dependabot-hex 0.124.8 → 0.125.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44116ef9d9350b3e9c6c347ef140398e4d75e4acc20dced2eb936191ce488467
-  data.tar.gz: 0b6fc045350ece81628bdcd883ce039d1afaf06de870aa082c650e3114b651de
+  metadata.gz: 4514812b744c1288d304046819c4e6db1e6a24b27df591940af5152e86b1a180
+  data.tar.gz: 939f8554255133a76020b4215323197535f5f24d799efbaf210c448325bc3ec9
 SHA512:
-  metadata.gz: c5694e2aad34b663b6e65de7ef7a5cd605f22f06125f3d28b6fece720dd914aa097588db7e801ff42a0e3af0e37f6ddd3dc0bbc2d249f182bfa59ef7a9fe0cac
-  data.tar.gz: b144a8c1c70db7a3503ba798b3f4a9ea097b1d897e5aad471bf9b9003c5412859544e813e90b1561b13186b0746310223e7ee1a024351fb786cbd711ff0df0cc
+  metadata.gz: 257971551d23fd78234a61198bd7750b9728ad11de8fbeed143a0535c736bfaf1fae9fbfea35744d12e9a4c9141a38798bf303c075eb5217c773afbfc3b1adfa
+  data.tar.gz: 63ca6de9f50963df2f4a982b478eb7c0123e5b2c46887ef20c13fc29940442c14b1e080e955c98c5179a2fe5c79b80d0f25e28928d7eed1c20ce4dc8571339d9

data/lib/dependabot/hex/file_fetcher.rb

@@ -8,8 +8,9 @@ module Dependabot
     class FileFetcher < Dependabot::FileFetchers::Base
       APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m.freeze
       STRING_ARG = %{(?:["'](.*?)["'])}
-      EVAL_FILE = /Code\.eval_file\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/.
-                  freeze
+      SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze
+      SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/.
+                     freeze
 
       def self.required_files_in?(filenames)
         filenames.include?("mix.exs")
@@ -26,7 +27,7 @@ module Dependabot
         fetched_files << mixfile
         fetched_files << lockfile if lockfile
         fetched_files += subapp_mixfiles
-        fetched_files += evaled_files
+        fetched_files += support_files
         fetched_files
       end
 
@@ -66,9 +67,9 @@ module Dependabot
         []
       end
 
-      def evaled_files
-        mixfile.content.scan(EVAL_FILE).map do |eval_file_args|
-          path = Pathname.new(File.join(*eval_file_args.reverse)).
+      def support_files
+        mixfile.content.scan(SUPPORT_FILE).map do |support_file_args|
+          path = Pathname.new(File.join(*support_file_args.compact.reverse)).
                  cleanpath.to_path
           fetch_file_from_host(path).tap { |f| f.support_file = true }
         end

data/lib/dependabot/hex/file_parser.rb

@@ -42,7 +42,7 @@ module Dependabot
       def dependency_details
         SharedHelpers.in_a_temporary_directory do
           write_sanitized_mixfiles
-          write_supporting_files
+          write_sanitized_supporting_files
           File.write("mix.lock", lockfile.content) if lockfile
           FileUtils.cp(elixir_helper_parse_deps_path, "parse_deps.exs")
 
@@ -73,11 +73,11 @@ module Dependabot
         end
       end
 
-      def write_supporting_files
+      def write_sanitized_supporting_files
         dependency_files.select(&:support_file).each do |file|
           path = file.name
           FileUtils.mkdir_p(Pathname.new(path).dirname)
-          File.write(path, file.content)
+          File.write(path, sanitize_mixfile(file.content))
         end
       end
 

data/lib/dependabot/hex/file_updater/lockfile_updater.rb

@@ -66,7 +66,7 @@ module Dependabot
           dependency_files.select(&:support_file).each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-            File.write(path, file.content)
+            File.write(path, sanitize_mixfile(file.content))
           end
         end
 

data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb

@@ -18,9 +18,7 @@ module Dependabot
         def updated_content
           updated_content = update_pin(mixfile_content)
 
-          if content_should_change? && mixfile_content == updated_content
-            raise "Expected content to change!"
-          end
+          raise "Expected content to change!" if content_should_change? && mixfile_content == updated_content
 
           updated_content
         end

data/lib/dependabot/hex/file_updater/mixfile_requirement_updater.rb

@@ -20,9 +20,7 @@ module Dependabot
         def updated_content
           updated_content = update_requirement(mixfile_content)
 
-          if content_should_change? && mixfile_content == updated_content
-            raise "Expected content to change!"
-          end
+          raise "Expected content to change!" if content_should_change? && mixfile_content == updated_content
 
           updated_content
         end

data/lib/dependabot/hex/update_checker.rb

@@ -68,9 +68,7 @@ module Dependabot
       def latest_resolvable_version_for_git_dependency
         # If the gem isn't pinned, the latest version is just the latest
         # commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return latest_resolvable_commit_with_unchanged_git_source
-        end
+        return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA
@@ -103,9 +101,7 @@ module Dependabot
       def latest_git_version_sha
         # If the gem isn't pinned, the latest version is just the latest
         # commit for the specified branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
+        return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA
@@ -225,9 +221,7 @@ module Dependabot
               ignore_reqs.any? { |r| r.satisfied_by?(v) }
             end
 
-            if @raise_on_ignored && filtered.empty? && versions.any?
-              raise AllVersionsIgnored
-            end
+            raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions.any?
 
             filtered.max
           end

data/lib/dependabot/hex/update_checker/file_preparer.rb

@@ -54,14 +54,10 @@ module Dependabot
         def mixfile_content_for_update_check(file)
           content = file.content
 
-          unless dependency_appears_in_file?(file.name)
-            return sanitize_mixfile(content)
-          end
+          return sanitize_mixfile(content) unless dependency_appears_in_file?(file.name)
 
           content = relax_version(content, filename: file.name)
-          if replace_git_pin?
-            content = replace_git_pin(content, filename: file.name)
-          end
+          content = replace_git_pin(content, filename: file.name) if replace_git_pin?
 
           sanitize_mixfile(content)
         end
@@ -85,9 +81,7 @@ module Dependabot
           lower_bound_req = updated_version_req_lower_bound(filename)
 
           return lower_bound_req if latest_allowable_version.nil?
-          unless version_class.correct?(latest_allowable_version)
-            return lower_bound_req
-          end
+          return lower_bound_req unless version_class.correct?(latest_allowable_version)
 
           lower_bound_req + " and <= #{latest_allowable_version}"
         end

data/lib/dependabot/hex/update_checker/requirements_updater.rb

@@ -54,9 +54,7 @@ module Dependabot
               update_mixfile_range(last_string_reqs).map(&:to_s).join(" and ")
             end
 
-          if or_string_reqs.count > 1
-            new_requirement = req[:requirement] + " or " + new_requirement
-          end
+          new_requirement = req[:requirement] + " or " + new_requirement if or_string_reqs.count > 1
 
           req.merge(requirement: new_requirement)
         end
@@ -66,9 +64,7 @@ module Dependabot
         def update_source(requirement_hash)
           # Only git sources ever need to be updated. Anything else should be
           # left alone.
-          unless requirement_hash.dig(:source, :type) == "git"
-            return requirement_hash
-          end
+          return requirement_hash unless requirement_hash.dig(:source, :type) == "git"
 
           requirement_hash.merge(source: updated_source)
         end

data/lib/dependabot/hex/update_checker/version_resolver.rb

@@ -31,7 +31,7 @@ module Dependabot
         def fetch_latest_resolvable_version
           latest_resolvable_version =
             SharedHelpers.in_a_temporary_directory do
-              write_temporary_dependency_files
+              write_temporary_sanitized_dependency_files
               FileUtils.cp(
                 elixir_helper_check_update_path,
                 "check_update.exs"
@@ -43,9 +43,7 @@ module Dependabot
             end
 
           return if latest_resolvable_version.nil?
-          if latest_resolvable_version.match?(/^[0-9a-f]{40}$/)
-            return latest_resolvable_version
-          end
+          return latest_resolvable_version if latest_resolvable_version.match?(/^[0-9a-f]{40}$/)
 
           version_class.new(latest_resolvable_version)
         rescue SharedHelpers::HelperSubprocessFailed => e
@@ -111,7 +109,7 @@ module Dependabot
 
         def check_original_requirements_resolvable
           SharedHelpers.in_a_temporary_directory do
-            write_temporary_dependency_files(prepared: false)
+            write_temporary_sanitized_dependency_files(prepared: false)
             FileUtils.cp(
               elixir_helper_check_update_path,
               "check_update.exs"
@@ -127,7 +125,7 @@ module Dependabot
           raise Dependabot::DependencyFileNotResolvable, e.message
         end
 
-        def write_temporary_dependency_files(prepared: true)
+        def write_temporary_sanitized_dependency_files(prepared: true)
           files = if prepared then prepared_dependency_files
                   else original_dependency_files
                   end
@@ -135,12 +133,7 @@ module Dependabot
           files.each do |file|
             path = file.name
             FileUtils.mkdir_p(Pathname.new(path).dirname)
-
-            if file.name.end_with?("mix.exs")
-              File.write(path, sanitize_mixfile(file.content))
-            else
-              File.write(path, file.content)
-            end
+            File.write(path, sanitize_mixfile(file.content))
           end
         end
 

data/lib/dependabot/hex/version.rb

@@ -24,9 +24,7 @@ module Dependabot
       def initialize(version)
         @version_string = version.to_s
 
-        if version.to_s.include?("+")
-          version, @build_info = version.to_s.split("+")
-        end
+        version, @build_info = version.to_s.split("+") if version.to_s.include?("+")
 
         super
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.124.8
+  version: 0.125.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-04 00:00:00.000000000 Z
+date: 2020-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.8
+        version: 0.125.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.8
+        version: 0.125.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.2
+        version: 0.8.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement