dependabot-core 0.93.17 → 0.94.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/dependency.rb +16 -21
- data/lib/dependabot/file_fetchers.rb +1 -5
- data/lib/dependabot/file_parsers.rb +1 -5
- data/lib/dependabot/file_updaters.rb +1 -5
- data/lib/dependabot/metadata_finders.rb +1 -5
- data/lib/dependabot/pull_request_creator/labeler.rb +26 -24
- data/lib/dependabot/update_checkers.rb +1 -5
- data/lib/dependabot/utils.rb +2 -12
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -28
- data/lib/dependabot/file_fetchers/ruby/bundler.rb +0 -215
- data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +0 -70
- data/lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb +0 -98
- data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +0 -114
- data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +0 -67
- data/lib/dependabot/file_parsers/ruby/bundler.rb +0 -294
- data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +0 -86
- data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +0 -48
- data/lib/dependabot/file_updaters/ruby/bundler.rb +0 -123
- data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +0 -116
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +0 -52
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +0 -298
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +0 -64
- data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +0 -80
- data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +0 -102
- data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +0 -389
- data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +0 -223
- data/lib/dependabot/metadata_finders/ruby/bundler.rb +0 -202
- data/lib/dependabot/update_checkers/ruby/bundler.rb +0 -331
- data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +0 -281
- data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +0 -261
- data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +0 -169
- data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +0 -283
- data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +0 -115
- data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +0 -246
- data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +0 -272
- data/lib/dependabot/utils/ruby/requirement.rb +0 -26
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 12e493715e112615890a2889982a5570f4c92546f032b4e142d517401812642a
|
4
|
+
data.tar.gz: d7fda6c2fd269825ea84f2f8f17aea6d64ace86b4a2bdf61e0e24fafd753d5bd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2be2d07ee3b2430bb1bf4668251075d5fe39dc8a550383271b3fc00e3644ac8936bca38246acf586644cd22952b39fff36fba2abeb359e5b58c43661cfd9b8a2
|
7
|
+
data.tar.gz: e0cb7269cbfe36a507c866436624c39a7fb00c7667b5b728073ad0b68d271fd286ecc7958edd88bca350741cf12befeffdfd51a4859983246d3f022ca7742c7e
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,19 @@ require "rubygems_version_patch"
|
|
4
4
|
|
5
5
|
module Dependabot
|
6
6
|
class Dependency
|
7
|
+
@production_checks = {}
|
8
|
+
|
9
|
+
def self.production_check_for_package_manager(package_manager)
|
10
|
+
production_check = @production_checks[package_manager]
|
11
|
+
return production_check if production_check
|
12
|
+
|
13
|
+
raise "Unsupported package_manager #{package_manager}"
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.register_production_check(package_manager, production_check)
|
17
|
+
@production_checks[package_manager] = production_check
|
18
|
+
end
|
19
|
+
|
7
20
|
attr_reader :name, :version, :requirements, :package_manager,
|
8
21
|
:previous_version, :previous_requirements
|
9
22
|
|
@@ -39,33 +52,15 @@ module Dependabot
|
|
39
52
|
previous_version || (version && previous_requirements.nil?)
|
40
53
|
end
|
41
54
|
|
42
|
-
# rubocop:disable Metrics/CyclomaticComplexity
|
43
|
-
# rubocop:disable Metrics/PerceivedComplexity
|
44
55
|
def production?
|
45
56
|
return true unless top_level?
|
46
57
|
|
47
58
|
groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
|
48
59
|
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
groups.include?("optionalDependencies") ||
|
53
|
-
groups.include?("dependencies")
|
54
|
-
when "composer" then groups.include?("runtime")
|
55
|
-
when "pip"
|
56
|
-
groups.empty? ||
|
57
|
-
groups.include?("default") ||
|
58
|
-
groups.include?("dependencies")
|
59
|
-
when "bundler"
|
60
|
-
groups.empty? ||
|
61
|
-
groups.include?("runtime") ||
|
62
|
-
groups.include?("default") ||
|
63
|
-
groups.any? { |g| g.include?("prod") }
|
64
|
-
else true
|
65
|
-
end
|
60
|
+
self.class.
|
61
|
+
production_check_for_package_manager(package_manager).
|
62
|
+
call(groups)
|
66
63
|
end
|
67
|
-
# rubocop:enable Metrics/CyclomaticComplexity
|
68
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
69
64
|
|
70
65
|
def display_name
|
71
66
|
return name unless %w(maven gradle).include?(package_manager)
|
@@ -1,12 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/file_fetchers/ruby/bundler"
|
4
|
-
|
5
3
|
module Dependabot
|
6
4
|
module FileFetchers
|
7
|
-
@file_fetchers = {
|
8
|
-
"bundler" => FileFetchers::Ruby::Bundler
|
9
|
-
}
|
5
|
+
@file_fetchers = {}
|
10
6
|
|
11
7
|
def self.for_package_manager(package_manager)
|
12
8
|
file_fetcher = @file_fetchers[package_manager]
|
@@ -1,12 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/file_parsers/ruby/bundler"
|
4
|
-
|
5
3
|
module Dependabot
|
6
4
|
module FileParsers
|
7
|
-
@file_parsers = {
|
8
|
-
"bundler" => FileParsers::Ruby::Bundler
|
9
|
-
}
|
5
|
+
@file_parsers = {}
|
10
6
|
|
11
7
|
def self.for_package_manager(package_manager)
|
12
8
|
file_parser = @file_parsers[package_manager]
|
@@ -1,12 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/file_updaters/ruby/bundler"
|
4
|
-
|
5
3
|
module Dependabot
|
6
4
|
module FileUpdaters
|
7
|
-
@file_updaters = {
|
8
|
-
"bundler" => FileUpdaters::Ruby::Bundler
|
9
|
-
}
|
5
|
+
@file_updaters = {}
|
10
6
|
|
11
7
|
def self.for_package_manager(package_manager)
|
12
8
|
file_updater = @file_updaters[package_manager]
|
@@ -1,12 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/metadata_finders/ruby/bundler"
|
4
|
-
|
5
3
|
module Dependabot
|
6
4
|
module MetadataFinders
|
7
|
-
@metadata_finders = {
|
8
|
-
"bundler" => MetadataFinders::Ruby::Bundler
|
9
|
-
}
|
5
|
+
@metadata_finders = {}
|
10
6
|
|
11
7
|
def self.for_package_manager(package_manager)
|
12
8
|
metadata_finder = @metadata_finders[package_manager]
|
@@ -9,23 +9,19 @@ module Dependabot
|
|
9
9
|
class PullRequestCreator
|
10
10
|
class Labeler
|
11
11
|
DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
"
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
"dep" => { name: "go", colour: "16e2e2" },
|
26
|
-
"go_modules" => { name: "go", colour: "16e2e2" },
|
27
|
-
"elm" => { name: "elm", colour: "76d3f2" }
|
28
|
-
}.freeze
|
12
|
+
|
13
|
+
@label_details = {}
|
14
|
+
|
15
|
+
def self.label_details_for_package_manager(package_manager)
|
16
|
+
label_details = @label_details[package_manager]
|
17
|
+
return label_details if label_details
|
18
|
+
|
19
|
+
raise "Unsupported package_manager #{package_manager}"
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.register_label_details(package_manager, label_details)
|
23
|
+
@label_details[package_manager] = label_details
|
24
|
+
end
|
29
25
|
|
30
26
|
def initialize(source:, custom_labels:, credentials:, dependencies:,
|
31
27
|
includes_security_fixes:, label_language:)
|
@@ -199,7 +195,9 @@ module Dependabot
|
|
199
195
|
end
|
200
196
|
|
201
197
|
def language_label
|
202
|
-
label_name =
|
198
|
+
label_name =
|
199
|
+
self.class.label_details_for_package_manager(package_manager).
|
200
|
+
fetch(:name)
|
203
201
|
labels.find { |l| l.casecmp(label_name).zero? }
|
204
202
|
end
|
205
203
|
|
@@ -304,12 +302,14 @@ module Dependabot
|
|
304
302
|
end
|
305
303
|
|
306
304
|
def create_github_language_label
|
307
|
-
langauge_name =
|
308
|
-
|
305
|
+
langauge_name =
|
306
|
+
self.class.label_details_for_package_manager(package_manager).
|
307
|
+
fetch(:name)
|
309
308
|
github_client_for_source.add_label(
|
310
309
|
source.repo,
|
311
310
|
langauge_name,
|
312
|
-
|
311
|
+
self.class.label_details_for_package_manager(package_manager).
|
312
|
+
fetch(:colour),
|
313
313
|
description: "Pull requests that update #{langauge_name.capitalize} "\
|
314
314
|
"code",
|
315
315
|
accept: "application/vnd.github.symmetra-preview+json"
|
@@ -322,12 +322,14 @@ module Dependabot
|
|
322
322
|
end
|
323
323
|
|
324
324
|
def create_gitlab_language_label
|
325
|
-
langauge_name =
|
326
|
-
|
325
|
+
langauge_name =
|
326
|
+
self.class.label_details_for_package_manager(package_manager).
|
327
|
+
fetch(:name)
|
327
328
|
gitlab_client_for_source.create_label(
|
328
329
|
source.repo,
|
329
330
|
langauge_name,
|
330
|
-
"#" +
|
331
|
+
"#" + self.class.label_details_for_package_manager(package_manager).
|
332
|
+
fetch(:colour)
|
331
333
|
)
|
332
334
|
@labels = [*@labels, langauge_name].uniq
|
333
335
|
end
|
@@ -1,12 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/update_checkers/ruby/bundler"
|
4
|
-
|
5
3
|
module Dependabot
|
6
4
|
module UpdateCheckers
|
7
|
-
@update_checkers = {
|
8
|
-
"bundler" => UpdateCheckers::Ruby::Bundler
|
9
|
-
}
|
5
|
+
@update_checkers = {}
|
10
6
|
|
11
7
|
def self.for_package_manager(package_manager)
|
12
8
|
update_checker = @update_checkers[package_manager]
|
data/lib/dependabot/utils.rb
CHANGED
@@ -1,16 +1,10 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "dependabot/utils/ruby/requirement"
|
4
|
-
|
5
3
|
# TODO: in due course, these "registries" should live in a wrapper gem, not
|
6
4
|
# dependabot-core.
|
7
5
|
module Dependabot
|
8
6
|
module Utils
|
9
|
-
@version_classes = {
|
10
|
-
"bundler" => Gem::Version,
|
11
|
-
"submodules" => Gem::Version,
|
12
|
-
"docker" => Gem::Version
|
13
|
-
}
|
7
|
+
@version_classes = {}
|
14
8
|
|
15
9
|
def self.version_class_for_package_manager(package_manager)
|
16
10
|
version_class = @version_classes[package_manager]
|
@@ -23,11 +17,7 @@ module Dependabot
|
|
23
17
|
@version_classes[package_manager] = version_class
|
24
18
|
end
|
25
19
|
|
26
|
-
@requirement_classes = {
|
27
|
-
"bundler" => Utils::Ruby::Requirement,
|
28
|
-
"submodules" => Utils::Ruby::Requirement,
|
29
|
-
"docker" => Utils::Ruby::Requirement
|
30
|
-
}
|
20
|
+
@requirement_classes = {}
|
31
21
|
|
32
22
|
def self.requirement_class_for_package_manager(package_manager)
|
33
23
|
requirement_class = @requirement_classes[package_manager]
|
data/lib/dependabot/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.94.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -313,30 +313,13 @@ files:
|
|
313
313
|
- lib/dependabot/file_fetchers.rb
|
314
314
|
- lib/dependabot/file_fetchers/README.md
|
315
315
|
- lib/dependabot/file_fetchers/base.rb
|
316
|
-
- lib/dependabot/file_fetchers/ruby/bundler.rb
|
317
|
-
- lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
|
318
|
-
- lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb
|
319
|
-
- lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb
|
320
|
-
- lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb
|
321
316
|
- lib/dependabot/file_parsers.rb
|
322
317
|
- lib/dependabot/file_parsers/README.md
|
323
318
|
- lib/dependabot/file_parsers/base.rb
|
324
319
|
- lib/dependabot/file_parsers/base/dependency_set.rb
|
325
|
-
- lib/dependabot/file_parsers/ruby/bundler.rb
|
326
|
-
- lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
|
327
|
-
- lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
|
328
320
|
- lib/dependabot/file_updaters.rb
|
329
321
|
- lib/dependabot/file_updaters/README.md
|
330
322
|
- lib/dependabot/file_updaters/base.rb
|
331
|
-
- lib/dependabot/file_updaters/ruby/bundler.rb
|
332
|
-
- lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
|
333
|
-
- lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
|
334
|
-
- lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb
|
335
|
-
- lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb
|
336
|
-
- lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb
|
337
|
-
- lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb
|
338
|
-
- lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb
|
339
|
-
- lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb
|
340
323
|
- lib/dependabot/git_commit_checker.rb
|
341
324
|
- lib/dependabot/metadata_finders.rb
|
342
325
|
- lib/dependabot/metadata_finders/README.md
|
@@ -345,7 +328,6 @@ files:
|
|
345
328
|
- lib/dependabot/metadata_finders/base/changelog_pruner.rb
|
346
329
|
- lib/dependabot/metadata_finders/base/commits_finder.rb
|
347
330
|
- lib/dependabot/metadata_finders/base/release_finder.rb
|
348
|
-
- lib/dependabot/metadata_finders/ruby/bundler.rb
|
349
331
|
- lib/dependabot/pull_request_creator.rb
|
350
332
|
- lib/dependabot/pull_request_creator/branch_namer.rb
|
351
333
|
- lib/dependabot/pull_request_creator/commit_signer.rb
|
@@ -360,16 +342,7 @@ files:
|
|
360
342
|
- lib/dependabot/update_checkers.rb
|
361
343
|
- lib/dependabot/update_checkers/README.md
|
362
344
|
- lib/dependabot/update_checkers/base.rb
|
363
|
-
- lib/dependabot/update_checkers/ruby/bundler.rb
|
364
|
-
- lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
|
365
|
-
- lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
|
366
|
-
- lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb
|
367
|
-
- lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb
|
368
|
-
- lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb
|
369
|
-
- lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb
|
370
|
-
- lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb
|
371
345
|
- lib/dependabot/utils.rb
|
372
|
-
- lib/dependabot/utils/ruby/requirement.rb
|
373
346
|
- lib/dependabot/version.rb
|
374
347
|
- lib/rubygems_version_patch.rb
|
375
348
|
homepage: https://github.com/dependabot/dependabot-core
|
@@ -1,215 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/file_fetchers/base"
|
4
|
-
require "dependabot/file_updaters/ruby/bundler/lockfile_updater"
|
5
|
-
require "dependabot/errors"
|
6
|
-
|
7
|
-
module Dependabot
|
8
|
-
module FileFetchers
|
9
|
-
module Ruby
|
10
|
-
class Bundler < Dependabot::FileFetchers::Base
|
11
|
-
require "dependabot/file_fetchers/ruby/bundler/gemspec_finder"
|
12
|
-
require "dependabot/file_fetchers/ruby/bundler/path_gemspec_finder"
|
13
|
-
require "dependabot/file_fetchers/ruby/bundler/child_gemfile_finder"
|
14
|
-
require "dependabot/file_fetchers/ruby/bundler/require_relative_finder"
|
15
|
-
|
16
|
-
def self.required_files_in?(filenames)
|
17
|
-
if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
|
18
|
-
return true
|
19
|
-
end
|
20
|
-
|
21
|
-
filenames.include?("Gemfile") || filenames.include?("gems.rb")
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.required_files_message
|
25
|
-
"Repo must contain either a Gemfile, a gemspec, or a gems.rb."
|
26
|
-
end
|
27
|
-
|
28
|
-
private
|
29
|
-
|
30
|
-
def fetch_files
|
31
|
-
fetched_files = []
|
32
|
-
fetched_files << gemfile if gemfile
|
33
|
-
fetched_files << lockfile if gemfile && lockfile
|
34
|
-
fetched_files += child_gemfiles
|
35
|
-
fetched_files += gemspecs
|
36
|
-
fetched_files << ruby_version_file if ruby_version_file
|
37
|
-
fetched_files += path_gemspecs
|
38
|
-
fetched_files += require_relative_files(fetched_files)
|
39
|
-
|
40
|
-
fetched_files = uniq_files(fetched_files)
|
41
|
-
|
42
|
-
check_required_files_present
|
43
|
-
|
44
|
-
unless self.class.required_files_in?(fetched_files.map(&:name))
|
45
|
-
raise "Invalid set of files: #{fetched_files.map(&:name)}"
|
46
|
-
end
|
47
|
-
|
48
|
-
fetched_files
|
49
|
-
end
|
50
|
-
|
51
|
-
def uniq_files(fetched_files)
|
52
|
-
uniq_files = fetched_files.reject(&:support_file?).uniq
|
53
|
-
uniq_files += fetched_files.
|
54
|
-
reject { |f| uniq_files.map(&:name).include?(f.name) }
|
55
|
-
end
|
56
|
-
|
57
|
-
def check_required_files_present
|
58
|
-
return if gemfile || gemspecs.any?
|
59
|
-
|
60
|
-
path = Pathname.new(File.join(directory, "Gemfile")).
|
61
|
-
cleanpath.to_path
|
62
|
-
raise Dependabot::DependencyFileNotFound, path
|
63
|
-
end
|
64
|
-
|
65
|
-
def gemfile
|
66
|
-
@gemfile ||= fetch_file_if_present("gems.rb") ||
|
67
|
-
fetch_file_if_present("Gemfile")
|
68
|
-
end
|
69
|
-
|
70
|
-
def lockfile
|
71
|
-
@lockfile ||= fetch_file_if_present("gems.locked") ||
|
72
|
-
fetch_file_if_present("Gemfile.lock")
|
73
|
-
end
|
74
|
-
|
75
|
-
def gemspecs
|
76
|
-
return @gemspecs if defined?(@gemspecs)
|
77
|
-
|
78
|
-
gemspecs_paths =
|
79
|
-
gemspec_directories.
|
80
|
-
flat_map do |d|
|
81
|
-
repo_contents(dir: d).
|
82
|
-
select { |f| f.name.end_with?(".gemspec") }.
|
83
|
-
map { |f| File.join(d, f.name) }
|
84
|
-
end
|
85
|
-
|
86
|
-
@gemspecs = gemspecs_paths.map { |n| fetch_file_from_host(n) }
|
87
|
-
rescue Octokit::NotFound
|
88
|
-
[]
|
89
|
-
end
|
90
|
-
|
91
|
-
def gemspec_directories
|
92
|
-
gemfiles = ([gemfile] + child_gemfiles).compact
|
93
|
-
directories =
|
94
|
-
gemfiles.flat_map do |file|
|
95
|
-
GemspecFinder.new(gemfile: file).gemspec_directories
|
96
|
-
end.uniq
|
97
|
-
|
98
|
-
directories.empty? ? ["."] : directories
|
99
|
-
end
|
100
|
-
|
101
|
-
def ruby_version_file
|
102
|
-
return unless gemfile
|
103
|
-
return unless gemfile.content.include?(".ruby-version")
|
104
|
-
|
105
|
-
@ruby_version_file ||=
|
106
|
-
fetch_file_if_present(".ruby-version")&.
|
107
|
-
tap { |f| f.support_file = true }
|
108
|
-
end
|
109
|
-
|
110
|
-
def path_gemspecs
|
111
|
-
gemspec_files = []
|
112
|
-
unfetchable_gems = []
|
113
|
-
|
114
|
-
path_gemspec_paths.each do |path|
|
115
|
-
# Get any gemspecs at the path itself
|
116
|
-
gemspecs_at_path = fetch_gemspecs_from_directory(path)
|
117
|
-
|
118
|
-
# Get any gemspecs nested one level deeper
|
119
|
-
nested_directories =
|
120
|
-
repo_contents(dir: path).
|
121
|
-
select { |f| f.type == "dir" }
|
122
|
-
|
123
|
-
nested_directories.each do |dir|
|
124
|
-
dir_path = File.join(path, dir.name)
|
125
|
-
gemspecs_at_path += fetch_gemspecs_from_directory(dir_path)
|
126
|
-
end
|
127
|
-
|
128
|
-
# Add the fetched gemspecs to the main array, and note an error if
|
129
|
-
# none were found for this path
|
130
|
-
gemspec_files += gemspecs_at_path
|
131
|
-
unfetchable_gems << path.basename.to_s if gemspecs_at_path.empty?
|
132
|
-
rescue Octokit::NotFound, Gitlab::Error::NotFound
|
133
|
-
unfetchable_gems << path.basename.to_s
|
134
|
-
end
|
135
|
-
|
136
|
-
if unfetchable_gems.any?
|
137
|
-
raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
|
138
|
-
end
|
139
|
-
|
140
|
-
gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
|
141
|
-
end
|
142
|
-
|
143
|
-
def path_gemspec_paths
|
144
|
-
fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
|
145
|
-
end
|
146
|
-
|
147
|
-
def require_relative_files(files)
|
148
|
-
ruby_files =
|
149
|
-
files.select { |f| f.name.end_with?(".rb", "Gemfile", ".gemspec") }
|
150
|
-
|
151
|
-
paths = ruby_files.flat_map do |file|
|
152
|
-
RequireRelativeFinder.new(file: file).require_relative_paths
|
153
|
-
end
|
154
|
-
|
155
|
-
@require_relative_files ||=
|
156
|
-
paths.map { |path| fetch_file_from_host(path) }.
|
157
|
-
tap { |req_files| req_files.each { |f| f.support_file = true } }
|
158
|
-
end
|
159
|
-
|
160
|
-
def fetch_gemspecs_from_directory(dir_path)
|
161
|
-
repo_contents(dir: dir_path).
|
162
|
-
select { |f| f.name.end_with?(".gemspec") }.
|
163
|
-
map { |f| File.join(dir_path, f.name) }.
|
164
|
-
map { |fp| fetch_file_from_host(fp) }
|
165
|
-
end
|
166
|
-
|
167
|
-
def fetch_path_gemspec_paths
|
168
|
-
if lockfile
|
169
|
-
parsed_lockfile = ::Bundler::LockfileParser.new(
|
170
|
-
sanitized_lockfile_content
|
171
|
-
)
|
172
|
-
parsed_lockfile.specs.
|
173
|
-
select { |s| s.source.instance_of?(::Bundler::Source::Path) }.
|
174
|
-
map { |s| s.source.path }.uniq
|
175
|
-
else
|
176
|
-
gemfiles = ([gemfile] + child_gemfiles).compact
|
177
|
-
gemfiles.flat_map do |file|
|
178
|
-
PathGemspecFinder.new(gemfile: file).path_gemspec_paths
|
179
|
-
end.uniq
|
180
|
-
end
|
181
|
-
rescue ::Bundler::LockfileError
|
182
|
-
raise Dependabot::DependencyFileNotParseable, lockfile.path
|
183
|
-
end
|
184
|
-
|
185
|
-
def child_gemfiles
|
186
|
-
return [] unless gemfile
|
187
|
-
|
188
|
-
@child_gemfiles ||=
|
189
|
-
fetch_child_gemfiles(file: gemfile, previously_fetched_files: [])
|
190
|
-
end
|
191
|
-
|
192
|
-
def sanitized_lockfile_content
|
193
|
-
regex = FileUpdaters::Ruby::Bundler::LockfileUpdater::LOCKFILE_ENDING
|
194
|
-
lockfile.content.gsub(regex, "")
|
195
|
-
end
|
196
|
-
|
197
|
-
def fetch_child_gemfiles(file:, previously_fetched_files:)
|
198
|
-
paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths
|
199
|
-
|
200
|
-
paths.flat_map do |path|
|
201
|
-
next if previously_fetched_files.map(&:name).include?(path)
|
202
|
-
next if file.name == path
|
203
|
-
|
204
|
-
fetched_file = fetch_file_from_host(path)
|
205
|
-
grandchild_gemfiles = fetch_child_gemfiles(
|
206
|
-
file: fetched_file,
|
207
|
-
previously_fetched_files: previously_fetched_files + [file]
|
208
|
-
)
|
209
|
-
[fetched_file, *grandchild_gemfiles]
|
210
|
-
end.compact
|
211
|
-
end
|
212
|
-
end
|
213
|
-
end
|
214
|
-
end
|
215
|
-
end
|