RubyGems - dependabot-bundler - Versions diffs - 0.154.3 → 0.154.4 - Mend

dependabot-bundler 0.154.3 → 0.154.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/v2/spec/functions_spec.rb +33 -0
data/lib/dependabot/bundler/update_checker/latest_version_finder.rb +3 -6
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +4 -1
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3018dfbdcf3fea39c0b5fc045057bd6ed3a8ac737ae6b6d401b9167d25fcb4d6
-  data.tar.gz: '016299a100e9fd8508f771c8681531aa7f1eaf04ed2596ad47cef8727fc3dc10'
+  metadata.gz: db9d3b38b9de6ef0b765e7cbec3928e84e8bad183050d6ee2823320cb77ec5c2
+  data.tar.gz: 25113301bb42ea306542906e45a6c4b184d6496d429f7796299174f493ebef71
 SHA512:
-  metadata.gz: 7e9774e9bc9d5ca0c6a24108ba31719183018f4922ba2d33d0b0156284023e3059afb58c7985ea470d3038544dbb127f5d759615d0fa4c5eebd4080fb5b64dcb
-  data.tar.gz: ebc2bab0725f9c4194ac8db332d1ab53ba3e1abb44b062d5bfc28e797cf0bab146f7f0383fe91b23c7198d01545aa34b026f545d4823917b9d570a5bb876dcf9
+  metadata.gz: 49e53c4d9b41658f0f4c162f97c5f4ba963bdb864f1263bd858dafd9b8c08113cd6ec910eb694ec8b755e17195e135ad04037fbafdf1570f41f031a3203ce51b
+  data.tar.gz: f534780eec5ec4645bd3036365a8b80152b92043de14964461e1366d734469a3cc61919f101774cf00c4287e9c950f751e114cc7e50a640aa7ba0f1b1318b5d0

data/helpers/v2/spec/functions_spec.rb CHANGED Viewed

@@ -21,4 +21,37 @@ RSpec.describe Functions do
       end
     end
   end
+  describe "#git_specs" do
+    let(:project_name) { "git_source" }
+    subject(:git_specs) do
+      in_tmp_folder do
+        Functions.git_specs(
+          dir: tmp_path,
+          gemfile_name: "Gemfile",
+          credentials: {}
+        )
+      end
+    end
+    def expect_specs(count)
+      expect(git_specs.size).to eq(count)
+      git_specs.each do |gs|
+        uri = URI.parse(gs[:auth_uri])
+        expect(uri.scheme).to(satisfy { |s| %w(http https).include?(s) })
+      end
+    end
+    it "returns git specs" do
+      expect_specs(4)
+    end
+    context "with github shorthand" do
+      let(:project_name) { "github_source" }
+      it "returns git specs" do
+        expect_specs(1)
+      end
+    end
+  end
 end

data/lib/dependabot/bundler/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -3,6 +3,7 @@
 require "excon"
 require "dependabot/bundler/update_checker"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/bundler/requirement"
 require "dependabot/shared_helpers"
 require "dependabot/errors"
@@ -55,7 +56,8 @@ module Dependabot
           relevant_versions = dependency_source.versions
           relevant_versions = filter_prerelease_versions(relevant_versions)
-          relevant_versions = filter_vulnerable_versions(relevant_versions)
+          relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
+                                                                                                    security_advisories)
           relevant_versions = filter_ignored_versions(relevant_versions)
           relevant_versions = filter_lower_versions(relevant_versions)
@@ -78,11 +80,6 @@ module Dependabot
           filtered
         end
-        def filter_vulnerable_versions(versions_array)
-          versions_array.
-            reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
-        end
         def filter_lower_versions(versions_array)
           return versions_array unless dependency.version && Gem::Version.correct?(dependency.version)

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -174,8 +174,11 @@ module Dependabot
               }
             )
             git_specs.reject do |spec|
+              uri = URI.parse(spec.fetch("auth_uri"))
+              next false unless %w(http https).include?(uri.scheme)
               Excon.get(
-                spec.fetch("auth_uri"),
+                uri.to_s,
                 idempotent: true,
                 **SharedHelpers.excon_defaults
               ).status == 200

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.154.3
+  version: 0.154.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-21 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement