dependabot-bundler 0.138.0 → 0.138.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/v2/.bundle/config +2 -0
- data/helpers/v2/.gitignore +9 -0
- data/helpers/v2/Gemfile +12 -0
- data/helpers/v2/build +23 -0
- data/helpers/v2/lib/functions.rb +67 -0
- data/helpers/v2/run.rb +30 -0
- data/helpers/v2/spec/functions_spec.rb +37 -0
- data/helpers/v2/spec/native_spec_helper.rb +50 -0
- data/lib/dependabot/bundler/file_parser.rb +13 -1
- data/lib/dependabot/bundler/file_updater.rb +3 -2
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +4 -3
- data/lib/dependabot/bundler/helpers.rb +15 -3
- data/lib/dependabot/bundler/native_helpers.rb +5 -0
- data/lib/dependabot/bundler/update_checker.rb +12 -6
- data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +5 -2
- data/lib/dependabot/bundler/update_checker/force_updater.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +6 -3
- data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -3
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +0 -4
- data/lib/dependabot/bundler/update_checker/version_resolver.rb +8 -4
- metadata +11 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '098bacb84fe60a2f7e46f7f272f89623567b18cd9ce7f21b9450c6ced8c43ce3'
|
|
4
|
+
data.tar.gz: f13d6f9506e266880ded948007e0df3050962a16efa6ec323e870804dbce5b93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 672c92cf4c9dbafd99e67516d085c8a81ab9cedfc4ef0c1b9e1d1fc70706e19698013ccf546c653bddc857b9a58debd5112ad2c2dddd40abc02d5afac8c3c0fa
|
|
7
|
+
data.tar.gz: a89c52b1b2b0b7a7cd14b2d9186d6b10d29e63bc29bf890b4e2e74931eaa1ce828e5e8e2117079887bcbee5c85dacf5903092f75febb430c3ef7f107c0c6151d
|
data/helpers/v2/Gemfile
ADDED
data/helpers/v2/build
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
|
|
3
|
+
set -e
|
|
4
|
+
|
|
5
|
+
install_dir=$1
|
|
6
|
+
if [ -z "$install_dir" ]; then
|
|
7
|
+
echo "usage: $0 INSTALL_DIR"
|
|
8
|
+
exit 1
|
|
9
|
+
fi
|
|
10
|
+
|
|
11
|
+
helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
|
|
12
|
+
cp -r \
|
|
13
|
+
"$helpers_dir/.bundle" \
|
|
14
|
+
"$helpers_dir/lib" \
|
|
15
|
+
"$helpers_dir/run.rb" \
|
|
16
|
+
"$helpers_dir/Gemfile" \
|
|
17
|
+
"$install_dir"
|
|
18
|
+
|
|
19
|
+
cd "$install_dir"
|
|
20
|
+
|
|
21
|
+
# NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
|
|
22
|
+
# forcing specs and native helpers to run with the same version
|
|
23
|
+
BUNDLER_VERSION=2 bundle install
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
module Functions
|
|
2
|
+
class NotImplementedError < StandardError; end
|
|
3
|
+
|
|
4
|
+
def self.parsed_gemfile(lockfile_name:, gemfile_name:, dir:)
|
|
5
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.parsed_gemspec(lockfile_name:, gemspec_name:, dir:)
|
|
9
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.vendor_cache_dir(dir:)
|
|
13
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.update_lockfile(dir:, gemfile_name:, lockfile_name:, using_bundler2:,
|
|
17
|
+
credentials:, dependencies:)
|
|
18
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def self.force_update(dir:, dependency_name:, target_version:, gemfile_name:,
|
|
22
|
+
lockfile_name:, using_bundler2:, credentials:,
|
|
23
|
+
update_multiple_dependencies:)
|
|
24
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def self.dependency_source_type(gemfile_name:, dependency_name:, dir:,
|
|
28
|
+
credentials:)
|
|
29
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def self.depencency_source_latest_git_version(gemfile_name:, dependency_name:,
|
|
33
|
+
dir:, credentials:,
|
|
34
|
+
dependency_source_url:,
|
|
35
|
+
dependency_source_branch:)
|
|
36
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.private_registry_versions(gemfile_name:, dependency_name:, dir:,
|
|
40
|
+
credentials:)
|
|
41
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def self.resolve_version(dependency_name:, dependency_requirements:,
|
|
45
|
+
gemfile_name:, lockfile_name:, using_bundler2:,
|
|
46
|
+
dir:, credentials:)
|
|
47
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def self.jfrog_source(dir:, gemfile_name:, credentials:, using_bundler2:)
|
|
51
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def self.git_specs(dir:, gemfile_name:, credentials:, using_bundler2:)
|
|
55
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def self.set_bundler_flags_and_credentials(dir:, credentials:,
|
|
59
|
+
using_bundler2:)
|
|
60
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def self.conflicting_dependencies(dir:, dependency_name:, target_version:,
|
|
64
|
+
lockfile_name:, using_bundler2:, credentials:)
|
|
65
|
+
raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
|
|
66
|
+
end
|
|
67
|
+
end
|
data/helpers/v2/run.rb
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
require "bundler"
|
|
2
|
+
require "json"
|
|
3
|
+
|
|
4
|
+
$LOAD_PATH.unshift(File.expand_path("./lib", __dir__))
|
|
5
|
+
$LOAD_PATH.unshift(File.expand_path("../v1/monkey_patches", __dir__))
|
|
6
|
+
|
|
7
|
+
# Bundler monkey patches
|
|
8
|
+
require "definition_ruby_version_patch"
|
|
9
|
+
require "definition_bundler_version_patch"
|
|
10
|
+
require "git_source_patch"
|
|
11
|
+
|
|
12
|
+
require "functions"
|
|
13
|
+
|
|
14
|
+
def output(obj)
|
|
15
|
+
print JSON.dump(obj)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
begin
|
|
19
|
+
request = JSON.parse($stdin.read)
|
|
20
|
+
|
|
21
|
+
function = request["function"]
|
|
22
|
+
args = request["args"].transform_keys(&:to_sym)
|
|
23
|
+
|
|
24
|
+
output({ result: Functions.send(function, **args) })
|
|
25
|
+
rescue => error
|
|
26
|
+
output(
|
|
27
|
+
{ error: error.message, error_class: error.class, trace: error.backtrace }
|
|
28
|
+
)
|
|
29
|
+
exit(1)
|
|
30
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "native_spec_helper"
|
|
4
|
+
|
|
5
|
+
RSpec.describe Functions do
|
|
6
|
+
# Verify v1 method signatures are exist, but raise as NYI
|
|
7
|
+
{
|
|
8
|
+
parsed_gemfile: [ :lockfile_name, :gemfile_name, :dir ],
|
|
9
|
+
parsed_gemspec: [ :lockfile_name, :gemspec_name, :dir ],
|
|
10
|
+
vendor_cache_dir: [ :dir ],
|
|
11
|
+
update_lockfile: [ :dir, :gemfile_name, :lockfile_name, :using_bundler2, :credentials, :dependencies ],
|
|
12
|
+
force_update: [ :dir, :dependency_name, :target_version, :gemfile_name, :lockfile_name, :using_bundler2,
|
|
13
|
+
:credentials, :update_multiple_dependencies ],
|
|
14
|
+
dependency_source_type: [ :gemfile_name, :dependency_name, :dir, :credentials ],
|
|
15
|
+
depencency_source_latest_git_version: [ :gemfile_name, :dependency_name, :dir, :credentials, :dependency_source_url,
|
|
16
|
+
:dependency_source_branch ],
|
|
17
|
+
private_registry_versions: [:gemfile_name, :dependency_name, :dir, :credentials ],
|
|
18
|
+
resolve_version: [:dependency_name, :dependency_requirements, :gemfile_name, :lockfile_name, :using_bundler2,
|
|
19
|
+
:dir, :credentials],
|
|
20
|
+
jfrog_source: [:dir, :gemfile_name, :credentials, :using_bundler2],
|
|
21
|
+
git_specs: [:dir, :gemfile_name, :credentials, :using_bundler2],
|
|
22
|
+
set_bundler_flags_and_credentials: [:dir, :credentials, :using_bundler2],
|
|
23
|
+
conflicting_dependencies: [:dir, :dependency_name, :target_version, :lockfile_name, :using_bundler2, :credentials]
|
|
24
|
+
}.each do |function, kwargs|
|
|
25
|
+
describe "::#{function}" do
|
|
26
|
+
let(:args) do
|
|
27
|
+
kwargs.inject({}) do |args, keyword|
|
|
28
|
+
args.merge({ keyword => anything })
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it "raises a NYI" do
|
|
33
|
+
expect { Functions.send(function, **args) }.to raise_error(Functions::NotImplementedError)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "rspec/its"
|
|
4
|
+
require "webmock/rspec"
|
|
5
|
+
require "byebug"
|
|
6
|
+
|
|
7
|
+
$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
|
|
8
|
+
# TODO: Fork `v1/monkey_patches` into `v2/monkey_patches` ?
|
|
9
|
+
$LOAD_PATH.unshift(File.expand_path("../../v1/monkey_patches", __dir__))
|
|
10
|
+
|
|
11
|
+
# Bundler monkey patches
|
|
12
|
+
require "definition_ruby_version_patch"
|
|
13
|
+
require "definition_bundler_version_patch"
|
|
14
|
+
require "git_source_patch"
|
|
15
|
+
|
|
16
|
+
require "functions"
|
|
17
|
+
|
|
18
|
+
RSpec.configure do |config|
|
|
19
|
+
config.color = true
|
|
20
|
+
config.order = :rand
|
|
21
|
+
config.mock_with(:rspec) { |mocks| mocks.verify_partial_doubles = true }
|
|
22
|
+
config.raise_errors_for_deprecations!
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
|
|
26
|
+
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
|
27
|
+
LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
|
28
|
+
|
|
29
|
+
def project_dependency_files(project)
|
|
30
|
+
project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
|
|
31
|
+
Dir.chdir(project_path) do
|
|
32
|
+
# NOTE: Include dotfiles (e.g. .npmrc)
|
|
33
|
+
files = Dir.glob("**/*", File::FNM_DOTMATCH)
|
|
34
|
+
files = files.select { |f| File.file?(f) }
|
|
35
|
+
files.map do |filename|
|
|
36
|
+
content = File.read(filename)
|
|
37
|
+
if filename == "Gemfile.lock"
|
|
38
|
+
content = content.gsub(LOCKFILE_ENDING, "")
|
|
39
|
+
end
|
|
40
|
+
{
|
|
41
|
+
name: filename,
|
|
42
|
+
content: content
|
|
43
|
+
}
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def fixture(*name)
|
|
49
|
+
File.read(File.join("../../spec/fixtures", File.join(*name)))
|
|
50
|
+
end
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
dependency_set += gemspec_dependencies
|
|
24
24
|
dependency_set += lockfile_dependencies
|
|
25
25
|
check_external_code(dependency_set.dependencies)
|
|
26
|
+
instrument_package_manager_version
|
|
26
27
|
dependency_set.dependencies
|
|
27
28
|
end
|
|
28
29
|
|
|
@@ -42,6 +43,17 @@ module Dependabot
|
|
|
42
43
|
end
|
|
43
44
|
end
|
|
44
45
|
|
|
46
|
+
def instrument_package_manager_version
|
|
47
|
+
version = Helpers.detected_bundler_version(lockfile)
|
|
48
|
+
Dependabot.instrument(
|
|
49
|
+
Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED,
|
|
50
|
+
ecosystem: "bundler",
|
|
51
|
+
package_managers: {
|
|
52
|
+
"bundler" => version
|
|
53
|
+
}
|
|
54
|
+
)
|
|
55
|
+
end
|
|
56
|
+
|
|
45
57
|
def gemfile_dependencies
|
|
46
58
|
dependencies = DependencySet.new
|
|
47
59
|
|
|
@@ -301,7 +313,7 @@ module Dependabot
|
|
|
301
313
|
end
|
|
302
314
|
|
|
303
315
|
def bundler_version
|
|
304
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
316
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
305
317
|
end
|
|
306
318
|
end
|
|
307
319
|
end
|
|
@@ -151,7 +151,8 @@ module Dependabot
|
|
|
151
151
|
dependencies: dependencies,
|
|
152
152
|
dependency_files: dependency_files,
|
|
153
153
|
repo_contents_path: repo_contents_path,
|
|
154
|
-
credentials: credentials
|
|
154
|
+
credentials: credentials,
|
|
155
|
+
options: options
|
|
155
156
|
).updated_lockfile_content
|
|
156
157
|
end
|
|
157
158
|
|
|
@@ -162,7 +163,7 @@ module Dependabot
|
|
|
162
163
|
end
|
|
163
164
|
|
|
164
165
|
def bundler_version
|
|
165
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
166
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
166
167
|
end
|
|
167
168
|
end
|
|
168
169
|
end
|
|
@@ -33,11 +33,12 @@ module Dependabot
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def initialize(dependencies:, dependency_files:,
|
|
36
|
-
repo_contents_path: nil, credentials:)
|
|
36
|
+
repo_contents_path: nil, credentials:, options:)
|
|
37
37
|
@dependencies = dependencies
|
|
38
38
|
@dependency_files = dependency_files
|
|
39
39
|
@repo_contents_path = repo_contents_path
|
|
40
40
|
@credentials = credentials
|
|
41
|
+
@options = options
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
def updated_lockfile_content
|
|
@@ -54,7 +55,7 @@ module Dependabot
|
|
|
54
55
|
private
|
|
55
56
|
|
|
56
57
|
attr_reader :dependencies, :dependency_files, :repo_contents_path,
|
|
57
|
-
:credentials
|
|
58
|
+
:credentials, :options
|
|
58
59
|
|
|
59
60
|
def build_updated_lockfile
|
|
60
61
|
base_dir = dependency_files.first.directory
|
|
@@ -304,7 +305,7 @@ module Dependabot
|
|
|
304
305
|
end
|
|
305
306
|
|
|
306
307
|
def bundler_version
|
|
307
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
308
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
308
309
|
end
|
|
309
310
|
end
|
|
310
311
|
end
|
|
@@ -6,9 +6,21 @@ module Dependabot
|
|
|
6
6
|
V1 = "1"
|
|
7
7
|
V2 = "2"
|
|
8
8
|
|
|
9
|
-
#
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
# NOTE: options is a manditory argument to ensure we pass it from all calling classes
|
|
10
|
+
def self.bundler_version(_lockfile, options:)
|
|
11
|
+
# For now, force V2 if bundler_2_available
|
|
12
|
+
return V2 if options[:bundler_2_available]
|
|
13
|
+
|
|
14
|
+
# TODO: Add support for bundler v2 based on lockfile
|
|
15
|
+
# return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
16
|
+
|
|
17
|
+
V1
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def self.detected_bundler_version(lockfile)
|
|
21
|
+
return "unknown" unless lockfile
|
|
22
|
+
return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
|
|
23
|
+
|
|
12
24
|
V1
|
|
13
25
|
end
|
|
14
26
|
end
|
|
@@ -22,6 +22,11 @@ module Dependabot
|
|
|
22
22
|
"GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
|
|
23
23
|
}
|
|
24
24
|
)
|
|
25
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
26
|
+
# TODO: Remove once we stop stubbing out the V2 native helper
|
|
27
|
+
raise Dependabot::NotImplemented, e.message if e.error_class == "Functions::NotImplementedError"
|
|
28
|
+
|
|
29
|
+
raise
|
|
25
30
|
end
|
|
26
31
|
end
|
|
27
32
|
|
|
@@ -110,7 +110,8 @@ module Dependabot
|
|
|
110
110
|
ConflictingDependencyResolver.new(
|
|
111
111
|
dependency_files: dependency_files,
|
|
112
112
|
repo_contents_path: repo_contents_path,
|
|
113
|
-
credentials: credentials
|
|
113
|
+
credentials: credentials,
|
|
114
|
+
options: options
|
|
114
115
|
).conflicting_dependencies(
|
|
115
116
|
dependency: dependency,
|
|
116
117
|
target_version: lowest_security_fix_version
|
|
@@ -162,7 +163,8 @@ module Dependabot
|
|
|
162
163
|
credentials: credentials,
|
|
163
164
|
target_version: version,
|
|
164
165
|
requirements_update_strategy: requirements_update_strategy,
|
|
165
|
-
update_multiple_dependencies: false
|
|
166
|
+
update_multiple_dependencies: false,
|
|
167
|
+
options: options
|
|
166
168
|
).updated_dependencies
|
|
167
169
|
true
|
|
168
170
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -183,7 +185,8 @@ module Dependabot
|
|
|
183
185
|
credentials: credentials,
|
|
184
186
|
ignored_versions: ignored_versions,
|
|
185
187
|
raise_on_ignored: raise_on_ignored,
|
|
186
|
-
replacement_git_pin: tag
|
|
188
|
+
replacement_git_pin: tag,
|
|
189
|
+
options: options
|
|
187
190
|
).latest_resolvable_version_details
|
|
188
191
|
true
|
|
189
192
|
rescue Dependabot::DependencyFileNotResolvable
|
|
@@ -339,7 +342,8 @@ module Dependabot
|
|
|
339
342
|
repo_contents_path: repo_contents_path,
|
|
340
343
|
credentials: credentials,
|
|
341
344
|
target_version: latest_version,
|
|
342
|
-
requirements_update_strategy: requirements_update_strategy
|
|
345
|
+
requirements_update_strategy: requirements_update_strategy,
|
|
346
|
+
options: options
|
|
343
347
|
)
|
|
344
348
|
end
|
|
345
349
|
|
|
@@ -365,7 +369,8 @@ module Dependabot
|
|
|
365
369
|
raise_on_ignored: raise_on_ignored,
|
|
366
370
|
remove_git_source: remove_git_source,
|
|
367
371
|
unlock_requirement: unlock_requirement,
|
|
368
|
-
latest_allowable_version: latest_version
|
|
372
|
+
latest_allowable_version: latest_version,
|
|
373
|
+
options: options
|
|
369
374
|
)
|
|
370
375
|
end
|
|
371
376
|
end
|
|
@@ -386,7 +391,8 @@ module Dependabot
|
|
|
386
391
|
credentials: credentials,
|
|
387
392
|
ignored_versions: ignored_versions,
|
|
388
393
|
raise_on_ignored: raise_on_ignored,
|
|
389
|
-
security_advisories: security_advisories
|
|
394
|
+
security_advisories: security_advisories,
|
|
395
|
+
options: options
|
|
390
396
|
)
|
|
391
397
|
end
|
|
392
398
|
end
|
|
@@ -12,10 +12,13 @@ module Dependabot
|
|
|
12
12
|
require_relative "shared_bundler_helpers"
|
|
13
13
|
include SharedBundlerHelpers
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
attr_reader :options
|
|
16
|
+
|
|
17
|
+
def initialize(dependency_files:, repo_contents_path:, credentials:, options:)
|
|
16
18
|
@dependency_files = dependency_files
|
|
17
19
|
@repo_contents_path = repo_contents_path
|
|
18
20
|
@credentials = credentials
|
|
21
|
+
@options = options
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
# Finds any dependencies in the lockfile that have a subdependency on
|
|
@@ -47,7 +50,7 @@ module Dependabot
|
|
|
47
50
|
private
|
|
48
51
|
|
|
49
52
|
def bundler_version
|
|
50
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
53
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
51
54
|
end
|
|
52
55
|
end
|
|
53
56
|
end
|
|
@@ -19,7 +19,8 @@ module Dependabot
|
|
|
19
19
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
20
20
|
credentials:, target_version:,
|
|
21
21
|
requirements_update_strategy:,
|
|
22
|
-
update_multiple_dependencies: true
|
|
22
|
+
update_multiple_dependencies: true,
|
|
23
|
+
options:)
|
|
23
24
|
@dependency = dependency
|
|
24
25
|
@dependency_files = dependency_files
|
|
25
26
|
@repo_contents_path = repo_contents_path
|
|
@@ -27,6 +28,7 @@ module Dependabot
|
|
|
27
28
|
@target_version = target_version
|
|
28
29
|
@requirements_update_strategy = requirements_update_strategy
|
|
29
30
|
@update_multiple_dependencies = update_multiple_dependencies
|
|
31
|
+
@options = options
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
def updated_dependencies
|
|
@@ -36,7 +38,8 @@ module Dependabot
|
|
|
36
38
|
private
|
|
37
39
|
|
|
38
40
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :target_version, :requirements_update_strategy
|
|
41
|
+
:credentials, :target_version, :requirements_update_strategy,
|
|
42
|
+
:options
|
|
40
43
|
|
|
41
44
|
def update_multiple_dependencies?
|
|
42
45
|
@update_multiple_dependencies
|
|
@@ -149,7 +152,7 @@ module Dependabot
|
|
|
149
152
|
end
|
|
150
153
|
|
|
151
154
|
def bundler_version
|
|
152
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
155
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
153
156
|
end
|
|
154
157
|
end
|
|
155
158
|
end
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
class LatestVersionFinder
|
|
16
16
|
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
|
|
17
17
|
credentials:, ignored_versions:, raise_on_ignored: false,
|
|
18
|
-
security_advisories:)
|
|
18
|
+
security_advisories:, options:)
|
|
19
19
|
@dependency = dependency
|
|
20
20
|
@dependency_files = dependency_files
|
|
21
21
|
@repo_contents_path = repo_contents_path
|
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
|
23
23
|
@ignored_versions = ignored_versions
|
|
24
24
|
@raise_on_ignored = raise_on_ignored
|
|
25
25
|
@security_advisories = security_advisories
|
|
26
|
+
@options = options
|
|
26
27
|
end
|
|
27
28
|
|
|
28
29
|
def latest_version_details
|
|
@@ -36,7 +37,8 @@ module Dependabot
|
|
|
36
37
|
private
|
|
37
38
|
|
|
38
39
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
39
|
-
:credentials, :ignored_versions, :security_advisories
|
|
40
|
+
:credentials, :ignored_versions, :security_advisories,
|
|
41
|
+
:options
|
|
40
42
|
|
|
41
43
|
def fetch_latest_version_details
|
|
42
44
|
return dependency_source.latest_git_version_details if dependency_source.git?
|
|
@@ -103,7 +105,8 @@ module Dependabot
|
|
|
103
105
|
@dependency_source ||= DependencySource.new(
|
|
104
106
|
dependency: dependency,
|
|
105
107
|
dependency_files: dependency_files,
|
|
106
|
-
credentials: credentials
|
|
108
|
+
credentials: credentials,
|
|
109
|
+
options: options
|
|
107
110
|
)
|
|
108
111
|
end
|
|
109
112
|
|
|
@@ -17,14 +17,16 @@ module Dependabot
|
|
|
17
17
|
OTHER = "other"
|
|
18
18
|
|
|
19
19
|
attr_reader :dependency, :dependency_files, :repo_contents_path,
|
|
20
|
-
:credentials
|
|
20
|
+
:credentials, :options
|
|
21
21
|
|
|
22
22
|
def initialize(dependency:,
|
|
23
23
|
dependency_files:,
|
|
24
|
-
credentials
|
|
24
|
+
credentials:,
|
|
25
|
+
options:)
|
|
25
26
|
@dependency = dependency
|
|
26
27
|
@dependency_files = dependency_files
|
|
27
28
|
@credentials = credentials
|
|
29
|
+
@options = options
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
# The latest version details for the dependency from a registry
|
|
@@ -145,7 +147,7 @@ module Dependabot
|
|
|
145
147
|
end
|
|
146
148
|
|
|
147
149
|
def bundler_version
|
|
148
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
150
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
149
151
|
end
|
|
150
152
|
end
|
|
151
153
|
end
|
|
@@ -23,7 +23,8 @@ module Dependabot
|
|
|
23
23
|
raise_on_ignored: false,
|
|
24
24
|
replacement_git_pin: nil, remove_git_source: false,
|
|
25
25
|
unlock_requirement: true,
|
|
26
|
-
latest_allowable_version: nil
|
|
26
|
+
latest_allowable_version: nil,
|
|
27
|
+
options:)
|
|
27
28
|
@dependency = dependency
|
|
28
29
|
@unprepared_dependency_files = unprepared_dependency_files
|
|
29
30
|
@credentials = credentials
|
|
@@ -34,6 +35,7 @@ module Dependabot
|
|
|
34
35
|
@remove_git_source = remove_git_source
|
|
35
36
|
@unlock_requirement = unlock_requirement
|
|
36
37
|
@latest_allowable_version = latest_allowable_version
|
|
38
|
+
@options = options
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
def latest_resolvable_version_details
|
|
@@ -45,7 +47,8 @@ module Dependabot
|
|
|
45
47
|
|
|
46
48
|
attr_reader :dependency, :unprepared_dependency_files,
|
|
47
49
|
:repo_contents_path, :credentials, :ignored_versions,
|
|
48
|
-
:replacement_git_pin, :latest_allowable_version
|
|
50
|
+
:replacement_git_pin, :latest_allowable_version,
|
|
51
|
+
:options
|
|
49
52
|
|
|
50
53
|
def remove_git_source?
|
|
51
54
|
@remove_git_source
|
|
@@ -164,7 +167,8 @@ module Dependabot
|
|
|
164
167
|
credentials: credentials,
|
|
165
168
|
ignored_versions: ignored_versions,
|
|
166
169
|
raise_on_ignored: @raise_on_ignored,
|
|
167
|
-
security_advisories: []
|
|
170
|
+
security_advisories: [],
|
|
171
|
+
options: options
|
|
168
172
|
).latest_version_details
|
|
169
173
|
end
|
|
170
174
|
|
|
@@ -221,7 +225,7 @@ module Dependabot
|
|
|
221
225
|
end
|
|
222
226
|
|
|
223
227
|
def bundler_version
|
|
224
|
-
@bundler_version ||= Helpers.bundler_version(lockfile)
|
|
228
|
+
@bundler_version ||= Helpers.bundler_version(lockfile, options: options)
|
|
225
229
|
end
|
|
226
230
|
end
|
|
227
231
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.138.
|
|
4
|
+
version: 0.138.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.138.
|
|
19
|
+
version: 0.138.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.138.
|
|
26
|
+
version: 0.138.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +206,14 @@ files:
|
|
|
206
206
|
- helpers/v1/spec/functions/version_resolver_spec.rb
|
|
207
207
|
- helpers/v1/spec/native_spec_helper.rb
|
|
208
208
|
- helpers/v1/spec/shared_contexts.rb
|
|
209
|
+
- helpers/v2/.bundle/config
|
|
210
|
+
- helpers/v2/.gitignore
|
|
211
|
+
- helpers/v2/Gemfile
|
|
212
|
+
- helpers/v2/build
|
|
213
|
+
- helpers/v2/lib/functions.rb
|
|
214
|
+
- helpers/v2/run.rb
|
|
215
|
+
- helpers/v2/spec/functions_spec.rb
|
|
216
|
+
- helpers/v2/spec/native_spec_helper.rb
|
|
209
217
|
- lib/dependabot/bundler.rb
|
|
210
218
|
- lib/dependabot/bundler/file_fetcher.rb
|
|
211
219
|
- lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
|