dependabot-bundler 0.275.0 → 0.276.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/bundler/helpers.rb +21 -9
- data/lib/dependabot/bundler/package_manager.rb +6 -8
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 79a19d7a225becc8cf4c031542f0243f76aafbc06e7bddc5f07c18e81b0fa72f
|
|
4
|
+
data.tar.gz: 3ad916573eab9a1b62ec84183a1a1d8189a091bed5fe4c458c0154e238b1a3b0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d9e71142cd9048c31cf4ab29084b78f6e5612b0672b4afe0c23dd814b8d0f2470a0684b7c6675d03d14c698a40f569f8e7ac752879c0e65da204e5ef956b8c95
|
|
7
|
+
data.tar.gz: 443ba8a0babf33f236c6430087a5a3166abbf3d79cb915c388e4862301a3cf5bc6e566de3115ae2b1060636a5ca62a1b801220993bd9f83f461e58ca85f482bd
|
|
@@ -1,35 +1,47 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
module Dependabot
|
|
5
5
|
module Bundler
|
|
6
6
|
module Helpers
|
|
7
|
+
extend T::Sig
|
|
8
|
+
extend T::Helpers
|
|
9
|
+
|
|
7
10
|
V1 = "1"
|
|
8
11
|
V2 = "2"
|
|
9
12
|
# If we are updating a project with no Gemfile.lock, we default to the
|
|
10
13
|
# newest version we support
|
|
11
14
|
DEFAULT = V2
|
|
12
|
-
# If we are updating a project with a Gemfile.lock that does not specify
|
|
13
|
-
# the version it was bundled with, we failover to V1 on the assumption
|
|
14
|
-
# it was created with an old version that didn't add this information
|
|
15
|
-
FAILOVER = V1
|
|
16
|
-
|
|
17
15
|
BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
|
|
18
16
|
|
|
17
|
+
sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
|
|
19
18
|
def self.bundler_version(lockfile)
|
|
20
19
|
return DEFAULT unless lockfile
|
|
21
20
|
|
|
22
|
-
if (matches = lockfile.content
|
|
21
|
+
if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
|
|
23
22
|
matches[:version].to_i >= 2 ? V2 : V1
|
|
23
|
+
elsif Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
|
|
24
|
+
DEFAULT
|
|
24
25
|
else
|
|
25
|
-
|
|
26
|
+
failover_version
|
|
26
27
|
end
|
|
27
28
|
end
|
|
28
29
|
|
|
30
|
+
# If we are updating a project with a Gemfile.lock that does not specify
|
|
31
|
+
# the version it was bundled with, we failover to V1 on the assumption
|
|
32
|
+
# it was created with an old version that didn't add this information
|
|
33
|
+
sig { returns(String) }
|
|
34
|
+
def self.failover_version
|
|
35
|
+
return V2 if Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
|
|
36
|
+
|
|
37
|
+
V1
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
|
|
29
41
|
def self.detected_bundler_version(lockfile)
|
|
30
42
|
return "unknown" unless lockfile
|
|
31
43
|
|
|
32
|
-
if (matches = lockfile.content
|
|
44
|
+
if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
|
|
33
45
|
matches[:version].to_i.to_s
|
|
34
46
|
else
|
|
35
47
|
"unspecified"
|
|
@@ -9,9 +9,8 @@ module Dependabot
|
|
|
9
9
|
module Bundler
|
|
10
10
|
PACKAGE_MANAGER = "bundler"
|
|
11
11
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
].freeze, T::Array[Dependabot::Version])
|
|
12
|
+
# Keep versions in ascending order
|
|
13
|
+
SUPPORTED_BUNDLER_VERSIONS = T.let([Version.new("2")].freeze, T::Array[Dependabot::Version])
|
|
15
14
|
|
|
16
15
|
DEPRECATED_BUNDLER_VERSIONS = T.let([
|
|
17
16
|
Version.new("1")
|
|
@@ -40,13 +39,12 @@ module Dependabot
|
|
|
40
39
|
sig { override.returns(T::Array[Dependabot::Version]) }
|
|
41
40
|
attr_reader :supported_versions
|
|
42
41
|
|
|
43
|
-
sig { override.returns(T::Boolean) }
|
|
44
|
-
def deprecated?
|
|
45
|
-
deprecated_versions.include?(version)
|
|
46
|
-
end
|
|
47
42
|
sig { override.returns(T::Boolean) }
|
|
48
43
|
def unsupported?
|
|
49
|
-
|
|
44
|
+
# Check if the feature flag for Bundler v1 unsupported error is enabled.
|
|
45
|
+
return false unless Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
|
|
46
|
+
|
|
47
|
+
supported_versions.all? { |supported| supported > version }
|
|
50
48
|
end
|
|
51
49
|
end
|
|
52
50
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-bundler
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.276.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-09-
|
|
11
|
+
date: 2024-09-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.276.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.276.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: parallel
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -346,7 +346,7 @@ licenses:
|
|
|
346
346
|
- MIT
|
|
347
347
|
metadata:
|
|
348
348
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
349
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
349
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
|
|
350
350
|
post_install_message:
|
|
351
351
|
rdoc_options: []
|
|
352
352
|
require_paths:
|