dependabot-bundler 0.185.0 → 0.187.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/lib/functions/file_parser.rb +8 -1
- data/helpers/v2/build +3 -3
- data/helpers/v2/lib/functions/file_parser.rb +8 -1
- data/helpers/v2/spec/native_spec_helper.rb +0 -5
- data/lib/dependabot/bundler/helpers.rb +1 -1
- data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +6 -8
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 74e210cda55ec43731c1a8c58b679f806566cd3ab793251c5cf54be52e2e41bc
|
4
|
+
data.tar.gz: e162e75ef3bac5bee2b04edd81d201ead66050c210c383876863bbb065688f17
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5f7d707de1a8dde237bf6b98eabcf442b0e14540e33633b172f7317e6de354d61fd4ad36d49437bbe27fc31da3bd25e0079d8c5fae7b4df896eadc43d3a49a57
|
7
|
+
data.tar.gz: 58d71fe67588f3e17a5b6afa6e975320a6bd4c70f52c3706698c3a5aa275bc07ffad536fa1646995d8592afb4a40f3e28e3f63dbfd1112a39eba29612f8cca5d
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "uri"
|
4
|
+
|
3
5
|
module Functions
|
4
6
|
class FileParser
|
5
7
|
def initialize(lockfile_name:)
|
@@ -73,7 +75,12 @@ module Functions
|
|
73
75
|
return true if source.nil?
|
74
76
|
return false unless source.is_a?(Bundler::Source::Rubygems)
|
75
77
|
|
76
|
-
source.remotes.any?
|
78
|
+
source.remotes.any? do |r|
|
79
|
+
[
|
80
|
+
"rubygems.org",
|
81
|
+
"www.rubygems.org"
|
82
|
+
].include?(URI(r.to_s).host)
|
83
|
+
end
|
77
84
|
end
|
78
85
|
|
79
86
|
def serialize_bundler_dependency(dependency)
|
data/helpers/v2/build
CHANGED
@@ -22,6 +22,6 @@ cd "$install_dir"
|
|
22
22
|
|
23
23
|
# NOTE: Sets `BUNDLED WITH` to match the installed v2 version in Gemfile.lock
|
24
24
|
# forcing specs and native helpers to run with the same version
|
25
|
-
BUNDLER_VERSION=2.3.
|
26
|
-
BUNDLER_VERSION=2.3.
|
27
|
-
BUNDLER_VERSION=2.3.
|
25
|
+
BUNDLER_VERSION=2.3.13 bundle config --local path ".bundle"
|
26
|
+
BUNDLER_VERSION=2.3.13 bundle config --local without "test"
|
27
|
+
BUNDLER_VERSION=2.3.13 bundle install
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "uri"
|
4
|
+
|
3
5
|
module Functions
|
4
6
|
class FileParser
|
5
7
|
def initialize(lockfile_name:)
|
@@ -74,7 +76,12 @@ module Functions
|
|
74
76
|
return true if source.nil?
|
75
77
|
return false unless source.is_a?(Bundler::Source::Rubygems)
|
76
78
|
|
77
|
-
source.remotes.any?
|
79
|
+
source.remotes.any? do |r|
|
80
|
+
[
|
81
|
+
"rubygems.org",
|
82
|
+
"www.rubygems.org"
|
83
|
+
].include?(URI(r.to_s).host)
|
84
|
+
end
|
78
85
|
end
|
79
86
|
|
80
87
|
def serialize_bundler_dependency(dependency)
|
@@ -21,10 +21,6 @@ RSpec.configure do |config|
|
|
21
21
|
config.raise_errors_for_deprecations!
|
22
22
|
end
|
23
23
|
|
24
|
-
# Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
|
25
|
-
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
26
|
-
LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
|
27
|
-
|
28
24
|
def project_dependency_files(project)
|
29
25
|
project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler2", project))
|
30
26
|
|
@@ -36,7 +32,6 @@ def project_dependency_files(project)
|
|
36
32
|
files = files.select { |f| File.file?(f) }
|
37
33
|
files.map do |filename|
|
38
34
|
content = File.read(filename)
|
39
|
-
content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
|
40
35
|
{
|
41
36
|
name: filename,
|
42
37
|
content: content
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "excon"
|
4
|
+
require "uri"
|
4
5
|
|
5
6
|
require "dependabot/bundler/update_checker"
|
6
7
|
require "dependabot/bundler/native_helpers"
|
@@ -143,7 +144,10 @@ module Dependabot
|
|
143
144
|
regex = BundlerErrorPatterns::HTTP_ERR_REGEX
|
144
145
|
if error.message.match?(regex)
|
145
146
|
source = error.message.match(regex)[:source]
|
146
|
-
raise if
|
147
|
+
raise if [
|
148
|
+
"rubygems.org",
|
149
|
+
"www.rubygems.org"
|
150
|
+
].include?(URI(source).host)
|
147
151
|
|
148
152
|
raise Dependabot::PrivateSourceTimedOut, source
|
149
153
|
end
|
@@ -213,7 +217,7 @@ module Dependabot
|
|
213
217
|
File.write(path, file.content)
|
214
218
|
end
|
215
219
|
|
216
|
-
File.write(lockfile.name,
|
220
|
+
File.write(lockfile.name, lockfile.content) if lockfile
|
217
221
|
end
|
218
222
|
|
219
223
|
def private_registry_credentials
|
@@ -230,12 +234,6 @@ module Dependabot
|
|
230
234
|
dependency_files.find { |f| f.name == "Gemfile.lock" } ||
|
231
235
|
dependency_files.find { |f| f.name == "gems.locked" }
|
232
236
|
end
|
233
|
-
|
234
|
-
# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
|
235
|
-
def sanitized_lockfile_body
|
236
|
-
re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
|
237
|
-
lockfile.content.gsub(re, "")
|
238
|
-
end
|
239
237
|
end
|
240
238
|
end
|
241
239
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-bundler
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.187.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-05-
|
11
|
+
date: 2022-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.187.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.187.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debase
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|