RubyGems - dependabot-core - Versions diffs - 0.76.1 - Mend

dependabot-core 0.76.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +6408 -0
data/LICENSE +37 -0
data/README.md +115 -0
data/helpers/elixir/bin/check_update.exs +92 -0
data/helpers/elixir/bin/do_update.exs +39 -0
data/helpers/elixir/bin/parse_deps.exs +103 -0
data/helpers/elixir/bin/run.exs +76 -0
data/helpers/elixir/mix.exs +21 -0
data/helpers/elixir/mix.lock +3 -0
data/helpers/go/Makefile +9 -0
data/helpers/go/go.mod +9 -0
data/helpers/go/go.sum +5 -0
data/helpers/go/importresolver/main.go +34 -0
data/helpers/go/main.go +77 -0
data/helpers/go/updatechecker/main.go +107 -0
data/helpers/go/updater/go.mod +3 -0
data/helpers/go/updater/go.sum +2 -0
data/helpers/go/updater/helpers.go +57 -0
data/helpers/go/updater/main.go +48 -0
data/helpers/npm/.agignore +1 -0
data/helpers/npm/.envrc +2 -0
data/helpers/npm/.eslintrc +14 -0
data/helpers/npm/.nvimrc +7 -0
data/helpers/npm/bin/run.js +34 -0
data/helpers/npm/lib/helpers.js +25 -0
data/helpers/npm/lib/peer-dependency-checker.js +102 -0
data/helpers/npm/lib/subdependency-updater.js +48 -0
data/helpers/npm/lib/updater.js +95 -0
data/helpers/npm/package.json +17 -0
data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
data/helpers/npm/test/helpers.js +7 -0
data/helpers/npm/test/updater.test.js +50 -0
data/helpers/npm/yarn.lock +6120 -0
data/helpers/php/.php_cs +34 -0
data/helpers/php/bin/run.php +57 -0
data/helpers/php/composer.json +14 -0
data/helpers/php/composer.lock +1521 -0
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +4 -0
data/helpers/php/src/DependabotInstallationManager.php +61 -0
data/helpers/php/src/DependabotPluginManager.php +23 -0
data/helpers/php/src/ExceptionIO.php +25 -0
data/helpers/php/src/Hasher.php +21 -0
data/helpers/php/src/UpdateChecker.php +123 -0
data/helpers/php/src/Updater.php +97 -0
data/helpers/python/lib/__init__.py +0 -0
data/helpers/python/lib/hasher.py +23 -0
data/helpers/python/lib/parser.py +130 -0
data/helpers/python/requirements.txt +9 -0
data/helpers/python/run.py +18 -0
data/helpers/test/run.rb +15 -0
data/helpers/utils/git-credential-store-immutable +10 -0
data/helpers/yarn/.agignore +1 -0
data/helpers/yarn/.envrc +2 -0
data/helpers/yarn/.eslintrc +14 -0
data/helpers/yarn/.nvimrc +7 -0
data/helpers/yarn/bin/run.js +36 -0
data/helpers/yarn/lib/fix-duplicates.js +53 -0
data/helpers/yarn/lib/helpers.js +5 -0
data/helpers/yarn/lib/lockfile-parser.js +21 -0
data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
data/helpers/yarn/lib/subdependency-updater.js +69 -0
data/helpers/yarn/lib/updater.js +254 -0
data/helpers/yarn/package.json +17 -0
data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
data/helpers/yarn/test/helpers.js +7 -0
data/helpers/yarn/test/updater.test.js +93 -0
data/helpers/yarn/yarn.lock +4912 -0
data/lib/bundler_definition_bundler_version_patch.rb +15 -0
data/lib/bundler_definition_ruby_version_patch.rb +14 -0
data/lib/bundler_git_source_patch.rb +27 -0
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +101 -0
data/lib/dependabot/clients/github_with_retries.rb +117 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +118 -0
data/lib/dependabot/dependency_file.rb +54 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +48 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +302 -0
data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
data/lib/dependabot/file_parsers.rb +48 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
data/lib/dependabot/file_parsers/go/dep.rb +163 -0
data/lib/dependabot/file_parsers/go/modules.rb +34 -0
data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
data/lib/dependabot/file_parsers/java/maven.rb +252 -0
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
data/lib/dependabot/file_parsers/php/composer.rb +177 -0
data/lib/dependabot/file_parsers/python/pip.rb +223 -0
data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
data/lib/dependabot/file_updaters.rb +48 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
data/lib/dependabot/file_updaters/go/dep.rb +77 -0
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
data/lib/dependabot/file_updaters/go/modules.rb +71 -0
data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
data/lib/dependabot/file_updaters/java/maven.rb +155 -0
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
data/lib/dependabot/file_updaters/php/composer.rb +78 -0
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
data/lib/dependabot/file_updaters/python/pip.rb +147 -0
data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +46 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
data/lib/dependabot/pull_request_creator.rb +151 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +233 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +151 -0
data/lib/dependabot/shared_helpers.rb +201 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +48 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
data/lib/dependabot/update_checkers/go/dep.rb +311 -0
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
data/lib/dependabot/update_checkers/go/modules.rb +112 -0
data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
data/lib/dependabot/update_checkers/java/maven.rb +159 -0
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
data/lib/dependabot/update_checkers/php/composer.rb +165 -0
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
data/lib/dependabot/update_checkers/python/pip.rb +227 -0
data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
data/lib/dependabot/utils.rb +84 -0
data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
data/lib/dependabot/utils/dotnet/version.rb +22 -0
data/lib/dependabot/utils/elixir/requirement.rb +53 -0
data/lib/dependabot/utils/elixir/version.rb +59 -0
data/lib/dependabot/utils/elm/requirement.rb +92 -0
data/lib/dependabot/utils/elm/version.rb +19 -0
data/lib/dependabot/utils/go/path_converter.rb +74 -0
data/lib/dependabot/utils/go/requirement.rb +152 -0
data/lib/dependabot/utils/go/shared_helper.rb +20 -0
data/lib/dependabot/utils/go/version.rb +40 -0
data/lib/dependabot/utils/java/requirement.rb +110 -0
data/lib/dependabot/utils/java/version.rb +179 -0
data/lib/dependabot/utils/java_script/requirement.rb +117 -0
data/lib/dependabot/utils/java_script/version.rb +30 -0
data/lib/dependabot/utils/php/requirement.rb +97 -0
data/lib/dependabot/utils/php/version.rb +22 -0
data/lib/dependabot/utils/python/requirement.rb +130 -0
data/lib/dependabot/utils/python/version.rb +88 -0
data/lib/dependabot/utils/ruby/requirement.rb +26 -0
data/lib/dependabot/utils/rust/requirement.rb +108 -0
data/lib/dependabot/utils/rust/version.rb +32 -0
data/lib/dependabot/version.rb +5 -0
data/lib/python_requirement_parser.rb +33 -0
data/lib/python_versions.rb +21 -0
metadata +641 -0

data/lib/dependabot/utils/docker/credentials_finder.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+require "aws-sdk-ecr"
+require "base64"
+require "dependabot/errors"
+module Dependabot
+  module Utils
+    module Docker
+      class CredentialsFinder
+        AWS_ECR_URL = /dkr\.ecr\.(?<region>[^.]+).amazonaws\.com/.freeze
+        def initialize(credentials)
+          @credentials = credentials
+        end
+        def credentials_for_registry(registry_hostname)
+          registry_details =
+            credentials.
+            select { |cred| cred["type"] == "docker_registry" }.
+            find { |cred| cred.fetch("registry") == registry_hostname }
+          return unless registry_details
+          return registry_details unless registry_hostname.match?(AWS_ECR_URL)
+          build_aws_credentials(registry_details)
+        end
+        private
+        attr_reader :credentials
+        def build_aws_credentials(registry_details)
+          # If credentials have been generated from AWS we can just return them
+          return registry_details if registry_details.fetch("username") == "AWS"
+          # Otherwise, we need to use the provided Access Key ID and secret to
+          # generate a temporary username and password
+          aws_credentials = Aws::Credentials.new(
+            registry_details.fetch("username"),
+            registry_details.fetch("password")
+          )
+          registry_hostname = registry_details.fetch("registry")
+          region = registry_hostname.match(AWS_ECR_URL).
+                   named_captures.fetch("region")
+          @authorization_tokens ||= {}
+          @authorization_tokens[registry_hostname] ||=
+            Aws::ECR::Client.new(region: region, credentials: aws_credentials).
+            get_authorization_token.authorization_data.first.
+            authorization_token
+          username, password =
+            Base64.decode64(@authorization_tokens[registry_hostname]).split(":")
+          registry_details.merge("username" => username, "password" => password)
+        rescue Aws::Errors::MissingCredentialsError,
+               Aws::ECR::Errors::UnrecognizedClientException
+          raise PrivateSourceAuthenticationFailure, registry_hostname
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/dotnet/requirement.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+require "dependabot/utils/dotnet/version"
+# For details on .NET version constraints see:
+# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
+module Dependabot
+  module Utils
+    module Dotnet
+      class Requirement < Gem::Requirement
+        def self.parse(obj)
+          if obj.is_a?(Gem::Version)
+            return ["=", Utils::Dotnet::Version.new(obj.to_s)]
+          end
+          unless (matches = PATTERN.match(obj.to_s))
+            msg = "Illformed requirement [#{obj.inspect}]"
+            raise BadRequirementError, msg
+          end
+          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
+          [matches[1] || "=", Utils::Dotnet::Version.new(matches[2])]
+        end
+        # For consistency with other langauges, we define a requirements array.
+        # Dotnet doesn't have an `OR` separator for requirements, so it always
+        # contains a single element.
+        def self.requirements_array(requirement_string)
+          [new(requirement_string)]
+        end
+        def initialize(*requirements)
+          requirements = requirements.flatten.flat_map do |req_string|
+            convert_dotnet_constraint_to_ruby_constraint(req_string)
+          end
+          super(requirements)
+        end
+        def satisfied_by?(version)
+          version = Utils::Dotnet::Version.new(version.to_s)
+          super
+        end
+        private
+        def convert_dotnet_constraint_to_ruby_constraint(req_string)
+          return unless req_string
+          if req_string&.start_with?("(", "[")
+            return convert_dotnet_range_to_ruby_range(req_string)
+          end
+          return req_string.split(",").map(&:strip) if req_string.include?(",")
+          return req_string unless req_string.include?("*")
+          convert_wildcard_req(req_string)
+        end
+        def convert_dotnet_range_to_ruby_range(req_string)
+          lower_b, upper_b = req_string.split(",").map(&:strip)
+          lower_b =
+            if ["(", "["].include?(lower_b) then nil
+            elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
+            else ">= #{lower_b.sub(/\[\s*/, '').strip}"
+            end
+          upper_b =
+            if [")", "]"].include?(upper_b) then nil
+            elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
+            else "<= #{upper_b.sub(/\s*\]/, '').strip}"
+            end
+          [lower_b, upper_b].compact
+        end
+        def convert_wildcard_req(req_string)
+          return ">= 0" if req_string.start_with?("*")
+          defined_part = req_string.split("*").first
+          suffix = defined_part.end_with?(".") ? "0" : "a"
+          version = defined_part + suffix
+          "~> #{version}"
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/dotnet/version.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+# Dotnet pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
+# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
+# alteration.
+module Dependabot
+  module Utils
+    module Dotnet
+      class Version < Gem::Version
+        def initialize(version)
+          @version_string = version.to_s
+          super
+        end
+        def to_s
+          @version_string
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/elixir/requirement.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require "dependabot/utils/elixir/version"
+module Dependabot
+  module Utils
+    module Elixir
+      class Requirement < Gem::Requirement
+        AND_SEPARATOR = /\s+and\s+/.freeze
+        OR_SEPARATOR = /\s+or\s+/.freeze
+        # Add the double-equality matcher to the list of allowed operations
+        OPS["=="] = ->(v, r) { v == r }
+        # Override the version pattern to allow local versions
+        quoted = OPS.keys.map { |k| Regexp.quote k }.join "|"
+        PATTERN_RAW =
+          "\\s*(#{quoted})?\\s*(#{Utils::Elixir::Version::VERSION_PATTERN})\\s*"
+        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+        # Returns an array of requirements. At least one requirement from the
+        # returned array must be satisfied for a version to be valid.
+        def self.requirements_array(requirement_string)
+          requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
+            requirements = req_string.strip.split(AND_SEPARATOR)
+            new(requirements)
+          end
+        end
+        # Override the parser to create Utils::Elixir::Versions
+        def self.parse(obj)
+          if obj.is_a?(Gem::Version)
+            return ["=", Utils::Elixir::Version.new(obj.to_s)]
+          end
+          unless (matches = PATTERN.match(obj.to_s))
+            msg = "Illformed requirement [#{obj.inspect}]"
+            raise BadRequirementError, msg
+          end
+          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
+          [matches[1] || "=", Utils::Elixir::Version.new(matches[2])]
+        end
+        def satisfied_by?(version)
+          version = Utils::Elixir::Version.new(version.to_s)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/elixir/version.rb ADDED Viewed

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+# Elixir versions can include build information, which Ruby can't parse.
+# This class augments Gem::Version with build information.
+# See https://hexdocs.pm/elixir/Version.html for details.
+module Dependabot
+  module Utils
+    module Elixir
+      class Version < Gem::Version
+        attr_reader :build_info
+        VERSION_PATTERN = Gem::Version::VERSION_PATTERN +
+                          '(\+[0-9a-zA-Z\-.]+)?'
+        def self.correct?(version)
+          super(version.to_s.split("+").first)
+        end
+        def initialize(version)
+          @version_string = version.to_s
+          version, @build_info = version.split("+")
+          super
+        end
+        def to_s
+          @version_string
+        end
+        def inspect # :nodoc:
+          "#<#{self.class} #{@version_string}>"
+        end
+        def <=>(other)
+          version_comparison = super(other)
+          return version_comparison unless version_comparison.zero?
+          unless other.is_a?(Utils::Elixir::Version)
+            return build_info.nil? ? 0 : 1
+          end
+          # Build information comparison
+          lhsegments = build_info.to_s.split(".").map(&:downcase)
+          rhsegments = other.build_info.to_s.split(".").map(&:downcase)
+          limit = [lhsegments.count, rhsegments.count].min
+          lhs = ["1", *lhsegments.first(limit)].join(".")
+          rhs = ["1", *rhsegments.first(limit)].join(".")
+          local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
+          return local_comparison unless local_comparison.zero?
+          lhsegments.count <=> rhsegments.count
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/elm/requirement.rb ADDED Viewed

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+require "dependabot/utils/elm/version"
+module Dependabot
+  module Utils
+    module Elm
+      class Requirement < Gem::Requirement
+        # Override the version pattern to allow local versions
+        PATTERN_RAW =
+          "(#{Utils::Elm::Version::VERSION_PATTERN}) (<=?) v (<=?) " \
+          "(#{Utils::Elm::Version::VERSION_PATTERN})"
+        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+        EXACT_PATTERN = /\A#{Utils::Elm::Version::VERSION_PATTERN}\z/.freeze
+        # Returns an array of requirements. At least one requirement from the
+        # returned array must be satisfied for a version to be valid.
+        def self.requirements_array(requirement_string)
+          [new(requirement_string)]
+        end
+        # Override the parser to create Utils::Elm::Versions and return an
+        # array of parsed requirements
+        def self.parse(obj)
+          # If a version is given this is an equals requirement
+          if EXACT_PATTERN.match?(obj.to_s)
+            return [["=", Utils::Elm::Version.new(obj.to_s)]]
+          end
+          unless (matches = PATTERN.match(obj.to_s))
+            msg = "Illformed requirement #{obj.inspect}"
+            raise BadRequirementError, msg
+          end
+          # If the two versions specified are identical this is an equals
+          # requirement
+          if matches[1] == matches[4] && matches[3] == "<="
+            return [["=", Utils::Elm::Version.new(matches[4])]]
+          end
+          [
+            [matches[2].tr("<", ">"), Utils::Elm::Version.new(matches[1])],
+            [matches[3], Utils::Elm::Version.new(matches[4])]
+          ]
+        end
+        # Overwrite superclass method to use `flat_map`
+        def initialize(*requirements)
+          if requirements.any?(&:nil?)
+            raise BadRequirementError, "Nil requirement not supported in Elm"
+          end
+          requirements = requirements.flatten
+          requirements.compact!
+          requirements.uniq!
+          if requirements.empty?
+            @requirements = [DefaultRequirement]
+          else
+            @requirements = requirements.flat_map { |r| self.class.parse(r) }
+            sort_requirements!
+          end
+        end
+        # Overwrite superclass method to use `flat_map`
+        def concat(new)
+          new = new.flatten
+          new.compact!
+          new.uniq!
+          new = new.flat_map { |r| self.class.parse(r) }
+          @requirements.concat new
+          sort_requirements!
+        end
+        def sort_requirements!
+          @requirements.sort! do |l, r|
+            comp = l.last <=> r.last # first, sort by the requirement's version
+            next comp unless comp.zero?
+            l.first <=> r.first # then, sort by the operator (for stability)
+          end
+        end
+        def satisfied_by?(version)
+          version = Utils::Elm::Version.new(version.to_s)
+          super
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/elm/version.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+# Elm versions require major, minor and patch to be present
+# They don't allow any letters
+module Dependabot
+  module Utils
+    module Elm
+      class Version < Gem::Version
+        VERSION_PATTERN = "[0-9]+\.[0-9]+\.[0-9]+"
+        VERSION_PATTERN_REGEX = /\A#{VERSION_PATTERN}\Z/.freeze
+        def self.correct?(version)
+          version.to_s.match?(VERSION_PATTERN_REGEX)
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/go/path_converter.rb ADDED Viewed

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+require "excon"
+require "nokogiri"
+require "dependabot/shared_helpers"
+require "dependabot/source"
+require "dependabot/utils/go/shared_helper"
+module Dependabot
+  module Utils
+    module Go
+      module PathConverter
+        def self.git_url_for_path(path)
+          # Save a query by manually converting golang.org/x names
+          import_path = path.gsub(%r{^golang\.org/x}, "github.com/golang")
+          SharedHelpers.run_helper_subprocess(
+            command: Go::SharedHelper.path,
+            function: "getVcsRemoteForImport",
+            args: { import: import_path }
+          )
+        end
+        # Used in dependabot-backend, which doesn't have access to any Go
+        # helpers.
+        # TODO: remove the need for this.
+        def self.git_url_for_path_without_go_helper(path)
+          # Save a query by manually converting golang.org/x names
+          tmp_path = path.gsub(%r{^golang\.org/x}, "github.com/golang")
+          # Currently, Dependabot::Source.new will return `nil` if it can't
+          # find a git SCH associated with a path. If it is ever extended to
+          # handle non-git sources we'll need to add an additional check here.
+          return Source.from_url(tmp_path).url if Source.from_url(tmp_path)
+          return "https://#{tmp_path}" if tmp_path.end_with?(".git")
+          return unless (metadata_response = fetch_path_metadata(path))
+          # Look for a GitHub, Bitbucket or GitLab URL in the response
+          metadata_response.scan(Dependabot::Source::SOURCE_REGEX) do
+            source_url = Regexp.last_match.to_s
+            return Source.from_url(source_url).url
+          end
+          # If none are found, parse the response and return the go-import path
+          doc = Nokogiri::XML(metadata_response)
+          doc.remove_namespaces!
+          import_details =
+            doc.xpath("//meta").
+            find { |n| n.attributes["name"]&.value == "go-import" }&.
+            attributes&.fetch("content")&.value&.split(/\s+/)
+          return unless import_details && import_details[1] == "git"
+          import_details[2]
+        end
+        def self.fetch_path_metadata(path)
+          # TODO: This is not robust! Instead, we should shell out to Go and
+          # use https://github.com/Masterminds/vcs.
+          response = Excon.get(
+            "https://#{path}?go-get=1",
+            idempotent: true,
+            **SharedHelpers.excon_defaults
+          )
+          return unless response.status == 200
+          response.body
+        end
+        private_class_method :fetch_path_metadata
+      end
+    end
+  end
+end