dependabot-bundler 0.381.0 → 0.382.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +4 -3
- data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +2 -2
- data/lib/dependabot/bundler/file_fetcher/included_path_finder.rb +6 -4
- data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +2 -2
- data/lib/dependabot/bundler/file_fetcher.rb +2 -2
- data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +2 -2
- data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +2 -2
- data/lib/dependabot/bundler/file_updater/git_pin_replacer.rb +1 -1
- data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +1 -1
- data/lib/dependabot/bundler/requirement.rb +1 -1
- data/lib/dependabot/bundler/update_checker.rb +10 -8
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1b1389dea9ddec262718e238d70112ad3495b989bd2b857124974cba40a856c7
|
|
4
|
+
data.tar.gz: 911a2a11704ad3334c805895940ae7411292e7188dd103f9a5c20c22ab27c668
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bd55fd7d99cde9d0893c48ffd9690540c792737e5a0bb036aa1deda38f5b2cbf49230648cf1a2469cec65389c130fe9ade5b20f71d4854946923501a3057e240
|
|
7
|
+
data.tar.gz: 746587193b68ef9037656d766226eac76f2a35cdb568b87f87ae02ec7fad95a9ace33c78f8ba3c0e97629b750af737bb3da2acbf9921c33eff6fbcd6a01f442b
|
|
@@ -33,17 +33,18 @@ module Dependabot
|
|
|
33
33
|
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
34
34
|
attr_reader :gemfile
|
|
35
35
|
|
|
36
|
-
sig { params(node: T.
|
|
36
|
+
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[String]) }
|
|
37
37
|
def find_child_gemfile_paths(node)
|
|
38
38
|
return [] if node.nil?
|
|
39
39
|
|
|
40
40
|
if declares_eval_gemfile?(node)
|
|
41
|
-
|
|
41
|
+
call_node = T.cast(node, Prism::CallNode)
|
|
42
|
+
path_node = call_node.arguments&.arguments&.first
|
|
42
43
|
unless path_node.is_a?(Prism::StringNode)
|
|
43
44
|
path = gemfile&.path
|
|
44
45
|
msg = "Dependabot only supports uninterpolated string arguments " \
|
|
45
46
|
"to eval_gemfile. Got " \
|
|
46
|
-
"`#{path_node
|
|
47
|
+
"`#{path_node&.slice}`"
|
|
47
48
|
raise Dependabot::DependencyFileNotParseable.new(T.must(path), msg)
|
|
48
49
|
end
|
|
49
50
|
|
|
@@ -20,7 +20,7 @@ module Dependabot
|
|
|
20
20
|
@gemfile = gemfile
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
sig { returns(T::Array[
|
|
23
|
+
sig { returns(T::Array[Pathname]) }
|
|
24
24
|
def gemspec_directories
|
|
25
25
|
result = Prism.parse(T.must(gemfile).content)
|
|
26
26
|
raise Dependabot::DependencyFileNotParseable, T.must(gemfile).path if result.failure?
|
|
@@ -33,7 +33,7 @@ module Dependabot
|
|
|
33
33
|
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
34
34
|
attr_reader :gemfile
|
|
35
35
|
|
|
36
|
-
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[
|
|
36
|
+
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[Pathname]) }
|
|
37
37
|
def find_gemspec_paths(node)
|
|
38
38
|
return [] if node.nil?
|
|
39
39
|
|
|
@@ -33,12 +33,13 @@ module Dependabot
|
|
|
33
33
|
sig { returns(Dependabot::DependencyFile) }
|
|
34
34
|
attr_reader :file
|
|
35
35
|
|
|
36
|
-
sig { params(node: T.
|
|
36
|
+
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[String]) }
|
|
37
37
|
def find_require_relative_paths(node)
|
|
38
38
|
return [] if node.nil?
|
|
39
39
|
|
|
40
40
|
if declares_require_relative?(node)
|
|
41
|
-
|
|
41
|
+
call_node = T.cast(node, Prism::CallNode)
|
|
42
|
+
relative_arg = call_node.arguments&.arguments&.first
|
|
42
43
|
return [] unless relative_arg.is_a?(Prism::StringNode)
|
|
43
44
|
|
|
44
45
|
path = relative_arg.unescaped
|
|
@@ -52,12 +53,13 @@ module Dependabot
|
|
|
52
53
|
end
|
|
53
54
|
end
|
|
54
55
|
|
|
55
|
-
sig { params(node: T.
|
|
56
|
+
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[String]) }
|
|
56
57
|
def find_eval_paths(node)
|
|
57
58
|
return [] if node.nil?
|
|
58
59
|
|
|
59
60
|
if declares_eval?(node)
|
|
60
|
-
|
|
61
|
+
call_node = T.cast(node, Prism::CallNode)
|
|
62
|
+
eval_arg = call_node.arguments&.arguments&.first
|
|
61
63
|
|
|
62
64
|
if eval_arg.is_a?(Prism::Node)
|
|
63
65
|
file_read_node = find_file_read_node(eval_arg)
|
|
@@ -20,7 +20,7 @@ module Dependabot
|
|
|
20
20
|
@gemfile = gemfile
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
sig { returns(T::Array[
|
|
23
|
+
sig { returns(T::Array[Pathname]) }
|
|
24
24
|
def path_gemspec_paths
|
|
25
25
|
result = Prism.parse(gemfile&.content)
|
|
26
26
|
raise Dependabot::DependencyFileNotParseable, T.must(gemfile).path if result.failure?
|
|
@@ -33,7 +33,7 @@ module Dependabot
|
|
|
33
33
|
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
|
34
34
|
attr_reader :gemfile
|
|
35
35
|
|
|
36
|
-
sig { params(node: T.
|
|
36
|
+
sig { params(node: T.nilable(Prism::Node)).returns(T::Array[Pathname]) }
|
|
37
37
|
def find_path_gemspec_paths(node)
|
|
38
38
|
return [] unless node.is_a?(Prism::Node)
|
|
39
39
|
|
|
@@ -113,7 +113,7 @@ module Dependabot
|
|
|
113
113
|
[]
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
-
sig { returns(T::Array[
|
|
116
|
+
sig { returns(T::Array[Pathname]) }
|
|
117
117
|
def gemspec_directories
|
|
118
118
|
gemfiles = ([gemfile] + child_gemfiles).compact
|
|
119
119
|
directories =
|
|
@@ -121,7 +121,7 @@ module Dependabot
|
|
|
121
121
|
GemspecFinder.new(gemfile: file).gemspec_directories
|
|
122
122
|
end.uniq
|
|
123
123
|
|
|
124
|
-
directories.empty? ? ["."] : directories
|
|
124
|
+
directories.empty? ? [Pathname.new(".")] : directories
|
|
125
125
|
end
|
|
126
126
|
|
|
127
127
|
sig { returns(T.nilable(DependencyFile)) }
|
|
@@ -77,7 +77,7 @@ module Dependabot
|
|
|
77
77
|
|
|
78
78
|
sig do
|
|
79
79
|
params(
|
|
80
|
-
node: T.
|
|
80
|
+
node: T.nilable(Prism::Node),
|
|
81
81
|
dependency: T::Hash[String, String]
|
|
82
82
|
)
|
|
83
83
|
.returns(T.nilable(Prism::Node))
|
|
@@ -95,7 +95,7 @@ module Dependabot
|
|
|
95
95
|
|
|
96
96
|
sig do
|
|
97
97
|
params(
|
|
98
|
-
node: T.
|
|
98
|
+
node: T.nilable(Prism::Node),
|
|
99
99
|
dependency: T::Hash[String, String]
|
|
100
100
|
)
|
|
101
101
|
.returns(T::Boolean)
|
|
@@ -46,7 +46,7 @@ module Dependabot
|
|
|
46
46
|
@declaration_nodes[dependency]
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
sig { params(node: T.
|
|
49
|
+
sig { params(node: T.nilable(Prism::Node), dependency: T::Hash[String, String]).returns(T.nilable(Prism::Node)) }
|
|
50
50
|
def deep_search_for_gem(node, dependency)
|
|
51
51
|
return unless node.is_a?(Prism::Node)
|
|
52
52
|
return T.cast(node, Prism::CallNode) if declares_targeted_gem?(node, dependency)
|
|
@@ -58,7 +58,7 @@ module Dependabot
|
|
|
58
58
|
declaration_node
|
|
59
59
|
end
|
|
60
60
|
|
|
61
|
-
sig { params(node: T.
|
|
61
|
+
sig { params(node: T.nilable(Prism::Node), dependency: T::Hash[String, String]).returns(T::Boolean) }
|
|
62
62
|
def declares_targeted_gem?(node, dependency)
|
|
63
63
|
return false unless node.is_a?(Prism::CallNode)
|
|
64
64
|
|
|
@@ -52,7 +52,7 @@ module Dependabot
|
|
|
52
52
|
@new_pin = T.let(new_pin, String)
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
sig { params(node: Parser::AST::Node).
|
|
55
|
+
sig { params(node: Parser::AST::Node).void }
|
|
56
56
|
def on_send(node)
|
|
57
57
|
return unless declares_targeted_gem?(node)
|
|
58
58
|
return unless node.children.last.type == :hash
|
|
@@ -239,7 +239,7 @@ module Dependabot
|
|
|
239
239
|
entries = T.must(checksums_section[:entries])
|
|
240
240
|
stripped_entries = entries.lines.reject { |line| line.match?(BUNDLER_CHECKSUM_ENTRY_REGEX) }.join
|
|
241
241
|
|
|
242
|
-
lockfile_body.sub(CHECKSUMS_SECTION
|
|
242
|
+
lockfile_body.sub(CHECKSUMS_SECTION) { "CHECKSUMS\n#{stripped_entries}" }
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
sig { returns(T::Boolean) }
|
|
@@ -26,7 +26,7 @@ module Dependabot
|
|
|
26
26
|
[new(requirement_string)]
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.
|
|
29
|
+
sig { params(dep_string: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)])) }
|
|
30
30
|
def self.parse_dep_string(dep_string)
|
|
31
31
|
stripped = dep_string.strip
|
|
32
32
|
return nil if stripped.empty?
|
|
@@ -75,18 +75,20 @@ module Dependabot
|
|
|
75
75
|
end
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
-
sig { override.returns(T::Array[
|
|
78
|
+
sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
|
|
79
79
|
def updated_requirements
|
|
80
80
|
latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
|
|
81
81
|
latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s
|
|
82
82
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
83
|
+
wrap_requirements(
|
|
84
|
+
RequirementsUpdater.new(
|
|
85
|
+
requirements: dependency.requirements,
|
|
86
|
+
update_strategy: T.must(requirements_update_strategy),
|
|
87
|
+
updated_source: updated_source,
|
|
88
|
+
latest_version: latest_version_for_req_updater,
|
|
89
|
+
latest_resolvable_version: latest_resolvable_version_for_req_updater
|
|
90
|
+
).updated_requirements
|
|
91
|
+
)
|
|
90
92
|
end
|
|
91
93
|
|
|
92
94
|
sig { returns(T::Boolean) }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.382.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.382.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.382.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: parallel
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -349,7 +349,7 @@ licenses:
|
|
|
349
349
|
- MIT
|
|
350
350
|
metadata:
|
|
351
351
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
352
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
352
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
|
|
353
353
|
rdoc_options: []
|
|
354
354
|
require_paths:
|
|
355
355
|
- lib
|