dependabot-bundler 0.185.0 → 0.187.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/lib/functions/file_parser.rb +8 -1
  3. data/helpers/v2/build +3 -3
  4. data/helpers/v2/lib/functions/file_parser.rb +8 -1
  5. data/helpers/v2/spec/native_spec_helper.rb +0 -5
  6. data/lib/dependabot/bundler/helpers.rb +1 -1
  7. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +6 -8
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 149703a633283283d90f697876543e96944f656162a6011d8e583f4fdc3f86c8
4
- data.tar.gz: d3cc9b9a84e614a943a33fbdc92d403ed61b3941d5485a26b186b647b97a90aa
3
+ metadata.gz: 74e210cda55ec43731c1a8c58b679f806566cd3ab793251c5cf54be52e2e41bc
4
+ data.tar.gz: e162e75ef3bac5bee2b04edd81d201ead66050c210c383876863bbb065688f17
5
5
  SHA512:
6
- metadata.gz: 6c2e823978b05cf242308ba15a22470eceb7d777aba00700f3108adbe1ef4bce66a495c937e05dccf929494e53425bb2b5b4155eddd0ce5a95c84e35b60265b8
7
- data.tar.gz: b97fb4091560f8bbcfe627bb8aa72421c66a1739313e8b334ced53d7d7b2204f44f2463a97b2f1c000695a09de230e65e5691cc8e36296d72891fb0213a2862e
6
+ metadata.gz: 5f7d707de1a8dde237bf6b98eabcf442b0e14540e33633b172f7317e6de354d61fd4ad36d49437bbe27fc31da3bd25e0079d8c5fae7b4df896eadc43d3a49a57
7
+ data.tar.gz: 58d71fe67588f3e17a5b6afa6e975320a6bd4c70f52c3706698c3a5aa275bc07ffad536fa1646995d8592afb4a40f3e28e3f63dbfd1112a39eba29612f8cca5d
data/helpers/v1/lib/functions/file_parser.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "uri"
4
+
3
5
  module Functions
4
6
  class FileParser
5
7
  def initialize(lockfile_name:)
@@ -73,7 +75,12 @@ module Functions
73
75
  return true if source.nil?
74
76
  return false unless source.is_a?(Bundler::Source::Rubygems)
75
77
 
76
- source.remotes.any? { |r| r.to_s.include?("rubygems.org") }
78
+ source.remotes.any? do |r|
79
+ [
80
+ "rubygems.org",
81
+ "www.rubygems.org"
82
+ ].include?(URI(r.to_s).host)
83
+ end
77
84
  end
78
85
 
79
86
  def serialize_bundler_dependency(dependency)
data/helpers/v2/build CHANGED
@@ -22,6 +22,6 @@ cd "$install_dir"
22
22
 
23
23
  # NOTE: Sets `BUNDLED WITH` to match the installed v2 version in Gemfile.lock
24
24
  # forcing specs and native helpers to run with the same version
25
- BUNDLER_VERSION=2.3.12 bundle config --local path ".bundle"
26
- BUNDLER_VERSION=2.3.12 bundle config --local without "test"
27
- BUNDLER_VERSION=2.3.12 bundle install
25
+ BUNDLER_VERSION=2.3.13 bundle config --local path ".bundle"
26
+ BUNDLER_VERSION=2.3.13 bundle config --local without "test"
27
+ BUNDLER_VERSION=2.3.13 bundle install
data/helpers/v2/lib/functions/file_parser.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "uri"
4
+
3
5
  module Functions
4
6
  class FileParser
5
7
  def initialize(lockfile_name:)
@@ -74,7 +76,12 @@ module Functions
74
76
  return true if source.nil?
75
77
  return false unless source.is_a?(Bundler::Source::Rubygems)
76
78
 
77
- source.remotes.any? { |r| r.to_s.include?("rubygems.org") }
79
+ source.remotes.any? do |r|
80
+ [
81
+ "rubygems.org",
82
+ "www.rubygems.org"
83
+ ].include?(URI(r.to_s).host)
84
+ end
78
85
  end
79
86
 
80
87
  def serialize_bundler_dependency(dependency)
data/helpers/v2/spec/native_spec_helper.rb CHANGED
@@ -21,10 +21,6 @@ RSpec.configure do |config|
21
21
  config.raise_errors_for_deprecations!
22
22
  end
23
23
 
24
- # Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
25
- # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
26
- LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
27
-
28
24
  def project_dependency_files(project)
29
25
  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler2", project))
30
26
 
@@ -36,7 +32,6 @@ def project_dependency_files(project)
36
32
  files = files.select { |f| File.file?(f) }
37
33
  files.map do |filename|
38
34
  content = File.read(filename)
39
- content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
40
35
  {
41
36
  name: filename,
42
37
  content: content
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -4,7 +4,7 @@ module Dependabot
4
4
  module Bundler
5
5
  module Helpers
6
6
  V1 = "1.17.3"
7
- V2 = "2.3.12"
7
+ V2 = "2.3.13"
8
8
  # If we are updating a project with no Gemfile.lock, we default to the
9
9
  # newest version we support
10
10
  DEFAULT = V2
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "excon"
4
+ require "uri"
4
5
 
5
6
  require "dependabot/bundler/update_checker"
6
7
  require "dependabot/bundler/native_helpers"
@@ -143,7 +144,10 @@ module Dependabot
143
144
  regex = BundlerErrorPatterns::HTTP_ERR_REGEX
144
145
  if error.message.match?(regex)
145
146
  source = error.message.match(regex)[:source]
146
- raise if source.end_with?("rubygems.org/")
147
+ raise if [
148
+ "rubygems.org",
149
+ "www.rubygems.org"
150
+ ].include?(URI(source).host)
147
151
 
148
152
  raise Dependabot::PrivateSourceTimedOut, source
149
153
  end
@@ -213,7 +217,7 @@ module Dependabot
213
217
  File.write(path, file.content)
214
218
  end
215
219
 
216
- File.write(lockfile.name, sanitized_lockfile_body) if lockfile
220
+ File.write(lockfile.name, lockfile.content) if lockfile
217
221
  end
218
222
 
219
223
  def private_registry_credentials
@@ -230,12 +234,6 @@ module Dependabot
230
234
  dependency_files.find { |f| f.name == "Gemfile.lock" } ||
231
235
  dependency_files.find { |f| f.name == "gems.locked" }
232
236
  end
233
-
234
- # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
235
- def sanitized_lockfile_body
236
- re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
237
- lockfile.content.gsub(re, "")
238
- end
239
237
  end
240
238
  end
241
239
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.185.0
4
+ version: 0.187.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-09 00:00:00.000000000 Z
11
+ date: 2022-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.185.0
19
+ version: 0.187.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.185.0
26
+ version: 0.187.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement