dependabot-core 0.87.15 → 0.88.0

data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb

@@ -1,193 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/dependency_file"
-require "dependabot/update_checkers/elixir/hex"
-require "dependabot/file_updaters/elixir/hex/mixfile_requirement_updater"
-require "dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater"
-require "dependabot/file_updaters/elixir/hex/mixfile_sanitizer"
-require "dependabot/utils/elixir/version"
-
-module Dependabot
-  module UpdateCheckers
-    module Elixir
-      class Hex
-        # This class takes a set of dependency files and sanitizes them for use
-        # in UpdateCheckers::Elixir::Hex.
-        class FilePreparer
-          def initialize(dependency_files:, dependency:,
-                         unlock_requirement: true,
-                         replacement_git_pin: nil,
-                         latest_allowable_version: nil)
-            @dependency_files = dependency_files
-            @dependency = dependency
-            @unlock_requirement = unlock_requirement
-            @replacement_git_pin = replacement_git_pin
-            @latest_allowable_version = latest_allowable_version
-          end
-
-          def prepared_dependency_files
-            files = []
-            files += mixfiles.map do |file|
-              DependencyFile.new(
-                name: file.name,
-                content: mixfile_content_for_update_check(file),
-                directory: file.directory
-              )
-            end
-            files << lockfile if lockfile
-            files += support_files
-            files
-          end
-
-          private
-
-          attr_reader :dependency_files, :dependency, :replacement_git_pin,
-                      :latest_allowable_version
-
-          def unlock_requirement?
-            @unlock_requirement
-          end
-
-          def replace_git_pin?
-            !replacement_git_pin.nil?
-          end
-
-          def mixfile_content_for_update_check(file)
-            content = file.content
-
-            unless dependency_appears_in_file?(file.name)
-              return sanitize_mixfile(content)
-            end
-
-            content = relax_version(content, filename: file.name)
-            if replace_git_pin?
-              content = replace_git_pin(content, filename: file.name)
-            end
-
-            sanitize_mixfile(content)
-          end
-
-          def relax_version(content, filename:)
-            old_requirement =
-              dependency.requirements.find { |r| r.fetch(:file) == filename }.
-              fetch(:requirement)
-
-            FileUpdaters::Elixir::Hex::MixfileRequirementUpdater.new(
-              dependency_name: dependency.name,
-              mixfile_content: content,
-              previous_requirement: old_requirement,
-              updated_requirement: updated_version_requirement_string(filename),
-              insert_if_bare: true
-            ).updated_content
-          end
-
-          def updated_version_requirement_string(filename)
-            lower_bound_req = updated_version_req_lower_bound(filename)
-
-            return lower_bound_req if latest_allowable_version.nil?
-            unless version_class.correct?(latest_allowable_version)
-              return lower_bound_req
-            end
-
-            lower_bound_req + " and <= #{latest_allowable_version}"
-          end
-
-          # rubocop:disable Metrics/AbcSize
-          # rubocop:disable Metrics/PerceivedComplexity
-          def updated_version_req_lower_bound(filename)
-            original_req = dependency.requirements.
-                           find { |r| r.fetch(:file) == filename }&.
-                           fetch(:requirement)
-
-            if original_req && !unlock_requirement? then original_req
-            elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
-            elsif dependency.version then ">= #{dependency.version}"
-            else
-              version_for_requirement =
-                dependency.requirements.map { |r| r[:requirement] }.compact.
-                reject { |req_string| req_string.start_with?("<") }.
-                select { |req_string| req_string.match?(version_regex) }.
-                map { |req_string| req_string.match(version_regex) }.
-                select { |version| version_class.correct?(version.to_s) }.
-                max_by { |version| version_class.new(version.to_s) }
-
-              return ">= 0" unless version_for_requirement
-
-              # Elixir requires that versions are specified to three places
-              # when used with a >= specifier
-              parts = version_for_requirement.to_s.split(".")
-              parts << "0" while parts.count < 3
-              ">= #{parts.join('.')}"
-            end
-          end
-          # rubocop:enable Metrics/AbcSize
-          # rubocop:enable Metrics/PerceivedComplexity
-
-          def replace_git_pin(content, filename:)
-            old_pin =
-              dependency.requirements.find { |r| r.fetch(:file) == filename }&.
-              dig(:source, :ref)
-
-            return content unless old_pin
-            return content if old_pin == replacement_git_pin
-
-            FileUpdaters::Elixir::Hex::MixfileGitPinUpdater.new(
-              dependency_name: dependency.name,
-              mixfile_content: content,
-              previous_pin: old_pin,
-              updated_pin: replacement_git_pin
-            ).updated_content
-          end
-
-          def sanitize_mixfile(content)
-            FileUpdaters::Elixir::Hex::MixfileSanitizer.new(
-              mixfile_content: content
-            ).sanitized_content
-          end
-
-          def mixfiles
-            mixfiles =
-              dependency_files.
-              select { |f| f.name.end_with?("mix.exs") }
-            raise "No mix.exs!" if mixfiles.none?
-
-            mixfiles
-          end
-
-          def lockfile
-            @lockfile ||= dependency_files.find { |f| f.name == "mix.lock" }
-          end
-
-          def support_files
-            @support_files ||= dependency_files.select(&:support_file)
-          end
-
-          def wants_prerelease?
-            current_version = dependency.version
-            if current_version &&
-               version_class.correct?(current_version) &&
-               version_class.new(current_version).prerelease?
-              return true
-            end
-
-            dependency.requirements.any? do |req|
-              req[:requirement].match?(/\d-[A-Za-z0-9]/)
-            end
-          end
-
-          def version_class
-            Utils::Elixir::Version
-          end
-
-          def version_regex
-            version_class::VERSION_PATTERN
-          end
-
-          def dependency_appears_in_file?(file_name)
-            dependency.requirements.any? { |r| r[:file] == file_name }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb

@@ -1,177 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/utils/elixir/version"
-require "dependabot/utils/elixir/requirement"
-require "dependabot/update_checkers/elixir/hex"
-
-module Dependabot
-  module UpdateCheckers
-    module Elixir
-      class Hex
-        class RequirementsUpdater
-          OPERATORS = />=|<=|>|<|==|~>/.freeze
-          AND_SEPARATOR = /\s+and\s+/.freeze
-          OR_SEPARATOR = /\s+or\s+/.freeze
-          SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/.freeze
-
-          def initialize(requirements:, latest_resolvable_version:,
-                         updated_source:)
-            @requirements = requirements
-            @updated_source = updated_source
-
-            return unless latest_resolvable_version
-            unless Utils::Elixir::Version.correct?(latest_resolvable_version)
-              return
-            end
-
-            @latest_resolvable_version =
-              Utils::Elixir::Version.new(latest_resolvable_version)
-          end
-
-          def updated_requirements
-            requirements.map { |req| updated_mixfile_requirement(req) }
-          end
-
-          private
-
-          attr_reader :requirements, :latest_resolvable_version, :updated_source
-
-          # rubocop:disable Metrics/AbcSize
-          # rubocop:disable PerceivedComplexity
-          def updated_mixfile_requirement(req)
-            req = update_source(req)
-            return req unless latest_resolvable_version && req[:requirement]
-            return req if req_satisfied_by_latest_resolvable?(req[:requirement])
-
-            or_string_reqs = req[:requirement].split(OR_SEPARATOR)
-            last_string_reqs = or_string_reqs.last.split(AND_SEPARATOR).
-                               map(&:strip)
-
-            new_requirement =
-              if last_string_reqs.any? { |r| r.match(/^(?:\d|=)/) }
-                exact_req = last_string_reqs.find { |r| r.match(/^(?:\d|=)/) }
-                update_exact_version(exact_req, latest_resolvable_version).to_s
-              elsif last_string_reqs.any? { |r| r.start_with?("~>") }
-                tw_req = last_string_reqs.find { |r| r.start_with?("~>") }
-                update_twiddle_version(tw_req, latest_resolvable_version).to_s
-              else
-                update_mixfile_range(last_string_reqs).map(&:to_s).join(" and ")
-              end
-
-            if or_string_reqs.count > 1
-              new_requirement = req[:requirement] + " or " + new_requirement
-            end
-
-            req.merge(requirement: new_requirement)
-          end
-          # rubocop:enable Metrics/AbcSize
-          # rubocop:enable PerceivedComplexity
-
-          def update_source(requirement_hash)
-            # Only git sources ever need to be updated. Anything else should be
-            # left alone.
-            unless requirement_hash.dig(:source, :type) == "git"
-              return requirement_hash
-            end
-
-            requirement_hash.merge(source: updated_source)
-          end
-
-          def req_satisfied_by_latest_resolvable?(requirement_string)
-            ruby_requirements(requirement_string).
-              any? { |r| r.satisfied_by?(latest_resolvable_version) }
-          end
-
-          def ruby_requirements(requirement_string)
-            requirement_class.requirements_array(requirement_string)
-          end
-
-          def update_exact_version(previous_req, new_version)
-            op = previous_req.match(OPERATORS).to_s
-            old_version =
-              Utils::Elixir::Version.new(previous_req.gsub(OPERATORS, ""))
-            updated_version = at_same_precision(new_version, old_version)
-            "#{op} #{updated_version}".strip
-          end
-
-          def update_twiddle_version(previous_req, new_version)
-            previous_req = requirement_class.new(previous_req)
-            old_version = previous_req.requirements.first.last
-            updated_version = at_same_precision(new_version, old_version)
-            requirement_class.new("~> #{updated_version}")
-          end
-
-          def update_mixfile_range(requirements)
-            requirements = requirements.map { |r| requirement_class.new(r) }
-            updated_requirements =
-              requirements.flat_map do |r|
-                next r if r.satisfied_by?(latest_resolvable_version)
-
-                case op = r.requirements.first.first
-                when "<", "<="
-                  [update_greatest_version(r, latest_resolvable_version)]
-                when "!="
-                  []
-                else
-                  raise "Unexpected operation for unsatisfied Gemfile "\
-                        "requirement: #{op}"
-                end
-              end
-
-            binding_requirements(updated_requirements)
-          end
-
-          def at_same_precision(new_version, old_version)
-            precision = old_version.to_s.split(".").count
-            new_version.to_s.split(".").first(precision).join(".")
-          end
-
-          # Updates the version in a "<" or "<=" constraint to allow the given
-          # version
-          def update_greatest_version(requirement, version_to_be_permitted)
-            if version_to_be_permitted.is_a?(String)
-              version_to_be_permitted =
-                Utils::Elixir::Version.new(version_to_be_permitted)
-            end
-            op, version = requirement.requirements.first
-            version = version.release if version.prerelease?
-
-            index_to_update =
-              version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-
-            new_segments = version.segments.map.with_index do |_, index|
-              if index < index_to_update
-                version_to_be_permitted.segments[index]
-              elsif index == index_to_update
-                version_to_be_permitted.segments[index] + 1
-              else 0
-              end
-            end
-
-            requirement_class.new("#{op} #{new_segments.join('.')}")
-          end
-
-          def binding_requirements(requirements)
-            grouped_by_operator =
-              requirements.group_by { |r| r.requirements.first.first }
-
-            binding_reqs = grouped_by_operator.flat_map do |operator, reqs|
-              case operator
-              when "<", "<=" then reqs.min_by { |r| r.requirements.first.last }
-              when ">", ">=" then reqs.max_by { |r| r.requirements.first.last }
-              else requirements
-              end
-            end.uniq
-
-            binding_reqs << requirement_class.new if binding_reqs.empty?
-            binding_reqs.sort_by { |r| r.requirements.first.last }
-          end
-
-          def requirement_class
-            Utils::Elixir::Requirement
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb

@@ -1,175 +0,0 @@
-# frozen_string_literal: true
-
-require "dependabot/utils/elixir/version"
-require "dependabot/update_checkers/elixir/hex"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-
-module Dependabot
-  module UpdateCheckers
-    module Elixir
-      class Hex
-        class VersionResolver
-          def initialize(dependency:, credentials:,
-                         original_dependency_files:, prepared_dependency_files:)
-            @dependency = dependency
-            @original_dependency_files = original_dependency_files
-            @prepared_dependency_files = prepared_dependency_files
-            @credentials = credentials
-          end
-
-          def latest_resolvable_version
-            @latest_resolvable_version ||= fetch_latest_resolvable_version
-          end
-
-          private
-
-          attr_reader :dependency, :credentials,
-                      :original_dependency_files, :prepared_dependency_files
-
-          def fetch_latest_resolvable_version
-            latest_resolvable_version =
-              SharedHelpers.in_a_temporary_directory do
-                write_temporary_dependency_files
-                FileUtils.cp(
-                  elixir_helper_check_update_path,
-                  "check_update.exs"
-                )
-
-                SharedHelpers.with_git_configured(credentials: credentials) do
-                  run_elixir_update_checker
-                end
-              end
-
-            return if latest_resolvable_version.nil?
-            if latest_resolvable_version.match?(/^[0-9a-f]{40}$/)
-              return latest_resolvable_version
-            end
-
-            version_class.new(latest_resolvable_version)
-          rescue SharedHelpers::HelperSubprocessFailed => error
-            handle_hex_errors(error)
-          end
-
-          def run_elixir_update_checker
-            SharedHelpers.run_helper_subprocess(
-              env: mix_env,
-              command: "mix run #{elixir_helper_path}",
-              function: "get_latest_resolvable_version",
-              args: [Dir.pwd,
-                     dependency.name,
-                     organization_credentials],
-              popen_opts: { err: %i(child out) }
-            )
-          end
-
-          def handle_hex_errors(error)
-            if error.message.include?("No authenticated organization found")
-              org = error.message.match(/found for ([a-z_]+)\./).captures.first
-              raise Dependabot::PrivateSourceAuthenticationFailure, org
-            end
-
-            if error.message.include?("Failed to fetch record for")
-              org_match = error.message.match(%r{for 'hexpm:([a-z_]+)/})
-              org = org_match&.captures&.first
-              raise Dependabot::PrivateSourceAuthenticationFailure, org if org
-            end
-
-            # TODO: This isn't pretty. It would be much nicer to catch the
-            # warnings as part of the Elixir module.
-            return error_result(error) if includes_result?(error)
-
-            # Ignore dependencies which don't resolve due to mis-matching
-            # environment specifications.
-            # TODO: Update the environment specifications instead
-            return if error.message.include?("Dependencies have diverged")
-
-            check_original_requirements_resolvable
-            raise error
-          end
-
-          def error_result(error)
-            return false unless includes_result?(error)
-
-            result_json = error.message&.split("\n")&.last
-            result = JSON.parse(result_json)["result"]
-            return version_class.new(result) if version_class.correct?(result)
-
-            result
-          end
-
-          def includes_result?(error)
-            result = error.message&.split("\n")&.last
-            return false unless result
-
-            JSON.parse(error.message&.split("\n")&.last)["result"]
-            true
-          rescue JSON::ParserError
-            false
-          end
-
-          def check_original_requirements_resolvable
-            SharedHelpers.in_a_temporary_directory do
-              write_temporary_dependency_files(prepared: false)
-              FileUtils.cp(
-                elixir_helper_check_update_path,
-                "check_update.exs"
-              )
-
-              SharedHelpers.with_git_configured(credentials: credentials) do
-                run_elixir_update_checker
-              end
-            end
-
-            true
-          rescue SharedHelpers::HelperSubprocessFailed => error
-            raise Dependabot::DependencyFileNotResolvable, error.message
-          end
-
-          def write_temporary_dependency_files(prepared: true)
-            files = if prepared then prepared_dependency_files
-                    else original_dependency_files
-                    end
-
-            files.each do |file|
-              path = file.name
-              FileUtils.mkdir_p(Pathname.new(path).dirname)
-              File.write(path, file.content)
-            end
-          end
-
-          def version_class
-            Utils::Elixir::Version
-          end
-
-          def mix_env
-            {
-              "MIX_EXS" => File.join(project_root, "helpers/elixir/mix.exs"),
-              "MIX_LOCK" => File.join(project_root, "helpers/elixir/mix.lock"),
-              "MIX_DEPS" => File.join(project_root, "helpers/elixir/deps"),
-              "MIX_QUIET" => "1"
-            }
-          end
-
-          def elixir_helper_path
-            File.join(project_root, "helpers/elixir/bin/run.exs")
-          end
-
-          def elixir_helper_check_update_path
-            File.join(project_root, "helpers/elixir/bin/check_update.exs")
-          end
-
-          def project_root
-            File.join(File.dirname(__FILE__), "../../../../..")
-          end
-
-          def organization_credentials
-            credentials.
-              select { |cred| cred["type"] == "hex_organization" }.
-              flat_map { |cred| [cred["organization"], cred["token"]] }
-          end
-        end
-      end
-    end
-  end
-end