dependabot-bundler 0.211.0 → 0.213.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b17b4f044523e671c8d5089cd9f4e8f63ce0d03f40c2c0cf98592bbd08e328b
-  data.tar.gz: c4c07d736246603d2ab6a2222b285f5dd4058cd9466de3ae55e4e01a6c34fe0c
+  metadata.gz: 55546e82f289d523c8f13d59a6c60863c9771ebfb0e2e3fd1df0ba7057a5c745
+  data.tar.gz: e3e912ae9743390b574d72c93867618838526335ae43f165db59686af1339139
 SHA512:
-  metadata.gz: 3493c9d2028172e1f80ced2a7d80585471ea07cc298c47af088e8dcc42471c8c594aafe16e4dc376f63602f68190f0952a56ec1ef6f9b32397bfc4041659ffe0
-  data.tar.gz: e8a1f7a0657d4bb5d6371a73a6c627d7538a480fa1e4e3d2afe5be11a3fbc5cdb88f561c84869f3e5344183cac1294b638d6f161f9a63be13a210ba6019af5b1
+  metadata.gz: b4097b5de54f37b1a1e237ead1dc4c9d62c30f5e49b86597715dd776e827a82358ffcfefaa23cefd0f1fa69a6c1170d547a8720efe6b5f27231c201660a53a27
+  data.tar.gz: 9ac94050be3a3d3a35deb72a24ae6884848a736b501cc5d4ae980ec9817d5d13e40cd37b2dd8be1264e03f583a77f38c681496e11622fd46a9e5c1aa0b68734c

data/helpers/v1/build

@@ -2,26 +2,34 @@
 
 set -e
 
+helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
 if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
-  exit 1
+  install_dir="$helpers_dir"
+else
+  install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
+  mkdir -p "$install_dir"
+
+  cp -r \
+    "$helpers_dir/lib" \
+    "$helpers_dir/monkey_patches" \
+    "$helpers_dir/run.rb" \
+    "$helpers_dir/Gemfile" \
+    "$install_dir"
 fi
 
-install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
-mkdir -p "$install_dir"
+cd "$install_dir"
 
-helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
-cp -r \
-  "$helpers_dir/lib" \
-  "$helpers_dir/monkey_patches" \
-  "$helpers_dir/run.rb" \
-  "$helpers_dir/Gemfile" \
-  "$install_dir"
+export GEM_HOME=$install_dir/.bundle
 
-cd "$install_dir"
+gem install bundler -v 1.17.3 --no-document
+
+BUNDLER_VERSION=1.17.3 bundle config --local path.system true
+
+if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  BUNDLER_VERSION=1.17.3 bundle config --local without "test"
+fi
 
 # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
 # forcing native helpers to run with the same version
-BUNDLER_VERSION=1.17.3 bundle config --local path ".bundle"
-BUNDLER_VERSION=1.17.3 bundle config --local without "test"
 BUNDLER_VERSION=1.17.3 bundle install

data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb

@@ -63,7 +63,7 @@ module Functions
       if spec.name == top_level.name
         "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
       else
-        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} "\
+        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
           "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
       end
     end

data/helpers/v1/lib/functions/file_parser.rb

@@ -14,13 +14,13 @@ module Functions
       Bundler::Definition.build(gemfile_name, nil, {}).
         dependencies.select(&:current_platform?).
         reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
-        map(&method(:serialize_bundler_dependency))
+        map { |dep| serialize_bundler_dependency(dep) }
     end
 
     def parsed_gemspec(gemspec_name:)
       Bundler.load_gemspec_uncached(gemspec_name).
         dependencies.
-        map(&method(:serialize_bundler_dependency))
+        map { |dep| serialize_bundler_dependency(dep) }
     end
 
     private
@@ -71,15 +71,17 @@ module Functions
       }
     end
 
+    RUBYGEMS_HOSTS = [
+      "rubygems.org",
+      "www.rubygems.org"
+    ].freeze
+
     def default_rubygems?(source)
       return true if source.nil?
       return false unless source.is_a?(Bundler::Source::Rubygems)
 
       source.remotes.any? do |r|
-        [
-          "rubygems.org",
-          "www.rubygems.org"
-        ].include?(URI(r.to_s).host)
+        RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
       end
     end
 

data/helpers/v1/lib/functions/lockfile_updater.rb

@@ -10,7 +10,7 @@ module Functions
         locked\sto\s(?<name>[^\s]+)\s\(|
         not\sfind\s(?<name>[^\s]+)-\d|
         has\s(?<name>[^\s]+)\slocked\sat
-      /x.freeze
+      /x
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
       @gemfile_name = gemfile_name
@@ -160,9 +160,9 @@ module Functions
       potentials_deps =
         error.cause.conflicts.values.
         flat_map(&:requirement_trees).
-        map do |tree|
+        filter_map do |tree|
           tree.find { |req| allowed_new_unlocks.include?(req.name) }
-        end.compact.map(&:name)
+        end.map(&:name)
 
       # If there are specific dependencies we can unlock, unlock them
       return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?

data/helpers/v1/lib/functions/version_resolver.rb

@@ -2,7 +2,7 @@
 
 module Functions
   class VersionResolver
-    GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
+    GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
 
     attr_reader :dependency_name, :dependency_requirements,
                 :gemfile_name, :lockfile_name

data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb

@@ -11,7 +11,7 @@ module BundlerFileUtilsKeywordSplatPatch
     opts = {}
     opts[:encoding] = ::Encoding::UTF_8 if fu_windows?
     Dir.entries(path, **opts).
-      reject { |n| [".", ".."].include?(n) }.
+      reject { |n| n == "." || n == ".." }.
       map { |n| self.class.new(prefix, join(rel, n.untaint)) }
   end
 end

data/helpers/v1/monkey_patches/git_source_patch.rb

@@ -51,7 +51,7 @@ module Bundler
 
           Bundler.rubygems.set_installed_by_version(spec)
           Bundler.rubygems.validate(spec)
-          File.open(spec_path, "wb") { |file| file.write(spec.to_ruby) }
+          File.binwrite(spec_path, spec.to_ruby)
         end
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         original_load_paths.each { |p| $LOAD_PATH << p }

data/helpers/v1/spec/native_spec_helper.rb

@@ -25,7 +25,7 @@ end
 
 # Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
 # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
-LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
+LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
 
 def project_dependency_files(project)
   project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))

data/helpers/v1/spec/shared_contexts.rb

@@ -9,7 +9,7 @@ RSpec.shared_context "in a temporary bundler directory" do
   let(:project_name) { "gemfile" }
 
   let(:tmp_path) do
-    Dir.mkdir(TMP_DIR_PATH) unless Dir.exist?(TMP_DIR_PATH)
+    FileUtils.mkdir_p(TMP_DIR_PATH)
     dir = Dir.mktmpdir("native_helper_spec_", TMP_DIR_PATH)
     Pathname.new(dir).expand_path
   end

data/helpers/v2/build

@@ -2,24 +2,34 @@
 
 set -e
 
+helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
 if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
-  exit 1
+  install_dir="$helpers_dir"
+else
+  install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
+  mkdir -p "$install_dir"
+
+  cp -r \
+    "$helpers_dir/lib" \
+    "$helpers_dir/monkey_patches" \
+    "$helpers_dir/run.rb" \
+    "$helpers_dir/Gemfile" \
+    "$install_dir"
 fi
 
-install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
-mkdir -p "$install_dir"
+cd "$install_dir"
 
-helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
-cp -r \
-  "$helpers_dir/lib" \
-  "$helpers_dir/monkey_patches" \
-  "$helpers_dir/run.rb" \
-  "$helpers_dir/Gemfile" \
-  "$install_dir"
+default_version=$(ruby -rbundler -e'print Bundler::VERSION')
 
-cd "$install_dir"
+export GEM_HOME=$install_dir/.bundle
+
+gem install bundler -v "$default_version" --no-document
+
+bundle config --local path.system true
+
+if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  bundle config --local without "test"
+fi
 
-bundle config --local path ".bundle"
-bundle config --local without "test"
 bundle install

data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb

@@ -63,7 +63,7 @@ module Functions
       if spec.name == top_level.name
         "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
       else
-        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} "\
+        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
           "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
       end
     end

data/helpers/v2/lib/functions/file_parser.rb

@@ -14,13 +14,13 @@ module Functions
       Bundler::Definition.build(gemfile_name, nil, {}).
         dependencies.select(&:current_platform?).
         reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
-        map(&method(:serialize_bundler_dependency))
+        map { |dep| serialize_bundler_dependency(dep) }
     end
 
     def parsed_gemspec(gemspec_name:)
       Bundler.load_gemspec_uncached(gemspec_name).
         dependencies.
-        map(&method(:serialize_bundler_dependency))
+        map { |dep| serialize_bundler_dependency(dep) }
     end
 
     private
@@ -72,15 +72,17 @@ module Functions
       }
     end
 
+    RUBYGEMS_HOSTS = [
+      "rubygems.org",
+      "www.rubygems.org"
+    ].freeze
+
     def default_rubygems?(source)
       return true if source.nil?
       return false unless source.is_a?(Bundler::Source::Rubygems)
 
       source.remotes.any? do |r|
-        [
-          "rubygems.org",
-          "www.rubygems.org"
-        ].include?(URI(r.to_s).host)
+        RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
       end
     end
 

data/helpers/v2/lib/functions/lockfile_updater.rb

@@ -10,7 +10,7 @@ module Functions
         locked\sto\s(?<name>[^\s]+)\s\(|
         not\sfind\s(?<name>[^\s]+)-\d|
         has\s(?<name>[^\s]+)\slocked\sat
-      /x.freeze
+      /x
     DEPENDENCY_DROPPED = "_dependency_dropped_"
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
@@ -161,9 +161,9 @@ module Functions
       potentials_deps =
         error.cause.conflicts.values.
         flat_map(&:requirement_trees).
-        map do |tree|
+        filter_map do |tree|
           tree.find { |req| allowed_new_unlocks.include?(req.name) }
-        end.compact.map(&:name)
+        end.map(&:name)
 
       # If there are specific dependencies we can unlock, unlock them
       return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?

data/helpers/v2/lib/functions/version_resolver.rb

@@ -2,7 +2,7 @@
 
 module Functions
   class VersionResolver
-    GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
+    GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
 
     attr_reader :dependency_name, :dependency_requirements,
                 :gemfile_name, :lockfile_name
@@ -16,6 +16,11 @@ module Functions
     end
 
     def version_details
+      # If the dependency is Bundler itself then we can't trust the
+      # version that has been returned (it's the version Dependabot is
+      # running on, rather than the true latest resolvable version).
+      return nil if dependency_name == "bundler"
+
       dep = dependency_from_definition
 
       # If the dependency wasn't found in the definition, but *is*
@@ -28,11 +33,6 @@ module Functions
       # subdependency that was removed when attempting to update it.
       return nil if dep.nil?
 
-      # If the dependency is Bundler itself then we can't trust the
-      # version that has been returned (it's the version Dependabot is
-      # running on, rather than the true latest resolvable version).
-      return nil if dep.name == "bundler"
-
       details = {
         version: dep.version,
         ruby_version: ruby_version,

data/helpers/v2/monkey_patches/git_source_patch.rb

@@ -13,7 +13,7 @@ module Bundler
         # Instead, we convert all `git@github.com:` URLs to use HTTPS.
         def configured_uri_for(uri)
           uri = uri.gsub(%r{git@(.*?):/?}, 'https://\1/')
-          if /https?:/ =~ uri
+          if /https?:/.match?(uri)
             remote = Bundler::URI(uri)
             config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
             remote.userinfo ||= config_auth
@@ -50,7 +50,7 @@ module Bundler
 
           Bundler.rubygems.set_installed_by_version(spec)
           Bundler.rubygems.validate(spec)
-          File.open(spec_path, "wb") { |file| file.write(spec.to_ruby) }
+          File.binwrite(spec_path, spec.to_ruby)
         end
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         original_load_paths.each { |p| $LOAD_PATH << p }

data/helpers/v2/run.rb

@@ -15,7 +15,6 @@ end
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
-require "endpoint_specification_patch"
 require "git_source_patch"
 
 require "functions"

data/helpers/v2/spec/functions_spec.rb

@@ -38,7 +38,7 @@ RSpec.describe Functions do
       expect(git_specs.size).to eq(count)
       git_specs.each do |gs|
         uri = URI.parse(gs[:auth_uri])
-        expect(uri.scheme).to(satisfy { |s| %w(http https).include?(s) })
+        expect(uri.scheme).to(satisfy { |s| s.match?(/https?/o) })
       end
     end
 

data/helpers/v2/spec/shared_contexts.rb

@@ -10,7 +10,7 @@ RSpec.shared_context "in a temporary bundler directory" do
   let(:project_name) { "gemfile" }
 
   let(:tmp_path) do
-    Dir.mkdir(TMP_DIR_PATH) unless Dir.exist?(TMP_DIR_PATH)
+    FileUtils.mkdir_p(TMP_DIR_PATH)
     dir = Dir.mktmpdir("native_helper_spec_", TMP_DIR_PATH)
     Pathname.new(dir).expand_path
   end

data/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb

@@ -33,8 +33,8 @@ module Dependabot
             path_node = node.children[2]
             unless path_node.type == :str
               path = gemfile.path
-              msg = "Dependabot only supports uninterpolated string arguments "\
-                    "to eval_gemfile. Got "\
+              msg = "Dependabot only supports uninterpolated string arguments " \
+                    "to eval_gemfile. Got " \
                     "`#{path_node.loc.expression.source}`"
               raise Dependabot::DependencyFileNotParseable.new(path, msg)
             end

data/lib/dependabot/bundler/file_fetcher/gemspec_finder.rb

@@ -35,8 +35,8 @@ module Dependabot
 
             unless path_node.type == :str
               path = gemfile.path
-              msg = "Dependabot only supports uninterpolated string arguments "\
-                    "to gemspec. Got "\
+              msg = "Dependabot only supports uninterpolated string arguments " \
+                    "to gemspec. Got " \
                     "`#{path_node.loc.expression.source}`"
               raise Dependabot::DependencyFileNotParseable.new(path, msg)
             end

data/lib/dependabot/bundler/file_fetcher/path_gemspec_finder.rb

@@ -34,8 +34,8 @@ module Dependabot
 
             unless path_node.type == :str
               path = gemfile.path
-              msg = "Dependabot only supports uninterpolated string arguments "\
-                    "for path dependencies. Got "\
+              msg = "Dependabot only supports uninterpolated string arguments " \
+                    "for path dependencies. Got " \
                     "`#{path_node.loc.expression.source}`"
               raise Dependabot::DependencyFileNotParseable.new(path, msg)
             end

data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb

@@ -8,20 +8,20 @@ module Dependabot
     class FileParser
       # Checks whether a dependency is declared in a Gemfile
       class GemfileDeclarationFinder
-        def initialize(dependency:, gemfile:)
-          @dependency = dependency
+        def initialize(gemfile:)
           @gemfile = gemfile
+          @declaration_nodes = {}
         end
 
-        def gemfile_includes_dependency?
-          !declaration_node.nil?
+        def gemfile_includes_dependency?(dependency)
+          !declaration_node(dependency).nil?
         end
 
-        def enhanced_req_string
-          return unless gemfile_includes_dependency?
+        def enhanced_req_string(dependency)
+          return unless gemfile_includes_dependency?(dependency)
 
           fallback_string = dependency.fetch("requirement")
-          req_nodes = declaration_node.children[3..-1]
+          req_nodes = declaration_node(dependency).children[3..-1]
           req_nodes = req_nodes.reject { |child| child.type == :hash }
 
           return fallback_string if req_nodes.none?
@@ -39,31 +39,35 @@ module Dependabot
 
         private
 
-        attr_reader :dependency, :gemfile
+        attr_reader :gemfile
 
-        def declaration_node
-          return @declaration_node if defined?(@declaration_node)
-          return unless Parser::CurrentRuby.parse(gemfile.content)
+        def parsed_gemfile
+          @parsed_gemfile ||= Parser::CurrentRuby.parse(gemfile.content)
+        end
+
+        def declaration_node(dependency)
+          return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
+          return unless parsed_gemfile
 
-          @declaration_node = nil
-          Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
-            @declaration_node = deep_search_for_gem(node)
+          @declaration_nodes[dependency] = nil
+          parsed_gemfile.children.any? do |node|
+            @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
           end
-          @declaration_node
+          @declaration_nodes[dependency]
         end
 
-        def deep_search_for_gem(node)
-          return node if declares_targeted_gem?(node)
+        def deep_search_for_gem(node, dependency)
+          return node if declares_targeted_gem?(node, dependency)
           return unless node.is_a?(Parser::AST::Node)
 
           declaration_node = nil
           node.children.find do |child_node|
-            declaration_node = deep_search_for_gem(child_node)
+            declaration_node = deep_search_for_gem(child_node, dependency)
           end
           declaration_node
         end
 
-        def declares_targeted_gem?(node)
+        def declares_targeted_gem?(node, dependency)
           return false unless node.is_a?(Parser::AST::Node)
           return false unless node.children[1] == :gem
 

data/lib/dependabot/bundler/file_parser.rb

@@ -60,17 +60,17 @@ module Dependabot
         return dependencies unless gemfile
 
         [gemfile, *evaled_gemfiles].each do |file|
+          gemfile_declaration_finder = GemfileDeclarationFinder.new(gemfile: file)
+
           parsed_gemfile.each do |dep|
-            gemfile_declaration_finder =
-              GemfileDeclarationFinder.new(dependency: dep, gemfile: file)
-            next unless gemfile_declaration_finder.gemfile_includes_dependency?
+            next unless gemfile_declaration_finder.gemfile_includes_dependency?(dep)
 
             dependencies <<
               Dependency.new(
                 name: dep.fetch("name"),
                 version: dependency_version(dep.fetch("name"))&.to_s,
                 requirements: [{
-                  requirement: gemfile_declaration_finder.enhanced_req_string,
+                  requirement: gemfile_declaration_finder.enhanced_req_string(dep),
                   groups: dep.fetch("groups").map(&:to_sym),
                   source: dep.fetch("source")&.transform_keys(&:to_sym),
                   file: file.name

data/lib/dependabot/bundler/file_updater/gemfile_updater.rb

@@ -6,6 +6,8 @@ module Dependabot
   module Bundler
     class FileUpdater
       class GemfileUpdater
+        GEMFILE_FILENAMES = %w(Gemfile gems.rb).freeze
+
         require_relative "git_pin_replacer"
         require_relative "git_source_remover"
         require_relative "requirement_replacer"
@@ -27,7 +29,7 @@ module Dependabot
 
             content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency)
 
-            content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency)
+            content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency, gemfile)
           end
 
           content
@@ -68,21 +70,21 @@ module Dependabot
         def remove_git_source?(dependency)
           old_gemfile_req =
             dependency.previous_requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
 
           return false unless old_gemfile_req&.dig(:source, :type) == "git"
 
           new_gemfile_req =
             dependency.requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
 
           new_gemfile_req[:source].nil?
         end
 
-        def update_git_pin?(dependency)
+        def update_git_pin?(dependency, file)
           new_gemfile_req =
             dependency.requirements.
-            find { |f| %w(Gemfile gems.rb).include?(f[:file]) }
+            find { |f| f[:file] == file.name }
           return false unless new_gemfile_req&.dig(:source, :type) == "git"
 
           # If the new requirement is a git dependency with a ref then there's

data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb

@@ -90,9 +90,9 @@ module Dependabot
           def wrap_require(node)
             replace(
               node.loc.expression,
-              "begin\n"\
-              "#{node.loc.expression.source_line}\n"\
-              "rescue LoadError\n"\
+              "begin\n" \
+              "#{node.loc.expression.source_line}\n" \
+              "rescue LoadError\n" \
               "end"
             )
           end

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -18,10 +18,9 @@ module Dependabot
         require_relative "gemspec_dependency_name_finder"
         require_relative "ruby_requirement_setter"
 
-        LOCKFILE_ENDING =
-          /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
-        GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m.freeze
-        GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m.freeze
+        LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
+        GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m
+        GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m
 
         # Can't be a constant because some of these don't exist in bundler
         # 1.15, which Heroku uses, which causes an exception on boot.

data/lib/dependabot/bundler/file_updater/requirement_replacer.rb

@@ -56,7 +56,7 @@ module Dependabot
             if length_change.positive?
               updated_line.sub(/(?<=\s)\s{#{length_change}}#/, "#")
             elsif length_change.negative?
-              updated_line.sub(/(?<=\s{2})#/, " " * length_change.abs + "#")
+              updated_line.sub(/(?<=\s{2})#/, (" " * length_change.abs) + "#")
             end
 
           updated_lines[updated_line_index] = updated_line
@@ -167,7 +167,7 @@ module Dependabot
             req_string.include?(" ")
           end
 
-          EQUALITY_OPERATOR = /(?<![<>!])=/.freeze
+          EQUALITY_OPERATOR = /(?<![<>!])=/
 
           def use_equality_operator?(requirement_nodes)
             return true if requirement_nodes.none?

data/lib/dependabot/bundler/helpers.rb

@@ -13,7 +13,7 @@ module Dependabot
       # it was created with an old version that didn't add this information
       FAILOVER = V1
 
-      BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
+      BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
 
       def self.bundler_version(lockfile)
         return DEFAULT unless lockfile

data/lib/dependabot/bundler/metadata_finder.rb

@@ -76,7 +76,7 @@ module Dependabot
       end
 
       def find_source_from_git_url
-        info = dependency.requirements.map { |r| r[:source] }.compact.first
+        info = dependency.requirements.filter_map { |r| r[:source] }.first
 
         url = info[:url] || info.fetch("url")
         Source.from_url(url)
@@ -106,8 +106,8 @@ module Dependabot
 
         rubygems_marshalled_gemspec_response.gsub("\x06;", "\n").
           scan(Dependabot::Source::SOURCE_REGEX) do
-            github_urls << Regexp.last_match.to_s +
-                           Regexp.last_match.post_match.split("\n").first
+            github_urls << (Regexp.last_match.to_s +
+                           Regexp.last_match.post_match.split("\n").first)
           end
 
         github_urls.find do |url|
@@ -124,7 +124,7 @@ module Dependabot
         return @rubygems_marshalled_gemspec_response if defined?(@rubygems_marshalled_gemspec_response)
 
         gemspec_uri =
-          "#{registry_url}quick/Marshal.4.8/"\
+          "#{registry_url}quick/Marshal.4.8/" \
           "#{dependency.name}-#{dependency.version}.gemspec.rz"
 
         response =
@@ -198,7 +198,7 @@ module Dependabot
       def registry_url
         return "https://rubygems.org/" if new_source_type == "default"
 
-        info = dependency.requirements.map { |r| r[:source] }.compact.first
+        info = dependency.requirements.filter_map { |r| r[:source] }.first
         info[:url] || info.fetch("url")
       end
 

data/lib/dependabot/bundler/native_helpers.rb

@@ -63,7 +63,7 @@ module Dependabot
       end
 
       def self.native_helpers_root
-        helpers_root = ENV["DEPENDABOT_NATIVE_HELPERS_PATH"]
+        helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
         return File.join(helpers_root, "bundler") unless helpers_root.nil?
 
         File.expand_path("../../../helpers", __dir__)

data/lib/dependabot/bundler/requirement.rb

@@ -5,7 +5,7 @@ require "dependabot/utils"
 module Dependabot
   module Bundler
     class Requirement < Gem::Requirement
-      # For consistency with other langauges, we define a requirements array.
+      # For consistency with other languages, we define a requirements array.
       # Ruby doesn't have an `OR` separator for requirements, so it always
       # contains a single element.
       def self.requirements_array(requirement_string)

data/lib/dependabot/bundler/update_checker/file_preparer.rb

@@ -24,7 +24,7 @@ module Dependabot
       #   version allowed by the gemspec, if the gemspec has a required ruby
       #   version range
       class FilePreparer
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
+        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
 
         # Can't be a constant because some of these don't exist in bundler
         # 1.15, which Heroku uses, which causes an exception on boot.

data/lib/dependabot/bundler/update_checker/force_updater.rb

@@ -85,7 +85,7 @@ module Dependabot
           #
           # This is kind of a bug in Bundler, and we should try to fix it,
           # but resolving it won't necessarily be easy.
-          updated_deps.map do |dep|
+          updated_deps.filter_map do |dep|
             original_dep =
               original_dependencies.find { |d| d.name == dep.fetch("name") }
             spec = specs.find { |d| d.fetch("name") == dep.fetch("name") }
@@ -93,7 +93,7 @@ module Dependabot
             next if spec.fetch("version") == original_dep.version
 
             build_dependency(original_dep, spec)
-          end.compact
+          end
         end
 
         def build_dependency(original_dep, updated_spec)

data/lib/dependabot/bundler/update_checker/requirements_updater.rb

@@ -28,7 +28,7 @@ module Dependabot
 
         def updated_requirements
           requirements.map do |req|
-            if req[:file].match?(/\.gemspec/)
+            if req[:file].include?(".gemspec")
               update_gemspec_requirement(req)
             else
               # If a requirement doesn't come from a gemspec, it must be from
@@ -101,7 +101,7 @@ module Dependabot
               when "!="
                 []
               else
-                raise "Unexpected operation for unsatisfied Gemfile "\
+                raise "Unexpected operation for unsatisfied Gemfile " \
                       "requirement: #{op}"
               end
             end

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -14,19 +14,15 @@ module Dependabot
   module Bundler
     class UpdateChecker
       module SharedBundlerHelpers
-        GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze
-        GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./.freeze
-        PATH_REGEX = /The path `(?<path>.*)` does not exist/.freeze
+        GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
+        GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
+        PATH_REGEX = /The path `(?<path>.*)` does not exist/
 
         module BundlerErrorPatterns
-          MISSING_AUTH_REGEX =
-            /bundle config (?<source>.*) username:password/.freeze
-          BAD_AUTH_REGEX =
-            /Bad username or password for (?<source>.*)\.$/.freeze
-          BAD_CERT_REGEX =
-            /verify the SSL certificate for (?<source>.*)\.$/.freeze
-          HTTP_ERR_REGEX =
-            /Could not fetch specs from (?<source>.*)$/.freeze
+          MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
+          BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
+          BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
+          HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
         end
 
         RETRYABLE_ERRORS = %w(
@@ -181,7 +177,7 @@ module Dependabot
             )
             git_specs.reject do |spec|
               uri = URI.parse(spec.fetch("auth_uri"))
-              next false unless %w(http https).include?(uri.scheme)
+              next false unless uri.scheme&.match?(/https?/o)
 
               Dependabot::RegistryClient.get(
                 url: uri.to_s

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.211.0
+  version: 0.213.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
+        version: 0.213.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
-- !ruby/object:Gem::Dependency
-  name: debase
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-- !ruby/object:Gem::Dependency
-  name: debase-ruby_core_source
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
+        version: 0.213.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
 - !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -276,7 +248,6 @@ files:
 - helpers/v2/lib/functions/version_resolver.rb
 - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
 - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
-- helpers/v2/monkey_patches/endpoint_specification_patch.rb
 - helpers/v2/monkey_patches/git_source_patch.rb
 - helpers/v2/run.rb
 - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
@@ -332,14 +303,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Ruby (bundler) support for dependabot

data/helpers/v2/monkey_patches/endpoint_specification_patch.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require "bundler/endpoint_specification"
-
-module EndpointSpecificationPatch
-  def required_ruby_version
-    @required_ruby_version ||= Gem::Requirement.default
-  end
-
-  def required_rubygems_version
-    @required_rubygems_version ||= Gem::Requirement.default
-  end
-end
-
-Bundler::EndpointSpecification.prepend(EndpointSpecificationPatch)