dependabot-hex 0.260.0 → 0.261.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb +15 -1
  3. data/lib/dependabot/hex/file_updater.rb +19 -9
  4. data/lib/dependabot/hex/metadata_finder.rb +13 -5
  5. data/lib/dependabot/hex/native_helpers.rb +7 -1
  6. data/lib/dependabot/hex/update_checker/file_preparer.rb +6 -2
  7. data/lib/dependabot/hex/version.rb +7 -3
  8. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 39dd9ca7f95a819b66edcc28326f4f0a95b1e3998d34722026c306a0b19fb800
4
- data.tar.gz: 1a55909dce2ef7233bfcf75b48885a4d7c6d0ada3e4a2f61ba285a6ee724de2a
3
+ metadata.gz: b7a1982afe65fa3a20dc24e88e76ccb71e14504f542e53871d8cbb043ddc69db
4
+ data.tar.gz: 649fe3b1df9d36d3bf06afc7a0b21013ac57d72be6724b2b6428c8ebd50d3cbb
5
5
  SHA512:
6
- metadata.gz: 7e319edb1873858b339c1bcdc7063a55e452f6c1d6d5b071e03b49079f9151dd8b4cf5723190d0ec0f349b624a98129a9e41b2debab8c160ae0d66929bb72738
7
- data.tar.gz: 46c804f5470f9fc7969fe24b9e1bf076737786215042baea77f457eac52e67a8c4775e7094dce8faef76675f6d62605fa5100f8d0324fd2e8b72422ed4a58fa2
6
+ metadata.gz: 4ac067d549efcb29b1264fc56191592c5b19a2527973cb534143d24a71c1edc313c116360ebca81e1b95cd03c6838c044298dfb1c15a54d7fd1b9e4400855023
7
+ data.tar.gz: daae200036c3f100ae25c08bbe1989df254bab20c37a3e6db8257fce4dc9e23a71163b7cc0ffbf4bfb932289bfe13e12ddd67c5af4d0025b722c1325e8a031a8
data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb CHANGED
@@ -1,13 +1,17 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/hex/file_updater"
5
5
  require "dependabot/shared_helpers"
6
+ require "sorbet-runtime"
6
7
 
7
8
  module Dependabot
8
9
  module Hex
9
10
  class FileUpdater
10
11
  class MixfileGitPinUpdater
12
+ extend T::Sig
13
+
14
+ sig { params(dependency_name: String, mixfile_content: String, previous_pin: String, updated_pin: String).void }
11
15
  def initialize(dependency_name:, mixfile_content:,
12
16
  previous_pin:, updated_pin:)
13
17
  @dependency_name = dependency_name
@@ -16,6 +20,7 @@ module Dependabot
16
20
  @updated_pin = updated_pin
17
21
  end
18
22
 
23
+ sig { returns(String) }
19
24
  def updated_content
20
25
  updated_content = update_pin(mixfile_content)
21
26
 
@@ -26,11 +31,19 @@ module Dependabot
26
31
 
27
32
  private
28
33
 
34
+ sig { returns(String) }
29
35
  attr_reader :dependency_name
36
+
37
+ sig { returns(String) }
30
38
  attr_reader :mixfile_content
39
+
40
+ sig { returns(String) }
31
41
  attr_reader :previous_pin
42
+
43
+ sig { returns(String) }
32
44
  attr_reader :updated_pin
33
45
 
46
+ sig { params(content: String).returns(String) }
34
47
  def update_pin(content)
35
48
  requirement_line_regex =
36
49
  /
@@ -43,6 +56,7 @@ module Dependabot
43
56
  end
44
57
  end
45
58
 
59
+ sig { returns(T::Boolean) }
46
60
  def content_should_change?
47
61
  previous_pin == updated_pin
48
62
  end
data/lib/dependabot/hex/file_updater.rb CHANGED
@@ -1,16 +1,20 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/file_updaters"
5
5
  require "dependabot/file_updaters/base"
6
6
  require "dependabot/shared_helpers"
7
+ require "sorbet-runtime"
7
8
 
8
9
  module Dependabot
9
10
  module Hex
10
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
+ extend T::Sig
13
+
11
14
  require_relative "file_updater/mixfile_updater"
12
15
  require_relative "file_updater/lockfile_updater"
13
16
 
17
+ sig { override.returns(T::Array[Regexp]) }
14
18
  def self.updated_files_regex
15
19
  [
16
20
  /^mix\.exs$/,
@@ -18,6 +22,7 @@ module Dependabot
18
22
  ]
19
23
  end
20
24
 
25
+ sig { override.returns(T::Array[Dependabot::DependencyFile]) }
21
26
  def updated_dependency_files
22
27
  updated_files = []
23
28
 
@@ -30,7 +35,7 @@ module Dependabot
30
35
 
31
36
  if lockfile
32
37
  updated_files <<
33
- updated_file(file: lockfile, content: updated_lockfile_content)
38
+ updated_file(file: T.must(lockfile), content: updated_lockfile_content)
34
39
  end
35
40
 
36
41
  updated_files
@@ -38,10 +43,12 @@ module Dependabot
38
43
 
39
44
  private
40
45
 
46
+ sig { override.void }
41
47
  def check_required_files
42
48
  raise "No mix.exs!" unless get_original_file("mix.exs")
43
49
  end
44
50
 
51
+ sig { params(file: Dependabot::DependencyFile).returns(String) }
45
52
  def updated_mixfile_content(file)
46
53
  MixfileUpdater.new(
47
54
  dependencies: dependencies,
@@ -49,21 +56,24 @@ module Dependabot
49
56
  ).updated_mixfile_content
50
57
  end
51
58
 
59
+ sig { returns(String) }
52
60
  def updated_lockfile_content
53
- @updated_lockfile_content ||=
54
- LockfileUpdater.new(
55
- dependencies: dependencies,
56
- dependency_files: dependency_files,
57
- credentials: credentials
58
- ).updated_lockfile_content
61
+ @updated_lockfile_content ||= T.let(nil, T.nilable(String))
62
+ LockfileUpdater.new(
63
+ dependencies: dependencies,
64
+ dependency_files: dependency_files,
65
+ credentials: credentials
66
+ ).updated_lockfile_content
59
67
  end
60
68
 
69
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
61
70
  def mixfiles
62
71
  dependency_files.select { |f| f.name.end_with?("mix.exs") }
63
72
  end
64
73
 
74
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
65
75
  def lockfile
66
- @lockfile ||= get_original_file("mix.lock")
76
+ @lockfile ||= T.let(get_original_file("mix.lock"), T.nilable(Dependabot::DependencyFile))
67
77
  end
68
78
  end
69
79
  end
data/lib/dependabot/hex/metadata_finder.rb CHANGED
@@ -1,23 +1,27 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
5
5
  require "dependabot/metadata_finders"
6
6
  require "dependabot/metadata_finders/base"
7
7
  require "dependabot/registry_client"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Hex
11
12
  class MetadataFinder < Dependabot::MetadataFinders::Base
12
- SOURCE_KEYS = %w(
13
+ extend T::Sig
14
+
15
+ SOURCE_KEYS = T.let(%w(
13
16
  GitHub Github github
14
17
  GitLab Gitlab gitlab
15
18
  BitBucket Bitbucket bitbucket
16
19
  Source source
17
- ).freeze
20
+ ).freeze, T::Array[String])
18
21
 
19
22
  private
20
23
 
24
+ sig { override.returns(T.nilable(Dependabot::Source)) }
21
25
  def look_up_source
22
26
  case new_source_type
23
27
  when "default" then find_source_from_hex_listing
@@ -26,19 +30,22 @@ module Dependabot
26
30
  end
27
31
  end
28
32
 
33
+ sig { returns(T.nilable(String)) }
29
34
  def new_source_type
30
35
  dependency.source_type
31
36
  end
32
37
 
38
+ sig { returns(T.nilable(Dependabot::Source)) }
33
39
  def find_source_from_hex_listing
34
40
  potential_source_urls =
35
41
  SOURCE_KEYS
36
- .filter_map { |key| hex_listing.dig("meta", "links", key) }
42
+ .filter_map { |key| T.must(hex_listing).dig("meta", "links", key) }
37
43
 
38
44
  source_url = potential_source_urls.find { |url| Source.from_url(url) }
39
45
  Source.from_url(source_url)
40
46
  end
41
47
 
48
+ sig { returns(T.nilable(Dependabot::Source)) }
42
49
  def find_source_from_git_url
43
50
  info = dependency.requirements.filter_map { |r| r[:source] }.first
44
51
 
@@ -46,11 +53,12 @@ module Dependabot
46
53
  Source.from_url(url)
47
54
  end
48
55
 
56
+ sig { returns(T.nilable(T::Hash[String, T.untyped])) }
49
57
  def hex_listing
50
58
  return @hex_listing unless @hex_listing.nil?
51
59
 
52
60
  response = Dependabot::RegistryClient.get(url: "https://hex.pm/api/packages/#{dependency.name}")
53
- @hex_listing = JSON.parse(response.body)
61
+ @hex_listing = T.let(JSON.parse(response.body), T.nilable(T::Hash[String, T.untyped]))
54
62
  end
55
63
  end
56
64
  end
data/lib/dependabot/hex/native_helpers.rb CHANGED
@@ -1,9 +1,14 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Hex
6
8
  module NativeHelpers
9
+ extend T::Sig
10
+
11
+ sig { returns(String) }
7
12
  def self.hex_helpers_dir
8
13
  helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
9
14
  return File.join(helpers_root, "hex") unless helpers_root.nil?
@@ -11,6 +16,7 @@ module Dependabot
11
16
  File.join(__dir__, "../../../../hex/helpers")
12
17
  end
13
18
 
19
+ sig { params(path: String).returns(String) }
14
20
  def self.clean_path(path)
15
21
  Pathname.new(path).cleanpath.to_path
16
22
  end
data/lib/dependabot/hex/update_checker/file_preparer.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/dependency_file"
5
7
  require "dependabot/hex/update_checker"
6
8
  require "dependabot/hex/file_updater/mixfile_requirement_updater"
@@ -14,6 +16,8 @@ module Dependabot
14
16
  # This class takes a set of dependency files and sanitizes them for use
15
17
  # in UpdateCheckers::Elixir::Hex.
16
18
  class FilePreparer
19
+ extend T::Sig
20
+
17
21
  def initialize(dependency_files:, dependency:,
18
22
  unlock_requirement: true,
19
23
  replacement_git_pin: nil,
@@ -179,7 +183,7 @@ module Dependabot
179
183
  end
180
184
 
181
185
  def version_regex
182
- version_class::VERSION_PATTERN
186
+ Dependabot::Hex::Version::VERSION_PATTERN
183
187
  end
184
188
 
185
189
  def dependency_appears_in_file?(file_name)
data/lib/dependabot/hex/version.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/version"
5
7
  require "dependabot/utils"
6
8
 
@@ -11,6 +13,8 @@ require "dependabot/utils"
11
13
  module Dependabot
12
14
  module Hex
13
15
  class Version < Dependabot::Version
16
+ extend T::Sig
17
+
14
18
  attr_reader :build_info
15
19
 
16
20
  VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
@@ -40,7 +44,7 @@ module Dependabot
40
44
 
41
45
  def <=>(other)
42
46
  version_comparison = super(other)
43
- return version_comparison unless version_comparison.zero?
47
+ return version_comparison unless version_comparison&.zero?
44
48
 
45
49
  return build_info.nil? ? 0 : 1 unless other.is_a?(Hex::Version)
46
50
 
@@ -54,7 +58,7 @@ module Dependabot
54
58
 
55
59
  local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
56
60
 
57
- return local_comparison unless local_comparison.zero?
61
+ return local_comparison unless local_comparison&.zero?
58
62
 
59
63
  lhsegments.count <=> rhsegments.count
60
64
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ licenses:
272
272
  - MIT
273
273
  metadata:
274
274
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
275
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
275
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
276
276
  post_install_message:
277
277
  rdoc_options: []
278
278
  require_paths: