RubyGems - dependabot-bundler - Versions diffs - 0.95.5 → 0.95.6 - Mend

dependabot-bundler 0.95.5 → 0.95.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

data/lib/dependabot/bundler/update_checker.rb DELETED Viewed

@@ -1,334 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/update_checkers"
-require "dependabot/update_checkers/base"
-require "dependabot/bundler/file_updater/requirement_replacer"
-require "dependabot/bundler/version"
-require "dependabot/git_commit_checker"
-module Dependabot
-  module Bundler
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      require_relative "update_checker/force_updater"
-      require_relative "update_checker/file_preparer"
-      require_relative "update_checker/requirements_updater"
-      require_relative "update_checker/version_resolver"
-      require_relative "update_checker/latest_version_finder"
-      def latest_version
-        return latest_version_for_git_dependency if git_dependency?
-        latest_version_details&.fetch(:version)
-      end
-      def latest_resolvable_version
-        return latest_resolvable_version_for_git_dependency if git_dependency?
-        latest_resolvable_version_details&.fetch(:version)
-      end
-      def latest_resolvable_version_with_no_unlock
-        current_ver = dependency.version
-        return current_ver if git_dependency? && git_commit_checker.pinned?
-        @latest_resolvable_version_detail_with_no_unlock ||=
-          version_resolver(
-            remove_git_source: false,
-            unlock_requirement: false
-          ).latest_resolvable_version_details
-        if git_dependency?
-          @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
-        else
-          @latest_resolvable_version_detail_with_no_unlock&.fetch(:version)
-        end
-      end
-      def updated_requirements
-        RequirementsUpdater.new(
-          requirements: dependency.requirements,
-          update_strategy: requirements_update_strategy,
-          updated_source: updated_source,
-          latest_version: latest_version_details&.fetch(:version)&.to_s,
-          latest_resolvable_version:
-            latest_resolvable_version_details&.fetch(:version)&.to_s
-        ).updated_requirements
-      end
-      def requirements_unlocked_or_can_be?
-        dependency.requirements.
-          reject { |r| r[:requirement].nil? }.
-          all? do |req|
-            requirement = requirement_class.new(req[:requirement])
-            next true if requirement.satisfied_by?(Gem::Version.new("100000"))
-            file = dependency_files.find { |f| f.name == req.fetch(:file) }
-            updated = FileUpdater::RequirementReplacer.new(
-              dependency: dependency,
-              file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
-              updated_requirement: "whatever"
-            ).rewrite(file.content)
-            updated != file.content
-          end
-      end
-      def requirements_update_strategy
-        # If passed in as an option (in the base class) honour that option
-        if @requirements_update_strategy
-          return @requirements_update_strategy.to_sym
-        end
-        # Otherwise, widen ranges for libraries and bump versions for apps
-        dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
-      end
-      private
-      def latest_version_resolvable_with_full_unlock?
-        return false unless latest_version
-        updated_dependencies = force_updater.updated_dependencies
-        updated_dependencies.none? do |dep|
-          old_version = dep.previous_version
-          next unless Gem::Version.correct?(old_version)
-          next if Gem::Version.new(old_version).prerelease?
-          Gem::Version.new(dep.version).prerelease?
-        end
-      rescue Dependabot::DependencyFileNotResolvable
-        false
-      end
-      def updated_dependencies_after_full_unlock
-        force_updater.updated_dependencies
-      end
-      def git_dependency?
-        git_commit_checker.git_dependency?
-      end
-      def latest_version_details(remove_git_source: false)
-        @latest_version_details ||= {}
-        @latest_version_details[remove_git_source] ||=
-          latest_version_finder(remove_git_source: remove_git_source).
-          latest_version_details
-      end
-      def latest_resolvable_version_details(remove_git_source: false)
-        @latest_resolvable_version_details ||= {}
-        @latest_resolvable_version_details[remove_git_source] ||=
-          version_resolver(remove_git_source: remove_git_source).
-          latest_resolvable_version_details
-      end
-      def latest_version_for_git_dependency
-        latest_release =
-          latest_version_details(remove_git_source: true)&.
-          fetch(:version)
-        # If there's been a release that includes the current pinned ref or
-        # that the current branch is behind, we switch to that release.
-        return latest_release if git_branch_or_ref_in_release?(latest_release)
-        # Otherwise, if the gem isn't pinned, the latest version is just the
-        # latest commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
-        # If the dependency is pinned to a tag that looks like a version then
-        # we want to update that tag. The latest version will then be the SHA
-        # of the latest tag that looks like a version.
-        if git_commit_checker.pinned_ref_looks_like_version?
-          latest_tag = git_commit_checker.local_tag_for_latest_version
-          return latest_tag&.fetch(:tag_sha) || dependency.version
-        end
-        # If the dependency is pinned to a tag that doesn't look like a
-        # version then there's nothing we can do.
-        dependency.version
-      end
-      def latest_resolvable_version_for_git_dependency
-        latest_release = latest_resolvable_version_without_git_source
-        # If there's a resolvable release that includes the current pinned
-        # ref or that the current branch is behind, we switch to that release.
-        return latest_release if git_branch_or_ref_in_release?(latest_release)
-        # Otherwise, if the gem isn't pinned, the latest version is just the
-        # latest commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return latest_resolvable_commit_with_unchanged_git_source
-        end
-        # If the dependency is pinned to a tag that looks like a version then
-        # we want to update that tag. The latest version will then be the SHA
-        # of the latest tag that looks like a version.
-        if git_commit_checker.pinned_ref_looks_like_version? &&
-           latest_git_tag_is_resolvable?
-          new_tag = git_commit_checker.local_tag_for_latest_version
-          return new_tag.fetch(:tag_sha)
-        end
-        # If the dependency is pinned to a tag that doesn't look like a
-        # version then there's nothing we can do.
-        dependency.version
-      end
-      def latest_resolvable_version_without_git_source
-        return nil unless latest_version.is_a?(Gem::Version)
-        latest_resolvable_version_details(remove_git_source: true)&.
-        fetch(:version)
-      rescue Dependabot::DependencyFileNotResolvable
-        nil
-      end
-      def latest_resolvable_commit_with_unchanged_git_source
-        details = latest_resolvable_version_details(remove_git_source: false)
-        # If this dependency has a git version in the Gemfile.lock but not in
-        # the Gemfile (i.e., because they're out-of-sync) we might not get a
-        # commit_sha back from Bundler. In that case, return `nil`.
-        return unless details.key?(:commit_sha)
-        details.fetch(:commit_sha)
-      rescue Dependabot::DependencyFileNotResolvable
-        nil
-      end
-      def latest_git_tag_is_resolvable?
-        return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked
-        @latest_git_tag_is_resolvable_checked = true
-        return false if git_commit_checker.local_tag_for_latest_version.nil?
-        replacement_tag = git_commit_checker.local_tag_for_latest_version
-        VersionResolver.new(
-          dependency: dependency,
-          unprepared_dependency_files: dependency_files,
-          credentials: credentials,
-          ignored_versions: ignored_versions,
-          replacement_git_pin: replacement_tag.fetch(:tag)
-        ).latest_resolvable_version_details
-        @git_tag_resolvable = true
-      rescue Dependabot::DependencyFileNotResolvable
-        @git_tag_resolvable = false
-      end
-      def git_branch_or_ref_in_release?(release)
-        return false unless release
-        git_commit_checker.branch_or_ref_in_release?(release)
-      end
-      def updated_source
-        # Never need to update source, unless a git_dependency
-        return dependency_source_details unless git_dependency?
-        # Source becomes `nil` if switching to default rubygems
-        return nil if should_switch_source_from_git_to_rubygems?
-        # Update the git tag if updating a pinned version
-        if git_commit_checker.pinned_ref_looks_like_version? &&
-           latest_git_tag_is_resolvable?
-          new_tag = git_commit_checker.local_tag_for_latest_version
-          return dependency_source_details.merge(ref: new_tag.fetch(:tag))
-        end
-        # Otherwise return the original source
-        dependency_source_details
-      end
-      def dependency_source_details
-        sources =
-          dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-        raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-        sources.first
-      end
-      def should_switch_source_from_git_to_rubygems?
-        return false unless git_dependency?
-        return false if latest_resolvable_version_for_git_dependency.nil?
-        Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
-      end
-      def force_updater
-        @force_updater ||=
-          ForceUpdater.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            credentials: credentials,
-            target_version: latest_version,
-            requirements_update_strategy: requirements_update_strategy
-          )
-      end
-      def git_commit_checker
-        @git_commit_checker ||=
-          GitCommitChecker.new(
-            dependency: dependency,
-            credentials: credentials
-          )
-      end
-      def version_resolver(remove_git_source:, unlock_requirement: true)
-        @version_resolver ||= {}
-        @version_resolver[remove_git_source] ||= {}
-        @version_resolver[remove_git_source][unlock_requirement] ||=
-          begin
-            VersionResolver.new(
-              dependency: dependency,
-              unprepared_dependency_files: dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions,
-              remove_git_source: remove_git_source,
-              unlock_requirement: unlock_requirement,
-              latest_allowable_version: latest_version
-            )
-          end
-      end
-      def latest_version_finder(remove_git_source:)
-        @latest_version_finder ||= {}
-        @latest_version_finder[remove_git_source] ||=
-          begin
-            prepared_dependency_files = prepared_dependency_files(
-              remove_git_source: remove_git_source,
-              unlock_requirement: true
-            )
-            LatestVersionFinder.new(
-              dependency: dependency,
-              dependency_files: prepared_dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions
-            )
-          end
-      end
-      def prepared_dependency_files(remove_git_source:, unlock_requirement:,
-                                    latest_allowable_version: nil)
-        FilePreparer.new(
-          dependency: dependency,
-          dependency_files: dependency_files,
-          remove_git_source: remove_git_source,
-          unlock_requirement: unlock_requirement,
-          latest_allowable_version: latest_allowable_version
-        ).prepared_dependency_files
-      end
-    end
-  end
-end
-Dependabot::UpdateCheckers.
-  register("bundler", Dependabot::Bundler::UpdateChecker)

data/lib/dependabot/bundler/update_checker/file_preparer.rb DELETED Viewed

@@ -1,279 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/dependency_file"
-require "dependabot/bundler/update_checker"
-require "dependabot/bundler/file_updater/gemspec_sanitizer"
-require "dependabot/bundler/file_updater/git_pin_replacer"
-require "dependabot/bundler/file_updater/git_source_remover"
-require "dependabot/bundler/file_updater/requirement_replacer"
-require "dependabot/bundler/file_updater/gemspec_dependency_name_finder"
-require "dependabot/bundler/file_updater/lockfile_updater"
-require "dependabot/bundler/update_checker/ruby_requirement_setter"
-module Dependabot
-  module Bundler
-    class UpdateChecker
-      # This class takes a set of dependency files and sanitizes them for use
-      # in UpdateCheckers::Ruby::Bundler. In particular, it:
-      # - Removes any version requirement on the dependency being updated
-      #   (in the Gemfile)
-      # - Sanitizes any provided gemspecs to remove file imports etc. (since
-      #   Dependabot doesn't pull down the entire repo). This process is
-      #   imperfect - an alternative would be to clone the repo
-      # - Sets the ruby version in the Gemfile to be the lowest possible
-      #   version allowed by the gemspec, if the gemspec has a required ruby
-      #   version range
-      class FilePreparer
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
-        # Can't be a constant because some of these don't exist in bundler
-        # 1.15, which Heroku uses, which causes an exception on boot.
-        def gemspec_sources
-          [
-            ::Bundler::Source::Path,
-            ::Bundler::Source::Gemspec
-          ]
-        end
-        def initialize(dependency_files:, dependency:,
-                       remove_git_source: false,
-                       unlock_requirement: true,
-                       replacement_git_pin: nil,
-                       latest_allowable_version: nil,
-                       lock_ruby_version: true)
-          @dependency_files         = dependency_files
-          @dependency               = dependency
-          @remove_git_source        = remove_git_source
-          @unlock_requirement       = unlock_requirement
-          @replacement_git_pin      = replacement_git_pin
-          @latest_allowable_version = latest_allowable_version
-          @lock_ruby_version        = lock_ruby_version
-        end
-        # rubocop:disable Metrics/AbcSize
-        # rubocop:disable Metrics/MethodLength
-        def prepared_dependency_files
-          files = []
-          if gemfile
-            files << DependencyFile.new(
-              name: gemfile.name,
-              content: gemfile_content_for_update_check(gemfile),
-              directory: gemfile.directory
-            )
-          end
-          top_level_gemspecs.each do |gemspec|
-            files << DependencyFile.new(
-              name: gemspec.name,
-              content: gemspec_content_for_update_check(gemspec),
-              directory: gemspec.directory
-            )
-          end
-          path_gemspecs.each do |file|
-            files << DependencyFile.new(
-              name: file.name,
-              content: sanitize_gemspec_content(file.content),
-              directory: file.directory,
-              support_file: file.support_file?
-            )
-          end
-          evaled_gemfiles.each do |file|
-            files << DependencyFile.new(
-              name: file.name,
-              content: gemfile_content_for_update_check(file),
-              directory: file.directory
-            )
-          end
-          # No editing required for lockfile or Ruby version file
-          files += [lockfile, ruby_version_file, *imported_ruby_files].compact
-        end
-        # rubocop:enable Metrics/AbcSize
-        # rubocop:enable Metrics/MethodLength
-        private
-        attr_reader :dependency_files, :dependency, :replacement_git_pin,
-                    :latest_allowable_version
-        def remove_git_source?
-          @remove_git_source
-        end
-        def unlock_requirement?
-          @unlock_requirement
-        end
-        def replace_git_pin?
-          !replacement_git_pin.nil?
-        end
-        def gemfile
-          dependency_files.find { |f| f.name == "Gemfile" } ||
-            dependency_files.find { |f| f.name == "gems.rb" }
-        end
-        def evaled_gemfiles
-          dependency_files.
-            reject { |f| f.name.end_with?(".gemspec") }.
-            reject { |f| f.name.end_with?(".lock") }.
-            reject { |f| f.name.end_with?(".ruby-version") }.
-            reject { |f| f.name == "Gemfile" }.
-            reject { |f| f.name == "gems.rb" }.
-            reject { |f| f.name == "gems.locked" }
-        end
-        def lockfile
-          dependency_files.find { |f| f.name == "Gemfile.lock" } ||
-            dependency_files.find { |f| f.name == "gems.locked" }
-        end
-        def top_level_gemspecs
-          dependency_files.
-            select { |f| f.name.end_with?(".gemspec") }.
-            reject(&:support_file?)
-        end
-        def ruby_version_file
-          dependency_files.find { |f| f.name == ".ruby-version" }
-        end
-        def path_gemspecs
-          all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
-          all - top_level_gemspecs
-        end
-        def imported_ruby_files
-          dependency_files.
-            select { |f| f.name.end_with?(".rb") }.
-            reject { |f| f.name == "gems.rb" }
-        end
-        def gemfile_content_for_update_check(file)
-          content = file.content
-          content = replace_gemfile_constraint(content, file.name)
-          content = remove_git_source(content) if remove_git_source?
-          content = replace_git_pin(content) if replace_git_pin?
-          content = lock_ruby_version(content) if lock_ruby_version?(file)
-          content
-        end
-        def gemspec_content_for_update_check(gemspec)
-          content = gemspec.content
-          content = replace_gemspec_constraint(content, gemspec.name)
-          sanitize_gemspec_content(content)
-        end
-        def replace_gemfile_constraint(content, filename)
-          FileUpdater::RequirementReplacer.new(
-            dependency: dependency,
-            file_type: :gemfile,
-            updated_requirement: updated_version_requirement_string(filename),
-            insert_if_bare: true
-          ).rewrite(content)
-        end
-        def replace_gemspec_constraint(content, filename)
-          FileUpdater::RequirementReplacer.new(
-            dependency: dependency,
-            file_type: :gemspec,
-            updated_requirement: updated_version_requirement_string(filename),
-            insert_if_bare: true
-          ).rewrite(content)
-        end
-        def sanitize_gemspec_content(gemspec_content)
-          new_version = replacement_version_for_gemspec(gemspec_content)
-          FileUpdater::GemspecSanitizer.
-            new(replacement_version: new_version).
-            rewrite(gemspec_content)
-        end
-        def updated_version_requirement_string(filename)
-          lower_bound_req = updated_version_req_lower_bound(filename)
-          return lower_bound_req if latest_allowable_version.nil?
-          unless Gem::Version.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
-          lower_bound_req + ", <= #{latest_allowable_version}"
-        end
-        def updated_version_req_lower_bound(filename)
-          original_req = dependency.requirements.
-                         find { |r| r.fetch(:file) == filename }&.
-                         fetch(:requirement)
-          if original_req && !unlock_requirement? then original_req
-          elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
-          elsif dependency.version then ">= #{dependency.version}"
-          else
-            version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
-            ">= #{version_for_requirement || 0}"
-          end
-        end
-        def remove_git_source(content)
-          FileUpdater::GitSourceRemover.new(
-            dependency: dependency
-          ).rewrite(content)
-        end
-        def replace_git_pin(content)
-          FileUpdater::GitPinReplacer.new(
-            dependency: dependency,
-            new_pin: replacement_git_pin
-          ).rewrite(content)
-        end
-        def lock_ruby_version(gemfile_content)
-          top_level_gemspecs.each do |gs|
-            gemfile_content =
-              RubyRequirementSetter.new(gemspec: gs).rewrite(gemfile_content)
-          end
-          gemfile_content
-        end
-        def lock_ruby_version?(file)
-          @lock_ruby_version && file == gemfile
-        end
-        def replacement_version_for_gemspec(gemspec_content)
-          return "0.0.1" unless lockfile
-          gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs.
-            select { |s| gemspec_sources.include?(s.source.class) }
-          gem_name =
-            FileUpdater::GemspecDependencyNameFinder.
-            new(gemspec_content: gemspec_content).
-            dependency_name
-          return gemspec_specs.first&.version || "0.0.1" unless gem_name
-          spec = gemspec_specs.find { |s| s.name == gem_name }
-          spec&.version || gemspec_specs.first&.version || "0.0.1"
-        end
-        def sanitized_lockfile_content
-          re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
-          lockfile.content.gsub(re, "")
-        end
-      end
-    end
-  end
-end