dependabot-bundler 0.225.0 → 0.226.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ba17ad283a50a7c06199c0dd9eb7546616bbc18161b2d475587f67535c4f527
4
- data.tar.gz: e0ec3920c84e0a1df752bebd6f3f9545c50782e34a22f0933f94e3c27932c506
3
+ metadata.gz: 62e7833c9a64fc684512d74fa39ce224e18754731dddb5208d7984f920c54467
4
+ data.tar.gz: c598beadef625a3c4789a34cc52066bd96cc2b9b5a17e4c47b38ae3e2d96641c
5
5
  SHA512:
6
- metadata.gz: f7c2375065f8ce381f6b2c1293f24ba0b279416c14adba367ef6623a915a56b5e2c93ba5e382eef5cfb06487630b3291d5f5af368469db2ade9a139751d35dde
7
- data.tar.gz: 1028997b2e4d5bf9deb4b07eac0532af63aa7e4cc9fa9e59007fb61da7a44adefd6ef2ef4de7720ac6ce5cf3f8d7217c521f99baf4239641fd0197dd63497dc8
6
+ metadata.gz: 0d86274e3b7f9e971b6add631c155b67843fe5adbbf719b73934517b73824feca2eeb41ca37ab9557c9bb5737b67208f039cc7e852e73d97f3d1b40d4e77a0af
7
+ data.tar.gz: 105562225882a8b562ff3afdd2851a2fc05d7a0ee0ff61993b9688e4e5df0f6dffcb1f077e6b43a75150758d5ea1960eda2dbb30963a08bded17980d65b339c1
data/helpers/v1/run.rb CHANGED
@@ -21,25 +21,11 @@ require "resolver_spec_group_sane_eql"
21
21
 
22
22
  require "functions"
23
23
 
24
- MAX_BUNDLER_VERSION = "2.0.0"
25
-
26
- def validate_bundler_version!
27
- return true if correct_bundler_version?
28
-
29
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
30
- end
31
-
32
- def correct_bundler_version?
33
- Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
34
- end
35
-
36
24
  def output(obj)
37
25
  print JSON.dump(obj)
38
26
  end
39
27
 
40
28
  begin
41
- validate_bundler_version!
42
-
43
29
  request = JSON.parse($stdin.read)
44
30
 
45
31
  function = request["function"]
@@ -62,10 +62,13 @@ module Functions
62
62
  end
63
63
 
64
64
  def cache_vendored_gems(definition)
65
- # Dependencies that have been unlocked for the update (including
66
- # sub-dependencies)
67
- unlocked_gems = definition.instance_variable_get(:@unlock).
68
- fetch(:gems)
65
+ resolve = definition.resolve
66
+
67
+ # Dependencies that have been updated (including sub-dependencies)
68
+ updated_gems = resolve.reject do |spec|
69
+ lockfile_specs.include?(spec)
70
+ end.map(&:name).uniq
71
+
69
72
  bundler_opts = {
70
73
  cache_all: true,
71
74
  cache_all_platforms: true,
@@ -76,27 +79,30 @@ module Functions
76
79
  # Fetch and cache gems on all platforms without pruning
77
80
  Bundler::Runtime.new(nil, definition).cache
78
81
 
79
- # Only prune unlocked gems (the original implementation is in
82
+ # Only prune updated gems (the original implementation is in
80
83
  # Bundler::Runtime)
81
84
  cache_path = Bundler.app_cache
82
- resolve = definition.resolve
83
- prune_gem_cache(resolve, cache_path, unlocked_gems)
85
+ prune_gem_cache(resolve, cache_path, updated_gems)
84
86
  prune_git_and_path_cache(resolve, cache_path)
85
87
  end
86
88
  end
87
89
 
88
90
  # Copied from Bundler::Runtime: Modified to only prune gems that have
89
- # been unlocked
90
- def prune_gem_cache(resolve, cache_path, unlocked_gems)
91
+ # been updated
92
+ def prune_gem_cache(resolve, cache_path, updated_gems)
91
93
  cached_gems = Dir["#{cache_path}/*.gem"]
92
94
 
93
- outdated_gems = cached_gems.reject do |path|
95
+ outdated_gems = cached_gems.select do |path|
94
96
  spec = Bundler.rubygems.spec_from_gem path
95
97
 
96
- !unlocked_gems.include?(spec.name) || resolve.any? do |s|
98
+ caused_by_update = updated_gems.include?(spec.name) && resolve.none? do |s|
97
99
  s.name == spec.name && s.version == spec.version &&
98
100
  !s.source.is_a?(Bundler::Source::Git)
99
101
  end
102
+
103
+ caused_by_removal = resolve.none? { |s| s.name == spec.name }
104
+
105
+ caused_by_update || caused_by_removal
100
106
  end
101
107
 
102
108
  return unless outdated_gems.any?
@@ -138,8 +144,7 @@ module Functions
138
144
  end
139
145
 
140
146
  def unlock_blocking_subdeps(dependencies_to_unlock, error)
141
- all_deps = Bundler::LockfileParser.new(lockfile).
142
- specs.map(&:name).map(&:to_s)
147
+ all_deps = lockfile_specs.map(&:name).map(&:to_s)
143
148
  top_level = build_definition([]).dependencies.
144
149
  map(&:name).map(&:to_s)
145
150
  allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
@@ -215,6 +220,10 @@ module Functions
215
220
  sources.all? { |s| s&.fetch("type", nil) == "git" }
216
221
  end
217
222
 
223
+ def lockfile_specs
224
+ @lockfile_specs ||= Bundler::LockfileParser.new(lockfile).specs
225
+ end
226
+
218
227
  def lockfile
219
228
  @lockfile ||= File.read(lockfile_name)
220
229
  end
data/helpers/v2/run.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- gem "bundler", "~> 2.3"
3
+ gem "bundler", "~> 2.4"
4
4
  require "bundler"
5
5
  require "json"
6
6
 
@@ -19,25 +19,11 @@ require "git_source_patch"
19
19
 
20
20
  require "functions"
21
21
 
22
- MIN_BUNDLER_VERSION = "2.1.0"
23
-
24
- def validate_bundler_version!
25
- return true if correct_bundler_version?
26
-
27
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
28
- end
29
-
30
- def correct_bundler_version?
31
- Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
32
- end
33
-
34
22
  def output(obj)
35
23
  print JSON.dump(obj)
36
24
  end
37
25
 
38
26
  begin
39
- validate_bundler_version!
40
-
41
27
  request = JSON.parse($stdin.read)
42
28
 
43
29
  function = request["function"]
@@ -69,13 +69,15 @@ module Dependabot
69
69
  end
70
70
 
71
71
  def gemfile
72
- @gemfile ||= fetch_file_if_present("gems.rb") ||
73
- fetch_file_if_present("Gemfile")
72
+ return @gemfile if defined?(@gemfile)
73
+
74
+ @gemfile = fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile")
74
75
  end
75
76
 
76
77
  def lockfile
77
- @lockfile ||= fetch_file_if_present("gems.locked") ||
78
- fetch_file_if_present("Gemfile.lock")
78
+ return @lockfile if defined?(@lockfile)
79
+
80
+ @lockfile = fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock")
79
81
  end
80
82
 
81
83
  def gemspecs
@@ -19,7 +19,9 @@ module Dependabot
19
19
  PATH_REGEX = /The path `(?<path>.*)` does not exist/
20
20
 
21
21
  module BundlerErrorPatterns
22
- MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
22
+ # The `set --global` optional part can be made required when Bundler 1 support is dropped
23
+ MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
24
+
23
25
  BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
24
26
  BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
25
27
  HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.225.0
4
+ version: 0.226.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-31 00:00:00.000000000 Z
11
+ date: 2023-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.225.0
19
+ version: 0.226.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.225.0
26
+ version: 0.226.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.18.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.18.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -268,7 +268,7 @@ licenses:
268
268
  - Nonstandard
269
269
  metadata:
270
270
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
271
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
271
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
272
272
  post_install_message:
273
273
  rdoc_options: []
274
274
  require_paths: