dependabot-bundler 0.95.5 → 0.95.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. metadata +4 -38
  3. data/helpers/Makefile +0 -9
  4. data/helpers/build +0 -26
  5. data/lib/dependabot/bundler.rb +0 -27
  6. data/lib/dependabot/bundler/file_fetcher.rb +0 -216
  7. data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +0 -68
  8. data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +0 -96
  9. data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +0 -112
  10. data/lib/dependabot/bundler/file_fetcher/require_relative_finder.rb +0 -65
  11. data/lib/dependabot/bundler/file_parser.rb +0 -297
  12. data/lib/dependabot/bundler/file_parser/file_preparer.rb +0 -84
  13. data/lib/dependabot/bundler/file_parser/gemfile_checker.rb +0 -46
  14. data/lib/dependabot/bundler/file_updater.rb +0 -125
  15. data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +0 -114
  16. data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +0 -50
  17. data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +0 -298
  18. data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +0 -62
  19. data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +0 -78
  20. data/lib/dependabot/bundler/file_updater/git_source_remover.rb +0 -100
  21. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +0 -387
  22. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +0 -221
  23. data/lib/dependabot/bundler/metadata_finder.rb +0 -204
  24. data/lib/dependabot/bundler/requirement.rb +0 -29
  25. data/lib/dependabot/bundler/update_checker.rb +0 -334
  26. data/lib/dependabot/bundler/update_checker/file_preparer.rb +0 -279
  27. data/lib/dependabot/bundler/update_checker/force_updater.rb +0 -259
  28. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +0 -165
  29. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +0 -281
  30. data/lib/dependabot/bundler/update_checker/ruby_requirement_setter.rb +0 -113
  31. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +0 -244
  32. data/lib/dependabot/bundler/update_checker/version_resolver.rb +0 -272
  33. data/lib/dependabot/bundler/version.rb +0 -13
  34. data/lib/dependabot/monkey_patches/bundler/definition_bundler_version_patch.rb +0 -15
  35. data/lib/dependabot/monkey_patches/bundler/definition_ruby_version_patch.rb +0 -14
  36. data/lib/dependabot/monkey_patches/bundler/git_source_patch.rb +0 -27
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4f9e1ea4bdd44c85509a4528e5e7c9505f878d160417b19318289dba7ff3e265
4
- data.tar.gz: 629019a0bb4caa43cebea73416c3c3b18100900b85a594a913d13f230a582223
3
+ metadata.gz: 6f9e379564416aff2841e1bccf1b420dd167eb77fb5647b3a1741d49a8d53a67
4
+ data.tar.gz: 3dbbaae582caf3e6380842c6b4f893002eb5062819cd249c3a24e22dc5749b51
5
5
  SHA512:
6
- metadata.gz: c50492df52a2afed07fcf87b58ea08f7ff19ffe040192cd7d64c4fc9406f8215088205ee63b872c59cf90b7206374442e5e9e362d2190633b94e98223ed84534
7
- data.tar.gz: 7407105ceb6974f50db64029f81bcc5769fdc50651599db73ee667c2edd789e4ef730909ee629d8b49908226e6c972b9516450ff506ba7671345ee9a9e426a16
6
+ metadata.gz: d5881f87654a931b002b2db3a1a128f43fd2f378acbaff69e77710cb81ed9133b5711bc98ee2bc27c2e56feb3eb71b3dc16e2b4fdd269c41c977734239522e95
7
+ data.tar.gz: eb4c477200b043f59e4de9c6e468d71be947468ac7cf980d62c3828c1a528e1f25f4559c1f6fdf153fdf04208fe0c855c0cad5ed664d388b7eef3dcdaba3a9b0
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.95.5
4
+ version: 0.95.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.95.5
19
+ version: 0.95.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.95.5
26
+ version: 0.95.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -142,41 +142,7 @@ email: support@dependabot.com
142
142
  executables: []
143
143
  extensions: []
144
144
  extra_rdoc_files: []
145
- files:
146
- - helpers/Makefile
147
- - helpers/build
148
- - lib/dependabot/bundler.rb
149
- - lib/dependabot/bundler/file_fetcher.rb
150
- - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
151
- - lib/dependabot/bundler/file_fetcher/gemspec_finder.rb
152
- - lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb
153
- - lib/dependabot/bundler/file_fetcher/require_relative_finder.rb
154
- - lib/dependabot/bundler/file_parser.rb
155
- - lib/dependabot/bundler/file_parser/file_preparer.rb
156
- - lib/dependabot/bundler/file_parser/gemfile_checker.rb
157
- - lib/dependabot/bundler/file_updater.rb
158
- - lib/dependabot/bundler/file_updater/gemfile_updater.rb
159
- - lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb
160
- - lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb
161
- - lib/dependabot/bundler/file_updater/gemspec_updater.rb
162
- - lib/dependabot/bundler/file_updater/git_pin_replacer.rb
163
- - lib/dependabot/bundler/file_updater/git_source_remover.rb
164
- - lib/dependabot/bundler/file_updater/lockfile_updater.rb
165
- - lib/dependabot/bundler/file_updater/requirement_replacer.rb
166
- - lib/dependabot/bundler/metadata_finder.rb
167
- - lib/dependabot/bundler/requirement.rb
168
- - lib/dependabot/bundler/update_checker.rb
169
- - lib/dependabot/bundler/update_checker/file_preparer.rb
170
- - lib/dependabot/bundler/update_checker/force_updater.rb
171
- - lib/dependabot/bundler/update_checker/latest_version_finder.rb
172
- - lib/dependabot/bundler/update_checker/requirements_updater.rb
173
- - lib/dependabot/bundler/update_checker/ruby_requirement_setter.rb
174
- - lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb
175
- - lib/dependabot/bundler/update_checker/version_resolver.rb
176
- - lib/dependabot/bundler/version.rb
177
- - lib/dependabot/monkey_patches/bundler/definition_bundler_version_patch.rb
178
- - lib/dependabot/monkey_patches/bundler/definition_ruby_version_patch.rb
179
- - lib/dependabot/monkey_patches/bundler/git_source_patch.rb
145
+ files: []
180
146
  homepage: https://github.com/dependabot/dependabot-core
181
147
  licenses:
182
148
  - Nonstandard
data/helpers/Makefile DELETED
@@ -1,9 +0,0 @@
1
- .PHONY = all
2
-
3
- all: darwin linux
4
-
5
- darwin:
6
- GO111MODULE=on GOOS=darwin GOARCH=amd64 go build -o go-helpers.darwin64 .
7
-
8
- linux:
9
- GO111MODULE=on GOOS=linux GOARCH=amd64 go build -o go-helpers.linux64 .
data/helpers/build DELETED
@@ -1,26 +0,0 @@
1
- #!/bin/bash
2
-
3
- set -e
4
-
5
- install_dir=$1
6
- if [ -z "$install_dir" ]; then
7
- echo "usage: $0 INSTALL_DIR"
8
- exit 1
9
- fi
10
-
11
- if ! [[ "$install_dir" =~ ^/ ]]; then
12
- echo "$install_dir must be an absolute path"
13
- exit 1
14
- fi
15
-
16
- if [ ! -d "$install_dir/bin" ]; then
17
- mkdir -p "$install_dir/bin"
18
- fi
19
-
20
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
21
- cd $helpers_dir
22
-
23
- os="$(uname -s | tr '[:upper:]' '[:lower:]')"
24
- echo "building $install_dir/bin/helper"
25
-
26
- GO111MODULE=on GOOS="$os" GOARCH=amd64 go build -o "$install_dir/bin/helper" .
data/lib/dependabot/bundler.rb DELETED
@@ -1,27 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # These all need to be required so the various classes can be registered in a
4
- # lookup table of package manager names to concrete classes.
5
- require "dependabot/bundler/file_fetcher"
6
- require "dependabot/bundler/file_parser"
7
- require "dependabot/bundler/update_checker"
8
- require "dependabot/bundler/file_updater"
9
- require "dependabot/bundler/metadata_finder"
10
- require "dependabot/bundler/requirement"
11
- require "dependabot/bundler/version"
12
-
13
- require "dependabot/pull_request_creator/labeler"
14
- Dependabot::PullRequestCreator::Labeler.
15
- register_label_details("bundler", name: "ruby", colour: "ce2d2d")
16
-
17
- require "dependabot/dependency"
18
- Dependabot::Dependency.register_production_check(
19
- "bundler",
20
- lambda do |groups|
21
- return true if groups.empty?
22
- return true if groups.include?("runtime")
23
- return true if groups.include?("default")
24
-
25
- groups.any? { |g| g.include?("prod") }
26
- end
27
- )
data/lib/dependabot/bundler/file_fetcher.rb DELETED
@@ -1,216 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_fetchers"
4
- require "dependabot/file_fetchers/base"
5
- require "dependabot/bundler/file_updater/lockfile_updater"
6
- require "dependabot/errors"
7
-
8
- module Dependabot
9
- module Bundler
10
- class FileFetcher < Dependabot::FileFetchers::Base
11
- require "dependabot/bundler/file_fetcher/gemspec_finder"
12
- require "dependabot/bundler/file_fetcher/path_gemspec_finder"
13
- require "dependabot/bundler/file_fetcher/child_gemfile_finder"
14
- require "dependabot/bundler/file_fetcher/require_relative_finder"
15
-
16
- def self.required_files_in?(filenames)
17
- if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
18
- return true
19
- end
20
-
21
- filenames.include?("Gemfile") || filenames.include?("gems.rb")
22
- end
23
-
24
- def self.required_files_message
25
- "Repo must contain either a Gemfile, a gemspec, or a gems.rb."
26
- end
27
-
28
- private
29
-
30
- def fetch_files
31
- fetched_files = []
32
- fetched_files << gemfile if gemfile
33
- fetched_files << lockfile if gemfile && lockfile
34
- fetched_files += child_gemfiles
35
- fetched_files += gemspecs
36
- fetched_files << ruby_version_file if ruby_version_file
37
- fetched_files += path_gemspecs
38
- fetched_files += require_relative_files(fetched_files)
39
-
40
- fetched_files = uniq_files(fetched_files)
41
-
42
- check_required_files_present
43
-
44
- unless self.class.required_files_in?(fetched_files.map(&:name))
45
- raise "Invalid set of files: #{fetched_files.map(&:name)}"
46
- end
47
-
48
- fetched_files
49
- end
50
-
51
- def uniq_files(fetched_files)
52
- uniq_files = fetched_files.reject(&:support_file?).uniq
53
- uniq_files += fetched_files.
54
- reject { |f| uniq_files.map(&:name).include?(f.name) }
55
- end
56
-
57
- def check_required_files_present
58
- return if gemfile || gemspecs.any?
59
-
60
- path = Pathname.new(File.join(directory, "Gemfile")).
61
- cleanpath.to_path
62
- raise Dependabot::DependencyFileNotFound, path
63
- end
64
-
65
- def gemfile
66
- @gemfile ||= fetch_file_if_present("gems.rb") ||
67
- fetch_file_if_present("Gemfile")
68
- end
69
-
70
- def lockfile
71
- @lockfile ||= fetch_file_if_present("gems.locked") ||
72
- fetch_file_if_present("Gemfile.lock")
73
- end
74
-
75
- def gemspecs
76
- return @gemspecs if defined?(@gemspecs)
77
-
78
- gemspecs_paths =
79
- gemspec_directories.
80
- flat_map do |d|
81
- repo_contents(dir: d).
82
- select { |f| f.name.end_with?(".gemspec") }.
83
- map { |f| File.join(d, f.name) }
84
- end
85
-
86
- @gemspecs = gemspecs_paths.map { |n| fetch_file_from_host(n) }
87
- rescue Octokit::NotFound
88
- []
89
- end
90
-
91
- def gemspec_directories
92
- gemfiles = ([gemfile] + child_gemfiles).compact
93
- directories =
94
- gemfiles.flat_map do |file|
95
- GemspecFinder.new(gemfile: file).gemspec_directories
96
- end.uniq
97
-
98
- directories.empty? ? ["."] : directories
99
- end
100
-
101
- def ruby_version_file
102
- return unless gemfile
103
- return unless gemfile.content.include?(".ruby-version")
104
-
105
- @ruby_version_file ||=
106
- fetch_file_if_present(".ruby-version")&.
107
- tap { |f| f.support_file = true }
108
- end
109
-
110
- def path_gemspecs
111
- gemspec_files = []
112
- unfetchable_gems = []
113
-
114
- path_gemspec_paths.each do |path|
115
- # Get any gemspecs at the path itself
116
- gemspecs_at_path = fetch_gemspecs_from_directory(path)
117
-
118
- # Get any gemspecs nested one level deeper
119
- nested_directories =
120
- repo_contents(dir: path).
121
- select { |f| f.type == "dir" }
122
-
123
- nested_directories.each do |dir|
124
- dir_path = File.join(path, dir.name)
125
- gemspecs_at_path += fetch_gemspecs_from_directory(dir_path)
126
- end
127
-
128
- # Add the fetched gemspecs to the main array, and note an error if
129
- # none were found for this path
130
- gemspec_files += gemspecs_at_path
131
- unfetchable_gems << path.basename.to_s if gemspecs_at_path.empty?
132
- rescue Octokit::NotFound, Gitlab::Error::NotFound
133
- unfetchable_gems << path.basename.to_s
134
- end
135
-
136
- if unfetchable_gems.any?
137
- raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
138
- end
139
-
140
- gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
141
- end
142
-
143
- def path_gemspec_paths
144
- fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
145
- end
146
-
147
- def require_relative_files(files)
148
- ruby_files =
149
- files.select { |f| f.name.end_with?(".rb", "Gemfile", ".gemspec") }
150
-
151
- paths = ruby_files.flat_map do |file|
152
- RequireRelativeFinder.new(file: file).require_relative_paths
153
- end
154
-
155
- @require_relative_files ||=
156
- paths.map { |path| fetch_file_from_host(path) }.
157
- tap { |req_files| req_files.each { |f| f.support_file = true } }
158
- end
159
-
160
- def fetch_gemspecs_from_directory(dir_path)
161
- repo_contents(dir: dir_path, fetch_submodules: true).
162
- select { |f| f.name.end_with?(".gemspec") }.
163
- map { |f| File.join(dir_path, f.name) }.
164
- map { |fp| fetch_file_from_host(fp, fetch_submodules: true) }
165
- end
166
-
167
- def fetch_path_gemspec_paths
168
- if lockfile
169
- parsed_lockfile = ::Bundler::LockfileParser.new(
170
- sanitized_lockfile_content
171
- )
172
- parsed_lockfile.specs.
173
- select { |s| s.source.instance_of?(::Bundler::Source::Path) }.
174
- map { |s| s.source.path }.uniq
175
- else
176
- gemfiles = ([gemfile] + child_gemfiles).compact
177
- gemfiles.flat_map do |file|
178
- PathGemspecFinder.new(gemfile: file).path_gemspec_paths
179
- end.uniq
180
- end
181
- rescue ::Bundler::LockfileError
182
- raise Dependabot::DependencyFileNotParseable, lockfile.path
183
- end
184
-
185
- def child_gemfiles
186
- return [] unless gemfile
187
-
188
- @child_gemfiles ||=
189
- fetch_child_gemfiles(file: gemfile, previously_fetched_files: [])
190
- end
191
-
192
- def sanitized_lockfile_content
193
- regex = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
194
- lockfile.content.gsub(regex, "")
195
- end
196
-
197
- def fetch_child_gemfiles(file:, previously_fetched_files:)
198
- paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths
199
-
200
- paths.flat_map do |path|
201
- next if previously_fetched_files.map(&:name).include?(path)
202
- next if file.name == path
203
-
204
- fetched_file = fetch_file_from_host(path)
205
- grandchild_gemfiles = fetch_child_gemfiles(
206
- file: fetched_file,
207
- previously_fetched_files: previously_fetched_files + [file]
208
- )
209
- [fetched_file, *grandchild_gemfiles]
210
- end.compact
211
- end
212
- end
213
- end
214
- end
215
-
216
- Dependabot::FileFetchers.register("bundler", Dependabot::Bundler::FileFetcher)
data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb DELETED
@@ -1,68 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "pathname"
4
- require "parser/current"
5
- require "dependabot/bundler/file_fetcher"
6
- require "dependabot/errors"
7
-
8
- module Dependabot
9
- module Bundler
10
- class FileFetcher
11
- # Finds the paths of any Gemfiles declared using `eval_gemfile` in the
12
- # passed Gemfile.
13
- class ChildGemfileFinder
14
- def initialize(gemfile:)
15
- @gemfile = gemfile
16
- end
17
-
18
- def child_gemfile_paths
19
- ast = Parser::CurrentRuby.parse(gemfile.content)
20
- find_child_gemfile_paths(ast)
21
- rescue Parser::SyntaxError
22
- raise Dependabot::DependencyFileNotParseable, gemfile.path
23
- end
24
-
25
- private
26
-
27
- attr_reader :gemfile
28
-
29
- # rubocop:disable Security/Eval
30
- def find_child_gemfile_paths(node)
31
- return [] unless node.is_a?(Parser::AST::Node)
32
-
33
- if declares_eval_gemfile?(node)
34
- # We use eval here, but we know what we're doing. The FileFetchers
35
- # helper method should only ever be run in an isolated environment
36
- source = node.children[2].loc.expression.source
37
- begin
38
- path = eval(source)
39
- rescue StandardError
40
- return []
41
- end
42
- if Pathname.new(path).absolute?
43
- base_path = Pathname.new(File.expand_path(Dir.pwd))
44
- path = Pathname.new(path).relative_path_from(base_path).to_s
45
- end
46
- path = File.join(current_dir, path) unless current_dir.nil?
47
- return [Pathname.new(path).cleanpath.to_path]
48
- end
49
-
50
- node.children.flat_map do |child_node|
51
- find_child_gemfile_paths(child_node)
52
- end
53
- end
54
- # rubocop:enable Security/Eval
55
-
56
- def current_dir
57
- @current_dir ||= gemfile.name.split("/")[0..-2].last
58
- end
59
-
60
- def declares_eval_gemfile?(node)
61
- return false unless node.is_a?(Parser::AST::Node)
62
-
63
- node.children[1] == :eval_gemfile
64
- end
65
- end
66
- end
67
- end
68
- end
data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb DELETED
@@ -1,96 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "pathname"
4
- require "parser/current"
5
- require "dependabot/bundler/file_fetcher"
6
- require "dependabot/errors"
7
-
8
- module Dependabot
9
- module Bundler
10
- class FileFetcher
11
- # Finds the directories of any gemspecs declared using `gemspec` in the
12
- # passed Gemfile.
13
- class GemspecFinder
14
- def initialize(gemfile:)
15
- @gemfile = gemfile
16
- end
17
-
18
- def gemspec_directories
19
- ast = Parser::CurrentRuby.parse(gemfile.content)
20
- find_gemspec_paths(ast)
21
- rescue Parser::SyntaxError
22
- raise Dependabot::DependencyFileNotParseable, gemfile.path
23
- end
24
-
25
- private
26
-
27
- attr_reader :gemfile
28
-
29
- # rubocop:disable Security/Eval
30
- def find_gemspec_paths(node)
31
- return [] unless node.is_a?(Parser::AST::Node)
32
-
33
- if declares_gemspec_dependency?(node)
34
- path_node = path_node_for_gem_declaration(node)
35
- return [clean_path(".")] unless path_node
36
-
37
- begin
38
- # We use eval here, but we know what we're doing. The
39
- # FileFetchers helper method should only ever be run in an
40
- # isolated environment
41
- path = eval(path_node.loc.expression.source)
42
- rescue StandardError
43
- return []
44
- end
45
- return [clean_path(path)]
46
- end
47
-
48
- node.children.flat_map do |child_node|
49
- find_gemspec_paths(child_node)
50
- end
51
- end
52
- # rubocop:enable Security/Eval
53
-
54
- def current_dir
55
- @current_dir ||= gemfile.name.rpartition("/").first
56
- @current_dir = nil if @current_dir == ""
57
- @current_dir
58
- end
59
-
60
- def declares_gemspec_dependency?(node)
61
- return false unless node.is_a?(Parser::AST::Node)
62
-
63
- node.children[1] == :gemspec
64
- end
65
-
66
- def clean_path(path)
67
- if Pathname.new(path).absolute?
68
- base_path = Pathname.new(File.expand_path(Dir.pwd))
69
- path = Pathname.new(path).relative_path_from(base_path).to_s
70
- end
71
- path = File.join(current_dir, path) unless current_dir.nil?
72
- Pathname.new(path).cleanpath
73
- end
74
-
75
- def path_node_for_gem_declaration(node)
76
- return unless node.children.last.is_a?(Parser::AST::Node)
77
- return unless node.children.last.type == :hash
78
-
79
- kwargs_node = node.children.last
80
-
81
- path_hash_pair =
82
- kwargs_node.children.
83
- find { |hash_pair| key_from_hash_pair(hash_pair) == :path }
84
-
85
- return unless path_hash_pair
86
-
87
- path_hash_pair.children.last
88
- end
89
-
90
- def key_from_hash_pair(node)
91
- node.children.first.children.first.to_sym
92
- end
93
- end
94
- end
95
- end
96
- end