dependabot-bundler 0.121.1 → 0.124.0

data/lib/dependabot/bundler/native_helpers.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Bundler
+    module NativeHelpers
+      def self.helper_path
+        "bundle exec ruby #{File.join(native_helpers_root, 'run.rb')}"
+      end
+
+      def self.native_helpers_root
+        helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
+        return File.join(helpers_root, "bundler") unless helpers_root.nil?
+
+        File.join(__dir__, "../../../helpers")
+      end
+    end
+  end
+end

data/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -283,6 +283,7 @@ module Dependabot
         end
         # rubocop:enable Metrics/PerceivedComplexity
 
+        # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
         def sanitized_lockfile_content
           re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
           lockfile.content.gsub(re, "")

data/lib/dependabot/bundler/update_checker/force_updater.rb

@@ -1,20 +1,20 @@
 # frozen_string_literal: true
 
-require "dependabot/monkey_patches/bundler/definition_ruby_version_patch"
-require "dependabot/monkey_patches/bundler/definition_bundler_version_patch"
-require "dependabot/monkey_patches/bundler/git_source_patch"
-
+require "dependabot/bundler/file_parser"
+require "dependabot/bundler/file_updater/lockfile_updater"
+require "dependabot/bundler/native_helpers"
 require "dependabot/bundler/update_checker"
 require "dependabot/bundler/update_checker/requirements_updater"
-require "dependabot/bundler/file_updater/lockfile_updater"
-require "dependabot/bundler/file_parser"
-require "dependabot/shared_helpers"
 require "dependabot/errors"
+require "dependabot/shared_helpers"
 
 module Dependabot
   module Bundler
     class UpdateChecker
       class ForceUpdater
+        require_relative "shared_bundler_helpers"
+        include SharedBundlerHelpers
+
         def initialize(dependency:, dependency_files:, repo_contents_path: nil,
                        credentials:, target_version:,
                        requirements_update_strategy:,
@@ -42,154 +42,28 @@ module Dependabot
         end
 
         def force_update
-          in_a_temporary_bundler_context do
-            other_updates = []
-
-            begin
-              definition = build_definition(other_updates: other_updates)
-              definition.resolve_remotely!
-              specs = definition.resolve
-              dependencies_from([dependency] + other_updates, specs)
-            rescue ::Bundler::VersionConflict => e
-              raise unless update_multiple_dependencies?
-
-              # TODO: Not sure this won't unlock way too many things...
-              new_dependencies_to_unlock =
-                new_dependencies_to_unlock_from(
-                  error: e,
-                  already_unlocked: other_updates
-                )
-
-              raise if new_dependencies_to_unlock.none?
-
-              other_updates += new_dependencies_to_unlock
-              retry
-            end
-          end
-        rescue SharedHelpers::ChildProcessFailed => e
-          raise_unresolvable_error(e)
-        end
-
-        #########################
-        # Bundler context setup #
-        #########################
-
-        def in_a_temporary_bundler_context
-          base_directory = dependency_files.first.directory
-          SharedHelpers.in_a_temporary_repo_directory(base_directory,
-                                                      repo_contents_path) do
-            write_temporary_dependency_files
-
-            SharedHelpers.in_a_forked_process do
-              # Remove installed gems from the default Rubygems index
-              ::Gem::Specification.all =
-                ::Gem::Specification.send(:default_stubs, "*.gemspec")
-
-              # Set flags and credentials
-              set_bundler_flags_and_credentials
-
-              yield
-            end
+          in_a_native_bundler_context(error_handling: false) do |tmp_dir|
+            updated_deps, specs = SharedHelpers.run_helper_subprocess(
+              command: NativeHelpers.helper_path,
+              function: "force_update",
+              args: {
+                dir: tmp_dir,
+                dependency_name: dependency.name,
+                target_version: target_version,
+                credentials: relevant_credentials,
+                gemfile_name: gemfile.name,
+                lockfile_name: lockfile.name,
+                using_bundler_2: using_bundler_2?,
+                update_multiple_dependencies: update_multiple_dependencies?
+              }
+            )
+            dependencies_from(updated_deps, specs)
           end
-        end
-
-        def new_dependencies_to_unlock_from(error:, already_unlocked:)
-          potentials_deps =
-            relevant_conflicts(error, already_unlocked).
-            flat_map(&:requirement_trees).
-            reject do |tree|
-              # If the final requirement wasn't specific, it can't be binding
-              next true if tree.last.requirement == Gem::Requirement.new(">= 0")
-
-              # If the conflict wasn't for the dependency we're updating then
-              # we don't have enough info to reject it
-              next false unless tree.last.name == dependency.name
-
-              # If the final requirement *was* for the dependency we're updating
-              # then we can ignore the tree if it permits the target version
-              tree.last.requirement.satisfied_by?(
-                Gem::Version.new(target_version)
-              )
-            end.map(&:first)
-
-          potentials_deps.
-            reject { |dep| already_unlocked.map(&:name).include?(dep.name) }.
-            reject { |dep| [dependency.name, "ruby\0"].include?(dep.name) }.
-            uniq
-        end
-
-        def relevant_conflicts(error, dependencies_being_unlocked)
-          names = [*dependencies_being_unlocked.map(&:name), dependency.name]
-
-          # For a conflict to be relevant to the updates we're making it must be
-          # 1) caused by a new requirement introduced by our unlocking, or
-          # 2) caused by an old requirement that prohibits the update.
-          # Hence, we look at the beginning and end of the requirement trees
-          error.cause.conflicts.values.
-            select do |conflict|
-              conflict.requirement_trees.any? do |t|
-                names.include?(t.last.name) || names.include?(t.first.name)
-              end
-            end
-        end
-
-        def raise_unresolvable_error(error)
-          msg = error.error_class + " with message: " + error.error_message
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          msg = e.error_class + " with message: " + e.message
           raise Dependabot::DependencyFileNotResolvable, msg
         end
 
-        def build_definition(other_updates:)
-          gems_to_unlock = other_updates.map(&:name) + [dependency.name]
-          definition = ::Bundler::Definition.build(
-            gemfile.name,
-            lockfile&.name,
-            gems: gems_to_unlock + subdependencies,
-            lock_shared_dependencies: true
-          )
-
-          # Remove the Gemfile / gemspec requirements on the gems we're
-          # unlocking (i.e., completely unlock them)
-          gems_to_unlock.each do |gem_name|
-            unlock_gem(definition: definition, gem_name: gem_name)
-          end
-
-          # Set the requirement for the gem we're forcing an update of
-          new_req = Gem::Requirement.create("= #{target_version}")
-          definition.dependencies.
-            find { |d| d.name == dependency.name }.
-            tap do |dep|
-              dep.instance_variable_set(:@requirement, new_req)
-              dep.source = nil if dep.source.is_a?(::Bundler::Source::Git)
-            end
-
-          definition
-        end
-
-        def subdependencies
-          # If there's no lockfile we don't need to worry about
-          # subdependencies
-          return [] unless lockfile
-
-          all_deps =  ::Bundler::LockfileParser.new(sanitized_lockfile_body).
-                      specs.map(&:name).map(&:to_s)
-          top_level = ::Bundler::Definition.
-                      build(gemfile.name, lockfile.name, {}).
-                      dependencies.map(&:name).map(&:to_s)
-
-          all_deps - top_level
-        end
-
-        def unlock_gem(definition:, gem_name:)
-          dep = definition.dependencies.find { |d| d.name == gem_name }
-          version = definition.locked_gems.specs.
-                    find { |d| d.name == gem_name }.version
-
-          dep&.instance_variable_set(
-            :@requirement,
-            Gem::Requirement.create(">= #{version}")
-          )
-        end
-
         def original_dependencies
           @original_dependencies ||=
             FileParser.new(
@@ -209,10 +83,10 @@ module Dependabot
           # but resolving it won't necessarily be easy.
           updated_deps.map do |dep|
             original_dep =
-              original_dependencies.find { |d| d.name == dep.name }
-            spec = specs.find { |d| d.name == dep.name }
+              original_dependencies.find { |d| d.name == dep.fetch("name") }
+            spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
 
-            next if spec.version.to_s == original_dep.version
+            next if spec.fetch("version") == original_dep.version
 
             build_dependency(original_dep, spec)
           end.compact
@@ -220,15 +94,15 @@ module Dependabot
 
         def build_dependency(original_dep, updated_spec)
           Dependency.new(
-            name: updated_spec.name,
-            version: updated_spec.version.to_s,
+            name: updated_spec.fetch("name"),
+            version: updated_spec.fetch("version"),
             requirements:
               RequirementsUpdater.new(
                 requirements: original_dep.requirements,
                 update_strategy: requirements_update_strategy,
                 updated_source: source_for(original_dep),
-                latest_version: updated_spec.version.to_s,
-                latest_resolvable_version: updated_spec.version.to_s
+                latest_version: updated_spec.fetch("version"),
+                latest_resolvable_version: updated_spec.fetch("version")
               ).updated_requirements,
             previous_version: original_dep.version,
             previous_requirements: original_dep.requirements,
@@ -267,34 +141,6 @@ module Dependabot
           File.write(lockfile.name, sanitized_lockfile_body) if lockfile
         end
 
-        def set_bundler_flags_and_credentials
-          # Set auth details
-          relevant_credentials.each do |cred|
-            token = cred["token"] ||
-                    "#{cred['username']}:#{cred['password']}"
-
-            ::Bundler.settings.set_command_option(
-              cred.fetch("host"),
-              token.gsub("@", "%40F").gsub("?", "%3F")
-            )
-          end
-
-          # Only allow upgrades. Otherwise it's unlikely that this
-          # resolution will be found by the FileUpdater
-          ::Bundler.settings.set_command_option(
-            "only_update_to_newer_versions",
-            true
-          )
-
-          # Use HTTPS for GitHub if lockfile was generated by Bundler 2
-          set_bundler_2_flags if using_bundler_2?
-        end
-
-        def set_bundler_2_flags
-          ::Bundler.settings.set_command_option("forget_cli_options", "true")
-          ::Bundler.settings.set_command_option("github.https", "true")
-        end
-
         def relevant_credentials
           credentials.
             select { |cred| cred["password"] || cred["token"] }.

data/lib/dependabot/bundler/update_checker/latest_version_finder.rb

@@ -1,9 +1,5 @@
 # frozen_string_literal: true
 
-require "dependabot/monkey_patches/bundler/definition_ruby_version_patch"
-require "dependabot/monkey_patches/bundler/definition_bundler_version_patch"
-require "dependabot/monkey_patches/bundler/git_source_patch"
-
 require "excon"
 
 require "dependabot/bundler/update_checker"

data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb

@@ -47,27 +47,26 @@ module Dependabot
           def latest_git_version_details
             return unless git?
 
-            dependency_source_details =
+            source_details =
               dependency.requirements.map { |r| r.fetch(:source) }.
               uniq.compact.first
 
-            in_a_temporary_bundler_context do
-              SharedHelpers.with_git_configured(credentials: credentials) do
-                # Note: we don't set `ref`, as we want to unpin the dependency
-                source = ::Bundler::Source::Git.new(
-                  "uri" => dependency_source_details[:url],
-                  "branch" => dependency_source_details[:branch],
-                  "name" => dependency.name,
-                  "submodules" => true
+            SharedHelpers.with_git_configured(credentials: credentials) do
+              in_a_native_bundler_context do |tmp_dir|
+                SharedHelpers.run_helper_subprocess(
+                  command: NativeHelpers.helper_path,
+                  function: "depencency_source_latest_git_version",
+                  args: {
+                    dir: tmp_dir,
+                    gemfile_name: gemfile.name,
+                    dependency_name: dependency.name,
+                    credentials: credentials,
+                    dependency_source_url: source_details[:url],
+                    dependency_source_branch: source_details[:branch]
+                  }
                 )
-
-                # Tell Bundler we're fine with fetching the source remotely
-                source.instance_variable_set(:@allow_remote, true)
-
-                spec = source.specs.first
-                { version: spec.version, commit_sha: spec.source.revision }
               end
-            end
+            end.transform_keys(&:to_sym)
           end
 
           def git?
@@ -98,46 +97,38 @@ module Dependabot
 
           def private_registry_versions
             @private_registry_versions ||=
-              in_a_temporary_bundler_context do
-                bundler_source.
-                  fetchers.flat_map do |fetcher|
-                    fetcher.
-                      specs_with_retry([dependency.name], bundler_source).
-                      search_all(dependency.name)
-                  end.
-                  map(&:version)
-              end
-          end
-
-          def bundler_source
-            return nil unless gemfile
-
-            @bundler_source ||=
-              in_a_temporary_bundler_context do
-                definition = ::Bundler::Definition.build(gemfile.name, nil, {})
-
-                specified_source =
-                  definition.dependencies.
-                  find { |dep| dep.name == dependency.name }&.source
-
-                specified_source || definition.send(:sources).default_source
+              in_a_native_bundler_context do |tmp_dir|
+                SharedHelpers.run_helper_subprocess(
+                  command: NativeHelpers.helper_path,
+                  function: "private_registry_versions",
+                  args: {
+                    dir: tmp_dir,
+                    gemfile_name: gemfile.name,
+                    dependency_name: dependency.name,
+                    credentials: credentials
+                  }
+                ).map do |version_string|
+                  Gem::Version.new(version_string)
+                end
               end
           end
 
           def source_type
-            @source_type ||= case bundler_source
-                             when ::Bundler::Source::Rubygems
-                               remote = bundler_source.remotes.first
-                               if remote.nil? || remote.to_s == "https://rubygems.org/"
-                                 RUBYGEMS
-                               else
-                                 PRIVATE_REGISTRY
-                               end
-                             when ::Bundler::Source::Git
-                               GIT
-                             else
-                               OTHER
-                             end
+            return @source_type if defined? @source_type
+            return @source_type = RUBYGEMS unless gemfile
+
+            @source_type = in_a_native_bundler_context do |tmp_dir|
+              SharedHelpers.run_helper_subprocess(
+                command: NativeHelpers.helper_path,
+                function: "dependency_source_type",
+                args: {
+                  dir: tmp_dir,
+                  gemfile_name: gemfile.name,
+                  dependency_name: dependency.name,
+                  credentials: credentials
+                }
+              )
+            end
           end
 
           def gemfile

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -1,12 +1,9 @@
 # frozen_string_literal: true
 
-require "dependabot/monkey_patches/bundler/definition_ruby_version_patch"
-require "dependabot/monkey_patches/bundler/definition_bundler_version_patch"
-require "dependabot/monkey_patches/bundler/git_source_patch"
-
 require "excon"
 
 require "dependabot/bundler/update_checker"
+require "dependabot/bundler/native_helpers"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
 
@@ -17,6 +14,18 @@ module Dependabot
         GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze
         GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./.freeze
         PATH_REGEX = /The path `(?<path>.*)` does not exist/.freeze
+
+        module BundlerErrorPatterns
+          MISSING_AUTH_REGEX =
+            /bundle config (?<source>.*) username:password/.freeze
+          BAD_AUTH_REGEX =
+            /Bad username or password for (?<source>.*)\.$/.freeze
+          BAD_CERT_REGEX =
+            /verify the SSL certificate for (?<source>.*)\.$/.freeze
+          HTTP_ERR_REGEX =
+            /Could not fetch specs from (?<source>.*)$/.freeze
+        end
+
         RETRYABLE_ERRORS = %w(
           Bundler::HTTPError
           Bundler::Fetcher::FallbackError
@@ -35,27 +44,15 @@ module Dependabot
         # Bundler context setup #
         #########################
 
-        def in_a_temporary_bundler_context(error_handling: true)
+        def in_a_native_bundler_context(error_handling: true)
           SharedHelpers.
             in_a_temporary_repo_directory(base_directory,
                                           repo_contents_path) do |tmp_dir|
             write_temporary_dependency_files
 
-            SharedHelpers.in_a_forked_process do
-              # Set the path for path gemspec correctly
-              ::Bundler.instance_variable_set(:@root, tmp_dir)
-
-              # Remove installed gems from the default Rubygems index
-              ::Gem::Specification.all =
-                ::Gem::Specification.send(:default_stubs, "*.gemspec")
-
-              # Set flags and credentials
-              set_bundler_flags_and_credentials
-
-              yield
-            end
+            yield(tmp_dir)
           end
-        rescue SharedHelpers::ChildProcessFailed, ArgumentError => e
+        rescue SharedHelpers::HelperSubprocessFailed => e
           retry_count ||= 0
           retry_count += 1
           if retryable_error?(e) && retry_count <= 2
@@ -70,8 +67,7 @@ module Dependabot
         end
 
         def retryable_error?(error)
-          return true if error.message == "marshal data too short"
-          return false if error.is_a?(ArgumentError)
+          return true if error.error_class == "JSON::ParserError"
           return true if RETRYABLE_ERRORS.include?(error.error_class)
 
           unless RETRYABLE_PRIVATE_REGISTRY_ERRORS.include?(error.error_class)
@@ -86,13 +82,12 @@ module Dependabot
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/MethodLength
         def handle_bundler_errors(error)
-          if error.message == "marshal data too short"
+          if error.error_class == "JSON::ParserError"
             msg = "Error evaluating your dependency files: #{error.message}"
             raise Dependabot::DependencyFileNotEvaluatable, msg
           end
-          raise if error.is_a?(ArgumentError)
 
-          msg = error.error_class + " with message: " + error.error_message
+          msg = error.error_class + " with message: " + error.message
 
           case error.error_class
           when "Bundler::Dsl::DSLError", "Bundler::GemspecError"
@@ -100,28 +95,30 @@ module Dependabot
             raise Dependabot::DependencyFileNotEvaluatable, msg
           when "Bundler::Source::Git::MissingGitRevisionError"
             gem_name =
-              error.error_message.match(GIT_REF_REGEX).
+              error.message.match(GIT_REF_REGEX).
               named_captures["path"].
               split("/").last
             raise GitDependencyReferenceNotFound, gem_name
           when "Bundler::PathError"
             gem_name =
-              error.error_message.match(PATH_REGEX).
+              error.message.match(PATH_REGEX).
               named_captures["path"].
               split("/").last.split("-")[0..-2].join
             raise Dependabot::PathDependenciesNotReachable, [gem_name]
           when "Bundler::Source::Git::GitCommandError"
-            if error.error_message.match?(GIT_REGEX)
+            if error.message.match?(GIT_REGEX)
               # We couldn't find the specified branch / commit (or the two
               # weren't compatible).
               gem_name =
-                error.error_message.match(GIT_REGEX).
+                error.message.match(GIT_REGEX).
                 named_captures["path"].
                 split("/").last.split("-")[0..-2].join
               raise GitDependencyReferenceNotFound, gem_name
             end
 
-            bad_uris = inaccessible_git_dependencies.map { |s| s.source.uri }
+            bad_uris = inaccessible_git_dependencies.map do |spec|
+              spec.fetch("uri")
+            end
             raise unless bad_uris.any?
 
             # We don't have access to one of repos required
@@ -134,21 +131,21 @@ module Dependabot
             # - the gem was specified at an incompatible version
             raise Dependabot::DependencyFileNotResolvable, msg
           when "Bundler::Fetcher::AuthenticationRequiredError"
-            regex = /bundle config (?<source>.*) username:password/
-            source = error.error_message.match(regex)[:source]
+            regex = BundlerErrorPatterns::MISSING_AUTH_REGEX
+            source = error.message.match(regex)[:source]
             raise Dependabot::PrivateSourceAuthenticationFailure, source
           when "Bundler::Fetcher::BadAuthenticationError"
-            regex = /Bad username or password for (?<source>.*)\.$/
-            source = error.error_message.match(regex)[:source]
+            regex = BundlerErrorPatterns::BAD_AUTH_REGEX
+            source = error.message.match(regex)[:source]
             raise Dependabot::PrivateSourceAuthenticationFailure, source
           when "Bundler::Fetcher::CertificateFailureError"
-            regex = /verify the SSL certificate for (?<source>.*)\.$/
-            source = error.error_message.match(regex)[:source]
+            regex = BundlerErrorPatterns::BAD_CERT_REGEX
+            source = error.message.match(regex)[:source]
             raise Dependabot::PrivateSourceCertificateFailure, source
           when "Bundler::HTTPError"
-            regex = /Could not fetch specs from (?<source>.*)$/
-            if error.error_message.match?(regex)
-              source = error.error_message.match(regex)[:source]
+            regex = BundlerErrorPatterns::HTTP_ERR_REGEX
+            if error.message.match?(regex)
+              source = error.message.match(regex)[:source]
               raise if source.end_with?("rubygems.org/")
 
               raise Dependabot::PrivateSourceTimedOut, source
@@ -156,7 +153,7 @@ module Dependabot
 
             # JFrog can serve a 403 if the credentials provided are good but
             # don't have access to a particular gem.
-            raise unless error.error_message.include?("permitted to deploy")
+            raise unless error.message.include?("permitted to deploy")
             raise unless jfrog_source
 
             raise Dependabot::PrivateSourceAuthenticationFailure, jfrog_source
@@ -169,39 +166,41 @@ module Dependabot
         # rubocop:enable Metrics/MethodLength
 
         def inaccessible_git_dependencies
-          in_a_temporary_bundler_context(error_handling: false) do
-            ::Bundler::Definition.build(gemfile.name, nil, {}).dependencies.
-              reject do |spec|
-                next true unless spec.source.is_a?(::Bundler::Source::Git)
-
-                # Piggy-back off some private Bundler methods to configure the
-                # URI with auth details in the same way Bundler does.
-                git_proxy = spec.source.send(:git_proxy)
-                uri = spec.source.uri.gsub("git://", "https://")
-                uri = git_proxy.send(:configured_uri_for, uri)
-                uri += ".git" unless uri.end_with?(".git")
-                uri += "/info/refs?service=git-upload-pack"
-
-                begin
-                  Excon.get(
-                    uri,
-                    idempotent: true,
-                    **SharedHelpers.excon_defaults
-                  ).status == 200
-                rescue Excon::Error::Socket, Excon::Error::Timeout
-                  false
-                end
-              end
+          in_a_native_bundler_context(error_handling: false) do |tmp_dir|
+            git_specs = SharedHelpers.run_helper_subprocess(
+              command: NativeHelpers.helper_path,
+              function: "git_specs",
+              args: {
+                dir: tmp_dir,
+                gemfile_name: gemfile.name,
+                credentials: relevant_credentials,
+                using_bundler_2: using_bundler_2?
+              }
+            )
+            git_specs.reject do |spec|
+              Excon.get(
+                spec.fetch("auth_uri"),
+                idempotent: true,
+                **SharedHelpers.excon_defaults
+              ).status == 200
+            rescue Excon::Error::Socket, Excon::Error::Timeout
+              false
+            end
           end
         end
 
         def jfrog_source
-          in_a_temporary_bundler_context(error_handling: false) do
-            ::Bundler::Definition.build(gemfile.name, nil, {}).
-              send(:sources).
-              rubygems_remotes.
-              find { |uri| uri.host.include?("jfrog") }&.
-              host
+          in_a_native_bundler_context(error_handling: false) do |dir|
+            SharedHelpers.run_helper_subprocess(
+              command: NativeHelpers.helper_path,
+              function: "jfrog_source",
+              args: {
+                dir: dir,
+                gemfile_name: gemfile.name,
+                credentials: relevant_credentials,
+                using_bundler_2: using_bundler_2?
+              }
+            )
           end
         end
 
@@ -215,27 +214,6 @@ module Dependabot
           File.write(lockfile.name, sanitized_lockfile_body) if lockfile
         end
 
-        def set_bundler_flags_and_credentials
-          # Set auth details
-          relevant_credentials.each do |cred|
-            token = cred["token"] ||
-                    "#{cred['username']}:#{cred['password']}"
-
-            ::Bundler.settings.set_command_option(
-              cred.fetch("host"),
-              token.gsub("@", "%40F").gsub("?", "%3F")
-            )
-          end
-
-          # Use HTTPS for GitHub if lockfile was generated by Bundler 2
-          set_bundler_2_flags if using_bundler_2?
-        end
-
-        def set_bundler_2_flags
-          ::Bundler.settings.set_command_option("forget_cli_options", "true")
-          ::Bundler.settings.set_command_option("github.https", "true")
-        end
-
         def relevant_credentials
           [
             *git_source_credentials,
@@ -264,6 +242,7 @@ module Dependabot
             dependency_files.find { |f| f.name == "gems.locked" }
         end
 
+        # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
         def sanitized_lockfile_body
           re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
           lockfile.content.gsub(re, "")