RubyGems - dependabot-bundler - Versions diffs - 0.136.0 → 0.138.1 - Mend

dependabot-bundler 0.136.0 → 0.138.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +4 -4
data/helpers/v1/Gemfile +8 -3
data/helpers/v1/build +2 -2
data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +133 -0
data/helpers/v1/spec/functions/dependency_source_spec.rb +187 -0
data/helpers/v1/spec/functions/file_parser_spec.rb +77 -0
data/helpers/v1/spec/functions/version_resolver_spec.rb +97 -0
data/helpers/v1/spec/native_spec_helper.rb +49 -0
data/helpers/v1/spec/shared_contexts.rb +59 -0
data/helpers/v2/.bundle/config +2 -0
data/helpers/v2/.gitignore +9 -0
data/helpers/v2/Gemfile +12 -0
data/helpers/v2/build +23 -0
data/helpers/v2/lib/functions.rb +67 -0
data/helpers/v2/run.rb +30 -0
data/helpers/v2/spec/functions_spec.rb +37 -0
data/helpers/v2/spec/native_spec_helper.rb +50 -0
data/lib/dependabot/bundler/file_parser.rb +13 -1
data/lib/dependabot/bundler/file_updater.rb +3 -2
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +4 -3
data/lib/dependabot/bundler/helpers.rb +15 -3
data/lib/dependabot/bundler/native_helpers.rb +8 -1
data/lib/dependabot/bundler/update_checker.rb +12 -6
data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +5 -2
data/lib/dependabot/bundler/update_checker/force_updater.rb +6 -3
data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +6 -3
data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +5 -3
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +0 -4
data/lib/dependabot/bundler/update_checker/version_resolver.rb +8 -4
metadata +18 -4

data/lib/dependabot/bundler/native_helpers.rb CHANGED Viewed

@@ -17,9 +17,16 @@ module Dependabot
               # Bundler will pick the matching installed major version
               "BUNDLER_VERSION" => bundler_version,
               "BUNDLE_GEMFILE" => File.join(versioned_helper_path(bundler_version: bundler_version), "Gemfile"),
-              "BUNDLE_PATH" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
+              "BUNDLE_PATH" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle"),
+              # Prevent the GEM_HOME from being set to a folder owned by root
+              "GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
             }
           )
+        rescue SharedHelpers::HelperSubprocessFailed => e
+          # TODO: Remove once we stop stubbing out the V2 native helper
+          raise Dependabot::NotImplemented, e.message if e.error_class == "Functions::NotImplementedError"
+          raise
         end
       end

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -110,7 +110,8 @@ module Dependabot
         ConflictingDependencyResolver.new(
           dependency_files: dependency_files,
           repo_contents_path: repo_contents_path,
-          credentials: credentials
+          credentials: credentials,
+          options: options
         ).conflicting_dependencies(
           dependency: dependency,
           target_version: lowest_security_fix_version
@@ -162,7 +163,8 @@ module Dependabot
               credentials: credentials,
               target_version: version,
               requirements_update_strategy: requirements_update_strategy,
-              update_multiple_dependencies: false
+              update_multiple_dependencies: false,
+              options: options
             ).updated_dependencies
             true
           rescue Dependabot::DependencyFileNotResolvable
@@ -183,7 +185,8 @@ module Dependabot
               credentials: credentials,
               ignored_versions: ignored_versions,
               raise_on_ignored: raise_on_ignored,
-              replacement_git_pin: tag
+              replacement_git_pin: tag,
+              options: options
             ).latest_resolvable_version_details
             true
           rescue Dependabot::DependencyFileNotResolvable
@@ -339,7 +342,8 @@ module Dependabot
             repo_contents_path: repo_contents_path,
             credentials: credentials,
             target_version: latest_version,
-            requirements_update_strategy: requirements_update_strategy
+            requirements_update_strategy: requirements_update_strategy,
+            options: options
           )
       end
@@ -365,7 +369,8 @@ module Dependabot
               raise_on_ignored: raise_on_ignored,
               remove_git_source: remove_git_source,
               unlock_requirement: unlock_requirement,
-              latest_allowable_version: latest_version
+              latest_allowable_version: latest_version,
+              options: options
             )
           end
       end
@@ -386,7 +391,8 @@ module Dependabot
               credentials: credentials,
               ignored_versions: ignored_versions,
               raise_on_ignored: raise_on_ignored,
-              security_advisories: security_advisories
+              security_advisories: security_advisories,
+              options: options
             )
           end
       end

data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb CHANGED Viewed

@@ -12,10 +12,13 @@ module Dependabot
         require_relative "shared_bundler_helpers"
         include SharedBundlerHelpers
-        def initialize(dependency_files:, repo_contents_path:, credentials:)
+        attr_reader :options
+        def initialize(dependency_files:, repo_contents_path:, credentials:, options:)
           @dependency_files = dependency_files
           @repo_contents_path = repo_contents_path
           @credentials = credentials
+          @options = options
         end
         # Finds any dependencies in the lockfile that have a subdependency on
@@ -47,7 +50,7 @@ module Dependabot
         private
         def bundler_version
-          @bundler_version ||= Helpers.bundler_version(lockfile)
+          @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
         end
       end
     end

data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED Viewed

@@ -19,7 +19,8 @@ module Dependabot
         def initialize(dependency:, dependency_files:, repo_contents_path: nil,
                        credentials:, target_version:,
                        requirements_update_strategy:,
-                       update_multiple_dependencies: true)
+                       update_multiple_dependencies: true,
+                       options:)
           @dependency                   = dependency
           @dependency_files             = dependency_files
           @repo_contents_path           = repo_contents_path
@@ -27,6 +28,7 @@ module Dependabot
           @target_version               = target_version
           @requirements_update_strategy = requirements_update_strategy
           @update_multiple_dependencies = update_multiple_dependencies
+          @options                      = options
         end
         def updated_dependencies
@@ -36,7 +38,8 @@ module Dependabot
         private
         attr_reader :dependency, :dependency_files, :repo_contents_path,
-                    :credentials, :target_version, :requirements_update_strategy
+                    :credentials, :target_version, :requirements_update_strategy,
+                    :options
         def update_multiple_dependencies?
           @update_multiple_dependencies
@@ -149,7 +152,7 @@ module Dependabot
         end
         def bundler_version
-          @bundler_version ||= Helpers.bundler_version(lockfile)
+          @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
         end
       end
     end

data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Dependabot
       class LatestVersionFinder
         def initialize(dependency:, dependency_files:, repo_contents_path: nil,
                        credentials:, ignored_versions:, raise_on_ignored: false,
-                       security_advisories:)
+                       security_advisories:, options:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @repo_contents_path  = repo_contents_path
@@ -23,6 +23,7 @@ module Dependabot
           @ignored_versions    = ignored_versions
           @raise_on_ignored    = raise_on_ignored
           @security_advisories = security_advisories
+          @options             = options
         end
         def latest_version_details
@@ -36,7 +37,8 @@ module Dependabot
         private
         attr_reader :dependency, :dependency_files, :repo_contents_path,
-                    :credentials, :ignored_versions, :security_advisories
+                    :credentials, :ignored_versions, :security_advisories,
+                    :options
         def fetch_latest_version_details
           return dependency_source.latest_git_version_details if dependency_source.git?
@@ -103,7 +105,8 @@ module Dependabot
           @dependency_source ||= DependencySource.new(
             dependency: dependency,
             dependency_files: dependency_files,
-            credentials: credentials
+            credentials: credentials,
+            options: options
           )
         end

data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED Viewed

@@ -17,14 +17,16 @@ module Dependabot
           OTHER = "other"
           attr_reader :dependency, :dependency_files, :repo_contents_path,
-                      :credentials
+                      :credentials, :options
           def initialize(dependency:,
                          dependency_files:,
-                         credentials:)
+                         credentials:,
+                         options:)
             @dependency          = dependency
             @dependency_files    = dependency_files
             @credentials         = credentials
+            @options             = options
           end
           # The latest version details for the dependency from a registry
@@ -145,7 +147,7 @@ module Dependabot
           end
           def bundler_version
-            @bundler_version ||= Helpers.bundler_version(lockfile)
+            @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
           end
         end
       end

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -237,10 +237,6 @@ module Dependabot
           lockfile.content.match?(/BUNDLED WITH\s+2/m)
         end
-        def bundler_version
-          @bundler_version ||= Helpers.bundler_version(lockfile)
-        end
       end
     end
   end

data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED Viewed

@@ -23,7 +23,8 @@ module Dependabot
                        raise_on_ignored: false,
                        replacement_git_pin: nil, remove_git_source: false,
                        unlock_requirement: true,
-                       latest_allowable_version: nil)
+                       latest_allowable_version: nil,
+                       options:)
           @dependency                  = dependency
           @unprepared_dependency_files = unprepared_dependency_files
           @credentials                 = credentials
@@ -34,6 +35,7 @@ module Dependabot
           @remove_git_source           = remove_git_source
           @unlock_requirement          = unlock_requirement
           @latest_allowable_version    = latest_allowable_version
+          @options                     = options
         end
         def latest_resolvable_version_details
@@ -45,7 +47,8 @@ module Dependabot
         attr_reader :dependency, :unprepared_dependency_files,
                     :repo_contents_path, :credentials, :ignored_versions,
-                    :replacement_git_pin, :latest_allowable_version
+                    :replacement_git_pin, :latest_allowable_version,
+                    :options
         def remove_git_source?
           @remove_git_source
@@ -164,7 +167,8 @@ module Dependabot
               credentials: credentials,
               ignored_versions: ignored_versions,
               raise_on_ignored: @raise_on_ignored,
-              security_advisories: []
+              security_advisories: [],
+              options: options
             ).latest_version_details
         end
@@ -221,7 +225,7 @@ module Dependabot
         end
         def bundler_version
-          @bundler_version ||= Helpers.bundler_version(lockfile)
+          @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.136.0
+  version: 0.138.1
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-08 00:00:00.000000000 Z
+date: 2021-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.136.0
+        version: 0.138.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.136.0
+        version: 0.138.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -200,6 +200,20 @@ files:
 - helpers/v1/monkey_patches/definition_ruby_version_patch.rb
 - helpers/v1/monkey_patches/git_source_patch.rb
 - helpers/v1/run.rb
+- helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb
+- helpers/v1/spec/functions/dependency_source_spec.rb
+- helpers/v1/spec/functions/file_parser_spec.rb
+- helpers/v1/spec/functions/version_resolver_spec.rb
+- helpers/v1/spec/native_spec_helper.rb
+- helpers/v1/spec/shared_contexts.rb
+- helpers/v2/.bundle/config
+- helpers/v2/.gitignore
+- helpers/v2/Gemfile
+- helpers/v2/build
+- helpers/v2/lib/functions.rb
+- helpers/v2/run.rb
+- helpers/v2/spec/functions_spec.rb
+- helpers/v2/spec/native_spec_helper.rb
 - lib/dependabot/bundler.rb
 - lib/dependabot/bundler/file_fetcher.rb
 - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb