dependabot-hex 0.261.0 → 0.262.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/hex/credential_helpers.rb +8 -2
  3. data/lib/dependabot/hex/file_parser.rb +19 -5
  4. data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb +17 -12
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b7a1982afe65fa3a20dc24e88e76ccb71e14504f542e53871d8cbb043ddc69db
4
- data.tar.gz: 649fe3b1df9d36d3bf06afc7a0b21013ac57d72be6724b2b6428c8ebd50d3cbb
3
+ metadata.gz: 2c7b10874d65b3bd0e8b7cc88ba4a2febed59db868e6e55fec137eb1b14ecd16
4
+ data.tar.gz: f3111b9e7068dfa42498c3fbc0ee8a8a71dfa8b5c3f0298d9dbf90c1d8c16b63
5
5
  SHA512:
6
- metadata.gz: 4ac067d549efcb29b1264fc56191592c5b19a2527973cb534143d24a71c1edc313c116360ebca81e1b95cd03c6838c044298dfb1c15a54d7fd1b9e4400855023
7
- data.tar.gz: daae200036c3f100ae25c08bbe1989df254bab20c37a3e6db8257fce4dc9e23a71163b7cc0ffbf4bfb932289bfe13e12ddd67c5af4d0025b722c1325e8a031a8
6
+ metadata.gz: 98412810e4e250bbf74f78e9802d9c1562f68341b9aeb542d1c492a997255ec04c1da47e801e928c463e98ea7c165e787285c954bc12d30d55df3f27a1f42584
7
+ data.tar.gz: e3af2ecbfd1e171def22e8d3164dd2a54b682db124709e7d2377e212c579b7f02a69f3f77d22170144fdbc51e8298eb3851de68e66877a2282db54d3306ffd45
data/lib/dependabot/hex/credential_helpers.rb CHANGED
@@ -1,13 +1,19 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Hex
6
8
  module CredentialHelpers
9
+ extend T::Sig
10
+
11
+ sig { params(credentials: T::Array[Dependabot::Credential]).returns(T::Array[Dependabot::Credential]) }
7
12
  def self.hex_credentials(credentials)
8
13
  organization_credentials(credentials) + repo_credentials(credentials)
9
14
  end
10
15
 
16
+ sig { params(credentials: T.untyped).returns(T::Array[Dependabot::Credential]) }
11
17
  def self.organization_credentials(credentials)
12
18
  defaults = Dependabot::Credential.new({ "organization" => "", "token" => "" })
13
19
  keys = %w(type organization token)
@@ -16,7 +22,7 @@ module Dependabot
16
22
  .select { |cred| cred["type"] == "hex_organization" }
17
23
  .flat_map { |cred| defaults.merge(cred).slice(*keys).values }
18
24
  end
19
-
25
+ sig { params(credentials: T::Array[Dependabot::Credential]).returns(T::Array[Dependabot::Credential]) }
20
26
  def self.repo_credentials(credentials)
21
27
  # Credentials are serialized as an array that may not have optional fields. Using a
22
28
  # default ensures that the array is always the same length, even if values are empty.
data/lib/dependabot/hex/file_parser.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "dependabot/dependency"
5
6
  require "dependabot/file_parsers"
6
7
  require "dependabot/file_parsers/base"
@@ -13,8 +14,10 @@ require "dependabot/errors"
13
14
  module Dependabot
14
15
  module Hex
15
16
  class FileParser < Dependabot::FileParsers::Base
17
+ extend T::Sig
16
18
  require "dependabot/file_parsers/base/dependency_set"
17
19
 
20
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
18
21
  def parse
19
22
  # TODO: git sourced dependency's mixfiles are evaluated. Provide guards before removing this.
20
23
  raise ::Dependabot::UnexpectedExternalCode if @reject_external_code
@@ -43,11 +46,12 @@ module Dependabot
43
46
 
44
47
  private
45
48
 
49
+ sig { returns(T::Array[T.any(T::Hash[String, String], T::Hash[String, T.untyped])]) }
46
50
  def dependency_details
47
51
  SharedHelpers.in_a_temporary_directory do
48
52
  write_sanitized_mixfiles
49
53
  write_sanitized_supporting_files
50
- File.write("mix.lock", lockfile.content) if lockfile
54
+ File.write("mix.lock", lockfile&.content) if lockfile
51
55
  FileUtils.cp(elixir_helper_parse_deps_path, "parse_deps.exs")
52
56
 
53
57
  SharedHelpers.run_helper_subprocess(
@@ -69,28 +73,32 @@ module Dependabot
69
73
  JSON.parse(result_json).fetch("result")
70
74
  end
71
75
 
76
+ sig { void }
72
77
  def write_sanitized_mixfiles
73
78
  mixfiles.each do |file|
74
79
  path = file.name
75
80
  FileUtils.mkdir_p(Pathname.new(path).dirname)
76
- File.write(path, sanitize_mixfile(file.content))
81
+ File.write(path, sanitize_mixfile(T.must(file.content)))
77
82
  end
78
83
  end
79
84
 
85
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
80
86
  def write_sanitized_supporting_files
81
87
  dependency_files.select(&:support_file).each do |file|
82
88
  path = file.name
83
89
  FileUtils.mkdir_p(Pathname.new(path).dirname)
84
- File.write(path, sanitize_mixfile(file.content))
90
+ File.write(path, sanitize_mixfile(T.must(file.content)))
85
91
  end
86
92
  end
87
93
 
94
+ sig { params(content: String).returns(String) }
88
95
  def sanitize_mixfile(content)
89
96
  Hex::FileUpdater::MixfileSanitizer.new(
90
97
  mixfile_content: content
91
98
  ).sanitized_content
92
99
  end
93
100
 
101
+ sig { returns(T::Hash[String, String]) }
94
102
  def mix_env
95
103
  {
96
104
  "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
@@ -100,28 +108,34 @@ module Dependabot
100
108
  }
101
109
  end
102
110
 
111
+ sig { returns(String) }
103
112
  def elixir_helper_path
104
113
  File.join(NativeHelpers.hex_helpers_dir, "lib/run.exs")
105
114
  end
106
115
 
116
+ sig { returns(String) }
107
117
  def elixir_helper_parse_deps_path
108
118
  File.join(NativeHelpers.hex_helpers_dir, "lib/parse_deps.exs")
109
119
  end
110
120
 
121
+ sig { override.void }
111
122
  def check_required_files
112
123
  raise "No mixfile!" if mixfiles.none?
113
124
  end
114
125
 
126
+ sig { params(hash: T::Hash[String, String]).returns(T::Hash[Symbol, T.nilable(String)]) }
115
127
  def symbolize_keys(hash)
116
128
  hash.keys.to_h { |k| [k.to_sym, hash[k]] }
117
129
  end
118
130
 
131
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
119
132
  def mixfiles
120
133
  dependency_files.select { |f| f.name.end_with?("mix.exs") }
121
134
  end
122
135
 
136
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
123
137
  def lockfile
124
- @lockfile ||= get_original_file("mix.lock")
138
+ @lockfile ||= T.let(get_original_file("mix.lock"), T.nilable(Dependabot::DependencyFile))
125
139
  end
126
140
  end
127
141
  end
data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb CHANGED
@@ -1,20 +1,23 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/hex/file_updater"
5
5
  require "dependabot/shared_helpers"
6
+ require "sorbet-runtime"
6
7
 
7
8
  module Dependabot
8
9
  module Hex
9
10
  class FileUpdater
10
11
  class MixfileSanitizer
12
+ extend T::Sig
13
+ sig { params(mixfile_content: String).void }
11
14
  def initialize(mixfile_content:)
12
15
  @mixfile_content = mixfile_content
13
16
  end
14
17
 
15
18
  FILE_READ = /File.read\(.*?\)/
16
19
  FILE_READ_BANG = /File.read!\(.*?\)/
17
- PIPE = Regexp.escape("|>").freeze
20
+ PIPE = T.let(Regexp.escape("|>").freeze, String)
18
21
  VERSION_FILE = /"VERSION"/i
19
22
 
20
23
  NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/
@@ -22,18 +25,25 @@ module Dependabot
22
25
  PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/
23
26
  PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/
24
27
 
25
- # rubocop:disable Performance/MethodObjectAsBlock
28
+ sig { returns(String) }
26
29
  def sanitized_content
27
- mixfile_content
28
- .then(&method(:prevent_version_file_loading))
29
- .then(&method(:prevent_config_path_loading))
30
+ @mixfile_content
31
+ .then { |content| prevent_version_file_loading(content) }
32
+ .then { |content| prevent_config_path_loading(content) }
30
33
  end
31
- # rubocop:enable Performance/MethodObjectAsBlock
32
34
 
33
35
  private
34
36
 
37
+ sig { returns(String) }
35
38
  attr_reader :mixfile_content
36
39
 
40
+ sig { params(configuration: String).returns(String) }
41
+ def prevent_config_path_loading(configuration)
42
+ configuration
43
+ .gsub(/^\s*config_path:.*(?:,|$)/, "")
44
+ end
45
+
46
+ sig { params(configuration: String).returns(String) }
37
47
  def prevent_version_file_loading(configuration)
38
48
  configuration
39
49
  .gsub(NESTED_VERSION_FILE_READ_BANG, 'String.trim("0.0.1")')
@@ -41,11 +51,6 @@ module Dependabot
41
51
  .gsub(PIPED_VERSION_FILE_READ, '{:ok, "0.0.1"}')
42
52
  .gsub(PIPED_VERSION_FILE_READ_BANG, '"0.0.1"')
43
53
  end
44
-
45
- def prevent_config_path_loading(configuration)
46
- configuration
47
- .gsub(/^\s*config_path:.*(?:,|$)/, "")
48
- end
49
54
  end
50
55
  end
51
56
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.261.0
4
+ version: 0.262.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-13 00:00:00.000000000 Z
11
+ date: 2024-06-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.261.0
19
+ version: 0.262.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.261.0
26
+ version: 0.262.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ licenses:
272
272
  - MIT
273
273
  metadata:
274
274
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
275
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
275
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.262.0
276
276
  post_install_message:
277
277
  rdoc_options: []
278
278
  require_paths: