Describe the problem as clearly as you can
Bundler::LockfileParser#initialize will happily parse a non-Gemfile.lock file, instead of raising an exception.
This causes downstream issues with bundler-audit when using the --gemfile-lock FILE option. While bundler-audit could check if the filename is Gemfile.lock or ends with the .lock extension, this is not sufficient as there is no way to validate the contents of the given file.
Did you try upgrading rubygems & bundler?
Yes. Currently running the latest stable version of Bundler.
Bundler::VERSION
# => "2.7.1"
Post steps to reproduce the problem
require 'bundler'
Bundler::LockfileParser.new(File.read('Gemfile')) # even README.md will be acceptedWhat happened instead?
#<Bundler::LockfileParser:0x00007f2d504899d0
@dependencies={},
@lockfile_path="Gemfile.lock",
@most_specific_locked_platform=nil,
@parse_method=nil,
@platforms=[],
@pos=
#<Bundler::LockfileParser::Position:0x00007f2d4befc5e8 @column=1, @line=294>,
@sources=[],
@specs=[],
@strict=false>
What did you expect?
An exception to be raised indicating that the given file is not a Gemfile.lock formatted file.
Describe the problem as clearly as you can
Bundler::LockfileParser#initializewill happily parse a non-Gemfile.lockfile, instead of raising an exception.This causes downstream issues with bundler-audit when using the
--gemfile-lock FILEoption. Whilebundler-auditcould check if the filename isGemfile.lockor ends with the.lockextension, this is not sufficient as there is no way to validate the contents of the given file.Did you try upgrading rubygems & bundler?
Yes. Currently running the latest stable version of Bundler.
Post steps to reproduce the problem
What happened instead?
What did you expect?
An exception to be raised indicating that the given file is not a
Gemfile.lockformatted file.