dependabot-bundler 0.138.7 → 0.140.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/spec/functions/version_resolver_spec.rb +1 -2
  3. data/helpers/v1/spec/shared_contexts.rb +3 -3
  4. data/helpers/v2/run.rb +1 -1
  5. data/helpers/v2/spec/functions/version_resolver_spec.rb +1 -2
  6. data/helpers/v2/spec/shared_contexts.rb +3 -3
  7. data/lib/dependabot/bundler/file_parser.rb +1 -1
  8. data/lib/dependabot/bundler/file_updater.rb +1 -1
  9. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +1 -1
  10. data/lib/dependabot/bundler/helpers.rb +20 -9
  11. data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +1 -1
  12. data/lib/dependabot/bundler/update_checker/force_updater.rb +1 -1
  13. data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +1 -1
  14. data/lib/dependabot/bundler/update_checker/version_resolver.rb +1 -1
  15. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b879a336288560d831472f3d6163c9fc391159001388ce2b1454154af3b7e026
4
- data.tar.gz: cd9f4ca835e065ba322f6edf43830954714396e2e33a292cbdb0ca8defe776bb
3
+ metadata.gz: a92384ff46ace24160a66d14fc4b83d3faf1808b9185cdf18e3021c67e1f2081
4
+ data.tar.gz: '019ae4c1bdb58b45695a9e6638e2fc25fa6f8d373b6531091d561d531bb19d15'
5
5
  SHA512:
6
- metadata.gz: e688088af198726160d18a81d649ced5627ac3311b80449698d1854ca656d9bf411f792553a99ad9cc45b012af97df82c5cac0753bed375c5a4009867759df3e
7
- data.tar.gz: aa6730e552463a32bef72bc0ceb7209ead39f327994b547fb3345a167cbbf7f7cc0c10a8e5f756b2d2ec41e7227e11fffef60e716bb158e7e40025c77fa1a39a
6
+ metadata.gz: ca6256aee46bcf4b60fd8bb28fd9a91563565f92882bb428f36b89eca72006aaa15fb3e018f81dccff740412e08cb516e89dfd07352edf680c6e1d6da6bbc061
7
+ data.tar.gz: dac59149fb74050f1c868c9185f82648064a59a99db90b08bb946f229cf70d5a1951d85985e11bf8f1d8d3fae26f474a8262ac85be01cdca82ea8a175fd13c64
data/helpers/v1/spec/functions/version_resolver_spec.rb CHANGED
@@ -84,8 +84,7 @@ RSpec.describe Functions::VersionResolver do
84
84
  stub_request(:get, old_index_url + "?gems=business,statesman").
85
85
  to_return(
86
86
  status: 200,
87
- body: fixture("ruby",
88
- "rubygems_responses",
87
+ body: fixture("rubygems_responses",
89
88
  "dependencies-default-gemfile")
90
89
  )
91
90
  end
data/helpers/v1/spec/shared_contexts.rb CHANGED
@@ -41,18 +41,18 @@ RSpec.shared_context "stub rubygems compact index" do
41
41
  stub_request(:get, "https://index.rubygems.org/versions").
42
42
  to_return(
43
43
  status: 200,
44
- body: fixture("ruby", "rubygems_responses", "index")
44
+ body: fixture("rubygems_responses", "index")
45
45
  )
46
46
 
47
47
  # Stub the Rubygems response for each dependency we have a fixture for
48
48
  fixtures =
49
- Dir[File.join("../../spec", "fixtures", "ruby", "rubygems_responses", "info-*")]
49
+ Dir[File.join("../../spec", "fixtures", "rubygems_responses", "info-*")]
50
50
  fixtures.each do |path|
51
51
  dep_name = path.split("/").last.gsub("info-", "")
52
52
  stub_request(:get, "https://index.rubygems.org/info/#{dep_name}").
53
53
  to_return(
54
54
  status: 200,
55
- body: fixture("ruby", "rubygems_responses", "info-#{dep_name}")
55
+ body: fixture("rubygems_responses", "info-#{dep_name}")
56
56
  )
57
57
  end
58
58
  end
data/helpers/v2/run.rb CHANGED
@@ -11,7 +11,7 @@ require "git_source_patch"
11
11
 
12
12
  require "functions"
13
13
 
14
- MIN_BUNDLER_VERSION = "2.0.0"
14
+ MIN_BUNDLER_VERSION = "2.1.0"
15
15
 
16
16
  def validate_bundler_version!
17
17
  return true if correct_bundler_version?
data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED
@@ -84,8 +84,7 @@ RSpec.describe Functions::VersionResolver do
84
84
  stub_request(:get, old_index_url + "?gems=business,statesman").
85
85
  to_return(
86
86
  status: 200,
87
- body: fixture("ruby",
88
- "rubygems_responses",
87
+ body: fixture("rubygems_responses",
89
88
  "dependencies-default-gemfile")
90
89
  )
91
90
  end
data/helpers/v2/spec/shared_contexts.rb CHANGED
@@ -42,18 +42,18 @@ RSpec.shared_context "stub rubygems compact index" do
42
42
  stub_request(:get, "https://index.rubygems.org/versions").
43
43
  to_return(
44
44
  status: 200,
45
- body: fixture("ruby", "rubygems_responses", "index")
45
+ body: fixture("rubygems_responses", "index")
46
46
  )
47
47
 
48
48
  # Stub the Rubygems response for each dependency we have a fixture for
49
49
  fixtures =
50
- Dir[File.join("../../spec", "fixtures", "ruby", "rubygems_responses", "info-*")]
50
+ Dir[File.join("../../spec", "fixtures", "rubygems_responses", "info-*")]
51
51
  fixtures.each do |path|
52
52
  dep_name = path.split("/").last.gsub("info-", "")
53
53
  stub_request(:get, "https://index.rubygems.org/info/#{dep_name}").
54
54
  to_return(
55
55
  status: 200,
56
- body: fixture("ruby", "rubygems_responses", "info-#{dep_name}")
56
+ body: fixture("rubygems_responses", "info-#{dep_name}")
57
57
  )
58
58
  end
59
59
  end
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -313,7 +313,7 @@ module Dependabot
313
313
  end
314
314
 
315
315
  def bundler_version
316
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
316
+ @bundler_version ||= Helpers.bundler_version(lockfile)
317
317
  end
318
318
  end
319
319
  end
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -163,7 +163,7 @@ module Dependabot
163
163
  end
164
164
 
165
165
  def bundler_version
166
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
166
+ @bundler_version ||= Helpers.bundler_version(lockfile)
167
167
  end
168
168
  end
169
169
  end
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -305,7 +305,7 @@ module Dependabot
305
305
  end
306
306
 
307
307
  def bundler_version
308
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
308
+ @bundler_version ||= Helpers.bundler_version(lockfile)
309
309
  end
310
310
  end
311
311
  end
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -5,23 +5,34 @@ module Dependabot
5
5
  module Helpers
6
6
  V1 = "1"
7
7
  V2 = "2"
8
+ # If we are updating a project with no Gemfile.lock, we default to the
9
+ # newest version we support
10
+ DEFAULT = V2
11
+ # If we are updating a project with a Gemfile.lock that does not specify
12
+ # the version it was bundled with, with failover to V1 on the assumption
13
+ # it was created with an old version that didn't add this information
14
+ FAILOVER = V1
8
15
 
9
- # NOTE: options is a manditory argument to ensure we pass it from all calling classes
10
- def self.bundler_version(_lockfile, options:)
11
- # For now, force V2 if bundler_2_available
12
- return V2 if options[:bundler_2_available]
16
+ BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
13
17
 
14
- # TODO: Add support for bundler v2 based on lockfile
15
- # return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
18
+ def self.bundler_version(lockfile)
19
+ return DEFAULT unless lockfile
16
20
 
17
- V1
21
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
22
+ matches[:version].to_i >= 2 ? V2 : V1
23
+ else
24
+ FAILOVER
25
+ end
18
26
  end
19
27
 
20
28
  def self.detected_bundler_version(lockfile)
21
29
  return "unknown" unless lockfile
22
- return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
23
30
 
24
- V1
31
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
32
+ matches[:version]
33
+ else
34
+ FAILOVER
35
+ end
25
36
  end
26
37
  end
27
38
  end
data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb CHANGED
@@ -50,7 +50,7 @@ module Dependabot
50
50
  private
51
51
 
52
52
  def bundler_version
53
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
53
+ @bundler_version ||= Helpers.bundler_version(lockfile)
54
54
  end
55
55
  end
56
56
  end
data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED
@@ -152,7 +152,7 @@ module Dependabot
152
152
  end
153
153
 
154
154
  def bundler_version
155
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
155
+ @bundler_version ||= Helpers.bundler_version(lockfile)
156
156
  end
157
157
  end
158
158
  end
data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED
@@ -147,7 +147,7 @@ module Dependabot
147
147
  end
148
148
 
149
149
  def bundler_version
150
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
150
+ @bundler_version ||= Helpers.bundler_version(lockfile)
151
151
  end
152
152
  end
153
153
  end
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -225,7 +225,7 @@ module Dependabot
225
225
  end
226
226
 
227
227
  def bundler_version
228
- @bundler_version ||= Helpers.bundler_version(lockfile, options: options)
228
+ @bundler_version ||= Helpers.bundler_version(lockfile)
229
229
  end
230
230
  end
231
231
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.138.7
4
+ version: 0.140.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-30 00:00:00.000000000 Z
11
+ date: 2021-04-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.138.7
19
+ version: 0.140.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.138.7
26
+ version: 0.140.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement