Class: Bundler::Patch::AdvisoryConsolidator
- Inherits:
-
Object
- Object
- Bundler::Patch::AdvisoryConsolidator
- Defined in:
- lib/bundler/patch/advisory_consolidator.rb
Instance Method Summary collapse
-
#initialize(options = {}, all_ads = nil) ⇒ AdvisoryConsolidator
constructor
A new instance of AdvisoryConsolidator.
- #patch_gemfile_and_get_gem_specs_to_patch ⇒ Object
- #vulnerable_gems ⇒ Object
Constructor Details
#initialize(options = {}, all_ads = nil) ⇒ AdvisoryConsolidator
Returns a new instance of AdvisoryConsolidator.
3 4 5 6 7 8 9 10 11 12 13 14 15 |
# File 'lib/bundler/patch/advisory_consolidator.rb', line 3 def initialize(={}, all_ads=nil) @options = @all_ads = all_ads || [].tap do |a| unless [:skip_bundler_advise] if [:ruby_advisory_db_path] a << Bundler::Advise::Advisories.new(dir: [:ruby_advisory_db_path]) else a << Bundler::Advise::Advisories.new # annoying end end a << Bundler::Advise::Advisories.new(dir: [:advisory_db_path], repo: nil) if [:advisory_db_path] end end |
Instance Method Details
#patch_gemfile_and_get_gem_specs_to_patch ⇒ Object
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/bundler/patch/advisory_consolidator.rb', line 34 def patch_gemfile_and_get_gem_specs_to_patch gem_update_specs = vulnerable_gems locked = File.exist?(Bundler.default_lockfile) ? Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs : [] gem_update_specs.map(&:update) # modify requirements in Gemfile if necessary gem_update_specs.map do |up_spec| old_version = locked.detect { |s| s.name == up_spec.gem_name }.version.to_s new_version = up_spec.calc_new_version(old_version) if new_version GemPatch.new(gem_name: up_spec.gem_name, old_version: old_version, new_version: new_version, patched_versions: up_spec.patched_versions) else GemPatch.new(gem_name: up_spec.gem_name, old_version: old_version, patched_versions: up_spec.patched_versions) end end end |
#vulnerable_gems ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/bundler/patch/advisory_consolidator.rb', line 17 def vulnerable_gems @all_ads.map do |ads| ads.update if ads.repo File.exist?(Bundler.default_lockfile) ? Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile : [] end.flatten.map do |advisory| patched = advisory.patched_versions.map do |pv| # this is a little stupid for compound requirements, but works itself out in consolidate_gemfiles pv.requirements.map { |_, v| v.to_s } end.flatten Gemfile.new(gem_name: advisory.gem, patched_versions: patched) end.group_by do |gemfile| gemfile.gem_name end.map do |_, gemfiles| consolidate_gemfiles(gemfiles) end.flatten end |