dependabot-bundler 0.125.0 → 0.125.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_fetcher.rb +2 -6
  3. data/lib/dependabot/bundler/file_parser.rb +1 -3
  4. data/lib/dependabot/bundler/file_updater.rb +1 -3
  5. data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +2 -6
  6. data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +4 -12
  7. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +1 -3
  8. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +2 -6
  9. data/lib/dependabot/bundler/metadata_finder.rb +2 -6
  10. data/lib/dependabot/bundler/update_checker.rb +4 -12
  11. data/lib/dependabot/bundler/update_checker/file_preparer.rb +1 -3
  12. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +2 -6
  13. data/lib/dependabot/bundler/update_checker/requirements_updater.rb +2 -6
  14. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +2 -6
  15. data/lib/dependabot/bundler/update_checker/version_resolver.rb +2 -6
  16. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 80c1fc155e1518d591a60e985401f51bcae4f6332e469e06693ce1e5e1f29b4b
4
- data.tar.gz: dec9c2bf4c74a475a78378744ec23cc97e2053c75a9fc20e3b58a3349f0df0f9
3
+ metadata.gz: fb04376474e1c9e71db1c792f60de045d3994e9dda91dac9da14d5bb2e1037fd
4
+ data.tar.gz: fe786b137e80b6500cd0f7f772a9fd550e53fee00c5a3b211f67e936d0647ede
5
5
  SHA512:
6
- metadata.gz: 2deece94900ce3d7c7d1ed93ced8845b5997d840b2453912c7c7b128bc945741e2e9b792d3106f4bc433004fb5138b1293917572ba3f0fe5d1f41e76e78f68e2
7
- data.tar.gz: fbc107161f3c858edd349623d3a4d00b59ff5c85bd0557caad3dc9eead792defa09784ea412cc9d2ed1b4d349cb1fa564f9ec3ecdf3e8ab25e77a2c50a6ba7b4
6
+ metadata.gz: 054ddf849996799e4ab5e3e9e3c5a85f60e55967f9b2f2ea88da714ba9f766b97ea59c1ce4f5b7a061c636f4ddbc48030dfc05c138ce7ea9de87705efdba2783
7
+ data.tar.gz: 497e7fb7e1454aa1dc7b00aaac5c15bc19f69dc089ead93f7f4f37a6d502ac1d173f9c7080426f62669a7d9872edebefa1e05fb5c1ef69717f8fc6ef6616cabe
data/lib/dependabot/bundler/file_fetcher.rb CHANGED
@@ -14,9 +14,7 @@ module Dependabot
14
14
  require "dependabot/bundler/file_fetcher/require_relative_finder"
15
15
 
16
16
  def self.required_files_in?(filenames)
17
- if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
18
- return true
19
- end
17
+ return true if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
20
18
 
21
19
  filenames.include?("Gemfile") || filenames.include?("gems.rb")
22
20
  end
@@ -133,9 +131,7 @@ module Dependabot
133
131
  unfetchable_gems << path.basename.to_s
134
132
  end
135
133
 
136
- if unfetchable_gems.any?
137
- raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
138
- end
134
+ raise Dependabot::PathDependenciesNotReachable, unfetchable_gems if unfetchable_gems.any?
139
135
 
140
136
  gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
141
137
  end
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -204,9 +204,7 @@ module Dependabot
204
204
 
205
205
  # If the source is Git we're better off knowing the SHA-1 than the
206
206
  # version.
207
- if spec.source.instance_of?(::Bundler::Source::Git)
208
- return spec.source.revision
209
- end
207
+ return spec.source.revision if spec.source.instance_of?(::Bundler::Source::Git)
210
208
 
211
209
  spec.version
212
210
  end
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -94,9 +94,7 @@ module Dependabot
94
94
  def check_required_files
95
95
  file_names = dependency_files.map(&:name)
96
96
 
97
- if lockfile && !gemfile
98
- raise "A Gemfile must be provided if a lockfile is!"
99
- end
97
+ raise "A Gemfile must be provided if a lockfile is!" if lockfile && !gemfile
100
98
 
101
99
  return if file_names.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
102
100
  return if gemfile
data/lib/dependabot/bundler/file_updater/gemfile_updater.rb CHANGED
@@ -25,13 +25,9 @@ module Dependabot
25
25
  content
26
26
  )
27
27
 
28
- if remove_git_source?(dependency)
29
- content = remove_gemfile_git_source(dependency, content)
30
- end
28
+ content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency)
31
29
 
32
- if update_git_pin?(dependency)
33
- content = update_gemfile_git_pin(dependency, gemfile, content)
34
- end
30
+ content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency)
35
31
  end
36
32
 
37
33
  content
data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb CHANGED
@@ -100,9 +100,7 @@ module Dependabot
100
100
  def replace_version_assignments(node)
101
101
  return unless node.is_a?(Parser::AST::Node)
102
102
 
103
- if node_assigns_to_version_constant?(node)
104
- return replace_constant(node)
105
- end
103
+ return replace_constant(node) if node_assigns_to_version_constant?(node)
106
104
 
107
105
  node.children.each { |child| replace_version_assignments(child) }
108
106
  end
@@ -110,9 +108,7 @@ module Dependabot
110
108
  def replace_version_constant_references(node)
111
109
  return unless node.is_a?(Parser::AST::Node)
112
110
 
113
- if node_is_version_constant?(node)
114
- return replace(node.loc.expression, %("#{replacement_version}"))
115
- end
111
+ return replace(node.loc.expression, %("#{replacement_version}")) if node_is_version_constant?(node)
116
112
 
117
113
  node.children.each do |child|
118
114
  replace_version_constant_references(child)
@@ -122,9 +118,7 @@ module Dependabot
122
118
  def replace_file_assignments(node)
123
119
  return unless node.is_a?(Parser::AST::Node)
124
120
 
125
- if node_assigns_files_to_var?(node)
126
- return replace_file_assignment(node)
127
- end
121
+ return replace_file_assignment(node) if node_assigns_files_to_var?(node)
128
122
 
129
123
  node.children.each { |child| replace_file_assignments(child) }
130
124
  end
@@ -132,9 +126,7 @@ module Dependabot
132
126
  def replace_require_paths_assignments(node)
133
127
  return unless node.is_a?(Parser::AST::Node)
134
128
 
135
- if node_assigns_require_paths?(node)
136
- return replace_require_paths_assignment(node)
137
- end
129
+ return replace_require_paths_assignment(node) if node_assigns_require_paths?(node)
138
130
 
139
131
  node.children.each do |child|
140
132
  replace_require_paths_assignments(child)
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -44,9 +44,7 @@ module Dependabot
44
44
  begin
45
45
  updated_content = build_updated_lockfile
46
46
 
47
- if lockfile.content == updated_content
48
- raise "Expected content to change!"
49
- end
47
+ raise "Expected content to change!" if lockfile.content == updated_content
50
48
 
51
49
  updated_content
52
50
  end
data/lib/dependabot/bundler/file_updater/requirement_replacer.rb CHANGED
@@ -64,9 +64,7 @@ module Dependabot
64
64
  end
65
65
 
66
66
  def length_change
67
- unless previous_requirement.start_with?("=")
68
- return updated_requirement.length - previous_requirement.length
69
- end
67
+ return updated_requirement.length - previous_requirement.length unless previous_requirement.start_with?("=")
70
68
 
71
69
  updated_requirement.length -
72
70
  previous_requirement.gsub(/^=/, "").strip.length
@@ -205,9 +203,7 @@ module Dependabot
205
203
  # Gem::Requirement serializes exact matches as a string starting
206
204
  # with `=`. We may need to remove that equality operator if it
207
205
  # wasn't used originally.
208
- unless use_equality_operator
209
- tmp_req = tmp_req.gsub(/(?<![<>])=/, "")
210
- end
206
+ tmp_req = tmp_req.gsub(/(?<![<>])=/, "") unless use_equality_operator
211
207
 
212
208
  tmp_req.strip
213
209
  end
data/lib/dependabot/bundler/metadata_finder.rb CHANGED
@@ -120,9 +120,7 @@ module Dependabot
120
120
  # Note: This response MUST NOT be unmarshalled
121
121
  # (as calling Marshal.load is unsafe)
122
122
  def rubygems_marshalled_gemspec_response
123
- if defined?(@rubygems_marshalled_gemspec_response)
124
- return @rubygems_marshalled_gemspec_response
125
- end
123
+ return @rubygems_marshalled_gemspec_response if defined?(@rubygems_marshalled_gemspec_response)
126
124
 
127
125
  gemspec_uri =
128
126
  "#{registry_url}quick/Marshal.4.8/"\
@@ -135,9 +133,7 @@ module Dependabot
135
133
  **SharedHelpers.excon_defaults(headers: registry_auth_headers)
136
134
  )
137
135
 
138
- if response.status >= 400
139
- return @rubygems_marshalled_gemspec_response = nil
140
- end
136
+ return @rubygems_marshalled_gemspec_response = nil if response.status >= 400
141
137
 
142
138
  @rubygems_marshalled_gemspec_response =
143
139
  Zlib::Inflate.inflate(response.body)
data/lib/dependabot/bundler/update_checker.rb CHANGED
@@ -100,9 +100,7 @@ module Dependabot
100
100
 
101
101
  def requirements_update_strategy
102
102
  # If passed in as an option (in the base class) honour that option
103
- if @requirements_update_strategy
104
- return @requirements_update_strategy.to_sym
105
- end
103
+ return @requirements_update_strategy.to_sym if @requirements_update_strategy
106
104
 
107
105
  # Otherwise, widen ranges for libraries and bump versions for apps
108
106
  dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
@@ -142,9 +140,7 @@ module Dependabot
142
140
  end
143
141
 
144
142
  def preferred_resolvable_version_details
145
- if vulnerable?
146
- return { version: lowest_resolvable_security_fix_version }
147
- end
143
+ return { version: lowest_resolvable_security_fix_version } if vulnerable?
148
144
 
149
145
  latest_resolvable_version_details
150
146
  end
@@ -220,9 +216,7 @@ module Dependabot
220
216
 
221
217
  # Otherwise, if the gem isn't pinned, the latest version is just the
222
218
  # latest commit for the specified branch.
223
- unless git_commit_checker.pinned?
224
- return git_commit_checker.head_commit_for_current_branch
225
- end
219
+ return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
226
220
 
227
221
  # If the dependency is pinned to a tag that looks like a version then
228
222
  # we want to update that tag. The latest version will then be the SHA
@@ -246,9 +240,7 @@ module Dependabot
246
240
 
247
241
  # Otherwise, if the gem isn't pinned, the latest version is just the
248
242
  # latest commit for the specified branch.
249
- unless git_commit_checker.pinned?
250
- return latest_resolvable_commit_with_unchanged_git_source
251
- end
243
+ return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
252
244
 
253
245
  # If the dependency is pinned to a tag that looks like a version then
254
246
  # we want to update that tag. The latest version will then be the SHA
data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED
@@ -207,9 +207,7 @@ module Dependabot
207
207
  lower_bound_req = updated_version_req_lower_bound(filename)
208
208
 
209
209
  return lower_bound_req if latest_allowable_version.nil?
210
- unless Gem::Version.correct?(latest_allowable_version)
211
- return lower_bound_req
212
- end
210
+ return lower_bound_req unless Gem::Version.correct?(latest_allowable_version)
213
211
 
214
212
  lower_bound_req + ", <= #{latest_allowable_version}"
215
213
  end
data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED
@@ -39,9 +39,7 @@ module Dependabot
39
39
  :credentials, :ignored_versions, :security_advisories
40
40
 
41
41
  def fetch_latest_version_details
42
- if dependency_source.git?
43
- return dependency_source.latest_git_version_details
44
- end
42
+ return dependency_source.latest_git_version_details if dependency_source.git?
45
43
 
46
44
  relevant_versions = dependency_source.versions
47
45
  relevant_versions = filter_prerelease_versions(relevant_versions)
@@ -71,9 +69,7 @@ module Dependabot
71
69
  def filter_ignored_versions(versions_array)
72
70
  filtered = versions_array.
73
71
  reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
74
- if @raise_on_ignored && filtered.empty? && versions_array.any?
75
- raise AllVersionsIgnored
76
- end
72
+ raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
77
73
 
78
74
  filtered
79
75
  end
data/lib/dependabot/bundler/update_checker/requirements_updater.rb CHANGED
@@ -228,9 +228,7 @@ module Dependabot
228
228
  lb_segments = version.segments
229
229
  lb_segments.pop while lb_segments.any? && lb_segments.last.zero?
230
230
 
231
- if lb_segments.none?
232
- return [Gem::Requirement.new("< #{ub_segments.join('.')}")]
233
- end
231
+ return [Gem::Requirement.new("< #{ub_segments.join('.')}")] if lb_segments.none?
234
232
 
235
233
  # Ensure versions have the same length as each other (cosmetic)
236
234
  length = [lb_segments.count, ub_segments.count].max
@@ -253,9 +251,7 @@ module Dependabot
253
251
  # Updates the version in a "<" or "<=" constraint to allow the given
254
252
  # version
255
253
  def update_greatest_version(requirement, version_to_be_permitted)
256
- if version_to_be_permitted.is_a?(String)
257
- version_to_be_permitted = Gem::Version.new(version_to_be_permitted)
258
- end
254
+ version_to_be_permitted = Gem::Version.new(version_to_be_permitted) if version_to_be_permitted.is_a?(String)
259
255
  op, version = requirement.requirements.first
260
256
  version = version.release if version.prerelease?
261
257
 
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -55,9 +55,7 @@ module Dependabot
55
55
  rescue SharedHelpers::HelperSubprocessFailed => e
56
56
  retry_count ||= 0
57
57
  retry_count += 1
58
- if retryable_error?(e) && retry_count <= 2
59
- sleep(rand(1.0..5.0)) && retry
60
- end
58
+ sleep(rand(1.0..5.0)) && retry if retryable_error?(e) && retry_count <= 2
61
59
 
62
60
  error_handling ? handle_bundler_errors(e) : raise
63
61
  end
@@ -70,9 +68,7 @@ module Dependabot
70
68
  return true if error.error_class == "JSON::ParserError"
71
69
  return true if RETRYABLE_ERRORS.include?(error.error_class)
72
70
 
73
- unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
74
- return false
75
- end
71
+ return false unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
76
72
 
77
73
  private_registry_credentials.any?
78
74
  end
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -119,9 +119,7 @@ module Dependabot
119
119
  # rubocop:enable Metrics/PerceivedComplexity
120
120
 
121
121
  def circular_dependency_at_new_version?(error)
122
- unless error.error_class.include?("CyclicDependencyError")
123
- return false
124
- end
122
+ return false unless error.error_class.include?("CyclicDependencyError")
125
123
 
126
124
  error.message.include?("'#{dependency.name}'")
127
125
  end
@@ -171,9 +169,7 @@ module Dependabot
171
169
 
172
170
  def ruby_version_incompatible?(details)
173
171
  # It's only the old index we have a problem with
174
- unless details[:fetcher] == "Bundler::Fetcher::Dependency"
175
- return false
176
- end
172
+ return false unless details[:fetcher] == "Bundler::Fetcher::Dependency"
177
173
 
178
174
  # If no Ruby version is specified, we don't have a problem
179
175
  return false unless details[:ruby_version]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.0
19
+ version: 0.125.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.0
26
+ version: 0.125.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement