RubyGems - dependabot-core - Versions diffs - 0.76.1 - Mend

dependabot-core 0.76.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +6408 -0
data/LICENSE +37 -0
data/README.md +115 -0
data/helpers/elixir/bin/check_update.exs +92 -0
data/helpers/elixir/bin/do_update.exs +39 -0
data/helpers/elixir/bin/parse_deps.exs +103 -0
data/helpers/elixir/bin/run.exs +76 -0
data/helpers/elixir/mix.exs +21 -0
data/helpers/elixir/mix.lock +3 -0
data/helpers/go/Makefile +9 -0
data/helpers/go/go.mod +9 -0
data/helpers/go/go.sum +5 -0
data/helpers/go/importresolver/main.go +34 -0
data/helpers/go/main.go +77 -0
data/helpers/go/updatechecker/main.go +107 -0
data/helpers/go/updater/go.mod +3 -0
data/helpers/go/updater/go.sum +2 -0
data/helpers/go/updater/helpers.go +57 -0
data/helpers/go/updater/main.go +48 -0
data/helpers/npm/.agignore +1 -0
data/helpers/npm/.envrc +2 -0
data/helpers/npm/.eslintrc +14 -0
data/helpers/npm/.nvimrc +7 -0
data/helpers/npm/bin/run.js +34 -0
data/helpers/npm/lib/helpers.js +25 -0
data/helpers/npm/lib/peer-dependency-checker.js +102 -0
data/helpers/npm/lib/subdependency-updater.js +48 -0
data/helpers/npm/lib/updater.js +95 -0
data/helpers/npm/package.json +17 -0
data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
data/helpers/npm/test/helpers.js +7 -0
data/helpers/npm/test/updater.test.js +50 -0
data/helpers/npm/yarn.lock +6120 -0
data/helpers/php/.php_cs +34 -0
data/helpers/php/bin/run.php +57 -0
data/helpers/php/composer.json +14 -0
data/helpers/php/composer.lock +1521 -0
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +4 -0
data/helpers/php/src/DependabotInstallationManager.php +61 -0
data/helpers/php/src/DependabotPluginManager.php +23 -0
data/helpers/php/src/ExceptionIO.php +25 -0
data/helpers/php/src/Hasher.php +21 -0
data/helpers/php/src/UpdateChecker.php +123 -0
data/helpers/php/src/Updater.php +97 -0
data/helpers/python/lib/__init__.py +0 -0
data/helpers/python/lib/hasher.py +23 -0
data/helpers/python/lib/parser.py +130 -0
data/helpers/python/requirements.txt +9 -0
data/helpers/python/run.py +18 -0
data/helpers/test/run.rb +15 -0
data/helpers/utils/git-credential-store-immutable +10 -0
data/helpers/yarn/.agignore +1 -0
data/helpers/yarn/.envrc +2 -0
data/helpers/yarn/.eslintrc +14 -0
data/helpers/yarn/.nvimrc +7 -0
data/helpers/yarn/bin/run.js +36 -0
data/helpers/yarn/lib/fix-duplicates.js +53 -0
data/helpers/yarn/lib/helpers.js +5 -0
data/helpers/yarn/lib/lockfile-parser.js +21 -0
data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
data/helpers/yarn/lib/subdependency-updater.js +69 -0
data/helpers/yarn/lib/updater.js +254 -0
data/helpers/yarn/package.json +17 -0
data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
data/helpers/yarn/test/helpers.js +7 -0
data/helpers/yarn/test/updater.test.js +93 -0
data/helpers/yarn/yarn.lock +4912 -0
data/lib/bundler_definition_bundler_version_patch.rb +15 -0
data/lib/bundler_definition_ruby_version_patch.rb +14 -0
data/lib/bundler_git_source_patch.rb +27 -0
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +101 -0
data/lib/dependabot/clients/github_with_retries.rb +117 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +118 -0
data/lib/dependabot/dependency_file.rb +54 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +48 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +302 -0
data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
data/lib/dependabot/file_parsers.rb +48 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
data/lib/dependabot/file_parsers/go/dep.rb +163 -0
data/lib/dependabot/file_parsers/go/modules.rb +34 -0
data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
data/lib/dependabot/file_parsers/java/maven.rb +252 -0
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
data/lib/dependabot/file_parsers/php/composer.rb +177 -0
data/lib/dependabot/file_parsers/python/pip.rb +223 -0
data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
data/lib/dependabot/file_updaters.rb +48 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
data/lib/dependabot/file_updaters/go/dep.rb +77 -0
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
data/lib/dependabot/file_updaters/go/modules.rb +71 -0
data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
data/lib/dependabot/file_updaters/java/maven.rb +155 -0
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
data/lib/dependabot/file_updaters/php/composer.rb +78 -0
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
data/lib/dependabot/file_updaters/python/pip.rb +147 -0
data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +46 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
data/lib/dependabot/pull_request_creator.rb +151 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +233 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +151 -0
data/lib/dependabot/shared_helpers.rb +201 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +48 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
data/lib/dependabot/update_checkers/go/dep.rb +311 -0
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
data/lib/dependabot/update_checkers/go/modules.rb +112 -0
data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
data/lib/dependabot/update_checkers/java/maven.rb +159 -0
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
data/lib/dependabot/update_checkers/php/composer.rb +165 -0
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
data/lib/dependabot/update_checkers/python/pip.rb +227 -0
data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
data/lib/dependabot/utils.rb +84 -0
data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
data/lib/dependabot/utils/dotnet/version.rb +22 -0
data/lib/dependabot/utils/elixir/requirement.rb +53 -0
data/lib/dependabot/utils/elixir/version.rb +59 -0
data/lib/dependabot/utils/elm/requirement.rb +92 -0
data/lib/dependabot/utils/elm/version.rb +19 -0
data/lib/dependabot/utils/go/path_converter.rb +74 -0
data/lib/dependabot/utils/go/requirement.rb +152 -0
data/lib/dependabot/utils/go/shared_helper.rb +20 -0
data/lib/dependabot/utils/go/version.rb +40 -0
data/lib/dependabot/utils/java/requirement.rb +110 -0
data/lib/dependabot/utils/java/version.rb +179 -0
data/lib/dependabot/utils/java_script/requirement.rb +117 -0
data/lib/dependabot/utils/java_script/version.rb +30 -0
data/lib/dependabot/utils/php/requirement.rb +97 -0
data/lib/dependabot/utils/php/version.rb +22 -0
data/lib/dependabot/utils/python/requirement.rb +130 -0
data/lib/dependabot/utils/python/version.rb +88 -0
data/lib/dependabot/utils/ruby/requirement.rb +26 -0
data/lib/dependabot/utils/rust/requirement.rb +108 -0
data/lib/dependabot/utils/rust/version.rb +32 -0
data/lib/dependabot/version.rb +5 -0
data/lib/python_requirement_parser.rb +33 -0
data/lib/python_versions.rb +21 -0
metadata +641 -0

data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb ADDED Viewed

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+require "dependabot/file_updaters/ruby/bundler"
+module Dependabot
+  module FileUpdaters
+    module Ruby
+      class Bundler
+        class GemfileUpdater
+          require_relative "git_pin_replacer"
+          require_relative "git_source_remover"
+          require_relative "requirement_replacer"
+          def initialize(dependencies:, gemfile:)
+            @dependencies = dependencies
+            @gemfile = gemfile
+          end
+          def updated_gemfile_content
+            content = gemfile.content
+            dependencies.each do |dependency|
+              content = replace_gemfile_version_requirement(
+                dependency,
+                gemfile,
+                content
+              )
+              if remove_git_source?(dependency)
+                content = remove_gemfile_git_source(dependency, content)
+              end
+              if update_git_pin?(dependency)
+                content = update_gemfile_git_pin(dependency, gemfile, content)
+              end
+            end
+            content
+          end
+          private
+          attr_reader :dependencies, :gemfile
+          def replace_gemfile_version_requirement(dependency, file, content)
+            return content unless requirement_changed?(file, dependency)
+            updated_requirement =
+              dependency.requirements.
+              find { |r| r[:file] == file.name }.
+              fetch(:requirement)
+            previous_requirement =
+              dependency.previous_requirements.
+              find { |r| r[:file] == file.name }.
+              fetch(:requirement)
+            RequirementReplacer.new(
+              dependency: dependency,
+              file_type: :gemfile,
+              updated_requirement: updated_requirement,
+              previous_requirement: previous_requirement
+            ).rewrite(content)
+          end
+          def requirement_changed?(file, dependency)
+            changed_requirements =
+              dependency.requirements - dependency.previous_requirements
+            changed_requirements.any? { |f| f[:file] == file.name }
+          end
+          def remove_git_source?(dependency)
+            old_gemfile_req =
+              dependency.previous_requirements.
+              find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            return false unless old_gemfile_req&.dig(:source, :type) == "git"
+            new_gemfile_req =
+              dependency.requirements.
+              find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            new_gemfile_req[:source].nil?
+          end
+          def update_git_pin?(dependency)
+            new_gemfile_req =
+              dependency.requirements.
+              find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            return false unless new_gemfile_req&.dig(:source, :type) == "git"
+            # If the new requirement is a git dependency with a ref then there's
+            # no harm in doing an update
+            new_gemfile_req.dig(:source, :ref)
+          end
+          def remove_gemfile_git_source(dependency, content)
+            GitSourceRemover.new(dependency: dependency).rewrite(content)
+          end
+          def update_gemfile_git_pin(dependency, file, content)
+            new_pin =
+              dependency.requirements.
+              find { |f| f[:file] == file.name }.
+              fetch(:source).fetch(:ref)
+            GitPinReplacer.
+              new(dependency: dependency, new_pin: new_pin).
+              rewrite(content)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require "parser/current"
+require "dependabot/file_updaters/ruby/bundler"
+module Dependabot
+  module FileUpdaters
+    module Ruby
+      class Bundler
+        class GemspecDependencyNameFinder
+          attr_reader :gemspec_content
+          def initialize(gemspec_content:)
+            @gemspec_content = gemspec_content
+          end
+          # rubocop:disable Security/Eval
+          def dependency_name
+            ast = Parser::CurrentRuby.parse(gemspec_content)
+            dependency_name_node = find_dependency_name_node(ast)
+            return unless dependency_name_node
+            begin
+              eval(dependency_name_node.children[2].loc.expression.source)
+            rescue StandardError
+              nil # If we can't evaluate the expression just return nil
+            end
+          end
+          # rubocop:enable Security/Eval
+          private
+          def find_dependency_name_node(node)
+            return unless node.is_a?(Parser::AST::Node)
+            return node if declares_dependency_name?(node)
+            node.children.find do |cn|
+              dependency_name_node = find_dependency_name_node(cn)
+              break dependency_name_node if dependency_name_node
+            end
+          end
+          def declares_dependency_name?(node)
+            return false unless node.is_a?(Parser::AST::Node)
+            node.children[1] == :name=
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb ADDED Viewed

@@ -0,0 +1,298 @@
+# frozen_string_literal: true
+require "parser/current"
+require "dependabot/file_updaters/ruby/bundler"
+module Dependabot
+  module FileUpdaters
+    module Ruby
+      class Bundler
+        class GemspecSanitizer
+          UNNECESSARY_ASSIGNMENTS = %i(
+            bindir=
+            cert_chain=
+            email=
+            executables=
+            extra_rdoc_files=
+            homepage=
+            license=
+            licenses=
+            metadata=
+            post_install_message=
+            rdoc_options=
+          ).freeze
+          attr_reader :replacement_version
+          def initialize(replacement_version:)
+            @replacement_version = replacement_version
+          end
+          def rewrite(content)
+            buffer = Parser::Source::Buffer.new("(gemspec_content)")
+            buffer.source = content
+            ast = Parser::CurrentRuby.new.parse(buffer)
+            Rewriter.
+              new(replacement_version: replacement_version).
+              rewrite(buffer, ast)
+          end
+          class Rewriter < Parser::TreeRewriter
+            def initialize(replacement_version:)
+              @replacement_version = replacement_version
+            end
+            def on_send(node)
+              # Wrap any `require` or `require_relative` calls in a rescue
+              # block, as we might not have the required files
+              wrap_require(node) if requires_file?(node)
+              # Remove any assignments to a VERSION constant (or similar), as
+              # that constant probably comes from a required file
+              replace_version_assignments(node)
+              # Replace the `s.files= ...` assignment with a blank array, as
+              # occassionally a File.open(..).readlines pattern is used
+              replace_file_assignments(node)
+              # Replace the `s.require_path= ...` assignment, as
+              # occassionally a Dir['lib'] pattern is used
+              replace_require_paths_assignments(node)
+              # Replace any `File.read(...)` calls with a dummy string
+              replace_file_reads(node)
+              # Remove the arguments from any `Find.find(...)` calls
+              remove_find_dot_find_args(node)
+              remove_unnecessary_assignments(node)
+            end
+            private
+            attr_reader :replacement_version
+            def requires_file?(node)
+              %i(require require_relative).include?(node.children[1])
+            end
+            def wrap_require(node)
+              replace(
+                node.loc.expression,
+                "begin\n"\
+                "#{node.loc.expression.source_line}\n"\
+                "rescue LoadError\n"\
+                "end"
+              )
+            end
+            def replace_version_assignments(node)
+              return unless node.is_a?(Parser::AST::Node)
+              if node_assigns_to_version_constant?(node)
+                return replace_constant(node)
+              end
+              node.children.each { |child| replace_version_assignments(child) }
+            end
+            def replace_file_assignments(node)
+              return unless node.is_a?(Parser::AST::Node)
+              if node_assigns_files_to_var?(node)
+                return replace_file_assignment(node)
+              end
+              node.children.each { |child| replace_file_assignments(child) }
+            end
+            def replace_require_paths_assignments(node)
+              return unless node.is_a?(Parser::AST::Node)
+              if node_assigns_require_paths?(node)
+                return replace_require_paths_assignment(node)
+              end
+              node.children.each do |child|
+                replace_require_paths_assignments(child)
+              end
+            end
+            def node_assigns_to_version_constant?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :lvar
+              return true if node.children[1] == :version=
+              return true if node_is_version_constant?(node.children.last)
+              return true if node_calls_version_constant?(node.children.last)
+              node_interpolates_version_constant?(node.children.last)
+            end
+            def node_assigns_files_to_var?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :lvar
+              return false unless node.children[1] == :files=
+              node.children[2]&.type == :send
+            end
+            def node_assigns_require_paths?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :lvar
+              node.children[1] == :require_paths=
+            end
+            def replace_file_reads(node)
+              return unless node.is_a?(Parser::AST::Node)
+              return if node.children[1] == :version=
+              return replace_file_read(node) if node_reads_a_file?(node)
+              return replace_file_readlines(node) if node_uses_readlines?(node)
+              node.children.each { |child| replace_file_reads(child) }
+            end
+            def node_reads_a_file?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :const
+              return false unless node.children.first.children.last == :File
+              node.children[1] == :read
+            end
+            def node_uses_readlines?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :const
+              return false unless node.children.first.children.last == :File
+              node.children[1] == :readlines
+            end
+            def remove_find_dot_find_args(node)
+              return unless node.is_a?(Parser::AST::Node)
+              return if node.children[1] == :version=
+              return remove_find_args(node) if node_calls_find_dot_find?(node)
+              node.children.each { |child| remove_find_dot_find_args(child) }
+            end
+            def node_calls_find_dot_find?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :const
+              return false unless node.children.first.children.last == :Find
+              node.children[1] == :find
+            end
+            def remove_unnecessary_assignments(node)
+              return unless node.is_a?(Parser::AST::Node)
+              if unnecessary_assignment?(node) &&
+                 node.children.last&.location&.respond_to?(:heredoc_end)
+                range_to_remove = node.loc.expression.join(
+                  node.children.last.location.heredoc_end
+                )
+                return replace(range_to_remove, '"sanitized"')
+              elsif unnecessary_assignment?(node)
+                return replace(node.loc.expression, '"sanitized"')
+              end
+              node.children.each do |child|
+                remove_unnecessary_assignments(child)
+              end
+            end
+            def unnecessary_assignment?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.children.first.is_a?(Parser::AST::Node)
+              return false unless node.children.first&.type == :lvar
+              UNNECESSARY_ASSIGNMENTS.include?(node.children[1])
+            end
+            def node_is_version_constant?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.type == :const
+              node.children.last.to_s.match?(/version/i)
+            end
+            def node_calls_version_constant?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.type == :send
+              node.children.any? { |n| node_is_version_constant?(n) }
+            end
+            def node_interpolates_version_constant?(node)
+              return false unless node.is_a?(Parser::AST::Node)
+              return false unless node.type == :dstr
+              node.children.
+                select { |n| n.type == :begin }.
+                flat_map(&:children).
+                any? { |n| node_is_version_constant?(n) }
+            end
+            def replace_constant(node)
+              case node.children.last&.type
+              when :str, :int then nil # no-op
+              when :const, :send, :lvar
+                replace(
+                  node.children.last.loc.expression,
+                  %("#{replacement_version}")
+                )
+              when :dstr
+                node.children.last.children.
+                  select { |n| n.type == :begin }.
+                  flat_map(&:children).
+                  select { |n| node_is_version_constant?(n) }.
+                  each do |n|
+                    replace(
+                      n.loc.expression,
+                      %("#{replacement_version}")
+                    )
+                  end
+              else
+                raise "Unexpected node type #{node.children.last&.type}"
+              end
+            end
+            def replace_file_assignment(node)
+              replace(node.children.last.loc.expression, "[]")
+            end
+            def replace_require_paths_assignment(node)
+              replace(node.children.last.loc.expression, "['lib']")
+            end
+            def replace_file_read(node)
+              replace(node.loc.expression, '"text"')
+            end
+            def replace_file_readlines(node)
+              replace(node.loc.expression, '["text"]')
+            end
+            def remove_find_args(node)
+              last_arg = node.children.last
+              range_to_remove =
+                last_arg.loc.expression.join(node.children[2].loc.begin.begin)
+              remove(range_to_remove)
+            end
+          end
+        end
+      end
+    end
+  end
+end