dependabot-bundler 0.242.1 → 0.244.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 532614afc8f646f86818c19fa58de7ba20bcad77ec67081a27b3fd2efc7b77a1
-  data.tar.gz: b670a8e2a88a31d112d502a19d776791390d6fa04cf3d0c24bae3a6ef3a6a67b
+  metadata.gz: dc9561c2cec6477046f92d8c3539d69cfecdeeaff241a8c24a1bc6f76078741c
+  data.tar.gz: 401f077235d49135e00694bb549a9163222c54415541d954606b912389909c59
 SHA512:
-  metadata.gz: c3ef8a6a4b41ba070d2e0c1ae9467dc15c0ccbc36ea20d959ff81a74bc776db203a46ddecd2259bd3933e6fc07d07edd8c8e101b62bd22cc4d13262b260cdfb4
-  data.tar.gz: 4924dbab7941aedd49d25152ff681fd009e9612e696c4641236b624cb0f2330ea99c38d7fa88ee8bd1af5bea0e9fd6b787366166d1866d4dd07dc49778373389
+  metadata.gz: d2803abd9773bac2f56677927245d8552aa60be2c06203f94685cf765d8e563f0774ae9f3bc7ddac99b4d038ee3f096c21d9a69ba128926b6c316e952042b485
+  data.tar.gz: 2617cd80e87d7fa73143fa2fc6d569019e0757e69a68bcda25cbd7290d8cad9edaef5d61fb012ffcb244de71eddd50724ae4d70afd875905b35eb2535a8179a2

data/helpers/v2/monkey_patches/definition_ruby_version_patch.rb

@@ -4,6 +4,21 @@
 require "bundler/definition"
 
 module BundlerDefinitionRubyVersionPatch
+  def ruby_version
+    super || begin
+      file_content = Bundler.read_file(".ruby-version")
+      ruby_version =
+        if /^ruby(-|\s+)([^\s#]+)/ =~ file_content
+          ::Regexp.last_match(2)
+        else
+          file_content.strip
+        end
+      Bundler::RubyVersion.new(ruby_version, nil, nil, nil) if ruby_version
+    rescue SystemCallError
+      # .ruby-version doesn't exist, fallback to the Ruby Dependabot runs
+    end
+  end
+
   def source_requirements
     if ruby_version
       requested_version = ruby_version.gem_version

data/helpers/v2/spec/ruby_version_spec.rb

@@ -0,0 +1,40 @@
+# typed: false
+# frozen_string_literal: true
+
+require "native_spec_helper"
+require "shared_contexts"
+
+RSpec.describe BundlerDefinitionRubyVersionPatch do
+  include_context "in a temporary bundler directory"
+  include_context "stub rubygems compact index"
+
+  let(:project_name) { "ruby_version_implied" }
+  before do
+    @ui = Bundler.ui
+    Bundler.ui = Bundler::UI::Silent.new
+  end
+  after { Bundler.ui = @ui }
+
+  it "updates to the most recent version" do
+    in_tmp_folder do
+      File.delete(".ruby-version")
+      definition = Bundler::Definition.build("Gemfile", "Gemfile.lock", gems: ["statesman"])
+      definition.resolve_remotely!
+      specs = definition.resolve["statesman"]
+      expect(specs.size).to eq(1)
+      spec = specs.first
+      expect(spec.version).to eq("7.2.0")
+    end
+  end
+
+  it "doesn't update to a version that is not compatible with the Ruby version implied by .ruby-version" do
+    in_tmp_folder do
+      definition = Bundler::Definition.build("Gemfile", "Gemfile.lock", gems: ["statesman"])
+      definition.resolve_remotely!
+      specs = definition.resolve["statesman"]
+      expect(specs.size).to eq(1)
+      spec = specs.first
+      expect(spec.version).to eq("2.0.1")
+    end
+  end
+end

data/lib/dependabot/bundler/file_fetcher.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
 require "sorbet-runtime"
@@ -98,7 +98,6 @@ module Dependabot
 
       def ruby_version_file
         return unless gemfile
-        return unless gemfile.content.include?(".ruby-version")
 
         @ruby_version_file ||=
           fetch_file_if_present(".ruby-version")
@@ -106,7 +105,7 @@ module Dependabot
       end
 
       def path_gemspecs
-        gemspec_files = []
+        gemspec_files = T.let([], T::Array[Dependabot::DependencyFile])
         unfetchable_gems = []
 
         path_gemspec_paths.each do |path|
@@ -153,6 +152,7 @@ module Dependabot
                .tap { |req_files| req_files.each { |f| f.support_file = true } }
       end
 
+      sig { params(dir_path: T.any(String, Pathname)).returns(T::Array[DependencyFile]) }
       def fetch_gemspecs_from_directory(dir_path)
         repo_contents(dir: dir_path, fetch_submodules: true)
           .select { |f| f.name.end_with?(".gemspec", ".specification") }

data/lib/dependabot/bundler/metadata_finder.rb

@@ -201,7 +201,7 @@ module Dependabot
         return @base_url if defined?(@base_url)
 
         credential = credentials.find do |cred|
-          cred["type"] == "rubygems_server" && cred["replaces-base"] == true
+          cred["type"] == "rubygems_server" && cred.replaces_base?
         end
         host = credential ? credential["host"] : "rubygems.org"
         @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.242.1
+  version: 0.244.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-23 00:00:00.000000000 Z
+date: 2024-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.1
+        version: 0.244.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.1
+        version: 0.244.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -272,6 +272,7 @@ files:
 - helpers/v2/spec/functions/version_resolver_spec.rb
 - helpers/v2/spec/functions_spec.rb
 - helpers/v2/spec/native_spec_helper.rb
+- helpers/v2/spec/ruby_version_spec.rb
 - helpers/v2/spec/shared_contexts.rb
 - lib/dependabot/bundler.rb
 - lib/dependabot/bundler/file_fetcher.rb
@@ -312,7 +313,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.242.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
 post_install_message: 
 rdoc_options: []
 require_paths: