dependabot-bundler 0.138.0 → 0.138.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v2/.bundle/config +2 -0
- data/helpers/v2/.gitignore +9 -0
- data/helpers/v2/Gemfile +12 -0
- data/helpers/v2/build +23 -0
- data/helpers/v2/lib/functions.rb +67 -0
- data/helpers/v2/run.rb +30 -0
- data/helpers/v2/spec/functions_spec.rb +37 -0
- data/helpers/v2/spec/native_spec_helper.rb +50 -0
- data/lib/dependabot/bundler/file_parser.rb +13 -1
- data/lib/dependabot/bundler/file_updater.rb +3 -2
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +4 -3
- data/lib/dependabot/bundler/helpers.rb +15 -3
- data/lib/dependabot/bundler/native_helpers.rb +5 -0
- data/lib/dependabot/bundler/update_checker.rb +12 -6
- data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +5 -2
- data/lib/dependabot/bundler/update_checker/force_updater.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -3
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +0 -4
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +8 -4
- metadata +11 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '098bacb84fe60a2f7e46f7f272f89623567b18cd9ce7f21b9450c6ced8c43ce3'
|
|
4
|
+
data.tar.gz: f13d6f9506e266880ded948007e0df3050962a16efa6ec323e870804dbce5b93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 672c92cf4c9dbafd99e67516d085c8a81ab9cedfc4ef0c1b9e1d1fc70706e19698013ccf546c653bddc857b9a58debd5112ad2c2dddd40abc02d5afac8c3c0fa
|
|
7
|
+
data.tar.gz: a89c52b1b2b0b7a7cd14b2d9186d6b10d29e63bc29bf890b4e2e74931eaa1ce828e5e8e2117079887bcbee5c85dacf5903092f75febb430c3ef7f107c0c6151d
|
data/helpers/v2/Gemfile
ADDED
data/helpers/v2/build
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
set -e
|
|
4
|
+
|
|
5
|
+
install_dir=$1
|
|
6
|
+
if [ -z "$install_dir" ]; then
|
|
7
|
+
echo "usage: $0 INSTALL_DIR"
|
|
8
|
+
exit 1
|
|
9
|
+
fi
|
|
10
|
+
|
|
11
|
+
helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
|
|
12
|
+
cp -r \
|
|
13
|
+
"$helpers_dir/.bundle" \
|
|
14
|
+
"$helpers_dir/lib" \
|
|
15
|
+
"$helpers_dir/run.rb" \
|
|
16
|
+
"$helpers_dir/Gemfile" \
|
|
17
|
+
"$install_dir"
|
|
18
|
+
|
|
19
|
+
cd "$install_dir"
|
|
20
|
+
|
|
21
|
+
# NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
|
|
22
|
+
# forcing specs and native helpers to run with the same version
|
|
23
|
+
BUNDLER_VERSION=2 bundle install
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
module Functions
|
|
2
|
+
class NotImplementedError < StandardError; end
|
|
3
|
+
|
|
4
|
+
def self.parsed_gemfile(lockfile_name:, gemfile_name:, dir:)
|
|
5
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.parsed_gemspec(lockfile_name:, gemspec_name:, dir:)
|
|
9
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.vendor_cache_dir(dir:)
|
|
13
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.update_lockfile(dir:, gemfile_name:, lockfile_name:, using_bundler2:,
|
|
17
|
+
credentials:, dependencies:)
|
|
18
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def self.force_update(dir:, dependency_name:, target_version:, gemfile_name:,
|
|
22
|
+
lockfile_name:, using_bundler2:, credentials:,
|
|
23
|
+
update_multiple_dependencies:)
|
|
24
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def self.dependency_source_type(gemfile_name:, dependency_name:, dir:,
|
|
28
|
+
credentials:)
|
|
29
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def self.depencency_source_latest_git_version(gemfile_name:, dependency_name:,
|
|
33
|
+
dir:, credentials:,
|
|
34
|
+
dependency_source_url:,
|
|
35
|
+
dependency_source_branch:)
|
|
36
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.private_registry_versions(gemfile_name:, dependency_name:, dir:,
|
|
40
|
+
credentials:)
|
|
41
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def self.resolve_version(dependency_name:, dependency_requirements:,
|
|
45
|
+
gemfile_name:, lockfile_name:, using_bundler2:,
|
|
46
|
+
dir:, credentials:)
|
|
47
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def self.jfrog_source(dir:, gemfile_name:, credentials:, using_bundler2:)
|
|
51
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def self.git_specs(dir:, gemfile_name:, credentials:, using_bundler2:)
|
|
55
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def self.set_bundler_flags_and_credentials(dir:, credentials:,
|
|
59
|
+
using_bundler2:)
|
|
60
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def self.conflicting_dependencies(dir:, dependency_name:, target_version:,
|
|
64
|
+
lockfile_name:, using_bundler2:, credentials:)
|
|
65
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
66
|
+
end
|
|
67
|
+
end
|
data/helpers/v2/run.rb
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
require "bundler"
|
|
2
|
+
require "json"
|
|
3
|
+
|
|
4
|
+
$LOAD_PATH.unshift(File.expand_path("./lib", __dir__))
|
|
5
|
+
$LOAD_PATH.unshift(File.expand_path("../v1/monkey_patches", __dir__))
|
|
6
|
+
|
|
7
|
+
# Bundler monkey patches
|
|
8
|
+
require "definition_ruby_version_patch"
|
|
9
|
+
require "definition_bundler_version_patch"
|
|
10
|
+
require "git_source_patch"
|
|
11
|
+
|
|
12
|
+
require "functions"
|
|
13
|
+
|
|
14
|
+
def output(obj)
|
|
15
|
+
print JSON.dump(obj)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
begin
|
|
19
|
+
request = JSON.parse($stdin.read)
|
|
20
|
+
|
|
21
|
+
function = request["function"]
|
|
22
|
+
args = request["args"].transform_keys(&:to_sym)
|
|
23
|
+
|
|
24
|
+
output({ result: Functions.send(function, **args) })
|
|
25
|
+
rescue => error
|
|
26
|
+
output(
|
|
27
|
+
{ error: error.message, error_class: error.class, trace: error.backtrace }
|
|
28
|
+
)
|
|
29
|
+
exit(1)
|
|
30
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "native_spec_helper"
|
|
4
|
+
|
|
5
|
+
RSpec.describe Functions do
|
|
6
|
+
# Verify v1 method signatures are exist, but raise as NYI
|
|
7
|
+
{
|
|
8
|
+
parsed_gemfile: [ :lockfile_name, :gemfile_name, :dir ],
|
|
9
|
+
parsed_gemspec: [ :lockfile_name, :gemspec_name, :dir ],
|
|
10
|
+
vendor_cache_dir: [ :dir ],
|
|
11
|
+
update_lockfile: [ :dir, :gemfile_name, :lockfile_name, :using_bundler2, :credentials, :dependencies ],
|
|
12
|
+
force_update: [ :dir, :dependency_name, :target_version, :gemfile_name, :lockfile_name, :using_bundler2,
|
|
13
|
+
:credentials, :update_multiple_dependencies ],
|
|
14
|
+
dependency_source_type: [ :gemfile_name, :dependency_name, :dir, :credentials ],
|
|
15
|
+
depencency_source_latest_git_version: [ :gemfile_name, :dependency_name, :dir, :credentials, :dependency_source_url,
|
|
16
|
+
:dependency_source_branch ],
|
|
17
|
+
private_registry_versions: [:gemfile_name, :dependency_name, :dir, :credentials ],
|
|
18
|
+
resolve_version: [:dependency_name, :dependency_requirements, :gemfile_name, :lockfile_name, :using_bundler2,
|
|
19
|
+
:dir, :credentials],
|
|
20
|
+
jfrog_source: [:dir, :gemfile_name, :credentials, :using_bundler2],
|
|
21
|
+
git_specs: [:dir, :gemfile_name, :credentials, :using_bundler2],
|
|
22
|
+
set_bundler_flags_and_credentials: [:dir, :credentials, :using_bundler2],
|
|
23
|
+
conflicting_dependencies: [:dir, :dependency_name, :target_version, :lockfile_name, :using_bundler2, :credentials]
|
|
24
|
+
}.each do |function, kwargs|
|
|
25
|
+
describe "::#{function}" do
|
|
26
|
+
let(:args) do
|
|
27
|
+
kwargs.inject({}) do |args, keyword|
|
|
28
|
+
args.merge({ keyword => anything })
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it "raises a NYI" do
|
|
33
|
+
expect { Functions.send(function, **args) }.to raise_error(Functions::NotImplementedError)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "rspec/its"
|
|
4
|
+
require "webmock/rspec"
|
|
5
|
+
require "byebug"
|
|
6
|
+
|
|
7
|
+
$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
|
|
8
|
+
# TODO: Fork `v1/monkey_patches` into `v2/monkey_patches` ?
|
|
9
|
+
$LOAD_PATH.unshift(File.expand_path("../../v1/monkey_patches", __dir__))
|
|
10
|
+
|
|
11
|
+
# Bundler monkey patches
|
|
12
|
+
require "definition_ruby_version_patch"
|
|
13
|
+
require "definition_bundler_version_patch"
|
|
14
|
+
require "git_source_patch"
|
|
15
|
+
|
|
16
|
+
require "functions"
|
|
17
|
+
|
|
18
|
+
RSpec.configure do |config|
|
|
19
|
+
config.color = true
|
|
20
|
+
config.order = :rand
|
|
21
|
+
config.mock_with(:rspec) { |mocks| mocks.verify_partial_doubles = true }
|
|
22
|
+
config.raise_errors_for_deprecations!
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
|
|
26
|
+
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
|
27
|
+
LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
|
28
|
+
|
|
29
|
+
def project_dependency_files(project)
|
|
30
|
+
project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
|
|
31
|
+
Dir.chdir(project_path) do
|
|
32
|
+
# NOTE: Include dotfiles (e.g. .npmrc)
|
|
33
|
+
files = Dir.glob("**/*", File::FNM_DOTMATCH)
|
|
34
|
+
files = files.select { |f| File.file?(f) }
|
|
35
|
+
files.map do |filename|
|
|
36
|
+
content = File.read(filename)
|
|
37
|
+
if filename == "Gemfile.lock"
|
|
38
|
+
content = content.gsub(LOCKFILE_ENDING, "")
|
|
39
|
+
end
|
|
40
|
+
{
|
|
41
|
+
name: filename,
|
|
42
|
+
content: content
|
|
43
|
+
}
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def fixture(*name)
|
|
49
|
+
File.read(File.join("../../spec/fixtures", File.join(*name)))
|
|
50
|
+
end
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
dependency_set += gemspec_dependencies
|
|
24
24
|
dependency_set += lockfile_dependencies
|
|
25
25
|
check_external_code(dependency_set.dependencies)
|
|
26
|
+
instrument_package_manager_version
|
|
26
27
|
dependency_set.dependencies
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -42,6 +43,17 @@ module Dependabot
|
|
|
42
43
|
end
|
|
43
44
|
end
|
|
44
45
|
|
|
46
|
+
def instrument_package_manager_version
|
|
47
|
+
version = Helpers.detected_bundler_version(lockfile)
|
|
48
|
+
Dependabot.instrument(
|
|
49
|
+
Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED,
|
|
50
|
+
ecosystem: "bundler",
|
|
51
|
+
package_managers: {
|
|
52
|
+
"bundler" => version
|
|
53
|
+
}
|
|
54
|
+
)
|
|
55
|
+
end
|
|
56
|
+
|
|
45
57
|
def gemfile_dependencies
|
|
46
58
|
dependencies = DependencySet.new
|
|
47
59
|
|
|
@@ -301,7 +313,7 @@ module Dependabot
|
|
|
301
313
|
end
|
|
302
314
|
|
|
303
315
|
def bundler_version
|
|
304
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
316
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
305
317
|
end
|
|
306
318
|
end
|
|
307
319
|
end
|
|
@@ -151,7 +151,8 @@ module Dependabot
|
|
|
151
151
|
dependencies: dependencies,
|
|
152
152
|
dependency_files: dependency_files,
|
|
153
153
|
repo_contents_path: repo_contents_path,
|
|
154
|
-
credentials: credentials
|
|
154
|
+
credentials: credentials,
|
|
155
|
+
options: options
|
|
155
156
|
).updated_lockfile_content
|
|
156
157
|
end
|
|
157
158
|
|
|
@@ -162,7 +163,7 @@ module Dependabot
|
|
|
162
163
|
end
|
|
163
164
|
|
|
164
165
|
def bundler_version
|
|
165
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
166
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
166
167
|
end
|
|
167
168
|
end
|
|
168
169
|
end
|
|
@@ -33,11 +33,12 @@ module Dependabot
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def initialize(dependencies:, dependency_files:,
|
|
36
|
-
repo_contents_path: nil, credentials:)
|
|
36
|
+
repo_contents_path: nil, credentials:, options:)
|
|
37
37
|
@dependencies = dependencies
|
|
38
38
|
@dependency_files = dependency_files
|
|
39
39
|
@repo_contents_path = repo_contents_path
|
|
40
40
|
@credentials = credentials
|
|
41
|
+
@options = options
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
def updated_lockfile_content
|
|
@@ -54,7 +55,7 @@ module Dependabot
|
|
|
54
55
|
private
|
|
55
56
|
|
|
56
57
|
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
|
57
|
-
:credentials
|
|
58
|
+
:credentials, :options
|
|
58
59
|
|
|
59
60
|
def build_updated_lockfile
|
|
60
61
|
base_dir = dependency_files.first.directory
|
|
@@ -304,7 +305,7 @@ module Dependabot
|
|
|
304
305
|
end
|
|
305
306
|
|
|
306
307
|
def bundler_version
|
|
307
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
308
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
308
309
|
end
|
|
309
310
|
end
|
|
310
311
|
end
|
|
@@ -6,9 +6,21 @@ module Dependabot
|
|
|
6
6
|
V1 = "1"
|
|
7
7
|
V2 = "2"
|
|
8
8
|
|
|
9
|
-
#
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
# NOTE: options is a manditory argument to ensure we pass it from all calling classes
|
|
10
|
+
def self.bundler_version(_lockfile, options:)
|
|
11
|
+
# For now, force V2 if bundler_2_available
|
|
12
|
+
return V2 if options[:bundler_2_available]
|
|
13
|
+
|
|
14
|
+
# TODO: Add support for bundler v2 based on lockfile
|
|
15
|
+
# return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
16
|
+
|
|
17
|
+
V1
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.detected_bundler_version(lockfile)
|
|
21
|
+
return "unknown" unless lockfile
|
|
22
|
+
return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
23
|
+
|
|
12
24
|
V1
|
|
13
25
|
end
|
|
14
26
|
end
|
|
@@ -22,6 +22,11 @@ module Dependabot
|
|
|
22
22
|
"GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
|
|
23
23
|
}
|
|
24
24
|
)
|
|
25
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
26
|
+
# TODO: Remove once we stop stubbing out the V2 native helper
|
|
27
|
+
raise Dependabot::NotImplemented, e.message if e.error_class == "Functions::NotImplementedError"
|
|
28
|
+
|
|
29
|
+
raise
|
|
25
30
|
end
|
|
26
31
|
end
|
|
27
32
|
|
|
@@ -110,7 +110,8 @@ module Dependabot
|
|
|
110
110
|
ConflictingDependencyResolver.new(
|
|
111
111
|
dependency_files: dependency_files,
|
|
112
112
|
repo_contents_path: repo_contents_path,
|
|
113
|
-
credentials: credentials
|
|
113
|
+
credentials: credentials,
|
|
114
|
+
options: options
|
|
114
115
|
).conflicting_dependencies(
|
|
115
116
|
dependency: dependency,
|
|
116
117
|
target_version: lowest_security_fix_version
|
|
@@ -162,7 +163,8 @@ module Dependabot
|
|
|
162
163
|
credentials: credentials,
|
|
163
164
|
target_version: version,
|
|
164
165
|
requirements_update_strategy: requirements_update_strategy,
|
|
165
|
-
update_multiple_dependencies: false
|
|
166
|
+
update_multiple_dependencies: false,
|
|
167
|
+
options: options
|
|
166
168
|
).updated_dependencies
|
|
167
169
|
true
|
|
168
170
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -183,7 +185,8 @@ module Dependabot
|
|
|
183
185
|
credentials: credentials,
|
|
184
186
|
ignored_versions: ignored_versions,
|
|
185
187
|
raise_on_ignored: raise_on_ignored,
|
|
186
|
-
replacement_git_pin: tag
|
|
188
|
+
replacement_git_pin: tag,
|
|
189
|
+
options: options
|
|
187
190
|
).latest_resolvable_version_details
|
|
188
191
|
true
|
|
189
192
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -339,7 +342,8 @@ module Dependabot
|
|
|
339
342
|
repo_contents_path: repo_contents_path,
|
|
340
343
|
credentials: credentials,
|
|
341
344
|
target_version: latest_version,
|
|
342
|
-
requirements_update_strategy: requirements_update_strategy
|
|
345
|
+
requirements_update_strategy: requirements_update_strategy,
|
|
346
|
+
options: options
|
|
343
347
|
)
|
|
344
348
|
end
|
|
345
349
|
|
|
@@ -365,7 +369,8 @@ module Dependabot
|
|
|
365
369
|
raise_on_ignored: raise_on_ignored,
|
|
366
370
|
remove_git_source: remove_git_source,
|
|
367
371
|
unlock_requirement: unlock_requirement,
|
|
368
|
-
latest_allowable_version: latest_version
|
|
372
|
+
latest_allowable_version: latest_version,
|
|
373
|
+
options: options
|
|
369
374
|
)
|
|
370
375
|
end
|
|
371
376
|
end
|
|
@@ -386,7 +391,8 @@ module Dependabot
|
|
|
386
391
|
credentials: credentials,
|
|
387
392
|
ignored_versions: ignored_versions,
|
|
388
393
|
raise_on_ignored: raise_on_ignored,
|
|
389
|
-
security_advisories: security_advisories
|
|
394
|
+
security_advisories: security_advisories,
|
|
395
|
+
options: options
|
|
390
396
|
)
|
|
391
397
|
end
|
|
392
398
|
end
|
|
@@ -12,10 +12,13 @@ module Dependabot
|
|
|
12
12
|
require_relative "shared_bundler_helpers"
|
|
13
13
|
include SharedBundlerHelpers
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
attr_reader :options
|
|
16
|
+
|
|
17
|
+
def initialize(dependency_files:, repo_contents_path:, credentials:, options:)
|
|
16
18
|
@dependency_files = dependency_files
|
|
17
19
|
@repo_contents_path = repo_contents_path
|
|
18
20
|
@credentials = credentials
|
|
21
|
+
@options = options
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
# Finds any dependencies in the lockfile that have a subdependency on
|
|
@@ -47,7 +50,7 @@ module Dependabot
|
|
|
47
50
|
private
|
|
48
51
|
|
|
49
52
|
def bundler_version
|
|
50
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
53
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
51
54
|
end
|
|
52
55
|
end
|
|
53
56
|
end
|
|
@@ -19,7 +19,8 @@ module Dependabot
|
|
|
19
19
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
20
20
|
credentials:, target_version:,
|
|
21
21
|
requirements_update_strategy:,
|
|
22
|
-
update_multiple_dependencies: true
|
|
22
|
+
update_multiple_dependencies: true,
|
|
23
|
+
options:)
|
|
23
24
|
@dependency = dependency
|
|
24
25
|
@dependency_files = dependency_files
|
|
25
26
|
@repo_contents_path = repo_contents_path
|
|
@@ -27,6 +28,7 @@ module Dependabot
|
|
|
27
28
|
@target_version = target_version
|
|
28
29
|
@requirements_update_strategy = requirements_update_strategy
|
|
29
30
|
@update_multiple_dependencies = update_multiple_dependencies
|
|
31
|
+
@options = options
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def updated_dependencies
|
|
@@ -36,7 +38,8 @@ module Dependabot
|
|
|
36
38
|
private
|
|
37
39
|
|
|
38
40
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :target_version, :requirements_update_strategy
|
|
41
|
+
:credentials, :target_version, :requirements_update_strategy,
|
|
42
|
+
:options
|
|
40
43
|
|
|
41
44
|
def update_multiple_dependencies?
|
|
42
45
|
@update_multiple_dependencies
|
|
@@ -149,7 +152,7 @@ module Dependabot
|
|
|
149
152
|
end
|
|
150
153
|
|
|
151
154
|
def bundler_version
|
|
152
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
155
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
153
156
|
end
|
|
154
157
|
end
|
|
155
158
|
end
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
class LatestVersionFinder
|
|
16
16
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
17
17
|
credentials:, ignored_versions:, raise_on_ignored: false,
|
|
18
|
-
security_advisories:)
|
|
18
|
+
security_advisories:, options:)
|
|
19
19
|
@dependency = dependency
|
|
20
20
|
@dependency_files = dependency_files
|
|
21
21
|
@repo_contents_path = repo_contents_path
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
@ignored_versions = ignored_versions
|
|
24
24
|
@raise_on_ignored = raise_on_ignored
|
|
25
25
|
@security_advisories = security_advisories
|
|
26
|
+
@options = options
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def latest_version_details
|
|
@@ -36,7 +37,8 @@ module Dependabot
|
|
|
36
37
|
private
|
|
37
38
|
|
|
38
39
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :ignored_versions, :security_advisories
|
|
40
|
+
:credentials, :ignored_versions, :security_advisories,
|
|
41
|
+
:options
|
|
40
42
|
|
|
41
43
|
def fetch_latest_version_details
|
|
42
44
|
return dependency_source.latest_git_version_details if dependency_source.git?
|
|
@@ -103,7 +105,8 @@ module Dependabot
|
|
|
103
105
|
@dependency_source ||= DependencySource.new(
|
|
104
106
|
dependency: dependency,
|
|
105
107
|
dependency_files: dependency_files,
|
|
106
|
-
credentials: credentials
|
|
108
|
+
credentials: credentials,
|
|
109
|
+
options: options
|
|
107
110
|
)
|
|
108
111
|
end
|
|
109
112
|
|
|
@@ -17,14 +17,16 @@ module Dependabot
|
|
|
17
17
|
OTHER = "other"
|
|
18
18
|
|
|
19
19
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
20
|
-
:credentials
|
|
20
|
+
:credentials, :options
|
|
21
21
|
|
|
22
22
|
def initialize(dependency:,
|
|
23
23
|
dependency_files:,
|
|
24
|
-
credentials
|
|
24
|
+
credentials:,
|
|
25
|
+
options:)
|
|
25
26
|
@dependency = dependency
|
|
26
27
|
@dependency_files = dependency_files
|
|
27
28
|
@credentials = credentials
|
|
29
|
+
@options = options
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
# The latest version details for the dependency from a registry
|
|
@@ -145,7 +147,7 @@ module Dependabot
|
|
|
145
147
|
end
|
|
146
148
|
|
|
147
149
|
def bundler_version
|
|
148
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
150
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
149
151
|
end
|
|
150
152
|
end
|
|
151
153
|
end
|
|
@@ -23,7 +23,8 @@ module Dependabot
|
|
|
23
23
|
raise_on_ignored: false,
|
|
24
24
|
replacement_git_pin: nil, remove_git_source: false,
|
|
25
25
|
unlock_requirement: true,
|
|
26
|
-
latest_allowable_version: nil
|
|
26
|
+
latest_allowable_version: nil,
|
|
27
|
+
options:)
|
|
27
28
|
@dependency = dependency
|
|
28
29
|
@unprepared_dependency_files = unprepared_dependency_files
|
|
29
30
|
@credentials = credentials
|
|
@@ -34,6 +35,7 @@ module Dependabot
|
|
|
34
35
|
@remove_git_source = remove_git_source
|
|
35
36
|
@unlock_requirement = unlock_requirement
|
|
36
37
|
@latest_allowable_version = latest_allowable_version
|
|
38
|
+
@options = options
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
def latest_resolvable_version_details
|
|
@@ -45,7 +47,8 @@ module Dependabot
|
|
|
45
47
|
|
|
46
48
|
attr_reader :dependency, :unprepared_dependency_files,
|
|
47
49
|
:repo_contents_path, :credentials, :ignored_versions,
|
|
48
|
-
:replacement_git_pin, :latest_allowable_version
|
|
50
|
+
:replacement_git_pin, :latest_allowable_version,
|
|
51
|
+
:options
|
|
49
52
|
|
|
50
53
|
def remove_git_source?
|
|
51
54
|
@remove_git_source
|
|
@@ -164,7 +167,8 @@ module Dependabot
|
|
|
164
167
|
credentials: credentials,
|
|
165
168
|
ignored_versions: ignored_versions,
|
|
166
169
|
raise_on_ignored: @raise_on_ignored,
|
|
167
|
-
security_advisories: []
|
|
170
|
+
security_advisories: [],
|
|
171
|
+
options: options
|
|
168
172
|
).latest_version_details
|
|
169
173
|
end
|
|
170
174
|
|
|
@@ -221,7 +225,7 @@ module Dependabot
|
|
|
221
225
|
end
|
|
222
226
|
|
|
223
227
|
def bundler_version
|
|
224
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
228
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
225
229
|
end
|
|
226
230
|
end
|
|
227
231
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.138.
|
|
4
|
+
version: 0.138.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.138.
|
|
19
|
+
version: 0.138.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.138.
|
|
26
|
+
version: 0.138.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +206,14 @@ files:
|
|
|
206
206
|
- helpers/v1/spec/functions/version_resolver_spec.rb
|
|
207
207
|
- helpers/v1/spec/native_spec_helper.rb
|
|
208
208
|
- helpers/v1/spec/shared_contexts.rb
|
|
209
|
+
- helpers/v2/.bundle/config
|
|
210
|
+
- helpers/v2/.gitignore
|
|
211
|
+
- helpers/v2/Gemfile
|
|
212
|
+
- helpers/v2/build
|
|
213
|
+
- helpers/v2/lib/functions.rb
|
|
214
|
+
- helpers/v2/run.rb
|
|
215
|
+
- helpers/v2/spec/functions_spec.rb
|
|
216
|
+
- helpers/v2/spec/native_spec_helper.rb
|
|
209
217
|
- lib/dependabot/bundler.rb
|
|
210
218
|
- lib/dependabot/bundler/file_fetcher.rb
|
|
211
219
|
- lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
|