dependabot-hex 0.118.16 → 0.119.0.beta1

data/helpers/install-dir/hex/deps/jason/lib/jason.ex

@@ -0,0 +1,228 @@
+defmodule Jason do
+  @moduledoc """
+  A blazing fast JSON parser and generator in pure Elixir.
+  """
+
+  alias Jason.{Encode, Decoder, DecodeError, EncodeError, Formatter}
+
+  @type escape :: :json | :unicode_safe | :html_safe | :javascript_safe
+  @type maps :: :naive | :strict
+
+  @type encode_opt :: {:escape, escape} | {:maps, maps} | {:pretty, boolean | Formatter.opts()}
+
+  @type keys :: :atoms | :atoms! | :strings | :copy | (String.t() -> term)
+
+  @type strings :: :reference | :copy
+
+  @type decode_opt :: {:keys, keys} | {:strings, strings}
+
+  @doc """
+  Parses a JSON value from `input` iodata.
+
+  ## Options
+
+    * `:keys` - controls how keys in objects are decoded. Possible values are:
+
+      * `:strings` (default) - decodes keys as binary strings,
+      * `:atoms` - keys are converted to atoms using `String.to_atom/1`,
+      * `:atoms!` - keys are converted to atoms using `String.to_existing_atom/1`,
+      * custom decoder - additionally a function accepting a string and returning a key
+        is accepted.
+
+    * `:strings` - controls how strings (including keys) are decoded. Possible values are:
+
+      * `:reference` (default) - when possible tries to create a sub-binary into the original
+      * `:copy` - always copies the strings. This option is especially useful when parts of the
+        decoded data will be stored for a long time (in ets or some process) to avoid keeping
+        the reference to the original data.
+
+  ## Decoding keys to atoms
+
+  The `:atoms` option uses the `String.to_atom/1` call that can create atoms at runtime.
+  Since the atoms are not garbage collected, this can pose a DoS attack vector when used
+  on user-controlled data.
+
+  ## Examples
+
+      iex> Jason.decode("{}")
+      {:ok, %{}}
+
+      iex> Jason.decode("invalid")
+      {:error, %Jason.DecodeError{data: "invalid", position: 0, token: nil}}
+  """
+  @spec decode(iodata, [decode_opt]) :: {:ok, term} | {:error, DecodeError.t()}
+  def decode(input, opts \\ []) do
+    input = IO.iodata_to_binary(input)
+    Decoder.parse(input, format_decode_opts(opts))
+  end
+
+  @doc """
+  Parses a JSON value from `input` iodata.
+
+  Similar to `decode/2` except it will unwrap the error tuple and raise
+  in case of errors.
+
+  ## Examples
+
+      iex> Jason.decode!("{}")
+      %{}
+
+      iex> Jason.decode!("invalid")
+      ** (Jason.DecodeError) unexpected byte at position 0: 0x69 ('i')
+
+  """
+  @spec decode!(iodata, [decode_opt]) :: term | no_return
+  def decode!(input, opts \\ []) do
+    case decode(input, opts) do
+      {:ok, result} -> result
+      {:error, error} -> raise error
+    end
+  end
+
+  @doc """
+  Generates JSON corresponding to `input`.
+
+  The generation is controlled by the `Jason.Encoder` protocol,
+  please refer to the module to read more on how to define the protocol
+  for custom data types.
+
+  ## Options
+
+    * `:escape` - controls how strings are encoded. Possible values are:
+
+      * `:json` (default) - the regular JSON escaping as defined by RFC 7159.
+      * `:javascript_safe` - additionally escapes the LINE SEPARATOR (U+2028)
+        and PARAGRAPH SEPARATOR (U+2029) characters to make the produced JSON
+        valid JavaScript.
+      * `:html_safe` - similar to `:javascript_safe`, but also escapes the `/`
+        character to prevent XSS.
+      * `:unicode_safe` - escapes all non-ascii characters.
+
+    * `:maps` - controls how maps are encoded. Possible values are:
+
+      * `:strict` - checks the encoded map for duplicate keys and raises
+        if they appear. For example `%{:foo => 1, "foo" => 2}` would be
+        rejected, since both keys would be encoded to the string `"foo"`.
+      * `:naive` (default) - does not perform the check.
+
+    * `:pretty` - controls pretty printing of the output. Possible values are:
+
+      * `true` to pretty print with default configuration
+      * a keyword of options as specified by `Jason.Formatter.pretty_print/2`.
+
+  ## Examples
+
+      iex> Jason.encode(%{a: 1})
+      {:ok, ~S|{"a":1}|}
+
+      iex> Jason.encode("\\xFF")
+      {:error, %Jason.EncodeError{message: "invalid byte 0xFF in <<255>>"}}
+
+  """
+  @spec encode(term, [encode_opt]) ::
+          {:ok, String.t()} | {:error, EncodeError.t() | Exception.t()}
+  def encode(input, opts \\ []) do
+    case do_encode(input, format_encode_opts(opts)) do
+      {:ok, result} -> {:ok, IO.iodata_to_binary(result)}
+      {:error, error} -> {:error, error}
+    end
+  end
+
+  @doc """
+  Generates JSON corresponding to `input`.
+
+  Similar to `encode/1` except it will unwrap the error tuple and raise
+  in case of errors.
+
+  ## Examples
+
+      iex> Jason.encode!(%{a: 1})
+      ~S|{"a":1}|
+
+      iex> Jason.encode!("\\xFF")
+      ** (Jason.EncodeError) invalid byte 0xFF in <<255>>
+
+  """
+  @spec encode!(term, [encode_opt]) :: String.t() | no_return
+  def encode!(input, opts \\ []) do
+    case do_encode(input, format_encode_opts(opts)) do
+      {:ok, result} -> IO.iodata_to_binary(result)
+      {:error, error} -> raise error
+    end
+  end
+
+  @doc """
+  Generates JSON corresponding to `input` and returns iodata.
+
+  This function should be preferred to `encode/2`, if the generated
+  JSON will be handed over to one of the IO functions or sent
+  over the socket. The Erlang runtime is able to leverage vectorised
+  writes and avoid allocating a continuous buffer for the whole
+  resulting string, lowering memory use and increasing performance.
+
+  ## Examples
+
+      iex> {:ok, iodata} = Jason.encode_to_iodata(%{a: 1})
+      iex> IO.iodata_to_binary(iodata)
+      ~S|{"a":1}|
+
+      iex> Jason.encode_to_iodata("\\xFF")
+      {:error, %Jason.EncodeError{message: "invalid byte 0xFF in <<255>>"}}
+
+  """
+  @spec encode_to_iodata(term, [encode_opt]) ::
+          {:ok, iodata} | {:error, EncodeError.t() | Exception.t()}
+  def encode_to_iodata(input, opts \\ []) do
+    do_encode(input, format_encode_opts(opts))
+  end
+
+  @doc """
+  Generates JSON corresponding to `input` and returns iodata.
+
+  Similar to `encode_to_iodata/1` except it will unwrap the error tuple
+  and raise in case of errors.
+
+  ## Examples
+
+      iex> iodata = Jason.encode_to_iodata!(%{a: 1})
+      iex> IO.iodata_to_binary(iodata)
+      ~S|{"a":1}|
+
+      iex> Jason.encode_to_iodata!("\\xFF")
+      ** (Jason.EncodeError) invalid byte 0xFF in <<255>>
+
+  """
+  @spec encode_to_iodata!(term, [encode_opt]) :: iodata | no_return
+  def encode_to_iodata!(input, opts \\ []) do
+    case do_encode(input, format_encode_opts(opts)) do
+      {:ok, result} -> result
+      {:error, error} -> raise error
+    end
+  end
+
+  defp do_encode(input, %{pretty: true} = opts) do
+    case Encode.encode(input, opts) do
+      {:ok, encoded} -> {:ok, Formatter.pretty_print_to_iodata(encoded)}
+      other -> other
+    end
+  end
+
+  defp do_encode(input, %{pretty: pretty} = opts) when pretty !== false do
+    case Encode.encode(input, opts) do
+      {:ok, encoded} -> {:ok, Formatter.pretty_print_to_iodata(encoded, pretty)}
+      other -> other
+    end
+  end
+
+  defp do_encode(input, opts) do
+    Encode.encode(input, opts)
+  end
+
+  defp format_encode_opts(opts) do
+    Enum.into(opts, %{escape: :json, maps: :naive})
+  end
+
+  defp format_decode_opts(opts) do
+    Enum.into(opts, %{keys: :strings, strings: :reference})
+  end
+end

data/helpers/install-dir/hex/deps/jason/mix.exs

@@ -0,0 +1,76 @@
+defmodule Jason.Mixfile do
+  use Mix.Project
+
+  @version "1.2.1"
+
+  def project() do
+    [
+      app: :jason,
+      version: @version,
+      elixir: "~> 1.4",
+      start_permanent: Mix.env() == :prod,
+      consolidate_protocols: Mix.env() != :test,
+      deps: deps(),
+      preferred_cli_env: [docs: :docs],
+      dialyzer: dialyzer(),
+      description: description(),
+      package: package(),
+      docs: docs()
+    ]
+  end
+
+  def application() do
+    [
+      extra_applications: []
+    ]
+  end
+
+  defp deps() do
+    [
+      {:decimal, "~> 1.0", optional: true},
+      {:dialyxir, "~> 1.0", only: [:dev, :test], runtime: false},
+      {:ex_doc, "~> 0.18", only: :docs},
+    ] ++ maybe_stream_data()
+  end
+
+  defp maybe_stream_data() do
+    if Version.match?(System.version(), "~> 1.5") do
+      [{:stream_data, "~> 0.4", only: :test}]
+    else
+      []
+    end
+  end
+
+  defp dialyzer() do
+    [
+      ignore_warnings: "dialyzer.ignore"
+    ]
+  end
+
+  defp description() do
+    """
+    A blazing fast JSON parser and generator in pure Elixir.
+    """
+  end
+
+  defp package() do
+    [
+      maintainers: ["Michał Muskała"],
+      licenses: ["Apache-2.0"],
+      links: %{"GitHub" => "https://github.com/michalmuskala/jason"}
+    ]
+  end
+
+  defp docs() do
+    [
+      main: "readme",
+      name: "Jason",
+      source_ref: "v#{@version}",
+      canonical: "http://hexdocs.pm/jason",
+      source_url: "https://github.com/michalmuskala/jason",
+      extras: [
+        "README.md"
+      ]
+    ]
+  end
+end

data/helpers/install-dir/hex/lib/check_update.exs

@@ -0,0 +1,92 @@
+defmodule UpdateChecker do
+  def run(dependency_name, credentials) do
+    set_credentials(credentials)
+
+    # Update the lockfile in a session that we can time out
+    task = Task.async(fn -> do_resolution(dependency_name) end)
+    case Task.yield(task, 30000) || Task.shutdown(task) do
+      {:ok, {:ok, :resolution_successful}} ->
+        # Read the new lock
+        {updated_lock, _updated_rest_lock} =
+          Map.split(Mix.Dep.Lock.read(), [String.to_atom(dependency_name)])
+
+        # Get the new dependency version
+        version =
+          updated_lock
+          |> Map.get(String.to_atom(dependency_name))
+          |> elem(2)
+        {:ok, version}
+
+      {:ok, {:error, error}} -> {:error, error}
+
+      nil -> {:error, :dependency_resolution_timed_out}
+
+      {:exit, reason} -> {:error, reason}
+    end
+  end
+
+  defp set_credentials(credentials) do
+    credentials
+    |> Enum.reduce([], fn cred, acc ->
+      if List.last(acc) == nil || List.last(acc)[:token] do
+        List.insert_at(acc, -1, %{organization: cred})
+      else
+        {item, acc} = List.pop_at(acc, -1)
+        item = Map.put(item, :token, cred)
+        List.insert_at(acc, -1, item)
+      end
+    end)
+    |> Enum.each(fn cred ->
+      hexpm = Hex.Repo.get_repo("hexpm")
+
+      repo = %{
+        url: hexpm.url <> "/repos/#{cred.organization}",
+        public_key: nil,
+        auth_key: cred.token
+      }
+
+      Hex.Config.read()
+      |> Hex.Config.read_repos()
+      |> Map.put("hexpm:#{cred.organization}", repo)
+      |> Hex.Config.update_repos()
+    end)
+  end
+
+  defp do_resolution(dependency_name) do
+    # Fetch dependencies that needs updating
+    {dependency_lock, rest_lock} =
+      Map.split(Mix.Dep.Lock.read(), [String.to_atom(dependency_name)])
+
+    try do
+      Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+      {:ok, :resolution_successful}
+    rescue
+      error -> {:error, error}
+    end
+  end
+end
+
+[dependency_name | credentials] = System.argv()
+
+
+case UpdateChecker.run(dependency_name, credentials) do
+  {:ok, version} ->
+    version = :erlang.term_to_binary({:ok, version})
+    IO.write(:stdio, version)
+
+  {:error, %Hex.Version.InvalidRequirementError{} = error}  ->
+    result = :erlang.term_to_binary({:error, "Invalid requirement: #{error.requirement}"})
+    IO.write(:stdio, result)
+
+  {:error, %Mix.Error{} = error} ->
+    result = :erlang.term_to_binary({:error, "Dependency resolution failed: #{error.message}"})
+    IO.write(:stdio, result)
+
+  {:error, :dependency_resolution_timed_out} ->
+    # We do nothing here because Hex is already printing out a message in stdout
+    nil
+
+  {:error, error} ->
+    result = :erlang.term_to_binary({:error, "Unknown error in check_update: #{inspect(error)}"})
+    IO.write(:stdio, result)
+end

data/helpers/install-dir/hex/lib/do_update.exs

@@ -0,0 +1,39 @@
+[dependency_name | credentials] = System.argv()
+
+grouped_creds = Enum.reduce credentials, [], fn cred, acc ->
+  if List.last(acc) == nil || List.last(acc)[:token] do
+    List.insert_at(acc, -1, %{ organization: cred })
+  else
+    { item, acc } = List.pop_at(acc, -1)
+    item = Map.put(item, :token, cred)
+    List.insert_at(acc, -1, item)
+  end
+end
+
+Enum.each grouped_creds, fn cred ->
+  hexpm = Hex.Repo.get_repo("hexpm")
+  repo = %{
+    url: hexpm.url <> "/repos/#{cred.organization}",
+    public_key: nil,
+    auth_key: cred.token
+  }
+
+  Hex.Config.read()
+  |> Hex.Config.read_repos()
+  |> Map.put("hexpm:#{cred.organization}", repo)
+  |> Hex.Config.update_repos()
+end
+
+# dependency atom
+dependency = String.to_atom(dependency_name)
+
+# Fetch dependencies that needs updating
+{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
+Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+
+lockfile_content =
+  "mix.lock"
+  |> File.read()
+  |> :erlang.term_to_binary()
+
+IO.write(:stdio, lockfile_content)

data/helpers/install-dir/hex/lib/parse_deps.exs

@@ -0,0 +1,104 @@
+defmodule Parser do
+  def run do
+    Mix.Dep.load_on_environment([])
+    |> Enum.flat_map(&parse_dep/1)
+    |> Enum.map(&build_dependency(&1.opts[:lock], &1))
+  end
+
+  defp build_dependency(nil, dep) do
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      groups: [],
+      requirement: normalise_requirement(dep.requirement),
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+
+  defp build_dependency(lock, dep) do
+    {version, checksum, source} = parse_lock(lock)
+    groups = parse_groups(dep.opts[:only])
+
+    %{
+      name: dep.app,
+      from: Path.relative_to_cwd(dep.from),
+      version: version,
+      groups: groups,
+      checksum: checksum,
+      requirement: normalise_requirement(dep.requirement),
+      source: source,
+      top_level: dep.top_level || umbrella_top_level_dep?(dep)
+    }
+  end
+
+  defp parse_groups(nil), do: []
+  defp parse_groups(only) when is_list(only), do: only
+  defp parse_groups(only), do: [only]
+
+  # path dependency
+  defp parse_dep(%{scm: Mix.SCM.Path, opts: opts} = dep) do
+    cond do
+      # umbrella dependency - ignore
+      opts[:in_umbrella] ->
+        []
+
+      # umbrella application
+      opts[:from_umbrella] ->
+        Enum.reject(dep.deps, fn dep -> dep.opts[:in_umbrella] end)
+
+      true ->
+        []
+    end
+  end
+
+  # hex, git dependency
+  defp parse_dep(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
+
+  # unsupported
+  defp parse_dep(_dep), do: []
+
+  defp umbrella_top_level_dep?(dep) do
+    if Mix.Project.umbrella?() do
+      apps_paths = Path.expand(Mix.Project.config()[:apps_path], File.cwd!())
+      String.contains?(Path.dirname(Path.dirname(dep.from)), apps_paths)
+    else
+      false
+    end
+  end
+
+  defp parse_lock({:git, repo_url, checksum, opts}),
+    do: {nil, checksum, git_source(repo_url, opts)}
+
+  defp parse_lock(tuple) when elem(tuple, 0) == :hex do
+    destructure [:hex, _app, version, _old_checksum, _managers, _deps, _repo, checksum],
+                Tuple.to_list(tuple)
+
+    {version, checksum, nil}
+  end
+
+  defp normalise_requirement(req) do
+    req
+    |> maybe_regex_to_str()
+    |> empty_str_to_nil()
+  end
+
+  defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
+  defp empty_str_to_nil(""), do: nil
+  defp empty_str_to_nil(s), do: s
+
+  def git_source(repo_url, opts) do
+    ref = opts[:ref] || opts[:tag]
+    ref = if is_list(ref), do: to_string(ref), else: ref
+
+    %{
+      type: "git",
+      url: repo_url,
+      branch: opts[:branch] || "master",
+      ref: ref
+    }
+  end
+end
+
+dependencies = :erlang.term_to_binary({:ok, Parser.run()})
+
+IO.write(:stdio, dependencies)

data/helpers/install-dir/hex/lib/run.exs

@@ -0,0 +1,76 @@
+defmodule DependencyHelper do
+  def main() do
+    IO.read(:stdio, :all)
+    |> Jason.decode!()
+    |> run()
+    |> case do
+      {output, 0} ->
+        if output =~ "No authenticated organization found" do
+          {:error, output}
+        else
+          {:ok, :erlang.binary_to_term(output)}
+        end
+
+      {error, 1} -> {:error, error}
+    end
+    |> handle_result()
+  end
+
+  defp handle_result({:ok, {:ok, result}}) do
+    encode_and_write(%{"result" => result})
+  end
+
+  defp handle_result({:ok, {:error, reason}}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+
+  defp handle_result({:error, reason}) do
+    encode_and_write(%{"error" => reason})
+    System.halt(1)
+  end
+
+  defp encode_and_write(content) do
+    content
+    |> Jason.encode!()
+    |> IO.write()
+  end
+
+  defp run(%{"function" => "parse", "args" => [dir]}) do
+    run_script("parse_deps.exs", dir)
+  end
+
+  defp run(%{"function" => "get_latest_resolvable_version", "args" => [dir, dependency_name, credentials]}) do
+    run_script("check_update.exs", dir, [dependency_name] ++ credentials)
+  end
+
+  defp run(%{"function" => "get_updated_lockfile", "args" => [dir, dependency_name, credentials]}) do
+    run_script("do_update.exs", dir, [dependency_name] ++ credentials)
+  end
+
+  defp run_script(script, dir, args \\ []) do
+    args = [
+      "run",
+      "--no-deps-check",
+      "--no-start",
+      "--no-compile",
+      "--no-elixir-version-check",
+      script
+    ] ++ args
+
+    System.cmd(
+      "mix",
+      args,
+      [
+        cd: dir,
+        env: %{
+          "MIX_EXS" => nil,
+          "MIX_LOCK" => nil,
+          "MIX_DEPS" => nil
+        }
+      ]
+    )
+  end
+end
+
+DependencyHelper.main()

data/helpers/install-dir/hex/mix.exs

@@ -0,0 +1,21 @@
+defmodule DependabotCore.Mixfile do
+  use Mix.Project
+
+  def project do
+    [app: :dependabot_core,
+     version: "0.1.0",
+     elixir: "~> 1.5",
+     start_permanent: Mix.env == :prod,
+     lockfile: System.get_env("MIX_LOCK") || "mix.lock",
+     deps_path: System.get_env("MIX_DEPS") || "deps",
+     deps: deps()]
+  end
+
+  def application do
+    [extra_applications: [:logger]]
+  end
+
+  defp deps() do
+    [{:jason, "~> 1.0"}]
+  end
+end

data/helpers/install-dir/hex/mix.lock

@@ -0,0 +1,3 @@
+%{
+  "jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"},
+}