RubyGems - dependabot-bundler - Versions diffs - 0.215.0 → 0.216.0 - Mend

dependabot-bundler 0.215.0 → 0.216.0

Files changed (28) hide show

checksums.yaml +4 -4
data/helpers/v1/build +15 -9
data/helpers/v1/lib/functions/file_parser.rb +9 -3
data/helpers/v1/run.rb +1 -1
data/helpers/v2/build +0 -9
data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb +0 -2
data/helpers/v2/lib/functions/file_parser.rb +9 -3
data/helpers/v2/lib/functions/force_updater.rb +19 -48
data/helpers/v2/lib/functions/lockfile_updater.rb +15 -11
data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb +1 -1
data/helpers/v2/monkey_patches/git_source_patch.rb +6 -0
data/helpers/v2/run.rb +1 -1
data/helpers/v2/spec/functions/force_updater_spec.rb +1 -1
data/lib/dependabot/bundler/file_fetcher.rb +10 -1
data/lib/dependabot/bundler/file_parser.rb +1 -14
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +11 -17
data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +1 -1
data/lib/dependabot/bundler/file_updater.rb +1 -2
data/lib/dependabot/bundler/metadata_finder.rb +3 -1
data/lib/dependabot/bundler/native_helpers.rb +0 -1
data/lib/dependabot/bundler/update_checker/file_preparer.rb +1 -2
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +2 -1
data/lib/dependabot/bundler/update_checker/version_resolver.rb +9 -2
data/lib/dependabot/bundler/update_checker.rb +2 -29
data/lib/dependabot/bundler/version.rb +2 -1
metadata +35 -34
data/helpers/v1/Gemfile +0 -11
data/helpers/v2/Gemfile +0 -12

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0b2a5932ecc497e8d807922680efc95126f022b55860e3e270f3ff905bafb958
-  data.tar.gz: f54e71c5c027e3ca7455ec0265a1b9d160a019709b9d7739d4582b0f5202168e
+  metadata.gz: 488f55b66d388c723bf2f3c5a224bc4f9475a128e8c4d988f6eefc86c7e0b33a
+  data.tar.gz: 6c8d892bb5eb351f8c5ad2ecf077c76eded7280dd47d28c478ed6eda136af10a
 SHA512:
-  metadata.gz: 8f42c1615b336fdae9490acfce61098228d29a7016ff3d2c0d236239750b207522cdcc47193eefa5b3b680215992e4f7630d73c9572d162d0fc4257bf1ec9e73
-  data.tar.gz: 37c4ee937da2a029f96e916ba8e3040cf8e1d32354dec01c7d4c7dd9c196a6bf7f8240ec36ef292872347b3f83fd40b1dd7b549d0b3ccfa139740ea97c12aa94
+  metadata.gz: 36a34e2574d1ac85878d1c120992045f89271e3a258fc1811fad2b9f665255b5ab2571f7bfd9524fab4592625fe6db4f30a6f0166b2a99fbd7053bebb4e758df
+  data.tar.gz: 770e917cdf8e5e0750dcdd115b5bc3b64b436fdc493570a89d7ad0bec06b6b44dfcfc03744adec8ad0935345b13db4c8a6ec40e06d5326d0408acf9eb6932132

data/helpers/v1/build CHANGED Viewed

@@ -14,7 +14,6 @@ else
     "$helpers_dir/lib" \
     "$helpers_dir/monkey_patches" \
     "$helpers_dir/run.rb" \
-    "$helpers_dir/Gemfile" \
     "$install_dir"
 fi
@@ -24,12 +23,19 @@ export GEM_HOME=$install_dir/.bundle
 gem install bundler -v 1.17.3 --no-document
-BUNDLER_VERSION=1.17.3 bundle config --local path.system true
-if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  BUNDLER_VERSION=1.17.3 bundle config --local without "test"
+if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
+  # NOTE: For native helper specs, Bundler 2 happily reuses test gems installed
+  # by the main spec suite, because Bundler automatically searches for Gemfiles
+  # in parent directories, so we don't need any extra install for native helper
+  # specs.
+  #
+  # However, Bundler 1 installs gems to a slightly different folder structure by
+  # default, so we need to make sure to explicit install test gems with Bundler
+  # 1 so that they can be found by Bundler 1. In addition to that, Bundler 1 is
+  # very picky about the `BUNDLED WITH` section in the lockfile, which has been
+  # generated with Bundler 2 for the main spec suite. So we also need to delete
+  # the previously generated lockfile first, so that it has the format Bundler 1
+  # likes.
+  rm -f ../../Gemfile.lock
+  BUNDLER_VERSION=1.17.3 bundle install
 fi
-# NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
-# forcing native helpers to run with the same version
-BUNDLER_VERSION=1.17.3 bundle install

data/helpers/v1/lib/functions/file_parser.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Functions
     def parsed_gemfile(gemfile_name:)
       Bundler::Definition.build(gemfile_name, nil, {}).
         dependencies.select(&:current_platform?).
-        reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
+        reject { |dep| local_sources.include?(dep.source.class) }.
         map { |dep| serialize_bundler_dependency(dep) }
     end
@@ -103,10 +103,16 @@ module Functions
         NilClass,
         Bundler::Source::Rubygems,
         Bundler::Source::Git,
-        Bundler::Source::Path,
-        Bundler::Source::Gemspec,
+        *local_sources,
         Bundler::Source::Metadata
       ]
     end
+    def local_sources
+      [
+        Bundler::Source::Path,
+        Bundler::Source::Gemspec
+      ]
+    end
   end
 end

data/helpers/v1/run.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 gem "bundler", "~> 1.17"
-require "bundler/setup"
+require "bundler"
 require "json"
 $LOAD_PATH.unshift(File.expand_path("./lib", __dir__))

data/helpers/v2/build CHANGED Viewed

@@ -14,7 +14,6 @@ else
     "$helpers_dir/lib" \
     "$helpers_dir/monkey_patches" \
     "$helpers_dir/run.rb" \
-    "$helpers_dir/Gemfile" \
     "$install_dir"
 fi
@@ -25,11 +24,3 @@ default_version=$(ruby -rbundler -e'print Bundler::VERSION')
 export GEM_HOME=$install_dir/.bundle
 gem install bundler -v "$default_version" --no-document
-bundle config --local path.system true
-if [ -n "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  bundle config --local without "test"
-fi
-bundle install

data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb CHANGED Viewed

@@ -16,8 +16,6 @@ module Functions
     #   * version [String] the version of the blocking dependency
     #   * requirement [String] the requirement on the target_dependency
     def conflicting_dependencies
-      Bundler.settings.set_command_option("only_update_to_newer_versions", true)
       parent_specs.flat_map do |parent_spec|
         top_level_specs_for(parent_spec).map do |top_level|
           dependency = parent_spec.dependencies.find { |bd| bd.name == dependency_name }

data/helpers/v2/lib/functions/file_parser.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Functions
     def parsed_gemfile(gemfile_name:)
       Bundler::Definition.build(gemfile_name, nil, {}).
         dependencies.select(&:current_platform?).
-        reject { |dep| dep.source.is_a?(Bundler::Source::Gemspec) }.
+        reject { |dep| local_sources.include?(dep.source.class) }.
         map { |dep| serialize_bundler_dependency(dep) }
     end
@@ -103,10 +103,16 @@ module Functions
         NilClass,
         Bundler::Source::Rubygems,
         Bundler::Source::Git,
-        Bundler::Source::Path,
-        Bundler::Source::Gemspec,
+        *local_sources,
         Bundler::Source::Metadata
       ]
     end
+    def local_sources
+      [
+        Bundler::Source::Path,
+        Bundler::Source::Gemspec
+      ]
+    end
   end
 end

data/helpers/v2/lib/functions/force_updater.rb CHANGED Viewed

@@ -14,21 +14,13 @@ module Functions
     end
     def run
-      # Only allow upgrades. Otherwise it's unlikely that this
-      # resolution will be found by the FileUpdater
-      Bundler.settings.set_command_option(
-        "only_update_to_newer_versions",
-        true
-      )
       dependencies_to_unlock = []
       begin
         definition = build_definition(dependencies_to_unlock: dependencies_to_unlock)
         definition.resolve_remotely!
         specs = definition.resolve
-        updates = [{ name: dependency_name }] +
-                  dependencies_to_unlock.map { |dep| { name: dep.name } }
+        updates = ([dependency_name, *dependencies_to_unlock] - subdependencies).uniq.map { |name| { name: name } }
         specs = specs.map do |dep|
           {
             name: dep.name,
@@ -36,7 +28,7 @@ module Functions
           }
         end
         [updates, specs]
-      rescue Bundler::VersionConflict => e
+      rescue Bundler::SolveFailure => e
         raise unless update_multiple_dependencies?
         # TODO: Not sure this won't unlock way too many things...
@@ -48,7 +40,7 @@ module Functions
         raise if new_dependencies_to_unlock.none?
-        dependencies_to_unlock += new_dependencies_to_unlock
+        dependencies_to_unlock |= new_dependencies_to_unlock
         retry
       end
     end
@@ -61,47 +53,26 @@ module Functions
     alias update_multiple_dependencies? update_multiple_dependencies
     def new_dependencies_to_unlock_from(error:, already_unlocked:)
-      potentials_deps =
-        relevant_conflicts(error, already_unlocked).
-        flat_map(&:requirement_trees).
-        reject do |tree|
-          # If the final requirement wasn't specific, it can't be binding
-          next true if tree.last.requirement == Gem::Requirement.new(">= 0")
-          # If the conflict wasn't for the dependency we're updating then
-          # we don't have enough info to reject it
-          next false unless tree.last.name == dependency_name
-          # If the final requirement *was* for the dependency we're updating
-          # then we can ignore the tree if it permits the target version
-          tree.last.requirement.satisfied_by?(
-            Gem::Version.new(target_version)
-          )
-        end.map(&:first)
+      names = [*already_unlocked, dependency_name]
+      extra_names_to_unlock = []
-      potentials_deps.
-        reject { |dep| already_unlocked.map(&:name).include?(dep.name) }.
-        reject { |dep| [dependency_name, "ruby\0"].include?(dep.name) }.
-        uniq
-    end
+      incompatibility = error.cause.incompatibility
-    def relevant_conflicts(error, dependencies_being_unlocked)
-      names = [*dependencies_being_unlocked.map(&:name), dependency_name]
-      # For a conflict to be relevant to the updates we're making it must be
-      # 1) caused by a new requirement introduced by our unlocking, or
-      # 2) caused by an old requirement that prohibits the update.
-      # Hence, we look at the beginning and end of the requirement trees
-      error.cause.conflicts.values.
-        select do |conflict|
-          conflict.requirement_trees.any? do |t|
-            names.include?(t.last.name) || names.include?(t.first.name)
-          end
+      while incompatibility.conflict?
+        cause = incompatibility.cause
+        incompatibility = cause.incompatibility
+        incompatibility.terms.each do |term|
+          name = term.package.name
+          extra_names_to_unlock << name unless names.include?(name)
         end
+      end
+      extra_names_to_unlock
     end
     def build_definition(dependencies_to_unlock:)
-      gems_to_unlock = dependencies_to_unlock.map(&:name) + [dependency_name]
+      gems_to_unlock = dependencies_to_unlock + [dependency_name]
       definition = Bundler::Definition.build(
         gemfile_name,
         lockfile_name,
@@ -147,10 +118,10 @@ module Functions
       return [] unless lockfile
       all_deps =  Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s)
+                  specs.map(&:name)
       top_level = Bundler::Definition.
                   build(gemfile_name, lockfile_name, {}).
-                  dependencies.map(&:name).map(&:to_s)
+                  dependencies.map(&:name)
       all_deps - top_level
     end

data/helpers/v2/lib/functions/lockfile_updater.rb CHANGED Viewed

@@ -50,7 +50,7 @@ module Functions
         definition.to_lock
       rescue Bundler::GemNotFound => e
         unlock_yanked_gem(dependencies_to_unlock, e) && retry
-      rescue Bundler::VersionConflict => e
+      rescue Bundler::SolveFailure => e
         unlock_blocking_subdeps(dependencies_to_unlock, e) && retry
       rescue *RETRYABLE_ERRORS
         raise if @retrying
@@ -146,7 +146,6 @@ module Functions
       dependencies_to_unlock << gem_name
     end
-    # rubocop:disable Metrics/PerceivedComplexity
     def unlock_blocking_subdeps(dependencies_to_unlock, error)
       all_deps =  Bundler::LockfileParser.new(lockfile).
                   specs.map(&:name).map(&:to_s)
@@ -158,22 +157,27 @@ module Functions
       # Unlock any sub-dependencies that Bundler reports caused the
       # conflict
-      potentials_deps =
-        error.cause.conflicts.values.
-        flat_map(&:requirement_trees).
-        filter_map do |tree|
-          tree.find { |req| allowed_new_unlocks.include?(req.name) }
-        end.map(&:name)
+      incompatibility = error.cause.incompatibility
+      potential_deps = []
+      while incompatibility.conflict?
+        cause = incompatibility.cause
+        incompatibility = cause.incompatibility
+        incompatibility.terms.each do |term|
+          name = term.package.name
+          potential_deps << name if allowed_new_unlocks.include?(name)
+        end
+      end
       # If there are specific dependencies we can unlock, unlock them
-      return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
+      return dependencies_to_unlock.append(*potential_deps) if potential_deps.any?
       # Fall back to unlocking *all* sub-dependencies. This is required
-      # because Bundler's VersionConflict objects don't include enough
+      # because Bundler's SolveFailure objects don't include enough
       # information to chart the full path through all conflicts unwound
       dependencies_to_unlock.append(*allowed_new_unlocks)
     end
-    # rubocop:enable Metrics/PerceivedComplexity
     def build_definition(dependencies_to_unlock)
       defn = Bundler::Definition.build(

data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module BundlerDefinitionRubyVersionPatch
         Gem::Specification.new("Ruby\0", requested_version)
     end
-    %w(2.5.3 2.6.10 2.7.6 3.0.4).each do |version|
+    %w(2.5.3 2.6.10 2.7.7 3.0.5 3.2.1).each do |version|
       sources.metadata_source.specs << Gem::Specification.new("Ruby\0", version)
     end

data/helpers/v2/monkey_patches/git_source_patch.rb CHANGED Viewed

@@ -11,6 +11,10 @@ module Bundler
         # Bundler allows ssh authentication when talking to GitHub but there's
         # no way for Dependabot to do so (it doesn't have any ssh keys).
         # Instead, we convert all `git@github.com:` URLs to use HTTPS.
+        def configured_uri
+          configured_uri_for(uri)
+        end
         def configured_uri_for(uri)
           uri = uri.gsub(%r{git@(.*?):/?}, 'https://\1/')
           if /https?:/.match?(uri)
@@ -18,6 +22,8 @@ module Bundler
             config_auth = Bundler.settings[remote.to_s] || Bundler.settings[remote.host]
             remote.userinfo ||= config_auth
             remote.to_s
+          elsif File.exist?(uri)
+            "file://#{uri}"
           else
             uri
           end

data/helpers/v2/run.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 gem "bundler", "~> 2.3"
-require "bundler/setup"
+require "bundler"
 require "json"
 $LOAD_PATH.unshift(File.expand_path("./lib", __dir__))

data/helpers/v2/spec/functions/force_updater_spec.rb CHANGED Viewed

@@ -38,7 +38,7 @@ RSpec.describe Functions::ForceUpdater do
       context "when updating a single dependency" do
         let(:update_multiple_dependencies) { false }
-        it { expect { force_update }.to raise_error(Bundler::VersionConflict) }
+        it { expect { force_update }.to raise_error(Bundler::SolveFailure) }
       end
     end

data/lib/dependabot/bundler/file_fetcher.rb CHANGED Viewed

@@ -23,6 +23,15 @@ module Dependabot
         "Repo must contain either a Gemfile, a gemspec, or a gems.rb."
       end
+      def package_manager_version
+        {
+          ecosystem: "bundler",
+          package_managers: {
+            "bundler" => Helpers.detected_bundler_version(lockfile)
+          }
+        }
+      end
       private
       def fetch_files
@@ -133,7 +142,7 @@ module Dependabot
         raise Dependabot::PathDependenciesNotReachable, unfetchable_gems if unfetchable_gems.any?
-        gemspec_files.tap { |ar| ar.each { |f| f.support_file = true } }
+        gemspec_files
       end
       def path_gemspec_paths

data/lib/dependabot/bundler/file_parser.rb CHANGED Viewed

@@ -24,7 +24,6 @@ module Dependabot
         dependency_set += gemspec_dependencies
         dependency_set += lockfile_dependencies
         check_external_code(dependency_set.dependencies)
-        instrument_package_manager_version
         dependency_set.dependencies
       end
@@ -44,17 +43,6 @@ module Dependabot
         end
       end
-      def instrument_package_manager_version
-        version = Helpers.detected_bundler_version(lockfile)
-        Dependabot.instrument(
-          Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED,
-          ecosystem: "bundler",
-          package_managers: {
-            "bundler" => version
-          }
-        )
-      end
       def gemfile_dependencies
         dependencies = DependencySet.new
@@ -309,8 +297,7 @@ module Dependabot
       def gemspecs
         # Path gemspecs are excluded (they're supporting files)
         @gemspecs ||= prepared_dependency_files.
-                      select { |file| file.name.end_with?(".gemspec") }.
-                      reject(&:support_file?)
+                      select { |file| file.name.end_with?(".gemspec") }
       end
       def imported_ruby_files

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -89,7 +89,7 @@ module Dependabot
             path = gemspec.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
             updated_content = updated_gemspec_content(gemspec)
-            File.write(path, sanitized_gemspec_content(updated_content))
+            File.write(path, sanitized_gemspec_content(path, updated_content))
           end
           write_ruby_version_file
@@ -115,7 +115,7 @@ module Dependabot
           path_gemspecs.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(path, sanitized_gemspec_content(file.content))
+            File.write(path, sanitized_gemspec_content(path, file.content))
           end
           specification_files.each do |file|
@@ -146,8 +146,7 @@ module Dependabot
         def top_level_gemspecs
           dependency_files.
-            select { |file| file.name.end_with?(".gemspec") }.
-            reject(&:support_file?)
+            select { |file| file.name.end_with?(".gemspec") }
         end
         def ruby_version_file
@@ -195,32 +194,27 @@ module Dependabot
           )
         end
-        def sanitized_gemspec_content(gemspec_content)
-          new_version = replacement_version_for_gemspec(gemspec_content)
+        def sanitized_gemspec_content(path, gemspec_content)
+          new_version = replacement_version_for_gemspec(path, gemspec_content)
           GemspecSanitizer.
             new(replacement_version: new_version).
             rewrite(gemspec_content)
         end
-        # rubocop:disable Metrics/PerceivedComplexity
-        def replacement_version_for_gemspec(gemspec_content)
+        def replacement_version_for_gemspec(path, gemspec_content)
           return "0.0.1" unless lockfile
-          gemspec_specs =
-            ::Bundler::LockfileParser.new(sanitized_lockfile_body).specs.
-            select { |s| gemspec_sources.include?(s.source.class) }
           gem_name =
             GemspecDependencyNameFinder.new(gemspec_content: gemspec_content).
-            dependency_name
+            dependency_name || File.basename(path, ".gemspec")
-          return gemspec_specs.first&.version || "0.0.1" unless gem_name
+          gemspec_specs =
+            ::Bundler::LockfileParser.new(sanitized_lockfile_body).specs.
+            select { |s| s.name == gem_name && gemspec_sources.include?(s.source.class) }
-          spec = gemspec_specs.find { |s| s.name == gem_name }
-          spec&.version || gemspec_specs.first&.version || "0.0.1"
+          gemspec_specs.first&.version || "0.0.1"
         end
-        # rubocop:enable Metrics/PerceivedComplexity
         def prepared_gemfile_content(file)
           content = updated_gemfile_content(file)

data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Dependabot
         class RubyVersionNotFound < StandardError; end
         RUBY_VERSIONS = %w(
-          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.7 2.7.3 3.0.1 3.1.1
+          1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.5 3.1.3 3.2.0
         ).freeze
         attr_reader :gemspec

data/lib/dependabot/bundler/file_updater.rb CHANGED Viewed

@@ -159,8 +159,7 @@ module Dependabot
       def top_level_gemspecs
         dependency_files.
-          select { |file| file.name.end_with?(".gemspec") }.
-          reject(&:support_file?)
+          select { |file| file.name.end_with?(".gemspec") }
       end
       def bundler_version

data/lib/dependabot/bundler/metadata_finder.rb CHANGED Viewed

@@ -215,10 +215,12 @@ module Dependabot
       def registry_auth_headers
         return {} unless new_source_type == "rubygems"
+        registry_host = URI(registry_url).host
         token =
           credentials.
           select { |cred| cred["type"] == "rubygems_server" }.
-          find { |cred| registry_url.include?(cred["host"]) }&.
+          find { |cred| registry_host == cred["host"] }&.
           fetch("token", nil)
         return {} unless token

data/lib/dependabot/bundler/native_helpers.rb CHANGED Viewed

@@ -45,7 +45,6 @@ module Dependabot
             function: function,
             args: args,
             env: {
-              "BUNDLE_GEMFILE" => File.join(helpers_path, "Gemfile"),
               # Prevent the GEM_HOME from being set to a folder owned by root
               "GEM_HOME" => File.join(helpers_path, ".bundle")
             }

data/lib/dependabot/bundler/update_checker/file_preparer.rb CHANGED Viewed

@@ -143,8 +143,7 @@ module Dependabot
         def top_level_gemspecs
           dependency_files.
-            select { |f| f.name.end_with?(".gemspec") }.
-            reject(&:support_file?)
+            select { |f| f.name.end_with?(".gemspec") }
         end
         def ruby_version_file

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -119,7 +119,8 @@ module Dependabot
             # We don't have access to one of repos required
             raise Dependabot::GitDependenciesNotReachable, bad_uris.uniq
           when "Bundler::GemNotFound", "Gem::InvalidSpecificationException",
-               "Bundler::VersionConflict", "Bundler::CyclicDependencyError"
+               "Bundler::VersionConflict", "Bundler::CyclicDependencyError",
+               "Bundler::SolveFailure"
             # Bundler threw an error during resolution. Any of:
             # - the gem doesn't exist in any of the specified sources
             # - the gem wasn't specified properly

data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED Viewed

@@ -140,13 +140,20 @@ module Dependabot
         end
         def ruby_lock_error?(error)
-          return false unless error.message.include?(" for the Ruby\0 version") || # Bundler 2
-                              error.message.include?(" for gem \"ruby\0\"") # Bundler 1
+          return false unless conflict_on_ruby?(error)
           return false if @gemspec_ruby_unlocked
           dependency_files.any? { |f| f.name.end_with?(".gemspec") }
         end
+        def conflict_on_ruby?(error)
+          if bundler_version == "1"
+            error.message.include?(" for gem \"ruby\0\"")
+          else
+            error.message.include?(" depends on Ruby ") && error.message.include?(" current Ruby version is ")
+          end
+        end
         def regenerate_dependency_files_without_ruby_lock
           @dependency_files =
             FilePreparer.new(

data/lib/dependabot/bundler/update_checker.rb CHANGED Viewed

@@ -60,19 +60,8 @@ module Dependabot
       end
       def updated_requirements
-        latest_version_for_req_updater =
-          if switching_source_from_git_to_rubygems?
-            git_commit_checker.local_tag_for_latest_version.fetch(:version).to_s
-          else
-            latest_version_details&.fetch(:version)&.to_s
-          end
-        latest_resolvable_version_for_req_updater =
-          if switching_source_from_git_to_rubygems?
-            latest_version_for_req_updater
-          else
-            preferred_resolvable_version_details&.fetch(:version)&.to_s
-          end
+        latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
+        latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s
         RequirementsUpdater.new(
           requirements: dependency.requirements,
@@ -298,9 +287,6 @@ module Dependabot
         # Never need to update source, unless a git_dependency
         return dependency_source_details unless git_dependency?
-        # Source becomes `nil` if switching to default rubygems
-        return nil if should_switch_source_from_git_to_rubygems?
         # Update the git tag if updating a pinned version
         if git_commit_checker.pinned_ref_looks_like_version? &&
            latest_git_tag_is_resolvable?
@@ -321,19 +307,6 @@ module Dependabot
         sources.first
       end
-      def should_switch_source_from_git_to_rubygems?
-        return false unless git_dependency?
-        return false if latest_resolvable_version_for_git_dependency.nil?
-        Gem::Version.correct?(latest_resolvable_version_for_git_dependency)
-      end
-      def switching_source_from_git_to_rubygems?
-        return false unless updated_source&.fetch(:ref, nil)
-        updated_source.fetch(:ref) != dependency_source_details.fetch(:ref)
-      end
       def force_updater
         @force_updater ||=
           ForceUpdater.new(

data/lib/dependabot/bundler/version.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
+require "dependabot/version"
 require "dependabot/utils"
 module Dependabot
   module Bundler
-    class Version < Gem::Version
+    class Version < Dependabot::Version
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.215.0
+  version: 0.216.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-07 00:00:00.000000000 Z
+date: 2023-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.215.0
+        version: 0.216.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.215.0
+        version: 0.216.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.7.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -86,70 +86,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.12'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.48.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.48.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: 1.17.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: 1.17.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
 - !ruby/object:Gem::Dependency
   name: simplecov-console
   requirement: !ruby/object:Gem::Requirement
@@ -182,39 +182,39 @@ dependencies:
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.18'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
-description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
-  Rust, Java, .NET, Elm and Go
-email: support@dependabot.com
+        version: '3.18'
+description: Dependabot-Bundler provides support for bumping Ruby (bundler) gems via
+  Dependabot. If you want support for multiple package managers, you probably want
+  the meta-gem dependabot-omnibus.
+email: opensource@github.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - helpers/v1/.gitignore
-- helpers/v1/Gemfile
 - helpers/v1/build
 - helpers/v1/lib/functions.rb
 - helpers/v1/lib/functions/conflicting_dependency_resolver.rb
@@ -237,7 +237,6 @@ files:
 - helpers/v1/spec/native_spec_helper.rb
 - helpers/v1/spec/shared_contexts.rb
 - helpers/v2/.gitignore
-- helpers/v2/Gemfile
 - helpers/v2/build
 - helpers/v2/lib/functions.rb
 - helpers/v2/lib/functions/conflicting_dependency_resolver.rb
@@ -295,7 +294,9 @@ files:
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
-metadata: {}
+metadata:
+  issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -311,8 +312,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.1.0
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
-summary: Ruby (bundler) support for dependabot
+summary: Provides Dependabot support for Ruby (bundler)
 test_files: []

data/helpers/v1/Gemfile DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-source "https://rubygems.org"
-# NOTE: Used to run native helper specs
-group :test do
-  gem "rspec", "~> 3.8"
-  gem "rspec-its", "~> 1.2"
-  gem "vcr", "6.1.0"
-  gem "webmock", "~> 3.4"
-end

data/helpers/v2/Gemfile DELETED Viewed

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-source "https://rubygems.org"
-# NOTE: Used to run native helper specs
-group :test do
-  gem "debug", ">= 1.0.0"
-  gem "rspec", "~> 3.8"
-  gem "rspec-its", "~> 1.2"
-  gem "vcr", "6.1.0"
-  gem "webmock", "~> 3.4"
-end