dependabot-bundler 0.112.19 → 0.112.20

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +29 -10
  3. data/lib/dependabot/bundler/update_checker/force_updater.rb +36 -17
  4. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +29 -10
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3dd9b6a0ce64844325ff6e43f837b1a6ce4ccc9f843bf64bbcc06efeb333da8b
4
- data.tar.gz: 3efdf872c7e7e27ae8c23c47413de6fd81292225ce8aa3369b2bd40381aaa6b9
3
+ metadata.gz: f606162773138c8e9eb453a392a6c7b50805a4934fff477434489e8c9d6f4ffc
4
+ data.tar.gz: 03cf1dd48d07b30da272e3abadbb08e3a043fc2e924751d157c342baf3e5aca6
5
5
  SHA512:
6
- metadata.gz: 36a11f9a29b86f9deb25df425e87a6d81d43d6586530be2938d3d7bcfefbcb42ea9401a7b61a738c051c79488c8b85352217ce1304c5841ca7cdb6b312ec2100
7
- data.tar.gz: fdb938a5974f2c0d9533e8ca0742924165c18096bca9f79e21c73e40d166df7f5d54b14bc696cabcccd0d1df98a14510da850bf2c68d51a030109afa9a7b2eec
6
+ metadata.gz: daae91565ef2d5fdfb92b98e632d56dd3628514456181dedc9cce0385d096a02732e19c645173140cb9a8187f52526da67a676d6397f7d7abd43f94b466aac52
7
+ data.tar.gz: 3b68a388ab4686a17cd399936e5cf03159678ee3177a8d9bd7374b38a6965d82f48acc8742ba20855ca9a37bdffefd961ee44001509c3f74159db0f3d325d5f2
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED
@@ -80,16 +80,8 @@ module Dependabot
80
80
  ::Gem::Specification.all =
81
81
  ::Gem::Specification.send(:default_stubs, "*.gemspec")
82
82
 
83
- # Set auth details
84
- relevant_credentials.each do |cred|
85
- token = cred["token"] ||
86
- "#{cred['username']}:#{cred['password']}"
87
-
88
- ::Bundler.settings.set_command_option(
89
- cred.fetch("host"),
90
- token.gsub("@", "%40F").gsub("?", "%3F")
91
- )
92
- end
83
+ # Set flags and credentials
84
+ set_bundler_flags_and_credentials
93
85
 
94
86
  generate_lockfile
95
87
  end
@@ -422,12 +414,39 @@ module Dependabot
422
414
  dependency_files.select { |f| f.name.end_with?(".specification") }
423
415
  end
424
416
 
417
+ def set_bundler_flags_and_credentials
418
+ # Set auth details
419
+ relevant_credentials.each do |cred|
420
+ token = cred["token"] ||
421
+ "#{cred['username']}:#{cred['password']}"
422
+
423
+ ::Bundler.settings.set_command_option(
424
+ cred.fetch("host"),
425
+ token.gsub("@", "%40F").gsub("?", "%3F")
426
+ )
427
+ end
428
+
429
+ # Use HTTPS for GitHub if lockfile was generated by Bundler 2
430
+ set_bundler_2_flags if using_bundler_2?
431
+ end
432
+
433
+ def set_bundler_2_flags
434
+ ::Bundler.settings.set_command_option("forget_cli_options", "true")
435
+ ::Bundler.settings.set_command_option("github.https", "true")
436
+ end
437
+
425
438
  def git_dependency?(dep)
426
439
  GitCommitChecker.new(
427
440
  dependency: dep,
428
441
  credentials: credentials
429
442
  ).git_dependency?
430
443
  end
444
+
445
+ def using_bundler_2?
446
+ return unless lockfile
447
+
448
+ lockfile.content.match?(/BUNDLED WITH\s+2/m)
449
+ end
431
450
  end
432
451
  end
433
452
  end
data/lib/dependabot/bundler/update_checker/force_updater.rb CHANGED
@@ -82,23 +82,8 @@ module Dependabot
82
82
  ::Gem::Specification.all =
83
83
  ::Gem::Specification.send(:default_stubs, "*.gemspec")
84
84
 
85
- # Set auth details
86
- relevant_credentials.each do |cred|
87
- token = cred["token"] ||
88
- "#{cred['username']}:#{cred['password']}"
89
-
90
- ::Bundler.settings.set_command_option(
91
- cred.fetch("host"),
92
- token.gsub("@", "%40F").gsub("?", "%3F")
93
- )
94
- end
95
-
96
- # Only allow upgrades. Othewise it's unlikely that this
97
- # resolution will be found by the FileUpdater
98
- ::Bundler.settings.set_command_option(
99
- "only_update_to_newer_versions",
100
- true
101
- )
85
+ # Set flags and credentials
86
+ set_bundler_flags_and_credentials
102
87
 
103
88
  yield
104
89
  end
@@ -279,6 +264,34 @@ module Dependabot
279
264
  File.write(lockfile.name, sanitized_lockfile_body) if lockfile
280
265
  end
281
266
 
267
+ def set_bundler_flags_and_credentials
268
+ # Set auth details
269
+ relevant_credentials.each do |cred|
270
+ token = cred["token"] ||
271
+ "#{cred['username']}:#{cred['password']}"
272
+
273
+ ::Bundler.settings.set_command_option(
274
+ cred.fetch("host"),
275
+ token.gsub("@", "%40F").gsub("?", "%3F")
276
+ )
277
+ end
278
+
279
+ # Only allow upgrades. Othewise it's unlikely that this
280
+ # resolution will be found by the FileUpdater
281
+ ::Bundler.settings.set_command_option(
282
+ "only_update_to_newer_versions",
283
+ true
284
+ )
285
+
286
+ # Use HTTPS for GitHub if lockfile was generated by Bundler 2
287
+ set_bundler_2_flags if using_bundler_2?
288
+ end
289
+
290
+ def set_bundler_2_flags
291
+ ::Bundler.settings.set_command_option("forget_cli_options", "true")
292
+ ::Bundler.settings.set_command_option("github.https", "true")
293
+ end
294
+
282
295
  def relevant_credentials
283
296
  credentials.
284
297
  select { |cred| cred["password"] || cred["token"] }.
@@ -289,6 +302,12 @@ module Dependabot
289
302
  false
290
303
  end
291
304
  end
305
+
306
+ def using_bundler_2?
307
+ return unless lockfile
308
+
309
+ lockfile.content.match?(/BUNDLED WITH\s+2/m)
310
+ end
292
311
  end
293
312
  end
294
313
  end
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -47,16 +47,8 @@ module Dependabot
47
47
  ::Gem::Specification.all =
48
48
  ::Gem::Specification.send(:default_stubs, "*.gemspec")
49
49
 
50
- # Set auth details
51
- relevant_credentials.each do |cred|
52
- token = cred["token"] ||
53
- "#{cred['username']}:#{cred['password']}"
54
-
55
- ::Bundler.settings.set_command_option(
56
- cred.fetch("host"),
57
- token.gsub("@", "%40F").gsub("?", "%3F")
58
- )
59
- end
50
+ # Set flags and credentials
51
+ set_bundler_flags_and_credentials
60
52
 
61
53
  yield
62
54
  end
@@ -221,6 +213,27 @@ module Dependabot
221
213
  File.write(lockfile.name, sanitized_lockfile_body) if lockfile
222
214
  end
223
215
 
216
+ def set_bundler_flags_and_credentials
217
+ # Set auth details
218
+ relevant_credentials.each do |cred|
219
+ token = cred["token"] ||
220
+ "#{cred['username']}:#{cred['password']}"
221
+
222
+ ::Bundler.settings.set_command_option(
223
+ cred.fetch("host"),
224
+ token.gsub("@", "%40F").gsub("?", "%3F")
225
+ )
226
+ end
227
+
228
+ # Use HTTPS for GitHub if lockfile was generated by Bundler 2
229
+ set_bundler_2_flags if using_bundler_2?
230
+ end
231
+
232
+ def set_bundler_2_flags
233
+ ::Bundler.settings.set_command_option("forget_cli_options", "true")
234
+ ::Bundler.settings.set_command_option("github.https", "true")
235
+ end
236
+
224
237
  def relevant_credentials
225
238
  [
226
239
  *git_source_credentials,
@@ -253,6 +266,12 @@ module Dependabot
253
266
  re = FileUpdater::LockfileUpdater::LOCKFILE_ENDING
254
267
  lockfile.content.gsub(re, "")
255
268
  end
269
+
270
+ def using_bundler_2?
271
+ return unless lockfile
272
+
273
+ lockfile.content.match?(/BUNDLED WITH\s+2/m)
274
+ end
256
275
  end
257
276
  end
258
277
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.19
4
+ version: 0.112.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.19
19
+ version: 0.112.20
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.19
26
+ version: 0.112.20
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement