dependabot-bundler 0.324.1 → 0.325.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_parser.rb +115 -55
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 57eb6fdc66cbe528038e510497e0f82f35002e2c4a47e842caecbc79d1c7f4f9
|
|
4
|
+
data.tar.gz: 3332c38e5415493e6d57c0094255fe1e236779b0c1d74192ee102df5e2c42dd0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6b6bd23b82c3d2f473a7937b88c71ff6701ddda5c71ee3eb19fecb9771feb30beece480854a647f1fba4adb580b261d4f08df90ce986dbb481122368083b853b
|
|
7
|
+
data.tar.gz: a313088f61d1d1fea117c6bcfb958765d23ed8df8f27974153125e0770e4ec686c9f3a9a7a5ec2ccd80c836a620b25959dfe86c736e0ee9350b1c13c1173b9b4
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parallel"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
require "dependabot/bundler/language"
|
|
6
7
|
require "dependabot/bundler/package_manager"
|
|
7
8
|
require "dependabot/dependency"
|
|
@@ -17,7 +18,7 @@ require "dependabot/errors"
|
|
|
17
18
|
|
|
18
19
|
module Dependabot
|
|
19
20
|
module Bundler
|
|
20
|
-
class FileParser < Dependabot::FileParsers::Base
|
|
21
|
+
class FileParser < Dependabot::FileParsers::Base # rubocop:disable Metrics/ClassLength
|
|
21
22
|
extend T::Sig
|
|
22
23
|
require "dependabot/file_parsers/base/dependency_set"
|
|
23
24
|
require "dependabot/bundler/file_parser/file_preparer"
|
|
@@ -50,34 +51,47 @@ module Dependabot
|
|
|
50
51
|
|
|
51
52
|
sig { returns(Ecosystem::VersionManager) }
|
|
52
53
|
def package_manager
|
|
53
|
-
@package_manager ||=
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
54
|
+
@package_manager ||= T.let(
|
|
55
|
+
PackageManager.new(
|
|
56
|
+
detected_version: bundler_version,
|
|
57
|
+
raw_version: bundler_raw_version,
|
|
58
|
+
requirement: package_manager_requirement
|
|
59
|
+
),
|
|
60
|
+
T.nilable(Ecosystem::VersionManager)
|
|
57
61
|
)
|
|
58
62
|
end
|
|
59
63
|
|
|
64
|
+
sig { returns(T.nilable(Requirement)) }
|
|
60
65
|
def package_manager_requirement
|
|
61
|
-
@package_manager_requirement ||=
|
|
62
|
-
Helpers
|
|
66
|
+
@package_manager_requirement ||= T.let(
|
|
67
|
+
Helpers.dependency_requirement(
|
|
68
|
+
Helpers::BUNDLER_GEM_NAME, dependency_files
|
|
69
|
+
),
|
|
70
|
+
T.nilable(T.nilable(Requirement))
|
|
63
71
|
)
|
|
64
72
|
end
|
|
65
73
|
|
|
66
74
|
sig { returns(T.nilable(Ecosystem::VersionManager)) }
|
|
67
75
|
def language
|
|
76
|
+
@language = T.let(@language, T.nilable(Ecosystem::VersionManager))
|
|
68
77
|
return @language if defined?(@language)
|
|
69
78
|
|
|
70
|
-
return nil if package_manager.unsupported?
|
|
79
|
+
return @language = nil if package_manager.unsupported?
|
|
71
80
|
|
|
72
|
-
Language.new(ruby_raw_version, language_requirement)
|
|
81
|
+
@language = Language.new(ruby_raw_version, language_requirement)
|
|
73
82
|
end
|
|
74
83
|
|
|
84
|
+
sig { returns(T.nilable(Requirement)) }
|
|
75
85
|
def language_requirement
|
|
76
|
-
@language_requirement ||=
|
|
77
|
-
Helpers
|
|
86
|
+
@language_requirement ||= T.let(
|
|
87
|
+
Helpers.dependency_requirement(
|
|
88
|
+
Helpers::LANGUAGE, dependency_files
|
|
89
|
+
),
|
|
90
|
+
T.nilable(T.nilable(Requirement))
|
|
78
91
|
)
|
|
79
92
|
end
|
|
80
93
|
|
|
94
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency]).void }
|
|
81
95
|
def check_external_code(dependencies)
|
|
82
96
|
return unless @reject_external_code
|
|
83
97
|
return unless git_source?(dependencies)
|
|
@@ -86,18 +100,23 @@ module Dependabot
|
|
|
86
100
|
raise ::Dependabot::UnexpectedExternalCode
|
|
87
101
|
end
|
|
88
102
|
|
|
103
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency]).returns(T::Boolean) }
|
|
89
104
|
def git_source?(dependencies)
|
|
90
105
|
dependencies.any? do |dep|
|
|
91
106
|
dep.requirements.any? { |req| req.fetch(:source)&.fetch(:type) == "git" }
|
|
92
107
|
end
|
|
93
108
|
end
|
|
94
109
|
|
|
110
|
+
sig { returns(DependencySet) }
|
|
95
111
|
def gemfile_dependencies
|
|
112
|
+
@gemfile_dependencies = T.let(@gemfile_dependencies, T.nilable(DependencySet))
|
|
113
|
+
return @gemfile_dependencies if @gemfile_dependencies
|
|
114
|
+
|
|
96
115
|
dependencies = DependencySet.new
|
|
97
116
|
|
|
98
|
-
return dependencies unless gemfile
|
|
117
|
+
return (@gemfile_dependencies = dependencies) unless gemfile
|
|
99
118
|
|
|
100
|
-
[gemfile, *evaled_gemfiles].each do |file|
|
|
119
|
+
[T.must(gemfile), *evaled_gemfiles].each do |file|
|
|
101
120
|
gemfile_declaration_finder = GemfileDeclarationFinder.new(gemfile: file)
|
|
102
121
|
|
|
103
122
|
parsed_gemfile.each do |dep|
|
|
@@ -118,15 +137,17 @@ module Dependabot
|
|
|
118
137
|
end
|
|
119
138
|
end
|
|
120
139
|
|
|
121
|
-
dependencies
|
|
140
|
+
@gemfile_dependencies = dependencies
|
|
122
141
|
end
|
|
123
142
|
|
|
143
|
+
sig { returns(DependencySet) }
|
|
124
144
|
def gemspec_dependencies # rubocop:disable Metrics/PerceivedComplexity
|
|
125
|
-
|
|
145
|
+
@gemspec_dependencies = T.let(@gemspec_dependencies, T.nilable(DependencySet))
|
|
146
|
+
return @gemspec_dependencies if @gemspec_dependencies
|
|
126
147
|
|
|
127
148
|
queue = Queue.new
|
|
128
149
|
|
|
129
|
-
SharedHelpers.in_a_temporary_repo_directory(base_directory, repo_contents_path) do
|
|
150
|
+
SharedHelpers.in_a_temporary_repo_directory(T.must(base_directory), repo_contents_path) do
|
|
130
151
|
write_temporary_dependency_files
|
|
131
152
|
|
|
132
153
|
Parallel.map(gemspecs, in_threads: 4) do |gemspec|
|
|
@@ -156,9 +177,10 @@ module Dependabot
|
|
|
156
177
|
|
|
157
178
|
dependency_set = DependencySet.new
|
|
158
179
|
dependency_set << queue.pop(true) while queue.size.positive?
|
|
159
|
-
@gemspec_dependencies
|
|
180
|
+
@gemspec_dependencies = dependency_set
|
|
160
181
|
end
|
|
161
182
|
|
|
183
|
+
sig { returns(DependencySet) }
|
|
162
184
|
def lockfile_dependencies
|
|
163
185
|
dependencies = DependencySet.new
|
|
164
186
|
|
|
@@ -185,9 +207,10 @@ module Dependabot
|
|
|
185
207
|
dependencies
|
|
186
208
|
end
|
|
187
209
|
|
|
210
|
+
sig { returns(T::Array[T::Hash[String, T.untyped]]) }
|
|
188
211
|
def parsed_gemfile
|
|
189
|
-
@parsed_gemfile ||=
|
|
190
|
-
SharedHelpers.in_a_temporary_repo_directory(base_directory,
|
|
212
|
+
@parsed_gemfile ||= T.let(
|
|
213
|
+
SharedHelpers.in_a_temporary_repo_directory(T.must(base_directory),
|
|
191
214
|
repo_contents_path) do
|
|
192
215
|
write_temporary_dependency_files
|
|
193
216
|
|
|
@@ -196,12 +219,14 @@ module Dependabot
|
|
|
196
219
|
function: "parsed_gemfile",
|
|
197
220
|
options: options,
|
|
198
221
|
args: {
|
|
199
|
-
gemfile_name: gemfile.name,
|
|
222
|
+
gemfile_name: T.must(gemfile).name,
|
|
200
223
|
lockfile_name: lockfile&.name,
|
|
201
224
|
dir: Dir.pwd
|
|
202
225
|
}
|
|
203
226
|
)
|
|
204
|
-
end
|
|
227
|
+
end,
|
|
228
|
+
T.nilable(T::Array[T::Hash[String, T.untyped]])
|
|
229
|
+
)
|
|
205
230
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
206
231
|
handle_eval_error(e) if e.error_class == "JSON::ParserError"
|
|
207
232
|
|
|
@@ -210,11 +235,13 @@ module Dependabot
|
|
|
210
235
|
raise Dependabot::DependencyFileNotEvaluatable, msg
|
|
211
236
|
end
|
|
212
237
|
|
|
238
|
+
sig { params(err: StandardError).void }
|
|
213
239
|
def handle_eval_error(err)
|
|
214
240
|
msg = "Error evaluating your dependency files: #{err.message}"
|
|
215
241
|
raise Dependabot::DependencyFileNotEvaluatable, msg
|
|
216
242
|
end
|
|
217
243
|
|
|
244
|
+
sig { params(file: Dependabot::DependencyFile).returns(T::Array[T::Hash[String, T.untyped]]) }
|
|
218
245
|
def parsed_gemspec(file)
|
|
219
246
|
NativeHelpers.run_bundler_subprocess(
|
|
220
247
|
bundler_version: bundler_version,
|
|
@@ -231,16 +258,21 @@ module Dependabot
|
|
|
231
258
|
raise Dependabot::DependencyFileNotEvaluatable, msg
|
|
232
259
|
end
|
|
233
260
|
|
|
261
|
+
sig { returns(T.nilable(String)) }
|
|
234
262
|
def base_directory
|
|
235
263
|
dependency_files.first&.directory
|
|
236
264
|
end
|
|
237
265
|
|
|
266
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
238
267
|
def prepared_dependency_files
|
|
239
|
-
@prepared_dependency_files ||=
|
|
268
|
+
@prepared_dependency_files ||= T.let(
|
|
240
269
|
FilePreparer.new(dependency_files: dependency_files)
|
|
241
|
-
|
|
270
|
+
.prepared_dependency_files,
|
|
271
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
|
272
|
+
)
|
|
242
273
|
end
|
|
243
274
|
|
|
275
|
+
sig { void }
|
|
244
276
|
def write_temporary_dependency_files
|
|
245
277
|
prepared_dependency_files.each do |file|
|
|
246
278
|
path = file.name
|
|
@@ -248,9 +280,10 @@ module Dependabot
|
|
|
248
280
|
File.write(path, file.content)
|
|
249
281
|
end
|
|
250
282
|
|
|
251
|
-
File.write(lockfile.name, sanitized_lockfile_content) if lockfile
|
|
283
|
+
File.write(T.must(lockfile).name, sanitized_lockfile_content) if lockfile
|
|
252
284
|
end
|
|
253
285
|
|
|
286
|
+
sig { override.void }
|
|
254
287
|
def check_required_files
|
|
255
288
|
file_names = dependency_files.map(&:name)
|
|
256
289
|
|
|
@@ -263,6 +296,7 @@ module Dependabot
|
|
|
263
296
|
raise "A gemspec or Gemfile must be provided!"
|
|
264
297
|
end
|
|
265
298
|
|
|
299
|
+
sig { params(dependency_name: String).returns(T.nilable(T.any(Dependabot::Version, String, Gem::Version))) }
|
|
266
300
|
def dependency_version(dependency_name)
|
|
267
301
|
return unless lockfile
|
|
268
302
|
|
|
@@ -281,11 +315,16 @@ module Dependabot
|
|
|
281
315
|
spec.version
|
|
282
316
|
end
|
|
283
317
|
|
|
318
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
284
319
|
def gemfile
|
|
285
|
-
@gemfile ||=
|
|
286
|
-
|
|
320
|
+
@gemfile ||= T.let(
|
|
321
|
+
get_original_file("Gemfile") ||
|
|
322
|
+
get_original_file("gems.rb"),
|
|
323
|
+
T.nilable(Dependabot::DependencyFile)
|
|
324
|
+
)
|
|
287
325
|
end
|
|
288
326
|
|
|
327
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
289
328
|
def evaled_gemfiles
|
|
290
329
|
dependency_files
|
|
291
330
|
.reject { |f| f.name.end_with?(".gemspec") }
|
|
@@ -297,23 +336,33 @@ module Dependabot
|
|
|
297
336
|
.reject(&:support_file?)
|
|
298
337
|
end
|
|
299
338
|
|
|
339
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
300
340
|
def lockfile
|
|
301
|
-
@lockfile ||=
|
|
302
|
-
|
|
341
|
+
@lockfile ||= T.let(
|
|
342
|
+
get_original_file("Gemfile.lock") ||
|
|
343
|
+
get_original_file("gems.locked"),
|
|
344
|
+
T.nilable(Dependabot::DependencyFile)
|
|
345
|
+
)
|
|
303
346
|
end
|
|
304
347
|
|
|
348
|
+
sig { returns(T.untyped) }
|
|
305
349
|
def parsed_lockfile
|
|
350
|
+
@parsed_lockfile = T.let(@parsed_lockfile, T.untyped)
|
|
306
351
|
@parsed_lockfile ||= CachedLockfileParser.parse(sanitized_lockfile_content)
|
|
307
352
|
end
|
|
308
353
|
|
|
354
|
+
sig { returns(T::Array[String]) }
|
|
309
355
|
def production_dep_names
|
|
310
|
-
@production_dep_names ||=
|
|
356
|
+
@production_dep_names ||= T.let(
|
|
311
357
|
(gemfile_dependencies + gemspec_dependencies).dependencies
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
358
|
+
.select { |dep| production?(dep) }
|
|
359
|
+
.flat_map { |dep| expanded_dependency_names(dep) }
|
|
360
|
+
.uniq,
|
|
361
|
+
T.nilable(T::Array[String])
|
|
362
|
+
)
|
|
315
363
|
end
|
|
316
364
|
|
|
365
|
+
sig { params(dep: T.any(Dependabot::Dependency, Gem::Dependency)).returns(T::Array[String]) }
|
|
317
366
|
def expanded_dependency_names(dep)
|
|
318
367
|
spec = parsed_lockfile.specs.find { |s| s.name == dep.name }
|
|
319
368
|
return [dep.name] unless spec
|
|
@@ -324,6 +373,7 @@ module Dependabot
|
|
|
324
373
|
]
|
|
325
374
|
end
|
|
326
375
|
|
|
376
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
327
377
|
def production?(dependency)
|
|
328
378
|
groups = dependency.requirements
|
|
329
379
|
.flat_map { |r| r.fetch(:groups) }
|
|
@@ -337,15 +387,20 @@ module Dependabot
|
|
|
337
387
|
end
|
|
338
388
|
|
|
339
389
|
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
|
390
|
+
sig { returns(String) }
|
|
340
391
|
def sanitized_lockfile_content
|
|
341
392
|
regex = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
|
|
342
|
-
lockfile.content.gsub(regex, "")
|
|
393
|
+
T.must(T.must(lockfile).content).gsub(regex, "")
|
|
343
394
|
end
|
|
344
395
|
|
|
396
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
345
397
|
def gemspecs
|
|
346
398
|
# Path gemspecs are excluded (they're supporting files)
|
|
347
|
-
@gemspecs ||=
|
|
348
|
-
|
|
399
|
+
@gemspecs ||= T.let(
|
|
400
|
+
prepared_dependency_files
|
|
401
|
+
.select { |file| file.name.end_with?(".gemspec") },
|
|
402
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
|
403
|
+
)
|
|
349
404
|
end
|
|
350
405
|
|
|
351
406
|
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
@@ -357,38 +412,43 @@ module Dependabot
|
|
|
357
412
|
|
|
358
413
|
sig { returns(String) }
|
|
359
414
|
def bundler_raw_version
|
|
360
|
-
|
|
415
|
+
@bundler_raw_version = T.let(@bundler_raw_version, T.nilable(String))
|
|
416
|
+
return @bundler_raw_version if @bundler_raw_version
|
|
361
417
|
|
|
362
418
|
package_manager = PackageManager.new(
|
|
363
419
|
detected_version: bundler_version
|
|
364
420
|
)
|
|
365
421
|
|
|
366
422
|
# If the selected version is unsupported, an unsupported error will be raised,
|
|
367
|
-
# so there
|
|
423
|
+
# so there's no need to attempt retrieving the raw version.
|
|
368
424
|
return bundler_version if package_manager.unsupported?
|
|
369
425
|
|
|
426
|
+
directory = base_directory
|
|
370
427
|
# read raw version directly from the ecosystem environment
|
|
371
|
-
bundler_raw_version =
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
428
|
+
bundler_raw_version = if directory
|
|
429
|
+
SharedHelpers.in_a_temporary_repo_directory(
|
|
430
|
+
directory,
|
|
431
|
+
repo_contents_path
|
|
432
|
+
) do
|
|
433
|
+
write_temporary_dependency_files
|
|
434
|
+
NativeHelpers.run_bundler_subprocess(
|
|
435
|
+
function: "bundler_raw_version",
|
|
436
|
+
args: {},
|
|
437
|
+
bundler_version: bundler_version,
|
|
438
|
+
options: { timeout_per_operation_seconds: 10 }
|
|
439
|
+
)
|
|
440
|
+
end
|
|
441
|
+
end
|
|
442
|
+
@bundler_raw_version = bundler_raw_version || ::Bundler::VERSION
|
|
384
443
|
end
|
|
385
444
|
|
|
386
445
|
sig { returns(String) }
|
|
387
446
|
def ruby_raw_version
|
|
388
|
-
|
|
447
|
+
@ruby_raw_version = T.let(@ruby_raw_version, T.nilable(String))
|
|
448
|
+
return @ruby_raw_version if @ruby_raw_version
|
|
389
449
|
|
|
390
450
|
ruby_raw_version = SharedHelpers.in_a_temporary_repo_directory(
|
|
391
|
-
base_directory,
|
|
451
|
+
T.must(base_directory),
|
|
392
452
|
repo_contents_path
|
|
393
453
|
) do
|
|
394
454
|
write_temporary_dependency_files
|
|
@@ -399,12 +459,12 @@ module Dependabot
|
|
|
399
459
|
options: { timeout_per_operation_seconds: 10 }
|
|
400
460
|
)
|
|
401
461
|
end
|
|
402
|
-
ruby_raw_version || RUBY_VERSION
|
|
462
|
+
@ruby_raw_version = ruby_raw_version || RUBY_VERSION
|
|
403
463
|
end
|
|
404
464
|
|
|
405
465
|
sig { returns(String) }
|
|
406
466
|
def bundler_version
|
|
407
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
467
|
+
@bundler_version ||= T.let(Helpers.bundler_version(lockfile), T.nilable(String))
|
|
408
468
|
end
|
|
409
469
|
end
|
|
410
470
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.325.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.325.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.325.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -197,14 +197,14 @@ dependencies:
|
|
|
197
197
|
requirements:
|
|
198
198
|
- - "~>"
|
|
199
199
|
- !ruby/object:Gem::Version
|
|
200
|
-
version:
|
|
200
|
+
version: 2.2.5
|
|
201
201
|
type: :development
|
|
202
202
|
prerelease: false
|
|
203
203
|
version_requirements: !ruby/object:Gem::Requirement
|
|
204
204
|
requirements:
|
|
205
205
|
- - "~>"
|
|
206
206
|
- !ruby/object:Gem::Version
|
|
207
|
-
version:
|
|
207
|
+
version: 2.2.5
|
|
208
208
|
- !ruby/object:Gem::Dependency
|
|
209
209
|
name: vcr
|
|
210
210
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.325.0
|
|
326
326
|
rdoc_options: []
|
|
327
327
|
require_paths:
|
|
328
328
|
- lib
|