dependabot-bundler 0.225.0 → 0.226.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/run.rb +0 -14
  3. data/helpers/v2/lib/functions/lockfile_updater.rb +22 -13
  4. data/helpers/v2/run.rb +1 -15
  5. data/lib/dependabot/bundler/file_fetcher.rb +6 -4
  6. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +3 -1
  7. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4ba17ad283a50a7c06199c0dd9eb7546616bbc18161b2d475587f67535c4f527
4
- data.tar.gz: e0ec3920c84e0a1df752bebd6f3f9545c50782e34a22f0933f94e3c27932c506
3
+ metadata.gz: 62e7833c9a64fc684512d74fa39ce224e18754731dddb5208d7984f920c54467
4
+ data.tar.gz: c598beadef625a3c4789a34cc52066bd96cc2b9b5a17e4c47b38ae3e2d96641c
5
5
  SHA512:
6
- metadata.gz: f7c2375065f8ce381f6b2c1293f24ba0b279416c14adba367ef6623a915a56b5e2c93ba5e382eef5cfb06487630b3291d5f5af368469db2ade9a139751d35dde
7
- data.tar.gz: 1028997b2e4d5bf9deb4b07eac0532af63aa7e4cc9fa9e59007fb61da7a44adefd6ef2ef4de7720ac6ce5cf3f8d7217c521f99baf4239641fd0197dd63497dc8
6
+ metadata.gz: 0d86274e3b7f9e971b6add631c155b67843fe5adbbf719b73934517b73824feca2eeb41ca37ab9557c9bb5737b67208f039cc7e852e73d97f3d1b40d4e77a0af
7
+ data.tar.gz: 105562225882a8b562ff3afdd2851a2fc05d7a0ee0ff61993b9688e4e5df0f6dffcb1f077e6b43a75150758d5ea1960eda2dbb30963a08bded17980d65b339c1
data/helpers/v1/run.rb CHANGED
@@ -21,25 +21,11 @@ require "resolver_spec_group_sane_eql"
21
21
 
22
22
  require "functions"
23
23
 
24
- MAX_BUNDLER_VERSION = "2.0.0"
25
-
26
- def validate_bundler_version!
27
- return true if correct_bundler_version?
28
-
29
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected < '#{MAX_BUNDLER_VERSION}'"
30
- end
31
-
32
- def correct_bundler_version?
33
- Gem::Version.new(Bundler::VERSION) < Gem::Version.new(MAX_BUNDLER_VERSION)
34
- end
35
-
36
24
  def output(obj)
37
25
  print JSON.dump(obj)
38
26
  end
39
27
 
40
28
  begin
41
- validate_bundler_version!
42
-
43
29
  request = JSON.parse($stdin.read)
44
30
 
45
31
  function = request["function"]
data/helpers/v2/lib/functions/lockfile_updater.rb CHANGED
@@ -62,10 +62,13 @@ module Functions
62
62
  end
63
63
 
64
64
  def cache_vendored_gems(definition)
65
- # Dependencies that have been unlocked for the update (including
66
- # sub-dependencies)
67
- unlocked_gems = definition.instance_variable_get(:@unlock).
68
- fetch(:gems)
65
+ resolve = definition.resolve
66
+
67
+ # Dependencies that have been updated (including sub-dependencies)
68
+ updated_gems = resolve.reject do |spec|
69
+ lockfile_specs.include?(spec)
70
+ end.map(&:name).uniq
71
+
69
72
  bundler_opts = {
70
73
  cache_all: true,
71
74
  cache_all_platforms: true,
@@ -76,27 +79,30 @@ module Functions
76
79
  # Fetch and cache gems on all platforms without pruning
77
80
  Bundler::Runtime.new(nil, definition).cache
78
81
 
79
- # Only prune unlocked gems (the original implementation is in
82
+ # Only prune updated gems (the original implementation is in
80
83
  # Bundler::Runtime)
81
84
  cache_path = Bundler.app_cache
82
- resolve = definition.resolve
83
- prune_gem_cache(resolve, cache_path, unlocked_gems)
85
+ prune_gem_cache(resolve, cache_path, updated_gems)
84
86
  prune_git_and_path_cache(resolve, cache_path)
85
87
  end
86
88
  end
87
89
 
88
90
  # Copied from Bundler::Runtime: Modified to only prune gems that have
89
- # been unlocked
90
- def prune_gem_cache(resolve, cache_path, unlocked_gems)
91
+ # been updated
92
+ def prune_gem_cache(resolve, cache_path, updated_gems)
91
93
  cached_gems = Dir["#{cache_path}/*.gem"]
92
94
 
93
- outdated_gems = cached_gems.reject do |path|
95
+ outdated_gems = cached_gems.select do |path|
94
96
  spec = Bundler.rubygems.spec_from_gem path
95
97
 
96
- !unlocked_gems.include?(spec.name) || resolve.any? do |s|
98
+ caused_by_update = updated_gems.include?(spec.name) && resolve.none? do |s|
97
99
  s.name == spec.name && s.version == spec.version &&
98
100
  !s.source.is_a?(Bundler::Source::Git)
99
101
  end
102
+
103
+ caused_by_removal = resolve.none? { |s| s.name == spec.name }
104
+
105
+ caused_by_update || caused_by_removal
100
106
  end
101
107
 
102
108
  return unless outdated_gems.any?
@@ -138,8 +144,7 @@ module Functions
138
144
  end
139
145
 
140
146
  def unlock_blocking_subdeps(dependencies_to_unlock, error)
141
- all_deps = Bundler::LockfileParser.new(lockfile).
142
- specs.map(&:name).map(&:to_s)
147
+ all_deps = lockfile_specs.map(&:name).map(&:to_s)
143
148
  top_level = build_definition([]).dependencies.
144
149
  map(&:name).map(&:to_s)
145
150
  allowed_new_unlocks = all_deps - top_level - dependencies_to_unlock
@@ -215,6 +220,10 @@ module Functions
215
220
  sources.all? { |s| s&.fetch("type", nil) == "git" }
216
221
  end
217
222
 
223
+ def lockfile_specs
224
+ @lockfile_specs ||= Bundler::LockfileParser.new(lockfile).specs
225
+ end
226
+
218
227
  def lockfile
219
228
  @lockfile ||= File.read(lockfile_name)
220
229
  end
data/helpers/v2/run.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- gem "bundler", "~> 2.3"
3
+ gem "bundler", "~> 2.4"
4
4
  require "bundler"
5
5
  require "json"
6
6
 
@@ -19,25 +19,11 @@ require "git_source_patch"
19
19
 
20
20
  require "functions"
21
21
 
22
- MIN_BUNDLER_VERSION = "2.1.0"
23
-
24
- def validate_bundler_version!
25
- return true if correct_bundler_version?
26
-
27
- raise StandardError, "Called with Bundler '#{Bundler::VERSION}', expected >= '#{MIN_BUNDLER_VERSION}'"
28
- end
29
-
30
- def correct_bundler_version?
31
- Gem::Version.new(Bundler::VERSION) >= Gem::Version.new(MIN_BUNDLER_VERSION)
32
- end
33
-
34
22
  def output(obj)
35
23
  print JSON.dump(obj)
36
24
  end
37
25
 
38
26
  begin
39
- validate_bundler_version!
40
-
41
27
  request = JSON.parse($stdin.read)
42
28
 
43
29
  function = request["function"]
data/lib/dependabot/bundler/file_fetcher.rb CHANGED
@@ -69,13 +69,15 @@ module Dependabot
69
69
  end
70
70
 
71
71
  def gemfile
72
- @gemfile ||= fetch_file_if_present("gems.rb") ||
73
- fetch_file_if_present("Gemfile")
72
+ return @gemfile if defined?(@gemfile)
73
+
74
+ @gemfile = fetch_file_if_present("gems.rb") || fetch_file_if_present("Gemfile")
74
75
  end
75
76
 
76
77
  def lockfile
77
- @lockfile ||= fetch_file_if_present("gems.locked") ||
78
- fetch_file_if_present("Gemfile.lock")
78
+ return @lockfile if defined?(@lockfile)
79
+
80
+ @lockfile = fetch_file_if_present("gems.locked") || fetch_file_if_present("Gemfile.lock")
79
81
  end
80
82
 
81
83
  def gemspecs
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -19,7 +19,9 @@ module Dependabot
19
19
  PATH_REGEX = /The path `(?<path>.*)` does not exist/
20
20
 
21
21
  module BundlerErrorPatterns
22
- MISSING_AUTH_REGEX = /bundle config (?<source>.*) username:password/
22
+ # The `set --global` optional part can be made required when Bundler 1 support is dropped
23
+ MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
24
+
23
25
  BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
24
26
  BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
25
27
  HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.225.0
4
+ version: 0.226.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-31 00:00:00.000000000 Z
11
+ date: 2023-08-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.225.0
19
+ version: 0.226.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.225.0
26
+ version: 0.226.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.17.1
131
+ version: 1.18.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.17.1
138
+ version: 1.18.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: stackprof
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -268,7 +268,7 @@ licenses:
268
268
  - Nonstandard
269
269
  metadata:
270
270
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
271
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.225.0
271
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.226.0
272
272
  post_install_message:
273
273
  rdoc_options: []
274
274
  require_paths: