From 624fc512c50f5d7937b60f79ecd6190c57b2d9a1 Mon Sep 17 00:00:00 2001 From: Peter Wagner <1559510+thepwagner@users.noreply.github.com> Date: Wed, 24 Mar 2021 11:14:54 -0400 Subject: [PATCH 1/3] bundler: RequirementReplacer allow not equals The `!=` operator can be used to build a denylist of versions. The `Dependabot::Bundler::Fileupdater::RequirementReplacer` should allow this, and output a valid Gemfile/gemspec. --- .../bundler/file_updater/requirement_replacer.rb | 4 ++-- .../bundler/file_updater/requirement_replacer_spec.rb | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb index b9181b6cea..8e9c8ca10a 100644 --- a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb +++ b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb @@ -178,7 +178,7 @@ def use_equality_operator?(requirement_nodes) requirement_nodes.first.children.first.loc.expression.source end - req_string.match?(/(?])=/) + req_string.match?(/(?!])=/) end def new_requirement_string(quote_characters:, @@ -203,7 +203,7 @@ def serialized_req(req, use_equality_operator) # Gem::Requirement serializes exact matches as a string starting # with `=`. We may need to remove that equality operator if it # wasn't used originally. - tmp_req = tmp_req.gsub(/(?])=/, "") unless use_equality_operator + tmp_req = tmp_req.gsub(/(?!])=/, "") unless use_equality_operator tmp_req.strip end diff --git a/bundler/spec/dependabot/bundler/file_updater/requirement_replacer_spec.rb b/bundler/spec/dependabot/bundler/file_updater/requirement_replacer_spec.rb index cc4773e9b8..f6df766625 100644 --- a/bundler/spec/dependabot/bundler/file_updater/requirement_replacer_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater/requirement_replacer_spec.rb @@ -256,6 +256,16 @@ end end + context "with inequality matchers" do + let(:previous_requirement) { ">= 2.0.0, != 2.0.3, != 2.0.4" } + let(:updated_requirement) { "~> 2.0.1, != 2.0.3, != 2.0.4" } + let(:content) do + %(s.add_runtime_dependency("business", "~> 2.0.1", "!= 2.0.3", "!= 2.0.4")) + end + + it { is_expected.to eq(content) } + end + context "when declared with `add_development_dependency`" do let(:dependency_name) { "rspec" } it { is_expected.to include(%(ent_dependency "rspec", "~> 1.5.0"\n)) } From b03e85a7bd71ff63bdd04c4ae9c1960ca946eec2 Mon Sep 17 00:00:00 2001 From: Peter Wagner <1559510+thepwagner@users.noreply.github.com> Date: Wed, 24 Mar 2021 15:34:37 -0400 Subject: [PATCH 2/3] consistency: twiddle --- .../dependabot/bundler/update_checker/requirements_updater.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bundler/lib/dependabot/bundler/update_checker/requirements_updater.rb b/bundler/lib/dependabot/bundler/update_checker/requirements_updater.rb index c1bc38ee9c..97e4027069 100644 --- a/bundler/lib/dependabot/bundler/update_checker/requirements_updater.rb +++ b/bundler/lib/dependabot/bundler/update_checker/requirements_updater.rb @@ -188,7 +188,7 @@ def widened_requirements(req) req end when "<", "<=" then [update_greatest_version(req, latest_version)] - when "~>" then convert_twidle_to_range(req, latest_version) + when "~>" then convert_twiddle_to_range(req, latest_version) when "!=" then [] when ">", ">=" then raise UnfixableRequirement else raise "Unexpected operation for requirement: #{op}" @@ -214,7 +214,7 @@ def bumped_requirements(req) end end - def convert_twidle_to_range(requirement, version_to_be_permitted) + def convert_twiddle_to_range(requirement, version_to_be_permitted) version = requirement.requirements.first.last version = version.release if version.prerelease? From b7854017bbb3ea9ab46dafc5ce141e9b635d09bf Mon Sep 17 00:00:00 2001 From: Peter Wagner <1559510+thepwagner@users.noreply.github.com> Date: Thu, 25 Mar 2021 08:07:55 -0400 Subject: [PATCH 3/3] extract EQUALITY_OPERATOR const --- .../dependabot/bundler/file_updater/requirement_replacer.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb index 8e9c8ca10a..5cb05e05a8 100644 --- a/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb +++ b/bundler/lib/dependabot/bundler/file_updater/requirement_replacer.rb @@ -167,6 +167,8 @@ def space_after_specifier?(requirement_nodes) req_string.include?(" ") end + EQUALITY_OPERATOR = /(?!])=/.freeze + def use_equality_operator?(requirement_nodes) return true if requirement_nodes.none? @@ -178,7 +180,7 @@ def use_equality_operator?(requirement_nodes) requirement_nodes.first.children.first.loc.expression.source end - req_string.match?(/(?!])=/) + req_string.match?(EQUALITY_OPERATOR) end def new_requirement_string(quote_characters:, @@ -203,7 +205,7 @@ def serialized_req(req, use_equality_operator) # Gem::Requirement serializes exact matches as a string starting # with `=`. We may need to remove that equality operator if it # wasn't used originally. - tmp_req = tmp_req.gsub(/(?!])=/, "") unless use_equality_operator + tmp_req = tmp_req.gsub(EQUALITY_OPERATOR, "") unless use_equality_operator tmp_req.strip end