dependabot-bundler 0.151.1 → 0.154.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 723260a08011bd8bdc0c72babcb2d83320c8cf008385e3fd9587b442bc16e270
-  data.tar.gz: fef868c0ccb1fda2b1f4cbdf4c973f6cb2eb7c77fa4605824bb8601d0e3dbea8
+  metadata.gz: f4c7a6dabbb638051a34a81c9763343a4e598ab7e87b91c870f54aa1e6312cd7
+  data.tar.gz: eb54e6a2653c30591b9030bc45af955e6a8686c4e6d9e1884c4c255a4322f8cd
 SHA512:
-  metadata.gz: a45d6f3cb0f9ffef8f422afee1e9aedf6732f40c2430f4367ff70dcfb5aa73f90bfaa5c0888ad0f53bc21716893dae7707ea46a459d691964bfde25fc4375dda
-  data.tar.gz: 67e239f60c834034b40cde2cb72056783d53d9b6d2efdf09036f629a5c6752f97fb9e642a1f3126d1cd1061eadf3be67ed83adec438691ad5efcd5e8bab7b6fb
+  metadata.gz: '083566caefd79a0cb3ecea7fbae3c879e069b4a1271a861d3844e950b2315f7f02a57bd5da74e877d63b6788c9b4b4e9781495a832f9579da36027c1062c744d'
+  data.tar.gz: 6d737f4077de2c9715fc9f12b340b5e97e999ed19d6762eaea54061b15f9c48e2ab6285eab640c79207991a4357121c28e568e9d0b25ee8376f44ea2aeebbb7f

data/helpers/v1/build

@@ -20,6 +20,6 @@ cd "$install_dir"
 
 # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
 # forcing native helpers to run with the same version
-BUNDLER_VERSION=2 bundle config set --local path ".bundle"
+BUNDLER_VERSION=1 bundle config set --local path ".bundle"
 BUNDLER_VERSION=1 bundle config set --local without "test"
 BUNDLER_VERSION=1 bundle install

data/helpers/v1/lib/functions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "functions/file_parser"
 require "functions/force_updater"
 require "functions/lockfile_updater"
@@ -124,8 +126,6 @@ module Functions
     ).conflicting_dependencies
   end
 
-  private
-
   def self.set_bundler_flags_and_credentials(dir:, credentials:)
     dir = dir ? Pathname.new(dir) : dir
     Bundler.instance_variable_set(:@root, dir)

data/helpers/v1/lib/functions/dependency_source.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class DependencySource
     attr_reader :gemfile_name, :dependency_name
@@ -66,7 +68,7 @@ module Functions
       return @specified_source if defined? @specified_source
 
       @specified_source = definition.dependencies.
-        find { |dep| dep.name == dependency_name }&.source
+                          find { |dep| dep.name == dependency_name }&.source
     end
 
     def default_source

data/helpers/v1/lib/functions/file_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class FileParser
     def initialize(lockfile_name:)
@@ -39,7 +41,7 @@ module Functions
     end
 
     def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs.find { |s| s.name == dependency_name }&.source
+      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
     end
 
     def source_for(dependency)
@@ -54,12 +56,8 @@ module Functions
       return nil if default_rubygems?(source)
 
       details = { type: source.class.name.split("::").last.downcase }
-      if source.is_a?(Bundler::Source::Git)
-        details.merge!(git_source_details(source))
-      end
-      if source.is_a?(Bundler::Source::Rubygems)
-        details[:url] = source.remotes.first.to_s
-      end
+      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
+      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
       details
     end
 

data/helpers/v1/lib/functions/force_updater.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class ForceUpdater
     class TransitiveDependencyError < StandardError; end

data/helpers/v1/lib/functions/lockfile_updater.rb

@@ -1,12 +1,16 @@
+# frozen_string_literal: true
+
+require "fileutils"
+
 module Functions
   class LockfileUpdater
     RETRYABLE_ERRORS = [Bundler::HTTPError].freeze
     GEM_NOT_FOUND_ERROR_REGEX =
-    /
-      locked\sto\s(?<name>[^\s]+)\s\(|
-      not\sfind\s(?<name>[^\s]+)-\d|
-      has\s(?<name>[^\s]+)\slocked\sat
-    /x.freeze
+      /
+        locked\sto\s(?<name>[^\s]+)\s\(|
+        not\sfind\s(?<name>[^\s]+)-\d|
+        has\s(?<name>[^\s]+)\slocked\sat
+      /x.freeze
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
       @gemfile_name = gemfile_name
@@ -22,7 +26,7 @@ module Functions
 
     attr_reader :gemfile_name, :lockfile_name, :dependencies
 
-    def generate_lockfile
+    def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
       dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
 
       begin
@@ -135,7 +139,7 @@ module Functions
       raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
 
       gem_name = error.message.match(GEM_NOT_FOUND_ERROR_REGEX).
-                named_captures["name"]
+                 named_captures["name"]
       raise if dependencies_to_unlock.include?(gem_name)
 
       dependencies_to_unlock << gem_name
@@ -161,9 +165,7 @@ module Functions
         end.compact.map(&:name)
 
       # If there are specific dependencies we can unlock, unlock them
-      if potentials_deps.any?
-        return dependencies_to_unlock.append(*potentials_deps)
-      end
+      return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
 
       # Fall back to unlocking *all* sub-dependencies. This is required
       # because Bundler's VersionConflict objects don't include enough
@@ -205,7 +207,7 @@ module Functions
               defn_dep.source.is_a?(Bundler::Source::Git)
           defn_dep.source.unlock!
         elsif Gem::Version.correct?(dep.fetch("version"))
-          new_req = Gem::Requirement.create("= #{dep.fetch("version")}")
+          new_req = Gem::Requirement.create("= #{dep.fetch('version')}")
           old_reqs[dep.fetch("name")] = defn_dep.requirement
           defn_dep.instance_variable_set(:@requirement, new_req)
         end

data/helpers/v1/lib/functions/version_resolver.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class VersionResolver
     GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
@@ -20,9 +22,7 @@ module Functions
       # included in a gemspec, it's because the Gemfile didn't import
       # the gemspec. This is unusual, but the correct behaviour if/when
       # it happens is to behave as if the repo was gemspec-only.
-      if dep.nil? && dependency_requirements.any?
-        return "latest"
-      end
+      return "latest" if dep.nil? && dependency_requirements.any?
 
       # Otherwise, if the dependency wasn't found it's because it is a
       # subdependency that was removed when attempting to update it.
@@ -38,9 +38,7 @@ module Functions
         ruby_version: ruby_version,
         fetcher: fetcher_class(dep)
       }
-      if dep.source.instance_of?(::Bundler::Source::Git)
-        details[:commit_sha] = dep.source.revision
-      end
+      details[:commit_sha] = dep.source.revision if dep.source.instance_of?(::Bundler::Source::Git)
       details
     end
 
@@ -92,7 +90,7 @@ module Functions
     end
 
     def build_definition(dependencies_to_unlock)
-      # Note: we lock shared dependencies to avoid any top-level
+      # NOTE: we lock shared dependencies to avoid any top-level
       # dependencies getting unlocked (which would happen if they were
       # also subdependencies of the dependency being unlocked)
       ::Bundler::Definition.build(

data/helpers/v1/monkey_patches/git_source_patch.rb

@@ -41,9 +41,7 @@ module Bundler
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         reduced_load_paths.each { |p| $LOAD_PATH << p }
 
-        if destination.relative?
-          destination = destination.expand_path(Bundler.root)
-        end
+        destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|
           # Evaluate gemspecs and cache the result. Gemspecs
           # in git might require git or other dependencies.

data/helpers/v1/run.rb

@@ -13,7 +13,7 @@ require "git_source_patch"
 
 require "functions"
 
-MAX_BUNDLER_VERSION="2.0.0"
+MAX_BUNDLER_VERSION = "2.0.0"
 
 def validate_bundler_version!
   return true if correct_bundler_version?
@@ -38,9 +38,9 @@ begin
   args = request["args"].transform_keys(&:to_sym)
 
   output({ result: Functions.send(function, **args) })
-rescue => error
+rescue StandardError => e
   output(
-    { error: error.message, error_class: error.class, trace: error.backtrace }
+    { error: e.message, error_class: e.class, trace: e.backtrace }
   )
   exit(1)
 end

data/helpers/v1/spec/functions/dependency_source_spec.rb

@@ -40,10 +40,10 @@ RSpec.describe Functions::DependencySource do
 
     it "returns all versions from the private source" do
       is_expected.to eq([
-                          Gem::Version.new("1.5.0"),
-                          Gem::Version.new("1.9.0"),
-                          Gem::Version.new("1.10.0.beta")
-                        ])
+        Gem::Version.new("1.5.0"),
+        Gem::Version.new("1.9.0"),
+        Gem::Version.new("1.10.0.beta")
+      ])
     end
 
     context "specified as the default source" do
@@ -51,10 +51,10 @@ RSpec.describe Functions::DependencySource do
 
       it "returns all versions from the private source" do
         is_expected.to eq([
-                            Gem::Version.new("1.5.0"),
-                            Gem::Version.new("1.9.0"),
-                            Gem::Version.new("1.10.0.beta")
-                          ])
+          Gem::Version.new("1.5.0"),
+          Gem::Version.new("1.9.0"),
+          Gem::Version.new("1.10.0.beta")
+        ])
       end
     end
 

data/helpers/v1/spec/functions/file_parser_spec.rb

@@ -12,9 +12,9 @@ RSpec.describe Functions::FileParser do
     )
   end
 
-  let(:project_name) { "gemfile" }
-
   describe "#parsed_gemfile" do
+    let(:project_name) { "gemfile" }
+
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
@@ -43,14 +43,11 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let!(:gemspec_fixture) do
-      fixture("ruby", "gemspecs", "exact")
-    end
+    let(:project_name) { "gemfile_exact" }
 
     subject(:parsed_gemspec) do
-      in_tmp_folder do |tmp_path|
-        File.write(File.join(tmp_path, "test.gemspec"), gemspec_fixture)
-        dependency_source.parsed_gemspec(gemspec_name: "test.gemspec")
+      in_tmp_folder do |_tmp_path|
+        dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 

data/helpers/v1/spec/native_spec_helper.rb

@@ -36,9 +36,7 @@ def project_dependency_files(project)
     files = files.select { |f| File.file?(f) }
     files.map do |filename|
       content = File.read(filename)
-      if filename == "Gemfile.lock"
-        content = content.gsub(LOCKFILE_ENDING, "")
-      end
+      content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
       {
         name: filename,
         content: content

data/helpers/v2/build

@@ -18,7 +18,7 @@ cp -r \
 
 cd "$install_dir"
 
-# NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
+# NOTE: Sets `BUNDLED WITH` to match the installed v2 version in Gemfile.lock
 # forcing specs and native helpers to run with the same version
 BUNDLER_VERSION=2 bundle config set --local path ".bundle"
 BUNDLER_VERSION=2 bundle config set --local without "test"

data/helpers/v2/lib/functions.rb

@@ -128,8 +128,6 @@ module Functions
     ).conflicting_dependencies
   end
 
-  private
-
   def self.set_bundler_flags_and_credentials(dir:, credentials:)
     dir = dir ? Pathname.new(dir) : dir
     Bundler.instance_variable_set(:@root, dir)

data/helpers/v2/lib/functions/dependency_source.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class DependencySource
     attr_reader :gemfile_name, :dependency_name
@@ -66,7 +68,7 @@ module Functions
       return @specified_source if defined? @specified_source
 
       @specified_source = definition.dependencies.
-        find { |dep| dep.name == dependency_name }&.source
+                          find { |dep| dep.name == dependency_name }&.source
     end
 
     def default_source

data/helpers/v2/lib/functions/file_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class FileParser
     def initialize(lockfile_name:)
@@ -39,7 +41,7 @@ module Functions
     end
 
     def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs.find { |s| s.name == dependency_name }&.source
+      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
     end
 
     def source_for(dependency)
@@ -54,12 +56,8 @@ module Functions
       return nil if default_rubygems?(source)
 
       details = { type: source.class.name.split("::").last.downcase }
-      if source.is_a?(Bundler::Source::Git)
-        details.merge!(git_source_details(source))
-      end
-      if source.is_a?(Bundler::Source::Rubygems)
-        details[:url] = source.remotes.first.to_s
-      end
+      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
+      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
       details
     end
 

data/helpers/v2/lib/functions/force_updater.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class ForceUpdater
     class TransitiveDependencyError < StandardError; end

data/helpers/v2/lib/functions/lockfile_updater.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "fileutils"
+
 module Functions
   class LockfileUpdater
     RETRYABLE_ERRORS = [Bundler::HTTPError].freeze
@@ -9,6 +11,7 @@ module Functions
         not\sfind\s(?<name>[^\s]+)-\d|
         has\s(?<name>[^\s]+)\slocked\sat
       /x.freeze
+    DEPENDENCY_DROPPED = "_dependency_dropped_"
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
       @gemfile_name = gemfile_name
@@ -24,7 +27,7 @@ module Functions
 
     attr_reader :gemfile_name, :lockfile_name, :dependencies
 
-    def generate_lockfile
+    def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
       dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
 
       begin
@@ -36,7 +39,7 @@ module Functions
 
         old_reqs.each do |dep_name, old_req|
           d_dep = definition.dependencies.find { |d| d.name == dep_name }
-          if old_req == :none then definition.dependencies.delete(d_dep)
+          if old_req.to_s == DEPENDENCY_DROPPED then definition.dependencies.delete(d_dep)
           else
             d_dep.instance_variable_set(:@requirement, old_req)
           end
@@ -200,7 +203,7 @@ module Functions
         if defn_dep.nil?
           definition.dependencies <<
             Bundler::Dependency.new(dep.fetch("name"), dep.fetch("version"))
-          old_reqs[dep.fetch("name")] = :none
+          old_reqs[dep.fetch("name")] = DEPENDENCY_DROPPED
         elsif git_dependency?(dep) &&
               defn_dep.source.is_a?(Bundler::Source::Git)
           defn_dep.source.unlock!

data/helpers/v2/lib/functions/version_resolver.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class VersionResolver
     GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
@@ -20,9 +22,7 @@ module Functions
       # included in a gemspec, it's because the Gemfile didn't import
       # the gemspec. This is unusual, but the correct behaviour if/when
       # it happens is to behave as if the repo was gemspec-only.
-      if dep.nil? && dependency_requirements.any?
-        return "latest"
-      end
+      return "latest" if dep.nil? && dependency_requirements.any?
 
       # Otherwise, if the dependency wasn't found it's because it is a
       # subdependency that was removed when attempting to update it.
@@ -38,9 +38,7 @@ module Functions
         ruby_version: ruby_version,
         fetcher: fetcher_class(dep)
       }
-      if dep.source.instance_of?(::Bundler::Source::Git)
-        details[:commit_sha] = dep.source.revision
-      end
+      details[:commit_sha] = dep.source.revision if dep.source.instance_of?(::Bundler::Source::Git)
       details
     end
 
@@ -92,7 +90,7 @@ module Functions
     end
 
     def build_definition(dependencies_to_unlock)
-      # Note: we lock shared dependencies to avoid any top-level
+      # NOTE: we lock shared dependencies to avoid any top-level
       # dependencies getting unlocked (which would happen if they were
       # also subdependencies of the dependency being unlocked)
       ::Bundler::Definition.build(

data/helpers/v2/monkey_patches/git_source_patch.rb

@@ -40,9 +40,7 @@ module Bundler
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         reduced_load_paths.each { |p| $LOAD_PATH << p }
 
-        if destination.relative?
-          destination = destination.expand_path(Bundler.root)
-        end
+        destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|
           # Evaluate gemspecs and cache the result. Gemspecs
           # in git might require git or other dependencies.

data/helpers/v2/run.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "bundler"
 require "json"
 
@@ -36,9 +38,9 @@ begin
   args = request["args"].transform_keys(&:to_sym)
 
   output({ result: Functions.send(function, **args) })
-rescue => error
+rescue StandardError => e
   output(
-    { error: error.message, error_class: error.class, trace: error.backtrace }
+    { error: e.message, error_class: e.class, trace: e.backtrace }
   )
   exit(1)
 end

data/helpers/v2/spec/functions/dependency_source_spec.rb

@@ -40,10 +40,10 @@ RSpec.describe Functions::DependencySource do
 
     it "returns all versions from the private source" do
       is_expected.to eq([
-                          Gem::Version.new("1.5.0"),
-                          Gem::Version.new("1.9.0"),
-                          Gem::Version.new("1.10.0.beta")
-                        ])
+        Gem::Version.new("1.5.0"),
+        Gem::Version.new("1.9.0"),
+        Gem::Version.new("1.10.0.beta")
+      ])
     end
 
     context "specified as the default source" do
@@ -51,10 +51,10 @@ RSpec.describe Functions::DependencySource do
 
       it "returns all versions from the private source" do
         is_expected.to eq([
-                            Gem::Version.new("1.5.0"),
-                            Gem::Version.new("1.9.0"),
-                            Gem::Version.new("1.10.0.beta")
-                          ])
+          Gem::Version.new("1.5.0"),
+          Gem::Version.new("1.9.0"),
+          Gem::Version.new("1.10.0.beta")
+        ])
       end
     end
 

data/helpers/v2/spec/functions/file_parser_spec.rb

@@ -12,9 +12,9 @@ RSpec.describe Functions::FileParser do
     )
   end
 
-  let(:project_name) { "gemfile" }
-
   describe "#parsed_gemfile" do
+    let(:project_name) { "gemfile" }
+
     subject(:parsed_gemfile) do
       in_tmp_folder do
         dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
@@ -54,7 +54,7 @@ RSpec.describe Functions::FileParser do
               branch: "master",
               ref: "a1b78a9",
               type: "git",
-              url: "git@github.com:gocardless/business"
+              url: "git@github.com:dependabot-fixtures/business"
             },
             type: :runtime
           },
@@ -68,36 +68,36 @@ RSpec.describe Functions::FileParser do
           {
             groups: [:default],
             name: "prius",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "master",
               type: "git",
-              url: "https://github.com/gocardless/prius"
+              url: "https://github.com/dependabot-fixtures/prius"
             },
             type: :runtime
           },
           {
             groups: [:default],
             name: "que",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "v0.11.6",
               type: "git",
-              url: "git@github.com:chanks/que"
+              url: "git@github.com:dependabot-fixtures/que"
             },
             type: :runtime
           },
           {
             groups: [:default],
             name: "uk_phone_numbers",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "master",
               type: "git",
-              url: "http://github.com/gocardless/uk_phone_numbers"
+              url: "http://github.com/dependabot-fixtures/uk_phone_numbers"
             },
             type: :runtime
           }
@@ -108,14 +108,11 @@ RSpec.describe Functions::FileParser do
   end
 
   describe "#parsed_gemspec" do
-    let!(:gemspec_fixture) do
-      fixture("ruby", "gemspecs", "exact")
-    end
+    let(:project_name) { "gemfile_exact" }
 
     subject(:parsed_gemspec) do
-      in_tmp_folder do |tmp_path|
-        File.write(File.join(tmp_path, "test.gemspec"), gemspec_fixture)
-        dependency_source.parsed_gemspec(gemspec_name: "test.gemspec")
+      in_tmp_folder do |_tmp_path|
+        dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
       end
     end
 

data/helpers/v2/spec/functions_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Functions do
         jfrog_source = Functions.jfrog_source(
           dir: tmp_path,
           gemfile_name: "Gemfile",
-          credentials: {},
+          credentials: {}
         )
 
         expect(jfrog_source).to eq("test.jfrog.io")

data/helpers/v2/spec/native_spec_helper.rb

@@ -26,8 +26,7 @@ end
 LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
 
 def project_dependency_files(project)
-  # TODO: Retrieve files from bundler2 folder once it is fully up to date
-  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
+  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler2", project))
 
   raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
 
@@ -37,9 +36,7 @@ def project_dependency_files(project)
     files = files.select { |f| File.file?(f) }
     files.map do |filename|
       content = File.read(filename)
-      if filename == "Gemfile.lock"
-        content = content.gsub(LOCKFILE_ENDING, "")
-      end
+      content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
       {
         name: filename,
         content: content

data/lib/dependabot/bundler/native_helpers.rb

@@ -17,7 +17,6 @@ module Dependabot
               # Bundler will pick the matching installed major version
               "BUNDLER_VERSION" => bundler_version,
               "BUNDLE_GEMFILE" => File.join(versioned_helper_path(bundler_version: bundler_version), "Gemfile"),
-              "BUNDLE_PATH" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle"),
               # Prevent the GEM_HOME from being set to a folder owned by root
               "GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
             }
@@ -36,7 +35,7 @@ module Dependabot
       end
 
       def self.helper_path(bundler_version:)
-        "ruby #{File.join(versioned_helper_path(bundler_version: bundler_version), 'run.rb')}"
+        "bundle exec ruby #{File.join(versioned_helper_path(bundler_version: bundler_version), 'run.rb')}"
       end
 
       def self.native_helpers_root

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.151.1
+  version: 0.154.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-07 00:00:00.000000000 Z
+date: 2021-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.151.1
+        version: 0.154.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.151.1
+        version: 0.154.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement