dependabot-hex 0.259.0 → 0.261.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb +15 -1
- data/lib/dependabot/hex/file_updater.rb +19 -9
- data/lib/dependabot/hex/metadata_finder.rb +13 -5
- data/lib/dependabot/hex/native_helpers.rb +7 -1
- data/lib/dependabot/hex/update_checker/file_preparer.rb +6 -2
- data/lib/dependabot/hex/version.rb +7 -3
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b7a1982afe65fa3a20dc24e88e76ccb71e14504f542e53871d8cbb043ddc69db
|
4
|
+
data.tar.gz: 649fe3b1df9d36d3bf06afc7a0b21013ac57d72be6724b2b6428c8ebd50d3cbb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4ac067d549efcb29b1264fc56191592c5b19a2527973cb534143d24a71c1edc313c116360ebca81e1b95cd03c6838c044298dfb1c15a54d7fd1b9e4400855023
|
7
|
+
data.tar.gz: daae200036c3f100ae25c08bbe1989df254bab20c37a3e6db8257fce4dc9e23a71163b7cc0ffbf4bfb932289bfe13e12ddd67c5af4d0025b722c1325e8a031a8
|
@@ -1,13 +1,17 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/hex/file_updater"
|
5
5
|
require "dependabot/shared_helpers"
|
6
|
+
require "sorbet-runtime"
|
6
7
|
|
7
8
|
module Dependabot
|
8
9
|
module Hex
|
9
10
|
class FileUpdater
|
10
11
|
class MixfileGitPinUpdater
|
12
|
+
extend T::Sig
|
13
|
+
|
14
|
+
sig { params(dependency_name: String, mixfile_content: String, previous_pin: String, updated_pin: String).void }
|
11
15
|
def initialize(dependency_name:, mixfile_content:,
|
12
16
|
previous_pin:, updated_pin:)
|
13
17
|
@dependency_name = dependency_name
|
@@ -16,6 +20,7 @@ module Dependabot
|
|
16
20
|
@updated_pin = updated_pin
|
17
21
|
end
|
18
22
|
|
23
|
+
sig { returns(String) }
|
19
24
|
def updated_content
|
20
25
|
updated_content = update_pin(mixfile_content)
|
21
26
|
|
@@ -26,11 +31,19 @@ module Dependabot
|
|
26
31
|
|
27
32
|
private
|
28
33
|
|
34
|
+
sig { returns(String) }
|
29
35
|
attr_reader :dependency_name
|
36
|
+
|
37
|
+
sig { returns(String) }
|
30
38
|
attr_reader :mixfile_content
|
39
|
+
|
40
|
+
sig { returns(String) }
|
31
41
|
attr_reader :previous_pin
|
42
|
+
|
43
|
+
sig { returns(String) }
|
32
44
|
attr_reader :updated_pin
|
33
45
|
|
46
|
+
sig { params(content: String).returns(String) }
|
34
47
|
def update_pin(content)
|
35
48
|
requirement_line_regex =
|
36
49
|
/
|
@@ -43,6 +56,7 @@ module Dependabot
|
|
43
56
|
end
|
44
57
|
end
|
45
58
|
|
59
|
+
sig { returns(T::Boolean) }
|
46
60
|
def content_should_change?
|
47
61
|
previous_pin == updated_pin
|
48
62
|
end
|
@@ -1,16 +1,20 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/file_updaters"
|
5
5
|
require "dependabot/file_updaters/base"
|
6
6
|
require "dependabot/shared_helpers"
|
7
|
+
require "sorbet-runtime"
|
7
8
|
|
8
9
|
module Dependabot
|
9
10
|
module Hex
|
10
11
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
12
|
+
extend T::Sig
|
13
|
+
|
11
14
|
require_relative "file_updater/mixfile_updater"
|
12
15
|
require_relative "file_updater/lockfile_updater"
|
13
16
|
|
17
|
+
sig { override.returns(T::Array[Regexp]) }
|
14
18
|
def self.updated_files_regex
|
15
19
|
[
|
16
20
|
/^mix\.exs$/,
|
@@ -18,6 +22,7 @@ module Dependabot
|
|
18
22
|
]
|
19
23
|
end
|
20
24
|
|
25
|
+
sig { override.returns(T::Array[Dependabot::DependencyFile]) }
|
21
26
|
def updated_dependency_files
|
22
27
|
updated_files = []
|
23
28
|
|
@@ -30,7 +35,7 @@ module Dependabot
|
|
30
35
|
|
31
36
|
if lockfile
|
32
37
|
updated_files <<
|
33
|
-
updated_file(file: lockfile, content: updated_lockfile_content)
|
38
|
+
updated_file(file: T.must(lockfile), content: updated_lockfile_content)
|
34
39
|
end
|
35
40
|
|
36
41
|
updated_files
|
@@ -38,10 +43,12 @@ module Dependabot
|
|
38
43
|
|
39
44
|
private
|
40
45
|
|
46
|
+
sig { override.void }
|
41
47
|
def check_required_files
|
42
48
|
raise "No mix.exs!" unless get_original_file("mix.exs")
|
43
49
|
end
|
44
50
|
|
51
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
45
52
|
def updated_mixfile_content(file)
|
46
53
|
MixfileUpdater.new(
|
47
54
|
dependencies: dependencies,
|
@@ -49,21 +56,24 @@ module Dependabot
|
|
49
56
|
).updated_mixfile_content
|
50
57
|
end
|
51
58
|
|
59
|
+
sig { returns(String) }
|
52
60
|
def updated_lockfile_content
|
53
|
-
@updated_lockfile_content ||=
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
61
|
+
@updated_lockfile_content ||= T.let(nil, T.nilable(String))
|
62
|
+
LockfileUpdater.new(
|
63
|
+
dependencies: dependencies,
|
64
|
+
dependency_files: dependency_files,
|
65
|
+
credentials: credentials
|
66
|
+
).updated_lockfile_content
|
59
67
|
end
|
60
68
|
|
69
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
61
70
|
def mixfiles
|
62
71
|
dependency_files.select { |f| f.name.end_with?("mix.exs") }
|
63
72
|
end
|
64
73
|
|
74
|
+
sig { returns(T.nilable(Dependabot::DependencyFile)) }
|
65
75
|
def lockfile
|
66
|
-
@lockfile ||= get_original_file("mix.lock")
|
76
|
+
@lockfile ||= T.let(get_original_file("mix.lock"), T.nilable(Dependabot::DependencyFile))
|
67
77
|
end
|
68
78
|
end
|
69
79
|
end
|
@@ -1,23 +1,27 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "excon"
|
5
5
|
require "dependabot/metadata_finders"
|
6
6
|
require "dependabot/metadata_finders/base"
|
7
7
|
require "dependabot/registry_client"
|
8
|
+
require "sorbet-runtime"
|
8
9
|
|
9
10
|
module Dependabot
|
10
11
|
module Hex
|
11
12
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
12
|
-
|
13
|
+
extend T::Sig
|
14
|
+
|
15
|
+
SOURCE_KEYS = T.let(%w(
|
13
16
|
GitHub Github github
|
14
17
|
GitLab Gitlab gitlab
|
15
18
|
BitBucket Bitbucket bitbucket
|
16
19
|
Source source
|
17
|
-
).freeze
|
20
|
+
).freeze, T::Array[String])
|
18
21
|
|
19
22
|
private
|
20
23
|
|
24
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
21
25
|
def look_up_source
|
22
26
|
case new_source_type
|
23
27
|
when "default" then find_source_from_hex_listing
|
@@ -26,19 +30,22 @@ module Dependabot
|
|
26
30
|
end
|
27
31
|
end
|
28
32
|
|
33
|
+
sig { returns(T.nilable(String)) }
|
29
34
|
def new_source_type
|
30
35
|
dependency.source_type
|
31
36
|
end
|
32
37
|
|
38
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
33
39
|
def find_source_from_hex_listing
|
34
40
|
potential_source_urls =
|
35
41
|
SOURCE_KEYS
|
36
|
-
.filter_map { |key| hex_listing.dig("meta", "links", key) }
|
42
|
+
.filter_map { |key| T.must(hex_listing).dig("meta", "links", key) }
|
37
43
|
|
38
44
|
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
39
45
|
Source.from_url(source_url)
|
40
46
|
end
|
41
47
|
|
48
|
+
sig { returns(T.nilable(Dependabot::Source)) }
|
42
49
|
def find_source_from_git_url
|
43
50
|
info = dependency.requirements.filter_map { |r| r[:source] }.first
|
44
51
|
|
@@ -46,11 +53,12 @@ module Dependabot
|
|
46
53
|
Source.from_url(url)
|
47
54
|
end
|
48
55
|
|
56
|
+
sig { returns(T.nilable(T::Hash[String, T.untyped])) }
|
49
57
|
def hex_listing
|
50
58
|
return @hex_listing unless @hex_listing.nil?
|
51
59
|
|
52
60
|
response = Dependabot::RegistryClient.get(url: "https://hex.pm/api/packages/#{dependency.name}")
|
53
|
-
@hex_listing = JSON.parse(response.body)
|
61
|
+
@hex_listing = T.let(JSON.parse(response.body), T.nilable(T::Hash[String, T.untyped]))
|
54
62
|
end
|
55
63
|
end
|
56
64
|
end
|
@@ -1,9 +1,14 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strong
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
module Dependabot
|
5
7
|
module Hex
|
6
8
|
module NativeHelpers
|
9
|
+
extend T::Sig
|
10
|
+
|
11
|
+
sig { returns(String) }
|
7
12
|
def self.hex_helpers_dir
|
8
13
|
helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
|
9
14
|
return File.join(helpers_root, "hex") unless helpers_root.nil?
|
@@ -11,6 +16,7 @@ module Dependabot
|
|
11
16
|
File.join(__dir__, "../../../../hex/helpers")
|
12
17
|
end
|
13
18
|
|
19
|
+
sig { params(path: String).returns(String) }
|
14
20
|
def self.clean_path(path)
|
15
21
|
Pathname.new(path).cleanpath.to_path
|
16
22
|
end
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/dependency_file"
|
5
7
|
require "dependabot/hex/update_checker"
|
6
8
|
require "dependabot/hex/file_updater/mixfile_requirement_updater"
|
@@ -14,6 +16,8 @@ module Dependabot
|
|
14
16
|
# This class takes a set of dependency files and sanitizes them for use
|
15
17
|
# in UpdateCheckers::Elixir::Hex.
|
16
18
|
class FilePreparer
|
19
|
+
extend T::Sig
|
20
|
+
|
17
21
|
def initialize(dependency_files:, dependency:,
|
18
22
|
unlock_requirement: true,
|
19
23
|
replacement_git_pin: nil,
|
@@ -179,7 +183,7 @@ module Dependabot
|
|
179
183
|
end
|
180
184
|
|
181
185
|
def version_regex
|
182
|
-
|
186
|
+
Dependabot::Hex::Version::VERSION_PATTERN
|
183
187
|
end
|
184
188
|
|
185
189
|
def dependency_appears_in_file?(file_name)
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/version"
|
5
7
|
require "dependabot/utils"
|
6
8
|
|
@@ -11,6 +13,8 @@ require "dependabot/utils"
|
|
11
13
|
module Dependabot
|
12
14
|
module Hex
|
13
15
|
class Version < Dependabot::Version
|
16
|
+
extend T::Sig
|
17
|
+
|
14
18
|
attr_reader :build_info
|
15
19
|
|
16
20
|
VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
|
@@ -40,7 +44,7 @@ module Dependabot
|
|
40
44
|
|
41
45
|
def <=>(other)
|
42
46
|
version_comparison = super(other)
|
43
|
-
return version_comparison unless version_comparison
|
47
|
+
return version_comparison unless version_comparison&.zero?
|
44
48
|
|
45
49
|
return build_info.nil? ? 0 : 1 unless other.is_a?(Hex::Version)
|
46
50
|
|
@@ -54,7 +58,7 @@ module Dependabot
|
|
54
58
|
|
55
59
|
local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
|
56
60
|
|
57
|
-
return local_comparison unless local_comparison
|
61
|
+
return local_comparison unless local_comparison&.zero?
|
58
62
|
|
59
63
|
lhsegments.count <=> rhsegments.count
|
60
64
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-hex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.261.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.261.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.261.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -272,7 +272,7 @@ licenses:
|
|
272
272
|
- MIT
|
273
273
|
metadata:
|
274
274
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
275
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
275
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
276
276
|
post_install_message:
|
277
277
|
rdoc_options: []
|
278
278
|
require_paths:
|