dependabot-bundler 0.125.0 → 0.125.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher.rb +2 -6
- data/lib/dependabot/bundler/file_parser.rb +1 -3
- data/lib/dependabot/bundler/file_updater.rb +1 -3
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +2 -6
- data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +4 -12
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +1 -3
- data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +2 -6
- data/lib/dependabot/bundler/metadata_finder.rb +2 -6
- data/lib/dependabot/bundler/update_checker.rb +4 -12
- data/lib/dependabot/bundler/update_checker/file_preparer.rb +1 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/bundler/update_checker/requirements_updater.rb +2 -6
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +2 -6
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +2 -6
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb04376474e1c9e71db1c792f60de045d3994e9dda91dac9da14d5bb2e1037fd
|
4
|
+
data.tar.gz: fe786b137e80b6500cd0f7f772a9fd550e53fee00c5a3b211f67e936d0647ede
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 054ddf849996799e4ab5e3e9e3c5a85f60e55967f9b2f2ea88da714ba9f766b97ea59c1ce4f5b7a061c636f4ddbc48030dfc05c138ce7ea9de87705efdba2783
|
7
|
+
data.tar.gz: 497e7fb7e1454aa1dc7b00aaac5c15bc19f69dc089ead93f7f4f37a6d502ac1d173f9c7080426f62669a7d9872edebefa1e05fb5c1ef69717f8fc6ef6616cabe
|
@@ -14,9 +14,7 @@ module Dependabot
|
|
14
14
|
require "dependabot/bundler/file_fetcher/require_relative_finder"
|
15
15
|
|
16
16
|
def self.required_files_in?(filenames)
|
17
|
-
if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
|
18
|
-
return true
|
19
|
-
end
|
17
|
+
return true if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
|
20
18
|
|
21
19
|
filenames.include?("Gemfile") || filenames.include?("gems.rb")
|
22
20
|
end
|
@@ -133,9 +131,7 @@ module Dependabot
|
|
133
131
|
unfetchable_gems << path.basename.to_s
|
134
132
|
end
|
135
133
|
|
136
|
-
if unfetchable_gems.any?
|
137
|
-
raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
|
138
|
-
end
|
134
|
+
raise Dependabot::PathDependenciesNotReachable, unfetchable_gems if unfetchable_gems.any?
|
139
135
|
|
140
136
|
gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
|
141
137
|
end
|
@@ -204,9 +204,7 @@ module Dependabot
|
|
204
204
|
|
205
205
|
# If the source is Git we're better off knowing the SHA-1 than the
|
206
206
|
# version.
|
207
|
-
if spec.source.instance_of?(::Bundler::Source::Git)
|
208
|
-
return spec.source.revision
|
209
|
-
end
|
207
|
+
return spec.source.revision if spec.source.instance_of?(::Bundler::Source::Git)
|
210
208
|
|
211
209
|
spec.version
|
212
210
|
end
|
@@ -94,9 +94,7 @@ module Dependabot
|
|
94
94
|
def check_required_files
|
95
95
|
file_names = dependency_files.map(&:name)
|
96
96
|
|
97
|
-
if lockfile && !gemfile
|
98
|
-
raise "A Gemfile must be provided if a lockfile is!"
|
99
|
-
end
|
97
|
+
raise "A Gemfile must be provided if a lockfile is!" if lockfile && !gemfile
|
100
98
|
|
101
99
|
return if file_names.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
|
102
100
|
return if gemfile
|
@@ -25,13 +25,9 @@ module Dependabot
|
|
25
25
|
content
|
26
26
|
)
|
27
27
|
|
28
|
-
if remove_git_source?(dependency)
|
29
|
-
content = remove_gemfile_git_source(dependency, content)
|
30
|
-
end
|
28
|
+
content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency)
|
31
29
|
|
32
|
-
if update_git_pin?(dependency)
|
33
|
-
content = update_gemfile_git_pin(dependency, gemfile, content)
|
34
|
-
end
|
30
|
+
content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency)
|
35
31
|
end
|
36
32
|
|
37
33
|
content
|
@@ -100,9 +100,7 @@ module Dependabot
|
|
100
100
|
def replace_version_assignments(node)
|
101
101
|
return unless node.is_a?(Parser::AST::Node)
|
102
102
|
|
103
|
-
if node_assigns_to_version_constant?(node)
|
104
|
-
return replace_constant(node)
|
105
|
-
end
|
103
|
+
return replace_constant(node) if node_assigns_to_version_constant?(node)
|
106
104
|
|
107
105
|
node.children.each { |child| replace_version_assignments(child) }
|
108
106
|
end
|
@@ -110,9 +108,7 @@ module Dependabot
|
|
110
108
|
def replace_version_constant_references(node)
|
111
109
|
return unless node.is_a?(Parser::AST::Node)
|
112
110
|
|
113
|
-
if node_is_version_constant?(node)
|
114
|
-
return replace(node.loc.expression, %("#{replacement_version}"))
|
115
|
-
end
|
111
|
+
return replace(node.loc.expression, %("#{replacement_version}")) if node_is_version_constant?(node)
|
116
112
|
|
117
113
|
node.children.each do |child|
|
118
114
|
replace_version_constant_references(child)
|
@@ -122,9 +118,7 @@ module Dependabot
|
|
122
118
|
def replace_file_assignments(node)
|
123
119
|
return unless node.is_a?(Parser::AST::Node)
|
124
120
|
|
125
|
-
if node_assigns_files_to_var?(node)
|
126
|
-
return replace_file_assignment(node)
|
127
|
-
end
|
121
|
+
return replace_file_assignment(node) if node_assigns_files_to_var?(node)
|
128
122
|
|
129
123
|
node.children.each { |child| replace_file_assignments(child) }
|
130
124
|
end
|
@@ -132,9 +126,7 @@ module Dependabot
|
|
132
126
|
def replace_require_paths_assignments(node)
|
133
127
|
return unless node.is_a?(Parser::AST::Node)
|
134
128
|
|
135
|
-
if node_assigns_require_paths?(node)
|
136
|
-
return replace_require_paths_assignment(node)
|
137
|
-
end
|
129
|
+
return replace_require_paths_assignment(node) if node_assigns_require_paths?(node)
|
138
130
|
|
139
131
|
node.children.each do |child|
|
140
132
|
replace_require_paths_assignments(child)
|
@@ -44,9 +44,7 @@ module Dependabot
|
|
44
44
|
begin
|
45
45
|
updated_content = build_updated_lockfile
|
46
46
|
|
47
|
-
if lockfile.content == updated_content
|
48
|
-
raise "Expected content to change!"
|
49
|
-
end
|
47
|
+
raise "Expected content to change!" if lockfile.content == updated_content
|
50
48
|
|
51
49
|
updated_content
|
52
50
|
end
|
@@ -64,9 +64,7 @@ module Dependabot
|
|
64
64
|
end
|
65
65
|
|
66
66
|
def length_change
|
67
|
-
unless previous_requirement.start_with?("=")
|
68
|
-
return updated_requirement.length - previous_requirement.length
|
69
|
-
end
|
67
|
+
return updated_requirement.length - previous_requirement.length unless previous_requirement.start_with?("=")
|
70
68
|
|
71
69
|
updated_requirement.length -
|
72
70
|
previous_requirement.gsub(/^=/, "").strip.length
|
@@ -205,9 +203,7 @@ module Dependabot
|
|
205
203
|
# Gem::Requirement serializes exact matches as a string starting
|
206
204
|
# with `=`. We may need to remove that equality operator if it
|
207
205
|
# wasn't used originally.
|
208
|
-
unless use_equality_operator
|
209
|
-
tmp_req = tmp_req.gsub(/(?<![<>])=/, "")
|
210
|
-
end
|
206
|
+
tmp_req = tmp_req.gsub(/(?<![<>])=/, "") unless use_equality_operator
|
211
207
|
|
212
208
|
tmp_req.strip
|
213
209
|
end
|
@@ -120,9 +120,7 @@ module Dependabot
|
|
120
120
|
# Note: This response MUST NOT be unmarshalled
|
121
121
|
# (as calling Marshal.load is unsafe)
|
122
122
|
def rubygems_marshalled_gemspec_response
|
123
|
-
if defined?(@rubygems_marshalled_gemspec_response)
|
124
|
-
return @rubygems_marshalled_gemspec_response
|
125
|
-
end
|
123
|
+
return @rubygems_marshalled_gemspec_response if defined?(@rubygems_marshalled_gemspec_response)
|
126
124
|
|
127
125
|
gemspec_uri =
|
128
126
|
"#{registry_url}quick/Marshal.4.8/"\
|
@@ -135,9 +133,7 @@ module Dependabot
|
|
135
133
|
**SharedHelpers.excon_defaults(headers: registry_auth_headers)
|
136
134
|
)
|
137
135
|
|
138
|
-
if response.status >= 400
|
139
|
-
return @rubygems_marshalled_gemspec_response = nil
|
140
|
-
end
|
136
|
+
return @rubygems_marshalled_gemspec_response = nil if response.status >= 400
|
141
137
|
|
142
138
|
@rubygems_marshalled_gemspec_response =
|
143
139
|
Zlib::Inflate.inflate(response.body)
|
@@ -100,9 +100,7 @@ module Dependabot
|
|
100
100
|
|
101
101
|
def requirements_update_strategy
|
102
102
|
# If passed in as an option (in the base class) honour that option
|
103
|
-
if @requirements_update_strategy
|
104
|
-
return @requirements_update_strategy.to_sym
|
105
|
-
end
|
103
|
+
return @requirements_update_strategy.to_sym if @requirements_update_strategy
|
106
104
|
|
107
105
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
108
106
|
dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
|
@@ -142,9 +140,7 @@ module Dependabot
|
|
142
140
|
end
|
143
141
|
|
144
142
|
def preferred_resolvable_version_details
|
145
|
-
if vulnerable?
|
146
|
-
return { version: lowest_resolvable_security_fix_version }
|
147
|
-
end
|
143
|
+
return { version: lowest_resolvable_security_fix_version } if vulnerable?
|
148
144
|
|
149
145
|
latest_resolvable_version_details
|
150
146
|
end
|
@@ -220,9 +216,7 @@ module Dependabot
|
|
220
216
|
|
221
217
|
# Otherwise, if the gem isn't pinned, the latest version is just the
|
222
218
|
# latest commit for the specified branch.
|
223
|
-
unless git_commit_checker.pinned?
|
224
|
-
return git_commit_checker.head_commit_for_current_branch
|
225
|
-
end
|
219
|
+
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
226
220
|
|
227
221
|
# If the dependency is pinned to a tag that looks like a version then
|
228
222
|
# we want to update that tag. The latest version will then be the SHA
|
@@ -246,9 +240,7 @@ module Dependabot
|
|
246
240
|
|
247
241
|
# Otherwise, if the gem isn't pinned, the latest version is just the
|
248
242
|
# latest commit for the specified branch.
|
249
|
-
unless git_commit_checker.pinned?
|
250
|
-
return latest_resolvable_commit_with_unchanged_git_source
|
251
|
-
end
|
243
|
+
return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
|
252
244
|
|
253
245
|
# If the dependency is pinned to a tag that looks like a version then
|
254
246
|
# we want to update that tag. The latest version will then be the SHA
|
@@ -207,9 +207,7 @@ module Dependabot
|
|
207
207
|
lower_bound_req = updated_version_req_lower_bound(filename)
|
208
208
|
|
209
209
|
return lower_bound_req if latest_allowable_version.nil?
|
210
|
-
unless Gem::Version.correct?(latest_allowable_version)
|
211
|
-
return lower_bound_req
|
212
|
-
end
|
210
|
+
return lower_bound_req unless Gem::Version.correct?(latest_allowable_version)
|
213
211
|
|
214
212
|
lower_bound_req + ", <= #{latest_allowable_version}"
|
215
213
|
end
|
@@ -39,9 +39,7 @@ module Dependabot
|
|
39
39
|
:credentials, :ignored_versions, :security_advisories
|
40
40
|
|
41
41
|
def fetch_latest_version_details
|
42
|
-
if dependency_source.git?
|
43
|
-
return dependency_source.latest_git_version_details
|
44
|
-
end
|
42
|
+
return dependency_source.latest_git_version_details if dependency_source.git?
|
45
43
|
|
46
44
|
relevant_versions = dependency_source.versions
|
47
45
|
relevant_versions = filter_prerelease_versions(relevant_versions)
|
@@ -71,9 +69,7 @@ module Dependabot
|
|
71
69
|
def filter_ignored_versions(versions_array)
|
72
70
|
filtered = versions_array.
|
73
71
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
74
|
-
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
75
|
-
raise AllVersionsIgnored
|
76
|
-
end
|
72
|
+
raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
77
73
|
|
78
74
|
filtered
|
79
75
|
end
|
@@ -228,9 +228,7 @@ module Dependabot
|
|
228
228
|
lb_segments = version.segments
|
229
229
|
lb_segments.pop while lb_segments.any? && lb_segments.last.zero?
|
230
230
|
|
231
|
-
if lb_segments.none?
|
232
|
-
return [Gem::Requirement.new("< #{ub_segments.join('.')}")]
|
233
|
-
end
|
231
|
+
return [Gem::Requirement.new("< #{ub_segments.join('.')}")] if lb_segments.none?
|
234
232
|
|
235
233
|
# Ensure versions have the same length as each other (cosmetic)
|
236
234
|
length = [lb_segments.count, ub_segments.count].max
|
@@ -253,9 +251,7 @@ module Dependabot
|
|
253
251
|
# Updates the version in a "<" or "<=" constraint to allow the given
|
254
252
|
# version
|
255
253
|
def update_greatest_version(requirement, version_to_be_permitted)
|
256
|
-
if version_to_be_permitted.is_a?(String)
|
257
|
-
version_to_be_permitted = Gem::Version.new(version_to_be_permitted)
|
258
|
-
end
|
254
|
+
version_to_be_permitted = Gem::Version.new(version_to_be_permitted) if version_to_be_permitted.is_a?(String)
|
259
255
|
op, version = requirement.requirements.first
|
260
256
|
version = version.release if version.prerelease?
|
261
257
|
|
@@ -55,9 +55,7 @@ module Dependabot
|
|
55
55
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
56
56
|
retry_count ||= 0
|
57
57
|
retry_count += 1
|
58
|
-
if retryable_error?(e) && retry_count <= 2
|
59
|
-
sleep(rand(1.0..5.0)) && retry
|
60
|
-
end
|
58
|
+
sleep(rand(1.0..5.0)) && retry if retryable_error?(e) && retry_count <= 2
|
61
59
|
|
62
60
|
error_handling ? handle_bundler_errors(e) : raise
|
63
61
|
end
|
@@ -70,9 +68,7 @@ module Dependabot
|
|
70
68
|
return true if error.error_class == "JSON::ParserError"
|
71
69
|
return true if RETRYABLE_ERRORS.include?(error.error_class)
|
72
70
|
|
73
|
-
unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
|
74
|
-
return false
|
75
|
-
end
|
71
|
+
return false unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
|
76
72
|
|
77
73
|
private_registry_credentials.any?
|
78
74
|
end
|
@@ -119,9 +119,7 @@ module Dependabot
|
|
119
119
|
# rubocop:enable Metrics/PerceivedComplexity
|
120
120
|
|
121
121
|
def circular_dependency_at_new_version?(error)
|
122
|
-
unless error.error_class.include?("CyclicDependencyError")
|
123
|
-
return false
|
124
|
-
end
|
122
|
+
return false unless error.error_class.include?("CyclicDependencyError")
|
125
123
|
|
126
124
|
error.message.include?("'#{dependency.name}'")
|
127
125
|
end
|
@@ -171,9 +169,7 @@ module Dependabot
|
|
171
169
|
|
172
170
|
def ruby_version_incompatible?(details)
|
173
171
|
# It's only the old index we have a problem with
|
174
|
-
unless details[:fetcher] == "Bundler::Fetcher::Dependency"
|
175
|
-
return false
|
176
|
-
end
|
172
|
+
return false unless details[:fetcher] == "Bundler::Fetcher::Dependency"
|
177
173
|
|
178
174
|
# If no Ruby version is specified, we don't have a problem
|
179
175
|
return false unless details[:ruby_version]
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.125.
|
4
|
+
version: 0.125.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.125.
|
19
|
+
version: 0.125.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.125.
|
26
|
+
version: 0.125.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|