.tar.gz: b908e0c861e83a9c5f788a07f75740ce60ec99c335492792ce207fb1f450b50e7a5b3c30dea889156c18b0976ecd1fd68d1f0ec96f2219a6749cf562930cf965
|
|
@@ -10,7 +10,7 @@ module Dependabot
|
|
|
10
10
|
class GemspecDependencyNameFinder
|
|
11
11
|
extend T::Sig
|
|
12
12
|
|
|
13
|
-
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String)) }
|
|
13
|
+
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String, Integer, Float)) }
|
|
14
14
|
|
|
15
15
|
sig { returns(String) }
|
|
16
16
|
attr_reader :gemspec_content
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
@@ -8,6 +8,8 @@ module Dependabot
|
|
|
8
8
|
module Bundler
|
|
9
9
|
class FileUpdater
|
|
10
10
|
class GemspecSanitizer
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
11
13
|
UNNECESSARY_ASSIGNMENTS = %i(
|
|
12
14
|
bindir=
|
|
13
15
|
cert_chain=
|
|
@@ -23,12 +25,15 @@ module Dependabot
|
|
|
23
25
|
rdoc_options=
|
|
24
26
|
).freeze
|
|
25
27
|
|
|
28
|
+
sig { returns(String) }
|
|
26
29
|
attr_reader :replacement_version
|
|
27
30
|
|
|
31
|
+
sig { params(replacement_version: T.any(String, Integer, Gem::Version)).void }
|
|
28
32
|
def initialize(replacement_version:)
|
|
29
|
-
@replacement_version = replacement_version
|
|
33
|
+
@replacement_version = T.let(replacement_version.to_s, String)
|
|
30
34
|
end
|
|
31
35
|
|
|
36
|
+
sig { params(content: String).returns(String) }
|
|
32
37
|
def rewrite(content)
|
|
33
38
|
buffer = Parser::Source::Buffer.new("(gemspec_content)")
|
|
34
39
|
buffer.source = content
|
|
@@ -47,10 +52,16 @@ module Dependabot
|
|
|
47
52
|
end
|
|
48
53
|
|
|
49
54
|
class Rewriter < Parser::TreeRewriter
|
|
55
|
+
extend T::Sig
|
|
56
|
+
|
|
57
|
+
ParserNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, Integer, String, Float)) }
|
|
58
|
+
|
|
59
|
+
sig { params(replacement_version: String).void }
|
|
50
60
|
def initialize(replacement_version:)
|
|
51
61
|
@replacement_version = replacement_version
|
|
52
62
|
end
|
|
53
63
|
|
|
64
|
+
sig { params(node: Parser::AST::Node).void }
|
|
54
65
|
def on_send(node)
|
|
55
66
|
# Wrap any `require` or `require_relative` calls in a rescue
|
|
56
67
|
# block, as we might not have the required files
|
|
@@ -82,12 +93,15 @@ module Dependabot
|
|
|
82
93
|
|
|
83
94
|
private
|
|
84
95
|
|
|
96
|
+
sig { returns(String) }
|
|
85
97
|
attr_reader :replacement_version
|
|
86
98
|
|
|
99
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
87
100
|
def requires_file?(node)
|
|
88
101
|
%i(require require_relative).include?(node.children[1])
|
|
89
102
|
end
|
|
90
103
|
|
|
104
|
+
sig { params(node: Parser::AST::Node).void }
|
|
91
105
|
def wrap_require(node)
|
|
92
106
|
replace(
|
|
93
107
|
node.loc.expression,
|
|
@@ -98,6 +112,7 @@ module Dependabot
|
|
|
98
112
|
)
|
|
99
113
|
end
|
|
100
114
|
|
|
115
|
+
sig { params(node: ParserNode).void }
|
|
101
116
|
def replace_version_assignments(node)
|
|
102
117
|
return unless node.is_a?(Parser::AST::Node)
|
|
103
118
|
|
|
@@ -106,6 +121,7 @@ module Dependabot
|
|
|
106
121
|
node.children.each { |child| replace_version_assignments(child) }
|
|
107
122
|
end
|
|
108
123
|
|
|
124
|
+
sig { params(node: ParserNode).void }
|
|
109
125
|
def replace_version_constant_references(node)
|
|
110
126
|
return unless node.is_a?(Parser::AST::Node)
|
|
111
127
|
|
|
@@ -116,6 +132,7 @@ module Dependabot
|
|
|
116
132
|
end
|
|
117
133
|
end
|
|
118
134
|
|
|
135
|
+
sig { params(node: ParserNode).void }
|
|
119
136
|
def replace_file_assignments(node)
|
|
120
137
|
return unless node.is_a?(Parser::AST::Node)
|
|
121
138
|
|
|
@@ -124,6 +141,7 @@ module Dependabot
|
|
|
124
141
|
node.children.each { |child| replace_file_assignments(child) }
|
|
125
142
|
end
|
|
126
143
|
|
|
144
|
+
sig { params(node: ParserNode).void }
|
|
127
145
|
def replace_require_paths_assignments(node)
|
|
128
146
|
return unless node.is_a?(Parser::AST::Node)
|
|
129
147
|
|
|
@@ -134,6 +152,7 @@ module Dependabot
|
|
|
134
152
|
end
|
|
135
153
|
end
|
|
136
154
|
|
|
155
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
137
156
|
def node_assigns_to_version_constant?(node)
|
|
138
157
|
return false unless node.is_a?(Parser::AST::Node)
|
|
139
158
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -146,6 +165,7 @@ module Dependabot
|
|
|
146
165
|
node_interpolates_version_constant?(node.children.last)
|
|
147
166
|
end
|
|
148
167
|
|
|
168
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
149
169
|
def node_assigns_files_to_var?(node)
|
|
150
170
|
return false unless node.is_a?(Parser::AST::Node)
|
|
151
171
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -155,6 +175,7 @@ module Dependabot
|
|
|
155
175
|
node_dynamically_lists_files?(node.children[2])
|
|
156
176
|
end
|
|
157
177
|
|
|
178
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
158
179
|
def node_dynamically_lists_files?(node)
|
|
159
180
|
return false unless node.is_a?(Parser::AST::Node)
|
|
160
181
|
|
|
@@ -163,6 +184,7 @@ module Dependabot
|
|
|
163
184
|
node.type == :block && node.children.first&.type == :send
|
|
164
185
|
end
|
|
165
186
|
|
|
187
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
166
188
|
def node_assigns_require_paths?(node)
|
|
167
189
|
return false unless node.is_a?(Parser::AST::Node)
|
|
168
190
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -171,6 +193,7 @@ module Dependabot
|
|
|
171
193
|
node.children[1] == :require_paths=
|
|
172
194
|
end
|
|
173
195
|
|
|
196
|
+
sig { params(node: ParserNode).void }
|
|
174
197
|
def replace_file_reads(node)
|
|
175
198
|
return unless node.is_a?(Parser::AST::Node)
|
|
176
199
|
return if node.children[1] == :version=
|
|
@@ -180,6 +203,7 @@ module Dependabot
|
|
|
180
203
|
node.children.each { |child| replace_file_reads(child) }
|
|
181
204
|
end
|
|
182
205
|
|
|
206
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
183
207
|
def node_reads_a_file?(node)
|
|
184
208
|
return false unless node.is_a?(Parser::AST::Node)
|
|
185
209
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -189,6 +213,7 @@ module Dependabot
|
|
|
189
213
|
node.children[1] == :read
|
|
190
214
|
end
|
|
191
215
|
|
|
216
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
192
217
|
def node_uses_readlines?(node)
|
|
193
218
|
return false unless node.is_a?(Parser::AST::Node)
|
|
194
219
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -198,6 +223,7 @@ module Dependabot
|
|
|
198
223
|
node.children[1] == :readlines
|
|
199
224
|
end
|
|
200
225
|
|
|
226
|
+
sig { params(node: ParserNode).void }
|
|
201
227
|
def replace_json_parses(node)
|
|
202
228
|
return unless node.is_a?(Parser::AST::Node)
|
|
203
229
|
return if node.children[1] == :version=
|
|
@@ -206,6 +232,7 @@ module Dependabot
|
|
|
206
232
|
node.children.each { |child| replace_json_parses(child) }
|
|
207
233
|
end
|
|
208
234
|
|
|
235
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
209
236
|
def node_parses_json?(node)
|
|
210
237
|
return false unless node.is_a?(Parser::AST::Node)
|
|
211
238
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -215,6 +242,7 @@ module Dependabot
|
|
|
215
242
|
node.children[1] == :parse
|
|
216
243
|
end
|
|
217
244
|
|
|
245
|
+
sig { params(node: ParserNode).void }
|
|
218
246
|
def remove_find_dot_find_args(node)
|
|
219
247
|
return unless node.is_a?(Parser::AST::Node)
|
|
220
248
|
return if node.children[1] == :version=
|
|
@@ -223,6 +251,7 @@ module Dependabot
|
|
|
223
251
|
node.children.each { |child| remove_find_dot_find_args(child) }
|
|
224
252
|
end
|
|
225
253
|
|
|
254
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
226
255
|
def node_calls_find_dot_find?(node)
|
|
227
256
|
return false unless node.is_a?(Parser::AST::Node)
|
|
228
257
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -232,6 +261,7 @@ module Dependabot
|
|
|
232
261
|
node.children[1] == :find
|
|
233
262
|
end
|
|
234
263
|
|
|
264
|
+
sig { params(node: ParserNode).void }
|
|
235
265
|
def remove_unnecessary_assignments(node)
|
|
236
266
|
return unless node.is_a?(Parser::AST::Node)
|
|
237
267
|
|
|
@@ -247,8 +277,9 @@ module Dependabot
|
|
|
247
277
|
end
|
|
248
278
|
end
|
|
249
279
|
|
|
280
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
250
281
|
def node_includes_heredoc?(node)
|
|
251
|
-
find_heredoc_end_range(node)
|
|
282
|
+
!!find_heredoc_end_range(node)
|
|
252
283
|
end
|
|
253
284
|
|
|
254
285
|
# Performs a depth-first search for the first heredoc in the given
|
|
@@ -256,6 +287,7 @@ module Dependabot
|
|
|
256
287
|
#
|
|
257
288
|
# Returns a Parser::Source::Range identifying the location of the end
|
|
258
289
|
# of the heredoc, or nil if no heredoc was found.
|
|
290
|
+
sig { params(node: ParserNode).returns(T.nilable(Parser::Source::Range)) }
|
|
259
291
|
def find_heredoc_end_range(node)
|
|
260
292
|
return unless node.is_a?(Parser::AST::Node)
|
|
261
293
|
|
|
@@ -271,6 +303,7 @@ module Dependabot
|
|
|
271
303
|
nil
|
|
272
304
|
end
|
|
273
305
|
|
|
306
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
274
307
|
def unnecessary_assignment?(node)
|
|
275
308
|
return false unless node.is_a?(Parser::AST::Node)
|
|
276
309
|
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
@@ -278,9 +311,10 @@ module Dependabot
|
|
|
278
311
|
return true if node.children.first.type == :lvar &&
|
|
279
312
|
UNNECESSARY_ASSIGNMENTS.include?(node.children[1])
|
|
280
313
|
|
|
281
|
-
node.children[1] == :[]= && node.children.first.children.last
|
|
314
|
+
!!(node.children[1] == :[]= && node.children.first.children.last)
|
|
282
315
|
end
|
|
283
316
|
|
|
317
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
284
318
|
def node_is_version_constant?(node)
|
|
285
319
|
return false unless node.is_a?(Parser::AST::Node)
|
|
286
320
|
return false unless node.type == :const
|
|
@@ -288,6 +322,7 @@ module Dependabot
|
|
|
288
322
|
node.children.last.to_s.match?(/version/i)
|
|
289
323
|
end
|
|
290
324
|
|
|
325
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
291
326
|
def node_calls_version_constant?(node)
|
|
292
327
|
return false unless node.is_a?(Parser::AST::Node)
|
|
293
328
|
return false unless node.type == :send
|
|
@@ -295,6 +330,7 @@ module Dependabot
|
|
|
295
330
|
node.children.any? { |n| node_is_version_constant?(n) }
|
|
296
331
|
end
|
|
297
332
|
|
|
333
|
+
sig { params(node: ParserNode).returns(T::Boolean) }
|
|
298
334
|
def node_interpolates_version_constant?(node)
|
|
299
335
|
return false unless node.is_a?(Parser::AST::Node)
|
|
300
336
|
return false unless node.type == :dstr
|
|
@@ -305,6 +341,7 @@ module Dependabot
|
|
|
305
341
|
.any? { |n| node_is_version_constant?(n) }
|
|
306
342
|
end
|
|
307
343
|
|
|
344
|
+
sig { params(node: Parser::AST::Node).void }
|
|
308
345
|
def replace_constant(node)
|
|
309
346
|
case node.children.last&.type
|
|
310
347
|
when :str, :int then nil # no-op
|
|
@@ -318,18 +355,22 @@ module Dependabot
|
|
|
318
355
|
end
|
|
319
356
|
end
|
|
320
357
|
|
|
358
|
+
sig { params(node: Parser::AST::Node).void }
|
|
321
359
|
def replace_file_assignment(node)
|
|
322
360
|
replace(node.children.last.loc.expression, "[]")
|
|
323
361
|
end
|
|
324
362
|
|
|
363
|
+
sig { params(node: Parser::AST::Node).void }
|
|
325
364
|
def replace_require_paths_assignment(node)
|
|
326
365
|
replace(node.children.last.loc.expression, "['lib']")
|
|
327
366
|
end
|
|
328
367
|
|
|
368
|
+
sig { params(node: Parser::AST::Node).void }
|
|
329
369
|
def replace_file_read(node)
|
|
330
370
|
replace(node.loc.expression, %("#{replacement_version}"))
|
|
331
371
|
end
|
|
332
372
|
|
|
373
|
+
sig { params(node: Parser::AST::Node).void }
|
|
333
374
|
def replace_json_parse(node)
|
|
334
375
|
replace(
|
|
335
376
|
node.loc.expression,
|
|
@@ -337,10 +378,12 @@ module Dependabot
|
|
|
337
378
|
)
|
|
338
379
|
end
|
|
339
380
|
|
|
381
|
+
sig { params(node: Parser::AST::Node).void }
|
|
340
382
|
def replace_file_readlines(node)
|
|
341
383
|
replace(node.loc.expression, %(["#{replacement_version}"]))
|
|
342
384
|
end
|
|
343
385
|
|
|
386
|
+
sig { params(node: Parser::AST::Node).void }
|
|
344
387
|
def remove_find_args(node)
|
|
345
388
|
last_arg = node.children.last
|
|
346
389
|
|
|
@@ -52,6 +52,9 @@ module Dependabot
|
|
|
52
52
|
|
|
53
53
|
def force_update
|
|
54
54
|
requirement = dependency.requirements.find { |req| req[:file] == gemfile.name }
|
|
55
|
+
|
|
56
|
+
valid_gem_version?(target_version)
|
|
57
|
+
|
|
55
58
|
manifest_requirement_not_satisfied = requirement && !Requirement.satisfied_by?(requirement, target_version)
|
|
56
59
|
|
|
57
60
|
if manifest_requirement_not_satisfied && requirements_update_strategy.lockfile_only?
|
|
@@ -80,6 +83,15 @@ module Dependabot
|
|
|
80
83
|
end
|
|
81
84
|
end
|
|
82
85
|
|
|
86
|
+
def valid_gem_version?(target_version)
|
|
87
|
+
# to rule out empty, non gem info ending up in as target_version
|
|
88
|
+
return true if target_version.is_a?(Gem::Version)
|
|
89
|
+
|
|
90
|
+
Dependabot.logger.warn("Bundler force update called with a non-Gem::Version #{target_version}")
|
|
91
|
+
|
|
92
|
+
raise Dependabot::DependencyFileNotResolvable
|
|
93
|
+
end
|
|
94
|
+
|
|
83
95
|
def original_dependencies
|
|
84
96
|
@original_dependencies ||=
|
|
85
97
|
FileParser.new(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.296.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.296.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.296.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.0
|
|
326
326
|
post_install_message:
|
|
327
327
|
rdoc_options: []
|
|
328
328
|
require_paths:
|