dependabot-bundler 0.261.1 → 0.262.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +15 -6
- data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +17 -5
- data/lib/dependabot/bundler/file_fetcher/require_relative_finder.rb +11 -2
- data/lib/dependabot/bundler/file_parser/file_preparer.rb +17 -2
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f3110295d89e7d09947a48ccb7a3c623684e62392a2467e5708dc83ca1d1c698
|
|
4
|
+
data.tar.gz: d675d23e1adab94cad313a607d02cc1712491f90d3fcd9649d6bd6874de223f9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c3680e4726f1b5999721dee5a0d2df0587f6ed4391a59a5ff3af16116c965088dd2cb582147e1ad7eb73c10b67bf05a9ac100d71a4229daf2ea63680c6a9f1e
|
|
7
|
+
data.tar.gz: 3a2e33646daacd25c82ae4be8a664f21ce41b185dba0d24ae2adee045e5c70c3be1e4baf3adfcd2f9cc65f53ba3ebb812041158564dd59e28dfe767f43ce2d9b
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "pathname"
|
|
5
5
|
require "parser/current"
|
|
6
6
|
require "dependabot/bundler/file_fetcher"
|
|
7
7
|
require "dependabot/errors"
|
|
8
|
+
require "sorbet-runtime"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Bundler
|
|
@@ -12,32 +13,38 @@ module Dependabot
|
|
|
12
13
|
# Finds the paths of any Gemfiles declared using `eval_gemfile` in the
|
|
13
14
|
# passed Gemfile.
|
|
14
15
|
class ChildGemfileFinder
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
18
|
+
sig { params(gemfile: Dependabot::DependencyFile).void }
|
|
15
19
|
def initialize(gemfile:)
|
|
16
20
|
@gemfile = gemfile
|
|
17
21
|
end
|
|
18
22
|
|
|
23
|
+
sig { returns(T::Array[String]) }
|
|
19
24
|
def child_gemfile_paths
|
|
20
|
-
ast = Parser::CurrentRuby.parse(gemfile
|
|
25
|
+
ast = Parser::CurrentRuby.parse(gemfile&.content)
|
|
21
26
|
find_child_gemfile_paths(ast)
|
|
22
27
|
rescue Parser::SyntaxError
|
|
23
|
-
raise Dependabot::DependencyFileNotParseable, gemfile
|
|
28
|
+
raise Dependabot::DependencyFileNotParseable, T.must(gemfile&.path)
|
|
24
29
|
end
|
|
25
30
|
|
|
26
31
|
private
|
|
27
32
|
|
|
33
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
28
34
|
attr_reader :gemfile
|
|
29
35
|
|
|
36
|
+
sig { params(node: T.untyped).returns(T::Array[String]) }
|
|
30
37
|
def find_child_gemfile_paths(node)
|
|
31
38
|
return [] unless node.is_a?(Parser::AST::Node)
|
|
32
39
|
|
|
33
40
|
if declares_eval_gemfile?(node)
|
|
34
41
|
path_node = node.children[2]
|
|
35
42
|
unless path_node.type == :str
|
|
36
|
-
path = gemfile
|
|
43
|
+
path = gemfile&.path
|
|
37
44
|
msg = "Dependabot only supports uninterpolated string arguments " \
|
|
38
45
|
"to eval_gemfile. Got " \
|
|
39
46
|
"`#{path_node.loc.expression.source}`"
|
|
40
|
-
raise Dependabot::DependencyFileNotParseable.new(path, msg)
|
|
47
|
+
raise Dependabot::DependencyFileNotParseable.new(T.must(path), msg)
|
|
41
48
|
end
|
|
42
49
|
|
|
43
50
|
path = path_node.loc.expression.source.gsub(/['"]/, "")
|
|
@@ -50,12 +57,14 @@ module Dependabot
|
|
|
50
57
|
end
|
|
51
58
|
end
|
|
52
59
|
|
|
60
|
+
sig { returns(T.nilable(String)) }
|
|
53
61
|
def current_dir
|
|
54
|
-
@current_dir ||= gemfile
|
|
62
|
+
@current_dir ||= T.let(gemfile&.name&.rpartition("/")&.first, T.nilable(String))
|
|
55
63
|
@current_dir = nil if @current_dir == ""
|
|
56
64
|
@current_dir
|
|
57
65
|
end
|
|
58
66
|
|
|
67
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
59
68
|
def declares_eval_gemfile?(node)
|
|
60
69
|
return false unless node.is_a?(Parser::AST::Node)
|
|
61
70
|
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "pathname"
|
|
5
5
|
require "parser/current"
|
|
6
6
|
require "dependabot/bundler/file_fetcher"
|
|
7
7
|
require "dependabot/errors"
|
|
8
|
+
require "sorbet-runtime"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Bundler
|
|
@@ -12,21 +13,27 @@ module Dependabot
|
|
|
12
13
|
# Finds the directories of any gemspecs declared using `gemspec` in the
|
|
13
14
|
# passed Gemfile.
|
|
14
15
|
class GemspecFinder
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
18
|
+
sig { params(gemfile: Dependabot::DependencyFile).void }
|
|
15
19
|
def initialize(gemfile:)
|
|
16
20
|
@gemfile = gemfile
|
|
17
21
|
end
|
|
18
22
|
|
|
23
|
+
sig { returns(T::Array[String]) }
|
|
19
24
|
def gemspec_directories
|
|
20
|
-
ast = Parser::CurrentRuby.parse(gemfile.content)
|
|
25
|
+
ast = Parser::CurrentRuby.parse(T.must(gemfile).content)
|
|
21
26
|
find_gemspec_paths(ast)
|
|
22
27
|
rescue Parser::SyntaxError
|
|
23
|
-
raise Dependabot::DependencyFileNotParseable, gemfile.path
|
|
28
|
+
raise Dependabot::DependencyFileNotParseable, T.must(gemfile).path
|
|
24
29
|
end
|
|
25
30
|
|
|
26
31
|
private
|
|
27
32
|
|
|
33
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
28
34
|
attr_reader :gemfile
|
|
29
35
|
|
|
36
|
+
sig { params(node: T.untyped).returns(T::Array[T.untyped]) }
|
|
30
37
|
def find_gemspec_paths(node)
|
|
31
38
|
return [] unless node.is_a?(Parser::AST::Node)
|
|
32
39
|
|
|
@@ -35,7 +42,7 @@ module Dependabot
|
|
|
35
42
|
return [clean_path(".")] unless path_node
|
|
36
43
|
|
|
37
44
|
unless path_node.type == :str
|
|
38
|
-
path = gemfile.path
|
|
45
|
+
path = T.must(gemfile).path
|
|
39
46
|
msg = "Dependabot only supports uninterpolated string arguments " \
|
|
40
47
|
"to gemspec. Got " \
|
|
41
48
|
"`#{path_node.loc.expression.source}`"
|
|
@@ -51,18 +58,21 @@ module Dependabot
|
|
|
51
58
|
end
|
|
52
59
|
end
|
|
53
60
|
|
|
61
|
+
sig { returns(T.nilable(String)) }
|
|
54
62
|
def current_dir
|
|
55
|
-
@current_dir ||= gemfile
|
|
63
|
+
@current_dir ||= T.let(gemfile&.name&.rpartition("/")&.first, T.nilable(String))
|
|
56
64
|
@current_dir = nil if @current_dir == ""
|
|
57
65
|
@current_dir
|
|
58
66
|
end
|
|
59
67
|
|
|
68
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
60
69
|
def declares_gemspec_dependency?(node)
|
|
61
70
|
return false unless node.is_a?(Parser::AST::Node)
|
|
62
71
|
|
|
63
72
|
node.children[1] == :gemspec
|
|
64
73
|
end
|
|
65
74
|
|
|
75
|
+
sig { params(path: String).returns(Pathname) }
|
|
66
76
|
def clean_path(path)
|
|
67
77
|
if Pathname.new(path).absolute?
|
|
68
78
|
base_path = Pathname.new(File.expand_path(Dir.pwd))
|
|
@@ -72,6 +82,7 @@ module Dependabot
|
|
|
72
82
|
Pathname.new(path).cleanpath
|
|
73
83
|
end
|
|
74
84
|
|
|
85
|
+
sig { params(node: Parser::AST::Node).returns(T.nilable(Parser::AST::Node)) }
|
|
75
86
|
def path_node_for_gem_declaration(node)
|
|
76
87
|
return unless node.children.last.is_a?(Parser::AST::Node)
|
|
77
88
|
return unless node.children.last.type == :hash
|
|
@@ -87,6 +98,7 @@ module Dependabot
|
|
|
87
98
|
path_hash_pair.children.last
|
|
88
99
|
end
|
|
89
100
|
|
|
101
|
+
sig { params(node: Parser::AST::Node).returns(Symbol) }
|
|
90
102
|
def key_from_hash_pair(node)
|
|
91
103
|
node.children.first.children.first.to_sym
|
|
92
104
|
end
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "pathname"
|
|
5
5
|
require "parser/current"
|
|
6
6
|
require "dependabot/bundler/file_fetcher"
|
|
7
7
|
require "dependabot/errors"
|
|
8
|
+
require "sorbet-runtime"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Bundler
|
|
@@ -12,10 +13,14 @@ module Dependabot
|
|
|
12
13
|
# Finds the paths of any files included using `require_relative` in the
|
|
13
14
|
# passed file.
|
|
14
15
|
class RequireRelativeFinder
|
|
16
|
+
extend T::Sig
|
|
17
|
+
|
|
18
|
+
sig { params(file: Dependabot::DependencyFile).void }
|
|
15
19
|
def initialize(file:)
|
|
16
20
|
@file = file
|
|
17
21
|
end
|
|
18
22
|
|
|
23
|
+
sig { returns(T::Array[String]) }
|
|
19
24
|
def require_relative_paths
|
|
20
25
|
ast = Parser::CurrentRuby.parse(file.content)
|
|
21
26
|
find_require_relative_paths(ast)
|
|
@@ -25,8 +30,10 @@ module Dependabot
|
|
|
25
30
|
|
|
26
31
|
private
|
|
27
32
|
|
|
33
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
28
34
|
attr_reader :file
|
|
29
35
|
|
|
36
|
+
sig { params(node: T.untyped).returns(T::Array[T.untyped]) }
|
|
30
37
|
def find_require_relative_paths(node)
|
|
31
38
|
return [] unless node.is_a?(Parser::AST::Node)
|
|
32
39
|
|
|
@@ -44,12 +51,14 @@ module Dependabot
|
|
|
44
51
|
end
|
|
45
52
|
end
|
|
46
53
|
|
|
54
|
+
sig { returns(T.nilable(String)) }
|
|
47
55
|
def current_dir
|
|
48
|
-
@current_dir ||= file.name.rpartition("/").first
|
|
56
|
+
@current_dir ||= T.let(file.name.rpartition("/").first, T.nilable(String))
|
|
49
57
|
@current_dir = nil if @current_dir == ""
|
|
50
58
|
@current_dir
|
|
51
59
|
end
|
|
52
60
|
|
|
61
|
+
sig { params(node: Parser::AST::Node).returns(T::Boolean) }
|
|
53
62
|
def declares_require_relative?(node)
|
|
54
63
|
return false unless node.is_a?(Parser::AST::Node)
|
|
55
64
|
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/dependency_file"
|
|
5
6
|
require "dependabot/file_parsers/base"
|
|
6
7
|
require "dependabot/bundler/file_updater/gemspec_sanitizer"
|
|
@@ -9,15 +10,19 @@ module Dependabot
|
|
|
9
10
|
module Bundler
|
|
10
11
|
class FileParser < Dependabot::FileParsers::Base
|
|
11
12
|
class FilePreparer
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
15
|
+
sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
|
|
12
16
|
def initialize(dependency_files:)
|
|
13
17
|
@dependency_files = dependency_files
|
|
14
18
|
end
|
|
15
19
|
|
|
20
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
16
21
|
def prepared_dependency_files
|
|
17
22
|
files = gemspecs.compact.map do |file|
|
|
18
23
|
DependencyFile.new(
|
|
19
24
|
name: file.name,
|
|
20
|
-
content: sanitize_gemspec_content(file.content),
|
|
25
|
+
content: sanitize_gemspec_content(T.must(file.content)),
|
|
21
26
|
directory: file.directory,
|
|
22
27
|
support_file: file.support_file?
|
|
23
28
|
)
|
|
@@ -36,13 +41,16 @@ module Dependabot
|
|
|
36
41
|
|
|
37
42
|
private
|
|
38
43
|
|
|
44
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
39
45
|
attr_reader :dependency_files
|
|
40
46
|
|
|
47
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
41
48
|
def gemfile
|
|
42
49
|
dependency_files.find { |f| f.name == "Gemfile" } ||
|
|
43
50
|
dependency_files.find { |f| f.name == "gems.rb" }
|
|
44
51
|
end
|
|
45
52
|
|
|
53
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
46
54
|
def evaled_gemfiles
|
|
47
55
|
dependency_files
|
|
48
56
|
.reject { |f| f.name.end_with?(".gemspec") }
|
|
@@ -54,33 +62,40 @@ module Dependabot
|
|
|
54
62
|
.reject(&:support_file?)
|
|
55
63
|
end
|
|
56
64
|
|
|
65
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
57
66
|
def specification_files
|
|
58
67
|
dependency_files.select { |f| f.name.end_with?(".specification") }
|
|
59
68
|
end
|
|
60
69
|
|
|
70
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
61
71
|
def lockfile
|
|
62
72
|
dependency_files.find { |f| f.name == "Gemfile.lock" } ||
|
|
63
73
|
dependency_files.find { |f| f.name == "gems.locked" }
|
|
64
74
|
end
|
|
65
75
|
|
|
76
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
66
77
|
def gemspecs
|
|
67
78
|
dependency_files.select { |f| f.name.end_with?(".gemspec") }
|
|
68
79
|
end
|
|
69
80
|
|
|
81
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
70
82
|
def ruby_version_file
|
|
71
83
|
dependency_files.find { |f| f.name == ".ruby-version" }
|
|
72
84
|
end
|
|
73
85
|
|
|
86
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
74
87
|
def tool_versions_file
|
|
75
88
|
dependency_files.find { |f| f.name == ".tool-versions" }
|
|
76
89
|
end
|
|
77
90
|
|
|
91
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
78
92
|
def imported_ruby_files
|
|
79
93
|
dependency_files
|
|
80
94
|
.select { |f| f.name.end_with?(".rb") }
|
|
81
95
|
.reject { |f| f.name == "gems.rb" }
|
|
82
96
|
end
|
|
83
97
|
|
|
98
|
+
sig { params(gemspec_content: String).returns(String) }
|
|
84
99
|
def sanitize_gemspec_content(gemspec_content)
|
|
85
100
|
# No need to set the version correctly - this is just an update
|
|
86
101
|
# check so we're not going to persist any changes to the lockfile.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.262.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-06-
|
|
11
|
+
date: 2024-06-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.262.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.262.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -345,7 +345,7 @@ licenses:
|
|
|
345
345
|
- MIT
|
|
346
346
|
metadata:
|
|
347
347
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
348
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
348
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.262.0
|
|
349
349
|
post_install_message:
|
|
350
350
|
rdoc_options: []
|
|
351
351
|
require_paths:
|