lib/bundler/patch/advisory_consolidator.rb in bundler-patch-0.7.2 vs lib/bundler/patch/advisory_consolidator.rb in bundler-patch-0.8.0
- old
+ new
@@ -9,11 +9,11 @@
end
def vulnerable_gems
@all_ads.map do |ads|
ads.update if ads.repo
- Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile
+ File.exist?(Bundler.default_lockfile) ? Bundler::Advise::GemAdviser.new(advisories: ads).scan_lockfile : []
end.flatten.map do |advisory|
patched = advisory.patched_versions.map do |pv|
# this is a little stupid for compound requirements, but works itself out in consolidate_gemfiles
pv.requirements.map { |_, v| v.to_s }
end.flatten
@@ -25,10 +25,11 @@
end.flatten
end
def patch_gemfile_and_get_gem_specs_to_patch
gem_update_specs = vulnerable_gems
- locked = Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs
+ locked = File.exist?(Bundler.default_lockfile) ?
+ Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)).specs : []
gem_update_specs.map(&:update) # modify requirements in Gemfile if necessary
gem_update_specs.map do |up_spec|
old_version = locked.detect { |s| s.name == up_spec.gem_name }.version.to_s