dependabot-bundler 0.284.0 → 0.286.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48a9435c67c8a6b58134c7a80486d74ab609273e937c10eed74191426d6cded8
-  data.tar.gz: a139d9cc839fddffc0e0ca6ef3b8a7ab87d9a1ae2d82e5404e16b1823502cf2e
+  metadata.gz: 0ce0397383ee54f28c18dd936362de171d27f055d66754451e17ba8c57e4885a
+  data.tar.gz: 49ac7f319dcb2c6b7a84d434b171cb66ec4757db1f6f68c92be8e3a3b3f448e2
 SHA512:
-  metadata.gz: 9612d984f30f3e0cfa5079a1c34be49112fe4de0e93aabca848a70f5438ae722acd958746950f7ff94404f66ce14bc50ec8604014e933e7877d7fb0cdf013bdc
-  data.tar.gz: c2edeee8f3df7b37c19b747b4e54a6d34846efde4ab76a26d14302124432b77901c57afedc3cad21a95695c619f445b7d08e10dfa72e882fe8fc7688367b5e9c
+  metadata.gz: 87221c02650ec120d7dce3b5f65386f9585d2554ced84b6d7ead43449871955a13e621a2cf1d72ad8442caf598105c0bfda19f16e0d17f3d36a848c1d85fb250
+  data.tar.gz: a0a20ecf386feb119de3b653f6fb598a061bda76521c456c713b5683cf2d94ec945b37fa4fa3e01471bee97e5de8888a7638caf014cc5afd8ddb7f7ad3ad1054

data/helpers/v2/lib/functions.rb

@@ -173,4 +173,12 @@ module Functions
     credentials
       .select { |cred| cred["type"] == "git_source" }
   end
+
+  def self.bundler_raw_version
+    Bundler::VERSION
+  end
+
+  def self.ruby_raw_version
+    RUBY_VERSION
+  end
 end

data/lib/dependabot/bundler/file_parser.rb

@@ -2,6 +2,8 @@
 # frozen_string_literal: true
 
 require "parallel"
+require "dependabot/bundler/language"
+require "dependabot/bundler/package_manager"
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
@@ -37,7 +39,8 @@ module Dependabot
         @ecosystem ||= T.let(
           Ecosystem.new(
             name: ECOSYSTEM,
-            package_manager: package_manager
+            package_manager: package_manager,
+            language: language
           ),
           T.nilable(Ecosystem)
         )
@@ -47,7 +50,28 @@ module Dependabot
 
       sig { returns(Ecosystem::VersionManager) }
       def package_manager
-        PackageManager.new(bundler_version)
+        @package_manager ||= PackageManager.new(bundler_raw_version, package_manager_requirement)
+      end
+
+      def package_manager_requirement
+        @package_manager_requirement ||= Helpers.dependency_requirement(
+          Helpers::BUNDLER_GEM_NAME, dependency_files
+        )
+      end
+
+      sig { returns(T.nilable(Ecosystem::VersionManager)) }
+      def language
+        return @language if defined?(@language)
+
+        return nil if package_manager.unsupported?
+
+        Language.new(ruby_raw_version, language_requirement)
+      end
+
+      def language_requirement
+        @language_requirement ||= Helpers.dependency_requirement(
+          Helpers::LANGUAGE, dependency_files
+        )
       end
 
       def check_external_code(dependencies)
@@ -327,6 +351,51 @@ module Dependabot
           .reject { |f| f.name == "gems.rb" }
       end
 
+      sig { returns(String) }
+      def bundler_raw_version
+        return bundler_raw_version if defined?(@bundler_raw_version)
+
+        package_manager = PackageManager.new(bundler_version)
+
+        # If the selected version is unsupported, an unsupported error will be raised,
+        # so there’s no need to attempt retrieving the raw version.
+        return bundler_version if package_manager.unsupported?
+
+        # read raw version directly from the ecosystem environment
+        bundler_raw_version = SharedHelpers.in_a_temporary_repo_directory(
+          base_directory,
+          repo_contents_path
+        ) do
+          write_temporary_dependency_files
+          NativeHelpers.run_bundler_subprocess(
+            function: "bundler_raw_version",
+            args: {},
+            bundler_version: bundler_version,
+            options: { timeout_per_operation_seconds: 10 }
+          )
+        end
+        bundler_raw_version || ::Bundler::VERSION
+      end
+
+      sig { returns(String) }
+      def ruby_raw_version
+        return @ruby_raw_version if defined?(@ruby_raw_version)
+
+        ruby_raw_version = SharedHelpers.in_a_temporary_repo_directory(
+          base_directory,
+          repo_contents_path
+        ) do
+          write_temporary_dependency_files
+          NativeHelpers.run_bundler_subprocess(
+            function: "ruby_raw_version",
+            args: {},
+            bundler_version: bundler_version,
+            options: { timeout_per_operation_seconds: 10 }
+          )
+        end
+        ruby_raw_version || RUBY_VERSION
+      end
+
       sig { returns(String) }
       def bundler_version
         @bundler_version ||= Helpers.bundler_version(lockfile)

data/lib/dependabot/bundler/helpers.rb

@@ -1,6 +1,8 @@
 # typed: strong
 # frozen_string_literal: true
 
+require "dependabot/bundler/requirement"
+
 module Dependabot
   module Bundler
     module Helpers
@@ -9,16 +11,21 @@ module Dependabot
 
       V1 = "1"
       V2 = "2"
-      # If we are updating a project with no Gemfile.lock, we default to the
-      # newest version we support
       DEFAULT = V2
       BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
+      RUBY_GEMFILE_REGEX = /^ruby\s+['"]([^'"]+)['"]/
+      RUBY_GEMSPEC_REGEX = /required_ruby_version\s+=\s+['"]([^'"]+)['"]/
+
+      GEMFILE = "Gemfile"
+      GEMSPEC_EXTENSION = ".gemspec"
+      BUNDLER_GEM_NAME = "bundler"
+      LANGUAGE = "ruby"
 
       sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
       def self.bundler_version(lockfile)
         return DEFAULT unless lockfile
 
-        if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
+        if (matches = T.let(lockfile.content, T.nilable(String))&.match(BUNDLER_MAJOR_VERSION_REGEX))
           matches[:version].to_i >= 2 ? V2 : V1
         else
           DEFAULT
@@ -29,12 +36,93 @@ module Dependabot
       def self.detected_bundler_version(lockfile)
         return "unknown" unless lockfile
 
-        if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
+        if (matches = T.let(lockfile.content, T.nilable(String))&.match(BUNDLER_MAJOR_VERSION_REGEX))
           matches[:version].to_i.to_s
         else
           "unspecified"
         end
       end
+
+      # Method to get the Requirement object for the 'bundler' dependency
+      sig do
+        params(
+          dependency_name: String,
+          files: T::Array[Dependabot::DependencyFile]
+        ).returns(T.nilable(Dependabot::Bundler::Requirement))
+      end
+      def self.dependency_requirement(dependency_name, files)
+        constraints = combined_dependency_constraints(files, dependency_name)
+        return nil if constraints.empty?
+
+        combined_constraint = constraints.join(", ")
+
+        Dependabot::Bundler::Requirement.new(combined_constraint)
+      rescue StandardError => e
+        Dependabot.logger.error(
+          "Failed to create Requirement with constraints '#{constraints&.join(', ')}': #{e.message}"
+        )
+        nil
+      end
+
+      # Method to gather and combine constraints for a specified dependency from multiple files
+      sig do
+        params(files: T::Array[Dependabot::DependencyFile], dependency_name: String).returns(T::Array[String])
+      end
+      def self.combined_dependency_constraints(files, dependency_name)
+        files.each_with_object([]) do |file, result|
+          content = file.content
+          next unless content
+
+          # Select the appropriate regex based on file type and dependency name
+          regex = if dependency_name == LANGUAGE
+                    ruby_version_regex(file.name)
+                  elsif file.name.end_with?(GEMFILE)
+                    gemfile_dependency_regex(dependency_name)
+                  elsif file.name.end_with?(GEMSPEC_EXTENSION)
+                    gemspec_dependency_regex(dependency_name)
+                  else
+                    next # Skip unsupported file types, including .ruby-version
+                  end
+
+          # If regex is nil (unsupported for this file type), skip to the next file
+          next unless regex
+
+          # Extract constraints using the chosen regex
+          result.concat(extract_constraints_from_file(content, regex))
+        end.uniq
+      end
+
+      # Method to generate the regex pattern for Ruby version in Gemfile or gemspec
+      sig { params(file_name: String).returns(T.nilable(Regexp)) }
+      def self.ruby_version_regex(file_name)
+        if file_name.end_with?(GEMFILE)
+          RUBY_GEMFILE_REGEX
+        elsif file_name.end_with?(GEMSPEC_EXTENSION)
+          RUBY_GEMSPEC_REGEX
+        end
+      end
+
+      # Method to generate the regex pattern for a dependency in a Gemfile
+      sig { params(dependency_name: String).returns(Regexp) }
+      def self.gemfile_dependency_regex(dependency_name)
+        /gem\s+['"]#{Regexp.escape(dependency_name)}['"](?:,\s*['"]([^'"]+)['"])?/
+      end
+
+      # Method to generate the regex pattern for a dependency in a gemspec file
+      sig { params(dependency_name: String).returns(Regexp) }
+      def self.gemspec_dependency_regex(dependency_name)
+        /add_(?:runtime_)?dependency\s+['"]#{Regexp.escape(dependency_name)}['"],\s*['"]([^'"]+)['"]/
+      end
+
+      # Extracts constraints from file content based on a dependency regex
+      sig { params(content: String, regex: Regexp).returns(T::Array[String]) }
+      def self.extract_constraints_from_file(content, regex)
+        if content.match(regex)
+          content.scan(regex).flatten
+        else
+          []
+        end
+      end
     end
   end
 end

data/lib/dependabot/bundler/language.rb

@@ -0,0 +1,21 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/bundler/version"
+require "dependabot/ecosystem"
+
+module Dependabot
+  module Bundler
+    LANGUAGE = "ruby"
+
+    class Language < Dependabot::Ecosystem::VersionManager
+      extend T::Sig
+
+      sig { params(raw_version: String, requirement: T.nilable(Requirement)).void }
+      def initialize(raw_version, requirement = nil)
+        super(LANGUAGE, Version.new(raw_version), [], [], requirement)
+      end
+    end
+  end
+end

data/lib/dependabot/bundler/package_manager.rb

@@ -4,6 +4,7 @@
 require "sorbet-runtime"
 require "dependabot/bundler/version"
 require "dependabot/ecosystem"
+require "dependabot/bundler/requirement"
 
 module Dependabot
   module Bundler
@@ -22,13 +23,19 @@ module Dependabot
     class PackageManager < Dependabot::Ecosystem::VersionManager
       extend T::Sig
 
-      sig { params(raw_version: String).void }
-      def initialize(raw_version)
+      sig do
+        params(
+          raw_version: String,
+          requirement: T.nilable(Requirement)
+        ).void
+      end
+      def initialize(raw_version, requirement = nil)
         super(
           PACKAGE_MANAGER,
           Version.new(raw_version),
           DEPRECATED_BUNDLER_VERSIONS,
           SUPPORTED_BUNDLER_VERSIONS,
+          requirement,
        )
       end
     end

data/lib/dependabot/bundler.rb

@@ -3,6 +3,8 @@
 
 # These all need to be required so the various classes can be registered in a
 # lookup table of package manager names to concrete classes.
+require "dependabot/bundler/language"
+require "dependabot/bundler/package_manager"
 require "dependabot/bundler/file_fetcher"
 require "dependabot/bundler/file_parser"
 require "dependabot/bundler/update_checker"
@@ -10,7 +12,6 @@ require "dependabot/bundler/file_updater"
 require "dependabot/bundler/metadata_finder"
 require "dependabot/bundler/requirement"
 require "dependabot/bundler/version"
-require "dependabot/bundler/package_manager"
 
 require "dependabot/pull_request_creator/labeler"
 Dependabot::PullRequestCreator::Labeler

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.284.0
+  version: 0.286.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-11-05 00:00:00.000000000 Z
+date: 2024-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.284.0
+        version: 0.286.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.284.0
+        version: 0.286.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -302,6 +302,7 @@ files:
 - lib/dependabot/bundler/file_updater/requirement_replacer.rb
 - lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb
 - lib/dependabot/bundler/helpers.rb
+- lib/dependabot/bundler/language.rb
 - lib/dependabot/bundler/metadata_finder.rb
 - lib/dependabot/bundler/native_helpers.rb
 - lib/dependabot/bundler/package_manager.rb
@@ -321,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.284.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.286.0
 post_install_message: 
 rdoc_options: []
 require_paths: