dependabot-bundler 0.384.0 → 0.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3daa49f0b7badcac1b05d18da5a85120669028a0e05217e9f25909841c90593c
4
- data.tar.gz: 86a858104d17f0050cbede5e5d9d815a47b2c0ee36ba844d4777f71a70840549
3
+ metadata.gz: 497069e0c24769d144719c23a99658721135d964311c543b79e8e79118b57ff4
4
+ data.tar.gz: 3fb99af5f766180db6928c1f7d22ccc835feb0829eba150ed4d7a56b8fc3ebf7
5
5
  SHA512:
6
- metadata.gz: 57636ebdc4fa11bebb74e6839df1d363dcb6db1e381b2070c5e81f76301ada8d747c36965c85c269cc25cd6a4ecc5b2d7312d3d9f3eeadc7c9b48e2d61fdedb1
7
- data.tar.gz: 7907b9f4b766c2e080a0d2842c5cf3b10fc8c02dbfdfdf2f545366ecdf4c6566e8dcffa89783e83d6b65c4884da627624f98a469a8b93a24d20f9ac28752427f
6
+ metadata.gz: 336c256aeae0398b830cb8fe398f98d8e4bbba385cfa94f11ea6e415985bc567700f34c92b89f7e5ecd0521ed3e90eaa024e4c2a6049ab3a533ebfff25e971fd
7
+ data.tar.gz: 682c35977db40d6fce2b12792ca1b310a5b0db198e6a784cb27c55d11c63f2c712a68cda48d7e73b53db5447bcb62ff083c5b7fec824493c424e1cbac9ad5b01
@@ -72,6 +72,15 @@ module Functions
72
72
  lockfile_specs.include?(spec)
73
73
  end.map(&:name).uniq
74
74
 
75
+ cache_path = Bundler.app_cache
76
+
77
+ # Snapshot the gems already vendored in the repo before we re-cache.
78
+ # `cache_all_platforms` re-fetches every platform variant of every gem,
79
+ # which adds gem files for platforms the repo may never have vendored.
80
+ # We only want to add platform variants for gems this update actually
81
+ # changed, so anything else newly added is reverted below.
82
+ pre_existing_gems = Dir["#{cache_path}/*.gem"]
83
+
75
84
  bundler_opts = {
76
85
  cache_all: true,
77
86
  cache_all_platforms: true,
@@ -84,10 +93,30 @@ module Functions
84
93
 
85
94
  # Only prune updated gems (the original implementation is in
86
95
  # Bundler::Runtime)
87
- cache_path = Bundler.app_cache
88
96
  prune_gem_cache(resolve, cache_path, updated_gems)
89
97
  prune_git_and_path_cache(resolve, cache_path)
90
98
  end
99
+
100
+ # Revert gem files newly added by the all-platforms re-cache that belong
101
+ # to dependencies this update didn't touch. Without this a single-gem
102
+ # update re-vendors missing platform variants for *every* gem, producing
103
+ # large diffs unrelated to the update on repos that don't vendor every
104
+ # platform.
105
+ prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
106
+ end
107
+
108
+ # Removes gem files added by the all-platforms re-cache that were not
109
+ # present before and don't belong to an updated dependency (including
110
+ # sub-dependencies). Pre-existing vendored gems are always left untouched.
111
+ def prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
112
+ Dir["#{cache_path}/*.gem"].each do |path|
113
+ next if pre_existing_gems.include?(path)
114
+
115
+ spec = Bundler.rubygems.spec_from_gem(path)
116
+ next if updated_gems.include?(spec.name)
117
+
118
+ File.delete(path)
119
+ end
91
120
  end
92
121
 
93
122
  # Copied from Bundler::Runtime: Modified to only prune gems that have
@@ -72,6 +72,15 @@ module Functions
72
72
  lockfile_specs.include?(spec)
73
73
  end.map(&:name).uniq
74
74
 
75
+ cache_path = Bundler.app_cache
76
+
77
+ # Snapshot the gems already vendored in the repo before we re-cache.
78
+ # `cache_all_platforms` re-fetches every platform variant of every gem,
79
+ # which adds gem files for platforms the repo may never have vendored.
80
+ # We only want to add platform variants for gems this update actually
81
+ # changed, so anything else newly added is reverted below.
82
+ pre_existing_gems = Dir["#{cache_path}/*.gem"]
83
+
75
84
  bundler_opts = {
76
85
  cache_all: true,
77
86
  cache_all_platforms: true,
@@ -84,10 +93,30 @@ module Functions
84
93
 
85
94
  # Only prune updated gems (the original implementation is in
86
95
  # Bundler::Runtime)
87
- cache_path = Bundler.app_cache
88
96
  prune_gem_cache(resolve, cache_path, updated_gems)
89
97
  prune_git_and_path_cache(resolve, cache_path)
90
98
  end
99
+
100
+ # Revert gem files newly added by the all-platforms re-cache that belong
101
+ # to dependencies this update didn't touch. Without this a single-gem
102
+ # update re-vendors missing platform variants for *every* gem, producing
103
+ # large diffs unrelated to the update on repos that don't vendor every
104
+ # platform.
105
+ prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
106
+ end
107
+
108
+ # Removes gem files added by the all-platforms re-cache that were not
109
+ # present before and don't belong to an updated dependency (including
110
+ # sub-dependencies). Pre-existing vendored gems are always left untouched.
111
+ def prune_unrequested_gem_additions(cache_path, pre_existing_gems, updated_gems)
112
+ Dir["#{cache_path}/*.gem"].each do |path|
113
+ next if pre_existing_gems.include?(path)
114
+
115
+ spec = Bundler.rubygems.spec_from_gem(path)
116
+ next if updated_gems.include?(spec.name)
117
+
118
+ File.delete(path)
119
+ end
91
120
  end
92
121
 
93
122
  # Copied from Bundler::Runtime: Modified to only prune gems that have
@@ -255,10 +255,8 @@ module Dependabot
255
255
  # If the dependency is pinned to a tag that looks like a version then
256
256
  # we want to update that tag. The latest version will then be the SHA
257
257
  # of the latest tag that looks like a version.
258
- if git_commit_checker.pinned_ref_looks_like_version?
259
- latest_tag = git_commit_checker.local_tag_for_latest_version
260
- return latest_tag&.fetch(:tag_sha) || dependency.version
261
- end
258
+ latest_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
259
+ return latest_tag.fetch(:tag_sha) || dependency.version if latest_tag
262
260
 
263
261
  # If the dependency is pinned to a tag that doesn't look like a
264
262
  # version then there's nothing we can do.
@@ -280,9 +278,8 @@ module Dependabot
280
278
  # If the dependency is pinned to a tag that looks like a version then
281
279
  # we want to update that tag. The latest version will then be the SHA
282
280
  # of the latest tag that looks like a version.
283
- if git_commit_checker.pinned_ref_looks_like_version? &&
284
- latest_git_tag_is_resolvable?
285
- new_tag = git_commit_checker.local_tag_for_latest_version
281
+ if latest_git_tag_is_resolvable?
282
+ new_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
286
283
  return new_tag&.fetch(:tag_sha)
287
284
  end
288
285
 
@@ -317,7 +314,7 @@ module Dependabot
317
314
 
318
315
  sig { returns(T::Boolean) }
319
316
  def latest_git_tag_is_resolvable?
320
- latest_tag_details = git_commit_checker.local_tag_for_latest_version
317
+ latest_tag_details = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
321
318
  return false unless latest_tag_details
322
319
 
323
320
  git_tag_resolvable?(latest_tag_details.fetch(:tag))
@@ -336,9 +333,8 @@ module Dependabot
336
333
  return dependency_source_details unless git_dependency?
337
334
 
338
335
  # Update the git tag if updating a pinned version
339
- if git_commit_checker.pinned_ref_looks_like_version? &&
340
- latest_git_tag_is_resolvable?
341
- new_tag = git_commit_checker.local_tag_for_latest_version
336
+ if latest_git_tag_is_resolvable?
337
+ new_tag = git_commit_checker.local_tag_for_pinned_version_ref(update_cooldown)
342
338
  return T.must(dependency_source_details).merge(ref: T.must(new_tag).fetch(:tag))
343
339
  end
344
340
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.384.0
4
+ version: 0.385.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.384.0
18
+ version: 0.385.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.384.0
25
+ version: 0.385.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: parallel
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -351,7 +351,7 @@ licenses:
351
351
  - MIT
352
352
  metadata:
353
353
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
354
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.384.0
354
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.385.0
355
355
  rdoc_options: []
356
356
  require_paths:
357
357
  - lib