dependabot-bundler 0.164.1 → 0.165.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 31a9f34a69c90815aa74984227c2f27cac397dbd8abc4fe3bca14bb179f7401f
-  data.tar.gz: 14b4a59b645d3b59529a16fc110fc631e91643b08e8a5be42aff8c1a3ed3b6de
+  metadata.gz: 218f816762d901aa6fcaba4d136b78265732cbd17d757116664c8b3a705d5c8f
+  data.tar.gz: c3cdf83a8d4821bf784efee059459cb7031b10b73417abb6240a73e0ee93773c
 SHA512:
-  metadata.gz: 7dd7b6eabf78ac0c18c2555d39745e90328212f5bee4c003063763ba2d647f965a7cbc79f7cd35198fa8abad222eebe78ae0ff5f301c90b3891c1f5ce6401c10
-  data.tar.gz: cc0d02dd1e7fa6065106fbc3ecbe210f8734d6c1989badeede68b9166f9f05362fb5a83caca7c8f5d19f504b628599574921f89e515948ccfc0ac189ada2a94e
+  metadata.gz: 69df0390f761c7d580261008a007e9054805c867c383046a3206f1e5b7a5c49c39b8d346727be5128e21c22bf368cbbd11869589e0ac538aaa669413337ebac0
+  data.tar.gz: 1b7f800c8b40b2c3231ae3ee992d97d3b0422b859ad8acd66960cba2e747c8e1f5b188e41a6565857447b6d9164a856d0e4d38387236c0fcb896f4b1c486a305

data/helpers/v1/run.rb

@@ -6,6 +6,11 @@ require "json"
 $LOAD_PATH.unshift(File.expand_path("./lib", __dir__))
 $LOAD_PATH.unshift(File.expand_path("./monkey_patches", __dir__))
 
+trap "HUP" do
+  puts JSON.generate(error: "timeout", error_class: "Timeout::Error", trace: [])
+  exit 2
+end
+
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"

data/helpers/v2/run.rb

@@ -6,6 +6,11 @@ require "json"
 $LOAD_PATH.unshift(File.expand_path("./lib", __dir__))
 $LOAD_PATH.unshift(File.expand_path("./monkey_patches", __dir__))
 
+trap "HUP" do
+  puts JSON.generate(error: "timeout", error_class: "Timeout::Error", trace: [])
+  exit 2
+end
+
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"

data/lib/dependabot/bundler/file_parser.rb

@@ -145,6 +145,7 @@ module Dependabot
             NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "parsed_gemfile",
+              options: options,
               args: {
                 gemfile_name: gemfile.name,
                 lockfile_name: lockfile&.name,
@@ -175,6 +176,7 @@ module Dependabot
             NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "parsed_gemspec",
+              options: options,
               args: {
                 gemspec_name: file.name,
                 lockfile_name: lockfile&.name,

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb

@@ -69,6 +69,7 @@ module Dependabot
               NativeHelpers.run_bundler_subprocess(
                 bundler_version: bundler_version,
                 function: "update_lockfile",
+                options: options,
                 args: {
                   gemfile_name: gemfile.name,
                   lockfile_name: lockfile.name,

data/lib/dependabot/bundler/file_updater.rb

@@ -79,6 +79,7 @@ module Dependabot
           NativeHelpers.run_bundler_subprocess(
             bundler_version: bundler_version,
             function: "vendor_cache_dir",
+            options: options,
             args: {
               dir: repo_contents_path
             }

data/lib/dependabot/bundler/native_helpers.rb

@@ -6,20 +6,51 @@ require "dependabot/shared_helpers"
 module Dependabot
   module Bundler
     module NativeHelpers
-      def self.run_bundler_subprocess(function:, args:, bundler_version:)
+      class BundleCommand
+        MAX_SECONDS = 1800
+        MIN_SECONDS = 60
+
+        def initialize(timeout_seconds)
+          @timeout_seconds = clamp(timeout_seconds)
+        end
+
+        def build(script)
+          [timeout_command, :bundle, :exec, :ruby, script].compact.join(" ")
+        end
+
+        private
+
+        attr_reader :timeout_seconds
+
+        def timeout_command
+          "timeout -s HUP #{timeout_seconds}" unless timeout_seconds.zero?
+        end
+
+        def clamp(seconds)
+          return 0 unless seconds
+
+          seconds.to_i.clamp(MIN_SECONDS, MAX_SECONDS)
+        end
+      end
+
+      def self.run_bundler_subprocess(function:, args:, bundler_version:, options: {})
         # Run helper suprocess with all bundler-related ENV variables removed
         bundler_major_version = bundler_version.split(".").first
+        helpers_path = versioned_helper_path(bundler_version: bundler_major_version)
         ::Bundler.with_original_env do
+          command = BundleCommand.
+                    new(options[:timeout_per_operation_seconds]).
+                    build(File.join(helpers_path, "run.rb"))
           SharedHelpers.run_helper_subprocess(
-            command: helper_path(bundler_version: bundler_major_version),
+            command: command,
             function: function,
             args: args,
             env: {
               # Bundler will pick the matching installed major version
               "BUNDLER_VERSION" => bundler_version,
-              "BUNDLE_GEMFILE" => File.join(versioned_helper_path(bundler_version: bundler_major_version), "Gemfile"),
+              "BUNDLE_GEMFILE" => File.join(helpers_path, "Gemfile"),
               # Prevent the GEM_HOME from being set to a folder owned by root
-              "GEM_HOME" => File.join(versioned_helper_path(bundler_version: bundler_major_version), ".bundle")
+              "GEM_HOME" => File.join(helpers_path, ".bundle")
             }
           )
         rescue SharedHelpers::HelperSubprocessFailed => e
@@ -31,12 +62,7 @@ module Dependabot
       end
 
       def self.versioned_helper_path(bundler_version:)
-        native_helper_version = "v#{bundler_version}"
-        File.join(native_helpers_root, native_helper_version)
-      end
-
-      def self.helper_path(bundler_version:)
-        "bundle exec ruby #{File.join(versioned_helper_path(bundler_version: bundler_version), 'run.rb')}"
+        File.join(native_helpers_root, "v#{bundler_version}")
       end
 
       def self.native_helpers_root

data/lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb

@@ -35,6 +35,7 @@ module Dependabot
             NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "conflicting_dependencies",
+              options: options,
               args: {
                 dir: tmp_dir,
                 dependency_name: dependency.name,

data/lib/dependabot/bundler/update_checker/force_updater.rb

@@ -50,6 +50,7 @@ module Dependabot
             updated_deps, specs = NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "force_update",
+              options: options,
               args: {
                 dir: tmp_dir,
                 dependency_name: dependency.name,

data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb

@@ -61,6 +61,7 @@ module Dependabot
                 NativeHelpers.run_bundler_subprocess(
                   bundler_version: bundler_version,
                   function: "depencency_source_latest_git_version",
+                  options: options,
                   args: {
                     dir: tmp_dir,
                     gemfile_name: gemfile.name,
@@ -106,6 +107,7 @@ module Dependabot
                 NativeHelpers.run_bundler_subprocess(
                   bundler_version: bundler_version,
                   function: "private_registry_versions",
+                  options: options,
                   args: {
                     dir: tmp_dir,
                     gemfile_name: gemfile.name,
@@ -126,6 +128,7 @@ module Dependabot
               NativeHelpers.run_bundler_subprocess(
                 bundler_version: bundler_version,
                 function: "dependency_source_type",
+                options: options,
                 args: {
                   dir: tmp_dir,
                   gemfile_name: gemfile.name,

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -167,6 +167,7 @@ module Dependabot
             git_specs = NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "git_specs",
+              options: options,
               args: {
                 dir: tmp_dir,
                 gemfile_name: gemfile.name,
@@ -195,6 +196,7 @@ module Dependabot
             NativeHelpers.run_bundler_subprocess(
               bundler_version: bundler_version,
               function: "jfrog_source",
+              options: options,
               args: {
                 dir: dir,
                 gemfile_name: gemfile.name,

data/lib/dependabot/bundler/update_checker/version_resolver.rb

@@ -82,6 +82,7 @@ module Dependabot
               details = NativeHelpers.run_bundler_subprocess(
                 bundler_version: bundler_version,
                 function: "resolve_version",
+                options: options,
                 args: {
                   dependency_name: dependency.name,
                   dependency_requirements: dependency.requirements,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.164.1
+  version: 0.165.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-02 00:00:00.000000000 Z
+date: 2021-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.164.1
+        version: 0.165.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.164.1
+        version: 0.165.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement