dependabot-bundler 0.138.7 → 0.139.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v2/run.rb +1 -1
  3. data/lib/dependabot/bundler/helpers.rb +23 -9
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b879a336288560d831472f3d6163c9fc391159001388ce2b1454154af3b7e026
4
- data.tar.gz: cd9f4ca835e065ba322f6edf43830954714396e2e33a292cbdb0ca8defe776bb
3
+ metadata.gz: 3c54dffe91f0389e710f63d92516f50b80d33c39f16ac16e5bf5d69dbf743cad
4
+ data.tar.gz: 2deecb17658d7f9f3833d54ae8359d1c177bd4840c771dd3eae175b455baec45
5
5
  SHA512:
6
- metadata.gz: e688088af198726160d18a81d649ced5627ac3311b80449698d1854ca656d9bf411f792553a99ad9cc45b012af97df82c5cac0753bed375c5a4009867759df3e
7
- data.tar.gz: aa6730e552463a32bef72bc0ceb7209ead39f327994b547fb3345a167cbbf7f7cc0c10a8e5f756b2d2ec41e7227e11fffef60e716bb158e7e40025c77fa1a39a
6
+ metadata.gz: e25cba7a7f5d7f1c234a431b5a2aa7539a99e50c2e6865b659d0aeb82cbd9a69a7ef0d32ec2fe1d552f154ea8482270ca7899a7989b3ef72509c6d699d065827
7
+ data.tar.gz: 3e4cb3481a025eda7bb85440dfcef2d12a1dd5413176555953c695c9bdb03371c196d7432d7e9ec23ed16b2c19a3261dccfc1fc0ed0713ec50a56537b2ebeca6
data/helpers/v2/run.rb CHANGED
@@ -11,7 +11,7 @@ require "git_source_patch"
11
11
 
12
12
  require "functions"
13
13
 
14
- MIN_BUNDLER_VERSION = "2.0.0"
14
+ MIN_BUNDLER_VERSION = "2.1.0"
15
15
 
16
16
  def validate_bundler_version!
17
17
  return true if correct_bundler_version?
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -5,23 +5,37 @@ module Dependabot
5
5
  module Helpers
6
6
  V1 = "1"
7
7
  V2 = "2"
8
+ # If we are updating a project with no Gemfile.lock, we default to the
9
+ # newest version we support
10
+ DEFAULT = V2
11
+ # If we are updating a project with a Gemfile.lock that does not specify
12
+ # the version it was bundled with, with failover to V1 on the assumption
13
+ # it was created with an old version that didn't add this information
14
+ FAILOVER = V1
8
15
 
9
- # NOTE: options is a manditory argument to ensure we pass it from all calling classes
10
- def self.bundler_version(_lockfile, options:)
11
- # For now, force V2 if bundler_2_available
12
- return V2 if options[:bundler_2_available]
16
+ BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m.freeze
13
17
 
14
- # TODO: Add support for bundler v2 based on lockfile
15
- # return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
18
+ # NOTE: options is a manditory argument to ensure we pass it from all calling classes
19
+ def self.bundler_version(lockfile, options:)
20
+ # TODO: Remove once bundler 2 is fully supported
21
+ return V1 unless options[:bundler_2_available]
22
+ return DEFAULT unless lockfile
16
23
 
17
- V1
24
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
25
+ matches[:version].to_i >= 2 ? V2 : V1
26
+ else
27
+ FAILOVER
28
+ end
18
29
  end
19
30
 
20
31
  def self.detected_bundler_version(lockfile)
21
32
  return "unknown" unless lockfile
22
- return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
23
33
 
24
- V1
34
+ if (matches = lockfile.content.match(BUNDLER_MAJOR_VERSION_REGEX))
35
+ matches[:version]
36
+ else
37
+ FAILOVER
38
+ end
25
39
  end
26
40
  end
27
41
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.138.7
4
+ version: 0.139.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.138.7
19
+ version: 0.139.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.138.7
26
+ version: 0.139.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement