dependabot-bundler 0.196.4 → 0.197.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v2/build +3 -3
  3. data/lib/dependabot/bundler/helpers.rb +1 -1
  4. data/lib/dependabot/bundler/metadata_finder.rb +8 -13
  5. data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb +3 -4
  6. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +3 -4
  7. data/lib/dependabot/bundler/update_checker/version_resolver.rb +3 -4
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b851dd00b7c62d39dfb073bc386ea42d704dc4c87a77c028ea3dcf19d3d44c07
4
- data.tar.gz: 796fe1b5235f5ca23dfe3456106fb80331f69151ffd6201fb65b100d4ffab5cb
3
+ metadata.gz: 929f48f819af25cd92430a4eedbf1200a771f30211c36309799fd7092582a548
4
+ data.tar.gz: c543ea5283c14f4dbcba3931c0b0a2ca0eff88e2e4ed139b58244f3a4ee025aa
5
5
  SHA512:
6
- metadata.gz: 9d2fac1f78f640e0cc8c641ec698e887deb1bd679b90ae863f072db70bb81750f129e7975bcd73f338fdd8a9decd3976a353853e591f842c40d76fc98d2f925e
7
- data.tar.gz: 98776f867a7a1e5d07abfe35683661055789208c03262628057b7c9934da107aa72b92d544825ccce16d75a7f5d51efa5a6e96e9e938ef9d1e8a2beb930ea2c1
6
+ metadata.gz: aa84ca484dbdc2ea4921f945d6707ac9149df5a35f087bb49c4855a19eec471e9b44979b3520eabbaa50f290ff735a28dc67ab0aee40d6d788c3e924e3afff96
7
+ data.tar.gz: 07ac755fff553d95c03ab42b8f6db46b970edf04e059f68ce19ebd95739e088d70ffa13f34e9dc4ed6d348d5b1fe45332b5bff795d76ac6a9c0bb25d4f0733bc
data/helpers/v2/build CHANGED
@@ -22,6 +22,6 @@ cd "$install_dir"
22
22
 
23
23
  # NOTE: Sets `BUNDLED WITH` to match the installed v2 version in Gemfile.lock
24
24
  # forcing specs and native helpers to run with the same version
25
- BUNDLER_VERSION=2.3.13 bundle config --local path ".bundle"
26
- BUNDLER_VERSION=2.3.13 bundle config --local without "test"
27
- BUNDLER_VERSION=2.3.13 bundle install
25
+ BUNDLER_VERSION=2.3.18 bundle config --local path ".bundle"
26
+ BUNDLER_VERSION=2.3.18 bundle config --local without "test"
27
+ BUNDLER_VERSION=2.3.18 bundle install
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -4,7 +4,7 @@ module Dependabot
4
4
  module Bundler
5
5
  module Helpers
6
6
  V1 = "1.17.3"
7
- V2 = "2.3.13"
7
+ V2 = "2.3.18"
8
8
  # If we are updating a project with no Gemfile.lock, we default to the
9
9
  # newest version we support
10
10
  DEFAULT = V2
data/lib/dependabot/bundler/metadata_finder.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require "excon"
4
4
  require "dependabot/metadata_finders"
5
5
  require "dependabot/metadata_finders/base"
6
+ require "dependabot/registry_client"
6
7
 
7
8
  module Dependabot
8
9
  module Bundler
@@ -127,10 +128,9 @@ module Dependabot
127
128
  "#{dependency.name}-#{dependency.version}.gemspec.rz"
128
129
 
129
130
  response =
130
- Excon.get(
131
- gemspec_uri,
132
- idempotent: true,
133
- **SharedHelpers.excon_defaults(headers: registry_auth_headers)
131
+ Dependabot::RegistryClient.get(
132
+ url: gemspec_uri,
133
+ headers: registry_auth_headers
134
134
  )
135
135
 
136
136
  return @rubygems_marshalled_gemspec_response = nil if response.status >= 400
@@ -145,10 +145,9 @@ module Dependabot
145
145
  return @rubygems_api_response if defined?(@rubygems_api_response)
146
146
 
147
147
  response =
148
- Excon.get(
149
- "#{registry_url}api/v1/gems/#{dependency.name}.json",
150
- idempotent: true,
151
- **SharedHelpers.excon_defaults(headers: registry_auth_headers)
148
+ Dependabot::RegistryClient.get(
149
+ url: "#{registry_url}api/v1/gems/#{dependency.name}.json",
150
+ headers: registry_auth_headers
152
151
  )
153
152
  return @rubygems_api_response = {} if response.status >= 400
154
153
 
@@ -186,11 +185,7 @@ module Dependabot
186
185
  return response_body if source_url
187
186
 
188
187
  rubygems_response =
189
- Excon.get(
190
- "https://rubygems.org/api/v1/gems/#{dependency.name}.json",
191
- idempotent: true,
192
- **SharedHelpers.excon_defaults
193
- )
188
+ Dependabot::RegistryClient.get(url: "https://rubygems.org/api/v1/gems/#{dependency.name}.json")
194
189
  parsed_rubygems_body = JSON.parse(rubygems_response.body)
195
190
  rubygems_digest =
196
191
  parsed_rubygems_body.values_at("version", "authors", "info").hash
data/lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/registry_client"
3
4
  require "dependabot/bundler/native_helpers"
4
5
  require "dependabot/bundler/helpers"
5
6
 
@@ -84,10 +85,8 @@ module Dependabot
84
85
  def rubygems_versions
85
86
  @rubygems_versions ||=
86
87
  begin
87
- response = Excon.get(
88
- dependency_rubygems_uri,
89
- idempotent: true,
90
- **SharedHelpers.excon_defaults
88
+ response = Dependabot::RegistryClient.get(
89
+ url: dependency_rubygems_uri
91
90
  )
92
91
 
93
92
  JSON.parse(response.body).
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -6,6 +6,7 @@ require "uri"
6
6
  require "dependabot/bundler/update_checker"
7
7
  require "dependabot/bundler/native_helpers"
8
8
  require "dependabot/bundler/helpers"
9
+ require "dependabot/registry_client"
9
10
  require "dependabot/shared_helpers"
10
11
  require "dependabot/errors"
11
12
 
@@ -182,10 +183,8 @@ module Dependabot
182
183
  uri = URI.parse(spec.fetch("auth_uri"))
183
184
  next false unless %w(http https).include?(uri.scheme)
184
185
 
185
- Excon.get(
186
- uri.to_s,
187
- idempotent: true,
188
- **SharedHelpers.excon_defaults
186
+ Dependabot::RegistryClient.get(
187
+ url: uri.to_s
189
188
  ).status == 200
190
189
  rescue Excon::Error::Socket, Excon::Error::Timeout
191
190
  false
data/lib/dependabot/bundler/update_checker/version_resolver.rb CHANGED
@@ -6,6 +6,7 @@ require "dependabot/bundler/helpers"
6
6
  require "dependabot/bundler/update_checker"
7
7
  require "dependabot/bundler/file_updater/lockfile_updater"
8
8
  require "dependabot/bundler/requirement"
9
+ require "dependabot/registry_client"
9
10
  require "dependabot/shared_helpers"
10
11
  require "dependabot/errors"
11
12
 
@@ -180,10 +181,8 @@ module Dependabot
180
181
  # If no Ruby version is specified, we don't have a problem
181
182
  return false unless details[:ruby_version]
182
183
 
183
- versions = Excon.get(
184
- "https://rubygems.org/api/v1/versions/#{dependency.name}.json",
185
- idempotent: true,
186
- **SharedHelpers.excon_defaults
184
+ versions = Dependabot::RegistryClient.get(
185
+ url: "https://rubygems.org/api/v1/versions/#{dependency.name}.json"
187
186
  )
188
187
 
189
188
  # Give the benefit of the doubt if something goes wrong fetching
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.196.4
4
+ version: 0.197.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-14 00:00:00.000000000 Z
11
+ date: 2022-07-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.196.4
19
+ version: 0.197.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.196.4
26
+ version: 0.197.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement