dependabot · jurre · Mar 17, 2021 · Mar 16, 2021 · feelepxyz · Mar 16, 2021
@@ -23,6 +23,7 @@ def parse
  dependency_set += gemspec_dependencies
  dependency_set += lockfile_dependencies
  check_external_code(dependency_set.dependencies)
+ instrument_package_manager_version
  dependency_set.dependencies
  end
 
@@ -42,6 +43,17 @@ def git_source?(dependencies)
  end
  end
 
+ def instrument_package_manager_version
+ version = Helpers.detected_bundler_version(lockfile)
+ Dependabot.instrument(
+ Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED,
+ ecosystem: "bundler",
+ package_managers: {
+ "bundler" => version
+ }
+ )
+ end
+
  def gemfile_dependencies
  dependencies = DependencySet.new
 

@@ -11,6 +11,13 @@ module Helpers
  def self.bundler_version(_lockfile)
  V1
  end
+
+ def self.detected_bundler_version(lockfile)
+ return "unknown" unless lockfile
+ return V2 if lockfile.content.match?(/BUNDLED WITH\s+2/m)
+
+ V1
+ end
  end
  end
 end
@@ -724,5 +724,18 @@
  end
  end
  end
+
+ it "instruments the package manager version" do
+ events = []
+ Dependabot.subscribe(Dependabot::Notifications::FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED) do |*args|
+ events << ActiveSupport::Notifications::Event.new(*args)
+ end
+
+ parser.parse
+
+ expect(events.last.payload).to eq(
+ { ecosystem: "bundler", package_managers: { "bundler" => "1" } }
+ )
+ end
  end
 end
@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
  spec.required_ruby_version = ">= 2.5.0"
  spec.required_rubygems_version = ">= 2.7.3"
 
+ spec.add_dependency "activesupport", ">= 6.0.0"
  spec.add_dependency "aws-sdk-codecommit", "~> 1.28"
  spec.add_dependency "aws-sdk-ecr", "~> 1.5"
  spec.add_dependency "bundler", ">= 1.16", "< 3.0.0"

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "dependabot/notifications"
+
 module Dependabot
  module FileParsers
  class Base

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require "active_support/notifications"
+
+module Dependabot
+ module Notifications
+ FILE_PARSER_PACKAGE_MANAGER_VERSION_PARSED = "dependabot.file_parser.package_manager_version_parsed"
+ end
+
+ def self.instrument(name, payload = {})
+ ActiveSupport::Notifications.instrument(name, payload)
+ end
+
+ def self.subscribe(pattern = nil, callback = nil, &block)
+ ActiveSupport::Notifications.subscribe(pattern, callback, &block)
+ end
+end