dependabot-bundler 0.138.2 → 0.138.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2eb2653cea8a396b9d65f20ea24e8680bdcb0909c2e28ad045beca904f2a984b
-  data.tar.gz: d7ffc19ecc9db88a04e5222f132e18f94f353eb806ef454d0e958c531531dbd5
+  metadata.gz: 6fe43d8a687e3405df9f2704529fe54f9e79cdb75b6246d43a32e32e5a7b1928
+  data.tar.gz: 67b1b3afd35f559613e57f6ef2a26ef9ee0c50910072b40c5d9ac412b830ed91
 SHA512:
-  metadata.gz: 28ea0b95452a1c7bc2cf7fe5d3c211c678a89d5b062f7184dc23fd06dd5f8df8a61ccd9e66abb3a807fc10958f74623245ef4809830600a44ce6472095ce369a
-  data.tar.gz: 46c21b5dbc8ddaac57a40c1a6e48c16427562c829d6b29879a5b1b6d77b9d3c16ebdef515ef32c6f71d4c57c4feeed57ff22ee7f78a6839991e3444cefd44181
+  metadata.gz: 55bd706fffed2c9caa866237eea57fde3f91a83f465014865dacf2252094ad31e9098d0894c9b85da77f08e5ae0941f8a74ca1f1cfecec447775aa20541bcfae
+  data.tar.gz: 563832a40283d4c9f29175b0cddc850ac88e461e65905e255f94234aee9c913690525016a2d12cbfdedb17f4d5c0873214863b324207277bbfc80bccee7c7f8f

data/helpers/v1/build

@@ -21,4 +21,5 @@ cd "$install_dir"
 
 # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
 # forcing native helpers to run with the same version
-BUNDLER_VERSION=1 bundle install --without test
+BUNDLER_VERSION=1 bundle config set --local without "test"
+BUNDLER_VERSION=1 bundle install

data/helpers/v1/run.rb

@@ -11,11 +11,25 @@ require "git_source_patch"
 
 require "functions"
 
+MAX_BUNDLER_VERSION="2.0.0"
+
+def validate_bundler_version!
+  return true if correct_bundler_version?
+
+  raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
+end
+
+def correct_bundler_version?
+  Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
+end
+
 def output(obj)
   print JSON.dump(obj)
 end
 
 begin
+  validate_bundler_version!
+
   request = JSON.parse($stdin.read)
 
   function = request["function"]

data/helpers/v2/build

@@ -20,4 +20,5 @@ cd "$install_dir"
 # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
 # forcing specs and native helpers to run with the same version
 BUNDLER_VERSION=2 bundle config set --local path ".bundle"
-BUNDLER_VERSION=2 bundle install --without test
+BUNDLER_VERSION=2 bundle config set --local without "test"
+BUNDLER_VERSION=2 bundle install

data/helpers/v2/lib/functions.rb

@@ -1,4 +1,5 @@
 require "functions/file_parser"
+require "functions/conflicting_dependency_resolver"
 
 module Functions
   class NotImplementedError < StandardError; end
@@ -110,6 +111,12 @@ module Functions
 
   def self.conflicting_dependencies(dir:, dependency_name:, target_version:,
                                     lockfile_name:, using_bundler2:, credentials:)
-    raise NotImplementedError, "Bundler 2 adapter does not yet implement #{__method__}"
+    set_bundler_flags_and_credentials(dir: dir, credentials: credentials,
+                                      using_bundler2: using_bundler2)
+    ConflictingDependencyResolver.new(
+      dependency_name: dependency_name,
+      target_version: target_version,
+      lockfile_name: lockfile_name
+    ).conflicting_dependencies
   end
 end

data/helpers/v2/lib/functions/conflicting_dependency_resolver.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module Functions
+  class ConflictingDependencyResolver
+    def initialize(dependency_name:, target_version:, lockfile_name:)
+      @dependency_name = dependency_name
+      @target_version = target_version
+      @lockfile_name = lockfile_name
+    end
+
+    # Finds any dependencies in the lockfile that have a subdependency on the
+    # given dependency that does not satisfly the target_version.
+    # @return [Array<Hash{String => String}]
+    #   * explanation [String] a sentence explaining the conflict
+    #   * name [String] the blocking dependencies name
+    #   * version [String] the version of the blocking dependency
+    #   * requirement [String] the requirement on the target_dependency
+    def conflicting_dependencies
+      Bundler.settings.set_command_option("only_update_to_newer_versions", true)
+
+      parent_specs.flat_map do |parent_spec|
+        top_level_specs_for(parent_spec).map do |top_level|
+          dependency = parent_spec.dependencies.find { |bd| bd.name == dependency_name }
+          {
+            "explanation" => explanation(parent_spec, dependency, top_level),
+            "name" => parent_spec.name,
+            "version" => parent_spec.version.to_s,
+            "requirement" => dependency.requirement.to_s
+          }
+        end
+      end
+    end
+
+    private
+
+    attr_reader :dependency_name, :target_version, :lockfile_name
+
+    def parent_specs
+      version = Gem::Version.new(target_version)
+      parsed_lockfile.specs.filter do |spec|
+        spec.dependencies.any? do |dep|
+          dep.name == dependency_name &&
+            !dep.requirement.satisfied_by?(version)
+        end
+      end
+    end
+
+    def top_level_specs_for(parent_spec)
+      return [parent_spec] if top_level?(parent_spec)
+
+      parsed_lockfile.specs.filter do |spec|
+        spec.dependencies.any? do |dep|
+          dep.name == parent_spec.name && top_level?(spec)
+        end
+      end
+    end
+
+    def top_level?(spec)
+      parsed_lockfile.dependencies.key?(spec.name)
+    end
+
+    def explanation(spec, dependency, top_level)
+      if spec.name == top_level.name
+        "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
+      else
+        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} "\
+          "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
+      end
+    end
+
+    def parsed_lockfile
+      @parsed_lockfile ||= Bundler::LockfileParser.new(lockfile)
+    end
+
+    def lockfile
+      return @lockfile if defined?(@lockfile)
+
+      @lockfile =
+        begin
+          return unless lockfile_name && File.exist?(lockfile_name)
+
+          File.read(lockfile_name)
+        end
+    end
+  end
+end

data/helpers/v2/run.rb

@@ -11,11 +11,25 @@ require "git_source_patch"
 
 require "functions"
 
+MIN_BUNDLER_VERSION = "2.0.0"
+
+def validate_bundler_version!
+  return true if correct_bundler_version?
+
+  raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
+end
+
+def correct_bundler_version?
+  Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
+end
+
 def output(obj)
   print JSON.dump(obj)
 end
 
 begin
+  validate_bundler_version!
+
   request = JSON.parse($stdin.read)
 
   function = request["function"]

data/helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require "native_spec_helper"
+require "shared_contexts"
+
+RSpec.describe Functions::ConflictingDependencyResolver do
+  include_context "in a temporary bundler directory"
+
+  let(:conflicting_dependency_resolver) do
+    described_class.new(
+      dependency_name: dependency_name,
+      target_version: target_version,
+      lockfile_name: "Gemfile.lock"
+    )
+  end
+
+  let(:dependency_name) { "dummy-pkg-a" }
+  let(:target_version) { "2.0.0" }
+
+  let(:project_name) { "blocked_by_subdep" }
+
+  describe "#conflicting_dependencies" do
+    subject(:conflicting_dependencies) do
+      in_tmp_folder { conflicting_dependency_resolver.conflicting_dependencies }
+    end
+
+    it "returns a list of dependencies that block the update" do
+      expect(conflicting_dependencies).to eq(
+        [{
+          "explanation" => "dummy-pkg-b (1.0.0) requires dummy-pkg-a (< 2.0.0)",
+          "name" => "dummy-pkg-b",
+          "version" => "1.0.0",
+          "requirement" => "< 2.0.0"
+        }]
+      )
+    end
+
+    context "for nested transitive dependencies" do
+      let(:project_name) { "transitive_blocking" }
+      let(:dependency_name) { "activesupport" }
+      let(:target_version) { "6.0.0" }
+
+      it "returns a list of dependencies that block the update" do
+        expect(conflicting_dependencies).to match_array(
+          [
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0)",
+              "name" => "rails",
+              "requirement" => "= 5.2.0",
+              "version" => "5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionpack (5.2.0)",
+              "name" => "actionpack",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via actionview (5.2.0)",
+              "name" => "actionview",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activejob (5.2.0)",
+              "name" => "activejob",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activemodel (5.2.0)",
+              "name" => "activemodel",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via activerecord (5.2.0)",
+              "name" => "activerecord",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            },
+            {
+              "explanation" => "rails (5.2.0) requires activesupport (= 5.2.0) via railties (5.2.0)",
+              "name" => "railties",
+              "version" => "5.2.0",
+              "requirement" => "= 5.2.0"
+            }
+          ]
+        )
+      end
+    end
+
+    context "with multiple blocking dependencies" do
+      let(:dependency_name) { "activesupport" }
+      let(:current_version) { "5.0.0" }
+      let(:target_version) { "6.0.0" }
+      let(:project_name) { "multiple_blocking" }
+
+      it "returns all of the blocking dependencies" do
+        expect(conflicting_dependencies).to match_array(
+          [
+            {
+              "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via actionpack (5.0.0)",
+              "name" => "actionpack",
+              "version" => "5.0.0",
+              "requirement" => "= 5.0.0"
+            },
+            {
+              "explanation" => "actionview (5.0.0) requires activesupport (= 5.0.0)",
+              "name" => "actionview",
+              "version" => "5.0.0",
+              "requirement" => "= 5.0.0"
+            },
+            {
+              "explanation" => "actionmailer (5.0.0) requires activesupport (= 5.0.0) via activejob (5.0.0)",
+              "name" => "activejob",
+              "version" => "5.0.0",
+              "requirement" => "= 5.0.0"
+            }
+          ]
+        )
+      end
+    end
+
+    context "without any blocking dependencies" do
+      let(:target_version) { "1.0.0" }
+
+      it "returns an empty list" do
+        expect(conflicting_dependencies).to eq([])
+      end
+    end
+  end
+end

data/helpers/v2/spec/functions_spec.rb

@@ -17,7 +17,6 @@ RSpec.describe Functions do
                       :dir, :credentials],
     jfrog_source: [:dir, :gemfile_name, :credentials, :using_bundler2],
     git_specs: [:dir, :gemfile_name, :credentials, :using_bundler2],
-    conflicting_dependencies: [:dir, :dependency_name, :target_version, :lockfile_name, :using_bundler2, :credentials]
   }.each do |function, kwargs|
     describe "::#{function}" do
       let(:args) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.138.2
+  version: 0.138.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-23 00:00:00.000000000 Z
+date: 2021-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.2
+        version: 0.138.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.138.2
+        version: 0.138.3
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -210,11 +210,13 @@ files:
 - helpers/v2/Gemfile
 - helpers/v2/build
 - helpers/v2/lib/functions.rb
+- helpers/v2/lib/functions/conflicting_dependency_resolver.rb
 - helpers/v2/lib/functions/file_parser.rb
 - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
 - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
 - helpers/v2/monkey_patches/git_source_patch.rb
 - helpers/v2/run.rb
+- helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
 - helpers/v2/spec/functions/file_parser_spec.rb
 - helpers/v2/spec/functions_spec.rb
 - helpers/v2/spec/native_spec_helper.rb