dependabot-hex 0.238.0 → 0.240.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b44d5c3d524733c7b28ecdeaa99462fe41ac4212fe6bfa988c7425030b3663dc
-  data.tar.gz: eda9eccaa02bdd5ed9ee851b6a641d7656d1fa8d16c8373649c939b17f296e7a
+  metadata.gz: 183154e04944b2c490358bb272fae7d08805c87d2499f98b2b8fae7b5227ccd9
+  data.tar.gz: f5ac8e0c8281b5476a1e6baca04781e60f0c55b5828f810cc5bfe9afcdd8e454
 SHA512:
-  metadata.gz: 4dcaf18bc2a3e96f96fc0577669baa9a2fb941478c2a02e1615c4ac84724febe0211676657bc14eb7da15c99c33b42046f057ba502f0e76cd59dabb4a15bcf44
-  data.tar.gz: e7b4b43771d7dbf180faed96d1ae723b9756f49ca01a96fadae1bd7b5ddfdb28eda058d1e5c32c93bfa8c447846e9d858e3cf2ba3f1c3d40523f163328d73f2a
+  metadata.gz: e3284fe92b02da30b7144976662182003851f3921112d8d945cfbd81d72199ba025bdf40e0d0d1d1d2165ccffbc97be6ef35727986515469c18ec30ed967281a
+  data.tar.gz: a48279758cfa1d58ae7adf7ca6cde91dc38bd243f91c714b9da4933c21c2d6664217c24bffc4b2d87cc38a6a9f006d72d744e1108b2f8c4d7763058e40262a32

data/helpers/build

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -e
 

data/helpers/lib/run.exs

@@ -118,7 +118,7 @@ defmodule DependencyHelper do
   end
 
   defp fetch_public_key(repo, repo_url, auth_key, fingerprint) do
-    case Hex.Repo.get_public_key(repo_url, auth_key) do
+    case Hex.Repo.get_public_key(%{trusted: true, url: repo_url, auth_key: auth_key}) do
       {:ok, {200, key, _}} ->
         if public_key_matches?(key, fingerprint) do
           {:ok, key}

data/lib/dependabot/hex/requirement.rb

@@ -1,12 +1,17 @@
 # typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
+require "dependabot/requirement"
 require "dependabot/utils"
 require "dependabot/hex/version"
 
 module Dependabot
   module Hex
-    class Requirement < Gem::Requirement
+    class Requirement < Dependabot::Requirement
+      extend T::Sig
+
       AND_SEPARATOR = /\s+and\s+/
       OR_SEPARATOR = /\s+or\s+/
 
@@ -20,8 +25,9 @@ module Dependabot
 
       # Returns an array of requirements. At least one requirement from the
       # returned array must be satisfied for a version to be valid.
+      sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
       def self.requirements_array(requirement_string)
-        requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
+        T.must(requirement_string).strip.split(OR_SEPARATOR).map do |req_string|
           requirements = req_string.strip.split(AND_SEPARATOR)
           new(requirements)
         end
@@ -48,7 +54,7 @@ module Dependabot
 
         return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
 
-        [matches[1] || "=", Hex::Version.new(matches[2])]
+        [matches[1] || "=", Hex::Version.new(T.must(matches[2]))]
       end
 
       def satisfied_by?(version)

data/lib/dependabot/hex/update_checker/version_resolver.rb

@@ -76,7 +76,7 @@ module Dependabot
             raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
           end
 
-          if (match = error.message.match(/Failed to fetch record for '(?<repo>[a-z_]+)(?::(?<org>[a-z_]+))?/))
+          if (match = error.message.match(/Failed to fetch record for (?<repo>[a-z_]+)(?::(?<org>[a-z_]+))?/))
             name = match[:org] || match[:repo]
             raise Dependabot::PrivateSourceAuthenticationFailure, name
           end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.238.0
+  version: 0.240.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-12-07 00:00:00.000000000 Z
+date: 2024-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.238.0
+        version: 0.240.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.238.0
+        version: 0.240.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.57.2
+        version: 1.58.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.57.2
+        version: 1.58.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -206,6 +206,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.18'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.7'
 description: Dependabot-Hex provides support for bumping Elixir (hex) packages via
   Dependabot. If you want support for multiple package managers, you probably want
   the meta-gem dependabot-omnibus.
@@ -244,7 +258,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
 post_install_message: 
 rdoc_options: []
 require_paths: