RubyGems - dependabot-core - Versions diffs - 0.76.1 - Mend

dependabot-core 0.76.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +6408 -0
data/LICENSE +37 -0
data/README.md +115 -0
data/helpers/elixir/bin/check_update.exs +92 -0
data/helpers/elixir/bin/do_update.exs +39 -0
data/helpers/elixir/bin/parse_deps.exs +103 -0
data/helpers/elixir/bin/run.exs +76 -0
data/helpers/elixir/mix.exs +21 -0
data/helpers/elixir/mix.lock +3 -0
data/helpers/go/Makefile +9 -0
data/helpers/go/go.mod +9 -0
data/helpers/go/go.sum +5 -0
data/helpers/go/importresolver/main.go +34 -0
data/helpers/go/main.go +77 -0
data/helpers/go/updatechecker/main.go +107 -0
data/helpers/go/updater/go.mod +3 -0
data/helpers/go/updater/go.sum +2 -0
data/helpers/go/updater/helpers.go +57 -0
data/helpers/go/updater/main.go +48 -0
data/helpers/npm/.agignore +1 -0
data/helpers/npm/.envrc +2 -0
data/helpers/npm/.eslintrc +14 -0
data/helpers/npm/.nvimrc +7 -0
data/helpers/npm/bin/run.js +34 -0
data/helpers/npm/lib/helpers.js +25 -0
data/helpers/npm/lib/peer-dependency-checker.js +102 -0
data/helpers/npm/lib/subdependency-updater.js +48 -0
data/helpers/npm/lib/updater.js +95 -0
data/helpers/npm/package.json +17 -0
data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
data/helpers/npm/test/helpers.js +7 -0
data/helpers/npm/test/updater.test.js +50 -0
data/helpers/npm/yarn.lock +6120 -0
data/helpers/php/.php_cs +34 -0
data/helpers/php/bin/run.php +57 -0
data/helpers/php/composer.json +14 -0
data/helpers/php/composer.lock +1521 -0
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +4 -0
data/helpers/php/src/DependabotInstallationManager.php +61 -0
data/helpers/php/src/DependabotPluginManager.php +23 -0
data/helpers/php/src/ExceptionIO.php +25 -0
data/helpers/php/src/Hasher.php +21 -0
data/helpers/php/src/UpdateChecker.php +123 -0
data/helpers/php/src/Updater.php +97 -0
data/helpers/python/lib/__init__.py +0 -0
data/helpers/python/lib/hasher.py +23 -0
data/helpers/python/lib/parser.py +130 -0
data/helpers/python/requirements.txt +9 -0
data/helpers/python/run.py +18 -0
data/helpers/test/run.rb +15 -0
data/helpers/utils/git-credential-store-immutable +10 -0
data/helpers/yarn/.agignore +1 -0
data/helpers/yarn/.envrc +2 -0
data/helpers/yarn/.eslintrc +14 -0
data/helpers/yarn/.nvimrc +7 -0
data/helpers/yarn/bin/run.js +36 -0
data/helpers/yarn/lib/fix-duplicates.js +53 -0
data/helpers/yarn/lib/helpers.js +5 -0
data/helpers/yarn/lib/lockfile-parser.js +21 -0
data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
data/helpers/yarn/lib/subdependency-updater.js +69 -0
data/helpers/yarn/lib/updater.js +254 -0
data/helpers/yarn/package.json +17 -0
data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
data/helpers/yarn/test/helpers.js +7 -0
data/helpers/yarn/test/updater.test.js +93 -0
data/helpers/yarn/yarn.lock +4912 -0
data/lib/bundler_definition_bundler_version_patch.rb +15 -0
data/lib/bundler_definition_ruby_version_patch.rb +14 -0
data/lib/bundler_git_source_patch.rb +27 -0
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +101 -0
data/lib/dependabot/clients/github_with_retries.rb +117 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +118 -0
data/lib/dependabot/dependency_file.rb +54 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +48 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +302 -0
data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
data/lib/dependabot/file_parsers.rb +48 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
data/lib/dependabot/file_parsers/go/dep.rb +163 -0
data/lib/dependabot/file_parsers/go/modules.rb +34 -0
data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
data/lib/dependabot/file_parsers/java/maven.rb +252 -0
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
data/lib/dependabot/file_parsers/php/composer.rb +177 -0
data/lib/dependabot/file_parsers/python/pip.rb +223 -0
data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
data/lib/dependabot/file_updaters.rb +48 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
data/lib/dependabot/file_updaters/go/dep.rb +77 -0
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
data/lib/dependabot/file_updaters/go/modules.rb +71 -0
data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
data/lib/dependabot/file_updaters/java/maven.rb +155 -0
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
data/lib/dependabot/file_updaters/php/composer.rb +78 -0
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
data/lib/dependabot/file_updaters/python/pip.rb +147 -0
data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +46 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
data/lib/dependabot/pull_request_creator.rb +151 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +233 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +151 -0
data/lib/dependabot/shared_helpers.rb +201 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +48 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
data/lib/dependabot/update_checkers/go/dep.rb +311 -0
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
data/lib/dependabot/update_checkers/go/modules.rb +112 -0
data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
data/lib/dependabot/update_checkers/java/maven.rb +159 -0
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
data/lib/dependabot/update_checkers/php/composer.rb +165 -0
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
data/lib/dependabot/update_checkers/python/pip.rb +227 -0
data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
data/lib/dependabot/utils.rb +84 -0
data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
data/lib/dependabot/utils/dotnet/version.rb +22 -0
data/lib/dependabot/utils/elixir/requirement.rb +53 -0
data/lib/dependabot/utils/elixir/version.rb +59 -0
data/lib/dependabot/utils/elm/requirement.rb +92 -0
data/lib/dependabot/utils/elm/version.rb +19 -0
data/lib/dependabot/utils/go/path_converter.rb +74 -0
data/lib/dependabot/utils/go/requirement.rb +152 -0
data/lib/dependabot/utils/go/shared_helper.rb +20 -0
data/lib/dependabot/utils/go/version.rb +40 -0
data/lib/dependabot/utils/java/requirement.rb +110 -0
data/lib/dependabot/utils/java/version.rb +179 -0
data/lib/dependabot/utils/java_script/requirement.rb +117 -0
data/lib/dependabot/utils/java_script/version.rb +30 -0
data/lib/dependabot/utils/php/requirement.rb +97 -0
data/lib/dependabot/utils/php/version.rb +22 -0
data/lib/dependabot/utils/python/requirement.rb +130 -0
data/lib/dependabot/utils/python/version.rb +88 -0
data/lib/dependabot/utils/ruby/requirement.rb +26 -0
data/lib/dependabot/utils/rust/requirement.rb +108 -0
data/lib/dependabot/utils/rust/version.rb +32 -0
data/lib/dependabot/version.rb +5 -0
data/lib/python_requirement_parser.rb +33 -0
data/lib/python_versions.rb +21 -0
metadata +641 -0

data/LICENSE ADDED Viewed

@@ -0,0 +1,37 @@
+The Prosperity Public License 1.0.1
+Copyright Notice: {Licensor Name}
+Source Notice: {https://example.com/project}
+This license lets you use and share this software for free,
+with a trial-length time limit on commercial use. Specifically:
+If you follow the rules below, you may do everything with this
+software that would otherwise infringe my copyright in it or any
+patent claim I can license that covers this software as of my
+latest contribution.
+1. You must limit use of this software in any manner primarily
+   intended for or directed toward commercial advantage or
+   private monetary compensation to a trial period of 32
+   consecutive calendar days. This limit does not apply to use in
+   developing feedback, modifications, or extensions that you
+   contribute back to those giving this license.
+2. Ensure everyone who gets a copy of this software from you,
+   in source code or any other form, gets the text of this
+   license and the copyright and source notices above.
+3. Do not make any legal claim against anyone for infringing
+   any patent claim they would infringe by using this software
+   alone, accusing this software, with or without changes,
+   alone or as part of a larger program.
+You are excused for unknowingly breaking rule 1 if you stop
+doing anything requiring this license within 30 days of
+learning you broke the rule.
+**This software comes as is, without any warranty at all. As far
+as the law allows, I will not be liable for any damages related
+to this software or this license, for any kind of legal claim.**

data/README.md ADDED Viewed

@@ -0,0 +1,115 @@
+<p align="center">
+  <img src="https://s3.eu-west-2.amazonaws.com/dependabot-images/logo-with-name-horizontal.svg" alt="Dependabot" width="300">
+</p>
+# Dependabot Core [![Dependabot Status][dependabot-status]][dependabot]
+Dependabot Core is the heart of [Dependabot][dependabot]. It handles the logic
+for updating dependencies on GitHub (including GitHub Enterprise) and GitLab. We
+plan to add support for Bitbucket in future, too.
+If you want to host your own automated dependency update bot then this repo
+should give you the tools you need. A reference implementation is available
+[here][dependabot-script].
+## What's in this repo?
+Dependabot Core is a collection of helper classes for automating dependency
+updating in Ruby, JavaScript, Python, PHP, Elixir, Elm, Go, Rust, Java and
+.NET. It can also update git submodules, Docker files and Terraform files.
+Highlights include:
+- Logic to check for the latest version of a dependency *that's resolvable given
+  a project's other dependencies*
+- Logic to generate updated manifest and lockfiles for a new dependency version
+- Logic to find changelogs, release notes, and commits for a dependency update
+## Other Dependabot resources
+In addition to this library, you may be interested in:
+- The [dependabot-script][dependabot-script] repo, which provides a collection
+  of scripts that use this library to update dependencies on GitHub Enterprise
+  or GitLab
+- The [API docs][api-docs] for Dependabot's hosted instance (dependabot.com)
+## Setup
+To run all of Dependabot Core, you'll need Ruby, Python, PHP, Elixir, Node, Go,
+Elm and Rust installed. However, if you just wish to run it for a single
+language you can get away with just having that language and Ruby.
+The main library is written in Ruby, while JavaScript, Python, PHP, Elm,
+Elixir, Go and Rust are required for dealing with updates for their respective
+languages.
+Before running Dependabot Core, install dependencies for the core library and
+the helpers:
+1. `bundle install`
+2. `cd helpers/yarn && yarn install && cd -`
+3. `cd helpers/npm && yarn install && cd -`
+4. `cd helpers/php && composer install && cd -`
+5. `cd helpers/python && pyenv exec pip install -r requirements.txt && cd -`
+6. `cd helpers/elixir && mix deps.get && cd -`
+## Architecture
+Dependabot Core has helper classes for seven concerns. Where relevant, each
+concern will have a language-specific class.
+| Service                          | Description                                                                                   |
+|----------------------------------|-----------------------------------------------------------------------------------------------|
+| `Dependabot::FileFetchers`       | Fetches the relevant dependency files for a project (e.g., the `Gemfile` and `Gemfile.lock`). See the [file fetchers](https://github.com/dependabot/dependabot-core/tree/master/lib/dependabot/file_fetchers) for more details. |
+| `Dependabot::FileParsers`        | Parses a dependency file and extracts a list of dependencies for a project. See the [file parsers](https://github.com/dependabot/dependabot-core/tree/master/lib/dependabot/file_parsers) for more details. |
+| `Dependabot::UpdateCheckers`     | Checks whether a given dependency is up-to-date. See the [update checkers](https://github.com/dependabot/dependabot-core/tree/master/lib/dependabot/update_checkers) for more details. |
+| `Dependabot::FileUpdaters`       | Updates a dependency file to use the latest version of a given dependency. See the [file updaters](https://github.com/dependabot/dependabot-core/tree/master/lib/dependabot/file_updaters) for more details. |
+| `Dependabot::MetadataFinders`    | Looks up metadata about a dependency, such as its GitHub URL. See the [metadata finders](https://github.com/dependabot/dependabot-core/tree/master/lib/dependabot/metadata_finders) for more details. |
+| `Dependabot::PullRequestCreator` | Creates a Pull Request to the original repo with the updated dependency file.                 |
+| `Dependabot::PullRequestUpdater` | Updates an existing Pull Request with new dependency files (e.g., to resolve conflicts).      |
+## Why is this public?
+As the name suggests, Dependabot Core is the core of Dependabot (the rest of the
+app is pretty much just a UI and database). If we were paranoid about someone
+stealing our business then we'd be keeping it under lock and key.
+Dependabot Core is public because we're more interested in it having an
+impact than we are in making a buck from it. We'd love you to use
+[Dependabot][dependabot], so that we can continue to develop it, but if you want
+to build and host your own version then this library should make doing so a
+*lot* easier.
+If you use Dependabot Core then we'd love to hear what you build!
+## License
+We use the License Zero Prosperity Public License, which essentially enshrines
+the following:
+- If you would like to use Dependabot Core for non-commerical purposes, such as
+  to host a bot at your workplace, then we give you full permission to do so. In
+  fact, we'd love you to, and will help and support you however we can.
+- If you would like to add Dependabot's functionality to your for-profit
+  company's offering then we DO NOT give you permission to use Dependabot Core
+  to do so. Please contact us directly to discuss a partnership or licensing
+  arrangement.
+If you make a significant contribution to Dependabot Core then you will be asked
+to transfer the IP of that contribution to Dependabot Ltd so that it can be
+licensed in the same way as the above.
+## History
+Dependabot and Dependabot Core started life as [Bump][bump] and
+[Bump Core][bump-core], back when Harry and Grey were working at
+[GoCardless][gocardless]. We remain grateful for the help and support of
+GoCardless in helping make Dependabot possible - if you need to collect
+recurring payments from Europe, check them out.
+[dependabot]: https://dependabot.com
+[dependabot-status]: https://api.dependabot.com/badges/status?host=github&identifier=93163073
+[dependabot-script]: https://github.com/dependabot/dependabot-script
+[api-docs]: https://github.com/dependabot/api-docs
+[bump]: https://github.com/gocardless/bump
+[bump-core]: https://github.com/gocardless/bump-core
+[gocardless]: https://gocardless.com

data/helpers/elixir/bin/check_update.exs ADDED Viewed

@@ -0,0 +1,92 @@
+defmodule UpdateChecker do
+  def run(dependency_name, credentials) do
+    set_credentials(credentials)
+    # Update the lockfile in a session that we can time out
+    task = Task.async(fn -> do_resolution(dependency_name) end)
+    case Task.yield(task, 30000) || Task.shutdown(task) do
+      {:ok, {:ok, :resolution_successful}} ->
+        # Read the new lock
+        {updated_lock, _updated_rest_lock} =
+          Map.split(Mix.Dep.Lock.read(), [String.to_atom(dependency_name)])
+        # Get the new dependency version
+        version =
+          updated_lock
+          |> Map.get(String.to_atom(dependency_name))
+          |> elem(2)
+        {:ok, version}
+      {:ok, {:error, error}} -> {:error, error}
+      nil -> {:error, :dependency_resolution_timed_out}
+      {:exit, reason} -> {:error, reason}
+    end
+  end
+  defp set_credentials(credentials) do
+    credentials
+    |> Enum.reduce([], fn cred, acc ->
+      if List.last(acc) == nil || List.last(acc)[:token] do
+        List.insert_at(acc, -1, %{organization: cred})
+      else
+        {item, acc} = List.pop_at(acc, -1)
+        item = Map.put(item, :token, cred)
+        List.insert_at(acc, -1, item)
+      end
+    end)
+    |> Enum.each(fn cred ->
+      hexpm = Hex.Repo.get_repo("hexpm")
+      repo = %{
+        url: hexpm.url <> "/repos/#{cred.organization}",
+        public_key: nil,
+        auth_key: cred.token
+      }
+      Hex.Config.read()
+      |> Hex.Config.read_repos()
+      |> Map.put("hexpm:#{cred.organization}", repo)
+      |> Hex.Config.update_repos()
+    end)
+  end
+  defp do_resolution(dependency_name) do
+    # Fetch dependencies that needs updating
+    {dependency_lock, rest_lock} =
+      Map.split(Mix.Dep.Lock.read(), [String.to_atom(dependency_name)])
+    try do
+      Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+      {:ok, :resolution_successful}
+    rescue
+      error -> {:error, error}
+    end
+  end
+end
+[dependency_name | credentials] = System.argv()
+case UpdateChecker.run(dependency_name, credentials) do
+  {:ok, version} ->
+    version = :erlang.term_to_binary({:ok, version})
+    IO.write(:stdio, version)
+  {:error, %Hex.Version.InvalidRequirementError{} = error}  ->
+    result = :erlang.term_to_binary({:error, "Invalid requirement: #{error.requirement}"})
+    IO.write(:stdio, result)
+  {:error, %Mix.Error{} = error} ->
+    result = :erlang.term_to_binary({:error, "Dependency resolution failed: #{error.message}"})
+    IO.write(:stdio, result)
+  {:error, :dependency_resolution_timed_out} ->
+    # We do nothing here because Hex is already printing out a message in stdout
+    nil
+  {:error, error} ->
+    result = :erlang.term_to_binary({:error, "Unknown error in check_update: #{inspect(error)}"})
+    IO.write(:stdio, result)
+end

data/helpers/elixir/bin/do_update.exs ADDED Viewed

@@ -0,0 +1,39 @@
+[dependency_name | credentials] = System.argv()
+grouped_creds = Enum.reduce credentials, [], fn cred, acc ->
+  if List.last(acc) == nil || List.last(acc)[:token] do
+    List.insert_at(acc, -1, %{ organization: cred })
+  else
+    { item, acc } = List.pop_at(acc, -1)
+    item = Map.put(item, :token, cred)
+    List.insert_at(acc, -1, item)
+  end
+end
+Enum.each grouped_creds, fn cred ->
+  hexpm = Hex.Repo.get_repo("hexpm")
+  repo = %{
+    url: hexpm.url <> "/repos/#{cred.organization}",
+    public_key: nil,
+    auth_key: cred.token
+  }
+  Hex.Config.read()
+  |> Hex.Config.read_repos()
+  |> Map.put("hexpm:#{cred.organization}", repo)
+  |> Hex.Config.update_repos()
+end
+# dependency atom
+dependency = String.to_atom(dependency_name)
+# Fetch dependencies that needs updating
+{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
+Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+lockfile_content =
+  "mix.lock"
+  |> File.read()
+  |> :erlang.term_to_binary()
+IO.write(:stdio, lockfile_content)

data/helpers/elixir/bin/parse_deps.exs ADDED Viewed

@@ -0,0 +1,103 @@
+defmodule Parser do
+  def run do
+    Mix.Dep.load_on_environment([])
+    |> Enum.flat_map(&parse_dep/1)
+    |> Enum.map(&build_dependency(&1.opts[:lock], &1))
+  end
+  defp build_dependency(nil, dep) do
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      groups: [],
+      requirement: normalise_requirement(dep.requirement),
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+  defp build_dependency(lock, dep) do
+    {version, checksum, source} = parse_lock(lock)
+    groups = parse_groups(dep.opts[:only])
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      version: version,
+      groups: groups,
+      checksum: checksum,
+      requirement: normalise_requirement(dep.requirement),
+      source: source,
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+  defp parse_groups(nil), do: []
+  defp parse_groups(only) when is_list(only), do: only
+  defp parse_groups(only), do: [only]
+  # path dependency
+  defp parse_dep(%{scm: Mix.SCM.Path, opts: opts} = dep) do
+    cond do
+      # umbrella dependency - ignore
+      opts[:in_umbrella] ->
+        []
+      # umbrella application
+      opts[:from_umbrella] ->
+        Enum.reject(dep.deps, fn dep -> dep.opts[:in_umbrella] end)
+      true ->
+        []
+    end
+  end
+  # hex, git dependency
+  defp parse_dep(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
+  # unsupported
+  defp parse_dep(_dep), do: []
+  defp umbrella_top_level_dep?(dep) do
+    if Mix.Project.umbrella?() do
+      apps_paths = Path.expand(Mix.Project.config()[:apps_path], File.cwd!())
+      String.contains?(Path.dirname(Path.dirname(dep.from)), apps_paths)
+    else
+      false
+    end
+  end
+  defp parse_lock({:git, repo_url, checksum, opts}),
+    do: {nil, checksum, git_source(repo_url, opts)}
+  defp parse_lock({:hex, _app, version, checksum, _managers, _dependencies, _source}),
+    do: {version, checksum, nil}
+  defp parse_lock({:hex, _app, version, checksum, _managers, _dependencies}),
+    do: {version, checksum, nil}
+  defp normalise_requirement(req) do
+    req
+    |> maybe_regex_to_str()
+    |> empty_str_to_nil()
+  end
+  defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
+  defp empty_str_to_nil(""), do: nil
+  defp empty_str_to_nil(s), do: s
+  def git_source(repo_url, opts) do
+    ref = opts[:ref] || opts[:tag]
+    ref = if is_list(ref), do: to_string(ref), else: ref
+    %{
+      type: "git",
+      url: repo_url,
+      branch: opts[:branch] || "master",
+      ref: ref
+    }
+  end
+end
+dependencies = :erlang.term_to_binary({:ok, Parser.run()})
+IO.write(:stdio, dependencies)

data/helpers/elixir/bin/run.exs ADDED Viewed

@@ -0,0 +1,76 @@
+defmodule DependencyHelper do
+  def main() do
+    IO.read(:stdio, :all)
+    |> Jason.decode!()
+    |> run()
+    |> case do
+      {output, 0} ->
+        if output =~ "No authenticated organization found" do
+          {:error, output}
+        else
+          {:ok, :erlang.binary_to_term(output)}
+        end
+      {error, 1} -> {:error, error}
+    end
+    |> handle_result()
+  end
+  defp handle_result({:ok, {:ok, result}}) do
+    encode_and_write(%{"result" => result})
+  end
+  defp handle_result({:ok, {:error, reason}}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+  defp handle_result({:error, reason}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+  defp encode_and_write(content) do
+    content
+    |> Jason.encode!()
+    |> IO.write()
+  end
+  defp run(%{"function" => "parse", "args" => [dir]}) do
+    run_script("parse_deps.exs", dir)
+  end
+  defp run(%{"function" => "get_latest_resolvable_version", "args" => [dir, dependency_name, credentials]}) do
+    run_script("check_update.exs", dir, [dependency_name] ++ credentials)
+  end
+  defp run(%{"function" => "get_updated_lockfile", "args" => [dir, dependency_name, credentials]}) do
+    run_script("do_update.exs", dir, [dependency_name] ++ credentials)
+  end
+  defp run_script(script, dir, args \\ []) do
+    args = [
+      "run",
+      "--no-deps-check",
+      "--no-start",
+      "--no-compile",
+      "--no-elixir-version-check",
+      script
+    ] ++ args
+    System.cmd(
+      "mix",
+      args,
+      [
+        cd: dir,
+        env: %{
+          "MIX_EXS" => nil,
+          "MIX_LOCK" => nil,
+          "MIX_DEPS" => nil
+        }
+      ]
+    )
+  end
+end
+DependencyHelper.main()