dependabot-bundler 0.225.0 → 0.227.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ba17ad283a50a7c06199c0dd9eb7546616bbc18161b2d475587f67535c4f527
-  data.tar.gz: e0ec3920c84e0a1df752bebd6f3f9545c50782e34a22f0933f94e3c27932c506
+  metadata.gz: 7023595adf12fbe47753c88f1f18a95d56ef336c503a76fdd1335c33b3bb8494
+  data.tar.gz: 2e100abbbdf9ac7c9768000c23386556a655c07022240f7a116f33361cbc11cf
 SHA512:
-  metadata.gz: f7c2375065f8ce381f6b2c1293f24ba0b279416c14adba367ef6623a915a56b5e2c93ba5e382eef5cfb06487630b3291d5f5af368469db2ade9a139751d35dde
-  data.tar.gz: 1028997b2e4d5bf9deb4b07eac0532af63aa7e4cc9fa9e59007fb61da7a44adefd6ef2ef4de7720ac6ce5cf3f8d7217c521f99baf4239641fd0197dd63497dc8
+  metadata.gz: 2834e755780893f71734a610865eb1575974aa20824b9ebd1a1e340c1c7824700eb7a4ae23546288f74da808228d1258ebe7e446d93af987fb3552db7764badd
+  data.tar.gz: d484aa2915784b4cbfafe2105982531471eb2bc86886f369a4d6797b7cce397243299b22edc33cda782e701d7f96fa812796350094bb716fc1cfc2c3f698d8d4

data/helpers/v1/lib/functions/force_updater.rb

@@ -147,10 +147,10 @@ module Functions
       return [] unless lockfile
 
       all_deps =  Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s)
+                  specs.map { |x| x.name.to_s }
       top_level = Bundler::Definition.
                   build(gemfile_name, lockfile_name, {}).
-                  dependencies.map(&:name).map(&:to_s)
+                  dependencies.map { |x| x.name.to_s }
 
       all_deps - top_level
     end

data/helpers/v1/lib/functions/lockfile_updater.rb

@@ -136,12 +136,11 @@ module Functions
       dependencies_to_unlock << gem_name
     end
 
-    # rubocop:disable Metrics/PerceivedComplexity
     def unlock_blocking_subdeps(dependencies_to_unlock, error)
       all_deps =  Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s)
+                  specs.map { |x| x.name.to_s }
       top_level = build_definition([]).dependencies.
-                  map(&:name).map(&:to_s)
+                  map { |x| x.name.to_s }
       allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
 
       raise if allowed_new_unlocks.none?
@@ -163,7 +162,6 @@ module Functions
       # information to chart the full path through all conflicts unwound
       dependencies_to_unlock.append(*allowed_new_unlocks)
     end
-    # rubocop:enable Metrics/PerceivedComplexity
 
     def build_definition(dependencies_to_unlock)
       defn = Bundler::Definition.build(
@@ -177,7 +175,7 @@ module Functions
       # subdeps unlocked, like they were in the UpdateChecker, so we
       # mutate the unlocked gems array.
       unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
-      must_not_unlock = defn.dependencies.map(&:name).map(&:to_s) -
+      must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
                         dependencies_to_unlock
       unlocked.reject! { |n| must_not_unlock.include?(n) }
 

data/helpers/v1/lib/functions/version_resolver.rb

@@ -82,9 +82,9 @@ module Functions
       return [] unless lockfile
 
       all_deps =  ::Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s).uniq
+                  specs.map { |x| x.name.to_s }.uniq
       top_level = build_definition([]).dependencies.
-                  map(&:name).map(&:to_s)
+                  map { |x| x.name.to_s }
 
       all_deps - top_level
     end

data/helpers/v1/run.rb

@@ -21,25 +21,11 @@ require "resolver_spec_group_sane_eql"
 
 require "functions"
 
-MAX_BUNDLER_VERSION = "2.0.0"
-
-def validate_bundler_version!
-  return true if correct_bundler_version?
-
-  raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
-end
-
-def correct_bundler_version?
-  Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
-end
-
 def output(obj)
   print JSON.dump(obj)
 end
 
 begin
-  validate_bundler_version!
-
   request = JSON.parse($stdin.read)
 
   function = request["function"]

data/helpers/v2/lib/functions/lockfile_updater.rb

@@ -62,10 +62,13 @@ module Functions
     end
 
     def cache_vendored_gems(definition)
-      # Dependencies that have been unlocked for the update (including
-      # sub-dependencies)
-      unlocked_gems = definition.instance_variable_get(:@unlock).
-                      fetch(:gems)
+      resolve = definition.resolve
+
+      # Dependencies that have been updated (including sub-dependencies)
+      updated_gems = resolve.reject do |spec|
+        lockfile_specs.include?(spec)
+      end.map(&:name).uniq
+
       bundler_opts = {
         cache_all: true,
         cache_all_platforms: true,
@@ -76,27 +79,30 @@ module Functions
         # Fetch and cache gems on all platforms without pruning
         Bundler::Runtime.new(nil, definition).cache
 
-        # Only prune unlocked gems (the original implementation is in
+        # Only prune updated gems (the original implementation is in
         # Bundler::Runtime)
         cache_path = Bundler.app_cache
-        resolve = definition.resolve
-        prune_gem_cache(resolve, cache_path, unlocked_gems)
+        prune_gem_cache(resolve, cache_path, updated_gems)
         prune_git_and_path_cache(resolve, cache_path)
       end
     end
 
     # Copied from Bundler::Runtime: Modified to only prune gems that have
-    # been unlocked
-    def prune_gem_cache(resolve, cache_path, unlocked_gems)
+    # been updated
+    def prune_gem_cache(resolve, cache_path, updated_gems)
       cached_gems = Dir["#{cache_path}/*.gem"]
 
-      outdated_gems = cached_gems.reject do |path|
+      outdated_gems = cached_gems.select do |path|
         spec = Bundler.rubygems.spec_from_gem path
 
-        !unlocked_gems.include?(spec.name) || resolve.any? do |s|
+        caused_by_update = updated_gems.include?(spec.name) && resolve.none? do |s|
           s.name == spec.name && s.version == spec.version &&
             !s.source.is_a?(Bundler::Source::Git)
         end
+
+        caused_by_removal = resolve.none? { |s| s.name == spec.name }
+
+        caused_by_update || caused_by_removal
       end
 
       return unless outdated_gems.any?
@@ -138,10 +144,9 @@ module Functions
     end
 
     def unlock_blocking_subdeps(dependencies_to_unlock, error)
-      all_deps =  Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s)
+      all_deps = lockfile_specs.map { |x| x.name.to_s }
       top_level = build_definition([]).dependencies.
-                  map(&:name).map(&:to_s)
+                  map { |x| x.name.to_s }
       allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
 
       raise if allowed_new_unlocks.none?
@@ -182,7 +187,7 @@ module Functions
       # subdeps unlocked, like they were in the UpdateChecker, so we
       # mutate the unlocked gems array.
       unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
-      must_not_unlock = defn.dependencies.map(&:name).map(&:to_s) -
+      must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
                         dependencies_to_unlock
       unlocked.reject! { |n| must_not_unlock.include?(n) }
 
@@ -215,6 +220,10 @@ module Functions
       sources.all? { |s| s&.fetch("type", nil) == "git" }
     end
 
+    def lockfile_specs
+      @lockfile_specs ||= Bundler::LockfileParser.new(lockfile).specs
+    end
+
     def lockfile
       @lockfile ||= File.read(lockfile_name)
     end

data/helpers/v2/lib/functions/version_resolver.rb

@@ -82,9 +82,9 @@ module Functions
       return [] unless lockfile
 
       all_deps =  ::Bundler::LockfileParser.new(lockfile).
-                  specs.map(&:name).map(&:to_s).uniq
+                  specs.map { |x| x.name.to_s }.uniq
       top_level = build_definition([]).dependencies.
-                  map(&:name).map(&:to_s)
+                  map { |x| x.name.to_s }
 
       all_deps - top_level
     end

data/helpers/v2/run.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-gem "bundler", "~> 2.3"
+gem "bundler", "~> 2.4"
 require "bundler"
 require "json"
 
@@ -19,25 +19,11 @@ require "git_source_patch"
 
 require "functions"
 
-MIN_BUNDLER_VERSION = "2.1.0"
-
-def validate_bundler_version!
-  return true if correct_bundler_version?
-
-  raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
-end
-
-def correct_bundler_version?
-  Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
-end
-
 def output(obj)
   print JSON.dump(obj)
 end
 
 begin
-  validate_bundler_version!
-
   request = JSON.parse($stdin.read)
 
   function = request["function"]

data/lib/dependabot/bundler/file_fetcher.rb

@@ -69,13 +69,15 @@ module Dependabot
       end
 
       def gemfile
-        @gemfile ||= fetch_file_if_present("gems.rb") ||
-                     fetch_file_if_present("Gemfile")
+        return @gemfile if defined?(@gemfile)
+
+        @gemfile = fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile")
       end
 
       def lockfile
-        @lockfile ||= fetch_file_if_present("gems.locked") ||
-                      fetch_file_if_present("Gemfile.lock")
+        return @lockfile if defined?(@lockfile)
+
+        @lockfile = fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock")
       end
 
       def gemspecs

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -19,7 +19,9 @@ module Dependabot
         PATH_REGEX = /The path `(?<path>.*)` does not exist/
 
         module BundlerErrorPatterns
-          MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
+          # The `set --global` optional part can be made required when Bundler 1 support is dropped
+          MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
+
           BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
           BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
           HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.225.0
+  version: 0.227.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-07-31 00:00:00.000000000 Z
+date: 2023-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.225.0
+        version: 0.227.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.225.0
+        version: 0.227.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.1
+        version: 1.19.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.1
+        version: 1.19.0
 - !ruby/object:Gem::Dependency
   name: stackprof
   requirement: !ruby/object:Gem::Requirement
@@ -268,7 +268,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.227.0
 post_install_message: 
 rdoc_options: []
 require_paths: