dependabot-bundler 0.138.6 → 0.140.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/spec/functions/version_resolver_spec.rb +1 -2
  3. data/helpers/v1/spec/shared_contexts.rb +3 -3
  4. data/helpers/v2/run.rb +1 -1
  5. data/helpers/v2/spec/functions/version_resolver_spec.rb +1 -2
  6. data/helpers/v2/spec/shared_contexts.rb +3 -3
  7. data/lib/dependabot/bundler/file_parser.rb +1 -1
  8. data/lib/dependabot/bundler/file_updater.rb +1 -1
  9. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +1 -1
  10. data/lib/dependabot/bundler/helpers.rb +20 -9
  11. data/lib/dependabot/bundler/update_checker.rb +12 -14
  12. data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +1 -1
  13. data/lib/dependabot/bundler/update_checker/force_updater.rb +1 -1
  14. data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +1 -1
  15. data/lib/dependabot/bundler/update_checker/version_resolver.rb +1 -1
  16. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1c3d36ca3b3e551d275fc329fe27939c731c3e05695cf76846ba5be506da0e2d
4
- data.tar.gz: f627259209e3090d9b282f0932f32c6ffa2d2d081b97c234d187e32c6dbdfafa
3
+ metadata.gz: bce8d52153fd3739d59eb3736a7c6c4dd9384047f71a02fb90024a33857b8897
4
+ data.tar.gz: 6860d643aeaedb2eb3d82e370d5e342a2fd4f92cbfc5eb957d03bd614cc36413
5
5
  SHA512:
6
- metadata.gz: b39fa17ad13ab8a1603019f65824b512dc177ecf2b0fbd83d7e68cce6aced760145ee8f9c19bd732d88985fe1a51c854baaa2df8cab5121bd3e9cdd8bd1c2cec
7
- data.tar.gz: 678d74afcbadb4a37959e769d43a8b6a8e1711501ab3826a6dac9bc71ab10ed1263a4b032f15f992e21505fc14f5366932078dd4b2520d4ebef1e54c7d644687
6
+ metadata.gz: f1470f081ad88acde187ed65e92454e49ac8a991ace972654ffe51c91c58cd2580331916eba291e5f21d1ea1d0c43e6ea8151ab45eb4e587913425fcd81efd03
7
+ data.tar.gz: efabc72e5095ab55ab616f9bf140e05d2ff8272704af862fe13df49876e62c8722d0297cd40eca6629b24973785dddf20c7bd6b60a6fc9c7e35914b004c505c0
data/helpers/v1/spec/functions/version_resolver_spec.rb CHANGED
@@ -84,8 +84,7 @@ RSpec.describe Functions::VersionResolver do
84
84
  stub_request(:get, old_index_url + "?gems=business,statesman").
85
85
  to_return(
86
86
  status: 200,
87
- body: fixture("ruby",
88
- "rubygems_responses",
87
+ body: fixture("rubygems_responses",
89
88
  "dependencies-default-gemfile")
90
89
  )
91
90
  end
data/helpers/v1/spec/shared_contexts.rb CHANGED
@@ -41,18 +41,18 @@ RSpec.shared_context "stub rubygems compact index" do
41
41
  stub_request(:get, "https://index.rubygems.org/versions").
42
42
  to_return(
43
43
  status: 200,
44
- body: fixture("ruby", "rubygems_responses", "index")
44
+ body: fixture("rubygems_responses", "index")
45
45
  )
46
46
 
47
47
  # Stub the Rubygems response for each dependency we have a fixture for
48
48
  fixtures =
49
- Dir[File.join("../../spec", "fixtures", "ruby", "rubygems_responses", "info-*")]
49
+ Dir[File.join("../../spec", "fixtures", "rubygems_responses", "info-*")]
50
50
  fixtures.each do |path|
51
51
  dep_name = path.split("/").last.gsub("info-", "")
52
52
  stub_request(:get, "https://index.rubygems.org/info/#{dep_name}").
53
53
  to_return(
54
54
  status: 200,
55
- body: fixture("ruby", "rubygems_responses", "info-#{dep_name}")
55
+ body: fixture("rubygems_responses", "info-#{dep_name}")
56
56
  )
57
57
  end
58
58
  end
data/helpers/v2/run.rb CHANGED
@@ -11,7 +11,7 @@ require "git_source_patch"
11
11
 
12
12
  require "functions"
13
13
 
14
- MIN_BUNDLER_VERSION = "2.0.0"
14
+ MIN_BUNDLER_VERSION = "2.1.0"
15
15
 
16
16
  def validate_bundler_version!
17
17
  return true if correct_bundler_version?
data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED
@@ -84,8 +84,7 @@ RSpec.describe Functions::VersionResolver do
84
84
  stub_request(:get, old_index_url + "?gems=business,statesman").
85
85
  to_return(
86
86
  status: 200,
87
- body: fixture("ruby",
88
- "rubygems_responses",
87
+ body: fixture("rubygems_responses",
89
88
  "dependencies-default-gemfile")
90
89
  )
91
90
  end
data/helpers/v2/spec/shared_contexts.rb CHANGED
@@ -42,18 +42,18 @@ RSpec.shared_context "stub rubygems compact index" do
42
42
  stub_request(:get, "https://index.rubygems.org/versions").
43
43
  to_return(
44
44
  status: 200,
45
- body: fixture("ruby", "rubygems_responses", "index")
45
+ body: fixture("rubygems_responses", "index")
46
46
  )
47
47
 
48
48
  # Stub the Rubygems response for each dependency we have a fixture for
49
49
  fixtures =
50
- Dir[File.join("../../spec", "fixtures", "ruby", "rubygems_responses", "info-*")]
50
+ Dir[File.join("../../spec", "fixtures", "rubygems_responses", "info-*")]
51
51
  fixtures.each do |path|
52
52
  dep_name = path.split("/").last.gsub("info-", "")
53
53
  stub_request(:get, "https://index.rubygems.org/info/#{dep_name}").
54
54
  to_return(
55
55
  status: 200,
56
- body: fixture("ruby", "rubygems_responses", "info-#{dep_name}")
56
+ body: fixture("rubygems_responses", "info-#{dep_name}")
57
57
  )
58
58
  end
59
59
  end
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -313,7 +313,7 @@ module Dependabot
313
313
  end
314
314
 
315
315
  def bundler_version
316
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
316
+ @bundler_version ||= Helpers.bundler_version(lockfile)
317
317
  end
318
318
  end
319
319
  end
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -163,7 +163,7 @@ module Dependabot
163
163
  end
164
164
 
165
165
  def bundler_version
166
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
166
+ @bundler_version ||= Helpers.bundler_version(lockfile)
167
167
  end
168
168
  end
169
169
  end
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -305,7 +305,7 @@ module Dependabot
305
305
  end
306
306
 
307
307
  def bundler_version
308
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
308
+ @bundler_version ||= Helpers.bundler_version(lockfile)
309
309
  end
310
310
  end
311
311
  end
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -5,23 +5,34 @@ module Dependabot
5
5
  module Helpers
6
6
  V1 = "1"
7
7
  V2 = "2"
8
+ # If we are updating a project with no Gemfile.lock, we default to the
9
+ # newest version we support
10
+ DEFAULT = V2
11
+ # If we are updating a project with a Gemfile.lock that does not specify
12
+ # the version it was bundled with, with failover to V1 on the assumption
13
+ # it was created with an old version that didn't add this information
14
+ FAILOVER = V1
8
15
 
9
- # NOTE: options is a manditory argument to ensure we pass it from all calling classes
10
- def self.bundler_version(_lockfile, options:)
11
- # For now, force V2 if bundler_2_available
12
- return V2 if options[:bundler_2_available]
16
+ BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
13
17
 
14
- # TODO: Add support for bundler v2 based on lockfile
15
- # return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
18
+ def self.bundler_version(lockfile)
19
+ return DEFAULT unless lockfile
16
20
 
17
- V1
21
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
22
+ matches[:version].to_i >= 2 ? V2 : V1
23
+ else
24
+ FAILOVER
25
+ end
18
26
  end
19
27
 
20
28
  def self.detected_bundler_version(lockfile)
21
29
  return "unknown" unless lockfile
22
- return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
23
30
 
24
- V1
31
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
32
+ matches[:version]
33
+ else
34
+ FAILOVER
35
+ end
25
36
  end
26
37
  end
27
38
  end
data/lib/dependabot/bundler/update_checker.rb CHANGED
@@ -359,20 +359,18 @@ module Dependabot
359
359
  @version_resolver ||= {}
360
360
  @version_resolver[remove_git_source] ||= {}
361
361
  @version_resolver[remove_git_source][unlock_requirement] ||=
362
- begin
363
- VersionResolver.new(
364
- dependency: dependency,
365
- unprepared_dependency_files: dependency_files,
366
- repo_contents_path: repo_contents_path,
367
- credentials: credentials,
368
- ignored_versions: ignored_versions,
369
- raise_on_ignored: raise_on_ignored,
370
- remove_git_source: remove_git_source,
371
- unlock_requirement: unlock_requirement,
372
- latest_allowable_version: latest_version,
373
- options: options
374
- )
375
- end
362
+ VersionResolver.new(
363
+ dependency: dependency,
364
+ unprepared_dependency_files: dependency_files,
365
+ repo_contents_path: repo_contents_path,
366
+ credentials: credentials,
367
+ ignored_versions: ignored_versions,
368
+ raise_on_ignored: raise_on_ignored,
369
+ remove_git_source: remove_git_source,
370
+ unlock_requirement: unlock_requirement,
371
+ latest_allowable_version: latest_version,
372
+ options: options
373
+ )
376
374
  end
377
375
 
378
376
  def latest_version_finder(remove_git_source:)
data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb CHANGED
@@ -50,7 +50,7 @@ module Dependabot
50
50
  private
51
51
 
52
52
  def bundler_version
53
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
53
+ @bundler_version ||= Helpers.bundler_version(lockfile)
54
54
  end
55
55
  end
56
56
  end
data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED
@@ -152,7 +152,7 @@ module Dependabot
152
152
  end
153
153
 
154
154
  def bundler_version
155
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
155
+ @bundler_version ||= Helpers.bundler_version(lockfile)
156
156
  end
157
157
  end
158
158
  end
data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED
@@ -147,7 +147,7 @@ module Dependabot
147
147
  end
148
148
 
149
149
  def bundler_version
150
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
150
+ @bundler_version ||= Helpers.bundler_version(lockfile)
151
151
  end
152
152
  end
153
153
  end
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -225,7 +225,7 @@ module Dependabot
225
225
  end
226
226
 
227
227
  def bundler_version
228
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
228
+ @bundler_version ||= Helpers.bundler_version(lockfile)
229
229
  end
230
230
  end
231
231
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.138.6
4
+ version: 0.140.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-29 00:00:00.000000000 Z
11
+ date: 2021-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.138.6
19
+ version: 0.140.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.138.6
26
+ version: 0.140.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.11.0
103
+ version: 1.12.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.11.0
110
+ version: 1.12.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement