dependabot-bundler 0.293.0 → 0.295.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v2/monkey_patches/git_source_patch.rb +1 -1
  3. data/lib/dependabot/bundler/file_parser/file_preparer.rb +1 -1
  4. data/lib/dependabot/bundler/file_updater/gemfile_updater.rb +28 -10
  5. data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb +10 -1
  6. data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb +47 -4
  7. data/lib/dependabot/bundler/file_updater/gemspec_updater.rb +23 -11
  8. data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb +9 -3
  9. data/lib/dependabot/bundler/update_checker/force_updater.rb +12 -0
  10. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c55f6a2180b66147c8e9a848447d253edbc94e067e93664e2bf299adee37d1c7
4
- data.tar.gz: 2836e8a29140eba59fdb5e6a16e3e460c236007c9d2c1f9c2b7444f0500510f9
3
+ metadata.gz: 532e630972469774f8e29af1f314691ee4ed0ad880860c01675d54c1f10590d8
4
+ data.tar.gz: 2912cadecb1d9fec7fd793ec2ab7e17bf5e807fe0ab86d3cda574e6acbe569d8
5
5
  SHA512:
6
- metadata.gz: 77ebfa910168259f5ce8228794e090aee255720ce2f1b9ba39b734909d1fdc148b6536d83cc405930e2df4eb6aeb8d48f86837d7aa5a5d73ab001fbb4413788c
7
- data.tar.gz: 6daa5c21ed5d6fb37e1c9dc3f41385bf43e90e66934bd346f2262641202681727b6915539deef5f60e423bdef0a932a5efbc9922b9473533183fbba559ba61a4
6
+ metadata.gz: 335795149b582fdc7ed996ad5ed20e3ca5736facc4f557aaddb811198eb319ba8ae30dbbf31ae36bba9e06eb67e509c21a6543f8154a7827dea28f2992cc0474
7
+ data.tar.gz: 25e3ca306fecb0e2f4ca0f1c66682d6b43336bbfec71b73674dca2cfbc7d1ee15f03b7110d74639872496692729cad18a613a5ba00fa0050554e880550e13086
data/helpers/v2/monkey_patches/git_source_patch.rb CHANGED
@@ -55,7 +55,7 @@ module Bundler
55
55
  spec = Bundler.load_gemspec(spec_path)
56
56
  next unless spec
57
57
 
58
- Bundler.rubygems.set_installed_by_version(spec)
58
+ spec.installed_by_version = Gem::VERSION
59
59
  Bundler.rubygems.validate(spec)
60
60
  File.binwrite(spec_path, spec.to_ruby)
61
61
  end
data/lib/dependabot/bundler/file_parser/file_preparer.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
data/lib/dependabot/bundler/file_updater/gemfile_updater.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/bundler/file_updater"
@@ -7,19 +7,23 @@ module Dependabot
7
7
  module Bundler
8
8
  class FileUpdater
9
9
  class GemfileUpdater
10
+ extend T::Sig
11
+
10
12
  GEMFILE_FILENAMES = %w(Gemfile gems.rb).freeze
11
13
 
12
14
  require_relative "git_pin_replacer"
13
15
  require_relative "git_source_remover"
14
16
  require_relative "requirement_replacer"
15
17
 
18
+ sig { params(dependencies: T::Array[Dependabot::Dependency], gemfile: Dependabot::DependencyFile).void }
16
19
  def initialize(dependencies:, gemfile:)
17
20
  @dependencies = dependencies
18
21
  @gemfile = gemfile
19
22
  end
20
23
 
24
+ sig { returns(String) }
21
25
  def updated_gemfile_content
22
- content = gemfile.content
26
+ content = T.must(gemfile.content)
23
27
 
24
28
  dependencies.each do |dependency|
25
29
  content = replace_gemfile_version_requirement(
@@ -38,21 +42,27 @@ module Dependabot
38
42
 
39
43
  private
40
44
 
45
+ sig { returns(T::Array[Dependabot::Dependency]) }
41
46
  attr_reader :dependencies
47
+
48
+ sig { returns(Dependabot::DependencyFile) }
42
49
  attr_reader :gemfile
43
50
 
51
+ sig do
52
+ params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
53
+ end
44
54
  def replace_gemfile_version_requirement(dependency, file, content)
45
55
  return content unless requirement_changed?(file, dependency)
46
56
 
47
57
  updated_requirement =
48
58
  dependency.requirements
49
59
  .find { |r| r[:file] == file.name }
50
- .fetch(:requirement)
60
+ &.fetch(:requirement)
51
61
 
52
62
  previous_requirement =
53
63
  dependency.previous_requirements
54
- .find { |r| r[:file] == file.name }
55
- .fetch(:requirement)
64
+ &.find { |r| r[:file] == file.name }
65
+ &.fetch(:requirement)
56
66
 
57
67
  RequirementReplacer.new(
58
68
  dependency: dependency,
@@ -62,17 +72,19 @@ module Dependabot
62
72
  ).rewrite(content)
63
73
  end
64
74
 
75
+ sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
65
76
  def requirement_changed?(file, dependency)
66
77
  changed_requirements =
67
- dependency.requirements - dependency.previous_requirements
78
+ dependency.requirements - T.must(dependency.previous_requirements)
68
79
 
69
80
  changed_requirements.any? { |f| f[:file] == file.name }
70
81
  end
71
82
 
83
+ sig { params(dependency: Dependabot::Dependency).returns(T::Boolean) }
72
84
  def remove_git_source?(dependency)
73
85
  old_gemfile_req =
74
86
  dependency.previous_requirements
75
- .find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
87
+ &.find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
76
88
 
77
89
  return false unless old_gemfile_req&.dig(:source, :type) == "git"
78
90
 
@@ -80,9 +92,10 @@ module Dependabot
80
92
  dependency.requirements
81
93
  .find { |f| GEMFILE_FILENAMES.include?(f[:file]) }
82
94
 
83
- new_gemfile_req[:source].nil?
95
+ T.must(new_gemfile_req)[:source].nil?
84
96
  end
85
97
 
98
+ sig { params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile).returns(T::Boolean) }
86
99
  def update_git_pin?(dependency, file)
87
100
  new_gemfile_req =
88
101
  dependency.requirements
@@ -91,18 +104,23 @@ module Dependabot
91
104
 
92
105
  # If the new requirement is a git dependency with a ref then there's
93
106
  # no harm in doing an update
94
- new_gemfile_req.dig(:source, :ref)
107
+ !T.must(new_gemfile_req).dig(:source, :ref).nil?
95
108
  end
96
109
 
110
+ sig { params(dependency: Dependabot::Dependency, content: String).returns(String) }
97
111
  def remove_gemfile_git_source(dependency, content)
98
112
  GitSourceRemover.new(dependency: dependency).rewrite(content)
99
113
  end
100
114
 
115
+ sig do
116
+ params(dependency: Dependabot::Dependency, file: Dependabot::DependencyFile, content: String).returns(String)
117
+ end
101
118
  def update_gemfile_git_pin(dependency, file, content)
102
119
  new_pin =
103
120
  dependency.requirements
104
121
  .find { |f| f[:file] == file.name }
105
- .fetch(:source).fetch(:ref)
122
+ &.fetch(:source)
123
+ &.fetch(:ref)
106
124
 
107
125
  GitPinReplacer
108
126
  .new(dependency: dependency, new_pin: new_pin)
data/lib/dependabot/bundler/file_updater/gemspec_dependency_name_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
@@ -8,13 +8,20 @@ module Dependabot
8
8
  module Bundler
9
9
  class FileUpdater
10
10
  class GemspecDependencyNameFinder
11
+ extend T::Sig
12
+
13
+ ChildNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, String, Integer, Float)) }
14
+
15
+ sig { returns(String) }
11
16
  attr_reader :gemspec_content
12
17
 
18
+ sig { params(gemspec_content: String).void }
13
19
  def initialize(gemspec_content:)
14
20
  @gemspec_content = gemspec_content
15
21
  end
16
22
 
17
23
  # rubocop:disable Security/Eval
24
+ sig { returns(T.nilable(String)) }
18
25
  def dependency_name
19
26
  ast = Parser::CurrentRuby.parse(gemspec_content)
20
27
  dependency_name_node = find_dependency_name_node(ast)
@@ -30,6 +37,7 @@ module Dependabot
30
37
 
31
38
  private
32
39
 
40
+ sig { params(node: ChildNode).returns(T.nilable(Parser::AST::Node)) }
33
41
  def find_dependency_name_node(node)
34
42
  return unless node.is_a?(Parser::AST::Node)
35
43
  return node if declares_dependency_name?(node)
@@ -40,6 +48,7 @@ module Dependabot
40
48
  end
41
49
  end
42
50
 
51
+ sig { params(node: ChildNode).returns(T::Boolean) }
43
52
  def declares_dependency_name?(node)
44
53
  return false unless node.is_a?(Parser::AST::Node)
45
54
 
data/lib/dependabot/bundler/file_updater/gemspec_sanitizer.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "parser/current"
@@ -8,6 +8,8 @@ module Dependabot
8
8
  module Bundler
9
9
  class FileUpdater
10
10
  class GemspecSanitizer
11
+ extend T::Sig
12
+
11
13
  UNNECESSARY_ASSIGNMENTS = %i(
12
14
  bindir=
13
15
  cert_chain=
@@ -23,12 +25,15 @@ module Dependabot
23
25
  rdoc_options=
24
26
  ).freeze
25
27
 
28
+ sig { returns(String) }
26
29
  attr_reader :replacement_version
27
30
 
31
+ sig { params(replacement_version: T.any(String, Integer, Gem::Version)).void }
28
32
  def initialize(replacement_version:)
29
- @replacement_version = replacement_version
33
+ @replacement_version = T.let(replacement_version.to_s, String)
30
34
  end
31
35
 
36
+ sig { params(content: String).returns(String) }
32
37
  def rewrite(content)
33
38
  buffer = Parser::Source::Buffer.new("(gemspec_content)")
34
39
  buffer.source = content
@@ -47,10 +52,16 @@ module Dependabot
47
52
  end
48
53
 
49
54
  class Rewriter < Parser::TreeRewriter
55
+ extend T::Sig
56
+
57
+ ParserNode = T.type_alias { T.nilable(T.any(Parser::AST::Node, Symbol, Integer, String, Float)) }
58
+
59
+ sig { params(replacement_version: String).void }
50
60
  def initialize(replacement_version:)
51
61
  @replacement_version = replacement_version
52
62
  end
53
63
 
64
+ sig { params(node: Parser::AST::Node).void }
54
65
  def on_send(node)
55
66
  # Wrap any `require` or `require_relative` calls in a rescue
56
67
  # block, as we might not have the required files
@@ -82,12 +93,15 @@ module Dependabot
82
93
 
83
94
  private
84
95
 
96
+ sig { returns(String) }
85
97
  attr_reader :replacement_version
86
98
 
99
+ sig { params(node: Parser::AST::Node).returns(T::Boolean) }
87
100
  def requires_file?(node)
88
101
  %i(require require_relative).include?(node.children[1])
89
102
  end
90
103
 
104
+ sig { params(node: Parser::AST::Node).void }
91
105
  def wrap_require(node)
92
106
  replace(
93
107
  node.loc.expression,
@@ -98,6 +112,7 @@ module Dependabot
98
112
  )
99
113
  end
100
114
 
115
+ sig { params(node: ParserNode).void }
101
116
  def replace_version_assignments(node)
102
117
  return unless node.is_a?(Parser::AST::Node)
103
118
 
@@ -106,6 +121,7 @@ module Dependabot
106
121
  node.children.each { |child| replace_version_assignments(child) }
107
122
  end
108
123
 
124
+ sig { params(node: ParserNode).void }
109
125
  def replace_version_constant_references(node)
110
126
  return unless node.is_a?(Parser::AST::Node)
111
127
 
@@ -116,6 +132,7 @@ module Dependabot
116
132
  end
117
133
  end
118
134
 
135
+ sig { params(node: ParserNode).void }
119
136
  def replace_file_assignments(node)
120
137
  return unless node.is_a?(Parser::AST::Node)
121
138
 
@@ -124,6 +141,7 @@ module Dependabot
124
141
  node.children.each { |child| replace_file_assignments(child) }
125
142
  end
126
143
 
144
+ sig { params(node: ParserNode).void }
127
145
  def replace_require_paths_assignments(node)
128
146
  return unless node.is_a?(Parser::AST::Node)
129
147
 
@@ -134,6 +152,7 @@ module Dependabot
134
152
  end
135
153
  end
136
154
 
155
+ sig { params(node: ParserNode).returns(T::Boolean) }
137
156
  def node_assigns_to_version_constant?(node)
138
157
  return false unless node.is_a?(Parser::AST::Node)
139
158
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -146,6 +165,7 @@ module Dependabot
146
165
  node_interpolates_version_constant?(node.children.last)
147
166
  end
148
167
 
168
+ sig { params(node: ParserNode).returns(T::Boolean) }
149
169
  def node_assigns_files_to_var?(node)
150
170
  return false unless node.is_a?(Parser::AST::Node)
151
171
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -155,6 +175,7 @@ module Dependabot
155
175
  node_dynamically_lists_files?(node.children[2])
156
176
  end
157
177
 
178
+ sig { params(node: ParserNode).returns(T::Boolean) }
158
179
  def node_dynamically_lists_files?(node)
159
180
  return false unless node.is_a?(Parser::AST::Node)
160
181
 
@@ -163,6 +184,7 @@ module Dependabot
163
184
  node.type == :block && node.children.first&.type == :send
164
185
  end
165
186
 
187
+ sig { params(node: ParserNode).returns(T::Boolean) }
166
188
  def node_assigns_require_paths?(node)
167
189
  return false unless node.is_a?(Parser::AST::Node)
168
190
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -171,6 +193,7 @@ module Dependabot
171
193
  node.children[1] == :require_paths=
172
194
  end
173
195
 
196
+ sig { params(node: ParserNode).void }
174
197
  def replace_file_reads(node)
175
198
  return unless node.is_a?(Parser::AST::Node)
176
199
  return if node.children[1] == :version=
@@ -180,6 +203,7 @@ module Dependabot
180
203
  node.children.each { |child| replace_file_reads(child) }
181
204
  end
182
205
 
206
+ sig { params(node: ParserNode).returns(T::Boolean) }
183
207
  def node_reads_a_file?(node)
184
208
  return false unless node.is_a?(Parser::AST::Node)
185
209
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -189,6 +213,7 @@ module Dependabot
189
213
  node.children[1] == :read
190
214
  end
191
215
 
216
+ sig { params(node: ParserNode).returns(T::Boolean) }
192
217
  def node_uses_readlines?(node)
193
218
  return false unless node.is_a?(Parser::AST::Node)
194
219
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -198,6 +223,7 @@ module Dependabot
198
223
  node.children[1] == :readlines
199
224
  end
200
225
 
226
+ sig { params(node: ParserNode).void }
201
227
  def replace_json_parses(node)
202
228
  return unless node.is_a?(Parser::AST::Node)
203
229
  return if node.children[1] == :version=
@@ -206,6 +232,7 @@ module Dependabot
206
232
  node.children.each { |child| replace_json_parses(child) }
207
233
  end
208
234
 
235
+ sig { params(node: ParserNode).returns(T::Boolean) }
209
236
  def node_parses_json?(node)
210
237
  return false unless node.is_a?(Parser::AST::Node)
211
238
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -215,6 +242,7 @@ module Dependabot
215
242
  node.children[1] == :parse
216
243
  end
217
244
 
245
+ sig { params(node: ParserNode).void }
218
246
  def remove_find_dot_find_args(node)
219
247
  return unless node.is_a?(Parser::AST::Node)
220
248
  return if node.children[1] == :version=
@@ -223,6 +251,7 @@ module Dependabot
223
251
  node.children.each { |child| remove_find_dot_find_args(child) }
224
252
  end
225
253
 
254
+ sig { params(node: ParserNode).returns(T::Boolean) }
226
255
  def node_calls_find_dot_find?(node)
227
256
  return false unless node.is_a?(Parser::AST::Node)
228
257
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -232,6 +261,7 @@ module Dependabot
232
261
  node.children[1] == :find
233
262
  end
234
263
 
264
+ sig { params(node: ParserNode).void }
235
265
  def remove_unnecessary_assignments(node)
236
266
  return unless node.is_a?(Parser::AST::Node)
237
267
 
@@ -247,8 +277,9 @@ module Dependabot
247
277
  end
248
278
  end
249
279
 
280
+ sig { params(node: ParserNode).returns(T::Boolean) }
250
281
  def node_includes_heredoc?(node)
251
- find_heredoc_end_range(node)
282
+ !!find_heredoc_end_range(node)
252
283
  end
253
284
 
254
285
  # Performs a depth-first search for the first heredoc in the given
@@ -256,6 +287,7 @@ module Dependabot
256
287
  #
257
288
  # Returns a Parser::Source::Range identifying the location of the end
258
289
  # of the heredoc, or nil if no heredoc was found.
290
+ sig { params(node: ParserNode).returns(T.nilable(Parser::Source::Range)) }
259
291
  def find_heredoc_end_range(node)
260
292
  return unless node.is_a?(Parser::AST::Node)
261
293
 
@@ -271,6 +303,7 @@ module Dependabot
271
303
  nil
272
304
  end
273
305
 
306
+ sig { params(node: ParserNode).returns(T::Boolean) }
274
307
  def unnecessary_assignment?(node)
275
308
  return false unless node.is_a?(Parser::AST::Node)
276
309
  return false unless node.children.first.is_a?(Parser::AST::Node)
@@ -278,9 +311,10 @@ module Dependabot
278
311
  return true if node.children.first.type == :lvar &&
279
312
  UNNECESSARY_ASSIGNMENTS.include?(node.children[1])
280
313
 
281
- node.children[1] == :[]= && node.children.first.children.last
314
+ !!(node.children[1] == :[]= && node.children.first.children.last)
282
315
  end
283
316
 
317
+ sig { params(node: ParserNode).returns(T::Boolean) }
284
318
  def node_is_version_constant?(node)
285
319
  return false unless node.is_a?(Parser::AST::Node)
286
320
  return false unless node.type == :const
@@ -288,6 +322,7 @@ module Dependabot
288
322
  node.children.last.to_s.match?(/version/i)
289
323
  end
290
324
 
325
+ sig { params(node: ParserNode).returns(T::Boolean) }
291
326
  def node_calls_version_constant?(node)
292
327
  return false unless node.is_a?(Parser::AST::Node)
293
328
  return false unless node.type == :send
@@ -295,6 +330,7 @@ module Dependabot
295
330
  node.children.any? { |n| node_is_version_constant?(n) }
296
331
  end
297
332
 
333
+ sig { params(node: ParserNode).returns(T::Boolean) }
298
334
  def node_interpolates_version_constant?(node)
299
335
  return false unless node.is_a?(Parser::AST::Node)
300
336
  return false unless node.type == :dstr
@@ -305,6 +341,7 @@ module Dependabot
305
341
  .any? { |n| node_is_version_constant?(n) }
306
342
  end
307
343
 
344
+ sig { params(node: Parser::AST::Node).void }
308
345
  def replace_constant(node)
309
346
  case node.children.last&.type
310
347
  when :str, :int then nil # no-op
@@ -318,18 +355,22 @@ module Dependabot
318
355
  end
319
356
  end
320
357
 
358
+ sig { params(node: Parser::AST::Node).void }
321
359
  def replace_file_assignment(node)
322
360
  replace(node.children.last.loc.expression, "[]")
323
361
  end
324
362
 
363
+ sig { params(node: Parser::AST::Node).void }
325
364
  def replace_require_paths_assignment(node)
326
365
  replace(node.children.last.loc.expression, "['lib']")
327
366
  end
328
367
 
368
+ sig { params(node: Parser::AST::Node).void }
329
369
  def replace_file_read(node)
330
370
  replace(node.loc.expression, %("#{replacement_version}"))
331
371
  end
332
372
 
373
+ sig { params(node: Parser::AST::Node).void }
333
374
  def replace_json_parse(node)
334
375
  replace(
335
376
  node.loc.expression,
@@ -337,10 +378,12 @@ module Dependabot
337
378
  )
338
379
  end
339
380
 
381
+ sig { params(node: Parser::AST::Node).void }
340
382
  def replace_file_readlines(node)
341
383
  replace(node.loc.expression, %(["#{replacement_version}"]))
342
384
  end
343
385
 
386
+ sig { params(node: Parser::AST::Node).void }
344
387
  def remove_find_args(node)
345
388
  last_arg = node.children.last
346
389
 
data/lib/dependabot/bundler/file_updater/gemspec_updater.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/bundler/file_updater"
@@ -9,13 +9,17 @@ module Dependabot
9
9
  class GemspecUpdater
10
10
  require_relative "requirement_replacer"
11
11
 
12
+ extend T::Sig
13
+
14
+ sig { params(dependencies: T::Array[Dependabot::Dependency], gemspec: Dependabot::DependencyFile).void }
12
15
  def initialize(dependencies:, gemspec:)
13
- @dependencies = dependencies
14
- @gemspec = gemspec
16
+ @dependencies = T.let(dependencies, T::Array[Dependabot::Dependency])
17
+ @gemspec = T.let(gemspec, Dependabot::DependencyFile)
15
18
  end
16
19
 
20
+ sig { returns(String) }
17
21
  def updated_gemspec_content
18
- content = gemspec.content
22
+ content = T.let(T.must(gemspec.content), String)
19
23
 
20
24
  dependencies.each do |dependency|
21
25
  content = replace_gemspec_version_requirement(
@@ -28,21 +32,28 @@ module Dependabot
28
32
 
29
33
  private
30
34
 
35
+ sig { returns(T::Array[Dependabot::Dependency]) }
31
36
  attr_reader :dependencies
37
+
38
+ sig { returns(Dependabot::DependencyFile) }
32
39
  attr_reader :gemspec
33
40
 
41
+ sig do
42
+ params(gemspec: Dependabot::DependencyFile, dependency: Dependabot::Dependency,
43
+ content: String).returns(String)
44
+ end
34
45
  def replace_gemspec_version_requirement(gemspec, dependency, content)
35
46
  return content unless requirement_changed?(gemspec, dependency)
36
47
 
37
48
  updated_requirement =
38
- dependency.requirements
39
- .find { |r| r[:file] == gemspec.name }
40
- .fetch(:requirement)
49
+ T.must(dependency.requirements
50
+ .find { |r| r[:file] == gemspec.name })
51
+ .fetch(:requirement)
41
52
 
42
53
  previous_requirement =
43
- dependency.previous_requirements
44
- .find { |r| r[:file] == gemspec.name }
45
- .fetch(:requirement)
54
+ T.must(T.must(dependency.previous_requirements)
55
+ .find { |r| r[:file] == gemspec.name })
56
+ .fetch(:requirement)
46
57
 
47
58
  RequirementReplacer.new(
48
59
  dependency: dependency,
@@ -52,9 +63,10 @@ module Dependabot
52
63
  ).rewrite(content)
53
64
  end
54
65
 
66
+ sig { params(file: Dependabot::DependencyFile, dependency: Dependabot::Dependency).returns(T::Boolean) }
55
67
  def requirement_changed?(file, dependency)
56
68
  changed_requirements =
57
- dependency.requirements - dependency.previous_requirements
69
+ dependency.requirements - T.must(dependency.previous_requirements)
58
70
 
59
71
  changed_requirements.any? { |f| f[:file] == file.name }
60
72
  end
data/lib/dependabot/bundler/file_updater/ruby_requirement_setter.rb CHANGED
@@ -9,12 +9,12 @@ module Dependabot
9
9
  module Bundler
10
10
  class FileUpdater
11
11
  class RubyRequirementSetter
12
- class RubyVersionNotFound < StandardError; end
13
-
14
12
  RUBY_VERSIONS = %w(
15
13
  1.8.7 1.9.3 2.0.0 2.1.10 2.2.10 2.3.8 2.4.10 2.5.9 2.6.9 2.7.6 3.0.6 3.1.6 3.2.4 3.3.6
16
14
  ).freeze
17
15
 
16
+ LANGUAGE = "ruby"
17
+
18
18
  attr_reader :gemspec
19
19
 
20
20
  def initialize(gemspec:)
@@ -62,7 +62,13 @@ module Dependabot
62
62
  .map { |v| Gem::Version.new(v) }.sort
63
63
  .find { |v| requirement.satisfied_by?(v) }
64
64
 
65
- raise RubyVersionNotFound unless ruby_version
65
+ unless ruby_version
66
+ raise ToolVersionNotSupported.new(
67
+ LANGUAGE,
68
+ requirement.to_s,
69
+ RUBY_VERSIONS.join(", ")
70
+ )
71
+ end
66
72
 
67
73
  ruby_version
68
74
  end
data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED
@@ -52,6 +52,9 @@ module Dependabot
52
52
 
53
53
  def force_update
54
54
  requirement = dependency.requirements.find { |req| req[:file] == gemfile.name }
55
+
56
+ valid_gem_version?(target_version)
57
+
55
58
  manifest_requirement_not_satisfied = requirement && !Requirement.satisfied_by?(requirement, target_version)
56
59
 
57
60
  if manifest_requirement_not_satisfied && requirements_update_strategy.lockfile_only?
@@ -80,6 +83,15 @@ module Dependabot
80
83
  end
81
84
  end
82
85
 
86
+ def valid_gem_version?(target_version)
87
+ # to rule out empty, non gem info ending up in as target_version
88
+ return true if target_version.is_a?(Gem::Version)
89
+
90
+ Dependabot.logger.warn("Bundler force update called with a non-Gem::Version #{target_version}")
91
+
92
+ raise Dependabot::DependencyFileNotResolvable
93
+ end
94
+
83
95
  def original_dependencies
84
96
  @original_dependencies ||=
85
97
  FileParser.new(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.293.0
4
+ version: 0.295.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-16 00:00:00.000000000 Z
11
+ date: 2025-01-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.293.0
19
+ version: 0.295.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.293.0
26
+ version: 0.295.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
322
322
  - MIT
323
323
  metadata:
324
324
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
325
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
326
326
  post_install_message:
327
327
  rdoc_options: []
328
328
  require_paths: