dependabot-hex 0.230.0 → 0.232.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 27f1f6c28d4ee1d575abf61d2cb7ed03a14a7ea22671992d290079a9c90aa884
4
- data.tar.gz: a5fdf7d6c69b62362b3cff31b5ce344fcbebddd6e641e21d99e172c400d78232
3
+ metadata.gz: 3c4e725a49570b74af51d9a38ff83e0c70ec2b402056fe8444601d04a7936f42
4
+ data.tar.gz: 74dab06801b40fa379455542723541c8e29face859a2c788c94b7f58aaf71812
5
5
  SHA512:
6
- metadata.gz: 3cbb801deb8706ae7bfccb701480fed8a4ae7ddb43b0a4b2b8b13655c586281e692088a8e935f734279c495e6470ed7bfa1eee1b3092608b93a3c10c9535eef5
7
- data.tar.gz: 4fb4f6e8d4b2dc8ab967cfbd648874677a3ef2e9498ef09faa7392a246956d07107b0e6cc7bf2e2b5a014415a93b0f358daa7efdc9955a4ad4c9f2c6f02fe626
6
+ metadata.gz: 8283cc495e59ffe4b17c2e8964e8d74b7c1f01c30cf4b227f238a2550968b3f13c4bde86bfd2b8b87fa6af21421f0c5e5136707bbbe84c0de59add4503d8a1d1
7
+ data.tar.gz: 90dae00bcf4026eeb18350b1c9ffd5c7d57c1d8410b8c14a6881c6da8b8b7e6e8f3cd92e6f4f8270d12fd3fb52454e98bce55028aa2352f802920962ef27bd65
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  module Dependabot
@@ -11,9 +12,9 @@ module Dependabot
11
12
  defaults = { "organization" => "", "token" => "" }
12
13
  keys = %w(type organization token)
13
14
 
14
- credentials.
15
- select { |cred| cred["type"] == "hex_organization" }.
16
- flat_map { |cred| defaults.merge(cred).slice(*keys).values }
15
+ credentials
16
+ .select { |cred| cred["type"] == "hex_organization" }
17
+ .flat_map { |cred| defaults.merge(cred).slice(*keys).values }
17
18
  end
18
19
 
19
20
  def self.repo_credentials(credentials)
@@ -22,9 +23,9 @@ module Dependabot
22
23
  defaults = { "url" => "", "auth_key" => "", "public_key_fingerprint" => "" }
23
24
  keys = %w(type repo url auth_key public_key_fingerprint)
24
25
 
25
- credentials.
26
- select { |cred| cred["type"] == "hex_repository" }.
27
- flat_map { |cred| defaults.merge(cred).slice(*keys).values }
26
+ credentials
27
+ .select { |cred| cred["type"] == "hex_repository" }
28
+ .flat_map { |cred| defaults.merge(cred).slice(*keys).values }
28
29
  end
29
30
  end
30
31
  end
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/file_fetchers"
@@ -48,13 +49,13 @@ module Dependabot
48
49
  end
49
50
 
50
51
  def umbrella_app_directories
51
- apps_path = mixfile.content.match(APPS_PATH_REGEX)&.
52
- named_captures&.fetch("path")
52
+ apps_path = mixfile.content.match(APPS_PATH_REGEX)
53
+ &.named_captures&.fetch("path")
53
54
  return [] unless apps_path
54
55
 
55
- repo_contents(dir: apps_path).
56
- select { |f| f.type == "dir" }.
57
- map { |f| File.join(apps_path, f.name) }
56
+ repo_contents(dir: apps_path)
57
+ .select { |f| f.type == "dir" }
58
+ .map { |f| File.join(apps_path, f.name) }
58
59
  end
59
60
 
60
61
  def sub_project_directories
@@ -87,8 +88,8 @@ module Dependabot
87
88
  mixfile_dir = mixfile.path.to_s.delete_prefix("/").delete_suffix("/mix.exs")
88
89
 
89
90
  mixfile.content.gsub("__DIR__", "\"#{mixfile_dir}\"").scan(SUPPORT_FILE).map do |support_file_args|
90
- path = Pathname.new(File.join(*support_file_args.compact.reverse)).
91
- cleanpath.to_path
91
+ path = Pathname.new(File.join(*support_file_args.compact.reverse))
92
+ .cleanpath.to_path
92
93
  fetch_file_from_host(path).tap { |f| f.support_file = true }
93
94
  end
94
95
  end
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/dependency"
@@ -59,9 +60,9 @@ module Dependabot
59
60
  end
60
61
  rescue Dependabot::SharedHelpers::HelperSubprocessFailed => e
61
62
  result_json =
62
- e.message.lines.
63
- drop_while { |l| !l.start_with?('{"result":') }.
64
- join
63
+ e.message.lines
64
+ .drop_while { |l| !l.start_with?('{"result":') }
65
+ .join
65
66
 
66
67
  raise DependencyFileNotEvaluatable, e.message if result_json.empty?
67
68
 
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/file_updater"
@@ -85,8 +86,8 @@ module Dependabot
85
86
  end
86
87
 
87
88
  def lock_mixfile_dependency_versions(mixfile_content, filename)
88
- dependencies.
89
- reduce(mixfile_content.dup) do |content, dep|
89
+ dependencies
90
+ .reduce(mixfile_content.dup) do |content, dep|
90
91
  # Run on the updated mixfile content, so we're updating from the
91
92
  # updated requirements
92
93
  req_details = dep.requirements.find { |r| r[:file] == filename }
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/file_updater"
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/file_updater"
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/file_updater"
@@ -23,9 +24,9 @@ module Dependabot
23
24
 
24
25
  # rubocop:disable Performance/MethodObjectAsBlock
25
26
  def sanitized_content
26
- mixfile_content.
27
- then(&method(:prevent_version_file_loading)).
28
- then(&method(:prevent_config_path_loading))
27
+ mixfile_content
28
+ .then(&method(:prevent_version_file_loading))
29
+ .then(&method(:prevent_config_path_loading))
29
30
  end
30
31
  # rubocop:enable Performance/MethodObjectAsBlock
31
32
 
@@ -34,16 +35,16 @@ module Dependabot
34
35
  attr_reader :mixfile_content
35
36
 
36
37
  def prevent_version_file_loading(configuration)
37
- configuration.
38
- gsub(NESTED_VERSION_FILE_READ_BANG, 'String.trim("0.0.1")').
39
- gsub(NESTED_VERSION_FILE_READ, 'String.trim({:ok, "0.0.1"})').
40
- gsub(PIPED_VERSION_FILE_READ, '{:ok, "0.0.1"}').
41
- gsub(PIPED_VERSION_FILE_READ_BANG, '"0.0.1"')
38
+ configuration
39
+ .gsub(NESTED_VERSION_FILE_READ_BANG, 'String.trim("0.0.1")')
40
+ .gsub(NESTED_VERSION_FILE_READ, 'String.trim({:ok, "0.0.1"})')
41
+ .gsub(PIPED_VERSION_FILE_READ, '{:ok, "0.0.1"}')
42
+ .gsub(PIPED_VERSION_FILE_READ_BANG, '"0.0.1"')
42
43
  end
43
44
 
44
45
  def prevent_config_path_loading(configuration)
45
- configuration.
46
- gsub(/^\s*config_path:.*(?:,|$)/, "")
46
+ configuration
47
+ .gsub(/^\s*config_path:.*(?:,|$)/, "")
47
48
  end
48
49
  end
49
50
  end
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/file_updater"
@@ -14,9 +15,9 @@ module Dependabot
14
15
  end
15
16
 
16
17
  def updated_mixfile_content
17
- dependencies.
18
- select { |dep| requirement_changed?(mixfile, dep) }.
19
- reduce(mixfile.content.dup) do |content, dep|
18
+ dependencies
19
+ .select { |dep| requirement_changed?(mixfile, dep) }
20
+ .reduce(mixfile.content.dup) do |content, dep|
20
21
  updated_content = content
21
22
 
22
23
  updated_content = update_requirement(
@@ -50,13 +51,13 @@ module Dependabot
50
51
 
51
52
  def update_requirement(content:, filename:, dependency:)
52
53
  updated_req =
53
- dependency.requirements.find { |r| r[:file] == filename }.
54
- fetch(:requirement)
54
+ dependency.requirements.find { |r| r[:file] == filename }
55
+ .fetch(:requirement)
55
56
 
56
57
  old_req =
57
- dependency.previous_requirements.
58
- find { |r| r[:file] == filename }.
59
- fetch(:requirement)
58
+ dependency.previous_requirements
59
+ .find { |r| r[:file] == filename }
60
+ .fetch(:requirement)
60
61
 
61
62
  return content unless old_req
62
63
 
@@ -70,13 +71,13 @@ module Dependabot
70
71
 
71
72
  def update_git_pin(content:, filename:, dependency:)
72
73
  updated_pin =
73
- dependency.requirements.find { |r| r[:file] == filename }&.
74
- dig(:source, :ref)
74
+ dependency.requirements.find { |r| r[:file] == filename }
75
+ &.dig(:source, :ref)
75
76
 
76
77
  old_pin =
77
- dependency.previous_requirements.
78
- find { |r| r[:file] == filename }&.
79
- dig(:source, :ref)
78
+ dependency.previous_requirements
79
+ .find { |r| r[:file] == filename }
80
+ &.dig(:source, :ref)
80
81
 
81
82
  return content unless old_pin
82
83
  return content if old_pin == updated_pin
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/file_updaters"
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -31,8 +32,8 @@ module Dependabot
31
32
 
32
33
  def find_source_from_hex_listing
33
34
  potential_source_urls =
34
- SOURCE_KEYS.
35
- filter_map { |key| hex_listing.dig("meta", "links", key) }
35
+ SOURCE_KEYS
36
+ .filter_map { |key| hex_listing.dig("meta", "links", key) }
36
37
 
37
38
  source_url = potential_source_urls.find { |url| Source.from_url(url) }
38
39
  Source.from_url(source_url)
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  module Dependabot
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/utils"
@@ -59,5 +60,5 @@ module Dependabot
59
60
  end
60
61
  end
61
62
 
62
- Dependabot::Utils.
63
- register_requirement_class("hex", Dependabot::Hex::Requirement)
63
+ Dependabot::Utils
64
+ .register_requirement_class("hex", Dependabot::Hex::Requirement)
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/dependency_file"
@@ -64,8 +65,8 @@ module Dependabot
64
65
 
65
66
  def relax_version(content, filename:)
66
67
  old_requirement =
67
- dependency.requirements.find { |r| r.fetch(:file) == filename }.
68
- fetch(:requirement)
68
+ dependency.requirements.find { |r| r.fetch(:file) == filename }
69
+ .fetch(:requirement)
69
70
  updated_requirement = updated_version_requirement_string(filename)
70
71
 
71
72
  Hex::FileUpdater::MixfileRequirementUpdater.new(
@@ -90,21 +91,21 @@ module Dependabot
90
91
  # rubocop:disable Metrics/PerceivedComplexity
91
92
  # rubocop:disable Metrics/CyclomaticComplexity
92
93
  def updated_version_req_lower_bound(filename)
93
- original_req = dependency.requirements.
94
- find { |r| r.fetch(:file) == filename }&.
95
- fetch(:requirement)
94
+ original_req = dependency.requirements
95
+ .find { |r| r.fetch(:file) == filename }
96
+ &.fetch(:requirement)
96
97
 
97
98
  if original_req && !unlock_requirement? then original_req
98
99
  elsif dependency.version&.match?(/^[0-9a-f]{40}$/) then ">= 0"
99
100
  elsif dependency.version then ">= #{dependency.version}"
100
101
  else
101
102
  version_for_requirement =
102
- dependency.requirements.filter_map { |r| r[:requirement] }.
103
- reject { |req_string| req_string.start_with?("<") }.
104
- select { |req_string| req_string.match?(version_regex) }.
105
- map { |req_string| req_string.match(version_regex) }.
106
- select { |version| version_class.correct?(version.to_s) }.
107
- max_by { |version| version_class.new(version.to_s) }
103
+ dependency.requirements.filter_map { |r| r[:requirement] }
104
+ .reject { |req_string| req_string.start_with?("<") }
105
+ .select { |req_string| req_string.match?(version_regex) }
106
+ .map { |req_string| req_string.match(version_regex) }
107
+ .select { |version| version_class.correct?(version.to_s) }
108
+ .max_by { |version| version_class.new(version.to_s) }
108
109
 
109
110
  return ">= 0" unless version_for_requirement
110
111
 
@@ -121,8 +122,8 @@ module Dependabot
121
122
 
122
123
  def replace_git_pin(content, filename:)
123
124
  old_pin =
124
- dependency.requirements.find { |r| r.fetch(:file) == filename }&.
125
- dig(:source, :ref)
125
+ dependency.requirements.find { |r| r.fetch(:file) == filename }
126
+ &.dig(:source, :ref)
126
127
 
127
128
  return content unless old_pin
128
129
  return content if old_pin == replacement_git_pin
@@ -143,8 +144,8 @@ module Dependabot
143
144
 
144
145
  def mixfiles
145
146
  mixfiles =
146
- dependency_files.
147
- select { |f| f.name.end_with?("mix.exs") }
147
+ dependency_files
148
+ .select { |f| f.name.end_with?("mix.exs") }
148
149
  raise "No mix.exs!" if mixfiles.none?
149
150
 
150
151
  mixfiles
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/version"
@@ -40,8 +41,8 @@ module Dependabot
40
41
  return req if req_satisfied_by_latest_resolvable?(req[:requirement])
41
42
 
42
43
  or_string_reqs = req[:requirement].split(OR_SEPARATOR)
43
- last_string_reqs = or_string_reqs.last.split(AND_SEPARATOR).
44
- map(&:strip)
44
+ last_string_reqs = or_string_reqs.last.split(AND_SEPARATOR)
45
+ .map(&:strip)
45
46
 
46
47
  new_requirement =
47
48
  if last_string_reqs.any? { |r| r.match(/^(?:\d|=)/) }
@@ -70,8 +71,8 @@ module Dependabot
70
71
  end
71
72
 
72
73
  def req_satisfied_by_latest_resolvable?(requirement_string)
73
- ruby_requirements(requirement_string).
74
- any? { |r| r.satisfied_by?(latest_resolvable_version) }
74
+ ruby_requirements(requirement_string)
75
+ .any? { |r| r.satisfied_by?(latest_resolvable_version) }
75
76
  end
76
77
 
77
78
  def ruby_requirements(requirement_string)
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/hex/version"
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -168,8 +169,8 @@ module Dependabot
168
169
  def fetch_latest_resolvable_version(unlock_requirement:)
169
170
  @latest_resolvable_version_hash ||= {}
170
171
  @latest_resolvable_version_hash[unlock_requirement] ||=
171
- version_resolver(unlock_requirement: unlock_requirement).
172
- latest_resolvable_version
172
+ version_resolver(unlock_requirement: unlock_requirement)
173
+ .latest_resolvable_version
173
174
  end
174
175
 
175
176
  def version_resolver(unlock_requirement:)
@@ -206,9 +207,9 @@ module Dependabot
206
207
  begin
207
208
  versions = hex_registry_response&.fetch("releases", []) || []
208
209
  versions =
209
- versions.
210
- select { |release| version_class.correct?(release["version"]) }.
211
- map { |release| version_class.new(release["version"]) }
210
+ versions
211
+ .select { |release| version_class.correct?(release["version"]) }
212
+ .map { |release| version_class.new(release["version"]) }
212
213
 
213
214
  versions.reject!(&:prerelease?) unless wants_prerelease?
214
215
 
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/version"
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  # These all need to be required so the various classes can be registered in a
@@ -11,8 +12,8 @@ require "dependabot/hex/requirement"
11
12
  require "dependabot/hex/version"
12
13
 
13
14
  require "dependabot/pull_request_creator/labeler"
14
- Dependabot::PullRequestCreator::Labeler.
15
- register_label_details("hex", name: "elixir", colour: "9380dd")
15
+ Dependabot::PullRequestCreator::Labeler
16
+ .register_label_details("hex", name: "elixir", colour: "9380dd")
16
17
 
17
18
  require "dependabot/dependency"
18
19
  Dependabot::Dependency.register_production_check(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.230.0
4
+ version: 0.232.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-08 00:00:00.000000000 Z
11
+ date: 2023-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.230.0
19
+ version: 0.232.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.230.0
26
+ version: 0.232.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-sorbet
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.7.3
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.7.3
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: stackprof
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -216,7 +230,7 @@ licenses:
216
230
  - Nonstandard
217
231
  metadata:
218
232
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
219
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.230.0
233
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
220
234
  post_install_message:
221
235
  rdoc_options: []
222
236
  require_paths: