dependabot-hex 0.124.7 → 0.125.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 687d422f29e9c27f8c770c21374f63a0dea03b8fb52ab078ab44c5c5eb9ed418
-  data.tar.gz: 63abd57dd5c0c63a4f82c2e48ee30a5a86eef8e1cf6ab52bfdab3ec7c0f9030e
+  metadata.gz: a36c9777c2db45cf67dd2ce2d81aaec014dd27d62edad43069deb80bad80d3fd
+  data.tar.gz: d4f53fb6fe1be904d461995842890a5ff8b07a0dd6f06d1460c7724d855fdc8e
 SHA512:
-  metadata.gz: 38ca94e9279385f0a8a8b8cc3672d2269fbeb46f63c3f28e5adc7c08f2a7eb6f60eee632b3707ecc8c5b6896106d48f955027f703820de85c802cd04ee60ca34
-  data.tar.gz: d4d41e8f8f03b2eb0ca95877b90226cb1161092ab4d715a3e2f8f3cb7ca1131cca867f7166a91f2f156c15e0ca44a0348bb8114889bdfc9132cf1d894cb9dc50
+  metadata.gz: 7ca5e56a99fc842eabdb7707caea000a3e7b8bfcbfd022efabb08ddfee1d05ca2ab5a7ccb17bf921157cc9dc426a5e223c239bb9b48980e6e6e8dc6cfd7f6c30
+  data.tar.gz: ca81978e969bde8dcd3fa8136a471cb16b9a96ec6fa6ba50533515806fe9671464070163fe00dc2f0c206e4a20f229ef282b32bd7f907638278e7b281ee93bab

data/lib/dependabot/hex/file_fetcher.rb

@@ -8,8 +8,9 @@ module Dependabot
     class FileFetcher < Dependabot::FileFetchers::Base
       APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m.freeze
       STRING_ARG = %{(?:["'](.*?)["'])}
-      EVAL_FILE = /Code\.eval_file\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/.
-                  freeze
+      SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze
+      SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/.
+                     freeze
 
       def self.required_files_in?(filenames)
         filenames.include?("mix.exs")
@@ -26,7 +27,7 @@ module Dependabot
         fetched_files << mixfile
         fetched_files << lockfile if lockfile
         fetched_files += subapp_mixfiles
-        fetched_files += evaled_files
+        fetched_files += support_files
         fetched_files
       end
 
@@ -66,9 +67,9 @@ module Dependabot
         []
       end
 
-      def evaled_files
-        mixfile.content.scan(EVAL_FILE).map do |eval_file_args|
-          path = Pathname.new(File.join(*eval_file_args.reverse)).
+      def support_files
+        mixfile.content.scan(SUPPORT_FILE).map do |support_file_args|
+          path = Pathname.new(File.join(*support_file_args.compact.reverse)).
                  cleanpath.to_path
           fetch_file_from_host(path).tap { |f| f.support_file = true }
         end

data/lib/dependabot/hex/file_parser.rb

@@ -42,7 +42,7 @@ module Dependabot
       def dependency_details
         SharedHelpers.in_a_temporary_directory do
           write_sanitized_mixfiles
-          write_supporting_files
+          write_sanitized_supporting_files
           File.write("mix.lock", lockfile.content) if lockfile
           FileUtils.cp(elixir_helper_parse_deps_path, "parse_deps.exs")
 
@@ -73,11 +73,11 @@ module Dependabot
         end
       end
 
-      def write_supporting_files
+      def write_sanitized_supporting_files
         dependency_files.select(&:support_file).each do |file|
           path = file.name
           FileUtils.mkdir_p(Pathname.new(path).dirname)
-          File.write(path, file.content)
+          File.write(path, sanitize_mixfile(file.content))
         end
       end
 

data/lib/dependabot/hex/file_updater/lockfile_updater.rb

@@ -66,7 +66,7 @@ module Dependabot
           dependency_files.select(&:support_file).each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(path, file.content)
+            File.write(path, sanitize_mixfile(file.content))
           end
         end
 

data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb

@@ -18,9 +18,7 @@ module Dependabot
         def updated_content
           updated_content = update_pin(mixfile_content)
 
-          if content_should_change? && mixfile_content == updated_content
-            raise "Expected content to change!"
-          end
+          raise "Expected content to change!" if content_should_change? && mixfile_content == updated_content
 
           updated_content
         end

data/lib/dependabot/hex/file_updater/mixfile_requirement_updater.rb

@@ -20,9 +20,7 @@ module Dependabot
         def updated_content
           updated_content = update_requirement(mixfile_content)
 
-          if content_should_change? && mixfile_content == updated_content
-            raise "Expected content to change!"
-          end
+          raise "Expected content to change!" if content_should_change? && mixfile_content == updated_content
 
           updated_content
         end

data/lib/dependabot/hex/update_checker.rb

@@ -68,9 +68,7 @@ module Dependabot
       def latest_resolvable_version_for_git_dependency
         # If the gem isn't pinned, the latest version is just the latest
         # commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return latest_resolvable_commit_with_unchanged_git_source
-        end
+        return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA
@@ -103,9 +101,7 @@ module Dependabot
       def latest_git_version_sha
         # If the gem isn't pinned, the latest version is just the latest
         # commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
+        return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA
@@ -225,9 +221,7 @@ module Dependabot
               ignore_reqs.any? { |r| r.satisfied_by?(v) }
             end
 
-            if @raise_on_ignored && filtered.empty? && versions.any?
-              raise AllVersionsIgnored
-            end
+            raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions.any?
 
             filtered.max
           end

data/lib/dependabot/hex/update_checker/file_preparer.rb

@@ -54,14 +54,10 @@ module Dependabot
         def mixfile_content_for_update_check(file)
           content = file.content
 
-          unless dependency_appears_in_file?(file.name)
-            return sanitize_mixfile(content)
-          end
+          return sanitize_mixfile(content) unless dependency_appears_in_file?(file.name)
 
           content = relax_version(content, filename: file.name)
-          if replace_git_pin?
-            content = replace_git_pin(content, filename: file.name)
-          end
+          content = replace_git_pin(content, filename: file.name) if replace_git_pin?
 
           sanitize_mixfile(content)
         end
@@ -85,9 +81,7 @@ module Dependabot
           lower_bound_req = updated_version_req_lower_bound(filename)
 
           return lower_bound_req if latest_allowable_version.nil?
-          unless version_class.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
+          return lower_bound_req unless version_class.correct?(latest_allowable_version)
 
           lower_bound_req + " and <= #{latest_allowable_version}"
         end

data/lib/dependabot/hex/update_checker/requirements_updater.rb

@@ -54,9 +54,7 @@ module Dependabot
               update_mixfile_range(last_string_reqs).map(&:to_s).join(" and ")
             end
 
-          if or_string_reqs.count > 1
-            new_requirement = req[:requirement] + " or " + new_requirement
-          end
+          new_requirement = req[:requirement] + " or " + new_requirement if or_string_reqs.count > 1
 
           req.merge(requirement: new_requirement)
         end
@@ -66,9 +64,7 @@ module Dependabot
         def update_source(requirement_hash)
           # Only git sources ever need to be updated. Anything else should be
           # left alone.
-          unless requirement_hash.dig(:source, :type) == "git"
-            return requirement_hash
-          end
+          return requirement_hash unless requirement_hash.dig(:source, :type) == "git"
 
           requirement_hash.merge(source: updated_source)
         end

data/lib/dependabot/hex/update_checker/version_resolver.rb

@@ -31,7 +31,7 @@ module Dependabot
         def fetch_latest_resolvable_version
           latest_resolvable_version =
             SharedHelpers.in_a_temporary_directory do
-              write_temporary_dependency_files
+              write_temporary_sanitized_dependency_files
               FileUtils.cp(
                 elixir_helper_check_update_path,
                 "check_update.exs"
@@ -43,9 +43,7 @@ module Dependabot
             end
 
           return if latest_resolvable_version.nil?
-          if latest_resolvable_version.match?(/^[0-9a-f]{40}$/)
-            return latest_resolvable_version
-          end
+          return latest_resolvable_version if latest_resolvable_version.match?(/^[0-9a-f]{40}$/)
 
           version_class.new(latest_resolvable_version)
         rescue SharedHelpers::HelperSubprocessFailed => e
@@ -111,7 +109,7 @@ module Dependabot
 
         def check_original_requirements_resolvable
           SharedHelpers.in_a_temporary_directory do
-            write_temporary_dependency_files(prepared: false)
+            write_temporary_sanitized_dependency_files(prepared: false)
             FileUtils.cp(
               elixir_helper_check_update_path,
               "check_update.exs"
@@ -127,7 +125,7 @@ module Dependabot
           raise Dependabot::DependencyFileNotResolvable, e.message
         end
 
-        def write_temporary_dependency_files(prepared: true)
+        def write_temporary_sanitized_dependency_files(prepared: true)
           files = if prepared then prepared_dependency_files
                   else original_dependency_files
                   end
@@ -135,12 +133,7 @@ module Dependabot
           files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-
-            if file.name.end_with?("mix.exs")
-              File.write(path, sanitize_mixfile(file.content))
-            else
-              File.write(path, file.content)
-            end
+            File.write(path, sanitize_mixfile(file.content))
           end
         end
 

data/lib/dependabot/hex/version.rb

@@ -24,9 +24,7 @@ module Dependabot
       def initialize(version)
         @version_string = version.to_s
 
-        if version.to_s.include?("+")
-          version, @build_info = version.to_s.split("+")
-        end
+        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
 
         super
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.124.7
+  version: 0.125.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-03 00:00:00.000000000 Z
+date: 2020-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.7
+        version: 0.125.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.7
+        version: 0.125.3
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement