dependabot-core 0.81.1 → 0.82.0

data/lib/dependabot/file_updaters/elm/elm_package.rb

@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/base"
-
-module Dependabot
-  module FileUpdaters
-    module Elm
-      class ElmPackage < Base
-        require_relative "elm_package/elm_package_updater"
-        require_relative "elm_package/elm_json_updater"
-
-        def self.updated_files_regex
-          [
-            /^elm-package\.json$/,
-            /^elm\.json$/
-          ]
-        end
-
-        def updated_dependency_files
-          updated_files = []
-
-          elm_package_files.each do |file|
-            next unless file_changed?(file)
-
-            updated_files <<
-              updated_file(
-                file: file,
-                content: updated_elm_package_content(file)
-              )
-          end
-
-          elm_json_files.each do |file|
-            next unless file_changed?(file)
-
-            updated_files <<
-              updated_file(
-                file: file,
-                content: updated_elm_json_content(file)
-              )
-          end
-
-          raise "No files have changed!" if updated_files.none?
-
-          updated_files
-        end
-
-        private
-
-        def check_required_files
-          return if elm_json_files.any? || elm_package_files.any?
-
-          raise "No elm.json or elm-package.json!"
-        end
-
-        def updated_elm_package_content(file)
-          ElmPackageUpdater.new(
-            dependencies: dependencies,
-            elm_package_file: file
-          ).updated_elm_package_file_content
-        end
-
-        def updated_elm_json_content(file)
-          ElmJsonUpdater.new(
-            dependencies: dependencies,
-            elm_json_file: file
-          ).updated_content
-        end
-
-        def elm_package_files
-          dependency_files.select { |f| f.name.end_with?("elm-package.json") }
-        end
-
-        def elm_json_files
-          dependency_files.select { |f| f.name.end_with?("elm.json") }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/elm/elm_package"
-
-module Dependabot
-  module FileUpdaters
-    module Elm
-      class ElmPackage
-        class ElmJsonUpdater
-          def initialize(elm_json_file:, dependencies:)
-            @elm_json_file = elm_json_file
-            @dependencies = dependencies
-          end
-
-          def updated_content
-            dependencies.
-              select { |dep| requirement_changed?(elm_json_file, dep) }.
-              reduce(elm_json_file.content.dup) do |content, dep|
-                updated_content = content
-
-                updated_content = update_requirement(
-                  content: updated_content,
-                  filename: elm_json_file.name,
-                  dependency: dep
-                )
-
-                next updated_content unless content == updated_content
-
-                raise "Expected content to change!"
-              end
-          end
-
-          private
-
-          attr_reader :elm_json_file, :dependencies
-
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-
-          def update_requirement(content:, filename:, dependency:)
-            updated_req =
-              dependency.requirements.
-              find { |r| r.fetch(:file) == filename }.
-              fetch(:requirement)
-
-            old_req =
-              dependency.previous_requirements.
-              find { |r| r.fetch(:file) == filename }.
-              fetch(:requirement)
-
-            return content unless old_req
-
-            dep = dependency
-            regex =
-              /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/
-
-            content.gsub(regex) do |declaration|
-              declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/file_updaters/elm/elm_package"
-
-module Dependabot
-  module FileUpdaters
-    module Elm
-      class ElmPackage
-        class ElmPackageUpdater
-          def initialize(elm_package_file:, dependencies:)
-            @elm_package_file = elm_package_file
-            @dependencies = dependencies
-          end
-
-          def updated_elm_package_file_content
-            dependencies.
-              select { |dep| requirement_changed?(elm_package_file, dep) }.
-              reduce(elm_package_file.content.dup) do |content, dep|
-                updated_content = content
-
-                updated_content = update_requirement(
-                  content: updated_content,
-                  filename: elm_package_file.name,
-                  dependency: dep
-                )
-
-                next updated_content unless content == updated_content
-
-                raise "Expected content to change!"
-              end
-          end
-
-          private
-
-          attr_reader :elm_package_file, :dependencies
-
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-
-          def update_requirement(content:, filename:, dependency:)
-            updated_req =
-              dependency.requirements.
-              find { |r| r.fetch(:file) == filename }.
-              fetch(:requirement)
-
-            old_req =
-              dependency.previous_requirements.
-              find { |r| r.fetch(:file) == filename }.
-              fetch(:requirement)
-
-            return content unless old_req
-
-            dep = dependency
-            regex =
-              /"#{Regexp.quote(dep.name)}"\s*:\s+"#{Regexp.quote(old_req)}"/
-
-            content.gsub(regex) do |declaration|
-              declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/elm/elm_package.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
-
-module Dependabot
-  module MetadataFinders
-    module Elm
-      class ElmPackage < Dependabot::MetadataFinders::Base
-        private
-
-        def look_up_source
-          # For Elm 0.18 an elm-package is guaranteed to be `owner/name`
-          # on github. For 0.19 a lot will change, including the name of
-          # the dependency file, so I won't try to build something more
-          # sophisticated here for now.
-          Source.from_url("https://github.com/" + dependency.name)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elm/elm_package.rb

@@ -1,126 +0,0 @@
-# frozen_string_literal: true
-
-require "excon"
-require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-
-module Dependabot
-  module UpdateCheckers
-    module Elm
-      class ElmPackage < Dependabot::UpdateCheckers::Base
-        require_relative "elm_package/requirements_updater"
-        require_relative "elm_package/elm_18_version_resolver"
-        require_relative "elm_package/elm_19_version_resolver"
-
-        def latest_version
-          @latest_version ||= candidate_versions.max
-        end
-
-        # Overwrite the base class to allow multi-dependency update PRs for
-        # dependencies for which we don't have a version.
-        def can_update?(requirements_to_unlock:)
-          if dependency.appears_in_lockfile?
-            version_can_update?(requirements_to_unlock: requirements_to_unlock)
-          elsif requirements_to_unlock == :none
-            false
-          elsif requirements_to_unlock == :own
-            requirements_can_update?
-          elsif requirements_to_unlock == :all
-            updated_dependencies_after_full_unlock.any?
-          end
-        end
-
-        def latest_resolvable_version
-          @latest_resolvable_version ||=
-            version_resolver.
-            latest_resolvable_version(unlock_requirement: :own)
-        end
-
-        def latest_resolvable_version_with_no_unlock
-          # Irrelevant, since Elm has a single dependency file (well, there's
-          # also `exact-dependencies.json`, but it's not recommended that that
-          # is committed).
-          nil
-        end
-
-        def updated_requirements
-          RequirementsUpdater.new(
-            requirements: dependency.requirements,
-            latest_resolvable_version: latest_resolvable_version
-          ).updated_requirements
-        end
-
-        private
-
-        def version_resolver
-          @version_resolver ||=
-            if dependency.requirements.any? { |r| r.fetch(:file) == "elm.json" }
-              Elm19VersionResolver.new(
-                dependency: dependency,
-                dependency_files: dependency_files
-              )
-            else
-              Elm18VersionResolver.new(
-                dependency: dependency,
-                dependency_files: dependency_files,
-                candidate_versions: candidate_versions
-              )
-            end
-        end
-
-        def updated_dependencies_after_full_unlock
-          version_resolver.updated_dependencies_after_full_unlock
-        end
-
-        def latest_version_resolvable_with_full_unlock?
-          latest_version == version_resolver.
-                            latest_resolvable_version(unlock_requirement: :all)
-        end
-
-        def candidate_versions
-          all_versions.
-            reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
-        end
-
-        def all_versions
-          return @all_versions if @version_lookup_attempted
-
-          @version_lookup_attempted = true
-
-          response = Excon.get(
-            "https://package.elm-lang.org/packages/#{dependency.name}/"\
-            "releases.json",
-            idempotent: true,
-            **Dependabot::SharedHelpers.excon_defaults
-          )
-
-          return @all_versions = [] unless response.status == 200
-
-          @all_versions =
-            JSON.parse(response.body).
-            keys.
-            map { |v| version_class.new(v) }.
-            sort
-        end
-
-        # Overwrite the base class's requirements_up_to_date? method to instead
-        # check whether the latest version is allowed
-        def requirements_up_to_date?
-          return false unless latest_version
-
-          dependency.requirements.
-            map { |r| r.fetch(:requirement) }.
-            map { |r| requirement_class.new(r) }.
-            all? { |r| r.satisfied_by?(latest_version) }
-        end
-
-        def ignore_reqs
-          # Note: we use Gem::Requirement here because ignore conditions will
-          # be passed as Ruby ranges
-          ignored_versions.map { |req| Gem::Requirement.new(req.split(",")) }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/utils/elm/version"
-require "dependabot/update_checkers/elm/elm_package"
-
-module Dependabot
-  module UpdateCheckers
-    module Elm
-      class ElmPackage
-        class CliParser
-          INSTALL_DEPENDENCY_REGEX =
-            %r{([^\s]+\/[^\s]+)\s+(\d+\.\d+\.\d+)}.freeze
-          UPGRADE_DEPENDENCY_REGEX =
-            %r{([^\s]+\/[^\s]+) \(\d+\.\d+\.\d+ => (\d+\.\d+\.\d+)\)}.freeze
-
-          def self.decode_install_preview(text)
-            installs = {}
-
-            # Parse new installs
-            text.scan(INSTALL_DEPENDENCY_REGEX).
-              each { |n, v| installs[n] = Utils::Elm::Version.new(v) }
-
-            # Parse upgrades
-            text.scan(UPGRADE_DEPENDENCY_REGEX).
-              each { |n, v| installs[n] = Utils::Elm::Version.new(v) }
-
-            installs
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb

@@ -1,234 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-require "dependabot/file_parsers/elm/elm_package"
-require "dependabot/update_checkers/elm/elm_package"
-require "dependabot/update_checkers/elm/elm_package/cli_parser"
-require "dependabot/update_checkers/elm/elm_package/requirements_updater"
-require "dependabot/utils/elm/requirement"
-
-module Dependabot
-  module UpdateCheckers
-    module Elm
-      class ElmPackage
-        class Elm18VersionResolver
-          class UnrecoverableState < StandardError; end
-
-          def initialize(dependency:, dependency_files:, candidate_versions:)
-            @dependency = dependency
-            @dependency_files = dependency_files
-            @candidate_versions = candidate_versions
-          end
-
-          def latest_resolvable_version(unlock_requirement:)
-            unless %i(none own all).include?(unlock_requirement)
-              raise "Invalid unlock setting: #{unlock_requirement}"
-            end
-
-            # Elm has no lockfile, so we will never create an update PR if
-            # unlock requirements are `none`. Just return the current version.
-            return current_version if unlock_requirement == :none
-
-            # Otherwise, we gotta check a few conditions to see if bumping
-            # wouldn't also bump other deps in elm-package.json
-            candidate_versions.sort.reverse_each do |version|
-              return version if can_update?(version, unlock_requirement)
-            end
-
-            # Fall back to returning the dependency's current version, which is
-            # presumed to be resolvable
-            current_version
-          end
-
-          def updated_dependencies_after_full_unlock
-            version = latest_resolvable_version(unlock_requirement: :all)
-            deps_after_install = fetch_install_metadata(target_version: version)
-
-            original_dependency_details.map do |original_dep|
-              new_version = deps_after_install.fetch(original_dep.name)
-
-              old_reqs = original_dep.requirements.map do |req|
-                requirement_class.new(req[:requirement])
-              end
-
-              next if old_reqs.all? { |req| req.satisfied_by?(new_version) }
-
-              new_requirements =
-                RequirementsUpdater.new(
-                  requirements: original_dep.requirements,
-                  latest_resolvable_version: new_version.to_s
-                ).updated_requirements
-
-              Dependency.new(
-                name: original_dep.name,
-                version: new_version.to_s,
-                requirements: new_requirements,
-                previous_version: original_dep.version,
-                previous_requirements: original_dep.requirements,
-                package_manager: original_dep.package_manager
-              )
-            end.compact
-          end
-
-          private
-
-          attr_reader :dependency, :dependency_files, :candidate_versions
-
-          def can_update?(version, unlock_requirement)
-            deps_after_install = fetch_install_metadata(target_version: version)
-
-            result = check_install_result(deps_after_install, version)
-
-            # If the install was clean then we can definitely update
-            return true if result == :clean_bump
-
-            # Otherwise, we can still update if the result was a forced full
-            # unlock and we're allowed to unlock other requirements
-            return false unless unlock_requirement == :all
-
-            result == :forced_full_unlock_bump
-          end
-
-          def check_install_result(deps_after_install, target_version)
-            # This can go one of 5 ways:
-            # 1) We bump our dep and no other dep is bumped
-            # 2) We bump our dep and another dep is bumped too
-            #    Scenario: NoRedInk/datetimepicker bump to 3.0.2 also
-            #              bumps elm-css to 14
-            # 3) We bump our dep but actually elm-package doesn't bump it
-            #    Scenario: elm-css bump to 14 but datetimepicker is at 3.0.1
-            # 4) We bump our dep but elm-package just says
-            #    "Packages configured successfully!"
-            #    Narrator: they weren't
-            #    Scenario: impossible dependency (i.e. elm-css 999.999.999)
-            #              a <= v < b where a is greater than latest version
-            # 5) We bump our dep but elm-package blows up (not handled here)
-            #    Scenario: rtfeldman/elm-css 14 && rtfeldman/hashed-class 1.0.0
-            #              I'm not sure what's different from this scenario
-            #              to 3), why it blows up instead of just rolling
-            #              elm-css back to version 9 which is what
-            #              hashed-class requires
-
-            # 4) We bump our dep but elm-package just says
-            #    "Packages configured successfully!"
-            return :empty_elm_stuff_bug if deps_after_install.empty?
-
-            version_after_install = deps_after_install.fetch(dependency.name)
-
-            # 3) We bump our dep but actually elm-package doesn't bump it
-            return :downgrade_bug if version_after_install < target_version
-
-            other_top_level_deps_bumped =
-              original_dependency_details.
-              reject { |dep| dep.name == dependency.name }.
-              select do |dep|
-                reqs = dep.requirements.map { |r| r.fetch(:requirement) }
-                reqs = reqs.map { |r| requirement_class.new(r) }
-                reqs.any? { |r| !r.satisfied_by?(deps_after_install[dep.name]) }
-              end
-
-            # 2) We bump our dep and another dep is bumped
-            return :forced_full_unlock_bump if other_top_level_deps_bumped.any?
-
-            # 1) We bump our dep and no other dep is bumped
-            :clean_bump
-          end
-
-          def fetch_install_metadata(target_version:)
-            @install_cache ||= {}
-            @install_cache[target_version.to_s] ||=
-              SharedHelpers.in_a_temporary_directory do
-                write_temporary_dependency_files(target_version: target_version)
-
-                # Elm package install outputs a preview of the actions to be
-                # performed. We can use this preview to calculate whether it
-                # would do anything funny
-                command = "yes n | elm-package install"
-                response = run_shell_command(command)
-
-                deps_after_install = CliParser.decode_install_preview(response)
-
-                deps_after_install
-              rescue SharedHelpers::HelperSubprocessFailed => error
-                # 5) We bump our dep but elm-package blows up
-                handle_elm_package_errors(error)
-              end
-          end
-
-          def run_shell_command(command)
-            raw_response = nil
-            IO.popen(command, err: %i(child out)) do |process|
-              raw_response = process.read
-            end
-
-            # Raise an error with the output from the shell session if Elm
-            # returns a non-zero status
-            return raw_response if $CHILD_STATUS.success?
-
-            raise SharedHelpers::HelperSubprocessFailed.new(
-              raw_response,
-              command
-            )
-          end
-
-          def handle_elm_package_errors(error)
-            if error.message.include?("I cannot find a set of packages that " \
-                                      "works with your constraints")
-              raise Dependabot::DependencyFileNotResolvable, error.message
-            end
-
-            # I don't know any other errors
-            raise error
-          end
-
-          def write_temporary_dependency_files(target_version:)
-            dependency_files.each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-
-              File.write(
-                path,
-                updated_elm_package_content(file.content, target_version)
-              )
-            end
-          end
-
-          def updated_elm_package_content(content, version)
-            json = JSON.parse(content)
-
-            new_requirement = RequirementsUpdater.new(
-              requirements: dependency.requirements,
-              latest_resolvable_version: version.to_s
-            ).updated_requirements.first[:requirement]
-
-            json["dependencies"][dependency.name] = new_requirement
-            JSON.dump(json)
-          end
-
-          def original_dependency_details
-            @original_dependency_details ||=
-              FileParsers::Elm::ElmPackage.new(
-                dependency_files: dependency_files,
-                source: nil
-              ).parse
-          end
-
-          def current_version
-            return unless dependency.version
-
-            version_class.new(dependency.version)
-          end
-
-          def version_class
-            Utils::Elm::Version
-          end
-
-          def requirement_class
-            Utils::Elm::Requirement
-          end
-        end
-      end
-    end
-  end
-end