dependanot 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE.txt +21 -0
- data/README.md +39 -0
- data/dependabot.gemspec +22 -0
- data/exe/dependabot +15 -0
- data/lib/dependabot/bundler/update.rb +17 -0
- data/lib/dependabot/cli/scan.rb +42 -0
- data/lib/dependabot/cli.rb +22 -0
- data/lib/dependabot/tracer.rb +31 -0
- data/lib/dependabot/version.rb +5 -0
- data/lib/dependabot.rb +19 -0
- metadata +82 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 903577dd56009cdee245614d973c80cced1d51989293b5d32d0d2c3f4c7fb44a
|
4
|
+
data.tar.gz: 1c7fcc29caf4195e7e6987ca829e64469388de8220011a94e9dad59e8a194e65
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 9ad22a5b055398e49eecca1fa2e5756a725da82ea733d1fd15d0693a087e0e4130320389e964032106112b0701cb42b021016c276d9d25e4e94095f259e82705
|
7
|
+
data.tar.gz: 04e15bdb15a22cac8106b278f6909e23ed937d1bbceb7ccadc8dc75cfb7618f62c497edf7cfb6bdb635541b6be20eecf7e19e52a3adf0c46f4ca1ac3cf3e576f
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2021 mo khan
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
# Dependabot
|
2
|
+
|
3
|
+
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/dependabot`. To experiment with that code, run `bin/console` for an interactive prompt.
|
4
|
+
|
5
|
+
TODO: Delete this and the text above, and describe your gem
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'dependabot'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle install
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install dependabot
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
TODO: Write usage instructions here
|
26
|
+
|
27
|
+
## Development
|
28
|
+
|
29
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
30
|
+
|
31
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
32
|
+
|
33
|
+
## Contributing
|
34
|
+
|
35
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/xlgmokha/dependabot.
|
36
|
+
|
37
|
+
## License
|
38
|
+
|
39
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/dependabot.gemspec
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "lib/dependabot/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.authors = ["mo khan"]
|
7
|
+
spec.bindir = "exe"
|
8
|
+
spec.description = "The Dependabot CLI"
|
9
|
+
spec.email = ["xlgmokha@github.com"]
|
10
|
+
spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
|
11
|
+
spec.files = Dir.glob("lib/**/*.rb") + Dir.glob("exe/*") + Dir.glob("*.gemspec") + ["LICENSE.txt", "README.md"]
|
12
|
+
spec.homepage = "https://github.com/dependanot/dependanot"
|
13
|
+
spec.license = "MIT"
|
14
|
+
spec.metadata["homepage_uri"] = spec.homepage
|
15
|
+
spec.name = "dependanot"
|
16
|
+
spec.require_paths = ["lib"]
|
17
|
+
spec.required_ruby_version = ">= 3.0.0"
|
18
|
+
spec.summary = "The Dependabot CLI"
|
19
|
+
spec.version = Dependabot::VERSION
|
20
|
+
spec.add_dependency "spandx", "~> 0.1"
|
21
|
+
spec.add_dependency "thor", "~> 1.1"
|
22
|
+
end
|
data/exe/dependabot
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "dependabot/cli"
|
5
|
+
|
6
|
+
Signal.trap("INT") do
|
7
|
+
exit(1)
|
8
|
+
end
|
9
|
+
|
10
|
+
begin
|
11
|
+
Dependabot::CLI::Application.start
|
12
|
+
rescue StandardError => boom
|
13
|
+
warn (["ERROR (#{boom.class}): #{boom.message}"] + boom.backtrace).join("\n")
|
14
|
+
exit 1
|
15
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
module Bundler
|
5
|
+
class Update < Spandx::Core::Plugin
|
6
|
+
def enhance(dependency)
|
7
|
+
return unless dependency.package_manager == :rubygems
|
8
|
+
|
9
|
+
Dir.chdir(dependency.path.parent) do
|
10
|
+
::Bundler.with_unbundled_env do
|
11
|
+
system "bundle update #{dependency.name} --conservative --quiet --full-index"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
|
5
|
+
module CLI
|
6
|
+
class Scan
|
7
|
+
attr_reader :path
|
8
|
+
|
9
|
+
def initialize(path, options)
|
10
|
+
@path = ::Pathname.new(path)
|
11
|
+
@options = options
|
12
|
+
end
|
13
|
+
|
14
|
+
def run
|
15
|
+
each_dependency do |dependency|
|
16
|
+
Dir.chdir(dependency.path.parent) do
|
17
|
+
puts "Updating... #{dependency.name}"
|
18
|
+
::Spandx::Core::Plugin.enhance(dependency)
|
19
|
+
system "git diff --patch --no-color"
|
20
|
+
system "git checkout ."
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def each_file
|
28
|
+
::Spandx::Core::PathTraversal
|
29
|
+
.new(path, recursive: false)
|
30
|
+
.each { |file| yield file }
|
31
|
+
end
|
32
|
+
|
33
|
+
def each_dependency
|
34
|
+
each_file do |file|
|
35
|
+
::Spandx::Core::Parser.parse(file).each do |dependency|
|
36
|
+
yield dependency
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "thor"
|
4
|
+
require "spandx"
|
5
|
+
require "dependabot"
|
6
|
+
require "dependabot/cli/scan"
|
7
|
+
|
8
|
+
module Dependabot
|
9
|
+
module CLI
|
10
|
+
class Application < Thor
|
11
|
+
desc "scan [DIRECTORY]", "Scan a directory"
|
12
|
+
def scan(path = Pathname.pwd)
|
13
|
+
::Dependabot::CLI::Scan.new(path, options).run
|
14
|
+
end
|
15
|
+
|
16
|
+
desc "version", "Print the current version"
|
17
|
+
def version
|
18
|
+
$stdout.puts "v#{Dependabot::VERSION}"
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Dependabot
|
4
|
+
class Tracer
|
5
|
+
def initialize(logger)
|
6
|
+
@logger = logger
|
7
|
+
end
|
8
|
+
|
9
|
+
def trace(defaults = {})
|
10
|
+
tracer = TracePoint.new(:call) do |x|
|
11
|
+
@logger.debug(defaults.merge({ path: x.path, lineno: x.lineno, clazz: x.defined_class, method: x.method_id, args: args_from(x), locals: locals_from(x) }))
|
12
|
+
rescue StandardError => boom
|
13
|
+
@logger.error(defaults.merge({ message: boom.message, stacktrace: boom.backtrace }))
|
14
|
+
end
|
15
|
+
tracer.enable
|
16
|
+
yield
|
17
|
+
ensure
|
18
|
+
tracer.disable
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def args_from(trace)
|
24
|
+
trace.parameters.map(&:last).map { |x| [x, trace.binding.eval(x.to_s)] }.to_h
|
25
|
+
end
|
26
|
+
|
27
|
+
def locals_from(trace)
|
28
|
+
trace.binding.local_variables.map { |x| [x, trace.binding.local_variable_get(x)] }.to_h
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
data/lib/dependabot.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "logger"
|
4
|
+
|
5
|
+
require_relative "dependabot/bundler/update"
|
6
|
+
require_relative "dependabot/tracer"
|
7
|
+
require_relative "dependabot/version"
|
8
|
+
|
9
|
+
module Dependabot
|
10
|
+
class Error < StandardError; end
|
11
|
+
|
12
|
+
def self.logger
|
13
|
+
@logger ||= Logger.new(&stdout)
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.tracer
|
17
|
+
@tracer ||= Tracer.new(logger)
|
18
|
+
end
|
19
|
+
end
|
metadata
ADDED
@@ -0,0 +1,82 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dependanot
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- mo khan
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-12-13 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: spandx
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.1'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0.1'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: thor
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.1'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.1'
|
41
|
+
description: The Dependabot CLI
|
42
|
+
email:
|
43
|
+
- xlgmokha@github.com
|
44
|
+
executables: []
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files: []
|
47
|
+
files:
|
48
|
+
- LICENSE.txt
|
49
|
+
- README.md
|
50
|
+
- dependabot.gemspec
|
51
|
+
- exe/dependabot
|
52
|
+
- lib/dependabot.rb
|
53
|
+
- lib/dependabot/bundler/update.rb
|
54
|
+
- lib/dependabot/cli.rb
|
55
|
+
- lib/dependabot/cli/scan.rb
|
56
|
+
- lib/dependabot/tracer.rb
|
57
|
+
- lib/dependabot/version.rb
|
58
|
+
homepage: https://github.com/dependanot/dependanot
|
59
|
+
licenses:
|
60
|
+
- MIT
|
61
|
+
metadata:
|
62
|
+
homepage_uri: https://github.com/dependanot/dependanot
|
63
|
+
post_install_message:
|
64
|
+
rdoc_options: []
|
65
|
+
require_paths:
|
66
|
+
- lib
|
67
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: 3.0.0
|
72
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
requirements: []
|
78
|
+
rubygems_version: 3.2.33
|
79
|
+
signing_key:
|
80
|
+
specification_version: 4
|
81
|
+
summary: The Dependabot CLI
|
82
|
+
test_files: []
|