dependabot-bundler 0.153.0 → 0.154.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec91f10e65aef27d7201abd0c2bf2bc1572c2d58df66cf2b45ea8d6d33763e3f
-  data.tar.gz: 73cdc686c5e9e46c4415d55a2121c67c02357baf3d47da58fe1df3f1851ab3c6
+  metadata.gz: 5d3ee8258077d3709596e54c3cd01ef8dd994491f4a169adc14d740affa31ebb
+  data.tar.gz: fd867994910ef8b5683d9678ad56b43116a1a163a1f861154b638c7092f4e1bc
 SHA512:
-  metadata.gz: 043c8707e4111cf0c824c99d2390c852a40a998aad11cafe2e6fe34a1f2c234a7644f90d2790911c35ec03721389a897b6f976a5eb32568dd443bde8f2381491
-  data.tar.gz: 66e8c805e2146d22f56aa7b8f4a9740308ec27b488bf9c7b352a68f11fa3f128a76dba712f0d6f8910fa5f8e111f8bfc2c2ae788d7726927c51721da2cda851d
+  metadata.gz: a95ee6127330d8e867cca4a84b88beb808757a0cbf8cd08a2888797e025fa04863ce8f91a8cf4df49361fc498740d6bcaf4826dfb30ea4cf344cb439f4ae06ba
+  data.tar.gz: 88cbe52f19713ae20361a671d04128be49c12cbcd9907314f3df1f7286d8ff0c19505ca43dd35e0a6b936ee05df49510ffcc52588f55c93cac90f042a08cc1ea

data/helpers/v1/build

@@ -20,6 +20,6 @@ cd "$install_dir"
 
 # NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
 # forcing native helpers to run with the same version
-BUNDLER_VERSION=2 bundle config set --local path ".bundle"
+BUNDLER_VERSION=1 bundle config set --local path ".bundle"
 BUNDLER_VERSION=1 bundle config set --local without "test"
 BUNDLER_VERSION=1 bundle install

data/helpers/v1/lib/functions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "functions/file_parser"
 require "functions/force_updater"
 require "functions/lockfile_updater"
@@ -124,8 +126,6 @@ module Functions
     ).conflicting_dependencies
   end
 
-  private
-
   def self.set_bundler_flags_and_credentials(dir:, credentials:)
     dir = dir ? Pathname.new(dir) : dir
     Bundler.instance_variable_set(:@root, dir)

data/helpers/v1/lib/functions/dependency_source.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class DependencySource
     attr_reader :gemfile_name, :dependency_name
@@ -66,7 +68,7 @@ module Functions
       return @specified_source if defined? @specified_source
 
       @specified_source = definition.dependencies.
-        find { |dep| dep.name == dependency_name }&.source
+                          find { |dep| dep.name == dependency_name }&.source
     end
 
     def default_source

data/helpers/v1/lib/functions/file_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class FileParser
     def initialize(lockfile_name:)
@@ -39,7 +41,7 @@ module Functions
     end
 
     def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs.find { |s| s.name == dependency_name }&.source
+      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
     end
 
     def source_for(dependency)
@@ -54,12 +56,8 @@ module Functions
       return nil if default_rubygems?(source)
 
       details = { type: source.class.name.split("::").last.downcase }
-      if source.is_a?(Bundler::Source::Git)
-        details.merge!(git_source_details(source))
-      end
-      if source.is_a?(Bundler::Source::Rubygems)
-        details[:url] = source.remotes.first.to_s
-      end
+      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
+      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
       details
     end
 

data/helpers/v1/lib/functions/force_updater.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class ForceUpdater
     class TransitiveDependencyError < StandardError; end

data/helpers/v1/lib/functions/lockfile_updater.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 module Functions
   class LockfileUpdater
     RETRYABLE_ERRORS = [Bundler::HTTPError].freeze
     GEM_NOT_FOUND_ERROR_REGEX =
-    /
-      locked\sto\s(?<name>[^\s]+)\s\(|
-      not\sfind\s(?<name>[^\s]+)-\d|
-      has\s(?<name>[^\s]+)\slocked\sat
-    /x.freeze
+      /
+        locked\sto\s(?<name>[^\s]+)\s\(|
+        not\sfind\s(?<name>[^\s]+)-\d|
+        has\s(?<name>[^\s]+)\slocked\sat
+      /x.freeze
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
       @gemfile_name = gemfile_name
@@ -22,7 +24,7 @@ module Functions
 
     attr_reader :gemfile_name, :lockfile_name, :dependencies
 
-    def generate_lockfile
+    def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
       dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
 
       begin
@@ -135,7 +137,7 @@ module Functions
       raise unless error.message.match?(GEM_NOT_FOUND_ERROR_REGEX)
 
       gem_name = error.message.match(GEM_NOT_FOUND_ERROR_REGEX).
-                named_captures["name"]
+                 named_captures["name"]
       raise if dependencies_to_unlock.include?(gem_name)
 
       dependencies_to_unlock << gem_name
@@ -161,9 +163,7 @@ module Functions
         end.compact.map(&:name)
 
       # If there are specific dependencies we can unlock, unlock them
-      if potentials_deps.any?
-        return dependencies_to_unlock.append(*potentials_deps)
-      end
+      return dependencies_to_unlock.append(*potentials_deps) if potentials_deps.any?
 
       # Fall back to unlocking *all* sub-dependencies. This is required
       # because Bundler's VersionConflict objects don't include enough
@@ -205,7 +205,7 @@ module Functions
               defn_dep.source.is_a?(Bundler::Source::Git)
           defn_dep.source.unlock!
         elsif Gem::Version.correct?(dep.fetch("version"))
-          new_req = Gem::Requirement.create("= #{dep.fetch("version")}")
+          new_req = Gem::Requirement.create("= #{dep.fetch('version')}")
           old_reqs[dep.fetch("name")] = defn_dep.requirement
           defn_dep.instance_variable_set(:@requirement, new_req)
         end

data/helpers/v1/lib/functions/version_resolver.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class VersionResolver
     GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
@@ -20,9 +22,7 @@ module Functions
       # included in a gemspec, it's because the Gemfile didn't import
       # the gemspec. This is unusual, but the correct behaviour if/when
       # it happens is to behave as if the repo was gemspec-only.
-      if dep.nil? && dependency_requirements.any?
-        return "latest"
-      end
+      return "latest" if dep.nil? && dependency_requirements.any?
 
       # Otherwise, if the dependency wasn't found it's because it is a
       # subdependency that was removed when attempting to update it.
@@ -38,9 +38,7 @@ module Functions
         ruby_version: ruby_version,
         fetcher: fetcher_class(dep)
       }
-      if dep.source.instance_of?(::Bundler::Source::Git)
-        details[:commit_sha] = dep.source.revision
-      end
+      details[:commit_sha] = dep.source.revision if dep.source.instance_of?(::Bundler::Source::Git)
       details
     end
 
@@ -92,7 +90,7 @@ module Functions
     end
 
     def build_definition(dependencies_to_unlock)
-      # Note: we lock shared dependencies to avoid any top-level
+      # NOTE: we lock shared dependencies to avoid any top-level
       # dependencies getting unlocked (which would happen if they were
       # also subdependencies of the dependency being unlocked)
       ::Bundler::Definition.build(

data/helpers/v1/monkey_patches/git_source_patch.rb

@@ -41,9 +41,7 @@ module Bundler
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         reduced_load_paths.each { |p| $LOAD_PATH << p }
 
-        if destination.relative?
-          destination = destination.expand_path(Bundler.root)
-        end
+        destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|
           # Evaluate gemspecs and cache the result. Gemspecs
           # in git might require git or other dependencies.

data/helpers/v1/run.rb

@@ -13,7 +13,7 @@ require "git_source_patch"
 
 require "functions"
 
-MAX_BUNDLER_VERSION="2.0.0"
+MAX_BUNDLER_VERSION = "2.0.0"
 
 def validate_bundler_version!
   return true if correct_bundler_version?
@@ -38,9 +38,9 @@ begin
   args = request["args"].transform_keys(&:to_sym)
 
   output({ result: Functions.send(function, **args) })
-rescue => error
+rescue StandardError => e
   output(
-    { error: error.message, error_class: error.class, trace: error.backtrace }
+    { error: e.message, error_class: e.class, trace: e.backtrace }
   )
   exit(1)
 end

data/helpers/v1/spec/functions/dependency_source_spec.rb

@@ -40,10 +40,10 @@ RSpec.describe Functions::DependencySource do
 
     it "returns all versions from the private source" do
       is_expected.to eq([
-                          Gem::Version.new("1.5.0"),
-                          Gem::Version.new("1.9.0"),
-                          Gem::Version.new("1.10.0.beta")
-                        ])
+        Gem::Version.new("1.5.0"),
+        Gem::Version.new("1.9.0"),
+        Gem::Version.new("1.10.0.beta")
+      ])
     end
 
     context "specified as the default source" do
@@ -51,10 +51,10 @@ RSpec.describe Functions::DependencySource do
 
       it "returns all versions from the private source" do
         is_expected.to eq([
-                            Gem::Version.new("1.5.0"),
-                            Gem::Version.new("1.9.0"),
-                            Gem::Version.new("1.10.0.beta")
-                          ])
+          Gem::Version.new("1.5.0"),
+          Gem::Version.new("1.9.0"),
+          Gem::Version.new("1.10.0.beta")
+        ])
       end
     end
 

data/helpers/v1/spec/native_spec_helper.rb

@@ -36,9 +36,7 @@ def project_dependency_files(project)
     files = files.select { |f| File.file?(f) }
     files.map do |filename|
       content = File.read(filename)
-      if filename == "Gemfile.lock"
-        content = content.gsub(LOCKFILE_ENDING, "")
-      end
+      content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
       {
         name: filename,
         content: content

data/helpers/v2/build

@@ -18,7 +18,7 @@ cp -r \
 
 cd "$install_dir"
 
-# NOTE: Sets `BUNDLED WITH` to match the installed v1 version in Gemfile.lock
+# NOTE: Sets `BUNDLED WITH` to match the installed v2 version in Gemfile.lock
 # forcing specs and native helpers to run with the same version
 BUNDLER_VERSION=2 bundle config set --local path ".bundle"
 BUNDLER_VERSION=2 bundle config set --local without "test"

data/helpers/v2/lib/functions.rb

@@ -128,8 +128,6 @@ module Functions
     ).conflicting_dependencies
   end
 
-  private
-
   def self.set_bundler_flags_and_credentials(dir:, credentials:)
     dir = dir ? Pathname.new(dir) : dir
     Bundler.instance_variable_set(:@root, dir)

data/helpers/v2/lib/functions/dependency_source.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class DependencySource
     attr_reader :gemfile_name, :dependency_name
@@ -66,7 +68,7 @@ module Functions
       return @specified_source if defined? @specified_source
 
       @specified_source = definition.dependencies.
-        find { |dep| dep.name == dependency_name }&.source
+                          find { |dep| dep.name == dependency_name }&.source
     end
 
     def default_source

data/helpers/v2/lib/functions/file_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class FileParser
     def initialize(lockfile_name:)
@@ -39,7 +41,7 @@ module Functions
     end
 
     def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs.find { |s| s.name == dependency_name }&.source
+      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
     end
 
     def source_for(dependency)
@@ -54,12 +56,8 @@ module Functions
       return nil if default_rubygems?(source)
 
       details = { type: source.class.name.split("::").last.downcase }
-      if source.is_a?(Bundler::Source::Git)
-        details.merge!(git_source_details(source))
-      end
-      if source.is_a?(Bundler::Source::Rubygems)
-        details[:url] = source.remotes.first.to_s
-      end
+      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
+      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
       details
     end
 

data/helpers/v2/lib/functions/force_updater.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class ForceUpdater
     class TransitiveDependencyError < StandardError; end

data/helpers/v2/lib/functions/lockfile_updater.rb

@@ -9,6 +9,7 @@ module Functions
         not\sfind\s(?<name>[^\s]+)-\d|
         has\s(?<name>[^\s]+)\slocked\sat
       /x.freeze
+      DEPENDENCY_DROPPED = "_dependency_dropped_"
 
     def initialize(gemfile_name:, lockfile_name:, dependencies:)
       @gemfile_name = gemfile_name
@@ -24,7 +25,7 @@ module Functions
 
     attr_reader :gemfile_name, :lockfile_name, :dependencies
 
-    def generate_lockfile
+    def generate_lockfile # rubocop:disable Metrics/PerceivedComplexity
       dependencies_to_unlock = dependencies.map { |d| d.fetch("name") }
 
       begin
@@ -36,7 +37,7 @@ module Functions
 
         old_reqs.each do |dep_name, old_req|
           d_dep = definition.dependencies.find { |d| d.name == dep_name }
-          if old_req == :none then definition.dependencies.delete(d_dep)
+          if old_req.to_s == DEPENDENCY_DROPPED then definition.dependencies.delete(d_dep)
           else
             d_dep.instance_variable_set(:@requirement, old_req)
           end
@@ -200,7 +201,7 @@ module Functions
         if defn_dep.nil?
           definition.dependencies <<
             Bundler::Dependency.new(dep.fetch("name"), dep.fetch("version"))
-          old_reqs[dep.fetch("name")] = :none
+          old_reqs[dep.fetch("name")] = DEPENDENCY_DROPPED
         elsif git_dependency?(dep) &&
               defn_dep.source.is_a?(Bundler::Source::Git)
           defn_dep.source.unlock!

data/helpers/v2/lib/functions/version_resolver.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Functions
   class VersionResolver
     GEM_NOT_FOUND_ERROR_REGEX = /locked to (?<name>[^\s]+) \(/.freeze
@@ -20,9 +22,7 @@ module Functions
       # included in a gemspec, it's because the Gemfile didn't import
       # the gemspec. This is unusual, but the correct behaviour if/when
       # it happens is to behave as if the repo was gemspec-only.
-      if dep.nil? && dependency_requirements.any?
-        return "latest"
-      end
+      return "latest" if dep.nil? && dependency_requirements.any?
 
       # Otherwise, if the dependency wasn't found it's because it is a
       # subdependency that was removed when attempting to update it.
@@ -38,9 +38,7 @@ module Functions
         ruby_version: ruby_version,
         fetcher: fetcher_class(dep)
       }
-      if dep.source.instance_of?(::Bundler::Source::Git)
-        details[:commit_sha] = dep.source.revision
-      end
+      details[:commit_sha] = dep.source.revision if dep.source.instance_of?(::Bundler::Source::Git)
       details
     end
 
@@ -92,7 +90,7 @@ module Functions
     end
 
     def build_definition(dependencies_to_unlock)
-      # Note: we lock shared dependencies to avoid any top-level
+      # NOTE: we lock shared dependencies to avoid any top-level
       # dependencies getting unlocked (which would happen if they were
       # also subdependencies of the dependency being unlocked)
       ::Bundler::Definition.build(

data/helpers/v2/monkey_patches/git_source_patch.rb

@@ -40,9 +40,7 @@ module Bundler
         $LOAD_PATH.shift until $LOAD_PATH.empty?
         reduced_load_paths.each { |p| $LOAD_PATH << p }
 
-        if destination.relative?
-          destination = destination.expand_path(Bundler.root)
-        end
+        destination = destination.expand_path(Bundler.root) if destination.relative?
         Dir["#{destination}/#{@glob}"].each do |spec_path|
           # Evaluate gemspecs and cache the result. Gemspecs
           # in git might require git or other dependencies.

data/helpers/v2/run.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "bundler"
 require "json"
 
@@ -36,9 +38,9 @@ begin
   args = request["args"].transform_keys(&:to_sym)
 
   output({ result: Functions.send(function, **args) })
-rescue => error
+rescue StandardError => e
   output(
-    { error: error.message, error_class: error.class, trace: error.backtrace }
+    { error: e.message, error_class: e.class, trace: e.backtrace }
   )
   exit(1)
 end

data/helpers/v2/spec/functions/dependency_source_spec.rb

@@ -40,10 +40,10 @@ RSpec.describe Functions::DependencySource do
 
     it "returns all versions from the private source" do
       is_expected.to eq([
-                          Gem::Version.new("1.5.0"),
-                          Gem::Version.new("1.9.0"),
-                          Gem::Version.new("1.10.0.beta")
-                        ])
+        Gem::Version.new("1.5.0"),
+        Gem::Version.new("1.9.0"),
+        Gem::Version.new("1.10.0.beta")
+      ])
     end
 
     context "specified as the default source" do
@@ -51,10 +51,10 @@ RSpec.describe Functions::DependencySource do
 
       it "returns all versions from the private source" do
         is_expected.to eq([
-                            Gem::Version.new("1.5.0"),
-                            Gem::Version.new("1.9.0"),
-                            Gem::Version.new("1.10.0.beta")
-                          ])
+          Gem::Version.new("1.5.0"),
+          Gem::Version.new("1.9.0"),
+          Gem::Version.new("1.10.0.beta")
+        ])
       end
     end
 

data/helpers/v2/spec/functions/file_parser_spec.rb

@@ -54,7 +54,7 @@ RSpec.describe Functions::FileParser do
               branch: "master",
               ref: "a1b78a9",
               type: "git",
-              url: "git@github.com:gocardless/business"
+              url: "git@github.com:dependabot-fixtures/business"
             },
             type: :runtime
           },
@@ -68,36 +68,36 @@ RSpec.describe Functions::FileParser do
           {
             groups: [:default],
             name: "prius",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "master",
               type: "git",
-              url: "https://github.com/gocardless/prius"
+              url: "https://github.com/dependabot-fixtures/prius"
             },
             type: :runtime
           },
           {
             groups: [:default],
             name: "que",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "v0.11.6",
               type: "git",
-              url: "git@github.com:chanks/que"
+              url: "git@github.com:dependabot-fixtures/que"
             },
             type: :runtime
           },
           {
             groups: [:default],
             name: "uk_phone_numbers",
-            requirement:  Gem::Requirement.new(">= 0"),
+            requirement: Gem::Requirement.new(">= 0"),
             source: {
               branch: "master",
               ref: "master",
               type: "git",
-              url: "http://github.com/gocardless/uk_phone_numbers"
+              url: "http://github.com/dependabot-fixtures/uk_phone_numbers"
             },
             type: :runtime
           }

data/helpers/v2/spec/functions_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Functions do
         jfrog_source = Functions.jfrog_source(
           dir: tmp_path,
           gemfile_name: "Gemfile",
-          credentials: {},
+          credentials: {}
         )
 
         expect(jfrog_source).to eq("test.jfrog.io")

data/helpers/v2/spec/native_spec_helper.rb

@@ -26,8 +26,7 @@ end
 LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m.freeze
 
 def project_dependency_files(project)
-  # TODO: Retrieve files from bundler2 folder once it is fully up to date
-  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler1", project))
+  project_path = File.expand_path(File.join("../../spec/fixtures/projects/bundler2", project))
 
   raise "Fixture does not exist for project: '#{project}'" unless Dir.exist?(project_path)
 
@@ -37,9 +36,7 @@ def project_dependency_files(project)
     files = files.select { |f| File.file?(f) }
     files.map do |filename|
       content = File.read(filename)
-      if filename == "Gemfile.lock"
-        content = content.gsub(LOCKFILE_ENDING, "")
-      end
+      content = content.gsub(LOCKFILE_ENDING, "") if filename == "Gemfile.lock"
       {
         name: filename,
         content: content

data/lib/dependabot/bundler/native_helpers.rb

@@ -17,7 +17,6 @@ module Dependabot
               # Bundler will pick the matching installed major version
               "BUNDLER_VERSION" => bundler_version,
               "BUNDLE_GEMFILE" => File.join(versioned_helper_path(bundler_version: bundler_version), "Gemfile"),
-              "BUNDLE_PATH" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle"),
               # Prevent the GEM_HOME from being set to a folder owned by root
               "GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_version), ".bundle")
             }
@@ -36,7 +35,7 @@ module Dependabot
       end
 
       def self.helper_path(bundler_version:)
-        "ruby #{File.join(versioned_helper_path(bundler_version: bundler_version), 'run.rb')}"
+        "bundle exec ruby #{File.join(versioned_helper_path(bundler_version: bundler_version), 'run.rb')}"
       end
 
       def self.native_helpers_root

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.153.0
+  version: 0.154.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-14 00:00:00.000000000 Z
+date: 2021-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement