RubyGems - dependabot-bundler - Versions diffs - 0.280.0 → 0.281.0 - Mend

dependabot-bundler 0.280.0 → 0.281.0

Files changed (30) hide show

checksums.yaml +4 -4
data/lib/dependabot/bundler/helpers.rb +1 -13
data/lib/dependabot/bundler/package_manager.rb +6 -6
data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb +1 -2
metadata +8 -33
data/helpers/v1/.gitignore +0 -8
data/helpers/v1/Gemfile +0 -7
data/helpers/v1/build +0 -29
data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb +0 -89
data/helpers/v1/lib/functions/dependency_source.rb +0 -90
data/helpers/v1/lib/functions/file_parser.rb +0 -119
data/helpers/v1/lib/functions/force_updater.rb +0 -173
data/helpers/v1/lib/functions/lockfile_updater.rb +0 -218
data/helpers/v1/lib/functions/version_resolver.rb +0 -141
data/helpers/v1/lib/functions.rb +0 -172
data/helpers/v1/monkey_patches/definition_bundler_version_patch.rb +0 -16
data/helpers/v1/monkey_patches/definition_ruby_version_patch.rb +0 -22
data/helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb +0 -20
data/helpers/v1/monkey_patches/git_source_patch.rb +0 -62
data/helpers/v1/monkey_patches/object_untaint_patch.rb +0 -17
data/helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb +0 -18
data/helpers/v1/patched_bundler +0 -34
data/helpers/v1/run.rb +0 -38
data/helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb +0 -118
data/helpers/v1/spec/functions/dependency_source_spec.rb +0 -188
data/helpers/v1/spec/functions/file_parser_spec.rb +0 -75
data/helpers/v1/spec/functions/force_updater_spec.rb +0 -59
data/helpers/v1/spec/functions/version_resolver_spec.rb +0 -105
data/helpers/v1/spec/native_spec_helper.rb +0 -56
data/helpers/v1/spec/shared_contexts.rb +0 -60

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccd9c2016c9305a9e201302c1788179179dca0592aee95d03adef3ec1155f79a
-  data.tar.gz: 857b17356df06747aa2a6b9780ecc1b9e38571ead11d03ff04c117449fb6b74f
+  metadata.gz: ced4096906c6340adbf69f1a72b3c84069622b1bf0c1e249a02419baae29b0c2
+  data.tar.gz: dc9d382839349a530ff0677c03791ebfa1b8e1013a72b93d9bb61677dc3a914d
 SHA512:
-  metadata.gz: 94aa6c6289637df9cf3bf10fe68bcbd7cf7a205b731805b197ecaad1d44e69f725eedd203f9a858deea6679053240d0fc890ee8f6ec5ac6ad737218e830566b1
-  data.tar.gz: 6be8f4cb1fba1a593b2fa590f7a7d995015062e1fa485747c3dbfacde84fc37b08947e68d9b0e7a38c7dd72cc6a2a69fa7df92505e9748a2cf5223d7f5b829dd
+  metadata.gz: b1e2d121706fcc5fcbc097677b64c3800741ff124ad92f0c6c49e0a5c233723a3a06a7302128072b128f69aea7618235c4ea67657b4d0e33a89654a7bc223477
+  data.tar.gz: 46e5908f2d55e1a315ba940fc1da53209354474c83c2b5e93f8dfb15452b83410aeaf8482c75ff9fcf955b93a562ca1bbc2d92ba66a0b104c462678d3edbf5d8

data/lib/dependabot/bundler/helpers.rb CHANGED Viewed

@@ -20,23 +20,11 @@ module Dependabot
         if (matches = lockfile.content&.match(BUNDLER_MAJOR_VERSION_REGEX))
           matches[:version].to_i >= 2 ? V2 : V1
-        elsif Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
-          DEFAULT
         else
-          failover_version
+          DEFAULT
         end
       end
-      # If we are updating a project with a Gemfile.lock that does not specify
-      # the version it was bundled with, we failover to V1 on the assumption
-      # it was created with an old version that didn't add this information
-      sig { returns(String) }
-      def self.failover_version
-        return V2 if Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
-        V1
-      end
       sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
       def self.detected_bundler_version(lockfile)
         return "unknown" unless lockfile

data/lib/dependabot/bundler/package_manager.rb CHANGED Viewed

@@ -12,9 +12,11 @@ module Dependabot
     # Keep versions in ascending order
     SUPPORTED_BUNDLER_VERSIONS = T.let([Version.new("2")].freeze, T::Array[Dependabot::Version])
-    DEPRECATED_BUNDLER_VERSIONS = T.let([
-      Version.new("1")
-    ].freeze, T::Array[Dependabot::Version])
+    # Currently, we don't support any deprecated versions of Bundler
+    # When a version is going to be unsupported, it will be added here for a while to give users time to upgrade
+    # Example for deprecation:
+    # DEPRECATED_BUNDLER_VERSIONS = T.let([Version.new("1")].freeze, T::Array[Dependabot::Version])
+    DEPRECATED_BUNDLER_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
     class PackageManager < PackageManagerBase
       extend T::Sig
@@ -41,9 +43,7 @@ module Dependabot
       sig { override.returns(T::Boolean) }
       def unsupported?
-        # Check if the feature flag for Bundler v1 unsupported error is enabled.
-        return false unless Dependabot::Experiments.enabled?(:bundler_v1_unsupported_error)
+        # Check if the version is not supported
         supported_versions.all? { |supported| supported > version }
       end
     end

data/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb CHANGED Viewed

@@ -31,8 +31,7 @@ module Dependabot
         PATH_REGEX = /The path `(?<path>.*)` does not exist/
         module BundlerErrorPatterns
-          # The `set --global` optional part can be made required when Bundler 1 support is dropped
-          MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
+          MISSING_AUTH_REGEX = /bundle config set --global (?<source>.*) username:password/
           BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
           FORBIDDEN_AUTH_REGEX = /Access token could not be authenticated for (?<source>.*)\.$/

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.280.0
+  version: 0.281.0
 platform: ruby
 authors:
 - Dependabot
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-10 00:00:00.000000000 Z
+date: 2024-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.280.0
+        version: 0.281.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.280.0
+        version: 0.281.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -257,31 +257,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - helpers/spec_helpers/gem_net_http_adapter.rb
-- helpers/v1/.gitignore
-- helpers/v1/Gemfile
-- helpers/v1/build
-- helpers/v1/lib/functions.rb
-- helpers/v1/lib/functions/conflicting_dependency_resolver.rb
-- helpers/v1/lib/functions/dependency_source.rb
-- helpers/v1/lib/functions/file_parser.rb
-- helpers/v1/lib/functions/force_updater.rb
-- helpers/v1/lib/functions/lockfile_updater.rb
-- helpers/v1/lib/functions/version_resolver.rb
-- helpers/v1/monkey_patches/definition_bundler_version_patch.rb
-- helpers/v1/monkey_patches/definition_ruby_version_patch.rb
-- helpers/v1/monkey_patches/fileutils_keyword_splat_patch.rb
-- helpers/v1/monkey_patches/git_source_patch.rb
-- helpers/v1/monkey_patches/object_untaint_patch.rb
-- helpers/v1/monkey_patches/resolver_spec_group_sane_eql.rb
-- helpers/v1/patched_bundler
-- helpers/v1/run.rb
-- helpers/v1/spec/functions/conflicting_dependency_resolver_spec.rb
-- helpers/v1/spec/functions/dependency_source_spec.rb
-- helpers/v1/spec/functions/file_parser_spec.rb
-- helpers/v1/spec/functions/force_updater_spec.rb
-- helpers/v1/spec/functions/version_resolver_spec.rb
-- helpers/v1/spec/native_spec_helper.rb
-- helpers/v1/spec/shared_contexts.rb
 - helpers/v2/.gitignore
 - helpers/v2/Gemfile
 - helpers/v2/build
@@ -346,8 +321,8 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.280.0
-post_install_message:
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.281.0
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -363,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 3.1.0
 requirements: []
 rubygems_version: 3.5.9
-signing_key:
+signing_key:
 specification_version: 4
 summary: Provides Dependabot support for Ruby (bundler)
 test_files: []

data/helpers/v1/.gitignore DELETED Viewed

@@ -1,8 +0,0 @@
-/.bundle
-/.env
-/tmp
-/dependabot-*.gem
-Gemfile.lock
-spec/fixtures/projects/*/.bundle/
-!spec/fixtures/projects/**/Gemfile.lock
-!spec/fixtures/projects/**/vendor

data/helpers/v1/Gemfile DELETED Viewed

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-source "https://rubygems.org"
-gem "dependabot-common", path: "../../../common"
-gemspec path: "../.."

data/helpers/v1/build DELETED Viewed

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-set -e
-helpers_dir=$(cd -P "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  install_dir="$helpers_dir"
-else
-  install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/bundler/v1"
-  mkdir -p "$install_dir"
-  cp -r \
-    "$helpers_dir/lib" \
-    "$helpers_dir/monkey_patches" \
-    "$helpers_dir/run.rb" \
-    "$helpers_dir/patched_bundler" \
-    "$install_dir"
-fi
-cd "$install_dir"
-export GEM_HOME=$install_dir/.bundle
-gem install bundler -v 1.17.3 --no-document
-if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
-  BUNDLER_VERSION=1.17.3 ./patched_bundler install
-fi

data/helpers/v1/lib/functions/conflicting_dependency_resolver.rb DELETED Viewed

@@ -1,89 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Functions
-  class ConflictingDependencyResolver
-    def initialize(dependency_name:, target_version:, lockfile_name:)
-      @dependency_name = dependency_name
-      @target_version = target_version
-      @lockfile_name = lockfile_name
-    end
-    # Finds any dependencies in the lockfile that have a subdependency on the
-    # given dependency that does not satisfly the target_version.
-    # @return [Array<Hash{String => String}]
-    #   * explanation [String] a sentence explaining the conflict
-    #   * name [String] the blocking dependencies name
-    #   * version [String] the version of the blocking dependency
-    #   * requirement [String] the requirement on the target_dependency
-    def conflicting_dependencies
-      Bundler.settings.set_command_option("only_update_to_newer_versions", true)
-      parent_specs.flat_map do |parent_spec|
-        top_level_specs_for(parent_spec).map do |top_level|
-          dependency = parent_spec.dependencies.find { |bd| bd.name == dependency_name }
-          {
-            "explanation" => explanation(parent_spec, dependency, top_level),
-            "name" => parent_spec.name,
-            "version" => parent_spec.version.to_s,
-            "requirement" => dependency.requirement.to_s
-          }
-        end
-      end
-    end
-    private
-    attr_reader :dependency_name
-    attr_reader :target_version
-    attr_reader :lockfile_name
-    def parent_specs
-      version = Gem::Version.new(target_version)
-      parsed_lockfile.specs.filter do |spec|
-        spec.dependencies.any? do |dep|
-          dep.name == dependency_name &&
-            !dep.requirement.satisfied_by?(version)
-        end
-      end
-    end
-    def top_level_specs_for(parent_spec)
-      return [parent_spec] if top_level?(parent_spec)
-      parsed_lockfile.specs.filter do |spec|
-        spec.dependencies.any? do |dep|
-          dep.name == parent_spec.name && top_level?(spec)
-        end
-      end
-    end
-    def top_level?(spec)
-      parsed_lockfile.dependencies.key?(spec.name)
-    end
-    def explanation(spec, dependency, top_level)
-      if spec.name == top_level.name
-        "#{spec.name} (#{spec.version}) requires #{dependency_name} (#{dependency.requirement})"
-      else
-        "#{top_level.name} (#{top_level.version}) requires #{dependency_name} " \
-          "(#{dependency.requirement}) via #{spec.name} (#{spec.version})"
-      end
-    end
-    def parsed_lockfile
-      @parsed_lockfile ||= Bundler::LockfileParser.new(lockfile)
-    end
-    def lockfile
-      return @lockfile if defined?(@lockfile)
-      @lockfile =
-        begin
-          return unless lockfile_name && File.exist?(lockfile_name)
-          File.read(lockfile_name)
-        end
-    end
-  end
-end

data/helpers/v1/lib/functions/dependency_source.rb DELETED Viewed

@@ -1,90 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Functions
-  class DependencySource
-    attr_reader :gemfile_name
-    attr_reader :dependency_name
-    RUBYGEMS = "rubygems"
-    PRIVATE_REGISTRY = "private"
-    GIT = "git"
-    OTHER = "other"
-    def initialize(gemfile_name:, dependency_name:)
-      @gemfile_name = gemfile_name
-      @dependency_name = dependency_name
-    end
-    def type
-      bundler_source = specified_source || default_source
-      type_of(bundler_source)
-    end
-    def latest_git_version(dependency_source_url:, dependency_source_branch:)
-      source = Bundler::Source::Git.new(
-        "uri" => dependency_source_url,
-        "branch" => dependency_source_branch,
-        "name" => dependency_name,
-        "submodules" => true
-      )
-      # Tell Bundler we're fine with fetching the source remotely
-      source.instance_variable_set(:@allow_remote, true)
-      spec = source.specs.first
-      { version: spec.version, commit_sha: spec.source.revision }
-    end
-    def private_registry_versions
-      bundler_source = specified_source || default_source
-      bundler_source
-        .fetchers.flat_map do |fetcher|
-          fetcher
-            .specs_with_retry([dependency_name], bundler_source)
-            .search_all(dependency_name)
-        end
-        .map(&:version)
-    end
-    private
-    def type_of(bundler_source)
-      case bundler_source
-      when Bundler::Source::Rubygems
-        remote = bundler_source.remotes.first
-        if remote.nil? || remote.to_s == "https://rubygems.org/"
-          RUBYGEMS
-        else
-          PRIVATE_REGISTRY
-        end
-      when Bundler::Source::Git
-        GIT
-      else
-        OTHER
-      end
-    end
-    def specified_source
-      return @specified_source if defined? @specified_source
-      @specified_source = definition.dependencies
-                                    .find { |dep| dep.name == dependency_name }&.source
-    end
-    def default_source
-      definition.send(:sources).default_source
-    end
-    def definition
-      @definition ||= Bundler::Definition.build(gemfile_name, nil, {})
-    end
-    def serialize_bundler_source(source)
-      {
-        type: source.class.to_s
-      }
-    end
-  end
-end

data/helpers/v1/lib/functions/file_parser.rb DELETED Viewed

@@ -1,119 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-require "uri"
-module Functions
-  class FileParser
-    def initialize(lockfile_name:)
-      @lockfile_name = lockfile_name
-    end
-    attr_reader :lockfile_name
-    def parsed_gemfile(gemfile_name:)
-      Bundler::Definition.build(gemfile_name, nil, {})
-                         .dependencies.select(&:current_platform?)
-                         .reject { |dep| local_sources.include?(dep.source.class) }
-                         .map { |dep| serialize_bundler_dependency(dep) }
-    end
-    def parsed_gemspec(gemspec_name:)
-      Bundler.load_gemspec_uncached(gemspec_name)
-             .dependencies
-             .map { |dep| serialize_bundler_dependency(dep) }
-    end
-    private
-    def lockfile
-      return @lockfile if defined?(@lockfile)
-      @lockfile =
-        begin
-          return unless lockfile_name && File.exist?(lockfile_name)
-          File.read(lockfile_name)
-        end
-    end
-    def parsed_lockfile
-      return unless lockfile
-      @parsed_lockfile ||= Bundler::LockfileParser.new(lockfile)
-    end
-    def source_from_lockfile(dependency_name)
-      parsed_lockfile&.specs&.find { |s| s.name == dependency_name }&.source
-    end
-    def source_for(dependency)
-      source = dependency.source
-      if lockfile && default_rubygems?(source)
-        # If there's a lockfile and the Gemfile doesn't have anything
-        # interesting to say about the source, check that.
-        source = source_from_lockfile(dependency.name)
-      end
-      raise "Bad source: #{source}" unless sources.include?(source.class)
-      return nil if default_rubygems?(source)
-      details = { type: source.class.name.split("::").last.downcase }
-      details.merge!(git_source_details(source)) if source.is_a?(Bundler::Source::Git)
-      details[:url] = source.remotes.first.to_s if source.is_a?(Bundler::Source::Rubygems)
-      details
-    end
-    def git_source_details(source)
-      {
-        url: source.uri,
-        branch: source.branch,
-        ref: source.ref
-      }
-    end
-    RUBYGEMS_HOSTS = [
-      "rubygems.org",
-      "www.rubygems.org"
-    ].freeze
-    def default_rubygems?(source)
-      return true if source.nil?
-      return false unless source.is_a?(Bundler::Source::Rubygems)
-      source.remotes.any? do |r|
-        RUBYGEMS_HOSTS.include?(URI(r.to_s).host)
-      end
-    end
-    def serialize_bundler_dependency(dependency)
-      {
-        name: dependency.name,
-        requirement: dependency.requirement,
-        groups: dependency.groups,
-        source: source_for(dependency),
-        type: dependency.type
-      }
-    end
-    # Can't be a constant because some of these don't exist in bundler
-    # 1.15, which used to cause issues on Heroku (causing exception on boot).
-    # TODO: Check if this will be an issue with multiple bundler versions
-    def sources
-      [
-        NilClass,
-        Bundler::Source::Rubygems,
-        Bundler::Source::Git,
-        *local_sources,
-        Bundler::Source::Metadata
-      ]
-    end
-    def local_sources
-      [
-        Bundler::Source::Path,
-        Bundler::Source::Gemspec
-      ]
-    end
-  end
-end

data/helpers/v1/lib/functions/force_updater.rb DELETED Viewed

@@ -1,173 +0,0 @@
-# typed: true
-# frozen_string_literal: true
-module Functions
-  class ForceUpdater
-    class TransitiveDependencyError < StandardError; end
-    def initialize(dependency_name:, target_version:, gemfile_name:,
-                   lockfile_name:, update_multiple_dependencies:)
-      @dependency_name = dependency_name
-      @target_version = target_version
-      @gemfile_name = gemfile_name
-      @lockfile_name = lockfile_name
-      @update_multiple_dependencies = update_multiple_dependencies
-    end
-    def run
-      # Only allow upgrades. Otherwise it's unlikely that this
-      # resolution will be found by the FileUpdater
-      Bundler.settings.set_command_option(
-        "only_update_to_newer_versions",
-        true
-      )
-      dependencies_to_unlock = []
-      begin
-        definition = build_definition(dependencies_to_unlock: dependencies_to_unlock)
-        definition.resolve_remotely!
-        specs = definition.resolve
-        updates = [{ name: dependency_name }] +
-                  dependencies_to_unlock.map { |dep| { name: dep.name } }
-        specs = specs.map do |dep|
-          {
-            name: dep.name,
-            version: dep.version
-          }
-        end
-        [updates, specs]
-      rescue Bundler::VersionConflict => e
-        raise unless update_multiple_dependencies?
-        # TODO: Not sure this won't unlock way too many things...
-        new_dependencies_to_unlock =
-          new_dependencies_to_unlock_from(
-            error: e,
-            already_unlocked: dependencies_to_unlock
-          )
-        raise if new_dependencies_to_unlock.none?
-        dependencies_to_unlock += new_dependencies_to_unlock
-        retry
-      end
-    end
-    private
-    attr_reader :dependency_name
-    attr_reader :target_version
-    attr_reader :gemfile_name
-    attr_reader :lockfile_name
-    attr_reader :credentials
-    attr_reader :update_multiple_dependencies
-    alias update_multiple_dependencies? update_multiple_dependencies
-    def new_dependencies_to_unlock_from(error:, already_unlocked:)
-      potentials_deps =
-        relevant_conflicts(error, already_unlocked)
-        .flat_map(&:requirement_trees)
-        .reject do |tree|
-          # If the final requirement wasn't specific, it can't be binding
-          next true if tree.last.requirement == Gem::Requirement.new(">= 0")
-          # If the conflict wasn't for the dependency we're updating then
-          # we don't have enough info to reject it
-          next false unless tree.last.name == dependency_name
-          # If the final requirement *was* for the dependency we're updating
-          # then we can ignore the tree if it permits the target version
-          tree.last.requirement.satisfied_by?(
-            Gem::Version.new(target_version)
-          )
-        end.map(&:first)
-      potentials_deps
-        .reject { |dep| already_unlocked.map(&:name).include?(dep.name) }
-        .reject { |dep| [dependency_name, "ruby\0"].include?(dep.name) }
-        .uniq
-    end
-    def relevant_conflicts(error, dependencies_being_unlocked)
-      names = [*dependencies_being_unlocked.map(&:name), dependency_name]
-      # For a conflict to be relevant to the updates we're making it must be
-      # 1) caused by a new requirement introduced by our unlocking, or
-      # 2) caused by an old requirement that prohibits the update.
-      # Hence, we look at the beginning and end of the requirement trees
-      error.cause.conflicts.values
-           .select do |conflict|
-        conflict.requirement_trees.any? do |t|
-          names.include?(t.last.name) || names.include?(t.first.name)
-        end
-      end
-    end
-    def build_definition(dependencies_to_unlock:)
-      gems_to_unlock = dependencies_to_unlock.map(&:name) + [dependency_name]
-      definition = Bundler::Definition.build(
-        gemfile_name,
-        lockfile_name,
-        gems: gems_to_unlock + subdependencies,
-        lock_shared_dependencies: true
-      )
-      # Remove the Gemfile / gemspec requirements on the gems we're
-      # unlocking (i.e., completely unlock them)
-      gems_to_unlock.each do |gem_name|
-        unlock_gem(definition: definition, gem_name: gem_name)
-      end
-      dep = definition.dependencies
-                      .find { |d| d.name == dependency_name }
-      # If the dependency is not found in the Gemfile it means this is a
-      # transitive dependency that we can't force update.
-      raise TransitiveDependencyError unless dep
-      # Set the requirement for the gem we're forcing an update of
-      new_req = Gem::Requirement.create("= #{target_version}")
-      dep.instance_variable_set(:@requirement, new_req)
-      dep.source = nil if dep.source.is_a?(Bundler::Source::Git)
-      definition
-    end
-    def lockfile
-      return @lockfile if defined?(@lockfile)
-      @lockfile =
-        begin
-          return unless lockfile_name && File.exist?(lockfile_name)
-          File.read(lockfile_name)
-        end
-    end
-    def subdependencies
-      # If there's no lockfile we don't need to worry about
-      # subdependencies
-      return [] unless lockfile
-      all_deps =  Bundler::LockfileParser.new(lockfile)
-                                         .specs.map { |x| x.name.to_s }
-      top_level = Bundler::Definition
-                  .build(gemfile_name, lockfile_name, {})
-                  .dependencies.map { |x| x.name.to_s }
-      all_deps - top_level
-    end
-    def unlock_gem(definition:, gem_name:)
-      dep = definition.dependencies.find { |d| d.name == gem_name }
-      version = definition.locked_gems.specs
-                          .find { |d| d.name == gem_name }.version
-      dep&.instance_variable_set(
-        :@requirement,
-        Gem::Requirement.create(">= #{version}")
-      )
-    end
-  end
-end