Skip to content

Fix broken bundler updates from sources other than RubyGems or other gem repositories #12698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 25, 2025
Merged

Fix broken bundler updates from sources other than RubyGems or other gem repositories #12698

merged 4 commits into from
Jul 25, 2025

Conversation

Tabby
Copy link
Contributor

@Tabby Tabby commented Jul 23, 2025

What are you trying to accomplish?

Fix #12697 by returning nil in Dependabot::Bundler::Package::PackageDetailsFetcher.get_url_from_dependency when the dependency's source type is either git or other, as both of these types are likely/certain to not have a valid RubyGems URL.

This restores the previous behaviour from before the changes in #12465 without affecting those changes for dependencies from RubyGems or private gem repositories.

Anything you want to highlight for special attention from reviewers?

This seemed like the simplest change that would restore previous functionality without affecting the changes from #12465

How will you know you've accomplished your goal?

We will see our Dependabot updates working again instead of giving errors like the one described in the linked issue

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

Tabby added 3 commits July 23, 2025 14:25
@Tabby
Reproduce issue with spec
42df0c8
@Tabby
Return nil instead of URL if dependency source is 'git' or 'other'
613b7d5
@Tabby
Don't fallback to rubygems.org if source type is git or other
a90ee36 
Previous attempt at this was wrong, as it would still fallback to using
rubygems.org to try and get info. We should be returning an empty
package details object as before dependabot#12465
@Tabby Tabby requested a review from a team as a code owner July 23, 2025 13:48
@github-actions github-actions bot added the L: ruby:bundler RubyGems via bundler label Jul 23, 2025
@markhallen markhallen self-assigned this Jul 24, 2025
@markhallen markhallen moved this to In Progress in Dependabot Jul 24, 2025
markhallen
markhallen approved these changes Jul 25, 2025
View reviewed changes
Copy link
Contributor

@markhallen markhallen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution ❤️

I am testing and deploying this today.

@markhallen markhallen merged commit 53c9df6 into dependabot:main Jul 25, 2025
52 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in Dependabot Jul 25, 2025
markhallen added a commit that referenced this pull request Jul 25, 2025
@markhallen
Fix failing tests after git dependecy fix #12698
f82ad7a
@Tabby Tabby deleted the fix-broken-bundler-updates-non-rubygems branch July 28, 2025 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markhallen markhallen markhallen approved these changes

Assignees

@markhallen markhallen

Labels
L: ruby:bundler RubyGems via bundler
Projects
Dependabot
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependabot fails to update gems using git: source
2 participants
@Tabby @markhallen