dependabot-core 0.76.1

data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require "nokogiri"
+
+require "dependabot/dependency_file"
+require "dependabot/file_updaters/dotnet/nuget"
+require "dependabot/file_parsers/dotnet/nuget/property_value_finder"
+
+module Dependabot
+  module FileUpdaters
+    module Dotnet
+      class Nuget
+        class PropertyValueUpdater
+          def initialize(dependency_files:)
+            @dependency_files = dependency_files
+          end
+
+          def update_files_for_property_change(property_name:, updated_value:,
+                                               callsite_file:)
+            declaration_details =
+              property_value_finder.
+              property_details(
+                property_name: property_name,
+                callsite_file: callsite_file
+              )
+
+            declaration_file = dependency_files.find do |f|
+              declaration_details.fetch(:file) == f.name
+            end
+            node = declaration_details.fetch(:node)
+
+            updated_content = declaration_file.content.sub(
+              %r{<#{Regexp.quote(node.name)}>
+                 \s*#{Regexp.quote(node.content)}\s*
+                 </#{Regexp.quote(node.name)}>}xm,
+              "<#{node.name}>#{updated_value}</#{node.name}>"
+            )
+
+            files = dependency_files.dup
+            files[files.index(declaration_file)] =
+              update_file(file: declaration_file, content: updated_content)
+            files
+          end
+
+          private
+
+          attr_reader :dependency_files
+
+          def property_value_finder
+            @property_value_finder ||=
+              FileParsers::Dotnet::Nuget::PropertyValueFinder.
+              new(dependency_files: dependency_files)
+          end
+
+          def update_file(file:, content:)
+            updated_file = file.dup
+            updated_file.content = content
+            updated_file
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/base"
+require "dependabot/utils/elixir/version"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex < Base
+        require_relative "hex/mixfile_updater"
+        require_relative "hex/lockfile_updater"
+
+        def self.updated_files_regex
+          [
+            /^mix\.exs$/,
+            /^mix\.lock$/
+          ]
+        end
+
+        def updated_dependency_files
+          updated_files = []
+
+          mixfiles.each do |file|
+            if file_changed?(file)
+              updated_files <<
+                updated_file(file: file, content: updated_mixfile_content(file))
+            end
+          end
+
+          if lockfile
+            updated_files <<
+              updated_file(file: lockfile, content: updated_lockfile_content)
+          end
+
+          updated_files
+        end
+
+        private
+
+        def check_required_files
+          raise "No mix.exs!" unless get_original_file("mix.exs")
+        end
+
+        def updated_mixfile_content(file)
+          MixfileUpdater.new(
+            dependencies: dependencies,
+            mixfile: file
+          ).updated_mixfile_content
+        end
+
+        def updated_lockfile_content
+          @updated_lockfile_content ||=
+            LockfileUpdater.new(
+              dependencies: dependencies,
+              dependency_files: dependency_files,
+              credentials: credentials
+            ).updated_lockfile_content
+        end
+
+        def mixfiles
+          dependency_files.select { |f| f.name.end_with?("mix.exs") }
+        end
+
+        def lockfile
+          @lockfile ||= get_original_file("mix.lock")
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb

@@ -0,0 +1,147 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/elixir/hex"
+require "dependabot/file_updaters/elixir/hex/mixfile_updater"
+require "dependabot/file_updaters/elixir/hex/mixfile_sanitizer"
+require "dependabot/file_updaters/elixir/hex/mixfile_requirement_updater"
+require "dependabot/utils/elixir/version"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex
+        class LockfileUpdater
+          def initialize(dependencies:, dependency_files:, credentials:)
+            @dependencies = dependencies
+            @dependency_files = dependency_files
+            @credentials = credentials
+          end
+
+          def updated_lockfile_content
+            @updated_lockfile_content ||=
+              SharedHelpers.in_a_temporary_directory do
+                write_temporary_dependency_files
+                FileUtils.cp(elixir_helper_do_update_path, "do_update.exs")
+
+                SharedHelpers.with_git_configured(credentials: credentials) do
+                  SharedHelpers.run_helper_subprocess(
+                    env: mix_env,
+                    command: "mix run #{elixir_helper_path}",
+                    function: "get_updated_lockfile",
+                    args: [Dir.pwd, dependency.name, organization_credentials]
+                  )
+                end
+              end
+
+            post_process_lockfile(@updated_lockfile_content)
+          end
+
+          private
+
+          attr_reader :dependencies, :dependency_files, :credentials
+
+          def dependency
+            # For now, we'll only ever be updating a single dep for Elixir
+            dependencies.first
+          end
+
+          def post_process_lockfile(content)
+            return content unless lockfile.content.start_with?("%{\"")
+            return content if content.start_with?("%{\"")
+
+            # Substitute back old file beginning and ending
+            content.sub(/\A%\{\n  "/, "%{\"").sub(/\},\n\}/, "}}")
+          end
+
+          def write_temporary_dependency_files
+            mixfiles.each do |file|
+              path = file.name
+              FileUtils.mkdir_p(Pathname.new(path).dirname)
+              File.write(path, mixfile_content_for_lockfile_generation(file))
+            end
+
+            File.write("mix.lock", lockfile.content)
+
+            dependency_files.select(&:support_file).each do |file|
+              path = file.name
+              FileUtils.mkdir_p(Pathname.new(path).dirname)
+              File.write(path, file.content)
+            end
+          end
+
+          def mixfile_content_for_lockfile_generation(file)
+            content = updated_mixfile_content(file)
+            content = lock_mixfile_dependency_versions(content, file.name)
+            sanitize_mixfile(content)
+          end
+
+          def updated_mixfile_content(file)
+            MixfileUpdater.new(
+              dependencies: dependencies,
+              mixfile: file
+            ).updated_mixfile_content
+          end
+
+          def lock_mixfile_dependency_versions(mixfile_content, filename)
+            dependencies.
+              reduce(mixfile_content.dup) do |content, dep|
+                # Run on the updated mixfile content, so we're updating from the
+                # updated requirements
+                req_details = dep.requirements.find { |r| r[:file] == filename }
+
+                next content unless req_details
+                next content unless Utils::Elixir::Version.correct?(dep.version)
+
+                MixfileRequirementUpdater.new(
+                  dependency_name: dep.name,
+                  mixfile_content: content,
+                  previous_requirement: req_details.fetch(:requirement),
+                  updated_requirement: dep.version,
+                  insert_if_bare: true
+                ).updated_content
+              end
+          end
+
+          def sanitize_mixfile(content)
+            MixfileSanitizer.new(mixfile_content: content).sanitized_content
+          end
+
+          def mix_env
+            {
+              "MIX_EXS" => File.join(project_root, "helpers/elixir/mix.exs"),
+              "MIX_LOCK" => File.join(project_root, "helpers/elixir/mix.lock"),
+              "MIX_DEPS" => File.join(project_root, "helpers/elixir/deps"),
+              "MIX_QUIET" => "1"
+            }
+          end
+
+          def elixir_helper_path
+            File.join(project_root, "helpers/elixir/bin/run.exs")
+          end
+
+          def elixir_helper_do_update_path
+            File.join(project_root, "helpers/elixir/bin/do_update.exs")
+          end
+
+          def project_root
+            File.join(File.dirname(__FILE__), "../../../../..")
+          end
+
+          def mixfiles
+            dependency_files.select { |f| f.name.end_with?("mix.exs") }
+          end
+
+          def lockfile
+            @lockfile ||= dependency_files.find { |f| f.name == "mix.lock" }
+          end
+
+          def organization_credentials
+            credentials.select { |cred| cred["type"] == "hex_organization" }.
+              flat_map { |cred| [cred["organization"], cred["token"]] }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/elixir/hex"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex
+        class MixfileGitPinUpdater
+          def initialize(dependency_name:, mixfile_content:,
+                         previous_pin:, updated_pin:)
+            @dependency_name = dependency_name
+            @mixfile_content = mixfile_content
+            @previous_pin    = previous_pin
+            @updated_pin     = updated_pin
+          end
+
+          def updated_content
+            updated_content = update_pin(mixfile_content)
+
+            if content_should_change? && mixfile_content == updated_content
+              raise "Expected content to change!"
+            end
+
+            updated_content
+          end
+
+          private
+
+          attr_reader :dependency_name, :mixfile_content,
+                      :previous_pin, :updated_pin
+
+          def update_pin(content)
+            requirement_line_regex =
+              /
+                \{\s*:#{Regexp.escape(dependency_name)},[^\}]*
+                (?:ref|tag):\s+["']#{Regexp.escape(previous_pin)}["']
+              /mx
+
+            content.gsub(requirement_line_regex) do |requirement_line|
+              requirement_line.gsub(previous_pin, updated_pin)
+            end
+          end
+
+          def content_should_change?
+            previous_pin == updated_pin
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/elixir/hex"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex
+        class MixfileRequirementUpdater
+          def initialize(dependency_name:, mixfile_content:,
+                         previous_requirement:, updated_requirement:,
+                         insert_if_bare: false)
+            @dependency_name      = dependency_name
+            @mixfile_content      = mixfile_content
+            @previous_requirement = previous_requirement
+            @updated_requirement  = updated_requirement
+            @insert_if_bare       = insert_if_bare
+          end
+
+          def updated_content
+            updated_content = update_requirement(mixfile_content)
+
+            if content_should_change? && mixfile_content == updated_content
+              raise "Expected content to change!"
+            end
+
+            updated_content
+          end
+
+          private
+
+          attr_reader :dependency_name, :mixfile_content,
+                      :previous_requirement, :updated_requirement
+
+          def insert_if_bare?
+            !@insert_if_bare.nil?
+          end
+
+          def update_requirement(content)
+            return content if previous_requirement.nil? && !insert_if_bare?
+
+            requirement_line_regex =
+              if previous_requirement
+                /
+                  :#{Regexp.escape(dependency_name)},.*
+                  #{Regexp.escape(previous_requirement)}
+                /x
+              else
+                /:#{Regexp.escape(dependency_name)}(,|\s|\})/
+              end
+
+            content.gsub(requirement_line_regex) do |requirement_line|
+              if previous_requirement
+                requirement_line.gsub(previous_requirement, updated_requirement)
+              else
+                requirement_line.gsub(
+                  ":#{dependency_name}",
+                  ":#{dependency_name}, \"#{updated_requirement}\""
+                )
+              end
+            end
+          end
+
+          def content_should_change?
+            return false if previous_requirement == updated_requirement
+
+            previous_requirement || insert_if_bare?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/elixir/hex"
+require "dependabot/shared_helpers"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex
+        class MixfileSanitizer
+          def initialize(mixfile_content:)
+            @mixfile_content = mixfile_content
+          end
+
+          def sanitized_content
+            mixfile_content.
+              gsub(/File\.read!\(.*?\)/, '"0.0.1"').
+              gsub(/File\.read\(.*?\)/, '{:ok, "0.0.1"}')
+          end
+
+          private
+
+          attr_reader :mixfile_content
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require "dependabot/file_updaters/elixir/hex"
+require "dependabot/file_updaters/elixir/hex/mixfile_requirement_updater"
+require "dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater"
+
+module Dependabot
+  module FileUpdaters
+    module Elixir
+      class Hex
+        class MixfileUpdater
+          def initialize(mixfile:, dependencies:)
+            @mixfile = mixfile
+            @dependencies = dependencies
+          end
+
+          def updated_mixfile_content
+            dependencies.
+              select { |dep| requirement_changed?(mixfile, dep) }.
+              reduce(mixfile.content.dup) do |content, dep|
+                updated_content = content
+
+                updated_content = update_requirement(
+                  content: updated_content,
+                  filename: mixfile.name,
+                  dependency: dep
+                )
+
+                updated_content = update_git_pin(
+                  content: updated_content,
+                  filename: mixfile.name,
+                  dependency: dep
+                )
+
+                if content == updated_content
+                  raise "Expected content to change!"
+                end
+
+                updated_content
+              end
+          end
+
+          private
+
+          attr_reader :mixfile, :dependencies
+
+          def requirement_changed?(file, dependency)
+            changed_requirements =
+              dependency.requirements - dependency.previous_requirements
+
+            changed_requirements.any? { |f| f[:file] == file.name }
+          end
+
+          def update_requirement(content:, filename:, dependency:)
+            updated_req =
+              dependency.requirements.find { |r| r[:file] == filename }.
+              fetch(:requirement)
+
+            old_req =
+              dependency.previous_requirements.
+              find { |r| r[:file] == filename }.
+              fetch(:requirement)
+
+            return content unless old_req
+
+            MixfileRequirementUpdater.new(
+              dependency_name: dependency.name,
+              mixfile_content: content,
+              previous_requirement: old_req,
+              updated_requirement: updated_req
+            ).updated_content
+          end
+
+          def update_git_pin(content:, filename:, dependency:)
+            updated_pin =
+              dependency.requirements.find { |r| r[:file] == filename }&.
+              dig(:source, :ref)
+
+            old_pin =
+              dependency.previous_requirements.
+              find { |r| r[:file] == filename }&.
+              dig(:source, :ref)
+
+            return content unless old_pin
+            return content if old_pin == updated_pin
+
+            MixfileGitPinUpdater.new(
+              dependency_name: dependency.name,
+              mixfile_content: content,
+              previous_pin: old_pin,
+              updated_pin: updated_pin
+            ).updated_content
+          end
+        end
+      end
+    end
+  end
+end