RubyGems - dependabot-bundler - Versions diffs - 0.379.0 → 0.380.0 - Mend

dependabot-bundler 0.379.0 → 0.380.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/bundler/file_updater/lockfile_updater.rb +31 -0
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac7c7c5bf2882bd6e7284ee5326c4ae90b7efc68082ba185742e1db11850a2d7
-  data.tar.gz: 5ba64cdc7f057d8f030d207ccd0f0d4b0d942ca46941b152a79163b4018add01
+  metadata.gz: 7c28d7f789c7e18806f0c0141599adc1c277f932587d2331f77bf54200333df9
+  data.tar.gz: bb053e4ca2a32b6cd63abd04443327f74a12df2fd6dc472a6646cde5a57e2411
 SHA512:
-  metadata.gz: 812c3f0a6a70ee20828f3c7fb81de6598bc5ed5b12d03224af7677e2e3c3d88ccff75c9f31fdea30046249899f9c94d33667a3207404edd42e2e1f8a6c0f6469
-  data.tar.gz: f124fcf4c386db1087d85117913cd634140ba3ab1204114c082c60b4e718420c31e5d5e57d223d753fe6c1167172c4b85b93e0cefe3e5d1e584574f04c036995
+  metadata.gz: c4d4fd80b03f35f2110e390984ec3b6d7111860e996f005f05abb5fdf90a6c3c4e4babc0891e15a8bda3a1b1bc563483c6389df6ca82f6eb9e9f83941a31e6c0
+  data.tar.gz: 833760e2485382ce9e0ebda893341d098bdced4c4de9c682637063c225564b528f7afb3e91688528f30ceace54fa8f6caa71ea0d9ca6364b84aa62e954c5509c

data/lib/dependabot/bundler/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -26,6 +26,10 @@ module Dependabot
         LOCKFILE_ENDING = /(?<ending>\s*(?:RUBY VERSION|BUNDLED WITH).*)/m
         GIT_DEPENDENCIES_SECTION = /GIT\n.*?\n\n(?!GIT)/m
         GIT_DEPENDENCY_DETAILS = /GIT\n.*?\n\n/m
+        CHECKSUMS_SECTION = /(^CHECKSUMS\n)(?<entries>(?:^  .*\n)+)/m
+        BUNDLED_WITH_VERSION_REGEX = /BUNDLED WITH\s+(?<version>\d+\.\d+\.\d+)/m
+        BUNDLER_CHECKSUM_ENTRY_REGEX = /^  bundler \([^)]+\).*\n?$/
+        MIN_BUNDLER_CHECKSUM_VERSION = Gem::Version.new("4.0.11")
         sig do
           params(
@@ -221,9 +225,36 @@ module Dependabot
         sig { params(lockfile_body: String).returns(String) }
         def post_process_lockfile(lockfile_body)
           lockfile_body = reorder_git_dependencies(lockfile_body)
+          lockfile_body = strip_new_bundler_checksum(lockfile_body)
           replace_lockfile_ending(lockfile_body)
         end
+        sig { params(lockfile_body: String).returns(String) }
+        def strip_new_bundler_checksum(lockfile_body)
+          return lockfile_body unless should_strip_bundler_checksum?
+          checksums_section = lockfile_body.match(CHECKSUMS_SECTION)
+          return lockfile_body unless checksums_section
+          entries = T.must(checksums_section[:entries])
+          stripped_entries = entries.lines.reject { |line| line.match?(BUNDLER_CHECKSUM_ENTRY_REGEX) }.join
+          lockfile_body.sub(CHECKSUMS_SECTION, "\\1#{stripped_entries}")
+        end
+        sig { returns(T::Boolean) }
+        def should_strip_bundler_checksum?
+          lockfile_content = T.must(lockfile).content
+          return false unless lockfile_content&.include?("CHECKSUMS\n")
+          return false if lockfile_content.match?(BUNDLER_CHECKSUM_ENTRY_REGEX)
+          bundled_with = lockfile_content.match(BUNDLED_WITH_VERSION_REGEX)&.[](:version)
+          return false unless bundled_with
+          bundled_with_version = Gem::Version.new(bundled_with)
+          bundled_with_version >= Gem::Version.new("4.0.0") && bundled_with_version < MIN_BUNDLER_CHECKSUM_VERSION
+        end
         sig { params(lockfile_body: String).returns(String) }
         def reorder_git_dependencies(lockfile_body)
           new_section = lockfile_body.match(GIT_DEPENDENCIES_SECTION)&.to_s

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-bundler
 version: !ruby/object:Gem::Version
-  version: 0.379.0
+  version: 0.380.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.379.0
+        version: 0.380.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.379.0
+        version: 0.380.0
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -324,7 +324,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.379.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
 rdoc_options: []
 require_paths:
 - lib