RubyGems - dependabot-bundler - Versions diffs - 0.340.0 → 0.342.1 - Mend

dependabot-bundler 0.340.0 → 0.342.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/bundler/file_updater.rb +0 -10
data/lib/dependabot/bundler/package/package_details_fetcher.rb +52 -8
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c0b0c9d7a2a331fb66c6ac05cd0d7675f814fa463f7ff6708ce1e6f67d4dd84
-  data.tar.gz: e99f4c6991029f7f44fc0a82c79298e7b57ca5e52e723abcf7e0a29f23635d2e
+  metadata.gz: 1fd1b0a746b772dd5ae81c3399691e073fa0bea9e6a55b38f65694193b6b77df
+  data.tar.gz: 26550eae8dd5e1a2d89309a16b51437ec33f213c645ecf8a7636af5c756ac3f4
 SHA512:
-  metadata.gz: 20b5302d3448988548f0db9552f19d2ef7093dfde8913ac2daba6c36b302db351672a1e869805165489068e1a9dace40b149317df99ecf45063c1025e0f48df8
-  data.tar.gz: 20c66bb7c4d1293f0fb19f3f5ebec61de873f3a21066b6d4ee9935d0bb858151d381c91e2f5979bd727b226fd787de6f1f8fd71b1f9979dfc54a5d9aad124f04
+  metadata.gz: 4c6c5aed0c04d9aef96f30e967269fa0f7d7387b7596cc835264933c08746d72c13aaf2f1d4035b72d98f15fa9c42e01d06634a348b0a023d783d44ffeafcdd8
+  data.tar.gz: '0693c436743e2fb012bdd559d0af5893c386940920894975a84a731c7aa89d138fab157e3533d7561d68962b9eea2e5ca77452b4f767701f7ee240513bae0db6'

data/lib/dependabot/bundler/file_updater.rb CHANGED Viewed

@@ -18,16 +18,6 @@ module Dependabot
       require_relative "file_updater/gemspec_updater"
       require_relative "file_updater/lockfile_updater"
-      sig { override.returns(T::Array[Regexp]) }
-      def self.updated_files_regex
-        [
-          # Matches Gemfile, Gemfile.lock, gems.rb, gems.locked, .gemspec files, and anything in vendor directory
-          %r{^(Gemfile(\.lock)?|gems\.(rb|locked)|.*\.gemspec|vendor/.*)$},
-          # Matches the same files in any subdirectory
-          %r{^.*/(Gemfile|Gemfile\.lock|gems\.rb|gems\.locked)$}
-        ]
-      end
       # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }

data/lib/dependabot/bundler/package/package_details_fetcher.rb CHANGED Viewed

@@ -138,38 +138,82 @@ module Dependabot
           # curl  -H "Accept: application/json" \
           #       -H "Authorization: Bearer <<TOKEN>>" \
           #       https://api.github.com/orgs/dsp-testing/packages/rubygems/json/version
+          validate_and_check_registry(registry_url)
+        end
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def validate_and_check_registry(registry_url)
           parsed_url = begin
             URI.parse(registry_url)
           rescue URI::InvalidURIError
             raise "Invalid registry URL: #{registry_url}"
           end
-          # Handle GitHub Package Registry
           return github_packages_versions(registry_url) if parsed_url.host == "rubygems.pkg.github.com"
+          fetch_and_process_rubygems_response(registry_url)
+        end
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def fetch_and_process_rubygems_response(registry_url)
           response = registry_json_response_for_dependency(registry_url)
           unless response.status == 200
-            error_details = "Status: #{response.status}"
-            error_message = "Failed to fetch versions for '#{dependency.name}' from '#{registry_url}'. #{error_details}"
-            Dependabot.logger.info(error_message)
+            error_msg = "Failed to fetch versions for '#{dependency.name}' from '#{registry_url}'. " \
+                        "Status: #{response.status}"
+            log_error(error_msg)
             return package_details([])
           end
-          registry_url = get_url_from_dependency(dependency) || "https://rubygems.org" # Get registry_url
+          return handle_empty_response(registry_url) if response.body.nil? || response.body.strip.empty?
-          package_releases = JSON.parse(response.body).map do |release|
-            gem_name_with_version = "#{@dependency.name}-#{release['number']}"
+          parse_rubygems_response(response, registry_url)
+        end
+        sig do
+          params(response: Excon::Response, registry_url: String)
+            .returns(Dependabot::Package::PackageDetails)
+        end
+        def parse_rubygems_response(response, registry_url)
+          parsed_response = JSON.parse(response.body)
+          unless parsed_response.is_a?(Array)
+            log_error("Unexpected response format for '#{dependency.name}' from '#{registry_url}'")
+            return package_details([])
+          end
+          package_releases = parsed_response.map do |release|
+            gem_name_with_version = "#{dependency.name}-#{release['number']}"
             package_release(
               version: release["number"],
               released_at: Time.parse(release["created_at"]),
-              downloads: release["downloads_count"],
+              downloads: release["downloads_count"] || 0,
               url: format(GEM_URL, registry_url, gem_name_with_version),
               ruby_version: release["ruby_version"]
             )
           end
           package_details(package_releases)
+        rescue JSON::ParserError
+          log_error("Failed to parse JSON response for '#{dependency.name}' from '#{registry_url}'")
+          package_details([])
+        rescue StandardError => e
+          error_msg = "Unexpected error processing response for '#{dependency.name}' from " \
+                      "'#{registry_url}': #{e.message}"
+          log_error(error_msg)
+          package_details([])
+        end
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def handle_empty_response(registry_url)
+          log_error("Empty response body for '#{dependency.name}' from '#{registry_url}'")
+          package_details([])
+        end
+        sig { params(message: String).void }
+        def log_error(message)
+          Dependabot.logger.info(message)
         end
         sig { params(dependency: T.untyped).returns(T.nilable(String)) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.340.0
+  version: 0.342.1
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.340.0
+        version: 0.342.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.340.0
+        version: 0.342.1
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.340.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.342.1
 rdoc_options: []
 require_paths:
 - lib