dependabot-hex 0.212.0 → 0.214.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa6164f9855066705271a83f2556deaa0c32a89af0e49cfff34d5c0a8e1b9312
-  data.tar.gz: 558c4572c1aa4e94d82177346ebf51aec461887ddb2d92f2de4768bd50438f30
+  metadata.gz: 66e2212df8486009a3da3b280dc0c36e342556e4765760c0c3dc38a71e034a00
+  data.tar.gz: d3a62fc111e0e50212cb617bc19f8e86077bf681b3b1d82d1950e16fc283a67a
 SHA512:
-  metadata.gz: 5e55998f587fea943c00117017cf2080ad856bf006aae03a87652f821110b8deb270bc49cdc83cceb6c886e17e7a4c2088cfba259d507abe63fc6623efb64185
-  data.tar.gz: e649ad7a932676542b0059fbd37ffa26c992b86eae0948ea654bbacd591c2dcffe12298cf150f286eb97bcdf33b0d5cffcaa86a2414f4c35f25212d3670fbf38
+  metadata.gz: 9233d16f7d684b4e79ed18914d2512c7c2f72d9ae5a6b23d86298f7ac01088d0b43caac63367339974337d36b448ff037906c49867bc1a4f12ebf5a65c052bfa
+  data.tar.gz: 564a484640d7135729f86dbe931debabda0c14255c5098a4e1041ec97b2f8dfe69f4fe86ba5bf1bea86223037a7e335de6621feec39e6429ca464549bd76e591

data/helpers/build

@@ -10,7 +10,14 @@ fi
 install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/hex"
 mkdir -p "$install_dir"
 
-mix local.hex --force
+# Initial Hex install - will always be the latest available version
+mix local.hex --force --if-missing
+# Annoyingly, a specific Hex version cannot be specified during the initial install.
+# The only way to pin is to re-install.
+if [ -n "$HEX_VERSION" ]; then
+  mix hex.install "$HEX_VERSION"
+fi
+
 mix archive.install hex nerves_bootstrap --force
 
 helpers_dir="$(dirname "${BASH_SOURCE[0]}")"

data/helpers/lib/check_update.exs

@@ -1,9 +1,8 @@
 defmodule UpdateChecker do
-  def run(dependency_name, credentials) do
-    set_credentials(credentials)
-
+  def run(dependency_name) do
     # Update the lockfile in a session that we can time out
     task = Task.async(fn -> do_resolution(dependency_name) end)
+
     case Task.yield(task, 30000) || Task.shutdown(task) do
       {:ok, {:ok, :resolution_successful}} ->
         # Read the new lock
@@ -15,43 +14,20 @@ defmodule UpdateChecker do
           updated_lock
           |> Map.get(String.to_atom(dependency_name))
           |> elem(2)
+
         {:ok, version}
 
-      {:ok, {:error, error}} -> {:error, error}
+      {:ok, {:error, error}} ->
+        {:error, error}
 
-      nil -> {:error, :dependency_resolution_timed_out}
+      nil ->
+        {:error, :dependency_resolution_timed_out}
 
-      {:exit, reason} -> {:error, reason}
+      {:exit, reason} ->
+        {:error, reason}
     end
   end
 
-  defp set_credentials(credentials) do
-    credentials
-    |> Enum.reduce([], fn cred, acc ->
-      if List.last(acc) == nil || List.last(acc)[:token] do
-        List.insert_at(acc, -1, %{organization: cred})
-      else
-        {item, acc} = List.pop_at(acc, -1)
-        item = Map.put(item, :token, cred)
-        List.insert_at(acc, -1, item)
-      end
-    end)
-    |> Enum.each(fn cred ->
-      hexpm = Hex.Repo.get_repo("hexpm")
-
-      repo = %{
-        url: hexpm.url <> "/repos/#{cred.organization}",
-        public_key: nil,
-        auth_key: cred.token
-      }
-
-      Hex.Config.read()
-      |> Hex.Config.read_repos()
-      |> Map.put("hexpm:#{cred.organization}", repo)
-      |> Hex.Config.update_repos()
-    end)
-  end
-
   defp do_resolution(dependency_name) do
     # Fetch dependencies that needs updating
     {dependency_lock, rest_lock} =
@@ -59,6 +35,7 @@ defmodule UpdateChecker do
 
     try do
       Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+
       {:ok, :resolution_successful}
     rescue
       error -> {:error, error}
@@ -66,15 +43,14 @@ defmodule UpdateChecker do
   end
 end
 
-[dependency_name | credentials] = System.argv()
-
+[dependency_name] = System.argv()
 
-case UpdateChecker.run(dependency_name, credentials) do
+case UpdateChecker.run(dependency_name) do
   {:ok, version} ->
     version = :erlang.term_to_binary({:ok, version})
     IO.write(:stdio, version)
 
-  {:error, %Hex.Version.InvalidRequirementError{} = error}  ->
+  {:error, %Version.InvalidRequirementError{} = error}  ->
     result = :erlang.term_to_binary({:error, "Invalid requirement: #{error.requirement}"})
     IO.write(:stdio, result)
 

data/helpers/lib/do_update.exs

@@ -1,35 +1,11 @@
-[dependency_name | credentials] = System.argv()
-
-grouped_creds = Enum.reduce credentials, [], fn cred, acc ->
-  if List.last(acc) == nil || List.last(acc)[:token] do
-    List.insert_at(acc, -1, %{ organization: cred })
-  else
-    { item, acc } = List.pop_at(acc, -1)
-    item = Map.put(item, :token, cred)
-    List.insert_at(acc, -1, item)
-  end
-end
-
-Enum.each grouped_creds, fn cred ->
-  hexpm = Hex.Repo.get_repo("hexpm")
-  repo = %{
-    url: hexpm.url <> "/repos/#{cred.organization}",
-    public_key: nil,
-    auth_key: cred.token
-  }
-
-  Hex.Config.read()
-  |> Hex.Config.read_repos()
-  |> Map.put("hexpm:#{cred.organization}", repo)
-  |> Hex.Config.update_repos()
-end
-
-# dependency atom
-dependency = String.to_atom(dependency_name)
+dependency =
+  System.argv()
+  |> List.first()
+  |> String.to_atom()
 
 # Fetch dependencies that needs updating
 {dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
-Mix.Dep.Fetcher.by_name([dependency_name], dependency_lock, rest_lock, [])
+Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, [])
 
 System.cmd(
   "mix",

data/helpers/lib/run.exs

@@ -11,7 +11,8 @@ defmodule DependencyHelper do
           {:ok, :erlang.binary_to_term(output)}
         end
 
-      {error, 1} -> {:error, error}
+      {error, 1} ->
+        {:error, error}
     end
     |> handle_result()
   end
@@ -40,37 +41,115 @@ defmodule DependencyHelper do
     run_script("parse_deps.exs", dir)
   end
 
-  defp run(%{"function" => "get_latest_resolvable_version", "args" => [dir, dependency_name, credentials]}) do
-    run_script("check_update.exs", dir, [dependency_name] ++ credentials)
+  defp run(%{
+         "function" => "get_latest_resolvable_version",
+         "args" => [dir, dependency_name, credentials]
+       }) do
+    set_credentials(credentials)
+
+    run_script("check_update.exs", dir, [dependency_name])
   end
 
   defp run(%{"function" => "get_updated_lockfile", "args" => [dir, dependency_name, credentials]}) do
-    run_script("do_update.exs", dir, [dependency_name] ++ credentials)
+    set_credentials(credentials)
+
+    run_script("do_update.exs", dir, [dependency_name])
   end
 
   defp run_script(script, dir, args \\ []) do
-    args = [
-      "run",
-      "--no-deps-check",
-      "--no-start",
-      "--no-compile",
-      "--no-elixir-version-check",
-      script
-    ] ++ args
+    args =
+      [
+        "run",
+        "--no-deps-check",
+        "--no-start",
+        "--no-compile",
+        "--no-elixir-version-check",
+        script
+      ] ++ args
 
     System.cmd(
       "mix",
       args,
-      [
-        cd: dir,
-        env: %{
-          "MIX_EXS" => nil,
-          "MIX_LOCK" => nil,
-          "MIX_DEPS" => nil
-        }
-      ]
+      cd: dir,
+      env: %{
+        "MIX_EXS" => nil,
+        "MIX_LOCK" => nil,
+        "MIX_DEPS" => nil
+      }
     )
   end
+
+  defp set_credentials([]), do: :ok
+
+  defp set_credentials(["hex_organization", organization, token | tail]) do
+    url =
+      "hexpm"
+      |> Hex.Repo.get_repo()
+      |> Map.fetch!(:url)
+      |> URI.merge("/repos/#{organization}")
+      |> to_string()
+
+    update_repos("hexpm:#{organization}", %{url: url, public_key: nil, auth_key: token})
+
+    set_credentials(tail)
+  end
+
+  defp set_credentials(["hex_repository", repo, url, auth_key, fingerprint | tail]) do
+    case fetch_public_key(repo, url, auth_key, fingerprint) do
+      {:ok, public_key} ->
+        update_repos(repo, %{auth_key: auth_key, public_key: public_key, url: url})
+
+        set_credentials(tail)
+
+      error ->
+        handle_result(error)
+    end
+  end
+
+  defp set_credentials([_mode, org_or_url | _]) do
+    handle_result({:error, "Missing credentials for \"#{org_or_url}\""})
+  end
+
+  defp update_repos(name, opts) do
+    Hex.Config.read()
+    |> Hex.Config.read_repos()
+    |> Map.put(name, opts)
+    |> Hex.Config.update_repos()
+  end
+
+  defp fetch_public_key(repo, repo_url, auth_key, fingerprint) do
+    case Hex.Repo.get_public_key(repo_url, auth_key) do
+      {:ok, {200, key, _}} ->
+        if public_key_matches?(key, fingerprint) do
+          {:ok, key}
+        else
+          {:error, "Public key fingerprint mismatch for repo \"#{repo}\""}
+        end
+
+      {:ok, {code, _, _}} ->
+        {:error, "Downloading public key for repo \"#{repo}\" failed with code: #{inspect(code)}"}
+
+      other ->
+        {:error, "Downloading public key for repo \"#{repo}\" failed: #{inspect(other)}"}
+    end
+  end
+
+  defp public_key_matches?(_public_key, _fingerprint = ""), do: true
+
+  defp public_key_matches?(public_key, fingerprint) do
+    public_key =
+      public_key
+      |> :public_key.pem_decode()
+      |> List.first()
+      |> :public_key.pem_entry_decode()
+
+    decoded_fingerprint =
+      :sha256
+      |> :ssh.hostkey_fingerprint(public_key)
+      |> List.to_string()
+
+    decoded_fingerprint == fingerprint
+  end
 end
 
 DependencyHelper.main()

data/helpers/mix.lock

@@ -1,3 +1,3 @@
 %{
-  "jason": {:hex, :jason, "1.3.0", "fa6b82a934feb176263ad2df0dbd91bf633d4a46ebfdffea0c8ae82953714946", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "53fc1f51255390e0ec7e50f9cb41e751c260d065dcba2bf0d08dc51a4002c2ac"},
+  "jason": {:hex, :jason, "1.4.0", "e855647bc964a44e2f67df589ccf49105ae039d4179db7f6271dfd3843dc27e6", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "79a3791085b2a0f743ca04cec0f7be26443738779d09302e01318f97bdb82121"},
 }

data/lib/dependabot/hex/credential_helpers.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Dependabot
+  module Hex
+    module CredentialHelpers
+      def self.hex_credentials(credentials)
+        organization_credentials(credentials) + repo_credentials(credentials)
+      end
+
+      def self.organization_credentials(credentials)
+        defaults = { "organization" => "", "token" => "" }
+        keys = %w(type organization token)
+
+        credentials.
+          select { |cred| cred["type"] == "hex_organization" }.
+          flat_map { |cred| defaults.merge(cred).slice(*keys).values }
+      end
+
+      def self.repo_credentials(credentials)
+        # Credentials are serialized as an array that may not have optional fields. Using a
+        # default ensures that the array is always the same length, even if values are empty.
+        defaults = { "url" => "", "auth_key" => "", "public_key_fingerprint" => "" }
+        keys = %w(type repo url auth_key public_key_fingerprint)
+
+        credentials.
+          select { |cred| cred["type"] == "hex_repository" }.
+          flat_map { |cred| defaults.merge(cred).slice(*keys).values }
+      end
+    end
+  end
+end

data/lib/dependabot/hex/file_fetcher.rb

@@ -6,12 +6,11 @@ require "dependabot/file_fetchers/base"
 module Dependabot
   module Hex
     class FileFetcher < Dependabot::FileFetchers::Base
-      APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m.freeze
+      APPS_PATH_REGEX = /apps_path:\s*"(?<path>.*?)"/m
       STRING_ARG = %{(?:["'](.*?)["'])}
       SUPPORTED_METHODS = %w(eval_file require_file).join("|").freeze
-      SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/.
-                     freeze
-      PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/.freeze
+      SUPPORT_FILE = /Code\.(?:#{SUPPORTED_METHODS})\(#{STRING_ARG}(?:\s*,\s*#{STRING_ARG})?\)/
+      PATH_DEPS_REGEX = /{.*path: ?#{STRING_ARG}.*}/
 
       def self.required_files_in?(filenames)
         filenames.include?("mix.exs")

data/lib/dependabot/hex/file_updater/lockfile_updater.rb

@@ -4,8 +4,9 @@ require "dependabot/hex/file_updater"
 require "dependabot/hex/file_updater/mixfile_updater"
 require "dependabot/hex/file_updater/mixfile_sanitizer"
 require "dependabot/hex/file_updater/mixfile_requirement_updater"
-require "dependabot/hex/version"
+require "dependabot/hex/credential_helpers"
 require "dependabot/hex/native_helpers"
+require "dependabot/hex/version"
 require "dependabot/shared_helpers"
 
 module Dependabot
@@ -29,7 +30,7 @@ module Dependabot
                   env: mix_env,
                   command: "mix run #{elixir_helper_path}",
                   function: "get_updated_lockfile",
-                  args: [Dir.pwd, dependency.name, organization_credentials]
+                  args: [Dir.pwd, dependency.name, CredentialHelpers.hex_credentials(credentials)]
                 )
               end
             end
@@ -131,11 +132,6 @@ module Dependabot
         def lockfile
           @lockfile ||= dependency_files.find { |f| f.name == "mix.lock" }
         end
-
-        def organization_credentials
-          credentials.select { |cred| cred["type"] == "hex_organization" }.
-            flat_map { |cred| [cred["organization"], cred.fetch("token", "")] }
-        end
       end
     end
   end

data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb

@@ -11,17 +11,15 @@ module Dependabot
           @mixfile_content = mixfile_content
         end
 
-        FILE_READ      = /File.read\(.*?\)/.freeze
-        FILE_READ_BANG = /File.read!\(.*?\)/.freeze
+        FILE_READ      = /File.read\(.*?\)/
+        FILE_READ_BANG = /File.read!\(.*?\)/
         PIPE           = Regexp.escape("|>").freeze
-        VERSION_FILE   = /"VERSION"/i.freeze
-
-        NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/.freeze
-        NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/.freeze
-        PIPED_VERSION_FILE_READ =
-          /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/.freeze
-        PIPED_VERSION_FILE_READ_BANG =
-          /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/.freeze
+        VERSION_FILE   = /"VERSION"/i
+
+        NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/
+        NESTED_VERSION_FILE_READ_BANG = /String\.trim\(#{FILE_READ_BANG}\)/
+        PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/
+        PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/
 
         # rubocop:disable Performance/MethodObjectAsBlock
         def sanitized_content

data/lib/dependabot/hex/requirement.rb

@@ -6,8 +6,8 @@ require "dependabot/hex/version"
 module Dependabot
   module Hex
     class Requirement < Gem::Requirement
-      AND_SEPARATOR = /\s+and\s+/.freeze
-      OR_SEPARATOR = /\s+or\s+/.freeze
+      AND_SEPARATOR = /\s+and\s+/
+      OR_SEPARATOR = /\s+or\s+/
 
       # Add the double-equality matcher to the list of allowed operations
       OPS = OPS.merge("==" => ->(v, r) { v == r })
@@ -15,7 +15,7 @@ module Dependabot
       # Override the version pattern to allow local versions
       quoted = OPS.keys.map { |k| Regexp.quote k }.join "|"
       PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Hex::Version::VERSION_PATTERN})\\s*"
-      PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+      PATTERN = /\A#{PATTERN_RAW}\z/
 
       # Returns an array of requirements. At least one requirement from the
       # returned array must be satisfied for a version to be valid.

data/lib/dependabot/hex/update_checker/requirements_updater.rb

@@ -8,10 +8,10 @@ module Dependabot
   module Hex
     class UpdateChecker
       class RequirementsUpdater
-        OPERATORS = />=|<=|>|<|==|~>/.freeze
-        AND_SEPARATOR = /\s+and\s+/.freeze
-        OR_SEPARATOR = /\s+or\s+/.freeze
-        SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/.freeze
+        OPERATORS = />=|<=|>|<|==|~>/
+        AND_SEPARATOR = /\s+and\s+/
+        OR_SEPARATOR = /\s+or\s+/
+        SEPARATOR = /#{AND_SEPARATOR}|#{OR_SEPARATOR}/
 
         def initialize(requirements:, latest_resolvable_version:,
                        updated_source:)

data/lib/dependabot/hex/update_checker/version_resolver.rb

@@ -2,6 +2,7 @@
 
 require "dependabot/hex/version"
 require "dependabot/hex/update_checker"
+require "dependabot/hex/credential_helpers"
 require "dependabot/hex/native_helpers"
 require "dependabot/hex/file_updater/mixfile_sanitizer"
 require "dependabot/shared_helpers"
@@ -32,10 +33,7 @@ module Dependabot
           latest_resolvable_version =
             SharedHelpers.in_a_temporary_directory do
               write_temporary_sanitized_dependency_files
-              FileUtils.cp(
-                elixir_helper_check_update_path,
-                "check_update.exs"
-              )
+              FileUtils.cp(elixir_helper_check_update_path, "check_update.exs")
 
               SharedHelpers.with_git_configured(credentials: credentials) do
                 run_elixir_update_checker
@@ -55,23 +53,31 @@ module Dependabot
             env: mix_env,
             command: "mix run #{elixir_helper_path}",
             function: "get_latest_resolvable_version",
-            args: [Dir.pwd,
-                   dependency.name,
-                   organization_credentials],
+            args: [Dir.pwd, dependency.name, CredentialHelpers.hex_credentials(credentials)],
             stderr_to_stdout: true
           )
         end
 
         def handle_hex_errors(error)
-          if error.message.include?("No authenticated organization found")
-            org = error.message.match(/found for ([a-z_]+)\./).captures.first
-            raise Dependabot::PrivateSourceAuthenticationFailure, org
+          if (match = error.message.match(/No authenticated organization found for (?<repo>[a-z_]+)\./))
+            raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
           end
 
-          if error.message.include?("Failed to fetch record for")
-            org_match = error.message.match(%r{for 'hexpm:([a-z_]+)/})
-            org = org_match&.captures&.first
-            raise Dependabot::PrivateSourceAuthenticationFailure, org if org
+          if (match = error.message.match(/Public key fingerprint mismatch for repo "(?<repo>[a-z_]+)"/))
+            raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
+          end
+
+          if (match = error.message.match(/Missing credentials for "(?<repo>[a-z_]+)"/))
+            raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
+          end
+
+          if (match = error.message.match(/Downloading public key for repo "(?<repo>[a-z_]+)"/))
+            raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
+          end
+
+          if (match = error.message.match(/Failed to fetch record for '(?<repo>[a-z_]+)(?::(?<org>[a-z_]+))?/))
+            name = match[:org] || match[:repo]
+            raise Dependabot::PrivateSourceAuthenticationFailure, name
           end
 
           # TODO: Catch the warnings as part of the Elixir module. This happens
@@ -171,12 +177,6 @@ module Dependabot
         def elixir_helper_check_update_path
           File.join(NativeHelpers.hex_helpers_dir, "lib/check_update.exs")
         end
-
-        def organization_credentials
-          credentials.
-            select { |cred| cred["type"] == "hex_organization" }.
-            flat_map { |cred| [cred["organization"], cred.fetch("token", "")] }
-        end
       end
     end
   end

data/lib/dependabot/hex/update_checker.rb

@@ -231,7 +231,7 @@ module Dependabot
       # rubocop:enable Metrics/PerceivedComplexity
 
       def filter_lower_versions(versions_array)
-        return versions_array unless current_version && version_class.correct?(current_version)
+        return versions_array unless current_version
 
         versions_array.select do |version|
           version > current_version
@@ -251,12 +251,6 @@ module Dependabot
         nil
       end
 
-      def current_version
-        return unless dependency.version && version_class.correct?(dependency.version)
-
-        version_class.new(dependency.version)
-      end
-
       def wants_prerelease?
         return true if current_version&.prerelease?
 

data/lib/dependabot/hex/version.rb

@@ -13,7 +13,7 @@ module Dependabot
       attr_reader :build_info
 
       VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 
       def self.correct?(version)
         return false if version.nil?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.212.0
+  version: 0.214.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-09-06 00:00:00.000000000 Z
+date: 2022-12-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
+        version: 0.214.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.212.0
-- !ruby/object:Gem::Dependency
-  name: debase
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-- !ruby/object:Gem::Dependency
-  name: debase-ruby_core_source
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
+        version: 0.214.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,42 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.36.0
+        version: 1.39.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.36.0
+        version: 1.39.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.14.2
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.14.2
-- !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -263,6 +221,7 @@ files:
 - helpers/mix.exs
 - helpers/mix.lock
 - lib/dependabot/hex.rb
+- lib/dependabot/hex/credential_helpers.rb
 - lib/dependabot/hex/file_fetcher.rb
 - lib/dependabot/hex/file_parser.rb
 - lib/dependabot/hex/file_updater.rb
@@ -291,14 +250,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: Elixir (Hex) support for dependabot