Merge branch 'main' into httparty-0.22.0-updater

.rubocop.yml

@@ -231,6 +231,8 @@ Performance/UnfreezeString:
   Enabled: true
 Performance/UriDefaultParser:
   Enabled: true
+RSpec/IndexedLet:
+  Enabled: false
 Style/AccessorGrouping:
   EnforcedStyle: 'separated'
 Style/ArgumentsForwarding:

.rubocop_todo.yml

@@ -22,14 +22,6 @@ RSpec/AnyInstance:
     - 'updater/spec/dependabot/dependency_change_builder_spec.rb'
     - 'updater/spec/dependabot/file_fetcher_command_spec.rb'
 
-# Offense count: 7
-RSpec/BeforeAfterAll:
-  Exclude:
-    - 'nuget/spec/dependabot/nuget/update_checker/dependency_finder_spec.rb'
-    - 'pub/spec/dependabot/pub/file_updater_spec.rb'
-    - 'pub/spec/dependabot/pub/infer_sdk_versions_spec.rb'
-    - 'pub/spec/dependabot/pub/update_checker_spec.rb'
-
 # Offense count: 1286
 # Configuration parameters: CountAsOne.
 RSpec/ExampleLength:
@@ -51,25 +43,6 @@ RSpec/FilePath:
     - 'nuget/spec/dependabot/nuget/update_checker/repository_finder_spec.rb'
     - 'nuget/spec/dependabot/nuget/update_checker/tfm_finder_spec.rb'
 
-# Offense count: 70
-# Configuration parameters: Max, AllowedIdentifiers, AllowedPatterns.
-RSpec/IndexedLet:
-  Exclude:
-    - 'bundler/spec/dependabot/bundler/helper_spec.rb'
-    - 'cargo/spec/dependabot/cargo/file_parser_spec.rb'
-    - 'common/spec/dependabot/dependency_file_spec.rb'
-    - 'common/spec/dependabot/dependency_group_spec.rb'
-    - 'common/spec/dependabot/dependency_spec.rb'
-    - 'common/spec/dependabot/pull_request_creator/message_builder_spec.rb'
-    - 'github_actions/spec/dependabot/github_actions/update_checker_spec.rb'
-    - 'hex/spec/dependabot/hex/file_parser_spec.rb'
-    - 'hex/spec/dependabot/hex/file_updater/lockfile_updater_spec.rb'
-    - 'hex/spec/dependabot/hex/file_updater_spec.rb'
-    - 'hex/spec/dependabot/hex/update_checker_spec.rb'
-    - 'npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker_spec.rb'
-    - 'python/spec/dependabot/python/file_updater/pip_compile_file_updater_spec.rb'
-    - 'python/spec/dependabot/python/update_checker/latest_version_finder_spec.rb'
-
 # Offense count: 29
 # Configuration parameters: AssignmentOnly.
 RSpec/InstanceVariable:
@@ -113,11 +86,6 @@ RSpec/MessageChain:
 RSpec/MessageSpies:
   Enabled: false
 
-# Offense count: 1
-RSpec/MultipleDescribes:
-  Exclude:
-    - 'common/spec/dependabot/errors_spec.rb'
-
 # Offense count: 1380
 RSpec/MultipleExpectations:
   Max: 17
@@ -127,12 +95,6 @@ RSpec/MultipleExpectations:
 RSpec/MultipleMemoizedHelpers:
   Max: 30
 
-# Offense count: 500
-# Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
-# SupportedStyles: always, named_only
-RSpec/NamedSubject:
-  Enabled: false
-
 # Offense count: 3871
 # Configuration parameters: AllowedGroups.
 RSpec/NestedGroups:

Dockerfile.updater-core

@@ -110,17 +110,18 @@ RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuge
 
 WORKDIR $DEPENDABOT_HOME/dependabot-updater
 
-ARG RUBYGEMS_VERSION=3.5.11
-RUN gem update --system $RUBYGEMS_VERSION
-
-# When bumping Bundler, need to also:
-# * Regenerate `updater/Gemfile.lock` via `BUNDLE_GEMFILE=updater/Gemfile bundle lock --update --bundler`
+# RubyGems & Bundler should be bumped together following these steps:
+# * Bump RubyGems version below. That will also automatically update the default Bundler version.
+# * Regenerate `updater/Gemfile.lock` via `BUNDLE_GEMFILE=updater/Gemfile bundle lock --update --bundler`.
 # * Regenerate `Gemfile.lock` via `bundle lock --update --bundler`.
-ARG BUNDLER_V2_VERSION=2.5.11
+#
+# Note that RubyGems & Bundler versions are currently released in sync, but
+# RubyGems version is one major ahead. So when bumping to RubyGems 3.y.z, Bundler
+# version will jump to 2.y.z
+ARG RUBYGEMS_VERSION=3.5.14
+RUN gem update --system $RUBYGEMS_VERSION
 
-RUN gem install bundler -v $BUNDLER_V2_VERSION --no-document && \
- rm -rf /var/lib/gems/*/cache/* && \
- bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \
+RUN bundle config set --global build.psych --with-libyaml-source-dir=$DEPENDABOT_HOME/src/libyaml/yaml-$LIBYAML_VERSION && \
  bundle config set --local path 'vendor' && \
  bundle config set --local frozen 'true' && \
  bundle config set --local without 'development' && \

Gemfile.lock

@@ -1,20 +1,20 @@
 PATH
   remote: bundler
   specs:
-    dependabot-bundler (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-bundler (0.262.0)
+      dependabot-common (= 0.262.0)
       parallel (~> 1.24)
 
 PATH
   remote: cargo
   specs:
-    dependabot-cargo (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-cargo (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: common
   specs:
-    dependabot-common (0.261.1)
+    dependabot-common (0.262.0)
       aws-sdk-codecommit (~> 1.28)
       aws-sdk-ecr (~> 1.5)
       bundler (>= 1.16, < 3.0.0)
@@ -37,107 +37,107 @@ PATH
 PATH
   remote: composer
   specs:
-    dependabot-composer (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-composer (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: devcontainers
   specs:
-    dependabot-devcontainers (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-devcontainers (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: docker
   specs:
-    dependabot-docker (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-docker (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: elm
   specs:
-    dependabot-elm (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-elm (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: git_submodules
   specs:
-    dependabot-git_submodules (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-git_submodules (0.262.0)
+      dependabot-common (= 0.262.0)
       parseconfig (~> 1.0, < 1.1.0)
 
 PATH
   remote: github_actions
   specs:
-    dependabot-github_actions (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-github_actions (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: go_modules
   specs:
-    dependabot-go_modules (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-go_modules (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: gradle
   specs:
-    dependabot-gradle (0.261.1)
-      dependabot-common (= 0.261.1)
-      dependabot-maven (= 0.261.1)
+    dependabot-gradle (0.262.0)
+      dependabot-common (= 0.262.0)
+      dependabot-maven (= 0.262.0)
 
 PATH
   remote: hex
   specs:
-    dependabot-hex (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-hex (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: maven
   specs:
-    dependabot-maven (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-maven (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: npm_and_yarn
   specs:
-    dependabot-npm_and_yarn (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-npm_and_yarn (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: nuget
   specs:
-    dependabot-nuget (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-nuget (0.262.0)
+      dependabot-common (= 0.262.0)
       rubyzip (>= 2.3.2, < 3.0)
 
 PATH
   remote: pub
   specs:
-    dependabot-pub (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-pub (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: python
   specs:
-    dependabot-python (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-python (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: silent
   specs:
-    dependabot-silent (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-silent (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: swift
   specs:
-    dependabot-swift (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-swift (0.262.0)
+      dependabot-common (= 0.262.0)
 
 PATH
   remote: terraform
   specs:
-    dependabot-terraform (0.261.1)
-      dependabot-common (= 0.261.1)
+    dependabot-terraform (0.262.0)
+      dependabot-common (= 0.262.0)
 
 GEM
   remote: https://rubygems.org/
@@ -417,4 +417,4 @@ DEPENDENCIES
   webrick (>= 1.7)
 
 BUNDLED WITH
-   2.5.11
+   2.5.14

bundler/lib/dependabot/bundler/file_fetcher/child_gemfile_finder.rb

@@ -1,43 +1,50 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "pathname"
 require "parser/current"
 require "dependabot/bundler/file_fetcher"
 require "dependabot/errors"
+require "sorbet-runtime"
 
 module Dependabot
   module Bundler
     class FileFetcher
       # Finds the paths of any Gemfiles declared using `eval_gemfile` in the
       # passed Gemfile.
       class ChildGemfileFinder
+        extend T::Sig
+
+        sig { params(gemfile: Dependabot::DependencyFile).void }
         def initialize(gemfile:)
           @gemfile = gemfile
         end
 
+        sig { returns(T::Array[String]) }
         def child_gemfile_paths
-          ast = Parser::CurrentRuby.parse(gemfile.content)
+          ast = Parser::CurrentRuby.parse(gemfile&.content)
           find_child_gemfile_paths(ast)
         rescue Parser::SyntaxError
-          raise Dependabot::DependencyFileNotParseable, gemfile.path
+          raise Dependabot::DependencyFileNotParseable, T.must(gemfile&.path)
         end
 
         private
 
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         attr_reader :gemfile
 
+        sig { params(node: T.untyped).returns(T::Array[String]) }
         def find_child_gemfile_paths(node)
           return [] unless node.is_a?(Parser::AST::Node)
 
           if declares_eval_gemfile?(node)
             path_node = node.children[2]
             unless path_node.type == :str
-              path = gemfile.path
+              path = gemfile&.path
               msg = "Dependabot only supports uninterpolated string arguments " \
                     "to eval_gemfile. Got " \
                     "`#{path_node.loc.expression.source}`"
-              raise Dependabot::DependencyFileNotParseable.new(path, msg)
+              raise Dependabot::DependencyFileNotParseable.new(T.must(path), msg)
             end
 
             path = path_node.loc.expression.source.gsub(/['"]/, "")
@@ -50,12 +57,14 @@ def find_child_gemfile_paths(node)
           end
         end
 
+        sig { returns(T.nilable(String)) }
         def current_dir
-          @current_dir ||= gemfile.name.rpartition("/").first
+          @current_dir ||= T.let(gemfile&.name&.rpartition("/")&.first, T.nilable(String))
           @current_dir = nil if @current_dir == ""
           @current_dir
         end
 
+        sig { params(node: Parser::AST::Node).returns(T::Boolean) }
         def declares_eval_gemfile?(node)
           return false unless node.is_a?(Parser::AST::Node)