dependabot-bundler 0.341.0 → 0.342.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58ed8e55f8d95b807386d3c76be69e0e84c3a44be4d3f6f32b6c20cfa564fbee
-  data.tar.gz: b0f4f5f1e9a6ceaefbd6f728c042d71d16bc66147bde3642215ffb64e107d380
+  metadata.gz: '0248fccb7c2e427b91ee21701164b49214161bb83fbefc5aa9c9e42952c568b4'
+  data.tar.gz: 26550eae8dd5e1a2d89309a16b51437ec33f213c645ecf8a7636af5c756ac3f4
 SHA512:
-  metadata.gz: ea749197721a2eecacdf32db57777eeb5cc752ce3ba2ccf74002dd73fb9333c4aa3602fa55158534505925f42bca555fdc67ad5abc612c7f495e6cc807bfea03
-  data.tar.gz: 1908d2203bf2f196832725079030b8704c88d51d9fec7a7a24c9f57e0a57fab4564a518069cc3c2a4a6aec8751d616278456513fef8007ae44e04bf3212c19d5
+  metadata.gz: 1dd5441e3f389ecceaf441fd4efcd1eb09a80eae030ee4688c9fec5b3eb820fa5107109cfc88e09a6a8bac581b2f6b457550715e9f26a0a8dd60e29059e1b593
+  data.tar.gz: '0693c436743e2fb012bdd559d0af5893c386940920894975a84a731c7aa89d138fab157e3533d7561d68962b9eea2e5ca77452b4f767701f7ee240513bae0db6'

data/lib/dependabot/bundler/package/package_details_fetcher.rb

@@ -138,38 +138,82 @@ module Dependabot
           # curl  -H "Accept: application/json" \
           #       -H "Authorization: Bearer <<TOKEN>>" \
           #       https://api.github.com/orgs/dsp-testing/packages/rubygems/json/version
+
+          validate_and_check_registry(registry_url)
+        end
+
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def validate_and_check_registry(registry_url)
           parsed_url = begin
             URI.parse(registry_url)
           rescue URI::InvalidURIError
             raise "Invalid registry URL: #{registry_url}"
           end
 
-          # Handle GitHub Package Registry
           return github_packages_versions(registry_url) if parsed_url.host == "rubygems.pkg.github.com"
 
+          fetch_and_process_rubygems_response(registry_url)
+        end
+
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def fetch_and_process_rubygems_response(registry_url)
           response = registry_json_response_for_dependency(registry_url)
 
           unless response.status == 200
-            error_details = "Status: #{response.status}"
-            error_message = "Failed to fetch versions for '#{dependency.name}' from '#{registry_url}'. #{error_details}"
-            Dependabot.logger.info(error_message)
+            error_msg = "Failed to fetch versions for '#{dependency.name}' from '#{registry_url}'. " \
+                        "Status: #{response.status}"
+            log_error(error_msg)
             return package_details([])
           end
 
-          registry_url = get_url_from_dependency(dependency) || "https://rubygems.org" # Get registry_url
+          return handle_empty_response(registry_url) if response.body.nil? || response.body.strip.empty?
 
-          package_releases = JSON.parse(response.body).map do |release|
-            gem_name_with_version = "#{@dependency.name}-#{release['number']}"
+          parse_rubygems_response(response, registry_url)
+        end
+
+        sig do
+          params(response: Excon::Response, registry_url: String)
+            .returns(Dependabot::Package::PackageDetails)
+        end
+        def parse_rubygems_response(response, registry_url)
+          parsed_response = JSON.parse(response.body)
+
+          unless parsed_response.is_a?(Array)
+            log_error("Unexpected response format for '#{dependency.name}' from '#{registry_url}'")
+            return package_details([])
+          end
+
+          package_releases = parsed_response.map do |release|
+            gem_name_with_version = "#{dependency.name}-#{release['number']}"
             package_release(
               version: release["number"],
               released_at: Time.parse(release["created_at"]),
-              downloads: release["downloads_count"],
+              downloads: release["downloads_count"] || 0,
               url: format(GEM_URL, registry_url, gem_name_with_version),
               ruby_version: release["ruby_version"]
             )
           end
 
           package_details(package_releases)
+        rescue JSON::ParserError
+          log_error("Failed to parse JSON response for '#{dependency.name}' from '#{registry_url}'")
+          package_details([])
+        rescue StandardError => e
+          error_msg = "Unexpected error processing response for '#{dependency.name}' from " \
+                      "'#{registry_url}': #{e.message}"
+          log_error(error_msg)
+          package_details([])
+        end
+
+        sig { params(registry_url: String).returns(Dependabot::Package::PackageDetails) }
+        def handle_empty_response(registry_url)
+          log_error("Empty response body for '#{dependency.name}' from '#{registry_url}'")
+          package_details([])
+        end
+
+        sig { params(message: String).void }
+        def log_error(message)
+          Dependabot.logger.info(message)
         end
 
         sig { params(dependency: T.untyped).returns(T.nilable(String)) }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.341.0
+  version: 0.342.2
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.341.0
+        version: 0.342.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.341.0
+        version: 0.342.2
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.341.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.342.2
 rdoc_options: []
 require_paths:
 - lib