dependabot-core 0.76.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +6408 -0
- data/LICENSE +37 -0
- data/README.md +115 -0
- data/helpers/elixir/bin/check_update.exs +92 -0
- data/helpers/elixir/bin/do_update.exs +39 -0
- data/helpers/elixir/bin/parse_deps.exs +103 -0
- data/helpers/elixir/bin/run.exs +76 -0
- data/helpers/elixir/mix.exs +21 -0
- data/helpers/elixir/mix.lock +3 -0
- data/helpers/go/Makefile +9 -0
- data/helpers/go/go.mod +9 -0
- data/helpers/go/go.sum +5 -0
- data/helpers/go/importresolver/main.go +34 -0
- data/helpers/go/main.go +77 -0
- data/helpers/go/updatechecker/main.go +107 -0
- data/helpers/go/updater/go.mod +3 -0
- data/helpers/go/updater/go.sum +2 -0
- data/helpers/go/updater/helpers.go +57 -0
- data/helpers/go/updater/main.go +48 -0
- data/helpers/npm/.agignore +1 -0
- data/helpers/npm/.envrc +2 -0
- data/helpers/npm/.eslintrc +14 -0
- data/helpers/npm/.nvimrc +7 -0
- data/helpers/npm/bin/run.js +34 -0
- data/helpers/npm/lib/helpers.js +25 -0
- data/helpers/npm/lib/peer-dependency-checker.js +102 -0
- data/helpers/npm/lib/subdependency-updater.js +48 -0
- data/helpers/npm/lib/updater.js +95 -0
- data/helpers/npm/package.json +17 -0
- data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
- data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
- data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
- data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
- data/helpers/npm/test/helpers.js +7 -0
- data/helpers/npm/test/updater.test.js +50 -0
- data/helpers/npm/yarn.lock +6120 -0
- data/helpers/php/.php_cs +34 -0
- data/helpers/php/bin/run.php +57 -0
- data/helpers/php/composer.json +14 -0
- data/helpers/php/composer.lock +1521 -0
- data/helpers/php/composer.phar +0 -0
- data/helpers/php/setup.sh +4 -0
- data/helpers/php/src/DependabotInstallationManager.php +61 -0
- data/helpers/php/src/DependabotPluginManager.php +23 -0
- data/helpers/php/src/ExceptionIO.php +25 -0
- data/helpers/php/src/Hasher.php +21 -0
- data/helpers/php/src/UpdateChecker.php +123 -0
- data/helpers/php/src/Updater.php +97 -0
- data/helpers/python/lib/__init__.py +0 -0
- data/helpers/python/lib/hasher.py +23 -0
- data/helpers/python/lib/parser.py +130 -0
- data/helpers/python/requirements.txt +9 -0
- data/helpers/python/run.py +18 -0
- data/helpers/test/run.rb +15 -0
- data/helpers/utils/git-credential-store-immutable +10 -0
- data/helpers/yarn/.agignore +1 -0
- data/helpers/yarn/.envrc +2 -0
- data/helpers/yarn/.eslintrc +14 -0
- data/helpers/yarn/.nvimrc +7 -0
- data/helpers/yarn/bin/run.js +36 -0
- data/helpers/yarn/lib/fix-duplicates.js +53 -0
- data/helpers/yarn/lib/helpers.js +5 -0
- data/helpers/yarn/lib/lockfile-parser.js +21 -0
- data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
- data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
- data/helpers/yarn/lib/subdependency-updater.js +69 -0
- data/helpers/yarn/lib/updater.js +254 -0
- data/helpers/yarn/package.json +17 -0
- data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
- data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
- data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
- data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
- data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
- data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
- data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
- data/helpers/yarn/test/helpers.js +7 -0
- data/helpers/yarn/test/updater.test.js +93 -0
- data/helpers/yarn/yarn.lock +4912 -0
- data/lib/bundler_definition_bundler_version_patch.rb +15 -0
- data/lib/bundler_definition_ruby_version_patch.rb +14 -0
- data/lib/bundler_git_source_patch.rb +27 -0
- data/lib/dependabot.rb +4 -0
- data/lib/dependabot/clients/bitbucket.rb +101 -0
- data/lib/dependabot/clients/github_with_retries.rb +117 -0
- data/lib/dependabot/clients/gitlab.rb +72 -0
- data/lib/dependabot/dependency.rb +118 -0
- data/lib/dependabot/dependency_file.rb +54 -0
- data/lib/dependabot/errors.rb +179 -0
- data/lib/dependabot/file_fetchers.rb +48 -0
- data/lib/dependabot/file_fetchers/README.md +65 -0
- data/lib/dependabot/file_fetchers/base.rb +302 -0
- data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
- data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
- data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
- data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
- data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
- data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
- data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
- data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
- data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
- data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
- data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
- data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
- data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
- data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
- data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
- data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
- data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
- data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
- data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
- data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
- data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
- data/lib/dependabot/file_parsers.rb +48 -0
- data/lib/dependabot/file_parsers/README.md +45 -0
- data/lib/dependabot/file_parsers/base.rb +31 -0
- data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
- data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
- data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
- data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
- data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
- data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
- data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
- data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
- data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
- data/lib/dependabot/file_parsers/go/dep.rb +163 -0
- data/lib/dependabot/file_parsers/go/modules.rb +34 -0
- data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
- data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
- data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
- data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
- data/lib/dependabot/file_parsers/java/maven.rb +252 -0
- data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
- data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
- data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
- data/lib/dependabot/file_parsers/php/composer.rb +177 -0
- data/lib/dependabot/file_parsers/python/pip.rb +223 -0
- data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
- data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
- data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
- data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
- data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
- data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
- data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
- data/lib/dependabot/file_updaters.rb +48 -0
- data/lib/dependabot/file_updaters/README.md +58 -0
- data/lib/dependabot/file_updaters/base.rb +52 -0
- data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
- data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
- data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
- data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
- data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
- data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
- data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
- data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
- data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
- data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
- data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
- data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
- data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
- data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
- data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
- data/lib/dependabot/file_updaters/go/dep.rb +77 -0
- data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
- data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
- data/lib/dependabot/file_updaters/go/modules.rb +71 -0
- data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
- data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
- data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
- data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
- data/lib/dependabot/file_updaters/java/maven.rb +155 -0
- data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
- data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
- data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
- data/lib/dependabot/file_updaters/php/composer.rb +78 -0
- data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
- data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
- data/lib/dependabot/file_updaters/python/pip.rb +147 -0
- data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
- data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
- data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
- data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
- data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
- data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
- data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
- data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
- data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
- data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
- data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
- data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
- data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
- data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
- data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
- data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
- data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
- data/lib/dependabot/git_commit_checker.rb +412 -0
- data/lib/dependabot/metadata_finders.rb +46 -0
- data/lib/dependabot/metadata_finders/README.md +53 -0
- data/lib/dependabot/metadata_finders/base.rb +117 -0
- data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
- data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
- data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
- data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
- data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
- data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
- data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
- data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
- data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
- data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
- data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
- data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
- data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
- data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
- data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
- data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
- data/lib/dependabot/pull_request_creator.rb +151 -0
- data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
- data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
- data/lib/dependabot/pull_request_creator/github.rb +233 -0
- data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
- data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
- data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
- data/lib/dependabot/pull_request_updater.rb +43 -0
- data/lib/dependabot/pull_request_updater/github.rb +151 -0
- data/lib/dependabot/shared_helpers.rb +201 -0
- data/lib/dependabot/source.rb +120 -0
- data/lib/dependabot/update_checkers.rb +48 -0
- data/lib/dependabot/update_checkers/README.md +67 -0
- data/lib/dependabot/update_checkers/base.rb +220 -0
- data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
- data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
- data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
- data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
- data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
- data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
- data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
- data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
- data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
- data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
- data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
- data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
- data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
- data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
- data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
- data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
- data/lib/dependabot/update_checkers/go/dep.rb +311 -0
- data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
- data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
- data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
- data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
- data/lib/dependabot/update_checkers/go/modules.rb +112 -0
- data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
- data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
- data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
- data/lib/dependabot/update_checkers/java/maven.rb +159 -0
- data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
- data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
- data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
- data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
- data/lib/dependabot/update_checkers/php/composer.rb +165 -0
- data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
- data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
- data/lib/dependabot/update_checkers/python/pip.rb +227 -0
- data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
- data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
- data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
- data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
- data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
- data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
- data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
- data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
- data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
- data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
- data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
- data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
- data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
- data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
- data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
- data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
- data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
- data/lib/dependabot/utils.rb +84 -0
- data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
- data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
- data/lib/dependabot/utils/dotnet/version.rb +22 -0
- data/lib/dependabot/utils/elixir/requirement.rb +53 -0
- data/lib/dependabot/utils/elixir/version.rb +59 -0
- data/lib/dependabot/utils/elm/requirement.rb +92 -0
- data/lib/dependabot/utils/elm/version.rb +19 -0
- data/lib/dependabot/utils/go/path_converter.rb +74 -0
- data/lib/dependabot/utils/go/requirement.rb +152 -0
- data/lib/dependabot/utils/go/shared_helper.rb +20 -0
- data/lib/dependabot/utils/go/version.rb +40 -0
- data/lib/dependabot/utils/java/requirement.rb +110 -0
- data/lib/dependabot/utils/java/version.rb +179 -0
- data/lib/dependabot/utils/java_script/requirement.rb +117 -0
- data/lib/dependabot/utils/java_script/version.rb +30 -0
- data/lib/dependabot/utils/php/requirement.rb +97 -0
- data/lib/dependabot/utils/php/version.rb +22 -0
- data/lib/dependabot/utils/python/requirement.rb +130 -0
- data/lib/dependabot/utils/python/version.rb +88 -0
- data/lib/dependabot/utils/ruby/requirement.rb +26 -0
- data/lib/dependabot/utils/rust/requirement.rb +108 -0
- data/lib/dependabot/utils/rust/version.rb +32 -0
- data/lib/dependabot/version.rb +5 -0
- data/lib/python_requirement_parser.rb +33 -0
- data/lib/python_versions.rb +21 -0
- metadata +641 -0
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "pathname"
|
|
4
|
+
require "parser/current"
|
|
5
|
+
require "dependabot/file_fetchers/ruby/bundler"
|
|
6
|
+
require "dependabot/errors"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module FileFetchers
|
|
10
|
+
module Ruby
|
|
11
|
+
class Bundler
|
|
12
|
+
# Finds the paths of any Gemfiles declared using `eval_gemfile` in the
|
|
13
|
+
# passed Gemfile.
|
|
14
|
+
class ChildGemfileFinder
|
|
15
|
+
def initialize(gemfile:)
|
|
16
|
+
@gemfile = gemfile
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def child_gemfile_paths
|
|
20
|
+
ast = Parser::CurrentRuby.parse(gemfile.content)
|
|
21
|
+
find_child_gemfile_paths(ast)
|
|
22
|
+
rescue Parser::SyntaxError
|
|
23
|
+
raise Dependabot::DependencyFileNotParseable, gemfile.path
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
attr_reader :gemfile
|
|
29
|
+
|
|
30
|
+
# rubocop:disable Security/Eval
|
|
31
|
+
def find_child_gemfile_paths(node)
|
|
32
|
+
return [] unless node.is_a?(Parser::AST::Node)
|
|
33
|
+
|
|
34
|
+
if declares_eval_gemfile?(node)
|
|
35
|
+
# We use eval here, but we know what we're doing. The FileFetchers
|
|
36
|
+
# helper method should only ever be run in an isolated environment
|
|
37
|
+
source = node.children[2].loc.expression.source
|
|
38
|
+
begin
|
|
39
|
+
path = eval(source)
|
|
40
|
+
rescue StandardError
|
|
41
|
+
return []
|
|
42
|
+
end
|
|
43
|
+
if Pathname.new(path).absolute?
|
|
44
|
+
base_path = Pathname.new(File.expand_path(Dir.pwd))
|
|
45
|
+
path = Pathname.new(path).relative_path_from(base_path).to_s
|
|
46
|
+
end
|
|
47
|
+
path = File.join(current_dir, path) unless current_dir.nil?
|
|
48
|
+
return [Pathname.new(path).cleanpath.to_path]
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
node.children.flat_map do |child_node|
|
|
52
|
+
find_child_gemfile_paths(child_node)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
# rubocop:enable Security/Eval
|
|
56
|
+
|
|
57
|
+
def current_dir
|
|
58
|
+
@current_dir ||= gemfile.name.split("/")[0..-2].last
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def declares_eval_gemfile?(node)
|
|
62
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
63
|
+
|
|
64
|
+
node.children[1] == :eval_gemfile
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "pathname"
|
|
4
|
+
require "parser/current"
|
|
5
|
+
require "dependabot/file_fetchers/ruby/bundler"
|
|
6
|
+
require "dependabot/errors"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module FileFetchers
|
|
10
|
+
module Ruby
|
|
11
|
+
class Bundler
|
|
12
|
+
# Finds the paths of any gemspecs declared using `path: ` in the
|
|
13
|
+
# passed Gemfile.
|
|
14
|
+
class PathGemspecFinder
|
|
15
|
+
def initialize(gemfile:)
|
|
16
|
+
@gemfile = gemfile
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def path_gemspec_paths
|
|
20
|
+
ast = Parser::CurrentRuby.parse(gemfile.content)
|
|
21
|
+
find_path_gemspec_paths(ast)
|
|
22
|
+
rescue Parser::SyntaxError
|
|
23
|
+
raise Dependabot::DependencyFileNotParseable, gemfile.path
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
attr_reader :gemfile
|
|
29
|
+
|
|
30
|
+
# rubocop:disable Security/Eval
|
|
31
|
+
def find_path_gemspec_paths(node)
|
|
32
|
+
return [] unless node.is_a?(Parser::AST::Node)
|
|
33
|
+
|
|
34
|
+
if declares_path_dependency?(node)
|
|
35
|
+
path_node = path_node_for_gem_declaration(node)
|
|
36
|
+
|
|
37
|
+
begin
|
|
38
|
+
# We use eval here, but we know what we're doing. The
|
|
39
|
+
# FileFetchers helper method should only ever be run in an
|
|
40
|
+
# isolated environment
|
|
41
|
+
path = eval(path_node.loc.expression.source)
|
|
42
|
+
rescue StandardError
|
|
43
|
+
return []
|
|
44
|
+
end
|
|
45
|
+
return [clean_path(path)]
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
relevant_child_nodes(node).flat_map do |child_node|
|
|
49
|
+
find_path_gemspec_paths(child_node)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
# rubocop:enable Security/Eval
|
|
53
|
+
|
|
54
|
+
def current_dir
|
|
55
|
+
@current_dir ||= gemfile.name.rpartition("/").first
|
|
56
|
+
@current_dir = nil if @current_dir == ""
|
|
57
|
+
@current_dir
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def declares_path_dependency?(node)
|
|
61
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
62
|
+
return false unless node.children[1] == :gem
|
|
63
|
+
|
|
64
|
+
!path_node_for_gem_declaration(node).nil?
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def clean_path(path)
|
|
68
|
+
if Pathname.new(path).absolute?
|
|
69
|
+
base_path = Pathname.new(File.expand_path(Dir.pwd))
|
|
70
|
+
path = Pathname.new(path).relative_path_from(base_path).to_s
|
|
71
|
+
end
|
|
72
|
+
path = File.join(current_dir, path) unless current_dir.nil?
|
|
73
|
+
Pathname.new(path).cleanpath.to_path
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
# rubocop:disable Security/Eval
|
|
77
|
+
def relevant_child_nodes(node)
|
|
78
|
+
return [] unless node.is_a?(Parser::AST::Node)
|
|
79
|
+
return node.children unless node.type == :if
|
|
80
|
+
|
|
81
|
+
begin
|
|
82
|
+
if eval(node.children.first.loc.expression.source)
|
|
83
|
+
[node.children[1]]
|
|
84
|
+
else
|
|
85
|
+
[node.children[2]]
|
|
86
|
+
end
|
|
87
|
+
rescue StandardError
|
|
88
|
+
return node.children
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
# rubocop:enable Security/Eval
|
|
92
|
+
|
|
93
|
+
def path_node_for_gem_declaration(node)
|
|
94
|
+
return unless node.children.last.type == :hash
|
|
95
|
+
|
|
96
|
+
kwargs_node = node.children.last
|
|
97
|
+
|
|
98
|
+
path_hash_pair =
|
|
99
|
+
kwargs_node.children.
|
|
100
|
+
find { |hash_pair| key_from_hash_pair(hash_pair) == :path }
|
|
101
|
+
|
|
102
|
+
return unless path_hash_pair
|
|
103
|
+
|
|
104
|
+
path_hash_pair.children.last
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def key_from_hash_pair(node)
|
|
108
|
+
node.children.first.children.first.to_sym
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
end
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "pathname"
|
|
4
|
+
require "parser/current"
|
|
5
|
+
require "dependabot/file_fetchers/ruby/bundler"
|
|
6
|
+
require "dependabot/errors"
|
|
7
|
+
|
|
8
|
+
module Dependabot
|
|
9
|
+
module FileFetchers
|
|
10
|
+
module Ruby
|
|
11
|
+
class Bundler
|
|
12
|
+
# Finds the paths of any files included using `require_relative` in the
|
|
13
|
+
# passed file.
|
|
14
|
+
class RequireRelativeFinder
|
|
15
|
+
def initialize(file:)
|
|
16
|
+
@file = file
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def require_relative_paths
|
|
20
|
+
ast = Parser::CurrentRuby.parse(file.content)
|
|
21
|
+
find_require_relative_paths(ast)
|
|
22
|
+
rescue Parser::SyntaxError
|
|
23
|
+
raise Dependabot::DependencyFileNotParseable, file.path
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
attr_reader :file
|
|
29
|
+
|
|
30
|
+
# rubocop:disable Security/Eval
|
|
31
|
+
def find_require_relative_paths(node)
|
|
32
|
+
return [] unless node.is_a?(Parser::AST::Node)
|
|
33
|
+
|
|
34
|
+
if declares_require_relative?(node)
|
|
35
|
+
# We use eval here, but we know what we're doing. The FileFetchers
|
|
36
|
+
# helper method should only ever be run in an isolated environment
|
|
37
|
+
source = node.children[2].loc.expression.source
|
|
38
|
+
begin
|
|
39
|
+
path = eval(source)
|
|
40
|
+
rescue StandardError
|
|
41
|
+
return []
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
path = File.join(current_dir, path) unless current_dir.nil?
|
|
45
|
+
return [Pathname.new(path + ".rb").cleanpath.to_path]
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
node.children.flat_map do |child_node|
|
|
49
|
+
find_require_relative_paths(child_node)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
# rubocop:enable Security/Eval
|
|
53
|
+
|
|
54
|
+
def current_dir
|
|
55
|
+
@current_dir ||= file.name.split("/")[0..-2].last
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def declares_require_relative?(node)
|
|
59
|
+
return false unless node.is_a?(Parser::AST::Node)
|
|
60
|
+
|
|
61
|
+
node.children[1] == :require_relative
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
@@ -0,0 +1,240 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "pathname"
|
|
4
|
+
require "toml-rb"
|
|
5
|
+
|
|
6
|
+
require "dependabot/file_fetchers/base"
|
|
7
|
+
require "dependabot/file_parsers/rust/cargo"
|
|
8
|
+
|
|
9
|
+
# Docs on Cargo workspaces:
|
|
10
|
+
# https://doc.rust-lang.org/cargo/reference/manifest.html#the-workspace-section
|
|
11
|
+
module Dependabot
|
|
12
|
+
module FileFetchers
|
|
13
|
+
module Rust
|
|
14
|
+
class Cargo < Dependabot::FileFetchers::Base
|
|
15
|
+
def self.required_files_in?(filenames)
|
|
16
|
+
filenames.include?("Cargo.toml")
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.required_files_message
|
|
20
|
+
"Repo must contain a Cargo.toml."
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def fetch_files
|
|
26
|
+
fetched_files = []
|
|
27
|
+
fetched_files << cargo_toml
|
|
28
|
+
fetched_files << cargo_lock if cargo_lock
|
|
29
|
+
fetched_files << rust_toolchain if rust_toolchain
|
|
30
|
+
fetched_files += workspace_files
|
|
31
|
+
fetched_files += path_dependency_files
|
|
32
|
+
fetched_files
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def workspace_files
|
|
36
|
+
@workspace_files ||=
|
|
37
|
+
fetch_workspace_files(
|
|
38
|
+
file: cargo_toml,
|
|
39
|
+
previously_fetched_files: []
|
|
40
|
+
)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def path_dependency_files
|
|
44
|
+
@path_dependency_files ||=
|
|
45
|
+
begin
|
|
46
|
+
fetched_path_dependency_files = []
|
|
47
|
+
[cargo_toml, *workspace_files].each do |file|
|
|
48
|
+
fetched_path_dependency_files +=
|
|
49
|
+
fetch_path_dependency_files(
|
|
50
|
+
file: file,
|
|
51
|
+
previously_fetched_files: [cargo_toml, *workspace_files] +
|
|
52
|
+
fetched_path_dependency_files
|
|
53
|
+
)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
fetched_path_dependency_files
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def fetch_workspace_files(file:, previously_fetched_files:)
|
|
61
|
+
current_dir = file.name.split("/")[0..-2].join("/")
|
|
62
|
+
current_dir = nil if current_dir == ""
|
|
63
|
+
|
|
64
|
+
workspace_dependency_paths_from_file(file).flat_map do |path|
|
|
65
|
+
path = File.join(current_dir, path) unless current_dir.nil?
|
|
66
|
+
path = Pathname.new(path).cleanpath.to_path
|
|
67
|
+
|
|
68
|
+
next if previously_fetched_files.map(&:name).include?(path)
|
|
69
|
+
next if file.name == path
|
|
70
|
+
|
|
71
|
+
fetched_file = fetch_file_from_host(path)
|
|
72
|
+
previously_fetched_files << fetched_file
|
|
73
|
+
grandchild_requirement_files =
|
|
74
|
+
fetch_workspace_files(
|
|
75
|
+
file: fetched_file,
|
|
76
|
+
previously_fetched_files: previously_fetched_files
|
|
77
|
+
)
|
|
78
|
+
[fetched_file, *grandchild_requirement_files]
|
|
79
|
+
end.compact
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
def fetch_path_dependency_files(
|
|
83
|
+
file:,
|
|
84
|
+
previously_fetched_files:
|
|
85
|
+
)
|
|
86
|
+
current_dir = file.name.split("/")[0..-2].join("/")
|
|
87
|
+
current_dir = nil if current_dir == ""
|
|
88
|
+
|
|
89
|
+
path_dependency_paths_from_file(file).flat_map do |path|
|
|
90
|
+
path = File.join(current_dir, path) unless current_dir.nil?
|
|
91
|
+
path = Pathname.new(path).cleanpath.to_path
|
|
92
|
+
|
|
93
|
+
next if previously_fetched_files.map(&:name).include?(path)
|
|
94
|
+
next if file.name == path
|
|
95
|
+
|
|
96
|
+
fetched_file = fetch_file_from_host(path, type: "path_dependency").
|
|
97
|
+
tap { |f| f.support_file = true }
|
|
98
|
+
previously_fetched_files << fetched_file
|
|
99
|
+
grandchild_requirement_files =
|
|
100
|
+
fetch_path_dependency_files(
|
|
101
|
+
file: fetched_file,
|
|
102
|
+
previously_fetched_files: previously_fetched_files
|
|
103
|
+
)
|
|
104
|
+
[fetched_file, *grandchild_requirement_files]
|
|
105
|
+
rescue Dependabot::DependencyFileNotFound
|
|
106
|
+
raise if required_path?(file, path)
|
|
107
|
+
end.compact
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
def path_dependency_paths_from_file(file)
|
|
111
|
+
paths = []
|
|
112
|
+
|
|
113
|
+
# Paths specified in dependency declaration
|
|
114
|
+
FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
|
|
115
|
+
parsed_file(file).fetch(type, {}).each do |_, details|
|
|
116
|
+
next unless details.is_a?(Hash)
|
|
117
|
+
next unless details["path"]
|
|
118
|
+
|
|
119
|
+
paths << File.join(details["path"], "Cargo.toml")
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
# Paths specified for target-specific dependencies
|
|
124
|
+
parsed_file(file).fetch("target", {}).each do |_, t_details|
|
|
125
|
+
FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
|
|
126
|
+
t_details.fetch(type, {}).each do |_, details|
|
|
127
|
+
next unless details.is_a?(Hash)
|
|
128
|
+
next unless details["path"]
|
|
129
|
+
|
|
130
|
+
paths << File.join(details["path"], "Cargo.toml")
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
# Paths specified as replacements
|
|
136
|
+
parsed_file(file).fetch("replace", {}).each do |_, details|
|
|
137
|
+
next unless details.is_a?(Hash)
|
|
138
|
+
next unless details["path"]
|
|
139
|
+
|
|
140
|
+
paths << File.join(details["path"], "Cargo.toml")
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
paths
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
def workspace_dependency_paths_from_file(file)
|
|
147
|
+
workspace_paths = parsed_file(file).dig("workspace", "members")
|
|
148
|
+
return [] unless workspace_paths&.any?
|
|
149
|
+
|
|
150
|
+
# Expand any workspace paths that specify a `*`
|
|
151
|
+
workspace_paths = workspace_paths.flat_map do |path|
|
|
152
|
+
path.end_with?("*") ? expand_workspaces(path) : [path]
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
# Excluded paths, to be subtracted for the workspaces array
|
|
156
|
+
excluded_paths = parsed_file(file).dig("workspace", "excluded_paths")
|
|
157
|
+
|
|
158
|
+
(workspace_paths - (excluded_paths || [])).map do |path|
|
|
159
|
+
File.join(path, "Cargo.toml")
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
# Check whether a path is required or not. It will not be required if
|
|
164
|
+
# an alternative source (i.e., a git source) is also specified
|
|
165
|
+
# rubocop:disable Metrics/AbcSize
|
|
166
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
167
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
168
|
+
def required_path?(file, path)
|
|
169
|
+
# Paths specified in dependency declaration
|
|
170
|
+
FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
|
|
171
|
+
parsed_file(file).fetch(type, {}).each do |_, details|
|
|
172
|
+
next unless details.is_a?(Hash)
|
|
173
|
+
next unless details["path"]
|
|
174
|
+
next unless path == File.join(details["path"], "Cargo.toml")
|
|
175
|
+
|
|
176
|
+
return true if details["git"].nil?
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
# Paths specified for target-specific dependencies
|
|
181
|
+
parsed_file(file).fetch("target", {}).each do |_, t_details|
|
|
182
|
+
FileParsers::Rust::Cargo::DEPENDENCY_TYPES.each do |type|
|
|
183
|
+
t_details.fetch(type, {}).each do |_, details|
|
|
184
|
+
next unless details.is_a?(Hash)
|
|
185
|
+
next unless details["path"]
|
|
186
|
+
next unless path == File.join(details["path"], "Cargo.toml")
|
|
187
|
+
|
|
188
|
+
return true if details["git"].nil?
|
|
189
|
+
end
|
|
190
|
+
end
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
# Paths specified as replacements
|
|
194
|
+
parsed_file(file).fetch("replace", {}).each do |_, details|
|
|
195
|
+
next unless details.is_a?(Hash)
|
|
196
|
+
next unless details["path"]
|
|
197
|
+
next unless path == File.join(details["path"], "Cargo.toml")
|
|
198
|
+
|
|
199
|
+
return true if details["git"].nil?
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
false
|
|
203
|
+
end
|
|
204
|
+
# rubocop:enable Metrics/AbcSize
|
|
205
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
206
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
207
|
+
|
|
208
|
+
def expand_workspaces(path)
|
|
209
|
+
path = Pathname.new(path).cleanpath.to_path
|
|
210
|
+
dir = directory.gsub(%r{(^/|/$)}, "")
|
|
211
|
+
unglobbed_path = path.split("*").first.gsub(%r{(?<=/)[^/]*$}, "")
|
|
212
|
+
|
|
213
|
+
repo_contents(dir: unglobbed_path, raise_errors: false).
|
|
214
|
+
select { |file| file.type == "dir" }.
|
|
215
|
+
map { |f| f.path.gsub(%r{^/?#{Regexp.escape(dir)}/?}, "") }.
|
|
216
|
+
select { |filename| File.fnmatch?(path, filename) }
|
|
217
|
+
end
|
|
218
|
+
|
|
219
|
+
def parsed_file(file)
|
|
220
|
+
TomlRB.parse(file.content)
|
|
221
|
+
rescue TomlRB::ParseError
|
|
222
|
+
raise Dependabot::DependencyFileNotParseable, file.path
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
def cargo_toml
|
|
226
|
+
@cargo_toml ||= fetch_file_from_host("Cargo.toml")
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
def cargo_lock
|
|
230
|
+
@cargo_lock ||= fetch_file_if_present("Cargo.lock")
|
|
231
|
+
end
|
|
232
|
+
|
|
233
|
+
def rust_toolchain
|
|
234
|
+
@rust_toolchain ||= fetch_file_if_present("rust-toolchain")&.
|
|
235
|
+
tap { |f| f.support_file = true }
|
|
236
|
+
end
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
end
|
|
240
|
+
end
|