dependabot-core 0.93.17 → 0.94.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/dependency.rb +16 -21
- data/lib/dependabot/file_fetchers.rb +1 -5
- data/lib/dependabot/file_parsers.rb +1 -5
- data/lib/dependabot/file_updaters.rb +1 -5
- data/lib/dependabot/metadata_finders.rb +1 -5
- data/lib/dependabot/pull_request_creator/labeler.rb +26 -24
- data/lib/dependabot/update_checkers.rb +1 -5
- data/lib/dependabot/utils.rb +2 -12
- data/lib/dependabot/version.rb +1 -1
- metadata +1 -28
- data/lib/dependabot/file_fetchers/ruby/bundler.rb +0 -215
- data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +0 -70
- data/lib/dependabot/file_fetchers/ruby/bundler/gemspec_finder.rb +0 -98
- data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +0 -114
- data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +0 -67
- data/lib/dependabot/file_parsers/ruby/bundler.rb +0 -294
- data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +0 -86
- data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +0 -48
- data/lib/dependabot/file_updaters/ruby/bundler.rb +0 -123
- data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +0 -116
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +0 -52
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +0 -298
- data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +0 -64
- data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +0 -80
- data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +0 -102
- data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +0 -389
- data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +0 -223
- data/lib/dependabot/metadata_finders/ruby/bundler.rb +0 -202
- data/lib/dependabot/update_checkers/ruby/bundler.rb +0 -331
- data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +0 -281
- data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +0 -261
- data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +0 -169
- data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +0 -283
- data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +0 -115
- data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +0 -246
- data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +0 -272
- data/lib/dependabot/utils/ruby/requirement.rb +0 -26
|
@@ -1,64 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/file_updaters/ruby/bundler"
|
|
4
|
-
|
|
5
|
-
module Dependabot
|
|
6
|
-
module FileUpdaters
|
|
7
|
-
module Ruby
|
|
8
|
-
class Bundler
|
|
9
|
-
class GemspecUpdater
|
|
10
|
-
require_relative "requirement_replacer"
|
|
11
|
-
|
|
12
|
-
def initialize(dependencies:, gemspec:)
|
|
13
|
-
@dependencies = dependencies
|
|
14
|
-
@gemspec = gemspec
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def updated_gemspec_content
|
|
18
|
-
content = gemspec.content
|
|
19
|
-
|
|
20
|
-
dependencies.each do |dependency|
|
|
21
|
-
content = replace_gemspec_version_requirement(
|
|
22
|
-
gemspec, dependency, content
|
|
23
|
-
)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
content
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
private
|
|
30
|
-
|
|
31
|
-
attr_reader :dependencies, :gemspec
|
|
32
|
-
|
|
33
|
-
def replace_gemspec_version_requirement(gemspec, dependency, content)
|
|
34
|
-
return content unless requirement_changed?(gemspec, dependency)
|
|
35
|
-
|
|
36
|
-
updated_requirement =
|
|
37
|
-
dependency.requirements.
|
|
38
|
-
find { |r| r[:file] == gemspec.name }.
|
|
39
|
-
fetch(:requirement)
|
|
40
|
-
|
|
41
|
-
previous_requirement =
|
|
42
|
-
dependency.previous_requirements.
|
|
43
|
-
find { |r| r[:file] == gemspec.name }.
|
|
44
|
-
fetch(:requirement)
|
|
45
|
-
|
|
46
|
-
RequirementReplacer.new(
|
|
47
|
-
dependency: dependency,
|
|
48
|
-
file_type: :gemspec,
|
|
49
|
-
updated_requirement: updated_requirement,
|
|
50
|
-
previous_requirement: previous_requirement
|
|
51
|
-
).rewrite(content)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
def requirement_changed?(file, dependency)
|
|
55
|
-
changed_requirements =
|
|
56
|
-
dependency.requirements - dependency.previous_requirements
|
|
57
|
-
|
|
58
|
-
changed_requirements.any? { |f| f[:file] == file.name }
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
end
|
|
@@ -1,80 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "parser/current"
|
|
4
|
-
require "dependabot/file_updaters/ruby/bundler"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
module FileUpdaters
|
|
8
|
-
module Ruby
|
|
9
|
-
class Bundler
|
|
10
|
-
class GitPinReplacer
|
|
11
|
-
attr_reader :dependency, :new_pin
|
|
12
|
-
|
|
13
|
-
def initialize(dependency:, new_pin:)
|
|
14
|
-
@dependency = dependency
|
|
15
|
-
@new_pin = new_pin
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def rewrite(content)
|
|
19
|
-
buffer = Parser::Source::Buffer.new("(gemfile_content)")
|
|
20
|
-
buffer.source = content
|
|
21
|
-
ast = Parser::CurrentRuby.new.parse(buffer)
|
|
22
|
-
|
|
23
|
-
Rewriter.
|
|
24
|
-
new(dependency: dependency, new_pin: new_pin).
|
|
25
|
-
rewrite(buffer, ast)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
class Rewriter < Parser::TreeRewriter
|
|
29
|
-
PIN_KEYS = %i(ref tag).freeze
|
|
30
|
-
attr_reader :dependency, :new_pin
|
|
31
|
-
|
|
32
|
-
def initialize(dependency:, new_pin:)
|
|
33
|
-
@dependency = dependency
|
|
34
|
-
@new_pin = new_pin
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def on_send(node)
|
|
38
|
-
return unless declares_targeted_gem?(node)
|
|
39
|
-
return unless node.children.last.type == :hash
|
|
40
|
-
|
|
41
|
-
kwargs_node = node.children.last
|
|
42
|
-
kwargs_node.children.each do |hash_pair|
|
|
43
|
-
next unless PIN_KEYS.include?(key_from_hash_pair(hash_pair))
|
|
44
|
-
|
|
45
|
-
update_value(hash_pair)
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
private
|
|
50
|
-
|
|
51
|
-
def declares_targeted_gem?(node)
|
|
52
|
-
return false unless node.children[1] == :gem
|
|
53
|
-
|
|
54
|
-
node.children[2].children.first == dependency.name
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
def key_from_hash_pair(node)
|
|
58
|
-
node.children.first.children.first.to_sym
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
def update_value(hash_pair)
|
|
62
|
-
value_node = hash_pair.children.last
|
|
63
|
-
open_quote_character, close_quote_character =
|
|
64
|
-
extract_quote_characters_from(value_node)
|
|
65
|
-
|
|
66
|
-
replace(
|
|
67
|
-
value_node.loc.expression,
|
|
68
|
-
%(#{open_quote_character}#{new_pin}#{close_quote_character})
|
|
69
|
-
)
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def extract_quote_characters_from(value_node)
|
|
73
|
-
[value_node.loc.begin.source, value_node.loc.end.source]
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
end
|
|
77
|
-
end
|
|
78
|
-
end
|
|
79
|
-
end
|
|
80
|
-
end
|
|
@@ -1,102 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "parser/current"
|
|
4
|
-
require "dependabot/file_updaters/ruby/bundler"
|
|
5
|
-
|
|
6
|
-
module Dependabot
|
|
7
|
-
module FileUpdaters
|
|
8
|
-
module Ruby
|
|
9
|
-
class Bundler
|
|
10
|
-
class GitSourceRemover
|
|
11
|
-
attr_reader :dependency
|
|
12
|
-
|
|
13
|
-
def initialize(dependency:)
|
|
14
|
-
@dependency = dependency
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def rewrite(content)
|
|
18
|
-
buffer = Parser::Source::Buffer.new("(gemfile_content)")
|
|
19
|
-
buffer.source = content
|
|
20
|
-
ast = Parser::CurrentRuby.new.parse(buffer)
|
|
21
|
-
|
|
22
|
-
Rewriter.new(dependency: dependency).rewrite(buffer, ast)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
class Rewriter < Parser::TreeRewriter
|
|
26
|
-
# TODO: Hack until Bundler 1.16.0 is available on Heroku
|
|
27
|
-
GOOD_KEYS = %i(
|
|
28
|
-
group groups path glob name require platform platforms type
|
|
29
|
-
source install_if
|
|
30
|
-
).freeze
|
|
31
|
-
|
|
32
|
-
attr_reader :dependency
|
|
33
|
-
|
|
34
|
-
def initialize(dependency:)
|
|
35
|
-
@dependency = dependency
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def on_send(node)
|
|
39
|
-
return unless declares_targeted_gem?(node)
|
|
40
|
-
return unless node.children.last.type == :hash
|
|
41
|
-
|
|
42
|
-
kwargs_node = node.children.last
|
|
43
|
-
keys = kwargs_node.children.map do |hash_pair|
|
|
44
|
-
key_from_hash_pair(hash_pair)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
if keys.none? { |key| GOOD_KEYS.include?(key) }
|
|
48
|
-
remove_all_kwargs(node)
|
|
49
|
-
else
|
|
50
|
-
remove_git_related_kwargs(kwargs_node)
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
private
|
|
55
|
-
|
|
56
|
-
def declares_targeted_gem?(node)
|
|
57
|
-
return false unless node.children[1] == :gem
|
|
58
|
-
|
|
59
|
-
node.children[2].children.first == dependency.name
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def key_from_hash_pair(node)
|
|
63
|
-
node.children.first.children.first.to_sym
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def remove_all_kwargs(node)
|
|
67
|
-
kwargs_node = node.children.last
|
|
68
|
-
|
|
69
|
-
range_to_remove =
|
|
70
|
-
kwargs_node.loc.expression.join(node.children[-2].loc.end.end)
|
|
71
|
-
|
|
72
|
-
remove(range_to_remove)
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
def remove_git_related_kwargs(kwargs_node)
|
|
76
|
-
good_key_index = nil
|
|
77
|
-
hash_pairs = kwargs_node.children
|
|
78
|
-
|
|
79
|
-
hash_pairs.each_with_index do |hash_pair, index|
|
|
80
|
-
if GOOD_KEYS.include?(key_from_hash_pair(hash_pair))
|
|
81
|
-
good_key_index = index
|
|
82
|
-
next
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
range_to_remove =
|
|
86
|
-
if good_key_index.nil?
|
|
87
|
-
next_arg_start = hash_pairs[index + 1].loc.expression.begin
|
|
88
|
-
hash_pair.loc.expression.join(next_arg_start)
|
|
89
|
-
else
|
|
90
|
-
last_arg_end = hash_pairs[good_key_index].loc.expression.end
|
|
91
|
-
hash_pair.loc.expression.join(last_arg_end)
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
remove(range_to_remove)
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
end
|
|
98
|
-
end
|
|
99
|
-
end
|
|
100
|
-
end
|
|
101
|
-
end
|
|
102
|
-
end
|
|
@@ -1,389 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "bundler"
|
|
4
|
-
|
|
5
|
-
require "bundler_definition_ruby_version_patch"
|
|
6
|
-
require "bundler_definition_bundler_version_patch"
|
|
7
|
-
require "bundler_git_source_patch"
|
|
8
|
-
|
|
9
|
-
require "dependabot/shared_helpers"
|
|
10
|
-
require "dependabot/errors"
|
|
11
|
-
require "dependabot/file_updaters/ruby/bundler"
|
|
12
|
-
require "dependabot/git_commit_checker"
|
|
13
|
-
|
|
14
|
-
# rubocop:disable Metrics/ClassLength
|
|
15
|
-
module Dependabot
|
|
16
|
-
module FileUpdaters
|
|
17
|
-
module Ruby
|
|
18
|
-
class Bundler
|
|
19
|
-
class LockfileUpdater
|
|
20
|
-
require_relative "gemfile_updater"
|
|
21
|
-
require_relative "gemspec_updater"
|
|
22
|
-
require_relative "gemspec_sanitizer"
|
|
23
|
-
require_relative "gemspec_dependency_name_finder"
|
|
24
|
-
|
|
25
|
-
LOCKFILE_ENDING =
|
|
26
|
-
/(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
|
27
|
-
GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m.freeze
|
|
28
|
-
GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m.freeze
|
|
29
|
-
GEM_NOT_FOUND_ERROR_REGEX =
|
|
30
|
-
/locked to (?<name>[^\s]+) \(|not find (?<name>[^\s]+)-\d/.freeze
|
|
31
|
-
RETRYABLE_ERRORS = [::Bundler::HTTPError].freeze
|
|
32
|
-
|
|
33
|
-
# Can't be a constant because some of these don't exist in bundler
|
|
34
|
-
# 1.15, which Heroku uses, which causes an exception on boot.
|
|
35
|
-
def gemspec_sources
|
|
36
|
-
[
|
|
37
|
-
::Bundler::Source::Path,
|
|
38
|
-
::Bundler::Source::Gemspec
|
|
39
|
-
]
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def initialize(dependencies:, dependency_files:, credentials:)
|
|
43
|
-
@dependencies = dependencies
|
|
44
|
-
@dependency_files = dependency_files
|
|
45
|
-
@credentials = credentials
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def updated_lockfile_content
|
|
49
|
-
@updated_lockfile_content ||=
|
|
50
|
-
begin
|
|
51
|
-
updated_content = build_updated_lockfile
|
|
52
|
-
|
|
53
|
-
if lockfile.content == updated_content
|
|
54
|
-
raise "Expected content to change!"
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
updated_content
|
|
58
|
-
end
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
private
|
|
62
|
-
|
|
63
|
-
attr_reader :dependencies, :dependency_files, :credentials
|
|
64
|
-
|
|
65
|
-
def build_updated_lockfile
|
|
66
|
-
base_dir = dependency_files.first.directory
|
|
67
|
-
lockfile_body =
|
|
68
|
-
SharedHelpers.in_a_temporary_directory(base_dir) do |tmp_dir|
|
|
69
|
-
write_temporary_dependency_files
|
|
70
|
-
|
|
71
|
-
SharedHelpers.in_a_forked_process do
|
|
72
|
-
# Set the path for path gemspec correctly
|
|
73
|
-
::Bundler.instance_variable_set(:@root, tmp_dir)
|
|
74
|
-
|
|
75
|
-
# Remove installed gems from the default Rubygems index
|
|
76
|
-
::Gem::Specification.all = []
|
|
77
|
-
|
|
78
|
-
# Set auth details
|
|
79
|
-
relevant_credentials.each do |cred|
|
|
80
|
-
token = cred["token"] ||
|
|
81
|
-
"#{cred['username']}:#{cred['password']}"
|
|
82
|
-
|
|
83
|
-
::Bundler.settings.set_command_option(
|
|
84
|
-
cred.fetch("host"),
|
|
85
|
-
token.gsub("@", "%40F").gsub("?", "%3F")
|
|
86
|
-
)
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
generate_lockfile
|
|
90
|
-
end
|
|
91
|
-
end
|
|
92
|
-
post_process_lockfile(lockfile_body)
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
def write_temporary_dependency_files
|
|
96
|
-
File.write(gemfile.name, updated_gemfile_content(gemfile))
|
|
97
|
-
File.write(lockfile.name, sanitized_lockfile_body)
|
|
98
|
-
|
|
99
|
-
top_level_gemspecs.each do |gemspec|
|
|
100
|
-
path = gemspec.name
|
|
101
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
102
|
-
updated_content = updated_gemspec_content(gemspec)
|
|
103
|
-
File.write(path, sanitized_gemspec_content(updated_content))
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
write_ruby_version_file
|
|
107
|
-
write_path_gemspecs
|
|
108
|
-
write_imported_ruby_files
|
|
109
|
-
|
|
110
|
-
evaled_gemfiles.each do |file|
|
|
111
|
-
path = file.name
|
|
112
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
113
|
-
File.write(path, updated_gemfile_content(file))
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
def generate_lockfile
|
|
118
|
-
dependencies_to_unlock = dependencies.map(&:name)
|
|
119
|
-
|
|
120
|
-
begin
|
|
121
|
-
definition = build_definition(dependencies_to_unlock)
|
|
122
|
-
|
|
123
|
-
old_reqs = lock_deps_being_updated_to_exact_versions(definition)
|
|
124
|
-
|
|
125
|
-
definition.resolve_remotely!
|
|
126
|
-
|
|
127
|
-
old_reqs.each do |dep_name, old_req|
|
|
128
|
-
d_dep = definition.dependencies.find { |d| d.name == dep_name }
|
|
129
|
-
if old_req == :none then definition.dependencies.delete(d_dep)
|
|
130
|
-
else d_dep.instance_variable_set(:@requirement, old_req)
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
|
|
134
|
-
definition.to_lock
|
|
135
|
-
rescue ::Bundler::GemNotFound => error
|
|
136
|
-
unlock_yanked_gem(dependencies_to_unlock, error) && retry
|
|
137
|
-
rescue ::Bundler::VersionConflict => error
|
|
138
|
-
unlock_blocking_subdeps(dependencies_to_unlock, error) && retry
|
|
139
|
-
rescue *RETRYABLE_ERRORS
|
|
140
|
-
raise if @retrying
|
|
141
|
-
|
|
142
|
-
@retrying = true
|
|
143
|
-
sleep(rand(1.0..5.0))
|
|
144
|
-
retry
|
|
145
|
-
end
|
|
146
|
-
end
|
|
147
|
-
|
|
148
|
-
def unlock_yanked_gem(dependencies_to_unlock, error)
|
|
149
|
-
raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
|
|
150
|
-
|
|
151
|
-
gem_name = error.message.match(GEM_NOT_FOUND_ERROR_REGEX).
|
|
152
|
-
named_captures["name"]
|
|
153
|
-
raise if dependencies_to_unlock.include?(gem_name)
|
|
154
|
-
|
|
155
|
-
dependencies_to_unlock << gem_name
|
|
156
|
-
end
|
|
157
|
-
|
|
158
|
-
def unlock_blocking_subdeps(dependencies_to_unlock, error)
|
|
159
|
-
all_deps = ::Bundler::LockfileParser.new(sanitized_lockfile_body).
|
|
160
|
-
specs.map(&:name).map(&:to_s)
|
|
161
|
-
top_level = build_definition([]).dependencies.
|
|
162
|
-
map(&:name).map(&:to_s)
|
|
163
|
-
allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
|
|
164
|
-
|
|
165
|
-
# Unlock any sub-dependencies that Bundler reports caused the
|
|
166
|
-
# conflict
|
|
167
|
-
potentials_deps =
|
|
168
|
-
error.cause.conflicts.values.
|
|
169
|
-
flat_map(&:requirement_trees).
|
|
170
|
-
map do |tree|
|
|
171
|
-
tree.find { |req| allowed_new_unlocks.include?(req.name) }
|
|
172
|
-
end.compact.map(&:name)
|
|
173
|
-
|
|
174
|
-
# If there's nothing more we can unlock, give up
|
|
175
|
-
raise if potentials_deps.none?
|
|
176
|
-
|
|
177
|
-
dependencies_to_unlock.append(*potentials_deps)
|
|
178
|
-
end
|
|
179
|
-
|
|
180
|
-
def build_definition(dependencies_to_unlock)
|
|
181
|
-
defn = ::Bundler::Definition.build(
|
|
182
|
-
gemfile.name,
|
|
183
|
-
lockfile.name,
|
|
184
|
-
gems: dependencies_to_unlock
|
|
185
|
-
)
|
|
186
|
-
|
|
187
|
-
# Bundler unlocks the sub-dependencies of gems it is passed even
|
|
188
|
-
# if those sub-deps are top-level dependencies. We only want true
|
|
189
|
-
# subdeps unlocked, like they were in the UpdateChecker, so we
|
|
190
|
-
# mutate the unlocked gems array.
|
|
191
|
-
unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
|
|
192
|
-
must_not_unlock = defn.dependencies.map(&:name).map(&:to_s) -
|
|
193
|
-
dependencies_to_unlock
|
|
194
|
-
unlocked.reject! { |n| must_not_unlock.include?(n) }
|
|
195
|
-
|
|
196
|
-
defn
|
|
197
|
-
end
|
|
198
|
-
|
|
199
|
-
def lock_deps_being_updated_to_exact_versions(definition)
|
|
200
|
-
dependencies.each_with_object({}) do |dep, old_reqs|
|
|
201
|
-
defn_dep = definition.dependencies.find { |d| d.name == dep.name }
|
|
202
|
-
|
|
203
|
-
if defn_dep.nil?
|
|
204
|
-
definition.dependencies <<
|
|
205
|
-
::Bundler::Dependency.new(dep.name, dep.version)
|
|
206
|
-
old_reqs[dep.name] = :none
|
|
207
|
-
elsif git_dependency?(dep) &&
|
|
208
|
-
defn_dep.source.is_a?(::Bundler::Source::Git)
|
|
209
|
-
defn_dep.source.unlock!
|
|
210
|
-
elsif Gem::Version.correct?(dep.version)
|
|
211
|
-
new_req = Gem::Requirement.create("= #{dep.version}")
|
|
212
|
-
old_reqs[dep.name] = defn_dep.requirement
|
|
213
|
-
defn_dep.instance_variable_set(:@requirement, new_req)
|
|
214
|
-
end
|
|
215
|
-
end
|
|
216
|
-
end
|
|
217
|
-
|
|
218
|
-
def write_ruby_version_file
|
|
219
|
-
return unless ruby_version_file
|
|
220
|
-
|
|
221
|
-
path = ruby_version_file.name
|
|
222
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
223
|
-
File.write(path, ruby_version_file.content)
|
|
224
|
-
end
|
|
225
|
-
|
|
226
|
-
def write_path_gemspecs
|
|
227
|
-
path_gemspecs.each do |file|
|
|
228
|
-
path = file.name
|
|
229
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
230
|
-
File.write(path, sanitized_gemspec_content(file.content))
|
|
231
|
-
end
|
|
232
|
-
end
|
|
233
|
-
|
|
234
|
-
def write_imported_ruby_files
|
|
235
|
-
imported_ruby_files.each do |file|
|
|
236
|
-
path = file.name
|
|
237
|
-
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
|
238
|
-
File.write(path, file.content)
|
|
239
|
-
end
|
|
240
|
-
end
|
|
241
|
-
|
|
242
|
-
def path_gemspecs
|
|
243
|
-
all = dependency_files.select { |f| f.name.end_with?(".gemspec") }
|
|
244
|
-
all - top_level_gemspecs
|
|
245
|
-
end
|
|
246
|
-
|
|
247
|
-
def imported_ruby_files
|
|
248
|
-
dependency_files.
|
|
249
|
-
select { |f| f.name.end_with?(".rb") }.
|
|
250
|
-
reject { |f| f.name == "gems.rb" }
|
|
251
|
-
end
|
|
252
|
-
|
|
253
|
-
def top_level_gemspecs
|
|
254
|
-
dependency_files.
|
|
255
|
-
select { |file| file.name.end_with?(".gemspec") }.
|
|
256
|
-
reject(&:support_file?)
|
|
257
|
-
end
|
|
258
|
-
|
|
259
|
-
def ruby_version_file
|
|
260
|
-
dependency_files.find { |f| f.name == ".ruby-version" }
|
|
261
|
-
end
|
|
262
|
-
|
|
263
|
-
def post_process_lockfile(lockfile_body)
|
|
264
|
-
lockfile_body = reorder_git_dependencies(lockfile_body)
|
|
265
|
-
replace_lockfile_ending(lockfile_body)
|
|
266
|
-
end
|
|
267
|
-
|
|
268
|
-
def reorder_git_dependencies(lockfile_body)
|
|
269
|
-
new_section = lockfile_body.match(GIT_DEPENDENCIES_SECTION)&.to_s
|
|
270
|
-
old_section = lockfile.content.match(GIT_DEPENDENCIES_SECTION)&.to_s
|
|
271
|
-
|
|
272
|
-
return lockfile_body unless new_section && old_section
|
|
273
|
-
|
|
274
|
-
new_deps = new_section.scan(GIT_DEPENDENCY_DETAILS)
|
|
275
|
-
old_deps = old_section.scan(GIT_DEPENDENCY_DETAILS)
|
|
276
|
-
|
|
277
|
-
return lockfile_body unless new_deps.count == old_deps.count
|
|
278
|
-
|
|
279
|
-
reordered_new_section = new_deps.sort_by do |new_dep_details|
|
|
280
|
-
remote = new_dep_details.match(/remote: (?<remote>.*\n)/)[:remote]
|
|
281
|
-
i = old_deps.index { |details| details.include?(remote) }
|
|
282
|
-
|
|
283
|
-
# If this dependency isn't in the old lockfile then we can't rely
|
|
284
|
-
# on that (presumably outdated) lockfile to do reordering.
|
|
285
|
-
# Instead, we just return the default-ordered content just
|
|
286
|
-
# generated.
|
|
287
|
-
return lockfile_body unless i
|
|
288
|
-
|
|
289
|
-
i
|
|
290
|
-
end.join
|
|
291
|
-
|
|
292
|
-
lockfile_body.gsub(new_section, reordered_new_section)
|
|
293
|
-
end
|
|
294
|
-
|
|
295
|
-
def replace_lockfile_ending(lockfile_body)
|
|
296
|
-
# Re-add the old `BUNDLED WITH` version (and remove the RUBY VERSION
|
|
297
|
-
# if it wasn't previously present in the lockfile)
|
|
298
|
-
lockfile_body.gsub(
|
|
299
|
-
LOCKFILE_ENDING,
|
|
300
|
-
lockfile.content.match(LOCKFILE_ENDING)&.[](:ending) || "\n"
|
|
301
|
-
)
|
|
302
|
-
end
|
|
303
|
-
|
|
304
|
-
def sanitized_gemspec_content(gemspec_content)
|
|
305
|
-
new_version = replacement_version_for_gemspec(gemspec_content)
|
|
306
|
-
|
|
307
|
-
GemspecSanitizer.
|
|
308
|
-
new(replacement_version: new_version).
|
|
309
|
-
rewrite(gemspec_content)
|
|
310
|
-
end
|
|
311
|
-
|
|
312
|
-
def replacement_version_for_gemspec(gemspec_content)
|
|
313
|
-
return "0.0.1" unless lockfile
|
|
314
|
-
|
|
315
|
-
gemspec_specs =
|
|
316
|
-
::Bundler::LockfileParser.new(sanitized_lockfile_body).specs.
|
|
317
|
-
select { |s| gemspec_sources.include?(s.source.class) }
|
|
318
|
-
|
|
319
|
-
gem_name =
|
|
320
|
-
GemspecDependencyNameFinder.new(gemspec_content: gemspec_content).
|
|
321
|
-
dependency_name
|
|
322
|
-
|
|
323
|
-
return gemspec_specs.first&.version || "0.0.1" unless gem_name
|
|
324
|
-
|
|
325
|
-
spec = gemspec_specs.find { |s| s.name == gem_name }
|
|
326
|
-
spec&.version || gemspec_specs.first&.version || "0.0.1"
|
|
327
|
-
end
|
|
328
|
-
|
|
329
|
-
def relevant_credentials
|
|
330
|
-
credentials.select do |cred|
|
|
331
|
-
next true if cred["type"] == "git_source"
|
|
332
|
-
next true if cred["type"] == "rubygems_server"
|
|
333
|
-
|
|
334
|
-
false
|
|
335
|
-
end
|
|
336
|
-
end
|
|
337
|
-
|
|
338
|
-
def updated_gemfile_content(file)
|
|
339
|
-
GemfileUpdater.new(
|
|
340
|
-
dependencies: dependencies,
|
|
341
|
-
gemfile: file
|
|
342
|
-
).updated_gemfile_content
|
|
343
|
-
end
|
|
344
|
-
|
|
345
|
-
def updated_gemspec_content(gemspec)
|
|
346
|
-
GemspecUpdater.new(
|
|
347
|
-
dependencies: dependencies,
|
|
348
|
-
gemspec: gemspec
|
|
349
|
-
).updated_gemspec_content
|
|
350
|
-
end
|
|
351
|
-
|
|
352
|
-
def gemfile
|
|
353
|
-
@gemfile ||= dependency_files.find { |f| f.name == "Gemfile" } ||
|
|
354
|
-
dependency_files.find { |f| f.name == "gems.rb" }
|
|
355
|
-
end
|
|
356
|
-
|
|
357
|
-
def lockfile
|
|
358
|
-
@lockfile ||=
|
|
359
|
-
dependency_files.find { |f| f.name == "Gemfile.lock" } ||
|
|
360
|
-
dependency_files.find { |f| f.name == "gems.locked" }
|
|
361
|
-
end
|
|
362
|
-
|
|
363
|
-
def sanitized_lockfile_body
|
|
364
|
-
lockfile.content.gsub(LOCKFILE_ENDING, "")
|
|
365
|
-
end
|
|
366
|
-
|
|
367
|
-
def evaled_gemfiles
|
|
368
|
-
@evaled_gemfiles ||=
|
|
369
|
-
dependency_files.
|
|
370
|
-
reject { |f| f.name.end_with?(".gemspec") }.
|
|
371
|
-
reject { |f| f.name.end_with?(".lock") }.
|
|
372
|
-
reject { |f| f.name.end_with?(".ruby-version") }.
|
|
373
|
-
reject { |f| f.name == "Gemfile" }.
|
|
374
|
-
reject { |f| f.name == "gems.rb" }.
|
|
375
|
-
reject { |f| f.name == "gems.locked" }
|
|
376
|
-
end
|
|
377
|
-
|
|
378
|
-
def git_dependency?(dep)
|
|
379
|
-
GitCommitChecker.new(
|
|
380
|
-
dependency: dep,
|
|
381
|
-
credentials: credentials
|
|
382
|
-
).git_dependency?
|
|
383
|
-
end
|
|
384
|
-
end
|
|
385
|
-
end
|
|
386
|
-
end
|
|
387
|
-
end
|
|
388
|
-
end
|
|
389
|
-
# rubocop:enable Metrics/ClassLength
|