Merge pull request #8224 from dependabot/deivid-rodriguez/bundler-2-4-21

Bump Bundler to 2.4.22

Dockerfile.updater-core

@@ -106,10 +106,10 @@ RUN for ecosystem in git_submodules terraform github_actions hex elm docker nuge
 
 WORKDIR $DEPENDABOT_HOME/dependabot-updater
 
-# When bumping Bundler, need to also regenerate `updater/Gemfile.lock` via `bundle update --lock --bundler`
+# When bumping Bundler, need to also regenerate `updater/Gemfile.lock` via `bundle lock --update --bundler`
 # Generally simplest to match the bundler version to the one that comes by default with whatever Ruby version we install.
 # This way other projects that import this library don't have to futz around with installing new / unexpected bundler versions.
-ARG BUNDLER_V2_VERSION=2.4.17
+ARG BUNDLER_V2_VERSION=2.4.22
 
 RUN gem install bundler -v $BUNDLER_V2_VERSION --no-document && \
  rm -rf /var/lib/gems/*/cache/* && \

bundler/helpers/v2/lib/functions/dependency_source.rb

@@ -42,9 +42,8 @@ def private_registry_versions
         .fetchers.flat_map do |fetcher|
           fetcher
             .specs([dependency_name], bundler_source)
-            .search_all(dependency_name)
+            .search_all(dependency_name).map(&:version)
         end
-        .map(&:version)
     end
 
     private

bundler/helpers/v2/lib/functions/version_resolver.rb

@@ -127,7 +127,7 @@ def lockfile
     def fetcher_class(dep)
       return unless dep.source.is_a?(::Bundler::Source::Rubygems)
 
-      dep.source.fetchers.first.fetchers.first.class.to_s
+      dep.source.fetchers.first.send(:fetchers).first.class.to_s
     end
 
     def ruby_version

bundler/helpers/v2/spec/functions/dependency_source_spec.rb

@@ -96,11 +96,11 @@
       end
 
       it "blows up with a useful error" do
-        error_class = Bundler::Fetcher::BadAuthenticationError
+        error_class = Bundler::Fetcher::AuthenticationForbiddenError
         expect { private_registry_versions }
           .to raise_error do |error|
             expect(error).to be_a(error_class)
-            expect(error.message).to include("Bad username or password for")
+            expect(error.message).to include("Access token could not be authenticated for")
           end
       end
     end

bundler/lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb

@@ -24,6 +24,7 @@ module BundlerErrorPatterns
           MISSING_AUTH_REGEX = /bundle config (?:set --global )?(?<source>.*) username:password/
 
           BAD_AUTH_REGEX = /Bad username or password for (?<source>.*)\.$/
+          FORBIDDEN_AUTH_REGEX = /Access token could not be authenticated for (?<source>.*)\.$/
           BAD_CERT_REGEX = /verify the SSL certificate for (?<source>.*)\.$/
           HTTP_ERR_REGEX = /Could not fetch specs from (?<source>.*)$/
         end
@@ -133,6 +134,10 @@ def handle_bundler_errors(error)
             regex = BundlerErrorPatterns::MISSING_AUTH_REGEX
             source = error.message.match(regex)[:source]
             raise Dependabot::PrivateSourceAuthenticationFailure, source
+          when "Bundler::Fetcher::AuthenticationForbiddenError"
+            regex = BundlerErrorPatterns::FORBIDDEN_AUTH_REGEX
+            source = error.message.match(regex)[:source]
+            raise Dependabot::PrivateSourceAuthenticationFailure, source
           when "Bundler::Fetcher::BadAuthenticationError"
             regex = BundlerErrorPatterns::BAD_AUTH_REGEX
             source = error.message.match(regex)[:source]

updater/Gemfile.lock

@@ -381,4 +381,4 @@ DEPENDENCIES
   webmock (~> 3.18)
 
 BUNDLED WITH
-   2.4.17
+   2.4.22