dependabot-hex 0.211.0 → 0.213.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/mix.lock +1 -1
- data/lib/dependabot/hex/file_fetcher.rb +6 -7
- data/lib/dependabot/hex/file_parser.rb +1 -1
- data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb +11 -11
- data/lib/dependabot/hex/metadata_finder.rb +2 -3
- data/lib/dependabot/hex/native_helpers.rb +1 -1
- data/lib/dependabot/hex/requirement.rb +3 -3
- data/lib/dependabot/hex/update_checker/file_preparer.rb +2 -2
- data/lib/dependabot/hex/update_checker/requirements_updater.rb +5 -5
- data/lib/dependabot/hex/version.rb +1 -1
- metadata +14 -42
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 30d16ac35f7e452a754f78329c9ef9ba1fd65758264be8220338a721e66dbcb6
|
|
4
|
+
data.tar.gz: 94a09051bf06589fe462aa33ab4440d1c5207069a23d8d45aea8517aeb16427e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b9461aa63f1f9a7f6184b29659bbf2a006642fb70eb402787ecbe9a747251c6ae2bf0dd6b484f4e80fa9a0b4b5db42fc2d9eb838aa84c8277a261ce8c03113c8
|
|
7
|
+
data.tar.gz: 4a9453c6d17e8af0037c637041726c0c5e12fdcb9e061eaf208051fecf644ac6a54b2d6dcfbed7ed423b6593f6d7ad1c331a1cba796a113c89c0f4570ceb16c4
|
data/helpers/mix.lock
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
%{
|
|
2
|
-
"jason": {:hex, :jason, "1.
|
|
2
|
+
"jason": {:hex, :jason, "1.4.0", "e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "79a3791085b2a0f743ca04cec0f7be26443738779d09302e01318f97bdb82121"},
|
|
3
3
|
}
|
|
@@ -6,12 +6,11 @@ require "dependabot/file_fetchers/base"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Hex
|
|
8
8
|
class FileFetcher < Dependabot::FileFetchers::Base
|
|
9
|
-
APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m
|
|
9
|
+
APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m
|
|
10
10
|
STRING_ARG = %{(?:["'](.*?)["'])}
|
|
11
11
|
SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze
|
|
12
|
-
SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)
|
|
13
|
-
|
|
14
|
-
PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/.freeze
|
|
12
|
+
SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/
|
|
13
|
+
PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/
|
|
15
14
|
|
|
16
15
|
def self.required_files_in?(filenames)
|
|
17
16
|
filenames.include?("mix.exs")
|
|
@@ -64,14 +63,14 @@ module Dependabot
|
|
|
64
63
|
subapp_directories += umbrella_app_directories
|
|
65
64
|
subapp_directories += sub_project_directories
|
|
66
65
|
|
|
67
|
-
subapp_directories.
|
|
66
|
+
subapp_directories.filter_map do |dir|
|
|
68
67
|
fetch_file_from_host("#{dir}/mix.exs")
|
|
69
68
|
rescue Dependabot::DependencyFileNotFound
|
|
70
69
|
# If the folder doesn't have a mix.exs it *might* be because it's
|
|
71
70
|
# not an app. Ignore the fact we couldn't fetch one and proceed with
|
|
72
71
|
# updating (it will blow up later if there are problems)
|
|
73
72
|
nil
|
|
74
|
-
end
|
|
73
|
+
end
|
|
75
74
|
rescue Octokit::NotFound, Gitlab::Error::NotFound
|
|
76
75
|
# If the path specified in apps_path doesn't exist then it's not being
|
|
77
76
|
# used. We can just return an empty array of subapp files.
|
|
@@ -82,7 +81,7 @@ module Dependabot
|
|
|
82
81
|
mixfiles = [mixfile] + subapp_mixfiles
|
|
83
82
|
|
|
84
83
|
mixfiles.flat_map do |mixfile|
|
|
85
|
-
mixfile_dir = mixfile.path.
|
|
84
|
+
mixfile_dir = mixfile.path.to_s.delete_prefix("/").delete_suffix("/mix.exs")
|
|
86
85
|
|
|
87
86
|
mixfile.content.gsub(/__DIR__/, "\"#{mixfile_dir}\"").scan(SUPPORT_FILE).map do |support_file_args|
|
|
88
87
|
path = Pathname.new(File.join(*support_file_args.compact.reverse)).
|
|
@@ -11,23 +11,23 @@ module Dependabot
|
|
|
11
11
|
@mixfile_content = mixfile_content
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
FILE_READ = /File.read\(.*?\)
|
|
15
|
-
FILE_READ_BANG = /File.read!\(.*?\)
|
|
14
|
+
FILE_READ = /File.read\(.*?\)/
|
|
15
|
+
FILE_READ_BANG = /File.read!\(.*?\)/
|
|
16
16
|
PIPE = Regexp.escape("|>").freeze
|
|
17
|
-
VERSION_FILE = /"VERSION"/i
|
|
17
|
+
VERSION_FILE = /"VERSION"/i
|
|
18
18
|
|
|
19
|
-
NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)
|
|
20
|
-
NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)
|
|
21
|
-
PIPED_VERSION_FILE_READ =
|
|
22
|
-
|
|
23
|
-
PIPED_VERSION_FILE_READ_BANG =
|
|
24
|
-
/#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/.freeze
|
|
19
|
+
NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/
|
|
20
|
+
NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/
|
|
21
|
+
PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/
|
|
22
|
+
PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/
|
|
25
23
|
|
|
24
|
+
# rubocop:disable Performance/MethodObjectAsBlock
|
|
26
25
|
def sanitized_content
|
|
27
26
|
mixfile_content.
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
then(&method(:prevent_version_file_loading)).
|
|
28
|
+
then(&method(:prevent_config_path_loading))
|
|
30
29
|
end
|
|
30
|
+
# rubocop:enable Performance/MethodObjectAsBlock
|
|
31
31
|
|
|
32
32
|
private
|
|
33
33
|
|
|
@@ -38,15 +38,14 @@ module Dependabot
|
|
|
38
38
|
def find_source_from_hex_listing
|
|
39
39
|
potential_source_urls =
|
|
40
40
|
SOURCE_KEYS.
|
|
41
|
-
|
|
42
|
-
compact
|
|
41
|
+
filter_map { |key| hex_listing.dig("meta", "links", key) }
|
|
43
42
|
|
|
44
43
|
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
|
45
44
|
Source.from_url(source_url)
|
|
46
45
|
end
|
|
47
46
|
|
|
48
47
|
def find_source_from_git_url
|
|
49
|
-
info = dependency.requirements.
|
|
48
|
+
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
|
50
49
|
|
|
51
50
|
url = info[:url] || info.fetch("url")
|
|
52
51
|
Source.from_url(url)
|
|
@@ -4,7 +4,7 @@ module Dependabot
|
|
|
4
4
|
module Hex
|
|
5
5
|
module NativeHelpers
|
|
6
6
|
def self.hex_helpers_dir
|
|
7
|
-
helpers_root = ENV
|
|
7
|
+
helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
|
|
8
8
|
return File.join(helpers_root, "hex") unless helpers_root.nil?
|
|
9
9
|
|
|
10
10
|
File.join(__dir__, "../../../../hex/helpers")
|
|
@@ -6,8 +6,8 @@ require "dependabot/hex/version"
|
|
|
6
6
|
module Dependabot
|
|
7
7
|
module Hex
|
|
8
8
|
class Requirement < Gem::Requirement
|
|
9
|
-
AND_SEPARATOR = /\s+and\s
|
|
10
|
-
OR_SEPARATOR = /\s+or\s
|
|
9
|
+
AND_SEPARATOR = /\s+and\s+/
|
|
10
|
+
OR_SEPARATOR = /\s+or\s+/
|
|
11
11
|
|
|
12
12
|
# Add the double-equality matcher to the list of allowed operations
|
|
13
13
|
OPS = OPS.merge("==" => ->(v, r) { v == r })
|
|
@@ -15,7 +15,7 @@ module Dependabot
|
|
|
15
15
|
# Override the version pattern to allow local versions
|
|
16
16
|
quoted = OPS.keys.map { |k| Regexp.quote k }.join "|"
|
|
17
17
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Hex::Version::VERSION_PATTERN})\\s*"
|
|
18
|
-
PATTERN = /\A#{PATTERN_RAW}\z
|
|
18
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
19
19
|
|
|
20
20
|
# Returns an array of requirements. At least one requirement from the
|
|
21
21
|
# returned array must be satisfied for a version to be valid.
|
|
@@ -99,7 +99,7 @@ module Dependabot
|
|
|
99
99
|
elsif dependency.version then ">= #{dependency.version}"
|
|
100
100
|
else
|
|
101
101
|
version_for_requirement =
|
|
102
|
-
dependency.requirements.
|
|
102
|
+
dependency.requirements.filter_map { |r| r[:requirement] }.
|
|
103
103
|
reject { |req_string| req_string.start_with?("<") }.
|
|
104
104
|
select { |req_string| req_string.match?(version_regex) }.
|
|
105
105
|
map { |req_string| req_string.match(version_regex) }.
|
|
@@ -115,9 +115,9 @@ module Dependabot
|
|
|
115
115
|
">= #{parts.join('.')}"
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
118
119
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
119
120
|
# rubocop:enable Metrics/AbcSize
|
|
120
|
-
# rubocop:enable Metrics/PerceivedComplexity
|
|
121
121
|
|
|
122
122
|
def replace_git_pin(content, filename:)
|
|
123
123
|
old_pin =
|
|
@@ -8,10 +8,10 @@ module Dependabot
|
|
|
8
8
|
module Hex
|
|
9
9
|
class UpdateChecker
|
|
10
10
|
class RequirementsUpdater
|
|
11
|
-
OPERATORS =
|
|
12
|
-
AND_SEPARATOR = /\s+and\s
|
|
13
|
-
OR_SEPARATOR = /\s+or\s
|
|
14
|
-
SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}
|
|
11
|
+
OPERATORS = />=|<=|>|<|==|~>/
|
|
12
|
+
AND_SEPARATOR = /\s+and\s+/
|
|
13
|
+
OR_SEPARATOR = /\s+or\s+/
|
|
14
|
+
SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/
|
|
15
15
|
|
|
16
16
|
def initialize(requirements:, latest_resolvable_version:,
|
|
17
17
|
updated_source:)
|
|
@@ -105,7 +105,7 @@ module Dependabot
|
|
|
105
105
|
when "!="
|
|
106
106
|
[]
|
|
107
107
|
else
|
|
108
|
-
raise "Unexpected operation for unsatisfied Gemfile "\
|
|
108
|
+
raise "Unexpected operation for unsatisfied Gemfile " \
|
|
109
109
|
"requirement: #{op}"
|
|
110
110
|
end
|
|
111
111
|
end
|
|
@@ -13,7 +13,7 @@ module Dependabot
|
|
|
13
13
|
attr_reader :build_info
|
|
14
14
|
|
|
15
15
|
VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
|
|
16
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
|
16
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
|
17
17
|
|
|
18
18
|
def self.correct?(version)
|
|
19
19
|
return false if version.nil?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-hex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.213.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,42 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.213.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: debase
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - '='
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.3
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - '='
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.3
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase-ruby_core_source
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.10.16
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.10.16
|
|
26
|
+
version: 0.213.0
|
|
55
27
|
- !ruby/object:Gem::Dependency
|
|
56
28
|
name: debug
|
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +58,14 @@ dependencies:
|
|
|
86
58
|
requirements:
|
|
87
59
|
- - "~>"
|
|
88
60
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
61
|
+
version: 3.13.0
|
|
90
62
|
type: :development
|
|
91
63
|
prerelease: false
|
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
65
|
requirements:
|
|
94
66
|
- - "~>"
|
|
95
67
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
68
|
+
version: 3.13.0
|
|
97
69
|
- !ruby/object:Gem::Dependency
|
|
98
70
|
name: rake
|
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,28 +114,28 @@ dependencies:
|
|
|
142
114
|
requirements:
|
|
143
115
|
- - "~>"
|
|
144
116
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
117
|
+
version: 1.37.1
|
|
146
118
|
type: :development
|
|
147
119
|
prerelease: false
|
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
121
|
requirements:
|
|
150
122
|
- - "~>"
|
|
151
123
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
124
|
+
version: 1.37.1
|
|
153
125
|
- !ruby/object:Gem::Dependency
|
|
154
|
-
name:
|
|
126
|
+
name: rubocop-performance
|
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version:
|
|
131
|
+
version: 1.15.0
|
|
160
132
|
type: :development
|
|
161
133
|
prerelease: false
|
|
162
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
135
|
requirements:
|
|
164
136
|
- - "~>"
|
|
165
137
|
- !ruby/object:Gem::Version
|
|
166
|
-
version:
|
|
138
|
+
version: 1.15.0
|
|
167
139
|
- !ruby/object:Gem::Dependency
|
|
168
140
|
name: simplecov
|
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,14 +249,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
277
249
|
requirements:
|
|
278
250
|
- - ">="
|
|
279
251
|
- !ruby/object:Gem::Version
|
|
280
|
-
version:
|
|
252
|
+
version: 3.1.0
|
|
281
253
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
282
254
|
requirements:
|
|
283
255
|
- - ">="
|
|
284
256
|
- !ruby/object:Gem::Version
|
|
285
|
-
version:
|
|
257
|
+
version: 3.1.0
|
|
286
258
|
requirements: []
|
|
287
|
-
rubygems_version: 3.
|
|
259
|
+
rubygems_version: 3.3.7
|
|
288
260
|
signing_key:
|
|
289
261
|
specification_version: 4
|
|
290
262
|
summary: Elixir (Hex) support for dependabot
|