RubyGems - dependabot-core - Versions diffs - 0.76.1 - Mend

dependabot-core 0.76.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +6408 -0
data/LICENSE +37 -0
data/README.md +115 -0
data/helpers/elixir/bin/check_update.exs +92 -0
data/helpers/elixir/bin/do_update.exs +39 -0
data/helpers/elixir/bin/parse_deps.exs +103 -0
data/helpers/elixir/bin/run.exs +76 -0
data/helpers/elixir/mix.exs +21 -0
data/helpers/elixir/mix.lock +3 -0
data/helpers/go/Makefile +9 -0
data/helpers/go/go.mod +9 -0
data/helpers/go/go.sum +5 -0
data/helpers/go/importresolver/main.go +34 -0
data/helpers/go/main.go +77 -0
data/helpers/go/updatechecker/main.go +107 -0
data/helpers/go/updater/go.mod +3 -0
data/helpers/go/updater/go.sum +2 -0
data/helpers/go/updater/helpers.go +57 -0
data/helpers/go/updater/main.go +48 -0
data/helpers/npm/.agignore +1 -0
data/helpers/npm/.envrc +2 -0
data/helpers/npm/.eslintrc +14 -0
data/helpers/npm/.nvimrc +7 -0
data/helpers/npm/bin/run.js +34 -0
data/helpers/npm/lib/helpers.js +25 -0
data/helpers/npm/lib/peer-dependency-checker.js +102 -0
data/helpers/npm/lib/subdependency-updater.js +48 -0
data/helpers/npm/lib/updater.js +95 -0
data/helpers/npm/package.json +17 -0
data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
data/helpers/npm/test/helpers.js +7 -0
data/helpers/npm/test/updater.test.js +50 -0
data/helpers/npm/yarn.lock +6120 -0
data/helpers/php/.php_cs +34 -0
data/helpers/php/bin/run.php +57 -0
data/helpers/php/composer.json +14 -0
data/helpers/php/composer.lock +1521 -0
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +4 -0
data/helpers/php/src/DependabotInstallationManager.php +61 -0
data/helpers/php/src/DependabotPluginManager.php +23 -0
data/helpers/php/src/ExceptionIO.php +25 -0
data/helpers/php/src/Hasher.php +21 -0
data/helpers/php/src/UpdateChecker.php +123 -0
data/helpers/php/src/Updater.php +97 -0
data/helpers/python/lib/__init__.py +0 -0
data/helpers/python/lib/hasher.py +23 -0
data/helpers/python/lib/parser.py +130 -0
data/helpers/python/requirements.txt +9 -0
data/helpers/python/run.py +18 -0
data/helpers/test/run.rb +15 -0
data/helpers/utils/git-credential-store-immutable +10 -0
data/helpers/yarn/.agignore +1 -0
data/helpers/yarn/.envrc +2 -0
data/helpers/yarn/.eslintrc +14 -0
data/helpers/yarn/.nvimrc +7 -0
data/helpers/yarn/bin/run.js +36 -0
data/helpers/yarn/lib/fix-duplicates.js +53 -0
data/helpers/yarn/lib/helpers.js +5 -0
data/helpers/yarn/lib/lockfile-parser.js +21 -0
data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
data/helpers/yarn/lib/subdependency-updater.js +69 -0
data/helpers/yarn/lib/updater.js +254 -0
data/helpers/yarn/package.json +17 -0
data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
data/helpers/yarn/test/helpers.js +7 -0
data/helpers/yarn/test/updater.test.js +93 -0
data/helpers/yarn/yarn.lock +4912 -0
data/lib/bundler_definition_bundler_version_patch.rb +15 -0
data/lib/bundler_definition_ruby_version_patch.rb +14 -0
data/lib/bundler_git_source_patch.rb +27 -0
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +101 -0
data/lib/dependabot/clients/github_with_retries.rb +117 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +118 -0
data/lib/dependabot/dependency_file.rb +54 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +48 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +302 -0
data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
data/lib/dependabot/file_parsers.rb +48 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
data/lib/dependabot/file_parsers/go/dep.rb +163 -0
data/lib/dependabot/file_parsers/go/modules.rb +34 -0
data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
data/lib/dependabot/file_parsers/java/maven.rb +252 -0
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
data/lib/dependabot/file_parsers/php/composer.rb +177 -0
data/lib/dependabot/file_parsers/python/pip.rb +223 -0
data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
data/lib/dependabot/file_updaters.rb +48 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
data/lib/dependabot/file_updaters/go/dep.rb +77 -0
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
data/lib/dependabot/file_updaters/go/modules.rb +71 -0
data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
data/lib/dependabot/file_updaters/java/maven.rb +155 -0
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
data/lib/dependabot/file_updaters/php/composer.rb +78 -0
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
data/lib/dependabot/file_updaters/python/pip.rb +147 -0
data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +46 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
data/lib/dependabot/pull_request_creator.rb +151 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +233 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +151 -0
data/lib/dependabot/shared_helpers.rb +201 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +48 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
data/lib/dependabot/update_checkers/go/dep.rb +311 -0
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
data/lib/dependabot/update_checkers/go/modules.rb +112 -0
data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
data/lib/dependabot/update_checkers/java/maven.rb +159 -0
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
data/lib/dependabot/update_checkers/php/composer.rb +165 -0
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
data/lib/dependabot/update_checkers/python/pip.rb +227 -0
data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
data/lib/dependabot/utils.rb +84 -0
data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
data/lib/dependabot/utils/dotnet/version.rb +22 -0
data/lib/dependabot/utils/elixir/requirement.rb +53 -0
data/lib/dependabot/utils/elixir/version.rb +59 -0
data/lib/dependabot/utils/elm/requirement.rb +92 -0
data/lib/dependabot/utils/elm/version.rb +19 -0
data/lib/dependabot/utils/go/path_converter.rb +74 -0
data/lib/dependabot/utils/go/requirement.rb +152 -0
data/lib/dependabot/utils/go/shared_helper.rb +20 -0
data/lib/dependabot/utils/go/version.rb +40 -0
data/lib/dependabot/utils/java/requirement.rb +110 -0
data/lib/dependabot/utils/java/version.rb +179 -0
data/lib/dependabot/utils/java_script/requirement.rb +117 -0
data/lib/dependabot/utils/java_script/version.rb +30 -0
data/lib/dependabot/utils/php/requirement.rb +97 -0
data/lib/dependabot/utils/php/version.rb +22 -0
data/lib/dependabot/utils/python/requirement.rb +130 -0
data/lib/dependabot/utils/python/version.rb +88 -0
data/lib/dependabot/utils/ruby/requirement.rb +26 -0
data/lib/dependabot/utils/rust/requirement.rb +108 -0
data/lib/dependabot/utils/rust/version.rb +32 -0
data/lib/dependabot/version.rb +5 -0
data/lib/python_requirement_parser.rb +33 -0
data/lib/python_versions.rb +21 -0
metadata +641 -0

data/helpers/php/composer.phar ADDED Viewed

Binary file

data/helpers/php/setup.sh ADDED Viewed

@@ -0,0 +1,4 @@
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo hash_file('SHA384', 'composer-setup.php'); unlink('composer-setup.php'); } echo PHP_EOL;"
+php composer-setup.php
+php -r "unlink('composer-setup.php');"

data/helpers/php/src/DependabotInstallationManager.php ADDED Viewed

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\DependencyResolver\Operation\InstallOperation;
+use Composer\DependencyResolver\Operation\UninstallOperation;
+use Composer\DependencyResolver\Operation\UpdateOperation;
+use Composer\Installer\InstallationManager;
+use Composer\Package\PackageInterface;
+use Composer\Repository\RepositoryInterface;
+class DependabotInstallationManager extends InstallationManager
+{
+    private $installed = [];
+    private $updated = [];
+    private $uninstalled = [];
+    public function install(RepositoryInterface $repo, InstallOperation $operation): void
+    {
+        parent::install($repo, $operation);
+        $this->installed[] = $operation->getPackage();
+    }
+    public function update(RepositoryInterface $repo, UpdateOperation $operation): void
+    {
+        parent::update($repo, $operation);
+        $this->updated[] = [$operation->getInitialPackage(), $operation->getTargetPackage()];
+    }
+    public function uninstall(RepositoryInterface $repo, UninstallOperation $operation): void
+    {
+        parent::uninstall($repo, $operation);
+        $this->uninstalled[] = $operation->getPackage();
+    }
+    /**
+     * @return PackageInterface[]
+     */
+    public function getInstalledPackages(): array
+    {
+        return $this->installed;
+    }
+    /**
+     * @return PackageInterface[]
+     */
+    public function getUpdatedPackages(): array
+    {
+        return $this->updated;
+    }
+    /**
+     * @return PackageInterface[]
+     */
+    public function getUninstalledPackages(): array
+    {
+        return $this->uninstalled;
+    }
+}

data/helpers/php/src/DependabotPluginManager.php ADDED Viewed

@@ -0,0 +1,23 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\Package\PackageInterface;
+use Composer\Plugin\PluginManager;
+class DependabotPluginManager extends PluginManager
+{
+    public function registerPackage(PackageInterface $package, $failOnMissingClasses = false): void
+    {
+        // This package does some setup for PHP_CodeSniffer, but errors out the
+        // install if Symfony isn't installed (which it won't be for a lockfile
+        // only install run). Safe to ignore
+        if (strpos($package->getName(), 'phpcodesniffer') !== false) {
+            return;
+        }
+        parent::registerPackage($package, $failOnMissingClasses);
+    }
+}

data/helpers/php/src/ExceptionIO.php ADDED Viewed

@@ -0,0 +1,25 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\IO\NullIO;
+class ExceptionIO extends NullIO
+{
+    private $raise_next_error = false;
+    public function writeError($messages, $newline = true, $verbosity = self::NORMAL): void
+    {
+        if (is_array($messages)) {
+            return;
+        }
+        if ($this->raise_next_error) {
+            throw new \RuntimeException('Your requirements could not be resolved to an installable set of packages.' . $messages);
+        }
+        if (strpos($messages, 'Your requirements could not be resolved') !== false) {
+            $this->raise_next_error = true;
+        }
+    }
+}

data/helpers/php/src/Hasher.php ADDED Viewed

@@ -0,0 +1,21 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\Factory;
+class Hasher
+{
+    public static function getContentHash(array $args): ?string
+    {
+        [$workingDirectory] = $args;
+        $io = new ExceptionIO();
+        $composer = Factory::create($io, $workingDirectory . '/composer.json');
+        $locker = $composer->getLocker();
+        return $locker->getContentHash(file_get_contents(Factory::getComposerFile()));
+    }
+}

data/helpers/php/src/UpdateChecker.php ADDED Viewed

@@ -0,0 +1,123 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\Factory;
+use Composer\Installer;
+use Composer\Package\PackageInterface;
+class UpdateChecker
+{
+    public static function getLatestResolvableVersion(array $args): ?string
+    {
+        [$workingDirectory, $dependencyName, $gitCredentials, $registryCredentials] = $args;
+        $io = new ExceptionIO();
+        $composer = Factory::create($io, $workingDirectory . '/composer.json');
+        $config = $composer->getConfig();
+        $httpBasicCredentials = [];
+        foreach ($gitCredentials as &$cred) {
+            $httpBasicCredentials[$cred['host']] = [
+                'username' => $cred['username'],
+                'password' => $cred['password'],
+            ];
+        }
+        foreach ($registryCredentials as &$cred) {
+            $httpBasicCredentials[$cred['registry']] = [
+                'username' => $cred['username'],
+                'password' => $cred['password'],
+            ];
+        }
+        if ($httpBasicCredentials) {
+            $config->merge(
+                [
+                    'config' => [
+                        'http-basic' => $httpBasicCredentials,
+                    ],
+                ]
+            );
+            $io->loadConfiguration($config);
+        }
+        $installationManager = new DependabotInstallationManager();
+        $install = new Installer(
+            $io,
+            $config,
+            $composer->getPackage(),
+            $composer->getDownloadManager(),
+            $composer->getRepositoryManager(),
+            $composer->getLocker(),
+            $installationManager,
+            $composer->getEventDispatcher(),
+            $composer->getAutoloadGenerator()
+        );
+        // For all potential options, see UpdateCommand in composer
+        $install
+            ->setDryRun(true)
+            ->setUpdate(true)
+            ->setDevMode(true)
+            ->setUpdateWhitelist([$dependencyName])
+            ->setWhitelistTransitiveDependencies(true)
+            ->setExecuteOperations(false)
+            ->setDumpAutoloader(false)
+            ->setRunScripts(false);
+        /*
+         * If a platform is set we assume people know what they are doing and we respect the setting.
+         * If no platform is set we ignore it so that the php we run as doesn't interfere
+         */
+        if ($config->get('platform') === []) {
+            $install->setIgnorePlatformRequirements(true);
+        }
+        $install->run();
+        $installedPackages = $installationManager->getInstalledPackages();
+        $updatedPackage = current(array_filter($installedPackages, function (PackageInterface $package) use ($dependencyName) {
+            return $package->getName() == $dependencyName;
+        }));
+        // We found the package in the list of updated packages. Return its version.
+        if ($updatedPackage) {
+            return preg_replace('/^([v])/', '', $updatedPackage->getPrettyVersion());
+        }
+        // We didn't find the package in the list of updated packages. Check if
+        // it was replaced by another package (in which case we can ignore).
+        foreach ($composer->getPackage()->getReplaces() as $link) {
+            if ($link->getTarget() == $dependencyName) {
+                return null;
+            }
+        }
+        foreach ($installedPackages as $package) {
+            foreach ($package->getReplaces() as $link) {
+                if ($link->getTarget() == $dependencyName) {
+                    return null;
+                }
+            }
+        }
+        // Similarly, check if the package was provided by any other package.
+        foreach ($composer->getPackage()->getProvides() as $link) {
+            if ($link->getTarget() == $dependencyName) {
+                return preg_replace('/^([v])/', '', $link->getPrettyConstraint());
+            }
+        }
+        foreach ($installedPackages as $package) {
+            foreach ($package->getProvides() as $link) {
+                if ($link->getTarget() == $dependencyName) {
+                    return preg_replace('/^([v])/', '', $link->getPrettyConstraint());
+                }
+            }
+        }
+        throw new \RuntimeException('Package not found in updated packages!');
+    }
+}

data/helpers/php/src/Updater.php ADDED Viewed

@@ -0,0 +1,97 @@
+<?php
+declare(strict_types=1);
+namespace Dependabot\PHP;
+use Composer\Factory;
+use Composer\Installer;
+class Updater
+{
+    public static function update(array $args): array
+    {
+        [$workingDirectory, $dependencyName, $dependencyVersion, $gitCredentials, $registryCredentials] = $args;
+        // Change working directory to the one provided, this ensures that we
+        // install dependencies into the working dir, rather than a vendor folder
+        // in the root of the project
+        $originalDir = getcwd();
+        chdir($workingDirectory);
+        $io = new ExceptionIO();
+        $composer = Factory::create($io);
+        $config = $composer->getConfig();
+        $httpBasicCredentials = [];
+        $pm = new DependabotPluginManager($io, $composer, null, false);
+        $composer->setPluginManager($pm);
+        $pm->loadInstalledPlugins();
+        foreach ($gitCredentials as &$cred) {
+            $httpBasicCredentials[$cred['host']] = [
+                'username' => $cred['username'],
+                'password' => $cred['password'],
+            ];
+        }
+        foreach ($registryCredentials as &$cred) {
+            $httpBasicCredentials[$cred['registry']] = [
+                'username' => $cred['username'],
+                'password' => $cred['password'],
+            ];
+        }
+        if ($httpBasicCredentials) {
+            $config->merge(
+                [
+                    'config' => [
+                        'http-basic' => $httpBasicCredentials,
+                    ],
+                ]
+            );
+            $io->loadConfiguration($config);
+        }
+        $install = new Installer(
+            $io,
+            $config,
+            $composer->getPackage(),
+            $composer->getDownloadManager(),
+            $composer->getRepositoryManager(),
+            $composer->getLocker(),
+            $composer->getInstallationManager(),
+            $composer->getEventDispatcher(),
+            $composer->getAutoloadGenerator()
+        );
+        // For all potential options, see UpdateCommand in composer
+        $install
+            ->setWriteLock(true)
+            ->setUpdate(true)
+            ->setDevMode(true)
+            ->setUpdateWhitelist([$dependencyName])
+            ->setWhitelistTransitiveDependencies(true)
+            ->setExecuteOperations(false)
+            ->setDumpAutoloader(false)
+            ->setRunScripts(false);
+        /*
+         * If a platform is set we assume people know what they are doing and we respect the setting.
+         * If no platform is set we ignore it so that the php we run as doesn't interfere
+         */
+        if ($config->get('platform') === []) {
+            $install->setIgnorePlatformRequirements(true);
+        }
+        $install->run();
+        $result = [
+            'composer.lock' => file_get_contents('composer.lock'),
+        ];
+        chdir($originalDir);
+        return $result;
+    }
+}

data/helpers/python/lib/__init__.py ADDED Viewed

File without changes

data/helpers/python/lib/hasher.py ADDED Viewed

@@ -0,0 +1,23 @@
+import hashin
+import json
+import pipfile
+from poetry.poetry import Poetry
+def get_dependency_hash(dependency_name, dependency_version, algorithm):
+    hashes = hashin.get_package_hashes(
+        dependency_name,
+        version=dependency_version,
+        algorithm=algorithm
+    )
+    return json.dumps({ "result": hashes["hashes"] })
+def get_pipfile_hash(directory):
+    p = pipfile.load(directory + '/Pipfile')
+    return json.dumps({ "result": p.hash })
+def get_pyproject_hash(directory):
+    p = Poetry.create(directory)
+    return json.dumps({ "result": p.locker._get_content_hash() })

data/helpers/python/lib/parser.py ADDED Viewed

@@ -0,0 +1,130 @@
+from itertools import chain
+import glob
+import io
+import json
+import os.path
+import re
+import setuptools
+import pip._internal.req.req_file
+from pip._internal.download import PipSession
+from pip._internal.req.constructors import install_req_from_line
+def parse_requirements(directory):
+    # Parse the requirements.txt
+    requirement_packages = []
+    requirement_files = glob.glob(os.path.join(directory, '*.txt')) \
+                        + glob.glob(os.path.join(directory, '**', '*.txt'))
+    pip_compile_files = glob.glob(os.path.join(directory, '*.in')) \
+                        + glob.glob(os.path.join(directory, '**', '*.in'))
+    for reqs_file in requirement_files + pip_compile_files:
+        try:
+            requirements = pip._internal.req.req_file.parse_requirements(
+                reqs_file,
+                session=PipSession()
+            )
+            for install_req in requirements:
+                if install_req.original_link:
+                    continue
+                if install_req.is_pinned:
+                    version = next(iter(install_req.specifier)).version
+                else:
+                    version = None
+                pattern = r"-[cr] (.*) \(line \d+\)"
+                abs_path = re.search(pattern, install_req.comes_from).group(1)
+                rel_path = os.path.relpath(abs_path, directory)
+                requirement_packages.append({
+                    "name": install_req.req.name,
+                    "version": version,
+                    "markers": str(install_req.markers) or None,
+                    "file": rel_path,
+                    "requirement": str(install_req.specifier) or None
+                })
+        except Exception as e:
+            print(json.dumps({ "error": repr(e) }))
+            exit(1)
+    return json.dumps({ "result": requirement_packages })
+def parse_setup(directory):
+    # Parse the setup.py
+    setup_packages = []
+    if os.path.isfile(directory + '/setup.py'):
+        def parse_requirement(req, req_type):
+            install_req = install_req_from_line(req)
+            if install_req.original_link:
+                return
+            if install_req.is_pinned:
+                version = next(iter(install_req.specifier)).version
+            else:
+                version = None
+            setup_packages.append({
+                "name": install_req.req.name,
+                "version": version,
+                "markers": str(install_req.markers) or None,
+                "file": "setup.py",
+                "requirement": str(install_req.specifier) or None,
+                "requirement_type": req_type
+            })
+        def setup(*args, **kwargs):
+            for arg in ['setup_requires', 'install_requires', 'tests_require']:
+                if not kwargs.get(arg):
+                    continue
+                for req in kwargs.get(arg):
+                    parse_requirement(req, arg)
+            extras_require_dict = kwargs.get('extras_require', {})
+            for key in extras_require_dict:
+                for req in extras_require_dict[key]:
+                    parse_requirement(req, 'extras_require:{}'.format(key))
+        setuptools.setup = setup
+        def noop(*args, **kwargs):
+            pass
+        def fake_parse(*args, **kwargs):
+            return []
+        global fake_open
+        def fake_open(*args, **kwargs):
+            content = ("VERSION = (0, 0, 1)\n"
+                       "__version__ = '0.0.1'\n"
+                       "__author__ = 'someone'\n"
+                       "__title__ = 'something'\n"
+                       "__description__ = 'something'\n"
+                       "__author_email__ = 'something'\n"
+                       "__license__ = 'something'\n"
+                       "__url__ = 'something'\n")
+            return io.StringIO(content)
+        content = open(directory + '/setup.py', 'r').read()
+        # Remove `print`, `open`, `log` and import statements
+        content = re.sub(r"print\s*\(", "noop(", content)
+        content = re.sub(r"log\s*(\.\w+)*\(", "noop(", content)
+        content = re.sub(r"\b(\w+\.)*(open|file)\s*\(", "fake_open(", content)
+        content = content.replace("parse_requirements(", "fake_parse(")
+        version_re = re.compile(r"^.*import.*__version__.*$", re.MULTILINE)
+        content = re.sub(version_re, "", content)
+        # Set variables likely to be imported
+        __version__ = '0.0.1'
+        __author__ = 'someone'
+        __title__ = 'something'
+        __description__ = 'something'
+        __author_email__ = 'something'
+        __license__ = 'something'
+        __url__ = 'something'
+        # Run as main (since setup.py is a script)
+        __name__ = '__main__'
+        # Exec the setup.py
+        exec(content) in globals(), locals()
+    return json.dumps({ "result": setup_packages })