diff --git a/bundler/lib/dependabot/bundler/file_updater/gemfile_updater.rb b/bundler/lib/dependabot/bundler/file_updater/gemfile_updater.rb index 327a94fc374..2a65922807b 100644 --- a/bundler/lib/dependabot/bundler/file_updater/gemfile_updater.rb +++ b/bundler/lib/dependabot/bundler/file_updater/gemfile_updater.rb @@ -29,7 +29,7 @@ def updated_gemfile_content content = remove_gemfile_git_source(dependency, content) if remove_git_source?(dependency) - content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency) + content = update_gemfile_git_pin(dependency, gemfile, content) if update_git_pin?(dependency, gemfile) end content @@ -81,10 +81,10 @@ def remove_git_source?(dependency) new_gemfile_req[:source].nil? end - def update_git_pin?(dependency) + def update_git_pin?(dependency, file) new_gemfile_req = dependency.requirements. - find { |f| GEMFILE_FILENAMES.include?(f[:file]) } + find { |f| f[:file] == file.name } return false unless new_gemfile_req&.dig(:source, :type) == "git" # If the new requirement is a git dependency with a ref then there's diff --git a/bundler/spec/dependabot/bundler/file_updater/gemfile_updater_spec.rb b/bundler/spec/dependabot/bundler/file_updater/gemfile_updater_spec.rb index 7d7c82078cf..72dbbf7f2cf 100644 --- a/bundler/spec/dependabot/bundler/file_updater/gemfile_updater_spec.rb +++ b/bundler/spec/dependabot/bundler/file_updater/gemfile_updater_spec.rb @@ -306,6 +306,20 @@ end it { is_expected.to eq(expected_string) } + + context "but updating an evaled gemfile including a different git sourced dependency" do + let(:gemfile_body) do + %(gem "dependabot-test-other", git: "https://github.com/dependabot-fixtures/dependabot-other") + end + + let(:gemfile) do + Dependabot::DependencyFile.new(content: gemfile_body, name: "Gemfile.included") + end + + it "leaves the evaled gemfile untouched" do + is_expected.to eq(gemfile_body) + end + end end context "that should be removed" do