dependabot-bundler 0.332.0 → 0.334.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher.rb +23 -3
- data/lib/dependabot/bundler/file_parser.rb +1 -0
- data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +27 -6
- data/lib/dependabot/bundler/file_updater/git_source_remover.rb +14 -2
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +85 -26
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +74 -10
- data/lib/dependabot/bundler/file_updater.rb +48 -19
- data/lib/dependabot/bundler/metadata_finder.rb +51 -23
- data/lib/dependabot/bundler/requirement.rb +3 -2
- data/lib/dependabot/bundler/update_checker/file_preparer.rb +69 -19
- data/lib/dependabot/bundler/update_checker/force_updater.rb +1 -1
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +47 -11
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +77 -29
- data/lib/dependabot/bundler/update_checker.rb +73 -20
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 37ba3de8a1d1b67ae172bb66d32d9b3fb93780d98441e41fced9bea77d40027a
|
|
4
|
+
data.tar.gz: 48b422ee5ebcb1e925f0cb0b84fab0aa164fd85efb94ab54e5b9152d6304c82e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a702a441d11d257536810283d217a25149aaaab772c6eab11fd7caf958660af245b8b5836c2b92062b1384ac6ca0fadd7f5801c954b5b24e4eec971d41a5d1a
|
|
7
|
+
data.tar.gz: e2929aa03f76bb71700970e4b2cfea6f90f374a00e4f2ddcbf61ccdd2f1a7fd6fff84c0173f531a294b77552775316dba3965671036f91d78412068d8c194072
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
require "sorbet-runtime"
|
|
5
5
|
require "dependabot/file_fetchers"
|
|
6
6
|
require "dependabot/file_fetchers/base"
|
|
7
|
+
require "dependabot/file_filtering"
|
|
7
8
|
require "dependabot/bundler/file_updater/lockfile_updater"
|
|
8
9
|
require "dependabot/bundler/cached_lockfile_parser"
|
|
9
10
|
require "dependabot/errors"
|
|
@@ -52,7 +53,13 @@ module Dependabot
|
|
|
52
53
|
fetched_files += path_gemspecs
|
|
53
54
|
fetched_files += find_included_files(fetched_files)
|
|
54
55
|
|
|
55
|
-
|
|
56
|
+
# Filter excluded files from final collection
|
|
57
|
+
unique_files = uniq_files(fetched_files)
|
|
58
|
+
filtered_files = unique_files.reject do |file|
|
|
59
|
+
Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
filtered_files
|
|
56
63
|
end
|
|
57
64
|
|
|
58
65
|
private
|
|
@@ -174,8 +181,12 @@ module Dependabot
|
|
|
174
181
|
end
|
|
175
182
|
|
|
176
183
|
@find_included_files ||= T.let(
|
|
177
|
-
paths.
|
|
178
|
-
|
|
184
|
+
paths.filter_map do |path|
|
|
185
|
+
# Skip excluded included files
|
|
186
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(path, "included file", @exclude_paths)
|
|
187
|
+
|
|
188
|
+
fetch_file_from_host(path)
|
|
189
|
+
end.tap { |req_files| req_files.each { |f| f.support_file = true } }, # rubocop:disable Style/MultilineBlockChain
|
|
179
190
|
T.nilable(T::Array[DependencyFile])
|
|
180
191
|
)
|
|
181
192
|
end
|
|
@@ -238,6 +249,15 @@ module Dependabot
|
|
|
238
249
|
next if previously_fetched_files.map(&:name).include?(path)
|
|
239
250
|
next if file.name == path
|
|
240
251
|
|
|
252
|
+
# Skip excluded child Gemfiles
|
|
253
|
+
if Dependabot::Experiments.enabled?(:enable_exclude_paths_subdirectory_manifest_files) &&
|
|
254
|
+
!@exclude_paths.empty? && Dependabot::FileFiltering.exclude_path?(path, @exclude_paths)
|
|
255
|
+
raise Dependabot::DependencyFileNotEvaluatable,
|
|
256
|
+
"Cannot process requirements: '#{file.name}' references excluded file '#{path}'. " \
|
|
257
|
+
"Please either remove the reference from '#{file.name}' " \
|
|
258
|
+
"or update your exclude_paths configuration."
|
|
259
|
+
end
|
|
260
|
+
|
|
241
261
|
fetched_file = fetch_file_from_host(path)
|
|
242
262
|
grandchild_gemfiles = fetch_child_gemfiles(
|
|
243
263
|
file: fetched_file,
|
|
@@ -20,6 +20,7 @@ module Dependabot
|
|
|
20
20
|
module Bundler
|
|
21
21
|
class FileParser < Dependabot::FileParsers::Base # rubocop:disable Metrics/ClassLength
|
|
22
22
|
extend T::Sig
|
|
23
|
+
|
|
23
24
|
require "dependabot/file_parsers/base/dependency_set"
|
|
24
25
|
require "dependabot/bundler/file_parser/file_preparer"
|
|
25
26
|
require "dependabot/bundler/file_parser/gemfile_declaration_finder"
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "parser/current"
|
|
5
6
|
require "dependabot/bundler/file_updater"
|
|
6
7
|
|
|
@@ -8,14 +9,21 @@ module Dependabot
|
|
|
8
9
|
module Bundler
|
|
9
10
|
class FileUpdater
|
|
10
11
|
class GitPinReplacer
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
14
|
+
sig { returns(Dependabot::Dependency) }
|
|
11
15
|
attr_reader :dependency
|
|
16
|
+
|
|
17
|
+
sig { returns(String) }
|
|
12
18
|
attr_reader :new_pin
|
|
13
19
|
|
|
20
|
+
sig { params(dependency: Dependabot::Dependency, new_pin: String).void }
|
|
14
21
|
def initialize(dependency:, new_pin:)
|
|
15
|
-
@dependency = dependency
|
|
16
|
-
@new_pin = new_pin
|
|
22
|
+
@dependency = T.let(dependency, Dependabot::Dependency)
|
|
23
|
+
@new_pin = T.let(new_pin, String)
|
|
17
24
|
end
|
|
18
25
|
|
|
26
|
+
sig { params(content: String).returns(String) }
|
|
19
27
|
def rewrite(content)
|
|
20
28
|
buffer = Parser::Source::Buffer.new("(gemfile_content)")
|
|
21
29
|
buffer.source = content
|
|
@@ -27,15 +35,24 @@ module Dependabot
|
|
|
27
35
|
end
|
|
28
36
|
|
|
29
37
|
class Rewriter < Parser::TreeRewriter
|
|
30
|
-
|
|
38
|
+
extend T::Sig
|
|
39
|
+
|
|
40
|
+
PIN_KEYS = T.let(%i(ref tag).freeze, T::Array[Symbol])
|
|
41
|
+
|
|
42
|
+
sig { returns(Dependabot::Dependency) }
|
|
31
43
|
attr_reader :dependency
|
|
44
|
+
|
|
45
|
+
sig { returns(String) }
|
|
32
46
|
attr_reader :new_pin
|
|
33
47
|
|
|
48
|
+
sig { params(dependency: Dependabot::Dependency, new_pin: String).void }
|
|
34
49
|
def initialize(dependency:, new_pin:)
|
|
35
|
-
|
|
36
|
-
@
|
|
50
|
+
super()
|
|
51
|
+
@dependency = T.let(dependency, Dependabot::Dependency)
|
|
52
|
+
@new_pin = T.let(new_pin, String)
|
|
37
53
|
end
|
|
38
54
|
|
|
55
|
+
sig { params(node: Parser::AST::Node).returns(T.untyped) }
|
|
39
56
|
def on_send(node)
|
|
40
57
|
return unless declares_targeted_gem?(node)
|
|
41
58
|
return unless node.children.last.type == :hash
|
|
@@ -50,16 +67,19 @@ module Dependabot
|
|
|
50
67
|
|
|
51
68
|
private
|
|
52
69
|
|
|
70
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
53
71
|
def declares_targeted_gem?(node)
|
|
54
72
|
return false unless node.children[1] == :gem
|
|
55
73
|
|
|
56
74
|
node.children[2].children.first == dependency.name
|
|
57
75
|
end
|
|
58
76
|
|
|
77
|
+
sig { params(node: Parser::AST::Node).returns(Symbol) }
|
|
59
78
|
def key_from_hash_pair(node)
|
|
60
79
|
node.children.first.children.first.to_sym
|
|
61
80
|
end
|
|
62
81
|
|
|
82
|
+
sig { params(hash_pair: Parser::AST::Node).void }
|
|
63
83
|
def update_value(hash_pair)
|
|
64
84
|
value_node = hash_pair.children.last
|
|
65
85
|
open_quote_character, close_quote_character =
|
|
@@ -71,6 +91,7 @@ module Dependabot
|
|
|
71
91
|
)
|
|
72
92
|
end
|
|
73
93
|
|
|
94
|
+
sig { params(value_node: Parser::AST::Node).returns([String, String]) }
|
|
74
95
|
def extract_quote_characters_from(value_node)
|
|
75
96
|
[value_node.loc.begin.source, value_node.loc.end.source]
|
|
76
97
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
@@ -12,12 +12,15 @@ module Dependabot
|
|
|
12
12
|
class GitSourceRemover
|
|
13
13
|
extend T::Sig
|
|
14
14
|
|
|
15
|
+
sig { returns(Dependabot::Dependency) }
|
|
15
16
|
attr_reader :dependency
|
|
16
17
|
|
|
18
|
+
sig { params(dependency: Dependabot::Dependency).void }
|
|
17
19
|
def initialize(dependency:)
|
|
18
20
|
@dependency = dependency
|
|
19
21
|
end
|
|
20
22
|
|
|
23
|
+
sig { params(content: String).returns(String) }
|
|
21
24
|
def rewrite(content)
|
|
22
25
|
buffer = Parser::Source::Buffer.new("(gemfile_content)")
|
|
23
26
|
buffer.source = content
|
|
@@ -27,18 +30,23 @@ module Dependabot
|
|
|
27
30
|
end
|
|
28
31
|
|
|
29
32
|
class Rewriter < Parser::TreeRewriter
|
|
33
|
+
extend T::Sig
|
|
34
|
+
|
|
30
35
|
# TODO: Hack until Bundler 1.16.0 is available on Heroku
|
|
31
36
|
GOOD_KEYS = %i(
|
|
32
37
|
group groups path glob name require platform platforms type
|
|
33
38
|
source install_if
|
|
34
39
|
).freeze
|
|
35
40
|
|
|
41
|
+
sig { returns(Dependabot::Dependency) }
|
|
36
42
|
attr_reader :dependency
|
|
37
43
|
|
|
44
|
+
sig { params(dependency: Dependabot::Dependency).void }
|
|
38
45
|
def initialize(dependency:)
|
|
39
|
-
@dependency = dependency
|
|
46
|
+
@dependency = T.let(dependency, Dependabot::Dependency)
|
|
40
47
|
end
|
|
41
48
|
|
|
49
|
+
sig { params(node: Parser::AST::Node).void }
|
|
42
50
|
def on_send(node)
|
|
43
51
|
return unless declares_targeted_gem?(node)
|
|
44
52
|
return unless node.children.last.type == :hash
|
|
@@ -57,16 +65,19 @@ module Dependabot
|
|
|
57
65
|
|
|
58
66
|
private
|
|
59
67
|
|
|
68
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
60
69
|
def declares_targeted_gem?(node)
|
|
61
70
|
return false unless node.children[1] == :gem
|
|
62
71
|
|
|
63
72
|
node.children[2].children.first == dependency.name
|
|
64
73
|
end
|
|
65
74
|
|
|
75
|
+
sig { params(node: Parser::AST::Node).returns(Symbol) }
|
|
66
76
|
def key_from_hash_pair(node)
|
|
67
77
|
node.children.first.children.first.to_sym
|
|
68
78
|
end
|
|
69
79
|
|
|
80
|
+
sig { params(node: Parser::AST::Node).void }
|
|
70
81
|
def remove_all_kwargs(node)
|
|
71
82
|
kwargs_node = node.children.last
|
|
72
83
|
|
|
@@ -76,6 +87,7 @@ module Dependabot
|
|
|
76
87
|
remove(range_to_remove)
|
|
77
88
|
end
|
|
78
89
|
|
|
90
|
+
sig { params(kwargs_node: Parser::AST::Node).void }
|
|
79
91
|
def remove_git_related_kwargs(kwargs_node)
|
|
80
92
|
good_key_index = T.let(nil, T.nilable(Integer))
|
|
81
93
|
hash_pairs = kwargs_node.children
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "bundler"
|
|
5
|
+
require "sorbet-runtime"
|
|
5
6
|
|
|
6
7
|
require "dependabot/shared_helpers"
|
|
7
8
|
require "dependabot/errors"
|
|
@@ -14,6 +15,8 @@ module Dependabot
|
|
|
14
15
|
module Bundler
|
|
15
16
|
class FileUpdater
|
|
16
17
|
class LockfileUpdater
|
|
18
|
+
extend T::Sig
|
|
19
|
+
|
|
17
20
|
require_relative "gemfile_updater"
|
|
18
21
|
require_relative "gemspec_updater"
|
|
19
22
|
require_relative "gemspec_sanitizer"
|
|
@@ -24,8 +27,32 @@ module Dependabot
|
|
|
24
27
|
GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m
|
|
25
28
|
GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m
|
|
26
29
|
|
|
30
|
+
sig do
|
|
31
|
+
params(
|
|
32
|
+
dependencies: T::Array[Dependabot::Dependency],
|
|
33
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
34
|
+
credentials: T::Array[Dependabot::Credential],
|
|
35
|
+
options: T::Hash[Symbol, T.untyped],
|
|
36
|
+
repo_contents_path: T.nilable(String)
|
|
37
|
+
).void
|
|
38
|
+
end
|
|
39
|
+
def initialize(dependencies:, dependency_files:, credentials:, options:,
|
|
40
|
+
repo_contents_path: nil)
|
|
41
|
+
@dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
|
|
42
|
+
@dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
|
|
43
|
+
@repo_contents_path = T.let(repo_contents_path, T.nilable(String))
|
|
44
|
+
@credentials = T.let(credentials, T::Array[Dependabot::Credential])
|
|
45
|
+
@options = T.let(options, T::Hash[Symbol, T.untyped])
|
|
46
|
+
@updated_lockfile_content = T.let(nil, T.nilable(String))
|
|
47
|
+
@gemfile = T.let(nil, T.nilable(Dependabot::DependencyFile))
|
|
48
|
+
@lockfile = T.let(nil, T.nilable(Dependabot::DependencyFile))
|
|
49
|
+
@evaled_gemfiles = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
|
|
50
|
+
@bundler_version = T.let(nil, T.nilable(String))
|
|
51
|
+
end
|
|
52
|
+
|
|
27
53
|
# Can't be a constant because some of these don't exist in bundler
|
|
28
54
|
# 1.15, which Heroku uses, which causes an exception on boot.
|
|
55
|
+
sig { returns(T::Array[T.class_of(::Bundler::Source::Path)]) }
|
|
29
56
|
def gemspec_sources
|
|
30
57
|
[
|
|
31
58
|
::Bundler::Source::Path,
|
|
@@ -33,21 +60,13 @@ module Dependabot
|
|
|
33
60
|
]
|
|
34
61
|
end
|
|
35
62
|
|
|
36
|
-
|
|
37
|
-
repo_contents_path: nil, credentials:, options:)
|
|
38
|
-
@dependencies = dependencies
|
|
39
|
-
@dependency_files = dependency_files
|
|
40
|
-
@repo_contents_path = repo_contents_path
|
|
41
|
-
@credentials = credentials
|
|
42
|
-
@options = options
|
|
43
|
-
end
|
|
44
|
-
|
|
63
|
+
sig { returns(String) }
|
|
45
64
|
def updated_lockfile_content
|
|
46
65
|
@updated_lockfile_content ||=
|
|
47
66
|
begin
|
|
48
67
|
updated_content = build_updated_lockfile
|
|
49
68
|
|
|
50
|
-
raise "Expected content to change!" if lockfile.content == updated_content
|
|
69
|
+
raise "Expected content to change!" if T.must(lockfile).content == updated_content
|
|
51
70
|
|
|
52
71
|
updated_content
|
|
53
72
|
end
|
|
@@ -55,14 +74,24 @@ module Dependabot
|
|
|
55
74
|
|
|
56
75
|
private
|
|
57
76
|
|
|
77
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
58
78
|
attr_reader :dependencies
|
|
79
|
+
|
|
80
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
59
81
|
attr_reader :dependency_files
|
|
82
|
+
|
|
83
|
+
sig { returns(T.nilable(String)) }
|
|
60
84
|
attr_reader :repo_contents_path
|
|
85
|
+
|
|
86
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
61
87
|
attr_reader :credentials
|
|
88
|
+
|
|
89
|
+
sig { returns(T::Hash[Symbol, T.untyped]) }
|
|
62
90
|
attr_reader :options
|
|
63
91
|
|
|
92
|
+
sig { returns(String) }
|
|
64
93
|
def build_updated_lockfile
|
|
65
|
-
base_dir = dependency_files.first.directory
|
|
94
|
+
base_dir = T.must(dependency_files.first).directory
|
|
66
95
|
lockfile_body =
|
|
67
96
|
SharedHelpers.in_a_temporary_repo_directory(
|
|
68
97
|
base_dir,
|
|
@@ -75,8 +104,8 @@ module Dependabot
|
|
|
75
104
|
function: "update_lockfile",
|
|
76
105
|
options: options,
|
|
77
106
|
args: {
|
|
78
|
-
gemfile_name: gemfile.name,
|
|
79
|
-
lockfile_name: lockfile.name,
|
|
107
|
+
gemfile_name: T.must(gemfile).name,
|
|
108
|
+
lockfile_name: T.must(lockfile).name,
|
|
80
109
|
dir: tmp_dir,
|
|
81
110
|
credentials: credentials,
|
|
82
111
|
dependencies: dependencies.map(&:to_h)
|
|
@@ -90,9 +119,10 @@ module Dependabot
|
|
|
90
119
|
raise
|
|
91
120
|
end
|
|
92
121
|
|
|
122
|
+
sig { void }
|
|
93
123
|
def write_temporary_dependency_files
|
|
94
|
-
File.write(gemfile.name, prepared_gemfile_content(gemfile))
|
|
95
|
-
File.write(lockfile.name, sanitized_lockfile_body)
|
|
124
|
+
File.write(T.must(gemfile).name, prepared_gemfile_content(T.must(gemfile)))
|
|
125
|
+
File.write(T.must(lockfile).name, sanitized_lockfile_body)
|
|
96
126
|
|
|
97
127
|
write_gemspecs(top_level_gemspecs)
|
|
98
128
|
write_ruby_version_file
|
|
@@ -108,22 +138,25 @@ module Dependabot
|
|
|
108
138
|
end
|
|
109
139
|
end
|
|
110
140
|
|
|
141
|
+
sig { void }
|
|
111
142
|
def write_ruby_version_file
|
|
112
143
|
return unless ruby_version_file
|
|
113
144
|
|
|
114
|
-
path = ruby_version_file.name
|
|
145
|
+
path = T.must(ruby_version_file).name
|
|
115
146
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
116
|
-
File.write(path, ruby_version_file.content)
|
|
147
|
+
File.write(path, T.must(ruby_version_file).content)
|
|
117
148
|
end
|
|
118
149
|
|
|
150
|
+
sig { void }
|
|
119
151
|
def write_tool_versions_file
|
|
120
152
|
return unless tool_versions_file
|
|
121
153
|
|
|
122
|
-
path = tool_versions_file.name
|
|
154
|
+
path = T.must(tool_versions_file).name
|
|
123
155
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
124
|
-
File.write(path, tool_versions_file.content)
|
|
156
|
+
File.write(path, T.must(tool_versions_file).content)
|
|
125
157
|
end
|
|
126
158
|
|
|
159
|
+
sig { params(files: T::Array[Dependabot::DependencyFile]).void }
|
|
127
160
|
def write_gemspecs(files)
|
|
128
161
|
files.each do |file|
|
|
129
162
|
path = file.name
|
|
@@ -133,6 +166,7 @@ module Dependabot
|
|
|
133
166
|
end
|
|
134
167
|
end
|
|
135
168
|
|
|
169
|
+
sig { void }
|
|
136
170
|
def write_specification_files
|
|
137
171
|
specification_files.each do |file|
|
|
138
172
|
path = file.name
|
|
@@ -141,6 +175,7 @@ module Dependabot
|
|
|
141
175
|
end
|
|
142
176
|
end
|
|
143
177
|
|
|
178
|
+
sig { void }
|
|
144
179
|
def write_imported_ruby_files
|
|
145
180
|
imported_ruby_files.each do |file|
|
|
146
181
|
path = file.name
|
|
@@ -149,38 +184,46 @@ module Dependabot
|
|
|
149
184
|
end
|
|
150
185
|
end
|
|
151
186
|
|
|
187
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
152
188
|
def path_gemspecs
|
|
153
189
|
all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
|
|
154
190
|
all - top_level_gemspecs
|
|
155
191
|
end
|
|
156
192
|
|
|
193
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
157
194
|
def imported_ruby_files
|
|
158
195
|
dependency_files
|
|
159
196
|
.select { |f| f.name.end_with?(".rb") }
|
|
160
197
|
.reject { |f| f.name == "gems.rb" }
|
|
161
198
|
end
|
|
162
199
|
|
|
200
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
163
201
|
def top_level_gemspecs
|
|
164
202
|
dependency_files
|
|
165
203
|
.select { |file| file.name.end_with?(".gemspec") && Pathname.new(file.name).dirname.to_s == "." }
|
|
166
204
|
end
|
|
167
205
|
|
|
206
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
168
207
|
def ruby_version_file
|
|
169
208
|
dependency_files.find { |f| f.name == ".ruby-version" }
|
|
170
209
|
end
|
|
171
210
|
|
|
211
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
172
212
|
def tool_versions_file
|
|
173
213
|
dependency_files.find { |f| f.name == ".tool-versions" }
|
|
174
214
|
end
|
|
175
215
|
|
|
216
|
+
sig { params(lockfile_body: String).returns(String) }
|
|
176
217
|
def post_process_lockfile(lockfile_body)
|
|
177
218
|
lockfile_body = reorder_git_dependencies(lockfile_body)
|
|
178
219
|
replace_lockfile_ending(lockfile_body)
|
|
179
220
|
end
|
|
180
221
|
|
|
222
|
+
sig { params(lockfile_body: String).returns(String) }
|
|
181
223
|
def reorder_git_dependencies(lockfile_body)
|
|
182
224
|
new_section = lockfile_body.match(GIT_DEPENDENCIES_SECTION)&.to_s
|
|
183
|
-
|
|
225
|
+
lockfile_content = T.must(lockfile).content
|
|
226
|
+
old_section = lockfile_content&.match(GIT_DEPENDENCIES_SECTION)&.to_s
|
|
184
227
|
|
|
185
228
|
return lockfile_body unless new_section && old_section
|
|
186
229
|
|
|
@@ -190,8 +233,10 @@ module Dependabot
|
|
|
190
233
|
return lockfile_body unless new_deps.count == old_deps.count
|
|
191
234
|
|
|
192
235
|
reordered_new_section = new_deps.sort_by do |new_dep_details|
|
|
193
|
-
|
|
194
|
-
|
|
236
|
+
dep_string = T.cast(new_dep_details, String)
|
|
237
|
+
match_result = dep_string.match(/remote: (?<remote>.*\n)/)
|
|
238
|
+
remote = match_result ? match_result[:remote] : ""
|
|
239
|
+
i = old_deps.index { |details| details.include?(T.must(remote)) }
|
|
195
240
|
|
|
196
241
|
# If this dependency isn't in the old lockfile then we can't rely
|
|
197
242
|
# on that (presumably outdated) lockfile to do reordering.
|
|
@@ -205,15 +250,18 @@ module Dependabot
|
|
|
205
250
|
lockfile_body.gsub(new_section, reordered_new_section)
|
|
206
251
|
end
|
|
207
252
|
|
|
253
|
+
sig { params(lockfile_body: String).returns(String) }
|
|
208
254
|
def replace_lockfile_ending(lockfile_body)
|
|
209
255
|
# Re-add the old `BUNDLED WITH` version (and remove the RUBY VERSION
|
|
210
256
|
# if it wasn't previously present in the lockfile)
|
|
257
|
+
lockfile_content = T.must(lockfile).content
|
|
211
258
|
lockfile_body.gsub(
|
|
212
259
|
LOCKFILE_ENDING,
|
|
213
|
-
|
|
260
|
+
lockfile_content&.match(LOCKFILE_ENDING)&.[](:ending) || "\n"
|
|
214
261
|
)
|
|
215
262
|
end
|
|
216
263
|
|
|
264
|
+
sig { params(path: String, gemspec_content: String).returns(String) }
|
|
217
265
|
def sanitized_gemspec_content(path, gemspec_content)
|
|
218
266
|
new_version = replacement_version_for_gemspec(path, gemspec_content)
|
|
219
267
|
|
|
@@ -222,6 +270,7 @@ module Dependabot
|
|
|
222
270
|
.rewrite(gemspec_content)
|
|
223
271
|
end
|
|
224
272
|
|
|
273
|
+
sig { params(path: String, gemspec_content: String).returns(String) }
|
|
225
274
|
def replacement_version_for_gemspec(path, gemspec_content)
|
|
226
275
|
return "0.0.1" unless lockfile
|
|
227
276
|
|
|
@@ -233,9 +282,10 @@ module Dependabot
|
|
|
233
282
|
CachedLockfileParser.parse(sanitized_lockfile_body).specs
|
|
234
283
|
.select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
|
|
235
284
|
|
|
236
|
-
gemspec_specs.first&.version || "0.0.1"
|
|
285
|
+
gemspec_specs.first&.version&.to_s || "0.0.1"
|
|
237
286
|
end
|
|
238
287
|
|
|
288
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
239
289
|
def prepared_gemfile_content(file)
|
|
240
290
|
content = updated_gemfile_content(file)
|
|
241
291
|
|
|
@@ -246,6 +296,7 @@ module Dependabot
|
|
|
246
296
|
content
|
|
247
297
|
end
|
|
248
298
|
|
|
299
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
249
300
|
def updated_gemfile_content(file)
|
|
250
301
|
GemfileUpdater.new(
|
|
251
302
|
dependencies: dependencies,
|
|
@@ -253,6 +304,7 @@ module Dependabot
|
|
|
253
304
|
).updated_gemfile_content
|
|
254
305
|
end
|
|
255
306
|
|
|
307
|
+
sig { params(gemspec: Dependabot::DependencyFile).returns(String) }
|
|
256
308
|
def updated_gemspec_content(gemspec)
|
|
257
309
|
GemspecUpdater.new(
|
|
258
310
|
dependencies: dependencies,
|
|
@@ -260,11 +312,13 @@ module Dependabot
|
|
|
260
312
|
).updated_gemspec_content
|
|
261
313
|
end
|
|
262
314
|
|
|
315
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
263
316
|
def gemfile
|
|
264
317
|
@gemfile ||= dependency_files.find { |f| f.name == "Gemfile" } ||
|
|
265
318
|
dependency_files.find { |f| f.name == "gems.rb" }
|
|
266
319
|
end
|
|
267
320
|
|
|
321
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
268
322
|
def lockfile
|
|
269
323
|
@lockfile ||=
|
|
270
324
|
dependency_files.find { |f| f.name == "Gemfile.lock" } ||
|
|
@@ -272,10 +326,13 @@ module Dependabot
|
|
|
272
326
|
end
|
|
273
327
|
|
|
274
328
|
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
|
329
|
+
sig { returns(String) }
|
|
275
330
|
def sanitized_lockfile_body
|
|
276
|
-
|
|
331
|
+
content = T.must(lockfile).content
|
|
332
|
+
T.must(content).gsub(LOCKFILE_ENDING, "")
|
|
277
333
|
end
|
|
278
334
|
|
|
335
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
279
336
|
def evaled_gemfiles
|
|
280
337
|
@evaled_gemfiles ||=
|
|
281
338
|
dependency_files
|
|
@@ -288,10 +345,12 @@ module Dependabot
|
|
|
288
345
|
.reject(&:support_file?)
|
|
289
346
|
end
|
|
290
347
|
|
|
348
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
291
349
|
def specification_files
|
|
292
350
|
dependency_files.select { |f| f.name.end_with?(".specification") }
|
|
293
351
|
end
|
|
294
352
|
|
|
353
|
+
sig { returns(String) }
|
|
295
354
|
def bundler_version
|
|
296
355
|
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
297
356
|
end
|