dependabot-bundler 0.333.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v2/lib/functions/force_updater.rb +7 -2
  3. data/helpers/v2/lib/functions/version_resolver.rb +6 -2
  4. data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +64 -52
  5. data/helpers/v2/spec/functions/dependency_source_spec.rb +14 -10
  6. data/helpers/v2/spec/functions/version_resolver_spec.rb +4 -2
  7. data/lib/dependabot/bundler/file_fetcher.rb +12 -6
  8. data/lib/dependabot/bundler/file_parser.rb +4 -2
  9. data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +13 -6
  10. data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +27 -6
  11. data/lib/dependabot/bundler/file_updater/git_source_remover.rb +14 -2
  12. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +90 -26
  13. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +92 -17
  14. data/lib/dependabot/bundler/file_updater.rb +48 -19
  15. data/lib/dependabot/bundler/metadata_finder.rb +61 -30
  16. data/lib/dependabot/bundler/package/package_details_fetcher.rb +60 -2
  17. data/lib/dependabot/bundler/requirement.rb +3 -2
  18. data/lib/dependabot/bundler/update_checker/file_preparer.rb +81 -25
  19. data/lib/dependabot/bundler/update_checker/force_updater.rb +11 -5
  20. data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +53 -15
  21. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +4 -2
  22. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +92 -31
  23. data/lib/dependabot/bundler/update_checker/version_resolver.rb +14 -7
  24. data/lib/dependabot/bundler/update_checker.rb +14 -7
  25. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ed2db4c89c832c17cf73a1183c1ca6645f8f8c141a357526eb997691227dade6
4
- data.tar.gz: 41f43a96a647a712ba845860aaecd0bcca8a5aa316c93e578c271f5f7aabd50d
3
+ metadata.gz: e7f69a64ba15ebbad9f9a6b231aafd823c1dfd209eaf6256bcadcec2cf2b4146
4
+ data.tar.gz: e99f4c6991029f7f44fc0a82c79298e7b57ca5e52e723abcf7e0a29f23635d2e
5
5
  SHA512:
6
- metadata.gz: 8e1ed157de7a72eb7d78ca0cafce120e2517e1142a1f38a2fb676edd787db470da46f782f091123028c9a45c647d77f15740e4ee12fa189be9dbd1176f77aae8
7
- data.tar.gz: 99d4ccb5ccb39ed52adca7aaaeb84e34356b7efa263541fbdd7a00cbca100b818d52311c3145f2abc73da100fb8e318b05c2fa9fbc5d501c5a7a0d06ff936bad
6
+ metadata.gz: f016dcae6e50e038e723c4edd8181f0f69f8d784b6fb1811362a044dfe878d9addf22b5647869b6d3073275774d915ffb3963a6aea04979378b6119e4ebaf3fb
7
+ data.tar.gz: 20c66bb7c4d1293f0fb19f3f5ebec61de873f3a21066b6d4ee9935d0bb858151d381c91e2f5979bd727b226fd787de6f1f8fd71b1f9979dfc54a5d9aad124f04
data/helpers/v2/lib/functions/force_updater.rb CHANGED
@@ -5,8 +5,13 @@ module Functions
5
5
  class ForceUpdater
6
6
  class TopLevelDependencyDowngradedError < StandardError; end
7
7
 
8
- def initialize(dependency_name:, target_version:, gemfile_name:,
9
- lockfile_name:, update_multiple_dependencies:)
8
+ def initialize(
9
+ dependency_name:,
10
+ target_version:,
11
+ gemfile_name:,
12
+ lockfile_name:,
13
+ update_multiple_dependencies:
14
+ )
10
15
  @dependency_name = dependency_name
11
16
  @target_version = target_version
12
17
  @gemfile_name = gemfile_name
data/helpers/v2/lib/functions/version_resolver.rb CHANGED
@@ -10,8 +10,12 @@ module Functions
10
10
  attr_reader :gemfile_name
11
11
  attr_reader :lockfile_name
12
12
 
13
- def initialize(dependency_name:, dependency_requirements:,
14
- gemfile_name:, lockfile_name:)
13
+ def initialize(
14
+ dependency_name:,
15
+ dependency_requirements:,
16
+ gemfile_name:,
17
+ lockfile_name:
18
+ )
15
19
  @dependency_name = dependency_name
16
20
  @dependency_requirements = dependency_requirements
17
21
  @gemfile_name = gemfile_name
data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb CHANGED
@@ -42,42 +42,50 @@ RSpec.describe Functions::ConflictingDependencyResolver do
42
42
  let(:target_version) { "6.0.0" }
43
43
 
44
44
  it "returns a list of dependencies that block the update" do
45
- expect(conflicting_dependencies).to contain_exactly({
46
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
47
- "name" => "rails",
48
- "requirement" => "= 5.2.0",
49
- "version" => "5.2.0"
50
- }, {
51
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
52
- "name" => "actionpack",
53
- "version" => "5.2.0",
54
- "requirement" => "= 5.2.0"
55
- }, {
56
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
57
- "name" => "actionview",
58
- "version" => "5.2.0",
59
- "requirement" => "= 5.2.0"
60
- }, {
61
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
62
- "name" => "activejob",
63
- "version" => "5.2.0",
64
- "requirement" => "= 5.2.0"
65
- }, {
66
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
67
- "name" => "activemodel",
68
- "version" => "5.2.0",
69
- "requirement" => "= 5.2.0"
70
- }, {
71
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
72
- "name" => "activerecord",
73
- "version" => "5.2.0",
74
- "requirement" => "= 5.2.0"
75
- }, {
76
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
77
- "name" => "railties",
78
- "version" => "5.2.0",
79
- "requirement" => "= 5.2.0"
80
- })
45
+ expect(conflicting_dependencies).to contain_exactly(
46
+ {
47
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
48
+ "name" => "rails",
49
+ "requirement" => "= 5.2.0",
50
+ "version" => "5.2.0"
51
+ },
52
+ {
53
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
54
+ "name" => "actionpack",
55
+ "version" => "5.2.0",
56
+ "requirement" => "= 5.2.0"
57
+ },
58
+ {
59
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
60
+ "name" => "actionview",
61
+ "version" => "5.2.0",
62
+ "requirement" => "= 5.2.0"
63
+ },
64
+ {
65
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
66
+ "name" => "activejob",
67
+ "version" => "5.2.0",
68
+ "requirement" => "= 5.2.0"
69
+ },
70
+ {
71
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
72
+ "name" => "activemodel",
73
+ "version" => "5.2.0",
74
+ "requirement" => "= 5.2.0"
75
+ },
76
+ {
77
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
78
+ "name" => "activerecord",
79
+ "version" => "5.2.0",
80
+ "requirement" => "= 5.2.0"
81
+ },
82
+ {
83
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
84
+ "name" => "railties",
85
+ "version" => "5.2.0",
86
+ "requirement" => "= 5.2.0"
87
+ }
88
+ )
81
89
  end
82
90
  end
83
91
 
@@ -88,22 +96,26 @@ RSpec.describe Functions::ConflictingDependencyResolver do
88
96
  let(:project_name) { "multiple_blocking" }
89
97
 
90
98
  it "returns all of the blocking dependencies" do
91
- expect(conflicting_dependencies).to contain_exactly({
92
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
93
- "name" => "actionpack",
94
- "version" => "5.0.0",
95
- "requirement" => "= 5.0.0"
96
- }, {
97
- "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
98
- "name" => "actionview",
99
- "version" => "5.0.0",
100
- "requirement" => "= 5.0.0"
101
- }, {
102
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
103
- "name" => "activejob",
104
- "version" => "5.0.0",
105
- "requirement" => "= 5.0.0"
106
- })
99
+ expect(conflicting_dependencies).to contain_exactly(
100
+ {
101
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
102
+ "name" => "actionpack",
103
+ "version" => "5.0.0",
104
+ "requirement" => "= 5.0.0"
105
+ },
106
+ {
107
+ "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
108
+ "name" => "actionview",
109
+ "version" => "5.0.0",
110
+ "requirement" => "= 5.0.0"
111
+ },
112
+ {
113
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
114
+ "name" => "activejob",
115
+ "version" => "5.0.0",
116
+ "requirement" => "= 5.0.0"
117
+ }
118
+ )
107
119
  end
108
120
  end
109
121
 
data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED
@@ -40,22 +40,26 @@ RSpec.describe Functions::DependencySource do
40
40
  end
41
41
 
42
42
  it "returns all versions from the private source" do
43
- expect(private_registry_versions).to eq([
44
- Gem::Version.new("1.5.0"),
45
- Gem::Version.new("1.9.0"),
46
- Gem::Version.new("1.10.0.beta")
47
- ])
43
+ expect(private_registry_versions).to eq(
44
+ [
45
+ Gem::Version.new("1.5.0"),
46
+ Gem::Version.new("1.9.0"),
47
+ Gem::Version.new("1.10.0.beta")
48
+ ]
49
+ )
48
50
  end
49
51
 
50
52
  context "when specified as the default source" do
51
53
  let(:project_name) { "specified_default_source_no_lockfile" }
52
54
 
53
55
  it "returns all versions from the private source" do
54
- expect(private_registry_versions).to eq([
55
- Gem::Version.new("1.5.0"),
56
- Gem::Version.new("1.9.0"),
57
- Gem::Version.new("1.10.0.beta")
58
- ])
56
+ expect(private_registry_versions).to eq(
57
+ [
58
+ Gem::Version.new("1.5.0"),
59
+ Gem::Version.new("1.9.0"),
60
+ Gem::Version.new("1.10.0.beta")
61
+ ]
62
+ )
59
63
  end
60
64
  end
61
65
 
data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED
@@ -96,8 +96,10 @@ RSpec.describe Functions::VersionResolver do
96
96
  stub_request(:get, old_index_url + "?gems=business,statesman")
97
97
  .to_return(
98
98
  status: 200,
99
- body: fixture("rubygems_responses",
100
- "dependencies-default-gemfile")
99
+ body: fixture(
100
+ "rubygems_responses",
101
+ "dependencies-default-gemfile"
102
+ )
101
103
  )
102
104
  end
103
105
 
data/lib/dependabot/bundler/file_fetcher.rb CHANGED
@@ -75,16 +75,20 @@ module Dependabot
75
75
  def gemfile
76
76
  return @gemfile if defined?(@gemfile)
77
77
 
78
- @gemfile = T.let(fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile"),
79
- T.nilable(Dependabot::DependencyFile))
78
+ @gemfile = T.let(
79
+ fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile"),
80
+ T.nilable(Dependabot::DependencyFile)
81
+ )
80
82
  end
81
83
 
82
84
  sig { returns(T.nilable(DependencyFile)) }
83
85
  def lockfile
84
86
  return @lockfile if defined?(@lockfile)
85
87
 
86
- @lockfile = T.let(fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock"),
87
- T.nilable(Dependabot::DependencyFile))
88
+ @lockfile = T.let(
89
+ fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock"),
90
+ T.nilable(Dependabot::DependencyFile)
91
+ )
88
92
  end
89
93
 
90
94
  sig { returns(T::Array[Dependabot::DependencyFile]) }
@@ -239,8 +243,10 @@ module Dependabot
239
243
  end
240
244
 
241
245
  sig do
242
- params(file: DependencyFile,
243
- previously_fetched_files: T::Array[DependencyFile]).returns(T::Array[DependencyFile])
246
+ params(
247
+ file: DependencyFile,
248
+ previously_fetched_files: T::Array[DependencyFile]
249
+ ).returns(T::Array[DependencyFile])
244
250
  end
245
251
  def fetch_child_gemfiles(file:, previously_fetched_files:)
246
252
  paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -209,8 +209,10 @@ module Dependabot
209
209
  sig { returns(T::Array[T::Hash[String, T.untyped]]) }
210
210
  def parsed_gemfile
211
211
  @parsed_gemfile ||= T.let(
212
- SharedHelpers.in_a_temporary_repo_directory(T.must(base_directory),
213
- repo_contents_path) do
212
+ SharedHelpers.in_a_temporary_repo_directory(
213
+ T.must(base_directory),
214
+ repo_contents_path
215
+ ) do
214
216
  write_temporary_dependency_files
215
217
 
216
218
  NativeHelpers.run_bundler_subprocess(
data/lib/dependabot/bundler/file_updater/gemspec_updater.rb CHANGED
@@ -39,20 +39,27 @@ module Dependabot
39
39
  attr_reader :gemspec
40
40
 
41
41
  sig do
42
- params(gemspec: Dependabot::DependencyFile, dependency: Dependabot::Dependency,
43
- content: String).returns(String)
42
+ params(
43
+ gemspec: Dependabot::DependencyFile,
44
+ dependency: Dependabot::Dependency,
45
+ content: String
46
+ ).returns(String)
44
47
  end
45
48
  def replace_gemspec_version_requirement(gemspec, dependency, content)
46
49
  return content unless requirement_changed?(gemspec, dependency)
47
50
 
48
51
  updated_requirement =
49
- T.must(dependency.requirements
50
- .find { |r| r[:file] == gemspec.name })
52
+ T.must(
53
+ dependency.requirements
54
+ .find { |r| r[:file] == gemspec.name }
55
+ )
51
56
  .fetch(:requirement)
52
57
 
53
58
  previous_requirement =
54
- T.must(T.must(dependency.previous_requirements)
55
- .find { |r| r[:file] == gemspec.name })
59
+ T.must(
60
+ T.must(dependency.previous_requirements)
61
+ .find { |r| r[:file] == gemspec.name }
62
+ )
56
63
  .fetch(:requirement)
57
64
 
58
65
  RequirementReplacer.new(
data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "parser/current"
5
6
  require "dependabot/bundler/file_updater"
6
7
 
@@ -8,14 +9,21 @@ module Dependabot
8
9
  module Bundler
9
10
  class FileUpdater
10
11
  class GitPinReplacer
12
+ extend T::Sig
13
+
14
+ sig { returns(Dependabot::Dependency) }
11
15
  attr_reader :dependency
16
+
17
+ sig { returns(String) }
12
18
  attr_reader :new_pin
13
19
 
20
+ sig { params(dependency: Dependabot::Dependency, new_pin: String).void }
14
21
  def initialize(dependency:, new_pin:)
15
- @dependency = dependency
16
- @new_pin = new_pin
22
+ @dependency = T.let(dependency, Dependabot::Dependency)
23
+ @new_pin = T.let(new_pin, String)
17
24
  end
18
25
 
26
+ sig { params(content: String).returns(String) }
19
27
  def rewrite(content)
20
28
  buffer = Parser::Source::Buffer.new("(gemfile_content)")
21
29
  buffer.source = content
@@ -27,15 +35,24 @@ module Dependabot
27
35
  end
28
36
 
29
37
  class Rewriter < Parser::TreeRewriter
30
- PIN_KEYS = %i(ref tag).freeze
38
+ extend T::Sig
39
+
40
+ PIN_KEYS = T.let(%i(ref tag).freeze, T::Array[Symbol])
41
+
42
+ sig { returns(Dependabot::Dependency) }
31
43
  attr_reader :dependency
44
+
45
+ sig { returns(String) }
32
46
  attr_reader :new_pin
33
47
 
48
+ sig { params(dependency: Dependabot::Dependency, new_pin: String).void }
34
49
  def initialize(dependency:, new_pin:)
35
- @dependency = dependency
36
- @new_pin = new_pin
50
+ super()
51
+ @dependency = T.let(dependency, Dependabot::Dependency)
52
+ @new_pin = T.let(new_pin, String)
37
53
  end
38
54
 
55
+ sig { params(node: Parser::AST::Node).returns(T.untyped) }
39
56
  def on_send(node)
40
57
  return unless declares_targeted_gem?(node)
41
58
  return unless node.children.last.type == :hash
@@ -50,16 +67,19 @@ module Dependabot
50
67
 
51
68
  private
52
69
 
70
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
53
71
  def declares_targeted_gem?(node)
54
72
  return false unless node.children[1] == :gem
55
73
 
56
74
  node.children[2].children.first == dependency.name
57
75
  end
58
76
 
77
+ sig { params(node: Parser::AST::Node).returns(Symbol) }
59
78
  def key_from_hash_pair(node)
60
79
  node.children.first.children.first.to_sym
61
80
  end
62
81
 
82
+ sig { params(hash_pair: Parser::AST::Node).void }
63
83
  def update_value(hash_pair)
64
84
  value_node = hash_pair.children.last
65
85
  open_quote_character, close_quote_character =
@@ -71,6 +91,7 @@ module Dependabot
71
91
  )
72
92
  end
73
93
 
94
+ sig { params(value_node: Parser::AST::Node).returns([String, String]) }
74
95
  def extract_quote_characters_from(value_node)
75
96
  [value_node.loc.begin.source, value_node.loc.end.source]
76
97
  end
data/lib/dependabot/bundler/file_updater/git_source_remover.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
@@ -12,12 +12,15 @@ module Dependabot
12
12
  class GitSourceRemover
13
13
  extend T::Sig
14
14
 
15
+ sig { returns(Dependabot::Dependency) }
15
16
  attr_reader :dependency
16
17
 
18
+ sig { params(dependency: Dependabot::Dependency).void }
17
19
  def initialize(dependency:)
18
20
  @dependency = dependency
19
21
  end
20
22
 
23
+ sig { params(content: String).returns(String) }
21
24
  def rewrite(content)
22
25
  buffer = Parser::Source::Buffer.new("(gemfile_content)")
23
26
  buffer.source = content
@@ -27,18 +30,23 @@ module Dependabot
27
30
  end
28
31
 
29
32
  class Rewriter < Parser::TreeRewriter
33
+ extend T::Sig
34
+
30
35
  # TODO: Hack until Bundler 1.16.0 is available on Heroku
31
36
  GOOD_KEYS = %i(
32
37
  group groups path glob name require platform platforms type
33
38
  source install_if
34
39
  ).freeze
35
40
 
41
+ sig { returns(Dependabot::Dependency) }
36
42
  attr_reader :dependency
37
43
 
44
+ sig { params(dependency: Dependabot::Dependency).void }
38
45
  def initialize(dependency:)
39
- @dependency = dependency
46
+ @dependency = T.let(dependency, Dependabot::Dependency)
40
47
  end
41
48
 
49
+ sig { params(node: Parser::AST::Node).void }
42
50
  def on_send(node)
43
51
  return unless declares_targeted_gem?(node)
44
52
  return unless node.children.last.type == :hash
@@ -57,16 +65,19 @@ module Dependabot
57
65
 
58
66
  private
59
67
 
68
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
60
69
  def declares_targeted_gem?(node)
61
70
  return false unless node.children[1] == :gem
62
71
 
63
72
  node.children[2].children.first == dependency.name
64
73
  end
65
74
 
75
+ sig { params(node: Parser::AST::Node).returns(Symbol) }
66
76
  def key_from_hash_pair(node)
67
77
  node.children.first.children.first.to_sym
68
78
  end
69
79
 
80
+ sig { params(node: Parser::AST::Node).void }
70
81
  def remove_all_kwargs(node)
71
82
  kwargs_node = node.children.last
72
83
 
@@ -76,6 +87,7 @@ module Dependabot
76
87
  remove(range_to_remove)
77
88
  end
78
89
 
90
+ sig { params(kwargs_node: Parser::AST::Node).void }
79
91
  def remove_git_related_kwargs(kwargs_node)
80
92
  good_key_index = T.let(nil, T.nilable(Integer))
81
93
  hash_pairs = kwargs_node.children