dependabot-bundler 0.293.0 → 0.294.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v2/monkey_patches/git_source_patch.rb +1 -1
- data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +28 -10
- data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +10 -1
- data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +23 -11
- data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +9 -3
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea55f401ee91f93504d7b0c6ef45f14b1d6b3a729830c5090ce31fe309425add
|
|
4
|
+
data.tar.gz: 89e1acee2cba3451d660f5cfe54ba52b43ebce4aa8e79399a7ff9ece241c4b93
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed004691bff5b07c9f3b3e910cc4b2b9d36b067bc012bb1acb76ce2698b0642bdace106c0f91c30891d40faeb61910162b0cc3501c835caec69f06b434f82e23
|
|
7
|
+
data.tar.gz: 8aa29af8206e1ec201e040ab59f8580fcd898f970a54bc60babd21179ba15f1d77415a20f3d147423508f5ed331d2daa6fe01f4512dc9deae7378b7642fd719b
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -7,19 +7,23 @@ module Dependabot
|
|
|
7
7
|
module Bundler
|
|
8
8
|
class FileUpdater
|
|
9
9
|
class GemfileUpdater
|
|
10
|
+
extend T::Sig
|
|
11
|
+
|
|
10
12
|
GEMFILE_FILENAMES = %w(Gemfile gems.rb).freeze
|
|
11
13
|
|
|
12
14
|
require_relative "git_pin_replacer"
|
|
13
15
|
require_relative "git_source_remover"
|
|
14
16
|
require_relative "requirement_replacer"
|
|
15
17
|
|
|
18
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency], gemfile: Dependabot::DependencyFile).void }
|
|
16
19
|
def initialize(dependencies:, gemfile:)
|
|
17
20
|
@dependencies = dependencies
|
|
18
21
|
@gemfile = gemfile
|
|
19
22
|
end
|
|
20
23
|
|
|
24
|
+
sig { returns(String) }
|
|
21
25
|
def updated_gemfile_content
|
|
22
|
-
content = gemfile.content
|
|
26
|
+
content = T.must(gemfile.content)
|
|
23
27
|
|
|
24
28
|
dependencies.each do |dependency|
|
|
25
29
|
content = replace_gemfile_version_requirement(
|
|
@@ -38,21 +42,27 @@ module Dependabot
|
|
|
38
42
|
|
|
39
43
|
private
|
|
40
44
|
|
|
45
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
41
46
|
attr_reader :dependencies
|
|
47
|
+
|
|
48
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
42
49
|
attr_reader :gemfile
|
|
43
50
|
|
|
51
|
+
sig do
|
|
52
|
+
params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
|
|
53
|
+
end
|
|
44
54
|
def replace_gemfile_version_requirement(dependency, file, content)
|
|
45
55
|
return content unless requirement_changed?(file, dependency)
|
|
46
56
|
|
|
47
57
|
updated_requirement =
|
|
48
58
|
dependency.requirements
|
|
49
59
|
.find { |r| r[:file] == file.name }
|
|
50
|
-
|
|
60
|
+
&.fetch(:requirement)
|
|
51
61
|
|
|
52
62
|
previous_requirement =
|
|
53
63
|
dependency.previous_requirements
|
|
54
|
-
|
|
55
|
-
|
|
64
|
+
&.find { |r| r[:file] == file.name }
|
|
65
|
+
&.fetch(:requirement)
|
|
56
66
|
|
|
57
67
|
RequirementReplacer.new(
|
|
58
68
|
dependency: dependency,
|
|
@@ -62,17 +72,19 @@ module Dependabot
|
|
|
62
72
|
).rewrite(content)
|
|
63
73
|
end
|
|
64
74
|
|
|
75
|
+
sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
65
76
|
def requirement_changed?(file, dependency)
|
|
66
77
|
changed_requirements =
|
|
67
|
-
dependency.requirements - dependency.previous_requirements
|
|
78
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
|
68
79
|
|
|
69
80
|
changed_requirements.any? { |f| f[:file] == file.name }
|
|
70
81
|
end
|
|
71
82
|
|
|
83
|
+
sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
72
84
|
def remove_git_source?(dependency)
|
|
73
85
|
old_gemfile_req =
|
|
74
86
|
dependency.previous_requirements
|
|
75
|
-
|
|
87
|
+
&.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
76
88
|
|
|
77
89
|
return false unless old_gemfile_req&.dig(:source, :type) == "git"
|
|
78
90
|
|
|
@@ -80,9 +92,10 @@ module Dependabot
|
|
|
80
92
|
dependency.requirements
|
|
81
93
|
.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
|
|
82
94
|
|
|
83
|
-
new_gemfile_req[:source].nil?
|
|
95
|
+
T.must(new_gemfile_req)[:source].nil?
|
|
84
96
|
end
|
|
85
97
|
|
|
98
|
+
sig { params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile).returns(T::Boolean) }
|
|
86
99
|
def update_git_pin?(dependency, file)
|
|
87
100
|
new_gemfile_req =
|
|
88
101
|
dependency.requirements
|
|
@@ -91,18 +104,23 @@ module Dependabot
|
|
|
91
104
|
|
|
92
105
|
# If the new requirement is a git dependency with a ref then there's
|
|
93
106
|
# no harm in doing an update
|
|
94
|
-
new_gemfile_req.dig(:source, :ref)
|
|
107
|
+
!T.must(new_gemfile_req).dig(:source, :ref).nil?
|
|
95
108
|
end
|
|
96
109
|
|
|
110
|
+
sig { params(dependency: Dependabot::Dependency, content: String).returns(String) }
|
|
97
111
|
def remove_gemfile_git_source(dependency, content)
|
|
98
112
|
GitSourceRemover.new(dependency: dependency).rewrite(content)
|
|
99
113
|
end
|
|
100
114
|
|
|
115
|
+
sig do
|
|
116
|
+
params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
|
|
117
|
+
end
|
|
101
118
|
def update_gemfile_git_pin(dependency, file, content)
|
|
102
119
|
new_pin =
|
|
103
120
|
dependency.requirements
|
|
104
121
|
.find { |f| f[:file] == file.name }
|
|
105
|
-
|
|
122
|
+
&.fetch(:source)
|
|
123
|
+
&.fetch(:ref)
|
|
106
124
|
|
|
107
125
|
GitPinReplacer
|
|
108
126
|
.new(dependency: dependency, new_pin: new_pin)
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "parser/current"
|
|
@@ -8,13 +8,20 @@ module Dependabot
|
|
|
8
8
|
module Bundler
|
|
9
9
|
class FileUpdater
|
|
10
10
|
class GemspecDependencyNameFinder
|
|
11
|
+
extend T::Sig
|
|
12
|
+
|
|
13
|
+
ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String)) }
|
|
14
|
+
|
|
15
|
+
sig { returns(String) }
|
|
11
16
|
attr_reader :gemspec_content
|
|
12
17
|
|
|
18
|
+
sig { params(gemspec_content: String).void }
|
|
13
19
|
def initialize(gemspec_content:)
|
|
14
20
|
@gemspec_content = gemspec_content
|
|
15
21
|
end
|
|
16
22
|
|
|
17
23
|
# rubocop:disable Security/Eval
|
|
24
|
+
sig { returns(T.nilable(String)) }
|
|
18
25
|
def dependency_name
|
|
19
26
|
ast = Parser::CurrentRuby.parse(gemspec_content)
|
|
20
27
|
dependency_name_node = find_dependency_name_node(ast)
|
|
@@ -30,6 +37,7 @@ module Dependabot
|
|
|
30
37
|
|
|
31
38
|
private
|
|
32
39
|
|
|
40
|
+
sig { params(node: ChildNode).returns(T.nilable(Parser::AST::Node)) }
|
|
33
41
|
def find_dependency_name_node(node)
|
|
34
42
|
return unless node.is_a?(Parser::AST::Node)
|
|
35
43
|
return node if declares_dependency_name?(node)
|
|
@@ -40,6 +48,7 @@ module Dependabot
|
|
|
40
48
|
end
|
|
41
49
|
end
|
|
42
50
|
|
|
51
|
+
sig { params(node: ChildNode).returns(T::Boolean) }
|
|
43
52
|
def declares_dependency_name?(node)
|
|
44
53
|
return false unless node.is_a?(Parser::AST::Node)
|
|
45
54
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "dependabot/bundler/file_updater"
|
|
@@ -9,13 +9,17 @@ module Dependabot
|
|
|
9
9
|
class GemspecUpdater
|
|
10
10
|
require_relative "requirement_replacer"
|
|
11
11
|
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
14
|
+
sig { params(dependencies: T::Array[Dependabot::Dependency], gemspec: Dependabot::DependencyFile).void }
|
|
12
15
|
def initialize(dependencies:, gemspec:)
|
|
13
|
-
@dependencies = dependencies
|
|
14
|
-
@gemspec = gemspec
|
|
16
|
+
@dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
|
|
17
|
+
@gemspec = T.let(gemspec, Dependabot::DependencyFile)
|
|
15
18
|
end
|
|
16
19
|
|
|
20
|
+
sig { returns(String) }
|
|
17
21
|
def updated_gemspec_content
|
|
18
|
-
content = gemspec.content
|
|
22
|
+
content = T.let(T.must(gemspec.content), String)
|
|
19
23
|
|
|
20
24
|
dependencies.each do |dependency|
|
|
21
25
|
content = replace_gemspec_version_requirement(
|
|
@@ -28,21 +32,28 @@ module Dependabot
|
|
|
28
32
|
|
|
29
33
|
private
|
|
30
34
|
|
|
35
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
31
36
|
attr_reader :dependencies
|
|
37
|
+
|
|
38
|
+
sig { returns(Dependabot::DependencyFile) }
|
|
32
39
|
attr_reader :gemspec
|
|
33
40
|
|
|
41
|
+
sig do
|
|
42
|
+
params(gemspec: Dependabot::DependencyFile, dependency: Dependabot::Dependency,
|
|
43
|
+
content: String).returns(String)
|
|
44
|
+
end
|
|
34
45
|
def replace_gemspec_version_requirement(gemspec, dependency, content)
|
|
35
46
|
return content unless requirement_changed?(gemspec, dependency)
|
|
36
47
|
|
|
37
48
|
updated_requirement =
|
|
38
|
-
dependency.requirements
|
|
39
|
-
.find { |r| r[:file] == gemspec.name }
|
|
40
|
-
|
|
49
|
+
T.must(dependency.requirements
|
|
50
|
+
.find { |r| r[:file] == gemspec.name })
|
|
51
|
+
.fetch(:requirement)
|
|
41
52
|
|
|
42
53
|
previous_requirement =
|
|
43
|
-
dependency.previous_requirements
|
|
44
|
-
.find { |r| r[:file] == gemspec.name }
|
|
45
|
-
|
|
54
|
+
T.must(T.must(dependency.previous_requirements)
|
|
55
|
+
.find { |r| r[:file] == gemspec.name })
|
|
56
|
+
.fetch(:requirement)
|
|
46
57
|
|
|
47
58
|
RequirementReplacer.new(
|
|
48
59
|
dependency: dependency,
|
|
@@ -52,9 +63,10 @@ module Dependabot
|
|
|
52
63
|
).rewrite(content)
|
|
53
64
|
end
|
|
54
65
|
|
|
66
|
+
sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
|
|
55
67
|
def requirement_changed?(file, dependency)
|
|
56
68
|
changed_requirements =
|
|
57
|
-
dependency.requirements - dependency.previous_requirements
|
|
69
|
+
dependency.requirements - T.must(dependency.previous_requirements)
|
|
58
70
|
|
|
59
71
|
changed_requirements.any? { |f| f[:file] == file.name }
|
|
60
72
|
end
|
|
@@ -9,12 +9,12 @@ module Dependabot
|
|
|
9
9
|
module Bundler
|
|
10
10
|
class FileUpdater
|
|
11
11
|
class RubyRequirementSetter
|
|
12
|
-
class RubyVersionNotFound < StandardError; end
|
|
13
|
-
|
|
14
12
|
RUBY_VERSIONS = %w(
|
|
15
13
|
1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
|
|
16
14
|
).freeze
|
|
17
15
|
|
|
16
|
+
LANGUAGE = "ruby"
|
|
17
|
+
|
|
18
18
|
attr_reader :gemspec
|
|
19
19
|
|
|
20
20
|
def initialize(gemspec:)
|
|
@@ -62,7 +62,13 @@ module Dependabot
|
|
|
62
62
|
.map { |v| Gem::Version.new(v) }.sort
|
|
63
63
|
.find { |v| requirement.satisfied_by?(v) }
|
|
64
64
|
|
|
65
|
-
|
|
65
|
+
unless ruby_version
|
|
66
|
+
raise ToolVersionNotSupported.new(
|
|
67
|
+
LANGUAGE,
|
|
68
|
+
requirement.to_s,
|
|
69
|
+
RUBY_VERSIONS.join(", ")
|
|
70
|
+
)
|
|
71
|
+
end
|
|
66
72
|
|
|
67
73
|
ruby_version
|
|
68
74
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.294.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.294.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.294.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -322,7 +322,7 @@ licenses:
|
|
|
322
322
|
- MIT
|
|
323
323
|
metadata:
|
|
324
324
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
325
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
325
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.294.0
|
|
326
326
|
post_install_message:
|
|
327
327
|
rdoc_options: []
|
|
328
328
|
require_paths:
|