RubyGems - dependabot-bundler - Versions diffs - 0.280.0 → 0.282.0 - Mend

dependabot-bundler 0.280.0 → 0.282.0

Files changed (30) hide show

checksums.yaml +4 -4
data/lib/dependabot/bundler/helpers.rb +1 -13
data/lib/dependabot/bundler/package_manager.rb +6 -6
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +1 -2
metadata +12 -37
data/helpers/v1/.gitignore +0 -8
data/helpers/v1/Gemfile +0 -7
data/helpers/v1/build +0 -29
data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +0 -89
data/helpers/v1/lib/functions/dependency_source.rb +0 -90
data/helpers/v1/lib/functions/file_parser.rb +0 -119
data/helpers/v1/lib/functions/force_updater.rb +0 -173
data/helpers/v1/lib/functions/lockfile_updater.rb +0 -218
data/helpers/v1/lib/functions/version_resolver.rb +0 -141
data/helpers/v1/lib/functions.rb +0 -172
data/helpers/v1/monkey_patches/definition_bundler_version_patch.rb +0 -16
data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +0 -22
data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +0 -20
data/helpers/v1/monkey_patches/git_source_patch.rb +0 -62
data/helpers/v1/monkey_patches/object_untaint_patch.rb +0 -17
data/helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb +0 -18
data/helpers/v1/patched_bundler +0 -34
data/helpers/v1/run.rb +0 -38
data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +0 -118
data/helpers/v1/spec/functions/dependency_source_spec.rb +0 -188
data/helpers/v1/spec/functions/file_parser_spec.rb +0 -75
data/helpers/v1/spec/functions/force_updater_spec.rb +0 -59
data/helpers/v1/spec/functions/version_resolver_spec.rb +0 -105
data/helpers/v1/spec/native_spec_helper.rb +0 -56
data/helpers/v1/spec/shared_contexts.rb +0 -60

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccd9c2016c9305a9e201302c1788179179dca0592aee95d03adef3ec1155f79a
-  data.tar.gz: 857b17356df06747aa2a6b9780ecc1b9e38571ead11d03ff04c117449fb6b74f
+  metadata.gz: dc2a519df49ba5e70d775ecd33a8c6f37b8d6e5d72a1edef00263ffb32ac6083
+  data.tar.gz: 434dde152114da717c54335e4cbb41695ace56364546d6c3f0c6bd4b518d547f
 SHA512:
-  metadata.gz: 94aa6c6289637df9cf3bf10fe68bcbd7cf7a205b731805b197ecaad1d44e69f725eedd203f9a858deea6679053240d0fc890ee8f6ec5ac6ad737218e830566b1
-  data.tar.gz: 6be8f4cb1fba1a593b2fa590f7a7d995015062e1fa485747c3dbfacde84fc37b08947e68d9b0e7a38c7dd72cc6a2a69fa7df92505e9748a2cf5223d7f5b829dd
+  metadata.gz: c30ef3bf34f65c77382d32d7ff15ec235d2e5aa7695d68113cc355522da4a1cd653981647ccd371ebca4d2a73e54408e1861b6fa18536fec5ebee43f4942f2d2
+  data.tar.gz: 34ab8e4487a0673ac05c03f621387d46f4f8c4bd7a0e41d0a95cda85d7ffc0234a7cead32653877ce4dad6300f90ac50a7ae3b3cc494b220d3d9adca2242b9ec

data/lib/dependabot/bundler/helpers.rb CHANGED Viewed

@@ -20,23 +20,11 @@ module Dependabot
         if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
           matches[:version].to_i >= 2 ? V2 : V1
-        elsif Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
-          DEFAULT
         else
-          failover_version
+          DEFAULT
         end
       end
-      # If we are updating a project with a Gemfile.lock that does not specify
-      # the version it was bundled with, we failover to V1 on the assumption
-      # it was created with an old version that didn't add this information
-      sig { returns(String) }
-      def self.failover_version
-        return V2 if Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
-        V1
-      end
       sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
       def self.detected_bundler_version(lockfile)
         return "unknown" unless lockfile

data/lib/dependabot/bundler/package_manager.rb CHANGED Viewed

@@ -12,9 +12,11 @@ module Dependabot
     # Keep versions in ascending order
     SUPPORTED_BUNDLER_VERSIONS = T.let([Version.new("2")].freeze, T::Array[Dependabot::Version])
-    DEPRECATED_BUNDLER_VERSIONS = T.let([
-      Version.new("1")
-    ].freeze, T::Array[Dependabot::Version])
+    # Currently, we don't support any deprecated versions of Bundler
+    # When a version is going to be unsupported, it will be added here for a while to give users time to upgrade
+    # Example for deprecation:
+    # DEPRECATED_BUNDLER_VERSIONS = T.let([Version.new("1")].freeze, T::Array[Dependabot::Version])
+    DEPRECATED_BUNDLER_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
     class PackageManager < PackageManagerBase
       extend T::Sig
@@ -41,9 +43,7 @@ module Dependabot
       sig { override.returns(T::Boolean) }
       def unsupported?
-        # Check if the feature flag for Bundler v1 unsupported error is enabled.
-        return false unless Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
+        # Check if the version is not supported
         supported_versions.all? { |supported| supported > version }
       end
     end

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -31,8 +31,7 @@ module Dependabot
         PATH_REGEX = /The path `(?<path>.*)` does not exist/
         module BundlerErrorPatterns
-          # The `set --global` optional part can be made required when Bundler 1 support is dropped
-          MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
+          MISSING_AUTH_REGEX = /bundle config set --global (?<source>.*) username:password/
           BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
           FORBIDDEN_AUTH_REGEX = /Access token could not be authenticated for (?<source>.*)\.$/

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.280.0
+  version: 0.282.0
 platform: ruby
 authors:
 - Dependabot
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-10 00:00:00.000000000 Z
+date: 2024-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.280.0
+        version: 0.282.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.280.0
+        version: 0.282.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -128,28 +128,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.65.0
+        version: 1.67.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.65.0
+        version: 1.67.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
@@ -257,31 +257,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/spec_helpers/gem_net_http_adapter.rb
-- helpers/v1/.gitignore
-- helpers/v1/Gemfile
-- helpers/v1/build
-- helpers/v1/lib/functions.rb
-- helpers/v1/lib/functions/conflicting_dependency_resolver.rb
-- helpers/v1/lib/functions/dependency_source.rb
-- helpers/v1/lib/functions/file_parser.rb
-- helpers/v1/lib/functions/force_updater.rb
-- helpers/v1/lib/functions/lockfile_updater.rb
-- helpers/v1/lib/functions/version_resolver.rb
-- helpers/v1/monkey_patches/definition_bundler_version_patch.rb
-- helpers/v1/monkey_patches/definition_ruby_version_patch.rb
-- helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb
-- helpers/v1/monkey_patches/git_source_patch.rb
-- helpers/v1/monkey_patches/object_untaint_patch.rb
-- helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb
-- helpers/v1/patched_bundler
-- helpers/v1/run.rb
-- helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb
-- helpers/v1/spec/functions/dependency_source_spec.rb
-- helpers/v1/spec/functions/file_parser_spec.rb
-- helpers/v1/spec/functions/force_updater_spec.rb
-- helpers/v1/spec/functions/version_resolver_spec.rb
-- helpers/v1/spec/native_spec_helper.rb
-- helpers/v1/spec/shared_contexts.rb
 - helpers/v2/.gitignore
 - helpers/v2/Gemfile
 - helpers/v2/build
@@ -346,8 +321,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.280.0
-post_install_message:
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.282.0
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -363,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 requirements: []
 rubygems_version: 3.5.9
-signing_key:
+signing_key:
 specification_version: 4
 summary: Provides Dependabot support for Ruby (bundler)
 test_files: []

data/helpers/v1/.gitignore DELETED Viewed

@@ -1,8 +0,0 @@
-/.bundle
-/.env
-/tmp
-/dependabot-*.gem
-Gemfile.lock
-spec/fixtures/projects/*/.bundle/
-!spec/fixtures/projects/**/Gemfile.lock
-!spec/fixtures/projects/**/vendor

data/helpers/v1/Gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-source "https://rubygems.org"
-gem "dependabot-common", path: "../../../common"
-gemspec path: "../.."

data/helpers/v1/build DELETED Viewed

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-set -e
-helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  install_dir="$helpers_dir"
-else
-  install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
-  mkdir -p "$install_dir"
-  cp -r \
-    "$helpers_dir/lib" \
-    "$helpers_dir/monkey_patches" \
-    "$helpers_dir/run.rb" \
-    "$helpers_dir/patched_bundler" \
-    "$install_dir"
-fi
-cd "$install_dir"
-export GEM_HOME=$install_dir/.bundle
-gem install bundler -v 1.17.3 --no-document
-if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  BUNDLER_VERSION=1.17.3 ./patched_bundler install
-fi

data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb DELETED Viewed

@@ -1,89 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Functions
-  class ConflictingDependencyResolver
-    def initialize(dependency_name:, target_version:, lockfile_name:)
-      @dependency_name = dependency_name
-      @target_version = target_version
-      @lockfile_name = lockfile_name
-    end
-    # Finds any dependencies in the lockfile that have a subdependency on the
-    # given dependency that does not satisfly the target_version.
-    # @return [Array<Hash{String => String}]
-    #   * explanation [String] a sentence explaining the conflict
-    #   * name [String] the blocking dependencies name
-    #   * version [String] the version of the blocking dependency
-    #   * requirement [String] the requirement on the target_dependency
-    def conflicting_dependencies
-      Bundler.settings.set_command_option("only_update_to_newer_versions", true)
-      parent_specs.flat_map do |parent_spec|
-        top_level_specs_for(parent_spec).map do |top_level|
-          dependency = parent_spec.dependencies.find { |bd| bd.name == dependency_name }
-          {
-            "explanation" => explanation(parent_spec, dependency, top_level),
-            "name" => parent_spec.name,
-            "version" => parent_spec.version.to_s,
-            "requirement" => dependency.requirement.to_s
-          }
-        end
-      end
-    end
-    private
-    attr_reader :dependency_name
-    attr_reader :target_version
-    attr_reader :lockfile_name
-    def parent_specs
-      version = Gem::Version.new(target_version)
-      parsed_lockfile.specs.filter do |spec|
-        spec.dependencies.any? do |dep|
-          dep.name == dependency_name &&
-            !dep.requirement.satisfied_by?(version)
-        end
-      end
-    end
-    def top_level_specs_for(parent_spec)
-      return [parent_spec] if top_level?(parent_spec)
-      parsed_lockfile.specs.filter do |spec|
-        spec.dependencies.any? do |dep|
-          dep.name == parent_spec.name && top_level?(spec)
-        end
-      end
-    end
-    def top_level?(spec)
-      parsed_lockfile.dependencies.key?(spec.name)
-    end
-    def explanation(spec, dependency, top_level)
-      if spec.name == top_level.name
-        "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
-      else
-        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
-          "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
-      end
-    end
-    def parsed_lockfile
-      @parsed_lockfile ||= Bundler::LockfileParser.new(lockfile)
-    end
-    def lockfile
-      return @lockfile if defined?(@lockfile)
-      @lockfile =
-        begin
-          return unless lockfile_name && File.exist?(lockfile_name)
-          File.read(lockfile_name)
-        end
-    end
-  end
-end

data/helpers/v1/lib/functions/dependency_source.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Functions
-  class DependencySource
-    attr_reader :gemfile_name
-    attr_reader :dependency_name
-    RUBYGEMS = "rubygems"
-    PRIVATE_REGISTRY = "private"
-    GIT = "git"
-    OTHER = "other"
-    def initialize(gemfile_name:, dependency_name:)
-      @gemfile_name = gemfile_name
-      @dependency_name = dependency_name
-    end
-    def type
-      bundler_source = specified_source || default_source
-      type_of(bundler_source)
-    end
-    def latest_git_version(dependency_source_url:, dependency_source_branch:)
-      source = Bundler::Source::Git.new(
-        "uri" => dependency_source_url,
-        "branch" => dependency_source_branch,
-        "name" => dependency_name,
-        "submodules" => true
-      )
-      # Tell Bundler we're fine with fetching the source remotely
-      source.instance_variable_set(:@allow_remote, true)
-      spec = source.specs.first
-      { version: spec.version, commit_sha: spec.source.revision }
-    end
-    def private_registry_versions
-      bundler_source = specified_source || default_source
-      bundler_source
-        .fetchers.flat_map do |fetcher|
-          fetcher
-            .specs_with_retry([dependency_name], bundler_source)
-            .search_all(dependency_name)
-        end
-        .map(&:version)
-    end
-    private
-    def type_of(bundler_source)
-      case bundler_source
-      when Bundler::Source::Rubygems
-        remote = bundler_source.remotes.first
-        if remote.nil? || remote.to_s == "https://rubygems.org/"
-          RUBYGEMS
-        else
-          PRIVATE_REGISTRY
-        end
-      when Bundler::Source::Git
-        GIT
-      else
-        OTHER
-      end
-    end
-    def specified_source
-      return @specified_source if defined? @specified_source
-      @specified_source = definition.dependencies
-                                    .find { |dep| dep.name == dependency_name }&.source
-    end
-    def default_source
-      definition.send(:sources).default_source
-    end
-    def definition
-      @definition ||= Bundler::Definition.build(gemfile_name, nil, {})
-    end
-    def serialize_bundler_source(source)
-      {
-        type: source.class.to_s
-      }
-    end
-  end
-end

data/helpers/v1/lib/functions/file_parser.rb DELETED Viewed

@@ -1,119 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-require "uri"
-module Functions
-  class FileParser
-    def initialize(lockfile_name:)
-      @lockfile_name = lockfile_name
-    end
-    attr_reader :lockfile_name
-    def parsed_gemfile(gemfile_name:)
-      Bundler::Definition.build(gemfile_name, nil, {})
-                         .dependencies.select(&:current_platform?)
-                         .reject { |dep| local_sources.include?(dep.source.class) }
-                         .map { |dep| serialize_bundler_dependency(dep) }
-    end
-    def parsed_gemspec(gemspec_name:)
-      Bundler.load_gemspec_uncached(gemspec_name)
-             .dependencies
-             .map { |dep| serialize_bundler_dependency(dep) }
-    end
-    private
-    def lockfile
-      return @lockfile if defined?(@lockfile)
-      @lockfile =
-        begin
-          return unless lockfile_name && File.exist?(lockfile_name)
-          File.read(lockfile_name)
-        end
-    end
-    def parsed_lockfile
-      return unless lockfile
-      @parsed_lockfile ||= Bundler::LockfileParser.new(lockfile)
-    end
-    def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
-    end
-    def source_for(dependency)
-      source = dependency.source
-      if lockfile && default_rubygems?(source)
-        # If there's a lockfile and the Gemfile doesn't have anything
-        # interesting to say about the source, check that.
-        source = source_from_lockfile(dependency.name)
-      end
-      raise "Bad source: #{source}" unless sources.include?(source.class)
-      return nil if default_rubygems?(source)
-      details = { type: source.class.name.split("::").last.downcase }
-      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
-      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
-      details
-    end
-    def git_source_details(source)
-      {
-        url: source.uri,
-        branch: source.branch,
-        ref: source.ref
-      }
-    end
-    RUBYGEMS_HOSTS = [
-      "rubygems.org",
-      "www.rubygems.org"
-    ].freeze
-    def default_rubygems?(source)
-      return true if source.nil?
-      return false unless source.is_a?(Bundler::Source::Rubygems)
-      source.remotes.any? do |r|
-        RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
-      end
-    end
-    def serialize_bundler_dependency(dependency)
-      {
-        name: dependency.name,
-        requirement: dependency.requirement,
-        groups: dependency.groups,
-        source: source_for(dependency),
-        type: dependency.type
-      }
-    end
-    # Can't be a constant because some of these don't exist in bundler
-    # 1.15, which used to cause issues on Heroku (causing exception on boot).
-    # TODO: Check if this will be an issue with multiple bundler versions
-    def sources
-      [
-        NilClass,
-        Bundler::Source::Rubygems,
-        Bundler::Source::Git,
-        *local_sources,
-        Bundler::Source::Metadata
-      ]
-    end
-    def local_sources
-      [
-        Bundler::Source::Path,
-        Bundler::Source::Gemspec
-      ]
-    end
-  end
-end