dependabot-bundler 0.250.0 → 0.251.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 27d622976d94b8a0aac2be7087c57c6dfa5470f336d473f23543dafbb9082e92
-  data.tar.gz: 7c50f855e33ee94d51be8905cda9c5faafaa60ae0c64ec7c6c07ce6c2c3493f3
+  metadata.gz: ba73dba0b4c1818a3974d48de55ed45907c6313b7a7d93a7e7f438af22cf20ac
+  data.tar.gz: 38594d1b08adc8b5e65c1b7716a762c28acd36af9bacde2c38dd88f507407ae7
 SHA512:
-  metadata.gz: 8240d0596abf1210238b91370011af2f13e4d92d2459aa8efc40f657fb47dd2f981d2ce2f2bf2dee7251390f96e1f818e26660b73015c97c9d7f9d196d980d59
-  data.tar.gz: d4c36b887b3e459a61e621a22740c535b72591f5826538efc0dc73a356912d912be44e14faf22f35d8e012a00f098b6c061af9fe5f6eceb33cc5396efad651c8
+  metadata.gz: e5a26067edfaaaec12e58558f015f0632f2c17a9c929ed2e9714e3767f425cbb6cd441322ee4b4128a245b54b66ec15a405d3338cae9668a8232ef5564c6a53a
+  data.tar.gz: d56e1a245336c959b9c09c89890efde80cadf9ffd851266fa8be959330d89646894ce00c8c8a93b5e579762ad2d26972292669acb79e41861fac29fcbeaa4ec2

data/lib/dependabot/bundler/cached_lockfile_parser.rb

@@ -0,0 +1,24 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "digest"
+require "digest/sha2"
+require "bundler/lockfile_parser"
+
+module Dependabot
+  module Bundler
+    class CachedLockfileParser
+      extend T::Sig
+
+      sig { params(lockfile_content: String).returns(::Bundler::LockfileParser) }
+      def self.parse(lockfile_content)
+        lockfile_hash = Digest::SHA2.hexdigest(lockfile_content)
+        @cache ||= T.let({}, T.nilable(T::Hash[String, ::Bundler::LockfileParser]))
+        return T.must(@cache[lockfile_hash]) if @cache.key?(lockfile_hash)
+
+        @cache[lockfile_hash] = ::Bundler::LockfileParser.new(lockfile_content)
+      end
+    end
+  end
+end

data/lib/dependabot/bundler/file_fetcher.rb

@@ -5,6 +5,7 @@ require "sorbet-runtime"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
 require "dependabot/bundler/file_updater/lockfile_updater"
+require "dependabot/bundler/cached_lockfile_parser"
 require "dependabot/errors"
 
 module Dependabot
@@ -162,8 +163,7 @@ module Dependabot
 
       def fetch_path_gemspec_paths
         if lockfile
-          parsed_lockfile = ::Bundler::LockfileParser
-                            .new(sanitized_lockfile_content)
+          parsed_lockfile = CachedLockfileParser.parse(sanitized_lockfile_content)
           parsed_lockfile.specs
                          .select { |s| s.source.instance_of?(::Bundler::Source::Path) }
                          .map { |s| s.source.path }.uniq

data/lib/dependabot/bundler/file_parser.rb

@@ -1,6 +1,7 @@
 # typed: true
 # frozen_string_literal: true
 
+require "parallel"
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
@@ -8,6 +9,7 @@ require "dependabot/bundler/file_updater/lockfile_updater"
 require "dependabot/bundler/native_helpers"
 require "dependabot/bundler/helpers"
 require "dependabot/bundler/version"
+require "dependabot/bundler/cached_lockfile_parser"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 
@@ -74,16 +76,18 @@ module Dependabot
       end
 
       def gemspec_dependencies
-        dependencies = DependencySet.new
+        queue = Queue.new
 
-        gemspecs.each do |gemspec|
-          gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
+        SharedHelpers.in_a_temporary_repo_directory(base_directory, repo_contents_path) do
+          write_temporary_dependency_files
 
-          parsed_gemspec(gemspec).each do |dependency|
-            next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
+          Parallel.map(gemspecs, in_threads: 4) do |gemspec|
+            gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
 
-            dependencies <<
-              Dependency.new(
+            parsed_gemspec(gemspec).each do |dependency|
+              next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
+
+              queue << Dependency.new(
                 name: dependency.fetch("name"),
                 version: dependency_version(dependency.fetch("name"))&.to_s,
                 requirements: [{
@@ -98,10 +102,13 @@ module Dependabot
                 }],
                 package_manager: "bundler"
               )
+            end
           end
         end
 
-        dependencies
+        dependency_set = DependencySet.new
+        dependency_set << queue.pop(true) while queue.size.positive?
+        dependency_set
       end
 
       def lockfile_dependencies
@@ -161,23 +168,16 @@ module Dependabot
       end
 
       def parsed_gemspec(file)
-        @parsed_gemspecs ||= {}
-        @parsed_gemspecs[file.name] ||=
-          SharedHelpers.in_a_temporary_repo_directory(base_directory,
-                                                      repo_contents_path) do
-            write_temporary_dependency_files
-
-            NativeHelpers.run_bundler_subprocess(
-              bundler_version: bundler_version,
-              function: "parsed_gemspec",
-              options: options,
-              args: {
-                gemspec_name: file.name,
-                lockfile_name: lockfile&.name,
-                dir: Dir.pwd
-              }
-            )
-          end
+        NativeHelpers.run_bundler_subprocess(
+          bundler_version: bundler_version,
+          function: "parsed_gemspec",
+          options: options,
+          args: {
+            gemspec_name: file.name,
+            lockfile_name: lockfile&.name,
+            dir: Dir.pwd
+          }
+        )
       rescue SharedHelpers::HelperSubprocessFailed => e
         msg = e.error_class + " with message: " + e.message
         raise Dependabot::DependencyFileNotEvaluatable, msg
@@ -255,8 +255,7 @@ module Dependabot
       end
 
       def parsed_lockfile
-        @parsed_lockfile ||=
-          ::Bundler::LockfileParser.new(sanitized_lockfile_content)
+        @parsed_lockfile ||= CachedLockfileParser.parse(sanitized_lockfile_content)
       end
 
       def production_dep_names

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -6,6 +6,7 @@ require "bundler"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 require "dependabot/bundler/file_updater"
+require "dependabot/bundler/cached_lockfile_parser"
 require "dependabot/bundler/native_helpers"
 require "dependabot/bundler/helpers"
 
@@ -216,8 +217,8 @@ module Dependabot
                                        .dependency_name || File.basename(path, ".gemspec")
 
           gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_body).specs
-                                     .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
+            CachedLockfileParser.parse(sanitized_lockfile_body).specs
+                                .select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
 
           gemspec_specs.first&.version || "0.0.1"
         end

data/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -3,6 +3,7 @@
 
 require "dependabot/dependency_file"
 require "dependabot/bundler/update_checker"
+require "dependabot/bundler/cached_lockfile_parser"
 require "dependabot/bundler/file_updater/gemspec_sanitizer"
 require "dependabot/bundler/file_updater/git_pin_replacer"
 require "dependabot/bundler/file_updater/git_source_remover"
@@ -268,8 +269,8 @@ module Dependabot
           return "0.0.1" unless lockfile
 
           gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_content).specs
-                                     .select { |s| gemspec_sources.include?(s.source.class) }
+            CachedLockfileParser.parse(sanitized_lockfile_content).specs
+                                .select { |s| gemspec_sources.include?(s.source.class) }
 
           gem_name =
             FileUpdater::GemspecDependencyNameFinder

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.250.0
+  version: 0.251.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-02 00:00:00.000000000 Z
+date: 2024-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.250.0
+        version: 0.251.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.250.0
+        version: 0.251.0
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.24'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.24'
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -289,6 +303,7 @@ files:
 - helpers/v2/spec/ruby_version_spec.rb
 - helpers/v2/spec/shared_contexts.rb
 - lib/dependabot/bundler.rb
+- lib/dependabot/bundler/cached_lockfile_parser.rb
 - lib/dependabot/bundler/file_fetcher.rb
 - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb
 - lib/dependabot/bundler/file_fetcher/gemspec_finder.rb
@@ -327,7 +342,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.250.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.251.0
 post_install_message: 
 rdoc_options: []
 require_paths: