Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explain update not possible for bundler #2705

Merged
merged 13 commits into from
Nov 4, 2020
Merged

Explain update not possible for bundler #2705

merged 13 commits into from
Nov 4, 2020

Conversation

jurre
Copy link
Member

@jurre jurre commented Oct 30, 2020
edited
Loading

This adds a new method blocking_parent_dependencies to UpdateChecker, and implements it for bundler. It does this by traversing the dependency tree and finding all parent dependencies that are not satisfied by the target version.

It also outputs this in the dry-run script as follows:

=== kramdown (1.17.0) (vulnerable 🚨)
 => checking for updates
 => latest available version is 2.3.0
 => earliest available non-vulnerable version is 2.3.0
 => latest allowed version is 1.17.0
 => The update is not possible because of the following conflicting dependencies:
   github-pages (204) which requires:
     kramdown = 1.17.0
   jekyll (3.8.5) which requires:
     kramdown ~> 1.14

@jurre jurre requested a review from a team as a code owner October 30, 2020 12:14
brrygrdn
brrygrdn approved these changes Oct 30, 2020
View reviewed changes
Copy link
Contributor

@brrygrdn brrygrdn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice find, 👍🏻

@jurre jurre force-pushed the jurre/improve-bundler-helper-errors branch 6 times, most recently from 7961ad6 to a0a87fc Compare November 3, 2020 21:10
@jurre jurre changed the title Raise descriptive error when update is not possible Explain update not possible for bundler Nov 3, 2020
@jurre jurre force-pushed the jurre/improve-bundler-helper-errors branch 2 times, most recently from 453d73c to 07e5dac Compare November 4, 2020 13:23
thepwagner
thepwagner approved these changes Nov 4, 2020
View reviewed changes
Copy link
Contributor

@thepwagner thepwagner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - comments are all style/naming nits.

bin/dry-run.rb Outdated Show resolved Hide resolved
bin/dry-run.rb Outdated Show resolved Hide resolved
bin/dry-run.rb Outdated Show resolved Hide resolved
bundler/helpers/lib/functions/force_updater.rb Outdated Show resolved Hide resolved
bundler/helpers/lib/functions/parent_dependency_resolver.rb Outdated Show resolved Hide resolved
bundler/lib/dependabot/bundler/update_checker/parent_dependency_resolver.rb Outdated Show resolved Hide resolved
bundler/spec/dependabot/bundler/update_checker/parent_dependency_resolver_spec.rb Outdated Show resolved Hide resolved
bundler/spec/dependabot/bundler/update_checker/parent_dependency_resolver_spec.rb Outdated Show resolved Hide resolved
bundler/spec/dependabot/bundler/update_checker/parent_dependency_resolver_spec.rb Outdated Show resolved Hide resolved
common/lib/dependabot/update_checkers/base.rb Outdated Show resolved Hide resolved
@jurre jurre force-pushed the jurre/improve-bundler-helper-errors branch from ba2c145 to edd78f1 Compare November 4, 2020 14:47
feelepxyz
feelepxyz approved these changes Nov 4, 2020
View reviewed changes
Copy link
Contributor

@feelepxyz feelepxyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work on this! This looks 💯 🙌

jurre and others added 13 commits November 4, 2020 17:15
@jurre
Raise descriptive error when update is not possible
35f22a4 
Currently we are actually raising a `can't modify frozen NilClass` error
because we attempt to `instance_variable_set` on `nil`, as we try to
find `dependency` in the Gemfile.

This is a small step towards figuring out what dependency is blocking
for an update.
@jurre
[SPIKE] explain why a bundler update was blocked
01499e8 
This returns a message from ForceUpdater that explains why a certain
update was not possible, by traversing the dependency tree and finding
all parent dependencies that are not satisfied by the target version.

Few things to improve:
- The message is now formatted in the native helper, I would prefer to
return raw data from there, and leave any formatting to whatever drives
dependabot.
- Because we currently depend on the native helper returning an error,
it is hard to pass data from the native function to dependabot-core.
- We need to call `latest_version_resolvable_with_full_unlock?` in order
to hit the error that sets this new message. I'd prefer to be able to
just call a method on the UpdateChecker instead.
- I dislike having to string compare against the native errors `error_type`, it
would be nice to have more granular errors that we can return from
there.
@jurre
Extract new native helper to detect blocking parent
5eb9571
@jurre
Output blocking parents in dry-run
d048df2
@jurre
Clean up Bundler parent dependency resolving and improve test coverage
f2926d1
@jurre
Fix typo in common/lib/dependabot/update_checkers/base.rb
31bb936 
Co-authored-by: Pete Wagner <[email protected]>
@jurre
Fix typo in bundler/spec/dependabot/bundler/update_checker/parent_dep…
f808848 
…endency_resolver_spec.rb

Co-authored-by: Pete Wagner <[email protected]>
@jurre
Don't modify static state from constructor
e93d7b5
@jurre
Move local variable closer to where it's used
7735d84
@jurre
Remove unused let
0b3aafc
@jurre
Rename blocking_parent_dependencies to conflicting_dependencies
3197f2f
@jurre
Improve conflicting dependencies code in dry-run script
f8a4f1f
@jurre
Fix string keys in ConflictingDependencyResolver spec
2e50b1d
@jurre jurre force-pushed the jurre/improve-bundler-helper-errors branch from 8cfa8b2 to 2e50b1d Compare November 4, 2020 16:15
@jurre jurre merged commit aa5e415 into main Nov 4, 2020
@jurre jurre deleted the jurre/improve-bundler-helper-errors branch November 4, 2020 16:54
@jurre jurre mentioned this pull request Nov 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thepwagner thepwagner thepwagner approved these changes

@brrygrdn brrygrdn brrygrdn approved these changes

@feelepxyz feelepxyz feelepxyz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jurre @feelepxyz @brrygrdn @thepwagner