RubyGems - dependabot-bundler - Versions diffs - 0.138.5 → 0.139.2 - Mend

dependabot-bundler 0.138.5 → 0.139.2

Files changed (7) hide show

checksums.yaml +4 -4
data/helpers/v1/spec/native_spec_helper.rb +3 -0
data/helpers/v2/run.rb +1 -1
data/helpers/v2/spec/native_spec_helper.rb +4 -0
data/lib/dependabot/bundler/helpers.rb +23 -9
data/lib/dependabot/bundler/update_checker.rb +12 -14
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9808afb0b3a963f82ac68b0668b0bf8df45111751f6aab0c7b1e1011e50a496
-  data.tar.gz: 8537cad525a3f8e95faa2977bebac06e5bcf1ca5a8e49b0813bee266fbe078df
+  metadata.gz: '083378164b40be43b7bd9664acb7362adf0f527b5be6467c9b906f44ce512658'
+  data.tar.gz: 209c8ffeaa0ef853229399eaae8463f3b9fee47d3fc60b7e4010567b82e4f127
 SHA512:
-  metadata.gz: 8e6581d20513493201c9694a2f04e1c00a4f0002d97dfcab4877095a92fd61d4da0c0e7f19f38ea60df415b418e1589fe555adb298e989a2519ea11ce3c61d38
-  data.tar.gz: 1507fe54b6b138493cb9904d894e70989df8ef1cadf3fe69003bd9eb46b1bd2e4bcf56b7cd146bcb0944fec6d1a75de11b5e884cd9997c2e3c30a62d0059fcbe
+  metadata.gz: cee6300b6ca97e55f812b423afb9d9f0c08a9741eefb1f5272b5810db574a0fe6922f4f52b239b02a6959d9257a1df9273c3c27c26dd043da7986710aa50aa20
+  data.tar.gz: a283086fd52124201c6c5d8b54c447ce8447722db053bd825bfed400c598a9e5e4eaca243d083fc745bf21bddccb21e9c95a1f122001ff28f48419145eabac55

data/helpers/v1/spec/native_spec_helper.rb CHANGED Viewed

@@ -27,6 +27,9 @@ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
 def project_dependency_files(project)
   project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
+  raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
   Dir.chdir(project_path) do
     # NOTE: Include dotfiles (e.g. .npmrc)
     files = Dir.glob("**/*", File::FNM_DOTMATCH)

data/helpers/v2/run.rb CHANGED Viewed

@@ -11,7 +11,7 @@ require "git_source_patch"
 require "functions"
-MIN_BUNDLER_VERSION = "2.0.0"
+MIN_BUNDLER_VERSION = "2.1.0"
 def validate_bundler_version!
   return true if correct_bundler_version?

data/helpers/v2/spec/native_spec_helper.rb CHANGED Viewed

@@ -26,7 +26,11 @@ end
 LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
 def project_dependency_files(project)
+  # TODO: Retrieve files from bundler2 folder once it is fully up to date
   project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
+  raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
   Dir.chdir(project_path) do
     # NOTE: Include dotfiles (e.g. .npmrc)
     files = Dir.glob("**/*", File::FNM_DOTMATCH)

data/lib/dependabot/bundler/helpers.rb CHANGED Viewed

@@ -5,23 +5,37 @@ module Dependabot
     module Helpers
       V1 = "1"
       V2 = "2"
+      # If we are updating a project with no Gemfile.lock, we default to the
+      # newest version we support
+      DEFAULT = V2
+      # If we are updating a project with a Gemfile.lock that does not specify
+      # the version it was bundled with, with failover to V1 on the assumption
+      # it was created with an old version that didn't add this information
+      FAILOVER = V1
-      # NOTE: options is a manditory argument to ensure we pass it from all calling classes
-      def self.bundler_version(_lockfile, options:)
-        # For now, force V2 if bundler_2_available
-        return V2 if options[:bundler_2_available]
+      BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
-        # TODO: Add support for bundler v2 based on lockfile
-        # return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
+      # NOTE: options is a manditory argument to ensure we pass it from all calling classes
+      def self.bundler_version(lockfile, options:)
+        # TODO: Remove once bundler 2 is fully supported
+        return V1 unless options[:bundler_2_available]
+        return DEFAULT unless lockfile
-        V1
+        if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
+          matches[:version].to_i >= 2 ? V2 : V1
+        else
+          FAILOVER
+        end
       end
       def self.detected_bundler_version(lockfile)
         return "unknown" unless lockfile
-        return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
-        V1
+        if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
+          matches[:version]
+        else
+          FAILOVER
+        end
       end
     end
   end

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -359,20 +359,18 @@ module Dependabot
         @version_resolver ||= {}
         @version_resolver[remove_git_source] ||= {}
         @version_resolver[remove_git_source][unlock_requirement] ||=
-          begin
-            VersionResolver.new(
-              dependency: dependency,
-              unprepared_dependency_files: dependency_files,
-              repo_contents_path: repo_contents_path,
-              credentials: credentials,
-              ignored_versions: ignored_versions,
-              raise_on_ignored: raise_on_ignored,
-              remove_git_source: remove_git_source,
-              unlock_requirement: unlock_requirement,
-              latest_allowable_version: latest_version,
-              options: options
-            )
-          end
+          VersionResolver.new(
+            dependency: dependency,
+            unprepared_dependency_files: dependency_files,
+            repo_contents_path: repo_contents_path,
+            credentials: credentials,
+            ignored_versions: ignored_versions,
+            raise_on_ignored: raise_on_ignored,
+            remove_git_source: remove_git_source,
+            unlock_requirement: unlock_requirement,
+            latest_allowable_version: latest_version,
+            options: options
+          )
       end
       def latest_version_finder(remove_git_source:)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.138.5
+  version: 0.139.2
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-26 00:00:00.000000000 Z
+date: 2021-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.5
+        version: 0.139.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.5
+        version: 0.139.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement