dependabot-hex 0.169.1 → 0.169.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb +27 -3
  3. data/lib/dependabot/hex/update_checker/requirements_updater.rb +2 -1
  4. data/lib/dependabot/hex/update_checker/version_resolver.rb +2 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 584a8467d4817fba890ad17a7fbaa00642d80fa82f1dcc848ceace76d5b55781
4
- data.tar.gz: 8a6e92e9ca46b8a66f1dec3ab71eab60b6c902bd9bfd6ef132669298f5134c6a
3
+ metadata.gz: 9b9799fa6238a1a959e94783b78739bc02569e1a877033f176a32716d27af5e0
4
+ data.tar.gz: ba315304ce2f933a7f80d42e92f5d8276bdd42f89cb68a3fabf2dc045270f8ee
5
5
  SHA512:
6
- metadata.gz: 4846fd156ee69159b57f699b2e72144063bba32319e24491eabbeae11018ebf0493abcda3dc60b33e601149eb5bebf8817d78796954402ac91ff7ba97aff6a73
7
- data.tar.gz: 8822c6cf5e5babd13191e05eeb7730b37ba0919715c4e38b6956347d26458b72a89f8144c6ea33995a6afed70f45d26328636f83a6f879ca71cc74b8ee85b29e
6
+ metadata.gz: a58dbda1e4418fad851bfc91d82024dd8d8f64c98556f2079cc0a5d24c0b6c850b3e3083760c677f1af0f48598f1079d029d93f54aa2b0181103490091e61d9f
7
+ data.tar.gz: 466e136ff32c8b16e6732518c7af63a82bf9052a4e41bed70e1d6fdc5c2cd527e70c74a0294ad2a73333f4454beee5c7dc16f0d52e65c096e6757610efee385c
data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb CHANGED
@@ -11,16 +11,40 @@ module Dependabot
11
11
  @mixfile_content = mixfile_content
12
12
  end
13
13
 
14
+ FILE_READ = /File.read\(.*?\)/.freeze
15
+ FILE_READ_BANG = /File.read!\(.*?\)/.freeze
16
+ PIPE = Regexp.escape("|>").freeze
17
+ VERSION_FILE = /"VERSION"/i.freeze
18
+
19
+ NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/.freeze
20
+ NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/.freeze
21
+ PIPED_VERSION_FILE_READ =
22
+ /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/.freeze
23
+ PIPED_VERSION_FILE_READ_BANG =
24
+ /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/.freeze
25
+
14
26
  def sanitized_content
15
27
  mixfile_content.
16
- gsub(/File\.read!\(.*?\)/, '"0.0.1"').
17
- gsub(/File\.read\(.*?\)/, '{:ok, "0.0.1"}').
18
- gsub(/^\s*config_path:.*(?:,|$)/, "")
28
+ yield_self(&method(:prevent_version_file_loading)).
29
+ yield_self(&method(:prevent_config_path_loading))
19
30
  end
20
31
 
21
32
  private
22
33
 
23
34
  attr_reader :mixfile_content
35
+
36
+ def prevent_version_file_loading(configuration)
37
+ configuration.
38
+ gsub(NESTED_VERSION_FILE_READ_BANG, 'String.trim("0.0.1")').
39
+ gsub(NESTED_VERSION_FILE_READ, 'String.trim({:ok, "0.0.1"})').
40
+ gsub(PIPED_VERSION_FILE_READ, '{:ok, "0.0.1"}').
41
+ gsub(PIPED_VERSION_FILE_READ_BANG, '"0.0.1"')
42
+ end
43
+
44
+ def prevent_config_path_loading(configuration)
45
+ configuration.
46
+ gsub(/^\s*config_path:.*(?:,|$)/, "")
47
+ end
24
48
  end
25
49
  end
26
50
  end
data/lib/dependabot/hex/update_checker/requirements_updater.rb CHANGED
@@ -136,7 +136,8 @@ module Dependabot
136
136
  version_to_be_permitted.segments[index]
137
137
  elsif index == index_to_update
138
138
  version_to_be_permitted.segments[index] + 1
139
- else 0
139
+ else
140
+ 0
140
141
  end
141
142
  end
142
143
 
data/lib/dependabot/hex/update_checker/version_resolver.rb CHANGED
@@ -134,7 +134,8 @@ module Dependabot
134
134
 
135
135
  def write_temporary_sanitized_dependency_files(prepared: true)
136
136
  files = if prepared then prepared_dependency_files
137
- else original_dependency_files
137
+ else
138
+ original_dependency_files
138
139
  end
139
140
 
140
141
  files.each do |file|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.1
4
+ version: 0.169.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-29 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.1
19
+ version: 0.169.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.1
26
+ version: 0.169.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -228,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
228
228
  - !ruby/object:Gem::Version
229
229
  version: 2.5.0
230
230
  requirements: []
231
- rubygems_version: 3.2.22
231
+ rubygems_version: 3.2.32
232
232
  signing_key:
233
233
  specification_version: 4
234
234
  summary: Elixir (Hex) support for dependabot