RubyGems - dependabot-bundler - Versions diffs - 0.259.0 → 0.260.0 - Mend

dependabot-bundler 0.259.0 → 0.260.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/helpers/v1/spec/functions/dependency_source_spec.rb +1 -1
data/helpers/v2/lib/functions/lockfile_updater.rb +1 -1
data/helpers/v2/run.rb +0 -1
data/helpers/v2/spec/functions/dependency_source_spec.rb +1 -1
data/helpers/v2/spec/functions/version_resolver_spec.rb +5 -2
data/helpers/v2/spec/functions_spec.rb +2 -2
data/helpers/v2/spec/native_spec_helper.rb +0 -1
data/lib/dependabot/bundler/file_updater.rb +3 -3
data/lib/dependabot/bundler/metadata_finder.rb +4 -4
metadata +5 -7
data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb +0 -23
data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb +0 -68

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1cf058014268b3cfec697930e773369e1f2f1edfe1b4cd6a4c43a33af020a3a6
-  data.tar.gz: ef3f4b5ccd9bed22f52b4408d2097ee0709089db43baa21763a8093d684f69ef
+  metadata.gz: c9538499869166af66a0f2a6659e4e98a79e315448a80829ab14e92b28957594
+  data.tar.gz: c7b99137ddf893896b49fcb90e33144d5dd4b25cf2f1e423bfb5c93a3659e896
 SHA512:
-  metadata.gz: 1699556eb7cdf17c530f580620f88f14452c750e6ba426dbe192a885a0d029ad054d7304378a482deca2e09d988fee7db8f4ec17719cbadd83ceb89aede7828f
-  data.tar.gz: 70e5f1f22cb8ae1025fda30e255222daf55f69a44944217aa640b440759908ba5700f09c8049b5d1fbc82979b9db13d8a783c297408ffb886ffe97ec0708fa78
+  metadata.gz: 1ae19b8684f6edd8021bfe9ea83b9e434c97a76718d5c7acb510fb063473c0537492cfad227edd1b1d7fdd5260dea1256df3cae09dfc8b0573945f0ce39a13c9
+  data.tar.gz: 7feb5e67e67b9740b465371bbc38cb5f2796c0b07f38b0bf34a18ea3c6939dca58e577ead93168ed35947a8a0e2810364e93dbed3c72efc345d84072b87aa393

data/helpers/v1/spec/functions/dependency_source_spec.rb CHANGED Viewed

@@ -179,7 +179,7 @@ RSpec.describe Functions::DependencySource do
       end
       it "returns all versions from the private source" do
-        expect(private_registry_versions.length).to eql(70)
+        expect(private_registry_versions.length).to be(70)
         expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
         expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
       end

data/helpers/v2/lib/functions/lockfile_updater.rb CHANGED Viewed

@@ -189,7 +189,7 @@ module Functions
       # if those sub-deps are top-level dependencies. We only want true
       # subdeps unlocked, like they were in the UpdateChecker, so we
       # mutate the unlocked gems array.
-      unlocked = defn.instance_variable_get(:@unlock).fetch(:gems)
+      unlocked = defn.instance_variable_get(:@gems_to_unlock)
       must_not_unlock = defn.dependencies.map { |x| x.name.to_s } -
                         dependencies_to_unlock
       unlocked.reject! { |n| must_not_unlock.include?(n) }

data/helpers/v2/run.rb CHANGED Viewed

@@ -17,7 +17,6 @@ end
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
 require "git_source_patch"
-require "definition_bundler_spec_set_patch"
 require "functions"

data/helpers/v2/spec/functions/dependency_source_spec.rb CHANGED Viewed

@@ -180,7 +180,7 @@ RSpec.describe Functions::DependencySource do
       end
       it "returns all versions from the private source" do
-        expect(private_registry_versions.length).to eql(70)
+        expect(private_registry_versions.length).to be(70)
         expect(private_registry_versions.min).to eql(Gem::Version.new("1.0.0"))
         expect(private_registry_versions.max).to eql(Gem::Version.new("3.5.2"))
       end

data/helpers/v2/spec/functions/version_resolver_spec.rb CHANGED Viewed

@@ -36,6 +36,9 @@ RSpec.describe Functions::VersionResolver do
     stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.1.gemspec.rz")
       .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.1.gemspec.rz"))
+    stub_request(:get, "https://rubygems.org/quick/Marshal.4.8/statesman-1.2.5.gemspec.rz")
+      .to_return(status: 200, body: fixture("rubygems_responses", "statesman-1.2.5.gemspec.rz"))
     stub_request(:get, %r{quick/Marshal.4.8/business-.*.gemspec.rz})
       .to_return(status: 200, body: fixture("rubygems_responses", "business-1.0.0.gemspec.rz"))
   end
@@ -102,12 +105,12 @@ RSpec.describe Functions::VersionResolver do
       its([:fetcher]) { is_expected.to eq("Bundler::Fetcher::Dependency") }
     end
-    context "with no update possible due to a version conflict" do
+    context "when there's a version conflict with a subdep also listed as a top level dependency" do
       let(:project_name) { "version_conflict_with_listed_subdep" }
       let(:dependency_name) { "rspec-mocks" }
       let(:requirement_string) { ">= 0" }
-      its([:version]) { is_expected.to eq(Gem::Version.new("3.6.0")) }
+      its([:version]) { is_expected.to be > Gem::Version.new("3.6.0") }
     end
   end
 end

data/helpers/v2/spec/functions_spec.rb CHANGED Viewed

@@ -12,7 +12,7 @@ RSpec.describe Functions do
     it "returns the jfrog source" do
       in_tmp_folder do
-        jfrog_source = Functions.jfrog_source(
+        jfrog_source = described_class.jfrog_source(
           dir: tmp_path,
           gemfile_name: "Gemfile",
           credentials: {}
@@ -26,7 +26,7 @@ RSpec.describe Functions do
   describe "#git_specs" do
     subject(:git_specs) do
       in_tmp_folder do
-        Functions.git_specs(
+        described_class.git_specs(
           dir: tmp_path,
           gemfile_name: "Gemfile",
           credentials: {}

data/helpers/v2/spec/native_spec_helper.rb CHANGED Viewed

@@ -12,7 +12,6 @@ $LOAD_PATH.unshift(File.expand_path("../../spec_helpers", __dir__))
 # Bundler monkey patches
 require "definition_ruby_version_patch"
 require "definition_bundler_version_patch"
-require "definition_bundler_spec_set_patch"
 require "git_source_patch"
 require "functions"

data/lib/dependabot/bundler/file_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/file_updaters"
@@ -27,7 +27,7 @@ module Dependabot
       # rubocop:disable Metrics/PerceivedComplexity
       # rubocop:disable Metrics/AbcSize
       def updated_dependency_files
-        updated_files = []
+        updated_files = T.let([], T::Array[Dependabot::DependencyFile])
         if gemfile && file_changed?(gemfile)
           updated_files <<
@@ -58,7 +58,7 @@ module Dependabot
         check_updated_files(updated_files)
-        base_dir = updated_files.first.directory
+        base_dir = T.must(updated_files.first).directory
         vendor_updater
           .updated_vendor_cache_files(base_directory: base_dir)
           .each do |file|

data/lib/dependabot/bundler/metadata_finder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "excon"
@@ -87,7 +87,7 @@ module Dependabot
         end
         source_url = github_urls.find do |url|
-          repo = Source.from_url(url).repo
+          repo = T.must(Source.from_url(url)).repo
           repo.downcase.end_with?(dependency.name)
         end
         return unless source_url
@@ -102,7 +102,7 @@ module Dependabot
         rubygems_marshalled_gemspec_response.gsub("\x06;", "\n")
                                             .scan(Dependabot::Source::SOURCE_REGEX) do
           github_urls << (Regexp.last_match.to_s +
-                         Regexp.last_match.post_match.split("\n").first)
+                         T.must(T.must(Regexp.last_match).post_match.split("\n").first))
         end
         github_urls.find do |url|
@@ -204,7 +204,7 @@ module Dependabot
           cred["type"] == "rubygems_server" && cred.replaces_base?
         end
         host = credential ? credential["host"] : "rubygems.org"
-        @base_url = "https://#{host}" + ("/" unless host.end_with?("/"))
+        @base_url = "https://#{host}#{host&.end_with?('/') ? '' : '/'}"
       end
       def registry_auth_headers

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.259.0
+  version: 0.260.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-30 00:00:00.000000000 Z
+date: 2024-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.259.0
+        version: 0.260.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.259.0
+        version: 0.260.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -292,12 +292,10 @@ files:
 - helpers/v2/lib/functions/force_updater.rb
 - helpers/v2/lib/functions/lockfile_updater.rb
 - helpers/v2/lib/functions/version_resolver.rb
-- helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb
 - helpers/v2/monkey_patches/definition_bundler_version_patch.rb
 - helpers/v2/monkey_patches/definition_ruby_version_patch.rb
 - helpers/v2/monkey_patches/git_source_patch.rb
 - helpers/v2/run.rb
-- helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb
 - helpers/v2/spec/functions/conflicting_dependency_resolver_spec.rb
 - helpers/v2/spec/functions/dependency_source_spec.rb
 - helpers/v2/spec/functions/file_parser_spec.rb
@@ -347,7 +345,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/helpers/v2/monkey_patches/definition_bundler_spec_set_patch.rb DELETED Viewed

@@ -1,23 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-require "bundler/spec_set"
-# monkey patch materialized_for_all_platforms for lazy specification issue resolution
-# https://github.com/dependabot/dependabot-core/pull/9807
-module BundlerSpecSetPatch
-  def materialized_for_all_platforms
-    @specs.map do |s|
-      next s unless s.is_a?(Bundler::LazySpecification)
-      s.source.cached!
-      s.source.remote!
-      spec = s.materialize_for_installation
-      raise Bundler::GemNotFound, "Could not find #{s.full_name} in any of the sources" unless spec
-      spec
-    end
-  end
-end
-Bundler::SpecSet.prepend(BundlerSpecSetPatch)

data/helpers/v2/spec/definition_bundler_spec_set_patch_spec.rb DELETED Viewed

@@ -1,68 +0,0 @@
-# typed: false
-# frozen_string_literal: true
-# rubocop:disable RSpec/FilePath
-# rubocop:disable RSpec/SpecFilePathFormat
-require "native_spec_helper"
-require "shared_contexts"
-require "bundler/spec_set"
-RSpec.describe Bundler::SpecSet do
-  let(:primary_source) { instance_double(Bundler::Source::Git) }
-  let(:secondary_source) { instance_double(Bundler::Source::Path) }
-  let(:primary_spec_set) do
-    instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-x86_64-linux", source: primary_source)
-  end
-  let(:secondary_spec_set) do
-    instance_double(Bundler::LazySpecification, full_name: "foo-1.0.0-arm64-darwin", source: secondary_source)
-  end
-  before do
-    allow(primary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
-    allow(secondary_spec_set).to receive(:is_a?).with(Bundler::LazySpecification).and_return(true)
-    allow(primary_source).to receive(:cached!)
-    allow(primary_source).to receive(:remote!)
-    allow(secondary_source).to receive(:cached!)
-    allow(secondary_source).to receive(:remote!)
-    allow(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set)
-    allow(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set)
-  end
-  describe "#materialized_for_all_platforms" do
-    context "when cache_all_platforms is enabled" do
-      let(:spec_set) { described_class.new([primary_spec_set, secondary_spec_set]) }
-      before do
-        described_class.prepend(BundlerSpecSetPatch)
-      end
-      it "uses cached gems for secondary sources" do
-        expect(primary_spec_set.source).to receive(:cached!).ordered
-        expect(primary_spec_set.source).to receive(:remote!).ordered
-        expect(primary_spec_set).to receive(:materialize_for_installation).and_return(primary_spec_set).ordered
-        expect(secondary_spec_set.source).to receive(:cached!).ordered
-        expect(secondary_spec_set.source).to receive(:remote!).ordered
-        expect(secondary_spec_set).to receive(:materialize_for_installation).and_return(secondary_spec_set).ordered
-        result = spec_set.materialized_for_all_platforms
-        expect(result).to include(primary_spec_set, secondary_spec_set)
-      end
-      it "raises an error if a gem cannot be found in any of the sources" do
-        allow(primary_spec_set).to receive(:materialize_for_installation).and_return(nil)
-        expect do
-          spec_set.materialized_for_all_platforms
-        end.to raise_error(Bundler::GemNotFound,
-                           "Could not find foo-1.0.0-x86_64-linux in any of the sources")
-      end
-    end
-  end
-end
-# rubocop:enable RSpec/FilePath
-# rubocop:enable RSpec/SpecFilePathFormat