dependabot-core 0.93.17 → 0.94.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/dependency.rb +16 -21
  4. data/lib/dependabot/file_fetchers.rb +1 -5
  5. data/lib/dependabot/file_parsers.rb +1 -5
  6. data/lib/dependabot/file_updaters.rb +1 -5
  7. data/lib/dependabot/metadata_finders.rb +1 -5
  8. data/lib/dependabot/pull_request_creator/labeler.rb +26 -24
  9. data/lib/dependabot/update_checkers.rb +1 -5
  10. data/lib/dependabot/utils.rb +2 -12
  11. data/lib/dependabot/version.rb +1 -1
  12. metadata +1 -28
  13. data/lib/dependabot/file_fetchers/ruby/bundler.rb +0 -215
  14. data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +0 -70
  15. data/lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb +0 -98
  16. data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +0 -114
  17. data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +0 -67
  18. data/lib/dependabot/file_parsers/ruby/bundler.rb +0 -294
  19. data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +0 -86
  20. data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +0 -48
  21. data/lib/dependabot/file_updaters/ruby/bundler.rb +0 -123
  22. data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +0 -116
  23. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +0 -52
  24. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +0 -298
  25. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +0 -64
  26. data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +0 -80
  27. data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +0 -102
  28. data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +0 -389
  29. data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +0 -223
  30. data/lib/dependabot/metadata_finders/ruby/bundler.rb +0 -202
  31. data/lib/dependabot/update_checkers/ruby/bundler.rb +0 -331
  32. data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +0 -281
  33. data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +0 -261
  34. data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +0 -169
  35. data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +0 -283
  36. data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +0 -115
  37. data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +0 -246
  38. data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +0 -272
  39. data/lib/dependabot/utils/ruby/requirement.rb +0 -26
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 84b1870f3566af63ba843602b5a9ba9f7808b9c2723f107c2a9248521027a5de
4
- data.tar.gz: 9607e739d3771adc073f735964be2ffbbd2229b3d7517ece8572e44e5a5c3165
3
+ metadata.gz: 12e493715e112615890a2889982a5570f4c92546f032b4e142d517401812642a
4
+ data.tar.gz: d7fda6c2fd269825ea84f2f8f17aea6d64ace86b4a2bdf61e0e24fafd753d5bd
5
5
  SHA512:
6
- metadata.gz: 2f139202aeebfb1a94c020c0cc9b6e72e9df1950e5cfa860db8db7aca901330c8982c56bec6a09e6b9fcce8ef299e5c52dee2a811d85ac42bb16058f3b4d1df8
7
- data.tar.gz: dd73927e2a1bd3dd9363d66dbd5580c1fae50ffd4641e369d967a2a6644b39ccdea2a84d8b856ffdfcbdcdb53cb4fca938757045088b4e33d5461b544c425283
6
+ metadata.gz: 2be2d07ee3b2430bb1bf4668251075d5fe39dc8a550383271b3fc00e3644ac8936bca38246acf586644cd22952b39fff36fba2abeb359e5b58c43661cfd9b8a2
7
+ data.tar.gz: e0cb7269cbfe36a507c866436624c39a7fb00c7667b5b728073ad0b68d271fd286ecc7958edd88bca350741cf12befeffdfd51a4859983246d3f022ca7742c7e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## v0.94.0, 1 February 2019
2
+
3
+ - Reorg bundler
4
+
1
5
  ## v0.93.17, 1 February 2019
2
6
 
3
7
  - JS: Better detection of whether an npm registry needs auth
@@ -4,6 +4,19 @@ require "rubygems_version_patch"
4
4
 
5
5
  module Dependabot
6
6
  class Dependency
7
+ @production_checks = {}
8
+
9
+ def self.production_check_for_package_manager(package_manager)
10
+ production_check = @production_checks[package_manager]
11
+ return production_check if production_check
12
+
13
+ raise "Unsupported package_manager #{package_manager}"
14
+ end
15
+
16
+ def self.register_production_check(package_manager, production_check)
17
+ @production_checks[package_manager] = production_check
18
+ end
19
+
7
20
  attr_reader :name, :version, :requirements, :package_manager,
8
21
  :previous_version, :previous_requirements
9
22
 
@@ -39,33 +52,15 @@ module Dependabot
39
52
  previous_version || (version && previous_requirements.nil?)
40
53
  end
41
54
 
42
- # rubocop:disable Metrics/CyclomaticComplexity
43
- # rubocop:disable Metrics/PerceivedComplexity
44
55
  def production?
45
56
  return true unless top_level?
46
57
 
47
58
  groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
48
59
 
49
- case package_manager
50
- when "hex" then groups.empty? || groups.any? { |g| g.include?("prod") }
51
- when "npm_and_yarn"
52
- groups.include?("optionalDependencies") ||
53
- groups.include?("dependencies")
54
- when "composer" then groups.include?("runtime")
55
- when "pip"
56
- groups.empty? ||
57
- groups.include?("default") ||
58
- groups.include?("dependencies")
59
- when "bundler"
60
- groups.empty? ||
61
- groups.include?("runtime") ||
62
- groups.include?("default") ||
63
- groups.any? { |g| g.include?("prod") }
64
- else true
65
- end
60
+ self.class.
61
+ production_check_for_package_manager(package_manager).
62
+ call(groups)
66
63
  end
67
- # rubocop:enable Metrics/CyclomaticComplexity
68
- # rubocop:enable Metrics/PerceivedComplexity
69
64
 
70
65
  def display_name
71
66
  return name unless %w(maven gradle).include?(package_manager)
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_fetchers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileFetchers
7
- @file_fetchers = {
8
- "bundler" => FileFetchers::Ruby::Bundler
9
- }
5
+ @file_fetchers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_fetcher = @file_fetchers[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_parsers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileParsers
7
- @file_parsers = {
8
- "bundler" => FileParsers::Ruby::Bundler
9
- }
5
+ @file_parsers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_parser = @file_parsers[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_updaters/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileUpdaters
7
- @file_updaters = {
8
- "bundler" => FileUpdaters::Ruby::Bundler
9
- }
5
+ @file_updaters = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_updater = @file_updaters[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/metadata_finders/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module MetadataFinders
7
- @metadata_finders = {
8
- "bundler" => MetadataFinders::Ruby::Bundler
9
- }
5
+ @metadata_finders = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  metadata_finder = @metadata_finders[package_manager]
@@ -9,23 +9,19 @@ module Dependabot
9
9
  class PullRequestCreator
10
10
  class Labeler
11
11
  DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
12
- LANGUAGE_LABEL_DETAILS = {
13
- "bundler" => { name: "ruby", colour: "ce2d2d" },
14
- "submodules" => { name: "submodules", colour: "000000" },
15
- "docker" => { name: "docker", colour: "21ceff" },
16
- "terraform" => { name: "terraform", colour: "5C4EE5" },
17
- "nuget" => { name: ".NET", colour: "7121c6" },
18
- "maven" => { name: "java", colour: "ffa221" },
19
- "gradle" => { name: "java", colour: "ffa221" },
20
- "npm_and_yarn" => { name: "javascript", colour: "168700" },
21
- "pip" => { name: "python", colour: "2b67c6" },
22
- "composer" => { name: "php", colour: "45229e" },
23
- "hex" => { name: "elixir", colour: "9380dd" },
24
- "cargo" => { name: "rust", colour: "000000" },
25
- "dep" => { name: "go", colour: "16e2e2" },
26
- "go_modules" => { name: "go", colour: "16e2e2" },
27
- "elm" => { name: "elm", colour: "76d3f2" }
28
- }.freeze
12
+
13
+ @label_details = {}
14
+
15
+ def self.label_details_for_package_manager(package_manager)
16
+ label_details = @label_details[package_manager]
17
+ return label_details if label_details
18
+
19
+ raise "Unsupported package_manager #{package_manager}"
20
+ end
21
+
22
+ def self.register_label_details(package_manager, label_details)
23
+ @label_details[package_manager] = label_details
24
+ end
29
25
 
30
26
  def initialize(source:, custom_labels:, credentials:, dependencies:,
31
27
  includes_security_fixes:, label_language:)
@@ -199,7 +195,9 @@ module Dependabot
199
195
  end
200
196
 
201
197
  def language_label
202
- label_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:name)
198
+ label_name =
199
+ self.class.label_details_for_package_manager(package_manager).
200
+ fetch(:name)
203
201
  labels.find { |l| l.casecmp(label_name).zero? }
204
202
  end
205
203
 
@@ -304,12 +302,14 @@ module Dependabot
304
302
  end
305
303
 
306
304
  def create_github_language_label
307
- langauge_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).
308
- fetch(:name)
305
+ langauge_name =
306
+ self.class.label_details_for_package_manager(package_manager).
307
+ fetch(:name)
309
308
  github_client_for_source.add_label(
310
309
  source.repo,
311
310
  langauge_name,
312
- LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:colour),
311
+ self.class.label_details_for_package_manager(package_manager).
312
+ fetch(:colour),
313
313
  description: "Pull requests that update #{langauge_name.capitalize} "\
314
314
  "code",
315
315
  accept: "application/vnd.github.symmetra-preview+json"
@@ -322,12 +322,14 @@ module Dependabot
322
322
  end
323
323
 
324
324
  def create_gitlab_language_label
325
- langauge_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).
326
- fetch(:name)
325
+ langauge_name =
326
+ self.class.label_details_for_package_manager(package_manager).
327
+ fetch(:name)
327
328
  gitlab_client_for_source.create_label(
328
329
  source.repo,
329
330
  langauge_name,
330
- "#" + LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:colour)
331
+ "#" + self.class.label_details_for_package_manager(package_manager).
332
+ fetch(:colour)
331
333
  )
332
334
  @labels = [*@labels, langauge_name].uniq
333
335
  end
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/update_checkers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module UpdateCheckers
7
- @update_checkers = {
8
- "bundler" => UpdateCheckers::Ruby::Bundler
9
- }
5
+ @update_checkers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  update_checker = @update_checkers[package_manager]
@@ -1,16 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/utils/ruby/requirement"
4
-
5
3
  # TODO: in due course, these "registries" should live in a wrapper gem, not
6
4
  # dependabot-core.
7
5
  module Dependabot
8
6
  module Utils
9
- @version_classes = {
10
- "bundler" => Gem::Version,
11
- "submodules" => Gem::Version,
12
- "docker" => Gem::Version
13
- }
7
+ @version_classes = {}
14
8
 
15
9
  def self.version_class_for_package_manager(package_manager)
16
10
  version_class = @version_classes[package_manager]
@@ -23,11 +17,7 @@ module Dependabot
23
17
  @version_classes[package_manager] = version_class
24
18
  end
25
19
 
26
- @requirement_classes = {
27
- "bundler" => Utils::Ruby::Requirement,
28
- "submodules" => Utils::Ruby::Requirement,
29
- "docker" => Utils::Ruby::Requirement
30
- }
20
+ @requirement_classes = {}
31
21
 
32
22
  def self.requirement_class_for_package_manager(package_manager)
33
23
  requirement_class = @requirement_classes[package_manager]
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.93.17"
4
+ VERSION = "0.94.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.93.17
4
+ version: 0.94.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -313,30 +313,13 @@ files:
313
313
  - lib/dependabot/file_fetchers.rb
314
314
  - lib/dependabot/file_fetchers/README.md
315
315
  - lib/dependabot/file_fetchers/base.rb
316
- - lib/dependabot/file_fetchers/ruby/bundler.rb
317
- - lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
318
- - lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb
319
- - lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb
320
- - lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb
321
316
  - lib/dependabot/file_parsers.rb
322
317
  - lib/dependabot/file_parsers/README.md
323
318
  - lib/dependabot/file_parsers/base.rb
324
319
  - lib/dependabot/file_parsers/base/dependency_set.rb
325
- - lib/dependabot/file_parsers/ruby/bundler.rb
326
- - lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
327
- - lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
328
320
  - lib/dependabot/file_updaters.rb
329
321
  - lib/dependabot/file_updaters/README.md
330
322
  - lib/dependabot/file_updaters/base.rb
331
- - lib/dependabot/file_updaters/ruby/bundler.rb
332
- - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
333
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
334
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb
335
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb
336
- - lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb
337
- - lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb
338
- - lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb
339
- - lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb
340
323
  - lib/dependabot/git_commit_checker.rb
341
324
  - lib/dependabot/metadata_finders.rb
342
325
  - lib/dependabot/metadata_finders/README.md
@@ -345,7 +328,6 @@ files:
345
328
  - lib/dependabot/metadata_finders/base/changelog_pruner.rb
346
329
  - lib/dependabot/metadata_finders/base/commits_finder.rb
347
330
  - lib/dependabot/metadata_finders/base/release_finder.rb
348
- - lib/dependabot/metadata_finders/ruby/bundler.rb
349
331
  - lib/dependabot/pull_request_creator.rb
350
332
  - lib/dependabot/pull_request_creator/branch_namer.rb
351
333
  - lib/dependabot/pull_request_creator/commit_signer.rb
@@ -360,16 +342,7 @@ files:
360
342
  - lib/dependabot/update_checkers.rb
361
343
  - lib/dependabot/update_checkers/README.md
362
344
  - lib/dependabot/update_checkers/base.rb
363
- - lib/dependabot/update_checkers/ruby/bundler.rb
364
- - lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
365
- - lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
366
- - lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb
367
- - lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb
368
- - lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb
369
- - lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb
370
- - lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb
371
345
  - lib/dependabot/utils.rb
372
- - lib/dependabot/utils/ruby/requirement.rb
373
346
  - lib/dependabot/version.rb
374
347
  - lib/rubygems_version_patch.rb
375
348
  homepage: https://github.com/dependabot/dependabot-core
@@ -1,215 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_fetchers/base"
4
- require "dependabot/file_updaters/ruby/bundler/lockfile_updater"
5
- require "dependabot/errors"
6
-
7
- module Dependabot
8
- module FileFetchers
9
- module Ruby
10
- class Bundler < Dependabot::FileFetchers::Base
11
- require "dependabot/file_fetchers/ruby/bundler/gemspec_finder"
12
- require "dependabot/file_fetchers/ruby/bundler/path_gemspec_finder"
13
- require "dependabot/file_fetchers/ruby/bundler/child_gemfile_finder"
14
- require "dependabot/file_fetchers/ruby/bundler/require_relative_finder"
15
-
16
- def self.required_files_in?(filenames)
17
- if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
18
- return true
19
- end
20
-
21
- filenames.include?("Gemfile") || filenames.include?("gems.rb")
22
- end
23
-
24
- def self.required_files_message
25
- "Repo must contain either a Gemfile, a gemspec, or a gems.rb."
26
- end
27
-
28
- private
29
-
30
- def fetch_files
31
- fetched_files = []
32
- fetched_files << gemfile if gemfile
33
- fetched_files << lockfile if gemfile && lockfile
34
- fetched_files += child_gemfiles
35
- fetched_files += gemspecs
36
- fetched_files << ruby_version_file if ruby_version_file
37
- fetched_files += path_gemspecs
38
- fetched_files += require_relative_files(fetched_files)
39
-
40
- fetched_files = uniq_files(fetched_files)
41
-
42
- check_required_files_present
43
-
44
- unless self.class.required_files_in?(fetched_files.map(&:name))
45
- raise "Invalid set of files: #{fetched_files.map(&:name)}"
46
- end
47
-
48
- fetched_files
49
- end
50
-
51
- def uniq_files(fetched_files)
52
- uniq_files = fetched_files.reject(&:support_file?).uniq
53
- uniq_files += fetched_files.
54
- reject { |f| uniq_files.map(&:name).include?(f.name) }
55
- end
56
-
57
- def check_required_files_present
58
- return if gemfile || gemspecs.any?
59
-
60
- path = Pathname.new(File.join(directory, "Gemfile")).
61
- cleanpath.to_path
62
- raise Dependabot::DependencyFileNotFound, path
63
- end
64
-
65
- def gemfile
66
- @gemfile ||= fetch_file_if_present("gems.rb") ||
67
- fetch_file_if_present("Gemfile")
68
- end
69
-
70
- def lockfile
71
- @lockfile ||= fetch_file_if_present("gems.locked") ||
72
- fetch_file_if_present("Gemfile.lock")
73
- end
74
-
75
- def gemspecs
76
- return @gemspecs if defined?(@gemspecs)
77
-
78
- gemspecs_paths =
79
- gemspec_directories.
80
- flat_map do |d|
81
- repo_contents(dir: d).
82
- select { |f| f.name.end_with?(".gemspec") }.
83
- map { |f| File.join(d, f.name) }
84
- end
85
-
86
- @gemspecs = gemspecs_paths.map { |n| fetch_file_from_host(n) }
87
- rescue Octokit::NotFound
88
- []
89
- end
90
-
91
- def gemspec_directories
92
- gemfiles = ([gemfile] + child_gemfiles).compact
93
- directories =
94
- gemfiles.flat_map do |file|
95
- GemspecFinder.new(gemfile: file).gemspec_directories
96
- end.uniq
97
-
98
- directories.empty? ? ["."] : directories
99
- end
100
-
101
- def ruby_version_file
102
- return unless gemfile
103
- return unless gemfile.content.include?(".ruby-version")
104
-
105
- @ruby_version_file ||=
106
- fetch_file_if_present(".ruby-version")&.
107
- tap { |f| f.support_file = true }
108
- end
109
-
110
- def path_gemspecs
111
- gemspec_files = []
112
- unfetchable_gems = []
113
-
114
- path_gemspec_paths.each do |path|
115
- # Get any gemspecs at the path itself
116
- gemspecs_at_path = fetch_gemspecs_from_directory(path)
117
-
118
- # Get any gemspecs nested one level deeper
119
- nested_directories =
120
- repo_contents(dir: path).
121
- select { |f| f.type == "dir" }
122
-
123
- nested_directories.each do |dir|
124
- dir_path = File.join(path, dir.name)
125
- gemspecs_at_path += fetch_gemspecs_from_directory(dir_path)
126
- end
127
-
128
- # Add the fetched gemspecs to the main array, and note an error if
129
- # none were found for this path
130
- gemspec_files += gemspecs_at_path
131
- unfetchable_gems << path.basename.to_s if gemspecs_at_path.empty?
132
- rescue Octokit::NotFound, Gitlab::Error::NotFound
133
- unfetchable_gems << path.basename.to_s
134
- end
135
-
136
- if unfetchable_gems.any?
137
- raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
138
- end
139
-
140
- gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
141
- end
142
-
143
- def path_gemspec_paths
144
- fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
145
- end
146
-
147
- def require_relative_files(files)
148
- ruby_files =
149
- files.select { |f| f.name.end_with?(".rb", "Gemfile", ".gemspec") }
150
-
151
- paths = ruby_files.flat_map do |file|
152
- RequireRelativeFinder.new(file: file).require_relative_paths
153
- end
154
-
155
- @require_relative_files ||=
156
- paths.map { |path| fetch_file_from_host(path) }.
157
- tap { |req_files| req_files.each { |f| f.support_file = true } }
158
- end
159
-
160
- def fetch_gemspecs_from_directory(dir_path)
161
- repo_contents(dir: dir_path).
162
- select { |f| f.name.end_with?(".gemspec") }.
163
- map { |f| File.join(dir_path, f.name) }.
164
- map { |fp| fetch_file_from_host(fp) }
165
- end
166
-
167
- def fetch_path_gemspec_paths
168
- if lockfile
169
- parsed_lockfile = ::Bundler::LockfileParser.new(
170
- sanitized_lockfile_content
171
- )
172
- parsed_lockfile.specs.
173
- select { |s| s.source.instance_of?(::Bundler::Source::Path) }.
174
- map { |s| s.source.path }.uniq
175
- else
176
- gemfiles = ([gemfile] + child_gemfiles).compact
177
- gemfiles.flat_map do |file|
178
- PathGemspecFinder.new(gemfile: file).path_gemspec_paths
179
- end.uniq
180
- end
181
- rescue ::Bundler::LockfileError
182
- raise Dependabot::DependencyFileNotParseable, lockfile.path
183
- end
184
-
185
- def child_gemfiles
186
- return [] unless gemfile
187
-
188
- @child_gemfiles ||=
189
- fetch_child_gemfiles(file: gemfile, previously_fetched_files: [])
190
- end
191
-
192
- def sanitized_lockfile_content
193
- regex = FileUpdaters::Ruby::Bundler::LockfileUpdater::LOCKFILE_ENDING
194
- lockfile.content.gsub(regex, "")
195
- end
196
-
197
- def fetch_child_gemfiles(file:, previously_fetched_files:)
198
- paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths
199
-
200
- paths.flat_map do |path|
201
- next if previously_fetched_files.map(&:name).include?(path)
202
- next if file.name == path
203
-
204
- fetched_file = fetch_file_from_host(path)
205
- grandchild_gemfiles = fetch_child_gemfiles(
206
- file: fetched_file,
207
- previously_fetched_files: previously_fetched_files + [file]
208
- )
209
- [fetched_file, *grandchild_gemfiles]
210
- end.compact
211
- end
212
- end
213
- end
214
- end
215
- end