dependabot-hex 0.293.0 → 0.294.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/build +0 -2
  3. data/helpers/lib/check_update.exs +23 -16
  4. data/helpers/lib/do_update.exs +14 -20
  5. data/helpers/lib/parse_deps.exs +9 -5
  6. data/helpers/lib/run.exs +6 -13
  7. data/helpers/mix.exs +8 -12
  8. data/lib/dependabot/hex/file_parser.rb +0 -2
  9. data/lib/dependabot/hex/file_updater/lockfile_updater.rb +0 -2
  10. data/lib/dependabot/hex/update_checker/version_resolver.rb +0 -2
  11. metadata +5 -6
  12. data/helpers/mix.lock +0 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f96fbbcd594e46f4707887586efc59ae081e18152fdc924b44b6718aea1b79d
4
- data.tar.gz: 403c8e4a903e538aa9fece23bec3ba232311698e9d729be8d226ceb88d283c36
3
+ metadata.gz: c1e408c3a5aa471b3f7f5412c4cd336a215415e8cea34aca76eb1c3d12f61c41
4
+ data.tar.gz: b31cb3def54f4c3527f3ae4f3ab194805f49a0878d7d58e2f56ec50d193d7a4d
5
5
  SHA512:
6
- metadata.gz: 444b471a4fa4074c228af3dd6339a5923eeda50efb6f41394973261a8bd47d962c6f5e81fe8ecf1953b85015353f09cf27ddf878bb23c1e421be9b62c9700ab6
7
- data.tar.gz: 80a8b0c3be399604ce24c82682adf3f7ac16aecd3bd3ded242fb33f5b2d3a6cd192b09a48529147085fe8111a83ae418e26109295758f67a48af74a785869318
6
+ metadata.gz: 206240e07df406a494142b6c81913987212fe386cca5b281b4308bd6916dc606d9952323ab5e93bab502fdc5aa55677211302149d41dde0fae48cc89602e24a7
7
+ data.tar.gz: 90d8e47c2456337e7b08abcfd1e3f086cc5f0da4036b01a04ef4a97ec3030c4ed39bed27713f401ba8062277623f3008090d626a0a8fddd77ecc798da033d132
data/helpers/build CHANGED
@@ -26,7 +26,5 @@ esac
26
26
 
27
27
  cp $CP_OPTS "$helpers_dir/lib" "$install_dir"
28
28
  cp $CP_OPTS "$helpers_dir/mix.exs" "$install_dir"
29
- cp $CP_OPTS "$helpers_dir/mix.lock" "$install_dir"
30
29
 
31
30
  cd "$install_dir"
32
- mix deps.get
data/helpers/lib/check_update.exs CHANGED
@@ -1,5 +1,8 @@
1
1
  defmodule UpdateChecker do
2
2
  def run(dependency_name) do
3
+ # This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
4
+ Mix.ensure_application!(:hex)
5
+
3
6
  # Update the lockfile in a session that we can time out
4
7
  task = Task.async(fn -> do_resolution(dependency_name) end)
5
8
 
@@ -45,24 +48,28 @@ end
45
48
 
46
49
  [dependency_name] = System.argv()
47
50
 
48
- case UpdateChecker.run(dependency_name) do
49
- {:ok, version} ->
50
- version = :erlang.term_to_binary({:ok, version})
51
- IO.write(:stdio, version)
51
+ result =
52
+ case UpdateChecker.run(dependency_name) do
53
+ {:ok, version} ->
54
+ {:ok, version}
55
+
56
+ {:error, %Version.InvalidRequirementError{} = error} ->
57
+ {:error, "Invalid requirement: #{error.requirement}"}
52
58
 
53
- {:error, %Version.InvalidRequirementError{} = error} ->
54
- result = :erlang.term_to_binary({:error, "Invalid requirement: #{error.requirement}"})
55
- IO.write(:stdio, result)
59
+ {:error, %Mix.Error{} = error} ->
60
+ {:error, "Dependency resolution failed: #{error.message}"}
56
61
 
57
- {:error, %Mix.Error{} = error} ->
58
- result = :erlang.term_to_binary({:error, "Dependency resolution failed: #{error.message}"})
59
- IO.write(:stdio, result)
62
+ {:error, :dependency_resolution_timed_out} ->
63
+ # We do nothing here because Hex is already printing out a message in stdout
64
+ nil
60
65
 
61
- {:error, :dependency_resolution_timed_out} ->
62
- # We do nothing here because Hex is already printing out a message in stdout
63
- nil
66
+ {:error, error} ->
67
+ {:error, "Unknown error in check_update: #{inspect(error)}"}
68
+ end
64
69
 
65
- {:error, error} ->
66
- result = :erlang.term_to_binary({:error, "Unknown error in check_update: #{inspect(error)}"})
67
- IO.write(:stdio, result)
70
+ if not is_nil(result) do
71
+ result
72
+ |> :erlang.term_to_binary()
73
+ |> Base.encode64()
74
+ |> IO.write()
68
75
  end
data/helpers/lib/do_update.exs CHANGED
@@ -1,3 +1,6 @@
1
+ # This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
2
+ Mix.ensure_application!(:hex)
3
+
1
4
  dependency =
2
5
  System.argv()
3
6
  |> List.first()
@@ -7,25 +10,16 @@ dependency =
7
10
  {dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
8
11
  Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, [])
9
12
 
10
- System.cmd(
11
- "mix",
12
- [
13
- "deps.get",
14
- "--no-compile",
15
- "--no-elixir-version-check",
16
- ],
17
- [
18
- env: %{
19
- "MIX_EXS" => nil,
20
- "MIX_LOCK" => nil,
21
- "MIX_DEPS" => nil
22
- }
23
- ]
24
- )
13
+ args = [
14
+ "deps.get",
15
+ "--no-compile",
16
+ "--no-elixir-version-check",
17
+ ]
25
18
 
26
- lockfile_content =
27
- "mix.lock"
28
- |> File.read()
29
- |> :erlang.term_to_binary()
19
+ System.cmd("mix", args, [env: %{"MIX_EXS" => nil}])
30
20
 
31
- IO.write(:stdio, lockfile_content)
21
+ "mix.lock"
22
+ |> File.read()
23
+ |> :erlang.term_to_binary()
24
+ |> Base.encode64()
25
+ |> IO.write()
data/helpers/lib/parse_deps.exs CHANGED
@@ -1,6 +1,9 @@
1
1
  defmodule Parser do
2
2
  def run do
3
- Mix.Dep.load_on_environment([])
3
+ # This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
4
+ Mix.ensure_application!(:hex)
5
+
6
+ Mix.Dep.Converger.converge()
4
7
  |> Enum.flat_map(&parse_dep/1)
5
8
  |> Enum.map(&build_dependency(&1.opts[:lock], &1))
6
9
  end
@@ -82,7 +85,7 @@ defmodule Parser do
82
85
  |> empty_str_to_nil()
83
86
  end
84
87
 
85
- defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
88
+ defp maybe_regex_to_str(s), do: if(Regex.regex?(s), do: Regex.source(s), else: s)
86
89
  defp empty_str_to_nil(""), do: nil
87
90
  defp empty_str_to_nil(s), do: s
88
91
 
@@ -99,6 +102,7 @@ defmodule Parser do
99
102
  end
100
103
  end
101
104
 
102
- dependencies = :erlang.term_to_binary({:ok, Parser.run()})
103
-
104
- IO.write(:stdio, dependencies)
105
+ {:ok, Parser.run()}
106
+ |> :erlang.term_to_binary()
107
+ |> Base.encode64()
108
+ |> IO.write()
data/helpers/lib/run.exs CHANGED
@@ -1,10 +1,11 @@
1
1
  defmodule DependencyHelper do
2
2
  def main() do
3
- IO.read(:stdio, :all)
4
- |> Jason.decode!()
3
+ IO.read(:stdio, :eof)
4
+ |> JSON.decode!()
5
5
  |> run()
6
6
  |> case do
7
7
  {output, 0} ->
8
+ output = Base.decode64!(output)
8
9
  if output =~ "No authenticated organization found" do
9
10
  {:error, output}
10
11
  else
@@ -12,6 +13,7 @@ defmodule DependencyHelper do
12
13
  end
13
14
 
14
15
  {error, 1} ->
16
+ Base.decode64!(error)
15
17
  {:error, error}
16
18
  end
17
19
  |> handle_result()
@@ -33,7 +35,7 @@ defmodule DependencyHelper do
33
35
 
34
36
  defp encode_and_write(content) do
35
37
  content
36
- |> Jason.encode!()
38
+ |> JSON.encode!()
37
39
  |> IO.write()
38
40
  end
39
41
 
@@ -67,16 +69,7 @@ defmodule DependencyHelper do
67
69
  script
68
70
  ] ++ args
69
71
 
70
- System.cmd(
71
- "mix",
72
- args,
73
- cd: dir,
74
- env: %{
75
- "MIX_EXS" => nil,
76
- "MIX_LOCK" => nil,
77
- "MIX_DEPS" => nil
78
- }
79
- )
72
+ System.cmd("mix", args, cd: dir, env: %{"MIX_EXS" => nil})
80
73
  end
81
74
 
82
75
  defp set_credentials([]), do: :ok
data/helpers/mix.exs CHANGED
@@ -2,20 +2,16 @@ defmodule DependabotCore.Mixfile do
2
2
  use Mix.Project
3
3
 
4
4
  def project do
5
- [app: :dependabot_core,
6
- version: "0.1.0",
7
- elixir: "~> 1.5",
8
- start_permanent: Mix.env == :prod,
9
- lockfile: System.get_env("MIX_LOCK") || "mix.lock",
10
- deps_path: System.get_env("MIX_DEPS") || "deps",
11
- deps: deps()]
5
+ [
6
+ app: :dependabot_core,
7
+ version: "0.1.0",
8
+ elixir: "~> 1.18",
9
+ start_permanent: Mix.env == :prod,
10
+ deps: []
11
+ ]
12
12
  end
13
13
 
14
14
  def application do
15
- [extra_applications: [:logger]]
16
- end
17
-
18
- defp deps() do
19
- [{:jason, "~> 1.0"}]
15
+ [extra_applications: [:hex, :logger, :ssh]]
20
16
  end
21
17
  end
data/lib/dependabot/hex/file_parser.rb CHANGED
@@ -117,8 +117,6 @@ module Dependabot
117
117
  def mix_env
118
118
  {
119
119
  "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
120
- "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
121
- "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
122
120
  "MIX_QUIET" => "1"
123
121
  }
124
122
  end
data/lib/dependabot/hex/file_updater/lockfile_updater.rb CHANGED
@@ -114,8 +114,6 @@ module Dependabot
114
114
  def mix_env
115
115
  {
116
116
  "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
117
- "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
118
- "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
119
117
  "MIX_QUIET" => "1"
120
118
  }
121
119
  end
data/lib/dependabot/hex/update_checker/version_resolver.rb CHANGED
@@ -167,8 +167,6 @@ module Dependabot
167
167
  def mix_env
168
168
  {
169
169
  "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
170
- "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
171
- "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
172
170
  "MIX_QUIET" => "1"
173
171
  }
174
172
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.293.0
4
+ version: 0.294.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2025-01-16 00:00:00.000000000 Z
11
+ date: 2025-01-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.293.0
19
+ version: 0.294.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.293.0
26
+ version: 0.294.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -248,7 +248,6 @@ files:
248
248
  - helpers/lib/parse_deps.exs
249
249
  - helpers/lib/run.exs
250
250
  - helpers/mix.exs
251
- - helpers/mix.lock
252
251
  - lib/dependabot/hex.rb
253
252
  - lib/dependabot/hex/credential_helpers.rb
254
253
  - lib/dependabot/hex/file_fetcher.rb
@@ -274,7 +273,7 @@ licenses:
274
273
  - MIT
275
274
  metadata:
276
275
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
277
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
276
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.294.0
278
277
  post_install_message:
279
278
  rdoc_options: []
280
279
  require_paths:
data/helpers/mix.lock DELETED
@@ -1,3 +0,0 @@
1
- %{
2
- "jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
3
- }