dependabot-hex 0.211.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/mix.lock +1 -1
- data/lib/dependabot/hex/file_fetcher.rb +6 -7
- data/lib/dependabot/hex/file_parser.rb +1 -1
- data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb +11 -11
- data/lib/dependabot/hex/metadata_finder.rb +2 -3
- data/lib/dependabot/hex/native_helpers.rb +1 -1
- data/lib/dependabot/hex/requirement.rb +3 -3
- data/lib/dependabot/hex/update_checker/file_preparer.rb +2 -2
- data/lib/dependabot/hex/update_checker/requirements_updater.rb +5 -5
- data/lib/dependabot/hex/version.rb +1 -1
- metadata +14 -42
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 30d16ac35f7e452a754f78329c9ef9ba1fd65758264be8220338a721e66dbcb6
|
|
4
|
+
data.tar.gz: 94a09051bf06589fe462aa33ab4440d1c5207069a23d8d45aea8517aeb16427e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b9461aa63f1f9a7f6184b29659bbf2a006642fb70eb402787ecbe9a747251c6ae2bf0dd6b484f4e80fa9a0b4b5db42fc2d9eb838aa84c8277a261ce8c03113c8
|
|
7
|
+
data.tar.gz: 4a9453c6d17e8af0037c637041726c0c5e12fdcb9e061eaf208051fecf644ac6a54b2d6dcfbed7ed423b6593f6d7ad1c331a1cba796a113c89c0f4570ceb16c4
|
data/helpers/mix.lock
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
%{
|
|
2
|
-
"jason": {:hex, :jason, "1.
|
|
2
|
+
"jason": {:hex, :jason, "1.4.0", "e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "79a3791085b2a0f743ca04cec0f7be26443738779d09302e01318f97bdb82121"},
|
|
3
3
|
}
|
|
@@ -6,12 +6,11 @@ require "dependabot/file_fetchers/base"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Hex
|
|
8
8
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
9
|
-
APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m
|
|
9
|
+
APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m
|
|
10
10
|
STRING_ARG = %{(?:["'](.*?)["'])}
|
|
11
11
|
SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze
|
|
12
|
-
SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)
|
|
13
|
-
|
|
14
|
-
PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/.freeze
|
|
12
|
+
SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/
|
|
13
|
+
PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/
|
|
15
14
|
|
|
16
15
|
def self.required_files_in?(filenames)
|
|
17
16
|
filenames.include?("mix.exs")
|
|
@@ -64,14 +63,14 @@ module Dependabot
|
|
|
64
63
|
subapp_directories += umbrella_app_directories
|
|
65
64
|
subapp_directories += sub_project_directories
|
|
66
65
|
|
|
67
|
-
subapp_directories.
|
|
66
|
+
subapp_directories.filter_map do |dir|
|
|
68
67
|
fetch_file_from_host("#{dir}/mix.exs")
|
|
69
68
|
rescue Dependabot::DependencyFileNotFound
|
|
70
69
|
# If the folder doesn't have a mix.exs it *might* be because it's
|
|
71
70
|
# not an app. Ignore the fact we couldn't fetch one and proceed with
|
|
72
71
|
# updating (it will blow up later if there are problems)
|
|
73
72
|
nil
|
|
74
|
-
end
|
|
73
|
+
end
|
|
75
74
|
rescue Octokit::NotFound, Gitlab::Error::NotFound
|
|
76
75
|
# If the path specified in apps_path doesn't exist then it's not being
|
|
77
76
|
# used. We can just return an empty array of subapp files.
|
|
@@ -82,7 +81,7 @@ module Dependabot
|
|
|
82
81
|
mixfiles = [mixfile] + subapp_mixfiles
|
|
83
82
|
|
|
84
83
|
mixfiles.flat_map do |mixfile|
|
|
85
|
-
mixfile_dir = mixfile.path.
|
|
84
|
+
mixfile_dir = mixfile.path.to_s.delete_prefix("/").delete_suffix("/mix.exs")
|
|
86
85
|
|
|
87
86
|
mixfile.content.gsub(/__DIR__/, "\"#{mixfile_dir}\"").scan(SUPPORT_FILE).map do |support_file_args|
|
|
88
87
|
path = Pathname.new(File.join(*support_file_args.compact.reverse)).
|
|
@@ -11,23 +11,23 @@ module Dependabot
|
|
|
11
11
|
@mixfile_content = mixfile_content
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
FILE_READ = /File.read\(.*?\)
|
|
15
|
-
FILE_READ_BANG = /File.read!\(.*?\)
|
|
14
|
+
FILE_READ = /File.read\(.*?\)/
|
|
15
|
+
FILE_READ_BANG = /File.read!\(.*?\)/
|
|
16
16
|
PIPE = Regexp.escape("|>").freeze
|
|
17
|
-
VERSION_FILE = /"VERSION"/i
|
|
17
|
+
VERSION_FILE = /"VERSION"/i
|
|
18
18
|
|
|
19
|
-
NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)
|
|
20
|
-
NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)
|
|
21
|
-
PIPED_VERSION_FILE_READ =
|
|
22
|
-
|
|
23
|
-
PIPED_VERSION_FILE_READ_BANG =
|
|
24
|
-
/#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/.freeze
|
|
19
|
+
NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/
|
|
20
|
+
NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/
|
|
21
|
+
PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/
|
|
22
|
+
PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/
|
|
25
23
|
|
|
24
|
+
# rubocop:disable Performance/MethodObjectAsBlock
|
|
26
25
|
def sanitized_content
|
|
27
26
|
mixfile_content.
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
then(&method(:prevent_version_file_loading)).
|
|
28
|
+
then(&method(:prevent_config_path_loading))
|
|
30
29
|
end
|
|
30
|
+
# rubocop:enable Performance/MethodObjectAsBlock
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
|
|
@@ -38,15 +38,14 @@ module Dependabot
|
|
|
38
38
|
def find_source_from_hex_listing
|
|
39
39
|
potential_source_urls =
|
|
40
40
|
SOURCE_KEYS.
|
|
41
|
-
|
|
42
|
-
compact
|
|
41
|
+
filter_map { |key| hex_listing.dig("meta", "links", key) }
|
|
43
42
|
|
|
44
43
|
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
|
45
44
|
Source.from_url(source_url)
|
|
46
45
|
end
|
|
47
46
|
|
|
48
47
|
def find_source_from_git_url
|
|
49
|
-
info = dependency.requirements.
|
|
48
|
+
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
|
50
49
|
|
|
51
50
|
url = info[:url] || info.fetch("url")
|
|
52
51
|
Source.from_url(url)
|
|
@@ -4,7 +4,7 @@ module Dependabot
|
|
|
4
4
|
module Hex
|
|
5
5
|
module NativeHelpers
|
|
6
6
|
def self.hex_helpers_dir
|
|
7
|
-
helpers_root = ENV
|
|
7
|
+
helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
|
|
8
8
|
return File.join(helpers_root, "hex") unless helpers_root.nil?
|
|
9
9
|
|
|
10
10
|
File.join(__dir__, "../../../../hex/helpers")
|
|
@@ -6,8 +6,8 @@ require "dependabot/hex/version"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Hex
|
|
8
8
|
class Requirement < Gem::Requirement
|
|
9
|
-
AND_SEPARATOR = /\s+and\s
|
|
10
|
-
OR_SEPARATOR = /\s+or\s
|
|
9
|
+
AND_SEPARATOR = /\s+and\s+/
|
|
10
|
+
OR_SEPARATOR = /\s+or\s+/
|
|
11
11
|
|
|
12
12
|
# Add the double-equality matcher to the list of allowed operations
|
|
13
13
|
OPS = OPS.merge("==" => ->(v, r) { v == r })
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
# Override the version pattern to allow local versions
|
|
16
16
|
quoted = OPS.keys.map { |k| Regexp.quote k }.join "|"
|
|
17
17
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Hex::Version::VERSION_PATTERN})\\s*"
|
|
18
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
18
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
19
19
|
|
|
20
20
|
# Returns an array of requirements. At least one requirement from the
|
|
21
21
|
# returned array must be satisfied for a version to be valid.
|
|
@@ -99,7 +99,7 @@ module Dependabot
|
|
|
99
99
|
elsif dependency.version then ">= #{dependency.version}"
|
|
100
100
|
else
|
|
101
101
|
version_for_requirement =
|
|
102
|
-
dependency.requirements.
|
|
102
|
+
dependency.requirements.filter_map { |r| r[:requirement] }.
|
|
103
103
|
reject { |req_string| req_string.start_with?("<") }.
|
|
104
104
|
select { |req_string| req_string.match?(version_regex) }.
|
|
105
105
|
map { |req_string| req_string.match(version_regex) }.
|
|
@@ -115,9 +115,9 @@ module Dependabot
|
|
|
115
115
|
">= #{parts.join('.')}"
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
118
119
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
119
120
|
# rubocop:enable Metrics/AbcSize
|
|
120
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
121
121
|
|
|
122
122
|
def replace_git_pin(content, filename:)
|
|
123
123
|
old_pin =
|
|
@@ -8,10 +8,10 @@ module Dependabot
|
|
|
8
8
|
module Hex
|
|
9
9
|
class UpdateChecker
|
|
10
10
|
class RequirementsUpdater
|
|
11
|
-
OPERATORS =
|
|
12
|
-
AND_SEPARATOR = /\s+and\s
|
|
13
|
-
OR_SEPARATOR = /\s+or\s
|
|
14
|
-
SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}
|
|
11
|
+
OPERATORS = />=|<=|>|<|==|~>/
|
|
12
|
+
AND_SEPARATOR = /\s+and\s+/
|
|
13
|
+
OR_SEPARATOR = /\s+or\s+/
|
|
14
|
+
SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/
|
|
15
15
|
|
|
16
16
|
def initialize(requirements:, latest_resolvable_version:,
|
|
17
17
|
updated_source:)
|
|
@@ -105,7 +105,7 @@ module Dependabot
|
|
|
105
105
|
when "!="
|
|
106
106
|
[]
|
|
107
107
|
else
|
|
108
|
-
raise "Unexpected operation for unsatisfied Gemfile "\
|
|
108
|
+
raise "Unexpected operation for unsatisfied Gemfile " \
|
|
109
109
|
"requirement: #{op}"
|
|
110
110
|
end
|
|
111
111
|
end
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
attr_reader :build_info
|
|
14
14
|
|
|
15
15
|
VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
|
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
|
17
17
|
|
|
18
18
|
def self.correct?(version)
|
|
19
19
|
return false if version.nil?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-hex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.213.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.213.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.213.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
61
|
+
version: 3.13.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
68
|
+
version: 3.13.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,28 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.37.1
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.37.1
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
|
-
name:
|
|
126
|
+
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version:
|
|
131
|
+
version: 1.15.0
|
|
160
132
|
type: :development
|
|
161
133
|
prerelease: false
|
|
162
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
135
|
requirements:
|
|
164
136
|
- - "~>"
|
|
165
137
|
- !ruby/object:Gem::Version
|
|
166
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
167
139
|
- !ruby/object:Gem::Dependency
|
|
168
140
|
name: simplecov
|
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,14 +249,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
277
249
|
requirements:
|
|
278
250
|
- - ">="
|
|
279
251
|
- !ruby/object:Gem::Version
|
|
280
|
-
version:
|
|
252
|
+
version: 3.1.0
|
|
281
253
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
282
254
|
requirements:
|
|
283
255
|
- - ">="
|
|
284
256
|
- !ruby/object:Gem::Version
|
|
285
|
-
version:
|
|
257
|
+
version: 3.1.0
|
|
286
258
|
requirements: []
|
|
287
|
-
rubygems_version: 3.
|
|
259
|
+
rubygems_version: 3.3.7
|
|
288
260
|
signing_key:
|
|
289
261
|
specification_version: 4
|
|
290
262
|
summary: Elixir (Hex) support for dependabot
|