dependabot-hex 0.293.0 → 0.295.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/build +0 -2
- data/helpers/lib/check_update.exs +23 -16
- data/helpers/lib/do_update.exs +14 -20
- data/helpers/lib/parse_deps.exs +29 -12
- data/helpers/lib/run.exs +6 -13
- data/helpers/mix.exs +8 -12
- data/lib/dependabot/hex/file_parser.rb +0 -2
- data/lib/dependabot/hex/file_updater/lockfile_updater.rb +0 -2
- data/lib/dependabot/hex/update_checker/version_resolver.rb +0 -2
- metadata +5 -6
- data/helpers/mix.lock +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8609a364f6676b8c6c27de9c8bce1b4d443220cce69a803fd0fb693e9ee2b2ac
|
|
4
|
+
data.tar.gz: 8c7ca23ead09dac3b36641bd646537a6f5bbf211b69b7f6daa51afb3db8d0392
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f99d4ed707fd463b1a6ce67946c9904943d63f7bceb2862284c992c65d23032f909784058c5b7e490993450d20fd6349ccbfdd0bda51c933c6801a0061b27e3e
|
|
7
|
+
data.tar.gz: 7d8482e5d9826404a775193c24ef4a10f7a939c5fc43990e587aceb9390b58aea388c73fa6fa9a899786c01b1f15733f5c7ab009b0770705d7cb6bc44fca8746
|
data/helpers/build
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
defmodule UpdateChecker do
|
|
2
2
|
def run(dependency_name) do
|
|
3
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
4
|
+
Mix.ensure_application!(:hex)
|
|
5
|
+
|
|
3
6
|
# Update the lockfile in a session that we can time out
|
|
4
7
|
task = Task.async(fn -> do_resolution(dependency_name) end)
|
|
5
8
|
|
|
@@ -45,24 +48,28 @@ end
|
|
|
45
48
|
|
|
46
49
|
[dependency_name] = System.argv()
|
|
47
50
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
51
|
+
result =
|
|
52
|
+
case UpdateChecker.run(dependency_name) do
|
|
53
|
+
{:ok, version} ->
|
|
54
|
+
{:ok, version}
|
|
55
|
+
|
|
56
|
+
{:error, %Version.InvalidRequirementError{} = error} ->
|
|
57
|
+
{:error, "Invalid requirement: #{error.requirement}"}
|
|
52
58
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
IO.write(:stdio, result)
|
|
59
|
+
{:error, %Mix.Error{} = error} ->
|
|
60
|
+
{:error, "Dependency resolution failed: #{error.message}"}
|
|
56
61
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
62
|
+
{:error, :dependency_resolution_timed_out} ->
|
|
63
|
+
# We do nothing here because Hex is already printing out a message in stdout
|
|
64
|
+
nil
|
|
60
65
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
66
|
+
{:error, error} ->
|
|
67
|
+
{:error, "Unknown error in check_update: #{inspect(error)}"}
|
|
68
|
+
end
|
|
64
69
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
70
|
+
if not is_nil(result) do
|
|
71
|
+
result
|
|
72
|
+
|> :erlang.term_to_binary()
|
|
73
|
+
|> Base.encode64()
|
|
74
|
+
|> IO.write()
|
|
68
75
|
end
|
data/helpers/lib/do_update.exs
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
2
|
+
Mix.ensure_application!(:hex)
|
|
3
|
+
|
|
1
4
|
dependency =
|
|
2
5
|
System.argv()
|
|
3
6
|
|> List.first()
|
|
@@ -7,25 +10,16 @@ dependency =
|
|
|
7
10
|
{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
|
|
8
11
|
Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, [])
|
|
9
12
|
|
|
10
|
-
|
|
11
|
-
"
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
"--no-elixir-version-check",
|
|
16
|
-
],
|
|
17
|
-
[
|
|
18
|
-
env: %{
|
|
19
|
-
"MIX_EXS" => nil,
|
|
20
|
-
"MIX_LOCK" => nil,
|
|
21
|
-
"MIX_DEPS" => nil
|
|
22
|
-
}
|
|
23
|
-
]
|
|
24
|
-
)
|
|
13
|
+
args = [
|
|
14
|
+
"deps.get",
|
|
15
|
+
"--no-compile",
|
|
16
|
+
"--no-elixir-version-check",
|
|
17
|
+
]
|
|
25
18
|
|
|
26
|
-
|
|
27
|
-
"mix.lock"
|
|
28
|
-
|> File.read()
|
|
29
|
-
|> :erlang.term_to_binary()
|
|
19
|
+
System.cmd("mix", args, [env: %{"MIX_EXS" => nil}])
|
|
30
20
|
|
|
31
|
-
|
|
21
|
+
"mix.lock"
|
|
22
|
+
|> File.read()
|
|
23
|
+
|> :erlang.term_to_binary()
|
|
24
|
+
|> Base.encode64()
|
|
25
|
+
|> IO.write()
|
data/helpers/lib/parse_deps.exs
CHANGED
|
@@ -1,8 +1,25 @@
|
|
|
1
1
|
defmodule Parser do
|
|
2
|
+
@allowed_scms [Hex.SCM, Mix.SCM.Git, Mix.SCM.Path]
|
|
3
|
+
|
|
2
4
|
def run do
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
5
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
6
|
+
Mix.ensure_application!(:hex)
|
|
7
|
+
|
|
8
|
+
with {:ok, deps} <- converge_deps() do
|
|
9
|
+
result =
|
|
10
|
+
for %Mix.Dep{scm: scm} = dep <- deps, scm in @allowed_scms,
|
|
11
|
+
expanded_dep <- expand_deps(dep) do
|
|
12
|
+
build_dependency(expanded_dep.opts[:lock], expanded_dep)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
{:ok, result}
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
defp converge_deps do
|
|
20
|
+
{:ok, Mix.Dep.Converger.converge()}
|
|
21
|
+
rescue e ->
|
|
22
|
+
{:error, Exception.format_banner(:error, e, __STACKTRACE__)}
|
|
6
23
|
end
|
|
7
24
|
|
|
8
25
|
defp build_dependency(nil, dep) do
|
|
@@ -36,7 +53,7 @@ defmodule Parser do
|
|
|
36
53
|
defp parse_groups(only), do: [only]
|
|
37
54
|
|
|
38
55
|
# path dependency
|
|
39
|
-
defp
|
|
56
|
+
defp expand_deps(%{scm: Mix.SCM.Path, opts: opts} = dep) do
|
|
40
57
|
cond do
|
|
41
58
|
# umbrella dependency - ignore
|
|
42
59
|
opts[:in_umbrella] ->
|
|
@@ -52,10 +69,7 @@ defmodule Parser do
|
|
|
52
69
|
end
|
|
53
70
|
|
|
54
71
|
# hex, git dependency
|
|
55
|
-
defp
|
|
56
|
-
|
|
57
|
-
# unsupported
|
|
58
|
-
defp parse_dep(_dep), do: []
|
|
72
|
+
defp expand_deps(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
|
|
59
73
|
|
|
60
74
|
defp umbrella_top_level_dep?(dep) do
|
|
61
75
|
if Mix.Project.umbrella?() do
|
|
@@ -82,7 +96,9 @@ defmodule Parser do
|
|
|
82
96
|
|> empty_str_to_nil()
|
|
83
97
|
end
|
|
84
98
|
|
|
85
|
-
defp maybe_regex_to_str(
|
|
99
|
+
defp maybe_regex_to_str(%Regex{} = s), do: Regex.source(s)
|
|
100
|
+
defp maybe_regex_to_str(s), do: s
|
|
101
|
+
|
|
86
102
|
defp empty_str_to_nil(""), do: nil
|
|
87
103
|
defp empty_str_to_nil(s), do: s
|
|
88
104
|
|
|
@@ -99,6 +115,7 @@ defmodule Parser do
|
|
|
99
115
|
end
|
|
100
116
|
end
|
|
101
117
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
118
|
+
Parser.run()
|
|
119
|
+
|> :erlang.term_to_binary()
|
|
120
|
+
|> Base.encode64()
|
|
121
|
+
|> IO.write()
|
data/helpers/lib/run.exs
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
defmodule DependencyHelper do
|
|
2
2
|
def main() do
|
|
3
|
-
IO.read(:stdio, :
|
|
4
|
-
|>
|
|
3
|
+
IO.read(:stdio, :eof)
|
|
4
|
+
|> JSON.decode!()
|
|
5
5
|
|> run()
|
|
6
6
|
|> case do
|
|
7
7
|
{output, 0} ->
|
|
8
|
+
output = Base.decode64!(output)
|
|
8
9
|
if output =~ "No authenticated organization found" do
|
|
9
10
|
{:error, output}
|
|
10
11
|
else
|
|
@@ -12,6 +13,7 @@ defmodule DependencyHelper do
|
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
{error, 1} ->
|
|
16
|
+
Base.decode64!(error)
|
|
15
17
|
{:error, error}
|
|
16
18
|
end
|
|
17
19
|
|> handle_result()
|
|
@@ -33,7 +35,7 @@ defmodule DependencyHelper do
|
|
|
33
35
|
|
|
34
36
|
defp encode_and_write(content) do
|
|
35
37
|
content
|
|
36
|
-
|>
|
|
38
|
+
|> JSON.encode!()
|
|
37
39
|
|> IO.write()
|
|
38
40
|
end
|
|
39
41
|
|
|
@@ -67,16 +69,7 @@ defmodule DependencyHelper do
|
|
|
67
69
|
script
|
|
68
70
|
] ++ args
|
|
69
71
|
|
|
70
|
-
System.cmd(
|
|
71
|
-
"mix",
|
|
72
|
-
args,
|
|
73
|
-
cd: dir,
|
|
74
|
-
env: %{
|
|
75
|
-
"MIX_EXS" => nil,
|
|
76
|
-
"MIX_LOCK" => nil,
|
|
77
|
-
"MIX_DEPS" => nil
|
|
78
|
-
}
|
|
79
|
-
)
|
|
72
|
+
System.cmd("mix", args, cd: dir, env: %{"MIX_EXS" => nil})
|
|
80
73
|
end
|
|
81
74
|
|
|
82
75
|
defp set_credentials([]), do: :ok
|
data/helpers/mix.exs
CHANGED
|
@@ -2,20 +2,16 @@ defmodule DependabotCore.Mixfile do
|
|
|
2
2
|
use Mix.Project
|
|
3
3
|
|
|
4
4
|
def project do
|
|
5
|
-
[
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
5
|
+
[
|
|
6
|
+
app: :dependabot_core,
|
|
7
|
+
version: "0.1.0",
|
|
8
|
+
elixir: "~> 1.18",
|
|
9
|
+
start_permanent: Mix.env == :prod,
|
|
10
|
+
deps: []
|
|
11
|
+
]
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def application do
|
|
15
|
-
[extra_applications: [:logger]]
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
defp deps() do
|
|
19
|
-
[{:jason, "~> 1.0"}]
|
|
15
|
+
[extra_applications: [:hex, :logger, :ssh]]
|
|
20
16
|
end
|
|
21
17
|
end
|
|
@@ -117,8 +117,6 @@ module Dependabot
|
|
|
117
117
|
def mix_env
|
|
118
118
|
{
|
|
119
119
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
120
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
121
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
122
120
|
"MIX_QUIET" => "1"
|
|
123
121
|
}
|
|
124
122
|
end
|
|
@@ -114,8 +114,6 @@ module Dependabot
|
|
|
114
114
|
def mix_env
|
|
115
115
|
{
|
|
116
116
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
117
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
118
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
119
117
|
"MIX_QUIET" => "1"
|
|
120
118
|
}
|
|
121
119
|
end
|
|
@@ -167,8 +167,6 @@ module Dependabot
|
|
|
167
167
|
def mix_env
|
|
168
168
|
{
|
|
169
169
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
170
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
171
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
172
170
|
"MIX_QUIET" => "1"
|
|
173
171
|
}
|
|
174
172
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-hex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.295.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.295.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.295.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -248,7 +248,6 @@ files:
|
|
|
248
248
|
- helpers/lib/parse_deps.exs
|
|
249
249
|
- helpers/lib/run.exs
|
|
250
250
|
- helpers/mix.exs
|
|
251
|
-
- helpers/mix.lock
|
|
252
251
|
- lib/dependabot/hex.rb
|
|
253
252
|
- lib/dependabot/hex/credential_helpers.rb
|
|
254
253
|
- lib/dependabot/hex/file_fetcher.rb
|
|
@@ -274,7 +273,7 @@ licenses:
|
|
|
274
273
|
- MIT
|
|
275
274
|
metadata:
|
|
276
275
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
276
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
|
|
278
277
|
post_install_message:
|
|
279
278
|
rdoc_options: []
|
|
280
279
|
require_paths:
|
data/helpers/mix.lock
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
%{
|
|
2
|
-
"jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
|
|
3
|
-
}
|