dependabot-bundler 0.260.0 → 0.261.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
  3. data/helpers/v1/spec/functions/dependency_source_spec.rb +2 -2
  4. data/helpers/v1/spec/functions/file_parser_spec.rb +2 -2
  5. data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb +52 -68
  6. data/helpers/v2/spec/functions/dependency_source_spec.rb +2 -2
  7. data/helpers/v2/spec/functions/file_parser_spec.rb +3 -3
  8. data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +36 -7
  9. data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +17 -6
  10. data/lib/dependabot/bundler/file_updater/git_source_remover.rb +6 -2
  11. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +15 -1
  12. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c9538499869166af66a0f2a6659e4e98a79e315448a80829ab14e92b28957594
4
- data.tar.gz: c7b99137ddf893896b49fcb90e33144d5dd4b25cf2f1e423bfb5c93a3659e896
3
+ metadata.gz: a8b215bdea5dc17ab35848e557529c8e22851f703a5fe3ef8965cf5bf9e15331
4
+ data.tar.gz: d453d01dccec321c438dff7c8f2107b4f6b75cbecaf67823e250988b860f78cd
5
5
  SHA512:
6
- metadata.gz: 1ae19b8684f6edd8021bfe9ea83b9e434c97a76718d5c7acb510fb063473c0537492cfad227edd1b1d7fdd5260dea1256df3cae09dfc8b0573945f0ce39a13c9
7
- data.tar.gz: 7feb5e67e67b9740b465371bbc38cb5f2796c0b07f38b0bf34a18ea3c6939dca58e577ead93168ed35947a8a0e2810364e93dbed3c72efc345d84072b87aa393
6
+ metadata.gz: 4319c06b8a84ade9b143ea5949e4be67d01e81a94d85d97f99d477f0fb2f836937bec1a752b61301fc2608183c38516bd13043d3f8fa12dcbc41dd717b262baa
7
+ data.tar.gz: 96ce46b41f6acec8899157a458fbe47f65812729bd2998d26c4241cb06e39c643b5935b53d358ed09374affb8df5b74862b8133c30419b4fa29ffb6881ec34c2
data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb CHANGED
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
42
42
  let(:target_version) { "6.0.0" }
43
43
 
44
44
  it "returns a list of dependencies that block the update" do
45
- expect(conflicting_dependencies).to match_array(
46
- [
47
- {
48
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
49
- "name" => "rails",
50
- "requirement" => "= 5.2.0",
51
- "version" => "5.2.0"
52
- },
53
- {
54
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
55
- "name" => "actionpack",
56
- "version" => "5.2.0",
57
- "requirement" => "= 5.2.0"
58
- },
59
- {
60
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
61
- "name" => "actionview",
62
- "version" => "5.2.0",
63
- "requirement" => "= 5.2.0"
64
- },
65
- {
66
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
67
- "name" => "activejob",
68
- "version" => "5.2.0",
69
- "requirement" => "= 5.2.0"
70
- },
71
- {
72
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
73
- "name" => "activemodel",
74
- "version" => "5.2.0",
75
- "requirement" => "= 5.2.0"
76
- },
77
- {
78
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
79
- "name" => "activerecord",
80
- "version" => "5.2.0",
81
- "requirement" => "= 5.2.0"
82
- },
83
- {
84
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
85
- "name" => "railties",
86
- "version" => "5.2.0",
87
- "requirement" => "= 5.2.0"
88
- }
89
- ]
90
- )
45
+ expect(conflicting_dependencies).to contain_exactly({
46
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
47
+ "name" => "rails",
48
+ "requirement" => "= 5.2.0",
49
+ "version" => "5.2.0"
50
+ }, {
51
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
52
+ "name" => "actionpack",
53
+ "version" => "5.2.0",
54
+ "requirement" => "= 5.2.0"
55
+ }, {
56
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
57
+ "name" => "actionview",
58
+ "version" => "5.2.0",
59
+ "requirement" => "= 5.2.0"
60
+ }, {
61
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
62
+ "name" => "activejob",
63
+ "version" => "5.2.0",
64
+ "requirement" => "= 5.2.0"
65
+ }, {
66
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
67
+ "name" => "activemodel",
68
+ "version" => "5.2.0",
69
+ "requirement" => "= 5.2.0"
70
+ }, {
71
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
72
+ "name" => "activerecord",
73
+ "version" => "5.2.0",
74
+ "requirement" => "= 5.2.0"
75
+ }, {
76
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
77
+ "name" => "railties",
78
+ "version" => "5.2.0",
79
+ "requirement" => "= 5.2.0"
80
+ })
91
81
  end
92
82
  end
93
83
 
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
98
88
  let(:project_name) { "multiple_blocking" }
99
89
 
100
90
  it "returns all of the blocking dependencies" do
101
- expect(conflicting_dependencies).to match_array(
102
- [
103
- {
104
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
105
- "name" => "actionpack",
106
- "version" => "5.0.0",
107
- "requirement" => "= 5.0.0"
108
- },
109
- {
110
- "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
111
- "name" => "actionview",
112
- "version" => "5.0.0",
113
- "requirement" => "= 5.0.0"
114
- },
115
- {
116
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
117
- "name" => "activejob",
118
- "version" => "5.0.0",
119
- "requirement" => "= 5.0.0"
120
- }
121
- ]
122
- )
91
+ expect(conflicting_dependencies).to contain_exactly({
92
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
93
+ "name" => "actionpack",
94
+ "version" => "5.0.0",
95
+ "requirement" => "= 5.0.0"
96
+ }, {
97
+ "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
98
+ "name" => "actionview",
99
+ "version" => "5.0.0",
100
+ "requirement" => "= 5.0.0"
101
+ }, {
102
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
103
+ "name" => "activejob",
104
+ "version" => "5.0.0",
105
+ "requirement" => "= 5.0.0"
106
+ })
123
107
  end
124
108
  end
125
109
 
data/helpers/v1/spec/functions/dependency_source_spec.rb CHANGED
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
40
40
  end
41
41
 
42
42
  it "returns all versions from the private source" do
43
- is_expected.to eq([
43
+ expect(private_registry_versions).to eq([
44
44
  Gem::Version.new("1.5.0"),
45
45
  Gem::Version.new("1.9.0"),
46
46
  Gem::Version.new("1.10.0.beta")
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
51
51
  let(:project_name) { "specified_default_source_no_lockfile" }
52
52
 
53
53
  it "returns all versions from the private source" do
54
- is_expected.to eq([
54
+ expect(private_registry_versions).to eq([
55
55
  Gem::Version.new("1.5.0"),
56
56
  Gem::Version.new("1.9.0"),
57
57
  Gem::Version.new("1.10.0.beta")
data/helpers/v1/spec/functions/file_parser_spec.rb CHANGED
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
39
39
  type: :runtime
40
40
  }
41
41
  ]
42
- is_expected.to eq(parsed_gemfile)
42
+ expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion
43
43
  end
44
44
  end
45
45
 
@@ -69,7 +69,7 @@ RSpec.describe Functions::FileParser do
69
69
  type: :runtime
70
70
  }
71
71
  ]
72
- is_expected.to eq(parsed_gemspec)
72
+ expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion
73
73
  end
74
74
  end
75
75
  end
data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb CHANGED
@@ -42,52 +42,42 @@ RSpec.describe Functions::ConflictingDependencyResolver do
42
42
  let(:target_version) { "6.0.0" }
43
43
 
44
44
  it "returns a list of dependencies that block the update" do
45
- expect(conflicting_dependencies).to match_array(
46
- [
47
- {
48
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
49
- "name" => "rails",
50
- "requirement" => "= 5.2.0",
51
- "version" => "5.2.0"
52
- },
53
- {
54
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
55
- "name" => "actionpack",
56
- "version" => "5.2.0",
57
- "requirement" => "= 5.2.0"
58
- },
59
- {
60
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
61
- "name" => "actionview",
62
- "version" => "5.2.0",
63
- "requirement" => "= 5.2.0"
64
- },
65
- {
66
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
67
- "name" => "activejob",
68
- "version" => "5.2.0",
69
- "requirement" => "= 5.2.0"
70
- },
71
- {
72
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
73
- "name" => "activemodel",
74
- "version" => "5.2.0",
75
- "requirement" => "= 5.2.0"
76
- },
77
- {
78
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
79
- "name" => "activerecord",
80
- "version" => "5.2.0",
81
- "requirement" => "= 5.2.0"
82
- },
83
- {
84
- "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
85
- "name" => "railties",
86
- "version" => "5.2.0",
87
- "requirement" => "= 5.2.0"
88
- }
89
- ]
90
- )
45
+ expect(conflicting_dependencies).to contain_exactly({
46
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
47
+ "name" => "rails",
48
+ "requirement" => "= 5.2.0",
49
+ "version" => "5.2.0"
50
+ }, {
51
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
52
+ "name" => "actionpack",
53
+ "version" => "5.2.0",
54
+ "requirement" => "= 5.2.0"
55
+ }, {
56
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
57
+ "name" => "actionview",
58
+ "version" => "5.2.0",
59
+ "requirement" => "= 5.2.0"
60
+ }, {
61
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
62
+ "name" => "activejob",
63
+ "version" => "5.2.0",
64
+ "requirement" => "= 5.2.0"
65
+ }, {
66
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
67
+ "name" => "activemodel",
68
+ "version" => "5.2.0",
69
+ "requirement" => "= 5.2.0"
70
+ }, {
71
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
72
+ "name" => "activerecord",
73
+ "version" => "5.2.0",
74
+ "requirement" => "= 5.2.0"
75
+ }, {
76
+ "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
77
+ "name" => "railties",
78
+ "version" => "5.2.0",
79
+ "requirement" => "= 5.2.0"
80
+ })
91
81
  end
92
82
  end
93
83
 
@@ -98,28 +88,22 @@ RSpec.describe Functions::ConflictingDependencyResolver do
98
88
  let(:project_name) { "multiple_blocking" }
99
89
 
100
90
  it "returns all of the blocking dependencies" do
101
- expect(conflicting_dependencies).to match_array(
102
- [
103
- {
104
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
105
- "name" => "actionpack",
106
- "version" => "5.0.0",
107
- "requirement" => "= 5.0.0"
108
- },
109
- {
110
- "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
111
- "name" => "actionview",
112
- "version" => "5.0.0",
113
- "requirement" => "= 5.0.0"
114
- },
115
- {
116
- "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
117
- "name" => "activejob",
118
- "version" => "5.0.0",
119
- "requirement" => "= 5.0.0"
120
- }
121
- ]
122
- )
91
+ expect(conflicting_dependencies).to contain_exactly({
92
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
93
+ "name" => "actionpack",
94
+ "version" => "5.0.0",
95
+ "requirement" => "= 5.0.0"
96
+ }, {
97
+ "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
98
+ "name" => "actionview",
99
+ "version" => "5.0.0",
100
+ "requirement" => "= 5.0.0"
101
+ }, {
102
+ "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
103
+ "name" => "activejob",
104
+ "version" => "5.0.0",
105
+ "requirement" => "= 5.0.0"
106
+ })
123
107
  end
124
108
  end
125
109
 
data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED
@@ -40,7 +40,7 @@ RSpec.describe Functions::DependencySource do
40
40
  end
41
41
 
42
42
  it "returns all versions from the private source" do
43
- is_expected.to eq([
43
+ expect(private_registry_versions).to eq([
44
44
  Gem::Version.new("1.5.0"),
45
45
  Gem::Version.new("1.9.0"),
46
46
  Gem::Version.new("1.10.0.beta")
@@ -51,7 +51,7 @@ RSpec.describe Functions::DependencySource do
51
51
  let(:project_name) { "specified_default_source_no_lockfile" }
52
52
 
53
53
  it "returns all versions from the private source" do
54
- is_expected.to eq([
54
+ expect(private_registry_versions).to eq([
55
55
  Gem::Version.new("1.5.0"),
56
56
  Gem::Version.new("1.9.0"),
57
57
  Gem::Version.new("1.10.0.beta")
data/helpers/v2/spec/functions/file_parser_spec.rb CHANGED
@@ -39,7 +39,7 @@ RSpec.describe Functions::FileParser do
39
39
  type: :runtime
40
40
  }
41
41
  ]
42
- is_expected.to eq(parsed_gemfile)
42
+ expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
43
43
  end
44
44
 
45
45
  context "with a git source" do
@@ -103,7 +103,7 @@ RSpec.describe Functions::FileParser do
103
103
  type: :runtime
104
104
  }
105
105
  ]
106
- is_expected.to eq(parsed_gemfile)
106
+ expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
107
107
  end
108
108
  end
109
109
  end
@@ -134,7 +134,7 @@ RSpec.describe Functions::FileParser do
134
134
  type: :runtime
135
135
  }
136
136
  ]
137
- is_expected.to eq(parsed_gemspec)
137
+ expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion and NamedSubject
138
138
  end
139
139
  end
140
140
  end
data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb CHANGED
@@ -1,7 +1,9 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
5
+ require "sorbet-runtime"
6
+
5
7
  require "dependabot/file_parsers/base"
6
8
 
7
9
  module Dependabot
@@ -9,20 +11,26 @@ module Dependabot
9
11
  class FileParser < Dependabot::FileParsers::Base
10
12
  # Checks whether a dependency is declared in a Gemfile
11
13
  class GemfileDeclarationFinder
14
+ extend T::Sig
15
+
16
+ sig { params(gemfile: Dependabot::DependencyFile).void }
12
17
  def initialize(gemfile:)
13
18
  @gemfile = gemfile
14
- @declaration_nodes = {}
19
+ @declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
15
20
  end
16
21
 
22
+ sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
17
23
  def gemfile_includes_dependency?(dependency)
18
24
  !declaration_node(dependency).nil?
19
25
  end
20
26
 
27
+ # rubocop:disable Metrics/PerceivedComplexity
28
+ sig { params(dependency: T::Hash[String, String]).returns(T.nilable(String)) }
21
29
  def enhanced_req_string(dependency)
22
30
  return unless gemfile_includes_dependency?(dependency)
23
31
 
24
32
  fallback_string = dependency.fetch("requirement")
25
- req_nodes = declaration_node(dependency).children[3..-1]
33
+ req_nodes = declaration_node(dependency)&.children&.[](3..-1)
26
34
  req_nodes = req_nodes.reject { |child| child.type == :hash }
27
35
 
28
36
  return fallback_string if req_nodes.none?
@@ -37,37 +45,58 @@ module Dependabot
37
45
  fallback_string
38
46
  end
39
47
  end
48
+ # rubocop:enable Metrics/PerceivedComplexity
40
49
 
41
50
  private
42
51
 
52
+ sig { returns(Dependabot::DependencyFile) }
43
53
  attr_reader :gemfile
44
54
 
55
+ sig { returns(T.nilable(Parser::AST::Node)) }
45
56
  def parsed_gemfile
46
- @parsed_gemfile ||= Parser::CurrentRuby.parse(gemfile.content)
57
+ @parsed_gemfile ||= T.let(
58
+ Parser::CurrentRuby.parse(gemfile.content),
59
+ T.nilable(Parser::AST::Node)
60
+ )
47
61
  end
48
62
 
63
+ sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
49
64
  def declaration_node(dependency)
50
65
  return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
51
66
  return unless parsed_gemfile
52
67
 
53
68
  @declaration_nodes[dependency] = nil
54
- parsed_gemfile.children.any? do |node|
69
+ T.must(parsed_gemfile).children.any? do |node|
55
70
  @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
56
71
  end
57
72
  @declaration_nodes[dependency]
58
73
  end
59
74
 
75
+ sig do
76
+ params(
77
+ node: T.untyped,
78
+ dependency: T::Hash[String, String]
79
+ )
80
+ .returns(T.nilable(Parser::AST::Node))
81
+ end
60
82
  def deep_search_for_gem(node, dependency)
61
- return node if declares_targeted_gem?(node, dependency)
83
+ return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
62
84
  return unless node.is_a?(Parser::AST::Node)
63
85
 
64
- declaration_node = nil
86
+ declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
65
87
  node.children.find do |child_node|
66
88
  declaration_node = deep_search_for_gem(child_node, dependency)
67
89
  end
68
90
  declaration_node
69
91
  end
70
92
 
93
+ sig do
94
+ params(
95
+ node: T.untyped,
96
+ dependency: T::Hash[String, String]
97
+ )
98
+ .returns(T::Boolean)
99
+ end
71
100
  def declares_targeted_gem?(node, dependency)
72
101
  return false unless node.is_a?(Parser::AST::Node)
73
102
  return false unless node.children[1] == :gem
data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb CHANGED
@@ -1,7 +1,9 @@
1
- # typed: false
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
5
+ require "sorbet-runtime"
6
+
5
7
  require "dependabot/file_parsers/base"
6
8
 
7
9
  module Dependabot
@@ -9,45 +11,54 @@ module Dependabot
9
11
  class FileParser < Dependabot::FileParsers::Base
10
12
  # Checks whether a dependency is declared in a gemspec file
11
13
  class GemspecDeclarationFinder
14
+ extend T::Sig
15
+
16
+ sig { params(gemspec: Dependabot::DependencyFile).void }
12
17
  def initialize(gemspec:)
13
18
  @gemspec = gemspec
14
- @declaration_nodes = {}
19
+ @declaration_nodes = T.let({}, T::Hash[T::Hash[String, String], T.nilable(Parser::AST::Node)])
15
20
  end
16
21
 
22
+ sig { params(dependency: T::Hash[String, String]).returns(T::Boolean) }
17
23
  def gemspec_includes_dependency?(dependency)
18
24
  !declaration_node(dependency).nil?
19
25
  end
20
26
 
21
27
  private
22
28
 
29
+ sig { returns(Dependabot::DependencyFile) }
23
30
  attr_reader :gemspec
24
31
 
32
+ sig { returns(T.nilable(Parser::AST::Node)) }
25
33
  def parsed_gemspec
26
- @parsed_gemspec ||= Parser::CurrentRuby.parse(gemspec.content)
34
+ @parsed_gemspec ||= T.let(Parser::CurrentRuby.parse(gemspec.content), T.nilable(Parser::AST::Node))
27
35
  end
28
36
 
37
+ sig { params(dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
29
38
  def declaration_node(dependency)
30
39
  return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
31
40
  return unless parsed_gemspec
32
41
 
33
42
  @declaration_nodes[dependency] = nil
34
- parsed_gemspec.children.any? do |node|
43
+ T.must(parsed_gemspec).children.any? do |node|
35
44
  @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
36
45
  end
37
46
  @declaration_nodes[dependency]
38
47
  end
39
48
 
49
+ sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T.nilable(Parser::AST::Node)) }
40
50
  def deep_search_for_gem(node, dependency)
41
- return node if declares_targeted_gem?(node, dependency)
51
+ return T.cast(node, Parser::AST::Node) if declares_targeted_gem?(node, dependency)
42
52
  return unless node.is_a?(Parser::AST::Node)
43
53
 
44
- declaration_node = nil
54
+ declaration_node = T.let(nil, T.nilable(Parser::AST::Node))
45
55
  node.children.find do |child_node|
46
56
  declaration_node = deep_search_for_gem(child_node, dependency)
47
57
  end
48
58
  declaration_node
49
59
  end
50
60
 
61
+ sig { params(node: T.untyped, dependency: T::Hash[String, String]).returns(T::Boolean) }
51
62
  def declares_targeted_gem?(node, dependency)
52
63
  return false unless node.is_a?(Parser::AST::Node)
53
64
 
data/lib/dependabot/bundler/file_updater/git_source_remover.rb CHANGED
@@ -1,13 +1,17 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
5
+ require "sorbet-runtime"
6
+
5
7
  require "dependabot/bundler/file_updater"
6
8
 
7
9
  module Dependabot
8
10
  module Bundler
9
11
  class FileUpdater
10
12
  class GitSourceRemover
13
+ extend T::Sig
14
+
11
15
  attr_reader :dependency
12
16
 
13
17
  def initialize(dependency:)
@@ -73,7 +77,7 @@ module Dependabot
73
77
  end
74
78
 
75
79
  def remove_git_related_kwargs(kwargs_node)
76
- good_key_index = nil
80
+ good_key_index = T.let(nil, T.nilable(Integer))
77
81
  hash_pairs = kwargs_node.children
78
82
 
79
83
  hash_pairs.each_with_index do |hash_pair, index|
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -1,7 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
5
+ require "sorbet-runtime"
5
6
  require "uri"
6
7
 
7
8
  require "dependabot/bundler/update_checker"
@@ -15,6 +16,16 @@ module Dependabot
15
16
  module Bundler
16
17
  class UpdateChecker
17
18
  module SharedBundlerHelpers
19
+ include Kernel
20
+
21
+ extend T::Sig
22
+ extend T::Helpers
23
+
24
+ abstract!
25
+
26
+ sig { returns(T::Hash[Symbol, T.untyped]) }
27
+ attr_reader :options
28
+
18
29
  GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
19
30
  GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
20
31
  PATH_REGEX = /The path `(?<path>.*)` does not exist/
@@ -217,6 +228,9 @@ module Dependabot
217
228
  end
218
229
  end
219
230
 
231
+ sig { abstract.returns(String) }
232
+ def bundler_version; end
233
+
220
234
  def write_temporary_dependency_files
221
235
  dependency_files.each do |file|
222
236
  path = file.name
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -345,7 +345,7 @@ licenses:
345
345
  - MIT
346
346
  metadata:
347
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
348
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
349
349
  post_install_message:
350
350
  rdoc_options: []
351
351
  require_paths: