dependabot-bundler 0.212.0 → 0.214.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/build +22 -14
  3. data/helpers/v1/lib/functions/file_parser.rb +1 -1
  4. data/helpers/v1/lib/functions/lockfile_updater.rb +1 -1
  5. data/helpers/v1/lib/functions/version_resolver.rb +1 -1
  6. data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +3 -2
  7. data/helpers/v1/spec/native_spec_helper.rb +1 -1
  8. data/helpers/v2/build +24 -14
  9. data/helpers/v2/lib/functions/file_parser.rb +2 -3
  10. data/helpers/v2/lib/functions/lockfile_updater.rb +1 -1
  11. data/helpers/v2/lib/functions/version_resolver.rb +6 -6
  12. data/helpers/v2/monkey_patches/definition_bundler_version_patch.rb +1 -3
  13. data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb +3 -2
  14. data/helpers/v2/run.rb +0 -1
  15. data/helpers/v2/spec/functions/file_parser_spec.rb +6 -6
  16. data/lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb +23 -19
  17. data/lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb +61 -0
  18. data/lib/dependabot/bundler/file_parser.rb +9 -4
  19. data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +3 -3
  20. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +3 -4
  21. data/lib/dependabot/bundler/file_updater/requirement_replacer.rb +1 -1
  22. data/lib/dependabot/bundler/helpers.rb +1 -1
  23. data/lib/dependabot/bundler/metadata_finder.rb +11 -1
  24. data/lib/dependabot/bundler/requirement.rb +1 -1
  25. data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb +2 -0
  26. data/lib/dependabot/bundler/update_checker/file_preparer.rb +1 -1
  27. data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +4 -5
  28. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +7 -11
  29. metadata +14 -56
  30. data/helpers/v2/monkey_patches/endpoint_specification_patch.rb +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b08c43d9300e9e7fa9b6d5f0e3e0631638a6e9785385688079fdc91fa4ad5aaf
4
- data.tar.gz: 4958a4a8e3a18c4b533891917c85b71f75fe94c002faac703240eef60e24cfad
3
+ metadata.gz: aeeaf55a8d471bff5aa808882909ea46525bc6e77ec7ed897539f88b37e77378
4
+ data.tar.gz: da7945db8b40b9236c17d09b052689a1bd59a895dba5a9669b6d858416d189ed
5
5
  SHA512:
6
- metadata.gz: c808f814bde969264d27a002a03839c07b7654f013154b3287b9b3259568c795bcd1b4a4fd346a3c9496aee2e8364243832baad5cdf02bfbeb2add6f844fc885
7
- data.tar.gz: 5caf001d47e54cca9efac60192e772aafdc5038add498779d96e5f722568d260e0adbc3503c382600805d9c2ea012101bc346e1f9c62607dfc1506763e008de7
6
+ metadata.gz: 920be492f53f96a03f29299fd58b044164c8362ddc1dd569d479ed559b817e46c19d4fffbbd2d941ff92febc72bac0da9452ef8bc8716d4158b22b3a4b1f1211
7
+ data.tar.gz: 5e46553edaf768e6dfbbd67d12ae2d57112d28ba3f44405d2df788e0790aa9fa2adfdcd597e1edbddfc7b8b47ed3a786c33b79d773ce404f0c562f4f700c4b02
data/helpers/v1/build CHANGED
@@ -2,26 +2,34 @@
2
2
 
3
3
  set -e
4
4
 
5
+ helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
6
+
5
7
  if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
- echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
- exit 1
8
+ install_dir="$helpers_dir"
9
+ else
10
+ install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
11
+ mkdir -p "$install_dir"
12
+
13
+ cp -r \
14
+ "$helpers_dir/lib" \
15
+ "$helpers_dir/monkey_patches" \
16
+ "$helpers_dir/run.rb" \
17
+ "$helpers_dir/Gemfile" \
18
+ "$install_dir"
8
19
  fi
9
20
 
10
- install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
11
- mkdir -p "$install_dir"
21
+ cd "$install_dir"
12
22
 
13
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
- cp -r \
15
- "$helpers_dir/lib" \
16
- "$helpers_dir/monkey_patches" \
17
- "$helpers_dir/run.rb" \
18
- "$helpers_dir/Gemfile" \
19
- "$install_dir"
23
+ export GEM_HOME=$install_dir/.bundle
20
24
 
21
- cd "$install_dir"
25
+ gem install bundler -v 1.17.3 --no-document
26
+
27
+ BUNDLER_VERSION=1.17.3 bundle config --local path.system true
28
+
29
+ if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
30
+ BUNDLER_VERSION=1.17.3 bundle config --local without "test"
31
+ fi
22
32
 
23
33
  # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
24
34
  # forcing native helpers to run with the same version
25
- BUNDLER_VERSION=1.17.3 bundle config --local path ".bundle"
26
- BUNDLER_VERSION=1.17.3 bundle config --local without "test"
27
35
  BUNDLER_VERSION=1.17.3 bundle install
@@ -66,7 +66,7 @@ module Functions
66
66
  def git_source_details(source)
67
67
  {
68
68
  url: source.uri,
69
- branch: source.branch || "master",
69
+ branch: source.branch,
70
70
  ref: source.ref
71
71
  }
72
72
  end
@@ -10,7 +10,7 @@ module Functions
10
10
  locked\sto\s(?<name>[^\s]+)\s\(|
11
11
  not\sfind\s(?<name>[^\s]+)-\d|
12
12
  has\s(?<name>[^\s]+)\slocked\sat
13
- /x.freeze
13
+ /x
14
14
 
15
15
  def initialize(gemfile_name:, lockfile_name:, dependencies:)
16
16
  @gemfile_name = gemfile_name
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Functions
4
4
  class VersionResolver
5
- GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
5
+ GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
6
6
 
7
7
  attr_reader :dependency_name, :dependency_requirements,
8
8
  :gemfile_name, :lockfile_name
@@ -11,8 +11,9 @@ module BundlerDefinitionRubyVersionPatch
11
11
  Gem::Specification.new("ruby\0", requested_version)
12
12
  end
13
13
 
14
- sources.metadata_source.specs <<
15
- Gem::Specification.new("ruby\0", "2.5.3p105")
14
+ %w(2.5.3p105 2.6.10p210 2.7.6p219 3.0.4p208).each do |version|
15
+ sources.metadata_source.specs << Gem::Specification.new("ruby\0", version)
16
+ end
16
17
  end
17
18
  end
18
19
  end
@@ -25,7 +25,7 @@ end
25
25
 
26
26
  # Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
27
27
  # TODO: Stop sanitizing the lockfile once we have bundler 2 installed
28
- LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
28
+ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
29
29
 
30
30
  def project_dependency_files(project)
31
31
  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
data/helpers/v2/build CHANGED
@@ -2,24 +2,34 @@
2
2
 
3
3
  set -e
4
4
 
5
+ helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
6
+
5
7
  if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
- echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
- exit 1
8
+ install_dir="$helpers_dir"
9
+ else
10
+ install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
11
+ mkdir -p "$install_dir"
12
+
13
+ cp -r \
14
+ "$helpers_dir/lib" \
15
+ "$helpers_dir/monkey_patches" \
16
+ "$helpers_dir/run.rb" \
17
+ "$helpers_dir/Gemfile" \
18
+ "$install_dir"
8
19
  fi
9
20
 
10
- install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v2"
11
- mkdir -p "$install_dir"
21
+ cd "$install_dir"
12
22
 
13
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
- cp -r \
15
- "$helpers_dir/lib" \
16
- "$helpers_dir/monkey_patches" \
17
- "$helpers_dir/run.rb" \
18
- "$helpers_dir/Gemfile" \
19
- "$install_dir"
23
+ default_version=$(ruby -rbundler -e'print Bundler::VERSION')
20
24
 
21
- cd "$install_dir"
25
+ export GEM_HOME=$install_dir/.bundle
26
+
27
+ gem install bundler -v "$default_version" --no-document
28
+
29
+ bundle config --local path.system true
30
+
31
+ if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
32
+ bundle config --local without "test"
33
+ fi
22
34
 
23
- bundle config --local path ".bundle"
24
- bundle config --local without "test"
25
35
  bundle install
@@ -63,12 +63,11 @@ module Functions
63
63
  details
64
64
  end
65
65
 
66
- # TODO: Remove default `master` branch
67
66
  def git_source_details(source)
68
67
  {
69
68
  url: source.uri,
70
- branch: source.branch || "master",
71
- ref: source.ref || "master"
69
+ branch: source.branch,
70
+ ref: source.ref
72
71
  }
73
72
  end
74
73
 
@@ -10,7 +10,7 @@ module Functions
10
10
  locked\sto\s(?<name>[^\s]+)\s\(|
11
11
  not\sfind\s(?<name>[^\s]+)-\d|
12
12
  has\s(?<name>[^\s]+)\slocked\sat
13
- /x.freeze
13
+ /x
14
14
  DEPENDENCY_DROPPED = "_dependency_dropped_"
15
15
 
16
16
  def initialize(gemfile_name:, lockfile_name:, dependencies:)
@@ -2,7 +2,7 @@
2
2
 
3
3
  module Functions
4
4
  class VersionResolver
5
- GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
5
+ GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/
6
6
 
7
7
  attr_reader :dependency_name, :dependency_requirements,
8
8
  :gemfile_name, :lockfile_name
@@ -16,6 +16,11 @@ module Functions
16
16
  end
17
17
 
18
18
  def version_details
19
+ # If the dependency is Bundler itself then we can't trust the
20
+ # version that has been returned (it's the version Dependabot is
21
+ # running on, rather than the true latest resolvable version).
22
+ return nil if dependency_name == "bundler"
23
+
19
24
  dep = dependency_from_definition
20
25
 
21
26
  # If the dependency wasn't found in the definition, but *is*
@@ -28,11 +33,6 @@ module Functions
28
33
  # subdependency that was removed when attempting to update it.
29
34
  return nil if dep.nil?
30
35
 
31
- # If the dependency is Bundler itself then we can't trust the
32
- # version that has been returned (it's the version Dependabot is
33
- # running on, rather than the true latest resolvable version).
34
- return nil if dep.name == "bundler"
35
-
36
36
  details = {
37
37
  version: dep.version,
38
38
  ruby_version: ruby_version,
@@ -6,9 +6,7 @@ require "bundler/definition"
6
6
  # version available to us is the one we're using).
7
7
  module BundlerDefinitionBundlerVersionPatch
8
8
  def expanded_dependencies
9
- @expanded_dependencies ||=
10
- expand_dependencies(dependencies + metadata_dependencies, @remote).
11
- reject { |d| d.name == "bundler" }
9
+ @expanded_dependencies ||= (dependencies + metadata_dependencies).reject { |d| d.name == "bundler" }
12
10
  end
13
11
  end
14
12
 
@@ -10,8 +10,9 @@ module BundlerDefinitionRubyVersionPatch
10
10
  Gem::Specification.new("Ruby\0", requested_version)
11
11
  end
12
12
 
13
- sources.metadata_source.specs <<
14
- Gem::Specification.new("Ruby\0", "2.5.3")
13
+ %w(2.5.3 2.6.10 2.7.6 3.0.4).each do |version|
14
+ sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
15
+ end
15
16
 
16
17
  super
17
18
  end
data/helpers/v2/run.rb CHANGED
@@ -15,7 +15,6 @@ end
15
15
  # Bundler monkey patches
16
16
  require "definition_ruby_version_patch"
17
17
  require "definition_bundler_version_patch"
18
- require "endpoint_specification_patch"
19
18
  require "git_source_patch"
20
19
 
21
20
  require "functions"
@@ -51,7 +51,7 @@ RSpec.describe Functions::FileParser do
51
51
  name: "business",
52
52
  requirement: Gem::Requirement.new("~> 1.6.0"),
53
53
  source: {
54
- branch: "master",
54
+ branch: nil,
55
55
  ref: "a1b78a9",
56
56
  type: "git",
57
57
  url: "git@github.com:dependabot-fixtures/business"
@@ -70,8 +70,8 @@ RSpec.describe Functions::FileParser do
70
70
  name: "prius",
71
71
  requirement: Gem::Requirement.new(">= 0"),
72
72
  source: {
73
- branch: "master",
74
- ref: "master",
73
+ branch: nil,
74
+ ref: nil,
75
75
  type: "git",
76
76
  url: "https://github.com/dependabot-fixtures/prius"
77
77
  },
@@ -82,7 +82,7 @@ RSpec.describe Functions::FileParser do
82
82
  name: "que",
83
83
  requirement: Gem::Requirement.new(">= 0"),
84
84
  source: {
85
- branch: "master",
85
+ branch: nil,
86
86
  ref: "v0.11.6",
87
87
  type: "git",
88
88
  url: "git@github.com:dependabot-fixtures/que"
@@ -94,8 +94,8 @@ RSpec.describe Functions::FileParser do
94
94
  name: "uk_phone_numbers",
95
95
  requirement: Gem::Requirement.new(">= 0"),
96
96
  source: {
97
- branch: "master",
98
- ref: "master",
97
+ branch: nil,
98
+ ref: nil,
99
99
  type: "git",
100
100
  url: "http://github.com/dependabot-fixtures/uk_phone_numbers"
101
101
  },
@@ -8,20 +8,20 @@ module Dependabot
8
8
  class FileParser
9
9
  # Checks whether a dependency is declared in a Gemfile
10
10
  class GemfileDeclarationFinder
11
- def initialize(dependency:, gemfile:)
12
- @dependency = dependency
11
+ def initialize(gemfile:)
13
12
  @gemfile = gemfile
13
+ @declaration_nodes = {}
14
14
  end
15
15
 
16
- def gemfile_includes_dependency?
17
- !declaration_node.nil?
16
+ def gemfile_includes_dependency?(dependency)
17
+ !declaration_node(dependency).nil?
18
18
  end
19
19
 
20
- def enhanced_req_string
21
- return unless gemfile_includes_dependency?
20
+ def enhanced_req_string(dependency)
21
+ return unless gemfile_includes_dependency?(dependency)
22
22
 
23
23
  fallback_string = dependency.fetch("requirement")
24
- req_nodes = declaration_node.children[3..-1]
24
+ req_nodes = declaration_node(dependency).children[3..-1]
25
25
  req_nodes = req_nodes.reject { |child| child.type == :hash }
26
26
 
27
27
  return fallback_string if req_nodes.none?
@@ -39,31 +39,35 @@ module Dependabot
39
39
 
40
40
  private
41
41
 
42
- attr_reader :dependency, :gemfile
42
+ attr_reader :gemfile
43
43
 
44
- def declaration_node
45
- return @declaration_node if defined?(@declaration_node)
46
- return unless Parser::CurrentRuby.parse(gemfile.content)
44
+ def parsed_gemfile
45
+ @parsed_gemfile ||= Parser::CurrentRuby.parse(gemfile.content)
46
+ end
47
+
48
+ def declaration_node(dependency)
49
+ return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
50
+ return unless parsed_gemfile
47
51
 
48
- @declaration_node = nil
49
- Parser::CurrentRuby.parse(gemfile.content).children.any? do |node|
50
- @declaration_node = deep_search_for_gem(node)
52
+ @declaration_nodes[dependency] = nil
53
+ parsed_gemfile.children.any? do |node|
54
+ @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
51
55
  end
52
- @declaration_node
56
+ @declaration_nodes[dependency]
53
57
  end
54
58
 
55
- def deep_search_for_gem(node)
56
- return node if declares_targeted_gem?(node)
59
+ def deep_search_for_gem(node, dependency)
60
+ return node if declares_targeted_gem?(node, dependency)
57
61
  return unless node.is_a?(Parser::AST::Node)
58
62
 
59
63
  declaration_node = nil
60
64
  node.children.find do |child_node|
61
- declaration_node = deep_search_for_gem(child_node)
65
+ declaration_node = deep_search_for_gem(child_node, dependency)
62
66
  end
63
67
  declaration_node
64
68
  end
65
69
 
66
- def declares_targeted_gem?(node)
70
+ def declares_targeted_gem?(node, dependency)
67
71
  return false unless node.is_a?(Parser::AST::Node)
68
72
  return false unless node.children[1] == :gem
69
73
 
@@ -0,0 +1,61 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "parser/current"
4
+
5
+ module Dependabot
6
+ module Bundler
7
+ class FileParser
8
+ # Checks whether a dependency is declared in a gemspec file
9
+ class GemspecDeclarationFinder
10
+ def initialize(gemspec:)
11
+ @gemspec = gemspec
12
+ @declaration_nodes = {}
13
+ end
14
+
15
+ def gemspec_includes_dependency?(dependency)
16
+ !declaration_node(dependency).nil?
17
+ end
18
+
19
+ private
20
+
21
+ attr_reader :gemspec
22
+
23
+ def parsed_gemspec
24
+ @parsed_gemspec ||= Parser::CurrentRuby.parse(gemspec.content)
25
+ end
26
+
27
+ def declaration_node(dependency)
28
+ return @declaration_nodes[dependency] if @declaration_nodes.key?(dependency)
29
+ return unless parsed_gemspec
30
+
31
+ @declaration_nodes[dependency] = nil
32
+ parsed_gemspec.children.any? do |node|
33
+ @declaration_nodes[dependency] = deep_search_for_gem(node, dependency)
34
+ end
35
+ @declaration_nodes[dependency]
36
+ end
37
+
38
+ def deep_search_for_gem(node, dependency)
39
+ return node if declares_targeted_gem?(node, dependency)
40
+ return unless node.is_a?(Parser::AST::Node)
41
+
42
+ declaration_node = nil
43
+ node.children.find do |child_node|
44
+ declaration_node = deep_search_for_gem(child_node, dependency)
45
+ end
46
+ declaration_node
47
+ end
48
+
49
+ def declares_targeted_gem?(node, dependency)
50
+ return false unless node.is_a?(Parser::AST::Node)
51
+
52
+ second_child = node.children[1]
53
+ allowed_declarations = %i(add_dependency add_runtime_dependency add_development_dependency)
54
+ return false unless allowed_declarations.include?(second_child)
55
+
56
+ node.children[2].children.first == dependency.fetch("name")
57
+ end
58
+ end
59
+ end
60
+ end
61
+ end
@@ -16,6 +16,7 @@ module Dependabot
16
16
  require "dependabot/file_parsers/base/dependency_set"
17
17
  require "dependabot/bundler/file_parser/file_preparer"
18
18
  require "dependabot/bundler/file_parser/gemfile_declaration_finder"
19
+ require "dependabot/bundler/file_parser/gemspec_declaration_finder"
19
20
 
20
21
  def parse
21
22
  dependency_set = DependencySet.new
@@ -60,17 +61,17 @@ module Dependabot
60
61
  return dependencies unless gemfile
61
62
 
62
63
  [gemfile, *evaled_gemfiles].each do |file|
64
+ gemfile_declaration_finder = GemfileDeclarationFinder.new(gemfile: file)
65
+
63
66
  parsed_gemfile.each do |dep|
64
- gemfile_declaration_finder =
65
- GemfileDeclarationFinder.new(dependency: dep, gemfile: file)
66
- next unless gemfile_declaration_finder.gemfile_includes_dependency?
67
+ next unless gemfile_declaration_finder.gemfile_includes_dependency?(dep)
67
68
 
68
69
  dependencies <<
69
70
  Dependency.new(
70
71
  name: dep.fetch("name"),
71
72
  version: dependency_version(dep.fetch("name"))&.to_s,
72
73
  requirements: [{
73
- requirement: gemfile_declaration_finder.enhanced_req_string,
74
+ requirement: gemfile_declaration_finder.enhanced_req_string(dep),
74
75
  groups: dep.fetch("groups").map(&:to_sym),
75
76
  source: dep.fetch("source")&.transform_keys(&:to_sym),
76
77
  file: file.name
@@ -87,7 +88,11 @@ module Dependabot
87
88
  dependencies = DependencySet.new
88
89
 
89
90
  gemspecs.each do |gemspec|
91
+ gemspec_declaration_finder = GemspecDeclarationFinder.new(gemspec: gemspec)
92
+
90
93
  parsed_gemspec(gemspec).each do |dependency|
94
+ next unless gemspec_declaration_finder.gemspec_includes_dependency?(dependency)
95
+
91
96
  dependencies <<
92
97
  Dependency.new(
93
98
  name: dependency.fetch("name"),
@@ -29,7 +29,7 @@ module Dependabot
29
29
 
30
30
  content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency)
31
31
 
32
- content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency)
32
+ content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency, gemfile)
33
33
  end
34
34
 
35
35
  content
@@ -81,10 +81,10 @@ module Dependabot
81
81
  new_gemfile_req[:source].nil?
82
82
  end
83
83
 
84
- def update_git_pin?(dependency)
84
+ def update_git_pin?(dependency, file)
85
85
  new_gemfile_req =
86
86
  dependency.requirements.
87
- find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
87
+ find { |f| f[:file] == file.name }
88
88
  return false unless new_gemfile_req&.dig(:source, :type) == "git"
89
89
 
90
90
  # If the new requirement is a git dependency with a ref then there's
@@ -18,10 +18,9 @@ module Dependabot
18
18
  require_relative "gemspec_dependency_name_finder"
19
19
  require_relative "ruby_requirement_setter"
20
20
 
21
- LOCKFILE_ENDING =
22
- /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
23
- GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m.freeze
24
- GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m.freeze
21
+ LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
22
+ GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m
23
+ GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m
25
24
 
26
25
  # Can't be a constant because some of these don't exist in bundler
27
26
  # 1.15, which Heroku uses, which causes an exception on boot.
@@ -167,7 +167,7 @@ module Dependabot
167
167
  req_string.include?(" ")
168
168
  end
169
169
 
170
- EQUALITY_OPERATOR = /(?<![<>!])=/.freeze
170
+ EQUALITY_OPERATOR = /(?<![<>!])=/
171
171
 
172
172
  def use_equality_operator?(requirement_nodes)
173
173
  return true if requirement_nodes.none?
@@ -13,7 +13,7 @@ module Dependabot
13
13
  # it was created with an old version that didn't add this information
14
14
  FAILOVER = V1
15
15
 
16
- BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
16
+ BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
17
17
 
18
18
  def self.bundler_version(lockfile)
19
19
  return DEFAULT unless lockfile
@@ -196,12 +196,22 @@ module Dependabot
196
196
  end
197
197
 
198
198
  def registry_url
199
- return "https://rubygems.org/" if new_source_type == "default"
199
+ return base_url if new_source_type == "default"
200
200
 
201
201
  info = dependency.requirements.filter_map { |r| r[:source] }.first
202
202
  info[:url] || info.fetch("url")
203
203
  end
204
204
 
205
+ def base_url
206
+ return @base_url if defined?(@base_url)
207
+
208
+ credential = credentials.find do |cred|
209
+ cred["type"] == "rubygems_server" && cred["replaces-base"] == true
210
+ end
211
+ host = credential ? credential["host"] : "rubygems.org"
212
+ @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))
213
+ end
214
+
205
215
  def registry_auth_headers
206
216
  return {} unless new_source_type == "rubygems"
207
217
 
@@ -5,7 +5,7 @@ require "dependabot/utils"
5
5
  module Dependabot
6
6
  module Bundler
7
7
  class Requirement < Gem::Requirement
8
- # For consistency with other langauges, we define a requirements array.
8
+ # For consistency with other languages, we define a requirements array.
9
9
  # Ruby doesn't have an `OR` separator for requirements, so it always
10
10
  # contains a single element.
11
11
  def self.requirements_array(requirement_string)
@@ -31,6 +31,8 @@ module Dependabot
31
31
  # * version [String] the version of the blocking dependency
32
32
  # * requirement [String] the requirement on the target_dependency
33
33
  def conflicting_dependencies(dependency:, target_version:)
34
+ return [] if lockfile.nil?
35
+
34
36
  in_a_native_bundler_context(error_handling: false) do |tmp_dir|
35
37
  NativeHelpers.run_bundler_subprocess(
36
38
  bundler_version: bundler_version,
@@ -24,7 +24,7 @@ module Dependabot
24
24
  # version allowed by the gemspec, if the gemspec has a required ruby
25
25
  # version range
26
26
  class FilePreparer
27
- VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
27
+ VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
28
28
 
29
29
  # Can't be a constant because some of these don't exist in bundler
30
30
  # 1.15, which Heroku uses, which causes an exception on boot.
@@ -81,18 +81,17 @@ module Dependabot
81
81
  end
82
82
 
83
83
  def filter_lower_versions(versions_array)
84
- return versions_array unless dependency.version && Gem::Version.correct?(dependency.version)
84
+ return versions_array unless dependency.numeric_version
85
85
 
86
86
  versions_array.
87
- select { |version| version > Gem::Version.new(dependency.version) }
87
+ select { |version| version > dependency.numeric_version }
88
88
  end
89
89
 
90
90
  def wants_prerelease?
91
91
  @wants_prerelease ||=
92
92
  begin
93
- current_version = dependency.version
94
- if current_version && Gem::Version.correct?(current_version) &&
95
- Gem::Version.new(current_version).prerelease?
93
+ current_version = dependency.numeric_version
94
+ if current_version&.prerelease?
96
95
  true
97
96
  else
98
97
  dependency.requirements.any? do |req|
@@ -14,19 +14,15 @@ module Dependabot
14
14
  module Bundler
15
15
  class UpdateChecker
16
16
  module SharedBundlerHelpers
17
- GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/.freeze
18
- GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./.freeze
19
- PATH_REGEX = /The path `(?<path>.*)` does not exist/.freeze
17
+ GIT_REGEX = /reset --hard [^\s]*` in directory (?<path>[^\s]*)/
18
+ GIT_REF_REGEX = /not exist in the repository (?<path>[^\s]*)\./
19
+ PATH_REGEX = /The path `(?<path>.*)` does not exist/
20
20
 
21
21
  module BundlerErrorPatterns
22
- MISSING_AUTH_REGEX =
23
- /bundle config (?<source>.*) username:password/.freeze
24
- BAD_AUTH_REGEX =
25
- /Bad username or password for (?<source>.*)\.$/.freeze
26
- BAD_CERT_REGEX =
27
- /verify the SSL certificate for (?<source>.*)\.$/.freeze
28
- HTTP_ERR_REGEX =
29
- /Could not fetch specs from (?<source>.*)$/.freeze
22
+ MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
23
+ BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
24
+ BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
25
+ HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
30
26
  end
31
27
 
32
28
  RETRYABLE_ERRORS = %w(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.212.0
4
+ version: 0.214.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-06 00:00:00.000000000 Z
11
+ date: 2022-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.212.0
19
+ version: 0.214.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.212.0
27
- - !ruby/object:Gem::Dependency
28
- name: debase
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - '='
32
- - !ruby/object:Gem::Version
33
- version: 0.2.3
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - '='
39
- - !ruby/object:Gem::Version
40
- version: 0.2.3
41
- - !ruby/object:Gem::Dependency
42
- name: debase-ruby_core_source
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - '='
46
- - !ruby/object:Gem::Version
47
- version: 0.10.16
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - '='
53
- - !ruby/object:Gem::Version
54
- version: 0.10.16
26
+ version: 0.214.0
55
27
  - !ruby/object:Gem::Dependency
56
28
  name: debug
57
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
86
58
  requirements:
87
59
  - - "~>"
88
60
  - !ruby/object:Gem::Version
89
- version: 3.12.0
61
+ version: 4.0.0
90
62
  type: :development
91
63
  prerelease: false
92
64
  version_requirements: !ruby/object:Gem::Requirement
93
65
  requirements:
94
66
  - - "~>"
95
67
  - !ruby/object:Gem::Version
96
- version: 3.12.0
68
+ version: 4.0.0
97
69
  - !ruby/object:Gem::Dependency
98
70
  name: rake
99
71
  requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
142
114
  requirements:
143
115
  - - "~>"
144
116
  - !ruby/object:Gem::Version
145
- version: 1.36.0
117
+ version: 1.39.0
146
118
  type: :development
147
119
  prerelease: false
148
120
  version_requirements: !ruby/object:Gem::Requirement
149
121
  requirements:
150
122
  - - "~>"
151
123
  - !ruby/object:Gem::Version
152
- version: 1.36.0
124
+ version: 1.39.0
153
125
  - !ruby/object:Gem::Dependency
154
126
  name: rubocop-performance
155
127
  requirement: !ruby/object:Gem::Requirement
156
128
  requirements:
157
129
  - - "~>"
158
130
  - !ruby/object:Gem::Version
159
- version: 1.14.2
160
- type: :development
161
- prerelease: false
162
- version_requirements: !ruby/object:Gem::Requirement
163
- requirements:
164
- - - "~>"
165
- - !ruby/object:Gem::Version
166
- version: 1.14.2
167
- - !ruby/object:Gem::Dependency
168
- name: ruby-debug-ide
169
- requirement: !ruby/object:Gem::Requirement
170
- requirements:
171
- - - "~>"
172
- - !ruby/object:Gem::Version
173
- version: 0.7.3
131
+ version: 1.15.0
174
132
  type: :development
175
133
  prerelease: false
176
134
  version_requirements: !ruby/object:Gem::Requirement
177
135
  requirements:
178
136
  - - "~>"
179
137
  - !ruby/object:Gem::Version
180
- version: 0.7.3
138
+ version: 1.15.0
181
139
  - !ruby/object:Gem::Dependency
182
140
  name: simplecov
183
141
  requirement: !ruby/object:Gem::Requirement
@@ -290,7 +248,6 @@ files:
290
248
  - helpers/v2/lib/functions/version_resolver.rb
291
249
  - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
292
250
  - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
293
- - helpers/v2/monkey_patches/endpoint_specification_patch.rb
294
251
  - helpers/v2/monkey_patches/git_source_patch.rb
295
252
  - helpers/v2/run.rb
296
253
  - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
@@ -310,6 +267,7 @@ files:
310
267
  - lib/dependabot/bundler/file_parser.rb
311
268
  - lib/dependabot/bundler/file_parser/file_preparer.rb
312
269
  - lib/dependabot/bundler/file_parser/gemfile_declaration_finder.rb
270
+ - lib/dependabot/bundler/file_parser/gemspec_declaration_finder.rb
313
271
  - lib/dependabot/bundler/file_updater.rb
314
272
  - lib/dependabot/bundler/file_updater/gemfile_updater.rb
315
273
  - lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb
@@ -346,14 +304,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
346
304
  requirements:
347
305
  - - ">="
348
306
  - !ruby/object:Gem::Version
349
- version: 2.7.0
307
+ version: 3.1.0
350
308
  required_rubygems_version: !ruby/object:Gem::Requirement
351
309
  requirements:
352
310
  - - ">="
353
311
  - !ruby/object:Gem::Version
354
- version: 2.7.0
312
+ version: 3.1.0
355
313
  requirements: []
356
- rubygems_version: 3.1.6
314
+ rubygems_version: 3.3.7
357
315
  signing_key:
358
316
  specification_version: 4
359
317
  summary: Ruby (bundler) support for dependabot
@@ -1,15 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "bundler/endpoint_specification"
4
-
5
- module EndpointSpecificationPatch
6
- def required_ruby_version
7
- @required_ruby_version ||= Gem::Requirement.default
8
- end
9
-
10
- def required_rubygems_version
11
- @required_rubygems_version ||= Gem::Requirement.default
12
- end
13
- end
14
-
15
- Bundler::EndpointSpecification.prepend(EndpointSpecificationPatch)