dependabot-bundler 0.236.0 → 0.237.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/lib/functions.rb +3 -0
  3. data/helpers/v2/lib/functions/dependency_source.rb +1 -2
  4. data/helpers/v2/lib/functions/version_resolver.rb +1 -1
  5. data/helpers/v2/lib/functions.rb +3 -0
  6. data/helpers/v2/spec/functions/dependency_source_spec.rb +3 -3
  7. data/lib/dependabot/bundler/file_fetcher.rb +7 -2
  8. data/lib/dependabot/bundler/native_helpers.rb +24 -2
  9. data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +6 -1
  10. metadata +21 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4fd34dd5e86ac6b391a703c276d062a73f797c3f936658aebc25680ee886edc6
4
- data.tar.gz: f06e52b4ddfaba21629b65ccc739eede69faccc75eb542cb2da726f3a1611cba
3
+ metadata.gz: be50dcf437b4b6c5a4570e0c34f106900f8f8ba0ffd7e270b8fdef2a503859e6
4
+ data.tar.gz: fbaf4ba7a14c4c709cb669ecbd48268e51ba9ee82710edf4fdf6304fb114224d
5
5
  SHA512:
6
- metadata.gz: 6e6ec483cbd9483321846361ade36c24bf9fca1c355e43bbffcfc7a3d25c7c8ec08f3e88137913d3538928fdde6b00bb3f82edb912fccff856ade082a5b00ba6
7
- data.tar.gz: 1581d435a66c7753929a5adece2b9b9387477fad411de498afb85f9972ba99a1f6df9482597acbab5bacaf0b8cbda2a6f42e6de080b41572da9ac2255e3a9694
6
+ metadata.gz: 26af90911a7dec4e6179c4b58d0504ce47f08e0e34583ed9d5c105e128c4b9c24608abb343f46c42ebc5204112968d394c8bd6b44d14cf02828bb4534270bd09
7
+ data.tar.gz: '0099faad52d13445a1c946ed9f66391278f062ae90bee7cfe6253d72b9a5dbce1c7f59972edaef4f8a99c1762b9447788146bafccb1f9537fdfec93684790ec3'
data/helpers/v1/lib/functions.rb CHANGED
@@ -148,6 +148,9 @@ module Functions
148
148
 
149
149
  # Use HTTPS for GitHub if lockfile
150
150
  Bundler.settings.set_command_option("github.https", "true")
151
+
152
+ # Native helpers rely on dependency unlocking, so Bundler should never be frozen
153
+ Bundler.settings.set_command_option("frozen", "false")
151
154
  end
152
155
 
153
156
  def self.relevant_credentials(credentials)
data/helpers/v2/lib/functions/dependency_source.rb CHANGED
@@ -42,9 +42,8 @@ module Functions
42
42
  .fetchers.flat_map do |fetcher|
43
43
  fetcher
44
44
  .specs([dependency_name], bundler_source)
45
- .search_all(dependency_name)
45
+ .search_all(dependency_name).map(&:version)
46
46
  end
47
- .map(&:version)
48
47
  end
49
48
 
50
49
  private
data/helpers/v2/lib/functions/version_resolver.rb CHANGED
@@ -127,7 +127,7 @@ module Functions
127
127
  def fetcher_class(dep)
128
128
  return unless dep.source.is_a?(::Bundler::Source::Rubygems)
129
129
 
130
- dep.source.fetchers.first.fetchers.first.class.to_s
130
+ dep.source.fetchers.first.send(:fetchers).first.class.to_s
131
131
  end
132
132
 
133
133
  def ruby_version
data/helpers/v2/lib/functions.rb CHANGED
@@ -152,6 +152,9 @@ module Functions
152
152
  Bundler.ui = Bundler::UI::Silent.new
153
153
 
154
154
  Bundler.settings.set_command_option("forget_cli_options", "true")
155
+
156
+ # Native helpers rely on dependency unlocking, so Bundler should never be frozen
157
+ Bundler.settings.set_command_option("frozen", "false")
155
158
  end
156
159
 
157
160
  def self.relevant_credentials(credentials)
data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED
@@ -96,11 +96,11 @@ RSpec.describe Functions::DependencySource do
96
96
  end
97
97
 
98
98
  it "blows up with a useful error" do
99
- error_class = Bundler::Fetcher::BadAuthenticationError
99
+ error_class = Bundler::Fetcher::AuthenticationForbiddenError
100
100
  expect { private_registry_versions }
101
101
  .to raise_error do |error|
102
102
  expect(error).to be_a(error_class)
103
- expect(error.message).to include("Bad username or password for")
103
+ expect(error.message).to include("Access token could not be authenticated for")
104
104
  end
105
105
  end
106
106
  end
@@ -126,7 +126,7 @@ RSpec.describe Functions::DependencySource do
126
126
  .to raise_error do |error|
127
127
  expect(error).to be_a(Bundler::HTTPError)
128
128
  expect(error.message)
129
- .to include("Could not fetch specs from")
129
+ .to include("Could not fetch specs from #{registry_url} due to underlying error")
130
130
  end
131
131
  end
132
132
  end
data/lib/dependabot/bundler/file_fetcher.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # typed: false
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/file_fetchers"
5
6
  require "dependabot/file_fetchers/base"
6
7
  require "dependabot/bundler/file_updater/lockfile_updater"
@@ -9,6 +10,9 @@ require "dependabot/errors"
9
10
  module Dependabot
10
11
  module Bundler
11
12
  class FileFetcher < Dependabot::FileFetchers::Base
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
12
16
  require "dependabot/bundler/file_fetcher/gemspec_finder"
13
17
  require "dependabot/bundler/file_fetcher/path_gemspec_finder"
14
18
  require "dependabot/bundler/file_fetcher/child_gemfile_finder"
@@ -32,8 +36,7 @@ module Dependabot
32
36
  }
33
37
  end
34
38
 
35
- private
36
-
39
+ sig { override.returns(T::Array[DependencyFile]) }
37
40
  def fetch_files
38
41
  fetched_files = []
39
42
  fetched_files << gemfile if gemfile
@@ -55,6 +58,8 @@ module Dependabot
55
58
  fetched_files
56
59
  end
57
60
 
61
+ private
62
+
58
63
  def uniq_files(fetched_files)
59
64
  uniq_files = fetched_files.reject(&:support_file?).uniq
60
65
  uniq_files += fetched_files
data/lib/dependabot/bundler/native_helpers.rb CHANGED
@@ -1,32 +1,43 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "bundler"
5
+ require "sorbet-runtime"
5
6
  require "dependabot/shared_helpers"
6
7
 
7
8
  module Dependabot
8
9
  module Bundler
9
10
  module NativeHelpers
11
+ extend T::Sig
12
+ extend T::Generic
13
+
10
14
  class BundleCommand
15
+ extend T::Sig
16
+
11
17
  MAX_SECONDS = 1800
12
18
  MIN_SECONDS = 60
13
19
 
20
+ sig { params(timeout_seconds: T.nilable(Integer)).void }
14
21
  def initialize(timeout_seconds)
15
- @timeout_seconds = clamp(timeout_seconds)
22
+ @timeout_seconds = T.let(clamp(timeout_seconds), Integer)
16
23
  end
17
24
 
25
+ sig { params(script: String).returns(String) }
18
26
  def build(script)
19
27
  [timeout_command, :ruby, script].compact.join(" ")
20
28
  end
21
29
 
22
30
  private
23
31
 
32
+ sig { returns(Integer) }
24
33
  attr_reader :timeout_seconds
25
34
 
35
+ sig { returns(T.nilable(String)) }
26
36
  def timeout_command
27
37
  "timeout -s HUP #{timeout_seconds}" unless timeout_seconds.zero?
28
38
  end
29
39
 
40
+ sig { params(seconds: T.nilable(Integer)).returns(Integer) }
30
41
  def clamp(seconds)
31
42
  return 0 unless seconds
32
43
 
@@ -34,6 +45,15 @@ module Dependabot
34
45
  end
35
46
  end
36
47
 
48
+ sig do
49
+ params(
50
+ function: String,
51
+ args: T::Hash[Symbol, String],
52
+ bundler_version: String,
53
+ options: T::Hash[Symbol, T.untyped]
54
+ )
55
+ .returns(T.untyped)
56
+ end
37
57
  def self.run_bundler_subprocess(function:, args:, bundler_version:, options: {})
38
58
  # Run helper suprocess with all bundler-related ENV variables removed
39
59
  helpers_path = versioned_helper_path(bundler_version)
@@ -60,10 +80,12 @@ module Dependabot
60
80
  end
61
81
  end
62
82
 
83
+ sig { params(bundler_major_version: String).returns(String) }
63
84
  def self.versioned_helper_path(bundler_major_version)
64
85
  File.join(native_helpers_root, "v#{bundler_major_version}")
65
86
  end
66
87
 
88
+ sig { returns(String) }
67
89
  def self.native_helpers_root
68
90
  helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
69
91
  return File.join(helpers_root, "bundler") unless helpers_root.nil?
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED
@@ -24,8 +24,9 @@ module Dependabot
24
24
  MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
25
25
 
26
26
  BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
27
+ FORBIDDEN_AUTH_REGEX = /Access token could not be authenticated for (?<source>.*)\.$/
27
28
  BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
28
- HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
29
+ HTTP_ERR_REGEX = /Could not fetch specs from (?<source>\S+)/
29
30
  end
30
31
 
31
32
  RETRYABLE_ERRORS = %w(
@@ -133,6 +134,10 @@ module Dependabot
133
134
  regex = BundlerErrorPatterns::MISSING_AUTH_REGEX
134
135
  source = error.message.match(regex)[:source]
135
136
  raise Dependabot::PrivateSourceAuthenticationFailure, source
137
+ when "Bundler::Fetcher::AuthenticationForbiddenError"
138
+ regex = BundlerErrorPatterns::FORBIDDEN_AUTH_REGEX
139
+ source = error.message.match(regex)[:source]
140
+ raise Dependabot::PrivateSourceAuthenticationFailure, source
136
141
  when "Bundler::Fetcher::BadAuthenticationError"
137
142
  regex = BundlerErrorPatterns::BAD_AUTH_REGEX
138
143
  source = error.message.match(regex)[:source]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.236.0
4
+ version: 0.237.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-10-26 00:00:00.000000000 Z
11
+ date: 2023-11-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.236.0
19
+ version: 0.237.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.236.0
26
+ version: 0.237.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -94,20 +94,34 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.3'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rspec-sorbet
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: 1.9.2
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: 1.9.2
97
111
  - !ruby/object:Gem::Dependency
98
112
  name: rubocop
99
113
  requirement: !ruby/object:Gem::Requirement
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: 1.56.0
117
+ version: 1.57.2
104
118
  type: :development
105
119
  prerelease: false
106
120
  version_requirements: !ruby/object:Gem::Requirement
107
121
  requirements:
108
122
  - - "~>"
109
123
  - !ruby/object:Gem::Version
110
- version: 1.56.0
124
+ version: 1.57.2
111
125
  - !ruby/object:Gem::Dependency
112
126
  name: rubocop-performance
113
127
  requirement: !ruby/object:Gem::Requirement
@@ -282,7 +296,7 @@ licenses:
282
296
  - Nonstandard
283
297
  metadata:
284
298
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
285
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.236.0
299
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
286
300
  post_install_message:
287
301
  rdoc_options: []
288
302
  require_paths: