dependabot-bundler 0.111.11 → 0.111.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +27 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5213783a7eefdbb11ec239b5c2b1354f4d4495e12579f7a461c3b995d0bd550b
|
|
4
|
+
data.tar.gz: e056971a32402d53e88d979b536e517dc22dcbac8e9981dc4bfe0141aa83475b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 29cf37f1c0f69e8b284468a25bb7bffa9e198e9d520d684c04e51e1b08caa188a887fcc53ef7e6663f0fba1d497817bf567e9d36aa6dd2f4dd5b68c3f91c4a34
|
|
7
|
+
data.tar.gz: 1305358d0caf396a0d3116772454af5c7a05af37ed6f1f370ac50abde0d07bd55f9f05de922f9a996dd986cc3ad43596884ffb0af8d5df3ffa01e9d3b31bd4bd
|
|
@@ -69,6 +69,9 @@ module Dependabot
|
|
|
69
69
|
# Replace any `File.read(...)` calls with a dummy string
|
|
70
70
|
replace_file_reads(node)
|
|
71
71
|
|
|
72
|
+
# Replace any `JSON.parse(...)` calls with a dummy hash
|
|
73
|
+
replace_json_parses(node)
|
|
74
|
+
|
|
72
75
|
# Remove the arguments from any `Find.find(...)` calls
|
|
73
76
|
remove_find_dot_find_args(node)
|
|
74
77
|
|
|
@@ -193,6 +196,23 @@ module Dependabot
|
|
|
193
196
|
node.children[1] == :readlines
|
|
194
197
|
end
|
|
195
198
|
|
|
199
|
+
def replace_json_parses(node)
|
|
200
|
+
return unless node.is_a?(Parser::AST::Node)
|
|
201
|
+
return if node.children[1] == :version=
|
|
202
|
+
return replace_json_parse(node) if node_parses_json?(node)
|
|
203
|
+
|
|
204
|
+
node.children.each { |child| replace_json_parses(child) }
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
def node_parses_json?(node)
|
|
208
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
209
|
+
return false unless node.children.first.is_a?(Parser::AST::Node)
|
|
210
|
+
return false unless node.children.first&.type == :const
|
|
211
|
+
return false unless node.children.first.children.last == :JSON
|
|
212
|
+
|
|
213
|
+
node.children[1] == :parse
|
|
214
|
+
end
|
|
215
|
+
|
|
196
216
|
def remove_find_dot_find_args(node)
|
|
197
217
|
return unless node.is_a?(Parser::AST::Node)
|
|
198
218
|
return if node.children[1] == :version=
|
|
@@ -298,6 +318,13 @@ module Dependabot
|
|
|
298
318
|
replace(node.loc.expression, %("#{replacement_version}"))
|
|
299
319
|
end
|
|
300
320
|
|
|
321
|
+
def replace_json_parse(node)
|
|
322
|
+
replace(
|
|
323
|
+
node.loc.expression,
|
|
324
|
+
%({ "version" => "#{replacement_version}" })
|
|
325
|
+
)
|
|
326
|
+
end
|
|
327
|
+
|
|
301
328
|
def replace_file_readlines(node)
|
|
302
329
|
replace(node.loc.expression, %(["#{replacement_version}"]))
|
|
303
330
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.111.
|
|
4
|
+
version: 0.111.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.111.
|
|
19
|
+
version: 0.111.12
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.111.
|
|
26
|
+
version: 0.111.12
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|