dependabot-bundler 0.138.1 → 0.138.6

data/helpers/v2/spec/functions/file_parser_spec.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require "native_spec_helper"
+require "shared_contexts"
+
+RSpec.describe Functions::FileParser do
+  include_context "in a temporary bundler directory"
+
+  let(:dependency_source) do
+    described_class.new(
+      lockfile_name: "Gemfile.lock"
+    )
+  end
+
+  let(:project_name) { "gemfile" }
+
+  describe "#parsed_gemfile" do
+    subject(:parsed_gemfile) do
+      in_tmp_folder do
+        dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
+      end
+    end
+
+    it "parses gemfile" do
+      parsed_gemfile = [
+        {
+          groups: [:default],
+          name: "business",
+          requirement: Gem::Requirement.new("~> 1.4.0"),
+          source: nil,
+          type: :runtime
+        },
+        {
+          groups: [:default],
+          name: "statesman",
+          requirement: Gem::Requirement.new("~> 1.2.0"),
+          source: nil,
+          type: :runtime
+        }
+      ]
+      is_expected.to eq(parsed_gemfile)
+    end
+
+    context "with a git source" do
+      let(:project_name) { "git_source" }
+
+      it "parses gemfile" do
+        parsed_gemfile = [
+          {
+            groups: [:default],
+            name: "business",
+            requirement: Gem::Requirement.new("~> 1.6.0"),
+            source: {
+              branch: "master",
+              ref: "a1b78a9",
+              type: "git",
+              url: "git@github.com:gocardless/business"
+            },
+            type: :runtime
+          },
+          {
+            groups: [:default],
+            name: "statesman",
+            requirement: Gem::Requirement.new("~> 1.2.0"),
+            source: nil,
+            type: :runtime
+          },
+          {
+            groups: [:default],
+            name: "prius",
+            requirement:  Gem::Requirement.new(">= 0"),
+            source: {
+              branch: "master",
+              ref: "master",
+              type: "git",
+              url: "https://github.com/gocardless/prius"
+            },
+            type: :runtime
+          },
+          {
+            groups: [:default],
+            name: "que",
+            requirement:  Gem::Requirement.new(">= 0"),
+            source: {
+              branch: "master",
+              ref: "v0.11.6",
+              type: "git",
+              url: "git@github.com:chanks/que"
+            },
+            type: :runtime
+          },
+          {
+            groups: [:default],
+            name: "uk_phone_numbers",
+            requirement:  Gem::Requirement.new(">= 0"),
+            source: {
+              branch: "master",
+              ref: "master",
+              type: "git",
+              url: "http://github.com/gocardless/uk_phone_numbers"
+            },
+            type: :runtime
+          }
+        ]
+        is_expected.to eq(parsed_gemfile)
+      end
+    end
+  end
+
+  describe "#parsed_gemspec" do
+    let!(:gemspec_fixture) do
+      fixture("ruby", "gemspecs", "exact")
+    end
+
+    subject(:parsed_gemspec) do
+      in_tmp_folder do |tmp_path|
+        File.write(File.join(tmp_path, "test.gemspec"), gemspec_fixture)
+        dependency_source.parsed_gemspec(gemspec_name: "test.gemspec")
+      end
+    end
+
+    it "parses gemspec" do
+      parsed_gemspec = [
+        {
+          groups: nil,
+          name: "business",
+          requirement: Gem::Requirement.new("= 1.0.0"),
+          source: nil,
+          type: :runtime
+        },
+        {
+          groups: nil,
+          name: "statesman",
+          requirement: Gem::Requirement.new("= 1.0.0"),
+          source: nil,
+          type: :runtime
+        }
+      ]
+      is_expected.to eq(parsed_gemspec)
+    end
+  end
+end

data/helpers/v2/spec/functions/version_resolver_spec.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require "native_spec_helper"
+require "shared_contexts"
+
+RSpec.describe Functions::VersionResolver do
+  include_context "in a temporary bundler directory"
+  include_context "stub rubygems compact index"
+
+  let(:version_resolver) do
+    described_class.new(
+      dependency_name: dependency_name,
+      dependency_requirements: dependency_requirements,
+      gemfile_name: "Gemfile",
+      lockfile_name: "Gemfile.lock"
+    )
+  end
+
+  let(:dependency_name) { "business" }
+  let(:dependency_requirements) do
+    [{
+      file: "Gemfile",
+      requirement: requirement_string,
+      groups: [],
+      source: source
+    }]
+  end
+  let(:source) { nil }
+
+  let(:rubygems_url) { "https://index.rubygems.org/api/v1/" }
+  let(:old_index_url) { rubygems_url + "dependencies" }
+
+  describe "#version_details" do
+    subject do
+      in_tmp_folder { version_resolver.version_details }
+    end
+
+    let(:project_name) { "gemfile" }
+    let(:requirement_string) { " >= 0" }
+
+    its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
+    its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
+
+    context "with a private gemserver source" do
+      include_context "stub rubygems compact index"
+
+      let(:project_name) { "specified_source" }
+      let(:requirement_string) { ">= 0" }
+
+      before do
+        gemfury_url = "https://repo.fury.io/greysteil/"
+        gemfury_deps_url = gemfury_url + "api/v1/dependencies"
+
+        stub_request(:get, gemfury_url + "versions").
+          to_return(status: 200, body: fixture("ruby", "gemfury-index"))
+        stub_request(:get, gemfury_url + "info/business").to_return(status: 404)
+        stub_request(:get, gemfury_deps_url).to_return(status: 200)
+        stub_request(:get, gemfury_deps_url + "?gems=business,statesman").
+          to_return(status: 200, body: fixture("ruby", "gemfury_response"))
+        stub_request(:get, gemfury_deps_url + "?gems=business").
+          to_return(status: 200, body: fixture("ruby", "gemfury_response"))
+        stub_request(:get, gemfury_deps_url + "?gems=statesman").
+          to_return(status: 200, body: fixture("ruby", "gemfury_response"))
+      end
+
+      its([:version]) { is_expected.to eq(Gem::Version.new("1.9.0")) }
+      its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
+    end
+
+    context "with a git source" do
+      let(:project_name) { "git_source" }
+
+      its([:version]) { is_expected.to eq(Gem::Version.new("1.6.0")) }
+      its([:fetcher]) { is_expected.to be_nil }
+    end
+
+    context "when Bundler's compact index is down" do
+      before do
+        stub_request(:get, "https://index.rubygems.org/versions").
+          to_return(status: 500, body: "We'll be back soon")
+        stub_request(:get, "https://index.rubygems.org/info/public_suffix").
+          to_return(status: 500, body: "We'll be back soon")
+        stub_request(:get, old_index_url).to_return(status: 200)
+        stub_request(:get, old_index_url + "?gems=business,statesman").
+          to_return(
+            status: 200,
+            body: fixture("ruby",
+                          "rubygems_responses",
+                          "dependencies-default-gemfile")
+          )
+      end
+
+      its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
+      its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
+    end
+  end
+end

data/helpers/v2/spec/functions_spec.rb

@@ -1,36 +1,24 @@
 # frozen_string_literal: true
 
 require "native_spec_helper"
+require "shared_contexts"
 
 RSpec.describe Functions do
-  # Verify v1 method signatures are exist, but raise as NYI
-  {
-    parsed_gemfile: [ :lockfile_name, :gemfile_name, :dir ],
-    parsed_gemspec: [ :lockfile_name, :gemspec_name, :dir ],
-    vendor_cache_dir: [ :dir ],
-    update_lockfile: [ :dir, :gemfile_name, :lockfile_name, :using_bundler2, :credentials, :dependencies ],
-    force_update: [ :dir, :dependency_name, :target_version, :gemfile_name, :lockfile_name, :using_bundler2,
-                    :credentials, :update_multiple_dependencies ],
-    dependency_source_type: [ :gemfile_name, :dependency_name, :dir, :credentials ],
-    depencency_source_latest_git_version: [ :gemfile_name, :dependency_name, :dir, :credentials, :dependency_source_url,
-                                            :dependency_source_branch  ],
-    private_registry_versions: [:gemfile_name, :dependency_name, :dir, :credentials ],
-    resolve_version: [:dependency_name, :dependency_requirements, :gemfile_name, :lockfile_name, :using_bundler2,
-                      :dir, :credentials],
-    jfrog_source: [:dir, :gemfile_name, :credentials, :using_bundler2],
-    git_specs: [:dir, :gemfile_name, :credentials, :using_bundler2],
-    set_bundler_flags_and_credentials: [:dir, :credentials, :using_bundler2],
-    conflicting_dependencies: [:dir, :dependency_name, :target_version, :lockfile_name, :using_bundler2, :credentials]
-  }.each do |function, kwargs|
-    describe "::#{function}" do
-      let(:args) do
-        kwargs.inject({}) do |args, keyword|
-          args.merge({ keyword => anything })
-        end
-      end
+  include_context "in a temporary bundler directory"
+
+  describe "#jfrog_source" do
+    let(:project_name) { "jfrog_source" }
+
+    it "returns the jfrog source" do
+      in_tmp_folder do
+        jfrog_source = Functions.jfrog_source(
+          dir: tmp_path,
+          gemfile_name: "Gemfile",
+          credentials: {},
+          using_bundler2: true
+        )
 
-      it "raises a NYI" do
-        expect { Functions.send(function, **args) }.to raise_error(Functions::NotImplementedError)
+        expect(jfrog_source).to eq("test.jfrog.io")
       end
     end
   end

data/helpers/v2/spec/native_spec_helper.rb

@@ -5,8 +5,7 @@ require "webmock/rspec"
 require "byebug"
 
 $LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
-# TODO: Fork `v1/monkey_patches` into `v2/monkey_patches` ?
-$LOAD_PATH.unshift(File.expand_path("../../v1/monkey_patches", __dir__))
+$LOAD_PATH.unshift(File.expand_path("../monkey_patches", __dir__))
 
 # Bundler monkey patches
 require "definition_ruby_version_patch"
@@ -27,7 +26,11 @@ end
 LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
 
 def project_dependency_files(project)
+  # TODO: Retrieve files from bundler2 folder once it is fully up to date
   project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
+
+  raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
+
   Dir.chdir(project_path) do
     # NOTE: Include dotfiles (e.g. .npmrc)
     files = Dir.glob("**/*", File::FNM_DOTMATCH)

data/helpers/v2/spec/shared_contexts.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "tmpdir"
+require "bundler/compact_index_client"
+require "bundler/compact_index_client/updater"
+
+TMP_DIR_PATH = File.expand_path("../tmp", __dir__)
+
+RSpec.shared_context "in a temporary bundler directory" do
+  let(:project_name) { "gemfile" }
+
+  let(:tmp_path) do
+    Dir.mkdir(TMP_DIR_PATH) unless Dir.exist?(TMP_DIR_PATH)
+    dir = Dir.mktmpdir("native_helper_spec_", TMP_DIR_PATH)
+    Pathname.new(dir).expand_path
+  end
+
+  before do
+    project_dependency_files(project_name).each do |file|
+      File.write(File.join(tmp_path, file[:name]), file[:content])
+    end
+  end
+
+  def in_tmp_folder(&block)
+    Dir.chdir(tmp_path, &block)
+  end
+end
+
+RSpec.shared_context "without caching rubygems" do
+  before do
+    # Stub Bundler to stop it using a cached versions of Rubygems
+    allow_any_instance_of(Bundler::CompactIndexClient::Updater).
+      to receive(:etag_for).and_return("")
+  end
+end
+
+RSpec.shared_context "stub rubygems compact index" do
+  include_context "without caching rubygems"
+
+  before do
+    # Stub the Rubygems index
+    stub_request(:get, "https://index.rubygems.org/versions").
+      to_return(
+        status: 200,
+        body: fixture("ruby", "rubygems_responses", "index")
+      )
+
+    # Stub the Rubygems response for each dependency we have a fixture for
+    fixtures =
+      Dir[File.join("../../spec", "fixtures", "ruby", "rubygems_responses", "info-*")]
+    fixtures.each do |path|
+      dep_name = path.split("/").last.gsub("info-", "")
+      stub_request(:get, "https://index.rubygems.org/info/#{dep_name}").
+        to_return(
+          status: 200,
+          body: fixture("ruby", "rubygems_responses", "info-#{dep_name}")
+        )
+    end
+  end
+end

data/lib/dependabot/bundler/file_updater/requirement_replacer.rb

@@ -167,6 +167,8 @@ module Dependabot
             req_string.include?(" ")
           end
 
+          EQUALITY_OPERATOR = /(?<![<>!])=/.freeze
+
           def use_equality_operator?(requirement_nodes)
             return true if requirement_nodes.none?
 
@@ -178,7 +180,7 @@ module Dependabot
                 requirement_nodes.first.children.first.loc.expression.source
               end
 
-            req_string.match?(/(?<![<>])=/)
+            req_string.match?(EQUALITY_OPERATOR)
           end
 
           def new_requirement_string(quote_characters:,
@@ -203,7 +205,7 @@ module Dependabot
             # Gem::Requirement serializes exact matches as a string starting
             # with `=`. We may need to remove that equality operator if it
             # wasn't used originally.
-            tmp_req = tmp_req.gsub(/(?<![<>])=/, "") unless use_equality_operator
+            tmp_req = tmp_req.gsub(EQUALITY_OPERATOR, "") unless use_equality_operator
 
             tmp_req.strip
           end

data/lib/dependabot/bundler/update_checker/requirements_updater.rb

@@ -188,7 +188,7 @@ module Dependabot
               req
             end
           when "<", "<=" then [update_greatest_version(req, latest_version)]
-          when "~>" then convert_twidle_to_range(req, latest_version)
+          when "~>" then convert_twiddle_to_range(req, latest_version)
           when "!=" then []
           when ">", ">=" then raise UnfixableRequirement
           else raise "Unexpected operation for requirement: #{op}"
@@ -214,7 +214,7 @@ module Dependabot
           end
         end
 
-        def convert_twidle_to_range(requirement, version_to_be_permitted)
+        def convert_twiddle_to_range(requirement, version_to_be_permitted)
           version = requirement.requirements.first.last
           version = version.release if version.prerelease?
 

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -187,7 +187,9 @@ module Dependabot
         end
 
         def jfrog_source
-          in_a_native_bundler_context(error_handling: false) do |dir|
+          return @jfrog_source unless defined?(@jfrog_source)
+
+          @jfrog_source = in_a_native_bundler_context(error_handling: false) do |dir|
             NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "jfrog_source",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.138.1
+  version: 0.138.6
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-17 00:00:00.000000000 Z
+date: 2021-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.1
+        version: 0.138.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.1
+        version: 0.138.6
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -206,14 +206,27 @@ files:
 - helpers/v1/spec/functions/version_resolver_spec.rb
 - helpers/v1/spec/native_spec_helper.rb
 - helpers/v1/spec/shared_contexts.rb
-- helpers/v2/.bundle/config
 - helpers/v2/.gitignore
 - helpers/v2/Gemfile
 - helpers/v2/build
 - helpers/v2/lib/functions.rb
+- helpers/v2/lib/functions/conflicting_dependency_resolver.rb
+- helpers/v2/lib/functions/dependency_source.rb
+- helpers/v2/lib/functions/file_parser.rb
+- helpers/v2/lib/functions/force_updater.rb
+- helpers/v2/lib/functions/lockfile_updater.rb
+- helpers/v2/lib/functions/version_resolver.rb
+- helpers/v2/monkey_patches/definition_bundler_version_patch.rb
+- helpers/v2/monkey_patches/definition_ruby_version_patch.rb
+- helpers/v2/monkey_patches/git_source_patch.rb
 - helpers/v2/run.rb
+- helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
+- helpers/v2/spec/functions/dependency_source_spec.rb
+- helpers/v2/spec/functions/file_parser_spec.rb
+- helpers/v2/spec/functions/version_resolver_spec.rb
 - helpers/v2/spec/functions_spec.rb
 - helpers/v2/spec/native_spec_helper.rb
+- helpers/v2/spec/shared_contexts.rb
 - lib/dependabot/bundler.rb
 - lib/dependabot/bundler/file_fetcher.rb
 - lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb