dependabot-bundler 0.95.61 → 0.95.62
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a627101cc876da4ddd7df8218d3ae98cb434994a9d7a16fc102067480402f70a
|
|
4
|
+
data.tar.gz: 22953a12618c3aafc332cb74beb71241d8f5b297edb500f59f63b79a1256aa4b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a659094c763912880f7bca1d420ac4eae188bcaaf2ae8d0226094a0b3803e3f8abc761db8921877096fd15b2ed3387640778ad320177d450bfd6e156147a759a
|
|
7
|
+
data.tar.gz: '0483ca332310a927231ae7aebb540b152955d6fa4eac2a867a33831f68942c1346e63909b20b4dd5767fd5bd4c205c372831fb84122e981a3ed18768ca8f2898'
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
class FileParser < Dependabot::FileParsers::Base
|
|
14
14
|
require "dependabot/file_parsers/base/dependency_set"
|
|
15
15
|
require "dependabot/bundler/file_parser/file_preparer"
|
|
16
|
-
require "dependabot/bundler/file_parser/
|
|
16
|
+
require "dependabot/bundler/file_parser/gemfile_declaration_finder"
|
|
17
17
|
|
|
18
18
|
def parse
|
|
19
19
|
dependency_set = DependencySet.new
|
|
@@ -45,14 +45,16 @@ module Dependabot
|
|
|
45
45
|
|
|
46
46
|
[gemfile, *evaled_gemfiles].each do |file|
|
|
47
47
|
parsed_gemfile.each do |dep|
|
|
48
|
-
|
|
48
|
+
gemfile_declaration_finder =
|
|
49
|
+
GemfileDeclarationFinder.new(dependency: dep, gemfile: file)
|
|
50
|
+
next unless gemfile_declaration_finder.gemfile_includes_dependency?
|
|
49
51
|
|
|
50
52
|
dependencies <<
|
|
51
53
|
Dependency.new(
|
|
52
54
|
name: dep.name,
|
|
53
55
|
version: dependency_version(dep.name)&.to_s,
|
|
54
56
|
requirements: [{
|
|
55
|
-
requirement:
|
|
57
|
+
requirement: gemfile_declaration_finder.enhanced_req_string,
|
|
56
58
|
groups: dep.groups,
|
|
57
59
|
source: source_for(dep),
|
|
58
60
|
file: file.name
|
|
@@ -240,13 +242,6 @@ module Dependabot
|
|
|
240
242
|
parsed_lockfile.specs.find { |s| s.name == dependency_name }&.source
|
|
241
243
|
end
|
|
242
244
|
|
|
243
|
-
def dependency_in_gemfile?(gemfile:, dependency:)
|
|
244
|
-
GemfileChecker.new(
|
|
245
|
-
dependency: dependency,
|
|
246
|
-
gemfile: gemfile
|
|
247
|
-
).includes_dependency?
|
|
248
|
-
end
|
|
249
|
-
|
|
250
245
|
def gemfile
|
|
251
246
|
@gemfile ||= get_original_file("Gemfile") ||
|
|
252
247
|
get_original_file("gems.rb")
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "parser/current"
|
|
4
|
+
require "dependabot/bundler/file_parser"
|
|
5
|
+
|
|
6
|
+
module Dependabot
|
|
7
|
+
module Bundler
|
|
8
|
+
class FileParser
|
|
9
|
+
# Checks whether a dependency is declared in a Gemfile
|
|
10
|
+
class GemfileDeclarationFinder
|
|
11
|
+
def initialize(dependency:, gemfile:)
|
|
12
|
+
@dependency = dependency
|
|
13
|
+
@gemfile = gemfile
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def gemfile_includes_dependency?
|
|
17
|
+
!declaration_node.nil?
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def enhanced_req_string
|
|
21
|
+
return unless gemfile_includes_dependency?
|
|
22
|
+
|
|
23
|
+
fallback_string = dependency.requirement.to_s
|
|
24
|
+
req_nodes = declaration_node.children[3..-1]
|
|
25
|
+
req_nodes = req_nodes.reject { |child| child.type == :hash }
|
|
26
|
+
|
|
27
|
+
return fallback_string if req_nodes.none?
|
|
28
|
+
return fallback_string unless req_nodes.all? { |n| n.type == :str }
|
|
29
|
+
|
|
30
|
+
original_req_string = req_nodes.map { |n| n.children.last }
|
|
31
|
+
if dependency.requirement == Gem::Requirement.new(original_req_string)
|
|
32
|
+
original_req_string.join(", ")
|
|
33
|
+
else
|
|
34
|
+
fallback_string
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
attr_reader :dependency, :gemfile
|
|
41
|
+
|
|
42
|
+
def declaration_node
|
|
43
|
+
return @declaration_node if defined?(@declaration_node)
|
|
44
|
+
return unless Parser::CurrentRuby.parse(gemfile.content)
|
|
45
|
+
|
|
46
|
+
@declaration_node = nil
|
|
47
|
+
Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
|
|
48
|
+
@declaration_node = deep_search_for_gem(node)
|
|
49
|
+
end
|
|
50
|
+
@declaration_node
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def deep_search_for_gem(node)
|
|
54
|
+
return node if declares_targeted_gem?(node)
|
|
55
|
+
return unless node.is_a?(Parser::AST::Node)
|
|
56
|
+
|
|
57
|
+
declaration_node = nil
|
|
58
|
+
node.children.find do |child_node|
|
|
59
|
+
declaration_node = deep_search_for_gem(child_node)
|
|
60
|
+
end
|
|
61
|
+
declaration_node
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def declares_targeted_gem?(node)
|
|
65
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
66
|
+
return false unless node.children[1] == :gem
|
|
67
|
+
|
|
68
|
+
node.children[2].children.first == dependency.name
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.95.
|
|
4
|
+
version: 0.95.62
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-02-
|
|
11
|
+
date: 2019-02-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.95.
|
|
19
|
+
version: 0.95.62
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.95.
|
|
26
|
+
version: 0.95.62
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -151,7 +151,7 @@ files:
|
|
|
151
151
|
- lib/dependabot/bundler/file_fetcher/require_relative_finder.rb
|
|
152
152
|
- lib/dependabot/bundler/file_parser.rb
|
|
153
153
|
- lib/dependabot/bundler/file_parser/file_preparer.rb
|
|
154
|
-
- lib/dependabot/bundler/file_parser/
|
|
154
|
+
- lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb
|
|
155
155
|
- lib/dependabot/bundler/file_updater.rb
|
|
156
156
|
- lib/dependabot/bundler/file_updater/gemfile_updater.rb
|
|
157
157
|
- lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "parser/current"
|
|
4
|
-
require "dependabot/bundler/file_parser"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
module Bundler
|
|
8
|
-
class FileParser
|
|
9
|
-
# Checks whether a dependency is declared in a Gemfile
|
|
10
|
-
class GemfileChecker
|
|
11
|
-
def initialize(dependency:, gemfile:)
|
|
12
|
-
@dependency = dependency
|
|
13
|
-
@gemfile = gemfile
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def includes_dependency?
|
|
17
|
-
return false unless Parser::CurrentRuby.parse(gemfile.content)
|
|
18
|
-
|
|
19
|
-
Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
|
|
20
|
-
deep_check_for_gem(node)
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
private
|
|
25
|
-
|
|
26
|
-
attr_reader :dependency, :gemfile
|
|
27
|
-
|
|
28
|
-
def deep_check_for_gem(node)
|
|
29
|
-
return true if declares_targeted_gem?(node)
|
|
30
|
-
return false unless node.is_a?(Parser::AST::Node)
|
|
31
|
-
|
|
32
|
-
node.children.any? do |child_node|
|
|
33
|
-
deep_check_for_gem(child_node)
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def declares_targeted_gem?(node)
|
|
38
|
-
return false unless node.is_a?(Parser::AST::Node)
|
|
39
|
-
return false unless node.children[1] == :gem
|
|
40
|
-
|
|
41
|
-
node.children[2].children.first == dependency.name
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
end
|