dependabot-bundler 0.97.11 → 0.98.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb +9 -13
- data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb +8 -9
- data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb +9 -27
- data/lib/dependabot/bundler/file_fetcher/require_relative_finder.rb +2 -10
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 026ac6b83480fb678b304b964df0d1df48e48d6e5ed410e5a218313d3aba4e9f
|
4
|
+
data.tar.gz: 10f30e2b1563c8fc9de2324b1621c3029b919170f2ba7d9ca67ec8a60a2eb55c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 88c48dadf3d4c391e994c717dd6fcf5b3522e7048e2297f9cc5cc42e30af270dd054b955000c8da0bdd741b9cc05c6e438ef08809e78f85b2cd005c37ce8aea3
|
7
|
+
data.tar.gz: 16c4ba9b1119c1134ccedf64b1b24eb6b2ff5d5bc774ba0e17bdc99c378cb1cac5b5107632fc059936e604e144dee0fbc66fddad011dca4d97eacc22f8abb10a
|
@@ -26,23 +26,20 @@ module Dependabot
|
|
26
26
|
|
27
27
|
attr_reader :gemfile
|
28
28
|
|
29
|
-
# rubocop:disable Security/Eval
|
30
29
|
def find_child_gemfile_paths(node)
|
31
30
|
return [] unless node.is_a?(Parser::AST::Node)
|
32
31
|
|
33
32
|
if declares_eval_gemfile?(node)
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
end
|
42
|
-
if Pathname.new(path).absolute?
|
43
|
-
base_path = Pathname.new(File.expand_path(Dir.pwd))
|
44
|
-
path = Pathname.new(path).relative_path_from(base_path).to_s
|
33
|
+
path_node = node.children[2]
|
34
|
+
unless path_node.type == :str
|
35
|
+
path = gemfile.path
|
36
|
+
msg = "Dependabot only supports uninterpolated string arguments "\
|
37
|
+
"to eval_gemfile. Got "\
|
38
|
+
"`#{path_node.loc.expression.source}`"
|
39
|
+
raise Dependabot::DependencyFileNotParseable.new(path, msg)
|
45
40
|
end
|
41
|
+
|
42
|
+
path = path_node.loc.expression.source.gsub(/['"]/, "")
|
46
43
|
path = File.join(current_dir, path) unless current_dir.nil?
|
47
44
|
return [Pathname.new(path).cleanpath.to_path]
|
48
45
|
end
|
@@ -51,7 +48,6 @@ module Dependabot
|
|
51
48
|
find_child_gemfile_paths(child_node)
|
52
49
|
end
|
53
50
|
end
|
54
|
-
# rubocop:enable Security/Eval
|
55
51
|
|
56
52
|
def current_dir
|
57
53
|
@current_dir ||= gemfile.name.rpartition("/").first
|
@@ -26,7 +26,6 @@ module Dependabot
|
|
26
26
|
|
27
27
|
attr_reader :gemfile
|
28
28
|
|
29
|
-
# rubocop:disable Security/Eval
|
30
29
|
def find_gemspec_paths(node)
|
31
30
|
return [] unless node.is_a?(Parser::AST::Node)
|
32
31
|
|
@@ -34,14 +33,15 @@ module Dependabot
|
|
34
33
|
path_node = path_node_for_gem_declaration(node)
|
35
34
|
return [clean_path(".")] unless path_node
|
36
35
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
return []
|
36
|
+
unless path_node.type == :str
|
37
|
+
path = gemfile.path
|
38
|
+
msg = "Dependabot only supports uninterpolated string arguments "\
|
39
|
+
"to gemspec. Got "\
|
40
|
+
"`#{path_node.loc.expression.source}`"
|
41
|
+
raise Dependabot::DependencyFileNotParseable.new(path, msg)
|
44
42
|
end
|
43
|
+
|
44
|
+
path = path_node.loc.expression.source.gsub(/['"]/, "")
|
45
45
|
return [clean_path(path)]
|
46
46
|
end
|
47
47
|
|
@@ -49,7 +49,6 @@ module Dependabot
|
|
49
49
|
find_gemspec_paths(child_node)
|
50
50
|
end
|
51
51
|
end
|
52
|
-
# rubocop:enable Security/Eval
|
53
52
|
|
54
53
|
def current_dir
|
55
54
|
@current_dir ||= gemfile.name.rpartition("/").first
|
@@ -26,29 +26,28 @@ module Dependabot
|
|
26
26
|
|
27
27
|
attr_reader :gemfile
|
28
28
|
|
29
|
-
# rubocop:disable Security/Eval
|
30
29
|
def find_path_gemspec_paths(node)
|
31
30
|
return [] unless node.is_a?(Parser::AST::Node)
|
32
31
|
|
33
32
|
if declares_path_dependency?(node)
|
34
33
|
path_node = path_node_for_gem_declaration(node)
|
35
34
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
return []
|
35
|
+
unless path_node.type == :str
|
36
|
+
path = gemfile.path
|
37
|
+
msg = "Dependabot only supports uninterpolated string arguments "\
|
38
|
+
"for path dependencies. Got "\
|
39
|
+
"`#{path_node.loc.expression.source}`"
|
40
|
+
raise Dependabot::DependencyFileNotParseable.new(path, msg)
|
43
41
|
end
|
42
|
+
|
43
|
+
path = path_node.loc.expression.source.gsub(/['"]/, "")
|
44
44
|
return [clean_path(path)]
|
45
45
|
end
|
46
46
|
|
47
|
-
|
47
|
+
node.children.flat_map do |child_node|
|
48
48
|
find_path_gemspec_paths(child_node)
|
49
49
|
end
|
50
50
|
end
|
51
|
-
# rubocop:enable Security/Eval
|
52
51
|
|
53
52
|
def current_dir
|
54
53
|
@current_dir ||= gemfile.name.rpartition("/").first
|
@@ -72,23 +71,6 @@ module Dependabot
|
|
72
71
|
Pathname.new(path).cleanpath
|
73
72
|
end
|
74
73
|
|
75
|
-
# rubocop:disable Security/Eval
|
76
|
-
def relevant_child_nodes(node)
|
77
|
-
return [] unless node.is_a?(Parser::AST::Node)
|
78
|
-
return node.children unless node.type == :if
|
79
|
-
|
80
|
-
begin
|
81
|
-
if eval(node.children.first.loc.expression.source)
|
82
|
-
[node.children[1]]
|
83
|
-
else
|
84
|
-
[node.children[2]]
|
85
|
-
end
|
86
|
-
rescue StandardError
|
87
|
-
return node.children
|
88
|
-
end
|
89
|
-
end
|
90
|
-
# rubocop:enable Security/Eval
|
91
|
-
|
92
74
|
def path_node_for_gem_declaration(node)
|
93
75
|
return unless node.children.last.type == :hash
|
94
76
|
|
@@ -26,20 +26,13 @@ module Dependabot
|
|
26
26
|
|
27
27
|
attr_reader :file
|
28
28
|
|
29
|
-
# rubocop:disable Security/Eval
|
30
29
|
def find_require_relative_paths(node)
|
31
30
|
return [] unless node.is_a?(Parser::AST::Node)
|
32
31
|
|
33
32
|
if declares_require_relative?(node)
|
34
|
-
|
35
|
-
# helper method should only ever be run in an isolated environment
|
36
|
-
source = node.children[2].loc.expression.source
|
37
|
-
begin
|
38
|
-
path = eval(source)
|
39
|
-
rescue StandardError
|
40
|
-
return []
|
41
|
-
end
|
33
|
+
return [] unless node.children[2].type == :str
|
42
34
|
|
35
|
+
path = node.children[2].loc.expression.source.gsub(/['"]/, "")
|
43
36
|
path = File.join(current_dir, path) unless current_dir.nil?
|
44
37
|
return [Pathname.new(path + ".rb").cleanpath.to_path]
|
45
38
|
end
|
@@ -48,7 +41,6 @@ module Dependabot
|
|
48
41
|
find_require_relative_paths(child_node)
|
49
42
|
end
|
50
43
|
end
|
51
|
-
# rubocop:enable Security/Eval
|
52
44
|
|
53
45
|
def current_dir
|
54
46
|
@current_dir ||= file.name.rpartition("/").first
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.98.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.98.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.98.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|