dependabot-bundler 0.275.0 → 0.277.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32a209d032e7f6caf7f9f41b846d7e6897607b8952b1035a385f41594a849700
4
- data.tar.gz: f3559e260e9cf8b437b363151b9a0001789a7fe0f360c95d9f5cb5aedf83f998
3
+ metadata.gz: 2ba910356220b16a8bda60a3e69d01cd417c50c465e5dc4567c3960830f21faf
4
+ data.tar.gz: cd8db75e7f1cf13698e32ee547b428624b65ed6d430a1f3c03f54f40b1ee0630
5
5
  SHA512:
6
- metadata.gz: 4b6016702987249bb6bc68e91360464c54765b2f6fd553eabcb157c04a26bb71ce85f2e48ed742979cb7d73a58d84bc74d82855c1616dc9928a364f9557d4e3f
7
- data.tar.gz: 07aad64b7613b1efa409a73b405af03d9b1927ed0f6b67887a9e15ea1802f4059d17dce61664d74fa96b56353902d75c7ce491f499c46b7dee79a92257131b64
6
+ metadata.gz: 4b47edb3160e25fbc0fe83b421d8e72b2d70319fb97c12de5e450e3faa20fb5dbe19d76ed112f825368499c0e2f84b75b092b538433fb56dc98017b731ea7e83
7
+ data.tar.gz: b2a73717966b5eb3cb9b768a7a2345ded3406e89c53b0e600ca9c06f559db0be6ce21637119070d53211ba8cc53bd8915acb7e6ff7e50f77c67f589c04df5488
@@ -1,35 +1,47 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  module Dependabot
5
5
  module Bundler
6
6
  module Helpers
7
+ extend T::Sig
8
+ extend T::Helpers
9
+
7
10
  V1 = "1"
8
11
  V2 = "2"
9
12
  # If we are updating a project with no Gemfile.lock, we default to the
10
13
  # newest version we support
11
14
  DEFAULT = V2
12
- # If we are updating a project with a Gemfile.lock that does not specify
13
- # the version it was bundled with, we failover to V1 on the assumption
14
- # it was created with an old version that didn't add this information
15
- FAILOVER = V1
16
-
17
15
  BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
18
16
 
17
+ sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
19
18
  def self.bundler_version(lockfile)
20
19
  return DEFAULT unless lockfile
21
20
 
22
- if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
21
+ if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
23
22
  matches[:version].to_i >= 2 ? V2 : V1
23
+ elsif Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
24
+ DEFAULT
24
25
  else
25
- FAILOVER
26
+ failover_version
26
27
  end
27
28
  end
28
29
 
30
+ # If we are updating a project with a Gemfile.lock that does not specify
31
+ # the version it was bundled with, we failover to V1 on the assumption
32
+ # it was created with an old version that didn't add this information
33
+ sig { returns(String) }
34
+ def self.failover_version
35
+ return V2 if Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
36
+
37
+ V1
38
+ end
39
+
40
+ sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
29
41
  def self.detected_bundler_version(lockfile)
30
42
  return "unknown" unless lockfile
31
43
 
32
- if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
44
+ if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
33
45
  matches[:version].to_i.to_s
34
46
  else
35
47
  "unspecified"
@@ -9,9 +9,8 @@ module Dependabot
9
9
  module Bundler
10
10
  PACKAGE_MANAGER = "bundler"
11
11
 
12
- SUPPORTED_BUNDLER_VERSIONS = T.let([
13
- Version.new("2")
14
- ].freeze, T::Array[Dependabot::Version])
12
+ # Keep versions in ascending order
13
+ SUPPORTED_BUNDLER_VERSIONS = T.let([Version.new("2")].freeze, T::Array[Dependabot::Version])
15
14
 
16
15
  DEPRECATED_BUNDLER_VERSIONS = T.let([
17
16
  Version.new("1")
@@ -40,13 +39,12 @@ module Dependabot
40
39
  sig { override.returns(T::Array[Dependabot::Version]) }
41
40
  attr_reader :supported_versions
42
41
 
43
- sig { override.returns(T::Boolean) }
44
- def deprecated?
45
- deprecated_versions.include?(version)
46
- end
47
42
  sig { override.returns(T::Boolean) }
48
43
  def unsupported?
49
- !deprecated? && version < supported_versions.first
44
+ # Check if the feature flag for Bundler v1 unsupported error is enabled.
45
+ return false unless Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
46
+
47
+ supported_versions.all? { |supported| supported > version }
50
48
  end
51
49
  end
52
50
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.275.0
4
+ version: 0.277.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-12 00:00:00.000000000 Z
11
+ date: 2024-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.275.0
19
+ version: 0.277.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.275.0
26
+ version: 0.277.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -346,7 +346,7 @@ licenses:
346
346
  - MIT
347
347
  metadata:
348
348
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
349
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
349
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
350
350
  post_install_message:
351
351
  rdoc_options: []
352
352
  require_paths: