dependabot-bundler 0.285.0 → 0.286.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/bundler/file_parser.rb +10 -2
  3. data/lib/dependabot/bundler/helpers.rb +27 -6
  4. data/lib/dependabot/bundler/language.rb +3 -6
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 46bd8d058b090759dfbdef246960dd68aaf6805eca3e8ed86dcbbe24bae02f05
4
- data.tar.gz: 0104dce3ac3823fb75626420bf71eabebba6cc6a43a5a01a3ab4475c73f5090f
3
+ metadata.gz: 0ce0397383ee54f28c18dd936362de171d27f055d66754451e17ba8c57e4885a
4
+ data.tar.gz: 49ac7f319dcb2c6b7a84d434b171cb66ec4757db1f6f68c92be8e3a3b3f448e2
5
5
  SHA512:
6
- metadata.gz: 29cc464b42b25ae071d77180e16b91e151cc5fb5a5b8fb3375a94908dd6189539b5b23e02d5be93b999fe7e3256671fa4718adc5c63107f18b08332d2f2b0950
7
- data.tar.gz: a1ca65abcce69cac328b4d99d1e4fe5319abc1c6fc7f8f3ffd5b99f70f1a3887e07434ba8a69521c7fed2c952c3e6cbb745fa55da547148a09c56408cbecac21
6
+ metadata.gz: 87221c02650ec120d7dce3b5f65386f9585d2554ced84b6d7ead43449871955a13e621a2cf1d72ad8442caf598105c0bfda19f16e0d17f3d36a848c1d85fb250
7
+ data.tar.gz: a0a20ecf386feb119de3b653f6fb598a061bda76521c456c713b5683cf2d94ec945b37fa4fa3e01471bee97e5de8888a7638caf014cc5afd8ddb7f7ad3ad1054
data/lib/dependabot/bundler/file_parser.rb CHANGED
@@ -54,7 +54,9 @@ module Dependabot
54
54
  end
55
55
 
56
56
  def package_manager_requirement
57
- @package_manager_requirement ||= Helpers.bundler_dependency_requirement(dependency_files)
57
+ @package_manager_requirement ||= Helpers.dependency_requirement(
58
+ Helpers::BUNDLER_GEM_NAME, dependency_files
59
+ )
58
60
  end
59
61
 
60
62
  sig { returns(T.nilable(Ecosystem::VersionManager)) }
@@ -63,7 +65,13 @@ module Dependabot
63
65
 
64
66
  return nil if package_manager.unsupported?
65
67
 
66
- Language.new(ruby_raw_version)
68
+ Language.new(ruby_raw_version, language_requirement)
69
+ end
70
+
71
+ def language_requirement
72
+ @language_requirement ||= Helpers.dependency_requirement(
73
+ Helpers::LANGUAGE, dependency_files
74
+ )
67
75
  end
68
76
 
69
77
  def check_external_code(dependencies)
data/lib/dependabot/bundler/helpers.rb CHANGED
@@ -13,10 +13,13 @@ module Dependabot
13
13
  V2 = "2"
14
14
  DEFAULT = V2
15
15
  BUNDLER_MAJOR_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+)\./m
16
+ RUBY_GEMFILE_REGEX = /^ruby\s+['"]([^'"]+)['"]/
17
+ RUBY_GEMSPEC_REGEX = /required_ruby_version\s+=\s+['"]([^'"]+)['"]/
16
18
 
17
19
  GEMFILE = "Gemfile"
18
20
  GEMSPEC_EXTENSION = ".gemspec"
19
21
  BUNDLER_GEM_NAME = "bundler"
22
+ LANGUAGE = "ruby"
20
23
 
21
24
  sig { params(lockfile: T.nilable(Dependabot::DependencyFile)).returns(String) }
22
25
  def self.bundler_version(lockfile)
@@ -42,10 +45,13 @@ module Dependabot
42
45
 
43
46
  # Method to get the Requirement object for the 'bundler' dependency
44
47
  sig do
45
- params(files: T::Array[Dependabot::DependencyFile]).returns(T.nilable(Dependabot::Bundler::Requirement))
48
+ params(
49
+ dependency_name: String,
50
+ files: T::Array[Dependabot::DependencyFile]
51
+ ).returns(T.nilable(Dependabot::Bundler::Requirement))
46
52
  end
47
- def self.bundler_dependency_requirement(files)
48
- constraints = combined_dependency_constraints(files, BUNDLER_GEM_NAME)
53
+ def self.dependency_requirement(dependency_name, files)
54
+ constraints = combined_dependency_constraints(files, dependency_name)
49
55
  return nil if constraints.empty?
50
56
 
51
57
  combined_constraint = constraints.join(", ")
@@ -67,20 +73,35 @@ module Dependabot
67
73
  content = file.content
68
74
  next unless content
69
75
 
70
- # Select the appropriate regex based on file type
71
- regex = if file.name.end_with?(GEMFILE)
76
+ # Select the appropriate regex based on file type and dependency name
77
+ regex = if dependency_name == LANGUAGE
78
+ ruby_version_regex(file.name)
79
+ elsif file.name.end_with?(GEMFILE)
72
80
  gemfile_dependency_regex(dependency_name)
73
81
  elsif file.name.end_with?(GEMSPEC_EXTENSION)
74
82
  gemspec_dependency_regex(dependency_name)
75
83
  else
76
- next # Skip unsupported file types
84
+ next # Skip unsupported file types, including .ruby-version
77
85
  end
78
86
 
87
+ # If regex is nil (unsupported for this file type), skip to the next file
88
+ next unless regex
89
+
79
90
  # Extract constraints using the chosen regex
80
91
  result.concat(extract_constraints_from_file(content, regex))
81
92
  end.uniq
82
93
  end
83
94
 
95
+ # Method to generate the regex pattern for Ruby version in Gemfile or gemspec
96
+ sig { params(file_name: String).returns(T.nilable(Regexp)) }
97
+ def self.ruby_version_regex(file_name)
98
+ if file_name.end_with?(GEMFILE)
99
+ RUBY_GEMFILE_REGEX
100
+ elsif file_name.end_with?(GEMSPEC_EXTENSION)
101
+ RUBY_GEMSPEC_REGEX
102
+ end
103
+ end
104
+
84
105
  # Method to generate the regex pattern for a dependency in a Gemfile
85
106
  sig { params(dependency_name: String).returns(Regexp) }
86
107
  def self.gemfile_dependency_regex(dependency_name)
data/lib/dependabot/bundler/language.rb CHANGED
@@ -12,12 +12,9 @@ module Dependabot
12
12
  class Language < Dependabot::Ecosystem::VersionManager
13
13
  extend T::Sig
14
14
 
15
- sig { params(raw_version: String).void }
16
- def initialize(raw_version)
17
- super(
18
- LANGUAGE,
19
- Version.new(raw_version)
20
- )
15
+ sig { params(raw_version: String, requirement: T.nilable(Requirement)).void }
16
+ def initialize(raw_version, requirement = nil)
17
+ super(LANGUAGE, Version.new(raw_version), [], [], requirement)
21
18
  end
22
19
  end
23
20
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-bundler
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.285.0
4
+ version: 0.286.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-07 00:00:00.000000000 Z
11
+ date: 2024-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.285.0
19
+ version: 0.286.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.285.0
26
+ version: 0.286.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: parallel
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -322,7 +322,7 @@ licenses:
322
322
  - MIT
323
323
  metadata:
324
324
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
325
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.285.0
325
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.286.0
326
326
  post_install_message:
327
327
  rdoc_options: []
328
328
  require_paths: