RubyGems - dependabot-bundler - Versions diffs - 0.95.5 → 0.95.6 - Mend

dependabot-bundler 0.95.5 → 0.95.6

Files changed (36) hide show

data/lib/dependabot/bundler/update_checker.rb DELETED Viewed

@@ -1,334 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/update_checkers"
-require "dependabot/update_checkers/base"
-require "dependabot/bundler/file_updater/requirement_replacer"
-require "dependabot/bundler/version"
-require "dependabot/git_commit_checker"
-module Dependabot
-  module Bundler
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      require_relative "update_checker/force_updater"
-      require_relative "update_checker/file_preparer"
-      require_relative "update_checker/requirements_updater"
-      require_relative "update_checker/version_resolver"
-      require_relative "update_checker/latest_version_finder"
-      def latest_version
-        return latest_version_for_git_dependency if git_dependency?
-        latest_version_details&.fetch(:version)
-      end
-      def latest_resolvable_version
-        return latest_resolvable_version_for_git_dependency if git_dependency?
-        latest_resolvable_version_details&.fetch(:version)
-      end
-      def latest_resolvable_version_with_no_unlock
-        current_ver = dependency.version
-        return current_ver if git_dependency? && git_commit_checker.pinned?
-        @latest_resolvable_version_detail_with_no_unlock ||=
-          version_resolver(
-            remove_git_source: false,
-            unlock_requirement: false
-          ).latest_resolvable_version_details
-        if git_dependency?
-          @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
-        else
-          @latest_resolvable_version_detail_with_no_unlock&.fetch(:version)
-        end
-      end
-      def updated_requirements
-        RequirementsUpdater.new(
-          requirements: dependency.requirements,
-          update_strategy: requirements_update_strategy,
-          updated_source: updated_source,
-          latest_version: latest_version_details&.fetch(:version)&.to_s,
-          latest_resolvable_version:
-            latest_resolvable_version_details&.fetch(:version)&.to_s
-        ).updated_requirements
-      end
-      def requirements_unlocked_or_can_be?
-        dependency.requirements.
-          reject { |r| r[:requirement].nil? }.
-          all? do |req|
-            requirement = requirement_class.new(req[:requirement])
-            next true if requirement.satisfied_by?(Gem::Version.new("100000"))
-            file = dependency_files.find { |f| f.name == req.fetch(:file) }
-            updated = FileUpdater::RequirementReplacer.new(
-              dependency: dependency,
-              file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
-              updated_requirement: "whatever"
-            ).rewrite(file.content)
-            updated != file.content
-          end
-      end
-      def requirements_update_strategy
-        # If passed in as an option (in the base class) honour that option
-        if @requirements_update_strategy
-          return @requirements_update_strategy.to_sym
-        end
-        # Otherwise, widen ranges for libraries and bump versions for apps
-        dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
-      end
-      private
-      def latest_version_resolvable_with_full_unlock?
-        return false unless latest_version
-        updated_dependencies = force_updater.updated_dependencies
-        updated_dependencies.none? do |dep|
-          old_version = dep.previous_version
-          next unless Gem::Version.correct?(old_version)
-          next if Gem::Version.new(old_version).prerelease?
-          Gem::Version.new(dep.version).prerelease?
-        end
-      rescue Dependabot::DependencyFileNotResolvable
-        false
-      end
-      def updated_dependencies_after_full_unlock
-        force_updater.updated_dependencies
-      end
-      def git_dependency?
-        git_commit_checker.git_dependency?
-      end
-      def latest_version_details(remove_git_source: false)
-        @latest_version_details ||= {}
-        @latest_version_details[remove_git_source] ||=
-          latest_version_finder(remove_git_source: remove_git_source).
-          latest_version_details
-      end
-      def latest_resolvable_version_details(remove_git_source: false)
-        @latest_resolvable_version_details ||= {}
-        @latest_resolvable_version_details[remove_git_source] ||=
-          version_resolver(remove_git_source: remove_git_source).
-          latest_resolvable_version_details
-      end
-      def latest_version_for_git_dependency
-        latest_release =
-          latest_version_details(remove_git_source: true)&.
-          fetch(:version)
-        # If there's been a release that includes the current pinned ref or
-        # that the current branch is behind, we switch to that release.
-        return latest_release if git_branch_or_ref_in_release?(latest_release)
-        # Otherwise, if the gem isn't pinned, the latest version is just the
-        # latest commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
-        # If the dependency is pinned to a tag that looks like a version then
-        # we want to update that tag. The latest version will then be the SHA
-        # of the latest tag that looks like a version.
-        if git_commit_checker.pinned_ref_looks_like_version?
-          latest_tag = git_commit_checker.local_tag_for_latest_version
-          return latest_tag&.fetch(:tag_sha) || dependency.version
-        end
-        # If the dependency is pinned to a tag that doesn't look like a
-        # version then there's nothing we can do.
-        dependency.version
-      end
-      def latest_resolvable_version_for_git_dependency
-        latest_release = latest_resolvable_version_without_git_source
-        # If there's a resolvable release that includes the current pinned
-        # ref or that the current branch is behind, we switch to that release.
-        return latest_release if git_branch_or_ref_in_release?(latest_release)
-        # Otherwise, if the gem isn't pinned, the latest version is just the
-        # latest commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return latest_resolvable_commit_with_unchanged_git_source
-        end
-        # If the dependency is pinned to a tag that looks like a version then
-        # we want to update that tag. The latest version will then be the SHA
-        # of the latest tag that looks like a version.
-        if git_commit_checker.pinned_ref_looks_like_version? &&
-           latest_git_tag_is_resolvable?
-          new_tag = git_commit_checker.local_tag_for_latest_version
-          return new_tag.fetch(:tag_sha)
-        end
-        # If the dependency is pinned to a tag that doesn't look like a
-        # version then there's nothing we can do.
-        dependency.version
-      end
-      def latest_resolvable_version_without_git_source
-        return nil unless latest_version.is_a?(Gem::Version)
-        latest_resolvable_version_details(remove_git_source: true)&.
-        fetch(:version)
-      rescue Dependabot::DependencyFileNotResolvable
-        nil
-      end
-      def latest_resolvable_commit_with_unchanged_git_source
-        details = latest_resolvable_version_details(remove_git_source: false)
-        # If this dependency has a git version in the Gemfile.lock but not in
-        # the Gemfile (i.e., because they're out-of-sync) we might not get a
-        # commit_sha back from Bundler. In that case, return `nil`.
-        return unless details.key?(:commit_sha)
-        details.fetch(:commit_sha)
-      rescue Dependabot::DependencyFileNotResolvable
-        nil
-      end
-      def latest_git_tag_is_resolvable?
-        return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked
-        @latest_git_tag_is_resolvable_checked = true
-        return false if git_commit_checker.local_tag_for_latest_version.nil?
-        replacement_tag = git_commit_checker.local_tag_for_latest_version
-        VersionResolver.new(
-          dependency: dependency,
-          unprepared_dependency_files: dependency_files,
-          credentials: credentials,
-          ignored_versions: ignored_versions,
-          replacement_git_pin: replacement_tag.fetch(:tag)
-        ).latest_resolvable_version_details
-        @git_tag_resolvable = true
-      rescue Dependabot::DependencyFileNotResolvable
-        @git_tag_resolvable = false
-      end
-      def git_branch_or_ref_in_release?(release)
-        return false unless release
-        git_commit_checker.branch_or_ref_in_release?(release)
-      end
-      def updated_source
-        # Never need to update source, unless a git_dependency
-        return dependency_source_details unless git_dependency?
-        # Source becomes `nil` if switching to default rubygems
-        return nil if should_switch_source_from_git_to_rubygems?
-        # Update the git tag if updating a pinned version
-        if git_commit_checker.pinned_ref_looks_like_version? &&
-           latest_git_tag_is_resolvable?
-          new_tag = git_commit_checker.local_tag_for_latest_version
-          return dependency_source_details.merge(ref: new_tag.fetch(:tag))
-        end
-        # Otherwise return the original source
-        dependency_source_details
-      end
-      def dependency_source_details
-        sources =
-          dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-        raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-        sources.first
-      end
-      def should_switch_source_from_git_to_rubygems?
-        return false unless git_dependency?
-        return false if latest_resolvable_version_for_git_dependency.nil?
-        Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
-      end
-      def force_updater
-        @force_updater ||=
-          ForceUpdater.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            credentials: credentials,
-            target_version: latest_version,
-            requirements_update_strategy: requirements_update_strategy
-          )
-      end
-      def git_commit_checker
-        @git_commit_checker ||=
-          GitCommitChecker.new(
-            dependency: dependency,
-            credentials: credentials
-          )
-      end
-      def version_resolver(remove_git_source:, unlock_requirement: true)
-        @version_resolver ||= {}
-        @version_resolver[remove_git_source] ||= {}
-        @version_resolver[remove_git_source][unlock_requirement] ||=
-          begin
-            VersionResolver.new(
-              dependency: dependency,
-              unprepared_dependency_files: dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions,
-              remove_git_source: remove_git_source,
-              unlock_requirement: unlock_requirement,
-              latest_allowable_version: latest_version
-            )
-          end
-      end
-      def latest_version_finder(remove_git_source:)
-        @latest_version_finder ||= {}
-        @latest_version_finder[remove_git_source] ||=
-          begin
-            prepared_dependency_files = prepared_dependency_files(
-              remove_git_source: remove_git_source,
-              unlock_requirement: true
-            )
-            LatestVersionFinder.new(
-              dependency: dependency,
-              dependency_files: prepared_dependency_files,
-              credentials: credentials,
-              ignored_versions: ignored_versions
-            )
-          end
-      end
-      def prepared_dependency_files(remove_git_source:, unlock_requirement:,
-                                    latest_allowable_version: nil)
-        FilePreparer.new(
-          dependency: dependency,
-          dependency_files: dependency_files,
-          remove_git_source: remove_git_source,
-          unlock_requirement: unlock_requirement,
-          latest_allowable_version: latest_allowable_version
-        ).prepared_dependency_files
-      end
-    end
-  end
-end
-Dependabot::UpdateCheckers.
-  register("bundler", Dependabot::Bundler::UpdateChecker)

data/lib/dependabot/bundler/update_checker/file_preparer.rb DELETED Viewed

@@ -1,279 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/dependency_file"
-require "dependabot/bundler/update_checker"
-require "dependabot/bundler/file_updater/gemspec_sanitizer"
-require "dependabot/bundler/file_updater/git_pin_replacer"
-require "dependabot/bundler/file_updater/git_source_remover"
-require "dependabot/bundler/file_updater/requirement_replacer"
-require "dependabot/bundler/file_updater/gemspec_dependency_name_finder"
-require "dependabot/bundler/file_updater/lockfile_updater"
-require "dependabot/bundler/update_checker/ruby_requirement_setter"
-module Dependabot
-  module Bundler
-    class UpdateChecker
-      # This class takes a set of dependency files and sanitizes them for use
-      # in UpdateCheckers::Ruby::Bundler. In particular, it:
-      # - Removes any version requirement on the dependency being updated
-      #   (in the Gemfile)
-      # - Sanitizes any provided gemspecs to remove file imports etc. (since
-      #   Dependabot doesn't pull down the entire repo). This process is
-      #   imperfect - an alternative would be to clone the repo
-      # - Sets the ruby version in the Gemfile to be the lowest possible
-      #   version allowed by the gemspec, if the gemspec has a required ruby
-      #   version range
-      class FilePreparer
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
-        # Can't be a constant because some of these don't exist in bundler
-        # 1.15, which Heroku uses, which causes an exception on boot.
-        def gemspec_sources
-          [
-            ::Bundler::Source::Path,
-            ::Bundler::Source::Gemspec
-          ]
-        end
-        def initialize(dependency_files:, dependency:,
-                       remove_git_source: false,
-                       unlock_requirement: true,
-                       replacement_git_pin: nil,
-                       latest_allowable_version: nil,
-                       lock_ruby_version: true)
-          @dependency_files         = dependency_files
-          @dependency               = dependency
-          @remove_git_source        = remove_git_source
-          @unlock_requirement       = unlock_requirement
-          @replacement_git_pin      = replacement_git_pin
-          @latest_allowable_version = latest_allowable_version
-          @lock_ruby_version        = lock_ruby_version
-        end
-        # rubocop:disable Metrics/AbcSize
-        # rubocop:disable Metrics/MethodLength
-        def prepared_dependency_files
-          files = []
-          if gemfile
-            files << DependencyFile.new(
-              name: gemfile.name,
-              content: gemfile_content_for_update_check(gemfile),
-              directory: gemfile.directory
-            )
-          end
-          top_level_gemspecs.each do |gemspec|
-            files << DependencyFile.new(
-              name: gemspec.name,
-              content: gemspec_content_for_update_check(gemspec),
-              directory: gemspec.directory
-            )
-          end
-          path_gemspecs.each do |file|
-            files << DependencyFile.new(
-              name: file.name,
-              content: sanitize_gemspec_content(file.content),
-              directory: file.directory,
-              support_file: file.support_file?
-            )
-          end
-          evaled_gemfiles.each do |file|
-            files << DependencyFile.new(
-              name: file.name,
-              content: gemfile_content_for_update_check(file),
-              directory: file.directory
-            )
-          end
-          # No editing required for lockfile or Ruby version file
-          files += [lockfile, ruby_version_file, *imported_ruby_files].compact
-        end
-        # rubocop:enable Metrics/AbcSize
-        # rubocop:enable Metrics/MethodLength
-        private
-        attr_reader :dependency_files, :dependency, :replacement_git_pin,
-                    :latest_allowable_version
-        def remove_git_source?
-          @remove_git_source
-        end
-        def unlock_requirement?
-          @unlock_requirement
-        end
-        def replace_git_pin?
-          !replacement_git_pin.nil?
-        end
-        def gemfile
-          dependency_files.find { |f| f.name == "Gemfile" } ||
-            dependency_files.find { |f| f.name == "gems.rb" }
-        end
-        def evaled_gemfiles
-          dependency_files.
-            reject { |f| f.name.end_with?(".gemspec") }.
-            reject { |f| f.name.end_with?(".lock") }.
-            reject { |f| f.name.end_with?(".ruby-version") }.
-            reject { |f| f.name == "Gemfile" }.
-            reject { |f| f.name == "gems.rb" }.
-            reject { |f| f.name == "gems.locked" }
-        end
-        def lockfile
-          dependency_files.find { |f| f.name == "Gemfile.lock" } ||
-            dependency_files.find { |f| f.name == "gems.locked" }
-        end
-        def top_level_gemspecs
-          dependency_files.
-            select { |f| f.name.end_with?(".gemspec") }.
-            reject(&:support_file?)
-        end
-        def ruby_version_file
-          dependency_files.find { |f| f.name == ".ruby-version" }
-        end
-        def path_gemspecs
-          all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
-          all - top_level_gemspecs
-        end
-        def imported_ruby_files
-          dependency_files.
-            select { |f| f.name.end_with?(".rb") }.
-            reject { |f| f.name == "gems.rb" }
-        end
-        def gemfile_content_for_update_check(file)
-          content = file.content
-          content = replace_gemfile_constraint(content, file.name)
-          content = remove_git_source(content) if remove_git_source?
-          content = replace_git_pin(content) if replace_git_pin?
-          content = lock_ruby_version(content) if lock_ruby_version?(file)
-          content
-        end
-        def gemspec_content_for_update_check(gemspec)
-          content = gemspec.content
-          content = replace_gemspec_constraint(content, gemspec.name)
-          sanitize_gemspec_content(content)
-        end
-        def replace_gemfile_constraint(content, filename)
-          FileUpdater::RequirementReplacer.new(
-            dependency: dependency,
-            file_type: :gemfile,
-            updated_requirement: updated_version_requirement_string(filename),
-            insert_if_bare: true
-          ).rewrite(content)
-        end
-        def replace_gemspec_constraint(content, filename)
-          FileUpdater::RequirementReplacer.new(
-            dependency: dependency,
-            file_type: :gemspec,
-            updated_requirement: updated_version_requirement_string(filename),
-            insert_if_bare: true
-          ).rewrite(content)
-        end
-        def sanitize_gemspec_content(gemspec_content)
-          new_version = replacement_version_for_gemspec(gemspec_content)
-          FileUpdater::GemspecSanitizer.
-            new(replacement_version: new_version).
-            rewrite(gemspec_content)
-        end
-        def updated_version_requirement_string(filename)
-          lower_bound_req = updated_version_req_lower_bound(filename)
-          return lower_bound_req if latest_allowable_version.nil?
-          unless Gem::Version.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
-          lower_bound_req + ", <= #{latest_allowable_version}"
-        end
-        def updated_version_req_lower_bound(filename)
-          original_req = dependency.requirements.
-                         find { |r| r.fetch(:file) == filename }&.
-                         fetch(:requirement)
-          if original_req && !unlock_requirement? then original_req
-          elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
-          elsif dependency.version then ">= #{dependency.version}"
-          else
-            version_for_requirement =
-              dependency.requirements.map { |r| r[:requirement] }.
-              reject { |req_string| req_string.start_with?("<") }.
-              select { |req_string| req_string.match?(VERSION_REGEX) }.
-              map { |req_string| req_string.match(VERSION_REGEX) }.
-              select { |version| Gem::Version.correct?(version) }.
-              max_by { |version| Gem::Version.new(version) }
-            ">= #{version_for_requirement || 0}"
-          end
-        end
-        def remove_git_source(content)
-          FileUpdater::GitSourceRemover.new(
-            dependency: dependency
-          ).rewrite(content)
-        end
-        def replace_git_pin(content)
-          FileUpdater::GitPinReplacer.new(
-            dependency: dependency,
-            new_pin: replacement_git_pin
-          ).rewrite(content)
-        end
-        def lock_ruby_version(gemfile_content)
-          top_level_gemspecs.each do |gs|
-            gemfile_content =
-              RubyRequirementSetter.new(gemspec: gs).rewrite(gemfile_content)
-          end
-          gemfile_content
-        end
-        def lock_ruby_version?(file)
-          @lock_ruby_version && file == gemfile
-        end
-        def replacement_version_for_gemspec(gemspec_content)
-          return "0.0.1" unless lockfile
-          gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs.
-            select { |s| gemspec_sources.include?(s.source.class) }
-          gem_name =
-            FileUpdater::GemspecDependencyNameFinder.
-            new(gemspec_content: gemspec_content).
-            dependency_name
-          return gemspec_specs.first&.version || "0.0.1" unless gem_name
-          spec = gemspec_specs.find { |s| s.name == gem_name }
-          spec&.version || gemspec_specs.first&.version || "0.0.1"
-        end
-        def sanitized_lockfile_content
-          re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
-          lockfile.content.gsub(re, "")
-        end
-      end
-    end
-  end
-end