RubyGems - dependabot-core - Versions diffs - 0.87.15 → 0.88.0 - Mend

dependabot-core 0.87.15 → 0.88.0

Files changed (33) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/dependabot/file_fetchers.rb +0 -2
data/lib/dependabot/file_parsers.rb +0 -2
data/lib/dependabot/file_updaters.rb +0 -2
data/lib/dependabot/metadata_finders.rb +0 -2
data/lib/dependabot/pull_request_creator/message_builder.rb +1 -1
data/lib/dependabot/update_checkers.rb +0 -2
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +3 -2
data/lib/dependabot/utils.rb +0 -4
data/lib/dependabot/version.rb +1 -1
metadata +1 -22
data/helpers/elixir/bin/check_update.exs +0 -92
data/helpers/elixir/bin/do_update.exs +0 -39
data/helpers/elixir/bin/parse_deps.exs +0 -103
data/helpers/elixir/bin/run.exs +0 -76
data/helpers/elixir/mix.exs +0 -21
data/helpers/elixir/mix.lock +0 -3
data/lib/dependabot/file_fetchers/elixir/hex.rb +0 -78
data/lib/dependabot/file_parsers/elixir/hex.rb +0 -134
data/lib/dependabot/file_updaters/elixir/hex.rb +0 -71
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +0 -147
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +0 -53
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +0 -74
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +0 -28
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +0 -98
data/lib/dependabot/metadata_finders/elixir/hex.rb +0 -69
data/lib/dependabot/update_checkers/elixir/hex.rb +0 -274
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +0 -193
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +0 -177
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +0 -175
data/lib/dependabot/utils/elixir/requirement.rb +0 -54
data/lib/dependabot/utils/elixir/version.rb +0 -66

data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb DELETED

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/elixir/hex"
-require "dependabot/shared_helpers"
-module Dependabot
-  module FileUpdaters
-    module Elixir
-      class Hex
-        class MixfileGitPinUpdater
-          def initialize(dependency_name:, mixfile_content:,
-                         previous_pin:, updated_pin:)
-            @dependency_name = dependency_name
-            @mixfile_content = mixfile_content
-            @previous_pin    = previous_pin
-            @updated_pin     = updated_pin
-          end
-          def updated_content
-            updated_content = update_pin(mixfile_content)
-            if content_should_change? && mixfile_content == updated_content
-              raise "Expected content to change!"
-            end
-            updated_content
-          end
-          private
-          attr_reader :dependency_name, :mixfile_content,
-                      :previous_pin, :updated_pin
-          def update_pin(content)
-            requirement_line_regex =
-              /
-                \{\s*:#{Regexp.escape(dependency_name)},[^\}]*
-                (?:ref|tag):\s+["']#{Regexp.escape(previous_pin)}["']
-              /mx
-            content.gsub(requirement_line_regex) do |requirement_line|
-              requirement_line.gsub(previous_pin, updated_pin)
-            end
-          end
-          def content_should_change?
-            previous_pin == updated_pin
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb DELETED

@@ -1,74 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/elixir/hex"
-require "dependabot/shared_helpers"
-module Dependabot
-  module FileUpdaters
-    module Elixir
-      class Hex
-        class MixfileRequirementUpdater
-          def initialize(dependency_name:, mixfile_content:,
-                         previous_requirement:, updated_requirement:,
-                         insert_if_bare: false)
-            @dependency_name      = dependency_name
-            @mixfile_content      = mixfile_content
-            @previous_requirement = previous_requirement
-            @updated_requirement  = updated_requirement
-            @insert_if_bare       = insert_if_bare
-          end
-          def updated_content
-            updated_content = update_requirement(mixfile_content)
-            if content_should_change? && mixfile_content == updated_content
-              raise "Expected content to change!"
-            end
-            updated_content
-          end
-          private
-          attr_reader :dependency_name, :mixfile_content,
-                      :previous_requirement, :updated_requirement
-          def insert_if_bare?
-            !@insert_if_bare.nil?
-          end
-          def update_requirement(content)
-            return content if previous_requirement.nil? && !insert_if_bare?
-            requirement_line_regex =
-              if previous_requirement
-                /
-                  :#{Regexp.escape(dependency_name)}\s*,.*
-                  #{Regexp.escape(previous_requirement)}
-                /x
-              else
-                /:#{Regexp.escape(dependency_name)}(,|\s|\})/
-              end
-            content.gsub(requirement_line_regex) do |requirement_line|
-              if previous_requirement
-                requirement_line.gsub(previous_requirement, updated_requirement)
-              else
-                requirement_line.gsub(
-                  ":#{dependency_name}",
-                  ":#{dependency_name}, \"#{updated_requirement}\""
-                )
-              end
-            end
-          end
-          def content_should_change?
-            return false if previous_requirement == updated_requirement
-            previous_requirement || insert_if_bare?
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb DELETED

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/elixir/hex"
-require "dependabot/shared_helpers"
-module Dependabot
-  module FileUpdaters
-    module Elixir
-      class Hex
-        class MixfileSanitizer
-          def initialize(mixfile_content:)
-            @mixfile_content = mixfile_content
-          end
-          def sanitized_content
-            mixfile_content.
-              gsub(/File\.read!\(.*?\)/, '"0.0.1"').
-              gsub(/File\.read\(.*?\)/, '{:ok, "0.0.1"}')
-          end
-          private
-          attr_reader :mixfile_content
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb DELETED

@@ -1,98 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/elixir/hex"
-require "dependabot/file_updaters/elixir/hex/mixfile_requirement_updater"
-require "dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater"
-module Dependabot
-  module FileUpdaters
-    module Elixir
-      class Hex
-        class MixfileUpdater
-          def initialize(mixfile:, dependencies:)
-            @mixfile = mixfile
-            @dependencies = dependencies
-          end
-          def updated_mixfile_content
-            dependencies.
-              select { |dep| requirement_changed?(mixfile, dep) }.
-              reduce(mixfile.content.dup) do |content, dep|
-                updated_content = content
-                updated_content = update_requirement(
-                  content: updated_content,
-                  filename: mixfile.name,
-                  dependency: dep
-                )
-                updated_content = update_git_pin(
-                  content: updated_content,
-                  filename: mixfile.name,
-                  dependency: dep
-                )
-                if content == updated_content
-                  raise "Expected content to change!"
-                end
-                updated_content
-              end
-          end
-          private
-          attr_reader :mixfile, :dependencies
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-          def update_requirement(content:, filename:, dependency:)
-            updated_req =
-              dependency.requirements.find { |r| r[:file] == filename }.
-              fetch(:requirement)
-            old_req =
-              dependency.previous_requirements.
-              find { |r| r[:file] == filename }.
-              fetch(:requirement)
-            return content unless old_req
-            MixfileRequirementUpdater.new(
-              dependency_name: dependency.name,
-              mixfile_content: content,
-              previous_requirement: old_req,
-              updated_requirement: updated_req
-            ).updated_content
-          end
-          def update_git_pin(content:, filename:, dependency:)
-            updated_pin =
-              dependency.requirements.find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-            old_pin =
-              dependency.previous_requirements.
-              find { |r| r[:file] == filename }&.
-              dig(:source, :ref)
-            return content unless old_pin
-            return content if old_pin == updated_pin
-            MixfileGitPinUpdater.new(
-              dependency_name: dependency.name,
-              mixfile_content: content,
-              previous_pin: old_pin,
-              updated_pin: updated_pin
-            ).updated_content
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/elixir/hex.rb DELETED

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
-module Dependabot
-  module MetadataFinders
-    module Elixir
-      class Hex < Dependabot::MetadataFinders::Base
-        SOURCE_KEYS = %w(
-          GitHub Github github
-          GitLab Gitlab gitlab
-          BitBucket Bitbucket bitbucket
-          Source source
-        ).freeze
-        private
-        def look_up_source
-          case new_source_type
-          when "default" then find_source_from_hex_listing
-          when "git" then find_source_from_git_url
-          else raise "Unexpected source type: #{new_source_type}"
-          end
-        end
-        def new_source_type
-          sources =
-            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-          return "default" if sources.empty?
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-          sources.first[:type] || sources.first.fetch("type")
-        end
-        def find_source_from_hex_listing
-          potential_source_urls =
-            SOURCE_KEYS.
-            map { |key| hex_listing.dig("meta", "links", key) }.
-            compact
-          source_url = potential_source_urls.find { |url| Source.from_url(url) }
-          Source.from_url(source_url)
-        end
-        def find_source_from_git_url
-          info = dependency.requirements.map { |r| r[:source] }.compact.first
-          url = info[:url] || info.fetch("url")
-          Source.from_url(url)
-        end
-        def hex_listing
-          return @hex_listing unless @hex_listing.nil?
-          response = Excon.get(
-            "https://hex.pm/api/packages/#{dependency.name}",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-          @hex_listing = JSON.parse(response.body)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elixir/hex.rb DELETED

@@ -1,274 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/git_commit_checker"
-require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
-require "json"
-module Dependabot
-  module UpdateCheckers
-    module Elixir
-      class Hex < Dependabot::UpdateCheckers::Base
-        require_relative "hex/file_preparer"
-        require_relative "hex/requirements_updater"
-        require_relative "hex/version_resolver"
-        def latest_version
-          @latest_version ||=
-            if git_dependency?
-              latest_version_for_git_dependency
-            else
-              latest_release_from_hex_registry || latest_resolvable_version
-            end
-        end
-        def latest_resolvable_version
-          @latest_resolvable_version ||=
-            if git_dependency?
-              latest_resolvable_version_for_git_dependency
-            else
-              fetch_latest_resolvable_version(unlock_requirement: true)
-            end
-        end
-        def latest_resolvable_version_with_no_unlock
-          @latest_resolvable_version_with_no_unlock ||=
-            if git_dependency?
-              latest_resolvable_commit_with_unchanged_git_source
-            else
-              fetch_latest_resolvable_version(unlock_requirement: false)
-            end
-        end
-        def updated_requirements
-          RequirementsUpdater.new(
-            requirements: dependency.requirements,
-            updated_source: updated_source,
-            latest_resolvable_version: latest_resolvable_version&.to_s
-          ).updated_requirements
-        end
-        private
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Elixir (yet)
-          false
-        end
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-        def latest_version_for_git_dependency
-          latest_git_version_sha
-        end
-        def latest_resolvable_version_for_git_dependency
-          # If the gem isn't pinned, the latest version is just the latest
-          # commit for the specified branch.
-          unless git_commit_checker.pinned?
-            return latest_resolvable_commit_with_unchanged_git_source
-          end
-          # If the dependency is pinned to a tag that looks like a version then
-          # we want to update that tag. The latest version will then be the SHA
-          # of the latest tag that looks like a version.
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return new_tag.fetch(:commit_sha)
-          end
-          # If the dependency is pinned then there's nothing we can do.
-          dependency.version
-        end
-        def latest_resolvable_commit_with_unchanged_git_source
-          fetch_latest_resolvable_version(unlock_requirement: false)
-        rescue SharedHelpers::HelperSubprocessFailed,
-               Dependabot::DependencyFileNotResolvable => error
-          # Resolution may fail, as Elixir updates straight to the tip of the
-          # branch. Just return `nil` if it does (so no update).
-          return if error.message.include?("resolution failed")
-          raise error
-        end
-        def git_dependency?
-          git_commit_checker.git_dependency?
-        end
-        def latest_git_version_sha
-          # If the gem isn't pinned, the latest version is just the latest
-          # commit for the specified branch.
-          unless git_commit_checker.pinned?
-            return git_commit_checker.head_commit_for_current_branch
-          end
-          # If the dependency is pinned to a tag that looks like a version then
-          # we want to update that tag. The latest version will then be the SHA
-          # of the latest tag that looks like a version.
-          if git_commit_checker.pinned_ref_looks_like_version?
-            latest_tag = git_commit_checker.local_tag_for_latest_version
-            return latest_tag&.fetch(:commit_sha) || dependency.version
-          end
-          # If the dependency is pinned to a tag that doesn't look like a
-          # version then there's nothing we can do.
-          dependency.version
-        end
-        def latest_git_tag_is_resolvable?
-          return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked
-          @latest_git_tag_is_resolvable_checked = true
-          return false if git_commit_checker.local_tag_for_latest_version.nil?
-          replacement_tag = git_commit_checker.local_tag_for_latest_version
-          prepared_files = FilePreparer.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            replacement_git_pin: replacement_tag.fetch(:tag)
-          ).prepared_dependency_files
-          resolver_result = VersionResolver.new(
-            dependency: dependency,
-            prepared_dependency_files: prepared_files,
-            original_dependency_files: dependency_files,
-            credentials: credentials
-          ).latest_resolvable_version
-          @git_tag_resolvable = !resolver_result.nil?
-        rescue SharedHelpers::HelperSubprocessFailed,
-               Dependabot::DependencyFileNotResolvable => error
-          raise error unless error.message.include?("resolution failed")
-          @git_tag_resolvable = false
-        end
-        def updated_source
-          # Never need to update source, unless a git_dependency
-          return dependency_source_details unless git_dependency?
-          # Update the git tag if updating a pinned version
-          if git_commit_checker.pinned_ref_looks_like_version? &&
-             latest_git_tag_is_resolvable?
-            new_tag = git_commit_checker.local_tag_for_latest_version
-            return dependency_source_details.merge(ref: new_tag.fetch(:tag))
-          end
-          # Otherwise return the original source
-          dependency_source_details
-        end
-        def dependency_source_details
-          sources =
-            dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact
-          raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1
-          sources.first
-        end
-        def fetch_latest_resolvable_version(unlock_requirement:)
-          @latest_resolvable_version_hash ||= {}
-          @latest_resolvable_version_hash[unlock_requirement] ||=
-            version_resolver(unlock_requirement: unlock_requirement).
-            latest_resolvable_version
-        end
-        def version_resolver(unlock_requirement:)
-          @version_resolver ||= {}
-          @version_resolver[unlock_requirement] ||=
-            begin
-              prepared_dependency_files = prepared_dependency_files(
-                unlock_requirement: unlock_requirement,
-                latest_allowable_version: latest_release_from_hex_registry
-              )
-              VersionResolver.new(
-                dependency: dependency,
-                prepared_dependency_files: prepared_dependency_files,
-                original_dependency_files: dependency_files,
-                credentials: credentials
-              )
-            end
-        end
-        def prepared_dependency_files(unlock_requirement:,
-                                      latest_allowable_version: nil)
-          FilePreparer.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            unlock_requirement: unlock_requirement,
-            latest_allowable_version: latest_allowable_version
-          ).prepared_dependency_files
-        end
-        def latest_release_from_hex_registry
-          @latest_release_from_hex_registry ||=
-            begin
-              versions = hex_registry_response&.fetch("releases", []) || []
-              versions =
-                versions.
-                select { |release| version_class.correct?(release["version"]) }.
-                map { |release| version_class.new(release["version"]) }
-              versions.reject!(&:prerelease?) unless wants_prerelease?
-              versions.reject! do |v|
-                ignore_reqs.any? { |r| r.satisfied_by?(v) }
-              end
-              versions.max
-            end
-        end
-        def hex_registry_response
-          return @hex_registry_response if @hex_registry_requested
-          @hex_registry_requested = true
-          response = Excon.get(
-            dependency_url,
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-          return unless response.status == 200
-          @hex_registry_response = JSON.parse(response.body)
-        rescue Excon::Error::Socket, Excon::Error::Timeout
-          nil
-        end
-        def wants_prerelease?
-          current_version = dependency.version
-          if current_version &&
-             version_class.correct?(current_version) &&
-             version_class.new(current_version).prerelease?
-            return true
-          end
-          dependency.requirements.any? do |req|
-            req[:requirement]&.match?(/\d-[A-Za-z0-9]/)
-          end
-        end
-        def dependency_url
-          "https://hex.pm/api/packages/#{dependency.name}"
-        end
-        def git_commit_checker
-          @git_commit_checker ||=
-            GitCommitChecker.new(
-              dependency: dependency,
-              credentials: credentials
-            )
-        end
-      end
-    end
-  end
-end