dependabot-core 0.93.17 → 0.94.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (39) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/dependency.rb +16 -21
  4. data/lib/dependabot/file_fetchers.rb +1 -5
  5. data/lib/dependabot/file_parsers.rb +1 -5
  6. data/lib/dependabot/file_updaters.rb +1 -5
  7. data/lib/dependabot/metadata_finders.rb +1 -5
  8. data/lib/dependabot/pull_request_creator/labeler.rb +26 -24
  9. data/lib/dependabot/update_checkers.rb +1 -5
  10. data/lib/dependabot/utils.rb +2 -12
  11. data/lib/dependabot/version.rb +1 -1
  12. metadata +1 -28
  13. data/lib/dependabot/file_fetchers/ruby/bundler.rb +0 -215
  14. data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +0 -70
  15. data/lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb +0 -98
  16. data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +0 -114
  17. data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +0 -67
  18. data/lib/dependabot/file_parsers/ruby/bundler.rb +0 -294
  19. data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +0 -86
  20. data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +0 -48
  21. data/lib/dependabot/file_updaters/ruby/bundler.rb +0 -123
  22. data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +0 -116
  23. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +0 -52
  24. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +0 -298
  25. data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +0 -64
  26. data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +0 -80
  27. data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +0 -102
  28. data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +0 -389
  29. data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +0 -223
  30. data/lib/dependabot/metadata_finders/ruby/bundler.rb +0 -202
  31. data/lib/dependabot/update_checkers/ruby/bundler.rb +0 -331
  32. data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +0 -281
  33. data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +0 -261
  34. data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +0 -169
  35. data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +0 -283
  36. data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +0 -115
  37. data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +0 -246
  38. data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +0 -272
  39. data/lib/dependabot/utils/ruby/requirement.rb +0 -26
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 84b1870f3566af63ba843602b5a9ba9f7808b9c2723f107c2a9248521027a5de
4
- data.tar.gz: 9607e739d3771adc073f735964be2ffbbd2229b3d7517ece8572e44e5a5c3165
3
+ metadata.gz: 12e493715e112615890a2889982a5570f4c92546f032b4e142d517401812642a
4
+ data.tar.gz: d7fda6c2fd269825ea84f2f8f17aea6d64ace86b4a2bdf61e0e24fafd753d5bd
5
5
  SHA512:
6
- metadata.gz: 2f139202aeebfb1a94c020c0cc9b6e72e9df1950e5cfa860db8db7aca901330c8982c56bec6a09e6b9fcce8ef299e5c52dee2a811d85ac42bb16058f3b4d1df8
7
- data.tar.gz: dd73927e2a1bd3dd9363d66dbd5580c1fae50ffd4641e369d967a2a6644b39ccdea2a84d8b856ffdfcbdcdb53cb4fca938757045088b4e33d5461b544c425283
6
+ metadata.gz: 2be2d07ee3b2430bb1bf4668251075d5fe39dc8a550383271b3fc00e3644ac8936bca38246acf586644cd22952b39fff36fba2abeb359e5b58c43661cfd9b8a2
7
+ data.tar.gz: e0cb7269cbfe36a507c866436624c39a7fb00c7667b5b728073ad0b68d271fd286ecc7958edd88bca350741cf12befeffdfd51a4859983246d3f022ca7742c7e
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## v0.94.0, 1 February 2019
2
+
3
+ - Reorg bundler
4
+
1
5
  ## v0.93.17, 1 February 2019
2
6
 
3
7
  - JS: Better detection of whether an npm registry needs auth
@@ -4,6 +4,19 @@ require "rubygems_version_patch"
4
4
 
5
5
  module Dependabot
6
6
  class Dependency
7
+ @production_checks = {}
8
+
9
+ def self.production_check_for_package_manager(package_manager)
10
+ production_check = @production_checks[package_manager]
11
+ return production_check if production_check
12
+
13
+ raise "Unsupported package_manager #{package_manager}"
14
+ end
15
+
16
+ def self.register_production_check(package_manager, production_check)
17
+ @production_checks[package_manager] = production_check
18
+ end
19
+
7
20
  attr_reader :name, :version, :requirements, :package_manager,
8
21
  :previous_version, :previous_requirements
9
22
 
@@ -39,33 +52,15 @@ module Dependabot
39
52
  previous_version || (version && previous_requirements.nil?)
40
53
  end
41
54
 
42
- # rubocop:disable Metrics/CyclomaticComplexity
43
- # rubocop:disable Metrics/PerceivedComplexity
44
55
  def production?
45
56
  return true unless top_level?
46
57
 
47
58
  groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }
48
59
 
49
- case package_manager
50
- when "hex" then groups.empty? || groups.any? { |g| g.include?("prod") }
51
- when "npm_and_yarn"
52
- groups.include?("optionalDependencies") ||
53
- groups.include?("dependencies")
54
- when "composer" then groups.include?("runtime")
55
- when "pip"
56
- groups.empty? ||
57
- groups.include?("default") ||
58
- groups.include?("dependencies")
59
- when "bundler"
60
- groups.empty? ||
61
- groups.include?("runtime") ||
62
- groups.include?("default") ||
63
- groups.any? { |g| g.include?("prod") }
64
- else true
65
- end
60
+ self.class.
61
+ production_check_for_package_manager(package_manager).
62
+ call(groups)
66
63
  end
67
- # rubocop:enable Metrics/CyclomaticComplexity
68
- # rubocop:enable Metrics/PerceivedComplexity
69
64
 
70
65
  def display_name
71
66
  return name unless %w(maven gradle).include?(package_manager)
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_fetchers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileFetchers
7
- @file_fetchers = {
8
- "bundler" => FileFetchers::Ruby::Bundler
9
- }
5
+ @file_fetchers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_fetcher = @file_fetchers[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_parsers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileParsers
7
- @file_parsers = {
8
- "bundler" => FileParsers::Ruby::Bundler
9
- }
5
+ @file_parsers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_parser = @file_parsers[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/file_updaters/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module FileUpdaters
7
- @file_updaters = {
8
- "bundler" => FileUpdaters::Ruby::Bundler
9
- }
5
+ @file_updaters = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  file_updater = @file_updaters[package_manager]
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/metadata_finders/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module MetadataFinders
7
- @metadata_finders = {
8
- "bundler" => MetadataFinders::Ruby::Bundler
9
- }
5
+ @metadata_finders = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  metadata_finder = @metadata_finders[package_manager]
@@ -9,23 +9,19 @@ module Dependabot
9
9
  class PullRequestCreator
10
10
  class Labeler
11
11
  DEPENDENCIES_LABEL_REGEX = %r{^[^/]*dependenc[^/]+$}i.freeze
12
- LANGUAGE_LABEL_DETAILS = {
13
- "bundler" => { name: "ruby", colour: "ce2d2d" },
14
- "submodules" => { name: "submodules", colour: "000000" },
15
- "docker" => { name: "docker", colour: "21ceff" },
16
- "terraform" => { name: "terraform", colour: "5C4EE5" },
17
- "nuget" => { name: ".NET", colour: "7121c6" },
18
- "maven" => { name: "java", colour: "ffa221" },
19
- "gradle" => { name: "java", colour: "ffa221" },
20
- "npm_and_yarn" => { name: "javascript", colour: "168700" },
21
- "pip" => { name: "python", colour: "2b67c6" },
22
- "composer" => { name: "php", colour: "45229e" },
23
- "hex" => { name: "elixir", colour: "9380dd" },
24
- "cargo" => { name: "rust", colour: "000000" },
25
- "dep" => { name: "go", colour: "16e2e2" },
26
- "go_modules" => { name: "go", colour: "16e2e2" },
27
- "elm" => { name: "elm", colour: "76d3f2" }
28
- }.freeze
12
+
13
+ @label_details = {}
14
+
15
+ def self.label_details_for_package_manager(package_manager)
16
+ label_details = @label_details[package_manager]
17
+ return label_details if label_details
18
+
19
+ raise "Unsupported package_manager #{package_manager}"
20
+ end
21
+
22
+ def self.register_label_details(package_manager, label_details)
23
+ @label_details[package_manager] = label_details
24
+ end
29
25
 
30
26
  def initialize(source:, custom_labels:, credentials:, dependencies:,
31
27
  includes_security_fixes:, label_language:)
@@ -199,7 +195,9 @@ module Dependabot
199
195
  end
200
196
 
201
197
  def language_label
202
- label_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:name)
198
+ label_name =
199
+ self.class.label_details_for_package_manager(package_manager).
200
+ fetch(:name)
203
201
  labels.find { |l| l.casecmp(label_name).zero? }
204
202
  end
205
203
 
@@ -304,12 +302,14 @@ module Dependabot
304
302
  end
305
303
 
306
304
  def create_github_language_label
307
- langauge_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).
308
- fetch(:name)
305
+ langauge_name =
306
+ self.class.label_details_for_package_manager(package_manager).
307
+ fetch(:name)
309
308
  github_client_for_source.add_label(
310
309
  source.repo,
311
310
  langauge_name,
312
- LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:colour),
311
+ self.class.label_details_for_package_manager(package_manager).
312
+ fetch(:colour),
313
313
  description: "Pull requests that update #{langauge_name.capitalize} "\
314
314
  "code",
315
315
  accept: "application/vnd.github.symmetra-preview+json"
@@ -322,12 +322,14 @@ module Dependabot
322
322
  end
323
323
 
324
324
  def create_gitlab_language_label
325
- langauge_name = LANGUAGE_LABEL_DETAILS.fetch(package_manager).
326
- fetch(:name)
325
+ langauge_name =
326
+ self.class.label_details_for_package_manager(package_manager).
327
+ fetch(:name)
327
328
  gitlab_client_for_source.create_label(
328
329
  source.repo,
329
330
  langauge_name,
330
- "#" + LANGUAGE_LABEL_DETAILS.fetch(package_manager).fetch(:colour)
331
+ "#" + self.class.label_details_for_package_manager(package_manager).
332
+ fetch(:colour)
331
333
  )
332
334
  @labels = [*@labels, langauge_name].uniq
333
335
  end
@@ -1,12 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/update_checkers/ruby/bundler"
4
-
5
3
  module Dependabot
6
4
  module UpdateCheckers
7
- @update_checkers = {
8
- "bundler" => UpdateCheckers::Ruby::Bundler
9
- }
5
+ @update_checkers = {}
10
6
 
11
7
  def self.for_package_manager(package_manager)
12
8
  update_checker = @update_checkers[package_manager]
@@ -1,16 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "dependabot/utils/ruby/requirement"
4
-
5
3
  # TODO: in due course, these "registries" should live in a wrapper gem, not
6
4
  # dependabot-core.
7
5
  module Dependabot
8
6
  module Utils
9
- @version_classes = {
10
- "bundler" => Gem::Version,
11
- "submodules" => Gem::Version,
12
- "docker" => Gem::Version
13
- }
7
+ @version_classes = {}
14
8
 
15
9
  def self.version_class_for_package_manager(package_manager)
16
10
  version_class = @version_classes[package_manager]
@@ -23,11 +17,7 @@ module Dependabot
23
17
  @version_classes[package_manager] = version_class
24
18
  end
25
19
 
26
- @requirement_classes = {
27
- "bundler" => Utils::Ruby::Requirement,
28
- "submodules" => Utils::Ruby::Requirement,
29
- "docker" => Utils::Ruby::Requirement
30
- }
20
+ @requirement_classes = {}
31
21
 
32
22
  def self.requirement_class_for_package_manager(package_manager)
33
23
  requirement_class = @requirement_classes[package_manager]
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Dependabot
4
- VERSION = "0.93.17"
4
+ VERSION = "0.94.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.93.17
4
+ version: 0.94.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -313,30 +313,13 @@ files:
313
313
  - lib/dependabot/file_fetchers.rb
314
314
  - lib/dependabot/file_fetchers/README.md
315
315
  - lib/dependabot/file_fetchers/base.rb
316
- - lib/dependabot/file_fetchers/ruby/bundler.rb
317
- - lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
318
- - lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb
319
- - lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb
320
- - lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb
321
316
  - lib/dependabot/file_parsers.rb
322
317
  - lib/dependabot/file_parsers/README.md
323
318
  - lib/dependabot/file_parsers/base.rb
324
319
  - lib/dependabot/file_parsers/base/dependency_set.rb
325
- - lib/dependabot/file_parsers/ruby/bundler.rb
326
- - lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
327
- - lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
328
320
  - lib/dependabot/file_updaters.rb
329
321
  - lib/dependabot/file_updaters/README.md
330
322
  - lib/dependabot/file_updaters/base.rb
331
- - lib/dependabot/file_updaters/ruby/bundler.rb
332
- - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
333
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
334
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb
335
- - lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb
336
- - lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb
337
- - lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb
338
- - lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb
339
- - lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb
340
323
  - lib/dependabot/git_commit_checker.rb
341
324
  - lib/dependabot/metadata_finders.rb
342
325
  - lib/dependabot/metadata_finders/README.md
@@ -345,7 +328,6 @@ files:
345
328
  - lib/dependabot/metadata_finders/base/changelog_pruner.rb
346
329
  - lib/dependabot/metadata_finders/base/commits_finder.rb
347
330
  - lib/dependabot/metadata_finders/base/release_finder.rb
348
- - lib/dependabot/metadata_finders/ruby/bundler.rb
349
331
  - lib/dependabot/pull_request_creator.rb
350
332
  - lib/dependabot/pull_request_creator/branch_namer.rb
351
333
  - lib/dependabot/pull_request_creator/commit_signer.rb
@@ -360,16 +342,7 @@ files:
360
342
  - lib/dependabot/update_checkers.rb
361
343
  - lib/dependabot/update_checkers/README.md
362
344
  - lib/dependabot/update_checkers/base.rb
363
- - lib/dependabot/update_checkers/ruby/bundler.rb
364
- - lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
365
- - lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
366
- - lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb
367
- - lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb
368
- - lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb
369
- - lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb
370
- - lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb
371
345
  - lib/dependabot/utils.rb
372
- - lib/dependabot/utils/ruby/requirement.rb
373
346
  - lib/dependabot/version.rb
374
347
  - lib/rubygems_version_patch.rb
375
348
  homepage: https://github.com/dependabot/dependabot-core
@@ -1,215 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_fetchers/base"
4
- require "dependabot/file_updaters/ruby/bundler/lockfile_updater"
5
- require "dependabot/errors"
6
-
7
- module Dependabot
8
- module FileFetchers
9
- module Ruby
10
- class Bundler < Dependabot::FileFetchers::Base
11
- require "dependabot/file_fetchers/ruby/bundler/gemspec_finder"
12
- require "dependabot/file_fetchers/ruby/bundler/path_gemspec_finder"
13
- require "dependabot/file_fetchers/ruby/bundler/child_gemfile_finder"
14
- require "dependabot/file_fetchers/ruby/bundler/require_relative_finder"
15
-
16
- def self.required_files_in?(filenames)
17
- if filenames.any? { |name| name.match?(%r{^[^/]*\.gemspec$}) }
18
- return true
19
- end
20
-
21
- filenames.include?("Gemfile") || filenames.include?("gems.rb")
22
- end
23
-
24
- def self.required_files_message
25
- "Repo must contain either a Gemfile, a gemspec, or a gems.rb."
26
- end
27
-
28
- private
29
-
30
- def fetch_files
31
- fetched_files = []
32
- fetched_files << gemfile if gemfile
33
- fetched_files << lockfile if gemfile && lockfile
34
- fetched_files += child_gemfiles
35
- fetched_files += gemspecs
36
- fetched_files << ruby_version_file if ruby_version_file
37
- fetched_files += path_gemspecs
38
- fetched_files += require_relative_files(fetched_files)
39
-
40
- fetched_files = uniq_files(fetched_files)
41
-
42
- check_required_files_present
43
-
44
- unless self.class.required_files_in?(fetched_files.map(&:name))
45
- raise "Invalid set of files: #{fetched_files.map(&:name)}"
46
- end
47
-
48
- fetched_files
49
- end
50
-
51
- def uniq_files(fetched_files)
52
- uniq_files = fetched_files.reject(&:support_file?).uniq
53
- uniq_files += fetched_files.
54
- reject { |f| uniq_files.map(&:name).include?(f.name) }
55
- end
56
-
57
- def check_required_files_present
58
- return if gemfile || gemspecs.any?
59
-
60
- path = Pathname.new(File.join(directory, "Gemfile")).
61
- cleanpath.to_path
62
- raise Dependabot::DependencyFileNotFound, path
63
- end
64
-
65
- def gemfile
66
- @gemfile ||= fetch_file_if_present("gems.rb") ||
67
- fetch_file_if_present("Gemfile")
68
- end
69
-
70
- def lockfile
71
- @lockfile ||= fetch_file_if_present("gems.locked") ||
72
- fetch_file_if_present("Gemfile.lock")
73
- end
74
-
75
- def gemspecs
76
- return @gemspecs if defined?(@gemspecs)
77
-
78
- gemspecs_paths =
79
- gemspec_directories.
80
- flat_map do |d|
81
- repo_contents(dir: d).
82
- select { |f| f.name.end_with?(".gemspec") }.
83
- map { |f| File.join(d, f.name) }
84
- end
85
-
86
- @gemspecs = gemspecs_paths.map { |n| fetch_file_from_host(n) }
87
- rescue Octokit::NotFound
88
- []
89
- end
90
-
91
- def gemspec_directories
92
- gemfiles = ([gemfile] + child_gemfiles).compact
93
- directories =
94
- gemfiles.flat_map do |file|
95
- GemspecFinder.new(gemfile: file).gemspec_directories
96
- end.uniq
97
-
98
- directories.empty? ? ["."] : directories
99
- end
100
-
101
- def ruby_version_file
102
- return unless gemfile
103
- return unless gemfile.content.include?(".ruby-version")
104
-
105
- @ruby_version_file ||=
106
- fetch_file_if_present(".ruby-version")&.
107
- tap { |f| f.support_file = true }
108
- end
109
-
110
- def path_gemspecs
111
- gemspec_files = []
112
- unfetchable_gems = []
113
-
114
- path_gemspec_paths.each do |path|
115
- # Get any gemspecs at the path itself
116
- gemspecs_at_path = fetch_gemspecs_from_directory(path)
117
-
118
- # Get any gemspecs nested one level deeper
119
- nested_directories =
120
- repo_contents(dir: path).
121
- select { |f| f.type == "dir" }
122
-
123
- nested_directories.each do |dir|
124
- dir_path = File.join(path, dir.name)
125
- gemspecs_at_path += fetch_gemspecs_from_directory(dir_path)
126
- end
127
-
128
- # Add the fetched gemspecs to the main array, and note an error if
129
- # none were found for this path
130
- gemspec_files += gemspecs_at_path
131
- unfetchable_gems << path.basename.to_s if gemspecs_at_path.empty?
132
- rescue Octokit::NotFound, Gitlab::Error::NotFound
133
- unfetchable_gems << path.basename.to_s
134
- end
135
-
136
- if unfetchable_gems.any?
137
- raise Dependabot::PathDependenciesNotReachable, unfetchable_gems
138
- end
139
-
140
- gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
141
- end
142
-
143
- def path_gemspec_paths
144
- fetch_path_gemspec_paths.map { |path| Pathname.new(path) }
145
- end
146
-
147
- def require_relative_files(files)
148
- ruby_files =
149
- files.select { |f| f.name.end_with?(".rb", "Gemfile", ".gemspec") }
150
-
151
- paths = ruby_files.flat_map do |file|
152
- RequireRelativeFinder.new(file: file).require_relative_paths
153
- end
154
-
155
- @require_relative_files ||=
156
- paths.map { |path| fetch_file_from_host(path) }.
157
- tap { |req_files| req_files.each { |f| f.support_file = true } }
158
- end
159
-
160
- def fetch_gemspecs_from_directory(dir_path)
161
- repo_contents(dir: dir_path).
162
- select { |f| f.name.end_with?(".gemspec") }.
163
- map { |f| File.join(dir_path, f.name) }.
164
- map { |fp| fetch_file_from_host(fp) }
165
- end
166
-
167
- def fetch_path_gemspec_paths
168
- if lockfile
169
- parsed_lockfile = ::Bundler::LockfileParser.new(
170
- sanitized_lockfile_content
171
- )
172
- parsed_lockfile.specs.
173
- select { |s| s.source.instance_of?(::Bundler::Source::Path) }.
174
- map { |s| s.source.path }.uniq
175
- else
176
- gemfiles = ([gemfile] + child_gemfiles).compact
177
- gemfiles.flat_map do |file|
178
- PathGemspecFinder.new(gemfile: file).path_gemspec_paths
179
- end.uniq
180
- end
181
- rescue ::Bundler::LockfileError
182
- raise Dependabot::DependencyFileNotParseable, lockfile.path
183
- end
184
-
185
- def child_gemfiles
186
- return [] unless gemfile
187
-
188
- @child_gemfiles ||=
189
- fetch_child_gemfiles(file: gemfile, previously_fetched_files: [])
190
- end
191
-
192
- def sanitized_lockfile_content
193
- regex = FileUpdaters::Ruby::Bundler::LockfileUpdater::LOCKFILE_ENDING
194
- lockfile.content.gsub(regex, "")
195
- end
196
-
197
- def fetch_child_gemfiles(file:, previously_fetched_files:)
198
- paths = ChildGemfileFinder.new(gemfile: file).child_gemfile_paths
199
-
200
- paths.flat_map do |path|
201
- next if previously_fetched_files.map(&:name).include?(path)
202
- next if file.name == path
203
-
204
- fetched_file = fetch_file_from_host(path)
205
- grandchild_gemfiles = fetch_child_gemfiles(
206
- file: fetched_file,
207
- previously_fetched_files: previously_fetched_files + [file]
208
- )
209
- [fetched_file, *grandchild_gemfiles]
210
- end.compact
211
- end
212
- end
213
- end
214
- end
215
- end