dependabot-bundler 0.259.0 → 0.260.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/spec/functions/dependency_source_spec.rb +1 -1
  3. data/helpers/v2/lib/functions/lockfile_updater.rb +1 -1
  4. data/helpers/v2/run.rb +0 -1
  5. data/helpers/v2/spec/functions/dependency_source_spec.rb +1 -1
  6. data/helpers/v2/spec/functions/version_resolver_spec.rb +5 -2
  7. data/helpers/v2/spec/functions_spec.rb +2 -2
  8. data/helpers/v2/spec/native_spec_helper.rb +0 -1
  9. data/lib/dependabot/bundler/file_updater.rb +3 -3
  10. data/lib/dependabot/bundler/metadata_finder.rb +4 -4
  11. metadata +5 -7
  12. data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb +0 -23
  13. data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb +0 -68
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1cf058014268b3cfec697930e773369e1f2f1edfe1b4cd6a4c43a33af020a3a6
4
- data.tar.gz: ef3f4b5ccd9bed22f52b4408d2097ee0709089db43baa21763a8093d684f69ef
3
+ metadata.gz: c9538499869166af66a0f2a6659e4e98a79e315448a80829ab14e92b28957594
4
+ data.tar.gz: c7b99137ddf893896b49fcb90e33144d5dd4b25cf2f1e423bfb5c93a3659e896
5
5
  SHA512:
6
- metadata.gz: 1699556eb7cdf17c530f580620f88f14452c750e6ba426dbe192a885a0d029ad054d7304378a482deca2e09d988fee7db8f4ec17719cbadd83ceb89aede7828f
7
- data.tar.gz: 70e5f1f22cb8ae1025fda30e255222daf55f69a44944217aa640b440759908ba5700f09c8049b5d1fbc82979b9db13d8a783c297408ffb886ffe97ec0708fa78
6
+ metadata.gz: 1ae19b8684f6edd8021bfe9ea83b9e434c97a76718d5c7acb510fb063473c0537492cfad227edd1b1d7fdd5260dea1256df3cae09dfc8b0573945f0ce39a13c9
7
+ data.tar.gz: 7feb5e67e67b9740b465371bbc38cb5f2796c0b07f38b0bf34a18ea3c6939dca58e577ead93168ed35947a8a0e2810364e93dbed3c72efc345d84072b87aa393
data/helpers/v1/spec/functions/dependency_source_spec.rb CHANGED
@@ -179,7 +179,7 @@ RSpec.describe Functions::DependencySource do
179
179
  end
180
180
 
181
181
  it "returns all versions from the private source" do
182
- expect(private_registry_versions.length).to eql(70)
182
+ expect(private_registry_versions.length).to be(70)
183
183
  expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
184
184
  expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
185
185
  end
data/helpers/v2/lib/functions/lockfile_updater.rb CHANGED
@@ -189,7 +189,7 @@ module Functions
189
189
  # if those sub-deps are top-level dependencies. We only want true
190
190
  # subdeps unlocked, like they were in the UpdateChecker, so we
191
191
  # mutate the unlocked gems array.
192
- unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
192
+ unlocked = defn.instance_variable_get(:@gems_to_unlock)
193
193
  must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
194
194
  dependencies_to_unlock
195
195
  unlocked.reject! { |n| must_not_unlock.include?(n) }
data/helpers/v2/run.rb CHANGED
@@ -17,7 +17,6 @@ end
17
17
  require "definition_ruby_version_patch"
18
18
  require "definition_bundler_version_patch"
19
19
  require "git_source_patch"
20
- require "definition_bundler_spec_set_patch"
21
20
 
22
21
  require "functions"
23
22
 
data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED
@@ -180,7 +180,7 @@ RSpec.describe Functions::DependencySource do
180
180
  end
181
181
 
182
182
  it "returns all versions from the private source" do
183
- expect(private_registry_versions.length).to eql(70)
183
+ expect(private_registry_versions.length).to be(70)
184
184
  expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
185
185
  expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
186
186
  end
data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED
@@ -36,6 +36,9 @@ RSpec.describe Functions::VersionResolver do
36
36
  stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.1.gemspec.rz")
37
37
  .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.1.gemspec.rz"))
38
38
 
39
+ stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.5.gemspec.rz")
40
+ .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.5.gemspec.rz"))
41
+
39
42
  stub_request(:get, %r{quick/Marshal.4.8/business-.*.gemspec.rz})
40
43
  .to_return(status: 200, body: fixture("rubygems_responses", "business-1.0.0.gemspec.rz"))
41
44
  end
@@ -102,12 +105,12 @@ RSpec.describe Functions::VersionResolver do
102
105
  its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
103
106
  end
104
107
 
105
- context "with no update possible due to a version conflict" do
108
+ context "when there's a version conflict with a subdep also listed as a top level dependency" do
106
109
  let(:project_name) { "version_conflict_with_listed_subdep" }
107
110
  let(:dependency_name) { "rspec-mocks" }
108
111
  let(:requirement_string) { ">= 0" }
109
112
 
110
- its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
113
+ its([:version]) { is_expected.to be > Gem::Version.new("3.6.0") }
111
114
  end
112
115
  end
113
116
  end
data/helpers/v2/spec/functions_spec.rb CHANGED
@@ -12,7 +12,7 @@ RSpec.describe Functions do
12
12
 
13
13
  it "returns the jfrog source" do
14
14
  in_tmp_folder do
15
- jfrog_source = Functions.jfrog_source(
15
+ jfrog_source = described_class.jfrog_source(
16
16
  dir: tmp_path,
17
17
  gemfile_name: "Gemfile",
18
18
  credentials: {}
@@ -26,7 +26,7 @@ RSpec.describe Functions do
26
26
  describe "#git_specs" do
27
27
  subject(:git_specs) do
28
28
  in_tmp_folder do
29
- Functions.git_specs(
29
+ described_class.git_specs(
30
30
  dir: tmp_path,
31
31
  gemfile_name: "Gemfile",
32
32
  credentials: {}
data/helpers/v2/spec/native_spec_helper.rb CHANGED
@@ -12,7 +12,6 @@ $LOAD_PATH.unshift(File.expand_path("../../spec_helpers", __dir__))
12
12
  # Bundler monkey patches
13
13
  require "definition_ruby_version_patch"
14
14
  require "definition_bundler_version_patch"
15
- require "definition_bundler_spec_set_patch"
16
15
  require "git_source_patch"
17
16
 
18
17
  require "functions"
data/lib/dependabot/bundler/file_updater.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/file_updaters"
@@ -27,7 +27,7 @@ module Dependabot
27
27
  # rubocop:disable Metrics/PerceivedComplexity
28
28
  # rubocop:disable Metrics/AbcSize
29
29
  def updated_dependency_files
30
- updated_files = []
30
+ updated_files = T.let([], T::Array[Dependabot::DependencyFile])
31
31
 
32
32
  if gemfile && file_changed?(gemfile)
33
33
  updated_files <<
@@ -58,7 +58,7 @@ module Dependabot
58
58
 
59
59
  check_updated_files(updated_files)
60
60
 
61
- base_dir = updated_files.first.directory
61
+ base_dir = T.must(updated_files.first).directory
62
62
  vendor_updater
63
63
  .updated_vendor_cache_files(base_directory: base_dir)
64
64
  .each do |file|
data/lib/dependabot/bundler/metadata_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
@@ -87,7 +87,7 @@ module Dependabot
87
87
  end
88
88
 
89
89
  source_url = github_urls.find do |url|
90
- repo = Source.from_url(url).repo
90
+ repo = T.must(Source.from_url(url)).repo
91
91
  repo.downcase.end_with?(dependency.name)
92
92
  end
93
93
  return unless source_url
@@ -102,7 +102,7 @@ module Dependabot
102
102
  rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
103
103
  .scan(Dependabot::Source::SOURCE_REGEX) do
104
104
  github_urls << (Regexp.last_match.to_s +
105
- Regexp.last_match.post_match.split("\n").first)
105
+ T.must(T.must(Regexp.last_match).post_match.split("\n").first))
106
106
  end
107
107
 
108
108
  github_urls.find do |url|
@@ -204,7 +204,7 @@ module Dependabot
204
204
  cred["type"] == "rubygems_server" && cred.replaces_base?
205
205
  end
206
206
  host = credential ? credential["host"] : "rubygems.org"
207
- @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))
207
+ @base_url = "https://#{host}#{host&.end_with?('/') ? '' : '/'}"
208
208
  end
209
209
 
210
210
  def registry_auth_headers
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.259.0
4
+ version: 0.260.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-30 00:00:00.000000000 Z
11
+ date: 2024-06-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.259.0
19
+ version: 0.260.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.259.0
26
+ version: 0.260.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -292,12 +292,10 @@ files:
292
292
  - helpers/v2/lib/functions/force_updater.rb
293
293
  - helpers/v2/lib/functions/lockfile_updater.rb
294
294
  - helpers/v2/lib/functions/version_resolver.rb
295
- - helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb
296
295
  - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
297
296
  - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
298
297
  - helpers/v2/monkey_patches/git_source_patch.rb
299
298
  - helpers/v2/run.rb
300
- - helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb
301
299
  - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
302
300
  - helpers/v2/spec/functions/dependency_source_spec.rb
303
301
  - helpers/v2/spec/functions/file_parser_spec.rb
@@ -347,7 +345,7 @@ licenses:
347
345
  - MIT
348
346
  metadata:
349
347
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
350
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
348
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
351
349
  post_install_message:
352
350
  rdoc_options: []
353
351
  require_paths:
data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb DELETED
@@ -1,23 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- require "bundler/spec_set"
5
-
6
- # monkey patch materialized_for_all_platforms for lazy specification issue resolution
7
- # https://github.com/dependabot/dependabot-core/pull/9807
8
- module BundlerSpecSetPatch
9
- def materialized_for_all_platforms
10
- @specs.map do |s|
11
- next s unless s.is_a?(Bundler::LazySpecification)
12
-
13
- s.source.cached!
14
- s.source.remote!
15
- spec = s.materialize_for_installation
16
- raise Bundler::GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
17
-
18
- spec
19
- end
20
- end
21
- end
22
-
23
- Bundler::SpecSet.prepend(BundlerSpecSetPatch)
data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb DELETED
@@ -1,68 +0,0 @@
1
- # typed: false
2
- # frozen_string_literal: true
3
-
4
- # rubocop:disable RSpec/FilePath
5
- # rubocop:disable RSpec/SpecFilePathFormat
6
-
7
- require "native_spec_helper"
8
- require "shared_contexts"
9
- require "bundler/spec_set"
10
-
11
- RSpec.describe Bundler::SpecSet do
12
- let(:primary_source) { instance_double(Bundler::Source::Git) }
13
- let(:secondary_source) { instance_double(Bundler::Source::Path) }
14
- let(:primary_spec_set) do
15
- instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-x86_64-linux", source: primary_source)
16
- end
17
- let(:secondary_spec_set) do
18
- instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-arm64-darwin", source: secondary_source)
19
- end
20
-
21
- before do
22
- allow(primary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
23
- allow(secondary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
24
-
25
- allow(primary_source).to receive(:cached!)
26
- allow(primary_source).to receive(:remote!)
27
- allow(secondary_source).to receive(:cached!)
28
- allow(secondary_source).to receive(:remote!)
29
-
30
- allow(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set)
31
- allow(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set)
32
- end
33
-
34
- describe "#materialized_for_all_platforms" do
35
- context "when cache_all_platforms is enabled" do
36
- let(:spec_set) { described_class.new([primary_spec_set, secondary_spec_set]) }
37
-
38
- before do
39
- described_class.prepend(BundlerSpecSetPatch)
40
- end
41
-
42
- it "uses cached gems for secondary sources" do
43
- expect(primary_spec_set.source).to receive(:cached!).ordered
44
- expect(primary_spec_set.source).to receive(:remote!).ordered
45
- expect(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set).ordered
46
-
47
- expect(secondary_spec_set.source).to receive(:cached!).ordered
48
- expect(secondary_spec_set.source).to receive(:remote!).ordered
49
- expect(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set).ordered
50
-
51
- result = spec_set.materialized_for_all_platforms
52
- expect(result).to include(primary_spec_set, secondary_spec_set)
53
- end
54
-
55
- it "raises an error if a gem cannot be found in any of the sources" do
56
- allow(primary_spec_set).to receive(:materialize_for_installation).and_return(nil)
57
-
58
- expect do
59
- spec_set.materialized_for_all_platforms
60
- end.to raise_error(Bundler::GemNotFound,
61
- "Could not find foo-1.0.0-x86_64-linux in any of the sources")
62
- end
63
- end
64
- end
65
- end
66
-
67
- # rubocop:enable RSpec/FilePath
68
- # rubocop:enable RSpec/SpecFilePathFormat