dependabot-bundler 0.280.0 → 0.281.0

data/helpers/v1/patched_bundler

@@ -1,34 +0,0 @@
-#!/usr/local/bin/ruby
-#
-# This file was generated by RubyGems.
-# It was then patched by Dependabot to add `Object#untaint` back
-# in order to run bundler 1.17.3 using Ruby 3.3+.
-#
-# The application 'bundler' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-$LOAD_PATH.unshift(File.expand_path("./monkey_patches", __dir__))
-require "object_untaint_patch"
-
-require 'rubygems'
-
-version = ">= 0.a"
-
-str = ARGV.first
-if str
-  str = str.b[/\A_(.*)_\z/, 1]
-  if str and Gem::Version.correct?(str)
-    version = str
-    ENV['BUNDLER_VERSION'] = str
-
-    ARGV.shift
-  end
-end
-
-if Gem.respond_to?(:activate_bin_path)
-load Gem.activate_bin_path('bundler', 'bundle', version)
-else
-gem "bundler", version
-load Gem.bin_path("bundler", "bundle", version)
-end

data/helpers/v1/run.rb

@@ -1,38 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-gem "bundler", "~> 1.17"
-require "bundler"
-require "json"
-
-$LOAD_PATH.unshift(File.expand_path("./lib", __dir__))
-$LOAD_PATH.unshift(File.expand_path("./monkey_patches", __dir__))
-
-trap "HUP" do
-  puts JSON.generate(error: "timeout", error_class: "Timeout::Error", trace: [])
-  exit 2
-end
-
-# Bundler monkey patches
-require "definition_ruby_version_patch"
-require "definition_bundler_version_patch"
-require "fileutils_keyword_splat_patch"
-require "git_source_patch"
-require "resolver_spec_group_sane_eql"
-require "object_untaint_patch"
-
-require "functions"
-
-begin
-  request = JSON.parse($stdin.read)
-
-  function = request["function"]
-  args = request["args"].transform_keys(&:to_sym)
-
-  print JSON.dump({ result: Functions.send(function, **args) })
-rescue StandardError => e
-  print JSON.dump(
-    { error: e.message, error_class: e.class, trace: e.backtrace }
-  )
-  exit(1)
-end

data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -1,118 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "native_spec_helper"
-require "shared_contexts"
-
-RSpec.describe Functions::ConflictingDependencyResolver do
-  include_context "when in a temporary bundler directory"
-
-  let(:conflicting_dependency_resolver) do
-    described_class.new(
-      dependency_name: dependency_name,
-      target_version: target_version,
-      lockfile_name: "Gemfile.lock"
-    )
-  end
-
-  let(:dependency_name) { "dummy-pkg-a" }
-  let(:target_version) { "2.0.0" }
-
-  let(:project_name) { "blocked_by_subdep" }
-
-  describe "#conflicting_dependencies" do
-    subject(:conflicting_dependencies) do
-      in_tmp_folder { conflicting_dependency_resolver.conflicting_dependencies }
-    end
-
-    it "returns a list of dependencies that block the update" do
-      expect(conflicting_dependencies).to eq(
-        [{
-          "explanation" => "dummy-pkg-b (1.0.0) requires dummy-pkg-a (< 2.0.0)",
-          "name" => "dummy-pkg-b",
-          "version" => "1.0.0",
-          "requirement" => "< 2.0.0"
-        }]
-      )
-    end
-
-    context "when dealing with nested transitive dependencies" do
-      let(:project_name) { "transitive_blocking" }
-      let(:dependency_name) { "activesupport" }
-      let(:target_version) { "6.0.0" }
-
-      it "returns a list of dependencies that block the update" do
-        expect(conflicting_dependencies).to contain_exactly({
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
-          "name" => "rails",
-          "requirement" => "= 5.2.0",
-          "version" => "5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
-          "name" => "actionpack",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
-          "name" => "actionview",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
-          "name" => "activejob",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
-          "name" => "activemodel",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
-          "name" => "activerecord",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        }, {
-          "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
-          "name" => "railties",
-          "version" => "5.2.0",
-          "requirement" => "= 5.2.0"
-        })
-      end
-    end
-
-    context "with multiple blocking dependencies" do
-      let(:dependency_name) { "activesupport" }
-      let(:current_version) { "5.0.0" }
-      let(:target_version) { "6.0.0" }
-      let(:project_name) { "multiple_blocking" }
-
-      it "returns all of the blocking dependencies" do
-        expect(conflicting_dependencies).to contain_exactly({
-          "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
-          "name" => "actionpack",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        }, {
-          "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
-          "name" => "actionview",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        }, {
-          "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
-          "name" => "activejob",
-          "version" => "5.0.0",
-          "requirement" => "= 5.0.0"
-        })
-      end
-    end
-
-    context "without any blocking dependencies" do
-      let(:target_version) { "1.0.0" }
-
-      it "returns an empty list" do
-        expect(conflicting_dependencies).to eq([])
-      end
-    end
-  end
-end

data/helpers/v1/spec/functions/dependency_source_spec.rb

@@ -1,188 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "native_spec_helper"
-require "shared_contexts"
-
-RSpec.describe Functions::DependencySource do
-  include_context "when in a temporary bundler directory"
-
-  let(:dependency_source) do
-    described_class.new(
-      gemfile_name: "Gemfile",
-      dependency_name: dependency_name
-    )
-  end
-
-  let(:dependency_name) { "business" }
-
-  let(:project_name) { "specified_source_no_lockfile" }
-  let(:registry_url) { "https://repo.fury.io/greysteil/" }
-  let(:gemfury_business_url) do
-    "https://repo.fury.io/greysteil/api/v1/dependencies?gems=business"
-  end
-
-  before do
-    stub_request(:get, registry_url + "versions")
-      .with(basic_auth: ["SECRET_CODES", ""])
-      .to_return(status: 404)
-    stub_request(:get, registry_url + "api/v1/dependencies")
-      .with(basic_auth: ["SECRET_CODES", ""])
-      .to_return(status: 200)
-    stub_request(:get, gemfury_business_url)
-      .with(basic_auth: ["SECRET_CODES", ""])
-      .to_return(status: 200, body: fixture("ruby", "gemfury_response"))
-  end
-
-  describe "#private_registry_versions" do
-    subject(:private_registry_versions) do
-      in_tmp_folder { dependency_source.private_registry_versions }
-    end
-
-    it "returns all versions from the private source" do
-      expect(private_registry_versions).to eq([
-        Gem::Version.new("1.5.0"),
-        Gem::Version.new("1.9.0"),
-        Gem::Version.new("1.10.0.beta")
-      ])
-    end
-
-    context "when specified as the default source" do
-      let(:project_name) { "specified_default_source_no_lockfile" }
-
-      it "returns all versions from the private source" do
-        expect(private_registry_versions).to eq([
-          Gem::Version.new("1.5.0"),
-          Gem::Version.new("1.9.0"),
-          Gem::Version.new("1.10.0.beta")
-        ])
-      end
-    end
-
-    context "when we don't have authentication details for" do
-      before do
-        stub_request(:get, registry_url + "versions")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 401)
-        stub_request(:get, registry_url + "api/v1/dependencies")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 401)
-        stub_request(:get, registry_url + "specs.4.8.gz")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 401)
-      end
-
-      it "blows up with a useful error" do
-        error_class = Bundler::Fetcher::AuthenticationRequiredError
-        error_message = "Authentication is required for repo.fury.io"
-        expect { private_registry_versions }
-          .to raise_error do |error|
-            expect(error).to be_a(error_class)
-            expect(error.message).to include(error_message)
-          end
-      end
-    end
-
-    context "when we have bad authentication details" do
-      before do
-        stub_request(:get, registry_url + "versions")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 403)
-        stub_request(:get, registry_url + "api/v1/dependencies")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 403)
-        stub_request(:get, registry_url + "specs.4.8.gz")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 403)
-      end
-
-      it "blows up with a useful error" do
-        error_class = Bundler::Fetcher::BadAuthenticationError
-        expect { private_registry_versions }
-          .to raise_error do |error|
-            expect(error).to be_a(error_class)
-            expect(error.message)
-              .to include("Bad username or password for")
-          end
-      end
-    end
-
-    context "when bad-requested, but is a private repo" do
-      before do
-        stub_request(:get, registry_url + "versions")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 400)
-        stub_request(:get, registry_url + "api/v1/dependencies")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 400)
-        stub_request(:get, registry_url + "specs.4.8.gz")
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 400)
-      end
-
-      it "blows up with a useful error" do
-        expect { private_registry_versions }
-          .to raise_error do |error|
-            expect(error).to be_a(Bundler::HTTPError)
-            expect(error.message)
-              .to include("Could not fetch specs from")
-          end
-      end
-    end
-
-    context "when it doesn't have details of the gem" do
-      before do
-        stub_request(:get, gemfury_business_url)
-          .with(basic_auth: ["SECRET_CODES", ""])
-          .to_return(status: 404)
-
-        # Stub indexes to return details of other gems (but not this one)
-        stub_request(:get, registry_url + "specs.4.8.gz")
-          .to_return(
-            status: 200,
-            body: fixture("ruby", "contribsys_old_index_response")
-          )
-        stub_request(:get, registry_url + "prerelease_specs.4.8.gz")
-          .to_return(
-            status: 200,
-            body: fixture("ruby", "contribsys_old_index_prerelease_response")
-          )
-      end
-
-      it { is_expected.to be_empty }
-    end
-
-    context "when it only implements the old Bundler index format" do
-      let(:project_name) { "sidekiq_pro" }
-      let(:dependency_name) { "sidekiq-pro" }
-      let(:registry_url) { "https://gems.contribsys.com/" }
-
-      before do
-        stub_request(:get, registry_url + "versions")
-          .with(basic_auth: %w(username password))
-          .to_return(status: 404)
-        stub_request(:get, registry_url + "api/v1/dependencies")
-          .with(basic_auth: %w(username password))
-          .to_return(status: 404)
-        stub_request(:get, registry_url + "specs.4.8.gz")
-          .with(basic_auth: %w(username password))
-          .to_return(
-            status: 200,
-            body: fixture("ruby", "contribsys_old_index_response")
-          )
-        stub_request(:get, registry_url + "prerelease_specs.4.8.gz")
-          .with(basic_auth: %w(username password))
-          .to_return(
-            status: 200,
-            body: fixture("ruby", "contribsys_old_index_prerelease_response")
-          )
-      end
-
-      it "returns all versions from the private source" do
-        expect(private_registry_versions.length).to be(70)
-        expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
-        expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
-      end
-    end
-  end
-end

data/helpers/v1/spec/functions/file_parser_spec.rb

@@ -1,75 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "native_spec_helper"
-require "shared_contexts"
-
-RSpec.describe Functions::FileParser do
-  include_context "when in a temporary bundler directory"
-
-  let(:dependency_source) do
-    described_class.new(
-      lockfile_name: "Gemfile.lock"
-    )
-  end
-
-  describe "#parsed_gemfile" do
-    subject(:parsed_gemfile) do
-      in_tmp_folder do
-        dependency_source.parsed_gemfile(gemfile_name: "Gemfile")
-      end
-    end
-
-    let(:project_name) { "gemfile" }
-
-    it "parses gemfile" do
-      parsed_gemfile = [
-        {
-          groups: [:default],
-          name: "business",
-          requirement: Gem::Requirement.new("~> 1.4.0"),
-          source: nil,
-          type: :runtime
-        },
-        {
-          groups: [:default],
-          name: "statesman",
-          requirement: Gem::Requirement.new("~> 1.2.0"),
-          source: nil,
-          type: :runtime
-        }
-      ]
-      expect(parsed_gemfile).not_to be_nil # to get past IdenticalEqualityAssertion
-    end
-  end
-
-  describe "#parsed_gemspec" do
-    subject(:parsed_gemspec) do
-      in_tmp_folder do |_tmp_path|
-        dependency_source.parsed_gemspec(gemspec_name: "example.gemspec")
-      end
-    end
-
-    let(:project_name) { "gemfile_exact" }
-
-    it "parses gemspec" do
-      parsed_gemspec = [
-        {
-          groups: nil,
-          name: "business",
-          requirement: Gem::Requirement.new("= 1.0.0"),
-          source: nil,
-          type: :runtime
-        },
-        {
-          groups: nil,
-          name: "statesman",
-          requirement: Gem::Requirement.new("= 1.0.0"),
-          source: nil,
-          type: :runtime
-        }
-      ]
-      expect(parsed_gemspec).not_to be_nil # to get past IdenticalEqualityAssertion
-    end
-  end
-end

data/helpers/v1/spec/functions/force_updater_spec.rb

@@ -1,59 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "native_spec_helper"
-require "shared_contexts"
-
-RSpec.describe Functions::ForceUpdater do
-  include_context "when in a temporary bundler directory"
-  include_context "when stubbing rubygems compact index"
-
-  let(:force_updater) do
-    described_class.new(
-      dependency_name: dependency_name,
-      target_version: target_version,
-      gemfile_name: gemfile_name,
-      lockfile_name: lockfile_name,
-      update_multiple_dependencies: update_multiple_dependencies
-    )
-  end
-  let(:gemfile_name) { "Gemfile" }
-  let(:lockfile_name) { "Gemfile.lock" }
-  let(:update_multiple_dependencies) { true }
-
-  describe "#run" do
-    subject(:force_update) do
-      in_tmp_folder { force_updater.run }
-    end
-
-    context "with a version conflict" do
-      let(:target_version) { "3.6.0" }
-      let(:dependency_name) { "rspec-support" }
-      let(:project_name) { "version_conflict" }
-
-      it "updates the conflicting dependencies" do
-        updated_deps, _specs = force_update
-        expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
-      end
-
-      context "when updating a single dependency" do
-        let(:update_multiple_dependencies) { false }
-
-        it { expect { force_update }.to raise_error(Bundler::VersionConflict) }
-      end
-    end
-
-    context "with a version conflict in gems rb" do
-      let(:target_version) { "3.6.0" }
-      let(:dependency_name) { "rspec-support" }
-      let(:project_name) { "version_conflict_gems_rb" }
-      let(:gemfile_name) { "gems.rb" }
-      let(:lockfile_name) { "gems.locked" }
-
-      it "updates the conflicting dependencies" do
-        updated_deps, _specs = force_update
-        expect(updated_deps).to eq([{ name: "rspec-support" }, { name: "rspec-mocks" }])
-      end
-    end
-  end
-end

data/helpers/v1/spec/functions/version_resolver_spec.rb

@@ -1,105 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "native_spec_helper"
-require "shared_contexts"
-
-RSpec.describe Functions::VersionResolver do
-  include_context "when in a temporary bundler directory"
-  include_context "when stubbing rubygems compact index"
-
-  let(:version_resolver) do
-    described_class.new(
-      dependency_name: dependency_name,
-      dependency_requirements: dependency_requirements,
-      gemfile_name: "Gemfile",
-      lockfile_name: "Gemfile.lock"
-    )
-  end
-
-  let(:dependency_name) { "business" }
-  let(:dependency_requirements) do
-    [{
-      file: "Gemfile",
-      requirement: requirement_string,
-      groups: [],
-      source: source
-    }]
-  end
-  let(:source) { nil }
-
-  let(:rubygems_url) { "https://index.rubygems.org/api/v1/" }
-  let(:old_index_url) { rubygems_url + "dependencies" }
-
-  describe "#version_details" do
-    subject do
-      in_tmp_folder { version_resolver.version_details }
-    end
-
-    let(:project_name) { "gemfile" }
-    let(:requirement_string) { " >= 0" }
-
-    its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
-    its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::CompactIndex") }
-
-    context "with a private gemserver source" do
-      include_context "when stubbing rubygems compact index"
-
-      let(:project_name) { "specified_source" }
-      let(:requirement_string) { ">= 0" }
-
-      before do
-        gemfury_url = "https://repo.fury.io/greysteil/"
-        gemfury_deps_url = gemfury_url + "api/v1/dependencies"
-
-        stub_request(:get, gemfury_url + "versions")
-          .to_return(status: 200, body: fixture("ruby", "gemfury-index"))
-        stub_request(:get, gemfury_url + "info/business").to_return(status: 404)
-        stub_request(:get, gemfury_deps_url).to_return(status: 200)
-        stub_request(:get, gemfury_deps_url + "?gems=business,statesman")
-          .to_return(status: 200, body: fixture("ruby", "gemfury_response"))
-        stub_request(:get, gemfury_deps_url + "?gems=business")
-          .to_return(status: 200, body: fixture("ruby", "gemfury_response"))
-        stub_request(:get, gemfury_deps_url + "?gems=statesman")
-          .to_return(status: 200, body: fixture("ruby", "gemfury_response"))
-      end
-
-      its([:version]) { is_expected.to eq(Gem::Version.new("1.9.0")) }
-      its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
-    end
-
-    context "with a git source" do
-      let(:project_name) { "git_source" }
-
-      its([:version]) { is_expected.to eq(Gem::Version.new("1.6.0")) }
-      its([:fetcher]) { is_expected.to be_nil }
-    end
-
-    context "when Bundler's compact index is down" do
-      before do
-        stub_request(:get, "https://index.rubygems.org/versions")
-          .to_return(status: 500, body: "We'll be back soon")
-        stub_request(:get, "https://index.rubygems.org/info/public_suffix")
-          .to_return(status: 500, body: "We'll be back soon")
-        stub_request(:get, old_index_url).to_return(status: 200)
-        stub_request(:get, old_index_url + "?gems=business,statesman")
-          .to_return(
-            status: 200,
-            body: fixture("rubygems_responses",
-                          "dependencies-default-gemfile")
-          )
-      end
-
-      its([:version]) { is_expected.to eq(Gem::Version.new("1.4.0")) }
-      its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
-    end
-
-    context "with no update possible due to a version conflict" do
-      let(:project_name) { "version_conflict_with_listed_subdep" }
-      let(:dependency_name) { "rspec-mocks" }
-      let(:requirement_string) { ">= 0" }
-
-      its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
-    end
-  end
-end

data/helpers/v1/spec/native_spec_helper.rb

@@ -1,56 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-
-require "rspec/its"
-require "webmock/rspec"
-require "tmpdir"
-
-$LOAD_PATH.unshift(File.expand_path("../lib", __dir__))
-$LOAD_PATH.unshift(File.expand_path("../monkey_patches", __dir__))
-$LOAD_PATH.unshift(File.expand_path("../../spec_helpers", __dir__))
-
-# Bundler monkey patches
-require "definition_ruby_version_patch"
-require "definition_bundler_version_patch"
-require "fileutils_keyword_splat_patch"
-require "git_source_patch"
-require "resolver_spec_group_sane_eql"
-
-require "functions"
-
-require "gem_net_http_adapter"
-
-RSpec.configure do |config|
-  config.color = true
-  config.order = :rand
-  config.mock_with(:rspec) { |mocks| mocks.verify_partial_doubles = true }
-  config.raise_errors_for_deprecations!
-end
-
-# Duplicated in lib/dependabot/bundler/file_updater/lockfile_updater.rb
-# TODO: Stop sanitizing the lockfile once we have bundler 2 installed
-LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
-
-def project_dependency_files(project)
-  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
-
-  raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
-
-  Dir.chdir(project_path) do
-    # NOTE: Include dotfiles (e.g. .npmrc)
-    files = Dir.glob("**/*", File::FNM_DOTMATCH)
-    files = files.select { |f| File.file?(f) }
-    files.map do |filename|
-      content = File.read(filename)
-      content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
-      {
-        name: filename,
-        content: content
-      }
-    end
-  end
-end
-
-def fixture(*name)
-  File.read(File.join("../../spec/fixtures", File.join(*name)))
-end