dependabot-hex 0.293.0 → 0.295.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/build +0 -2
- data/helpers/lib/check_update.exs +23 -16
- data/helpers/lib/do_update.exs +14 -20
- data/helpers/lib/parse_deps.exs +29 -12
- data/helpers/lib/run.exs +6 -13
- data/helpers/mix.exs +8 -12
- data/lib/dependabot/hex/file_parser.rb +0 -2
- data/lib/dependabot/hex/file_updater/lockfile_updater.rb +0 -2
- data/lib/dependabot/hex/update_checker/version_resolver.rb +0 -2
- metadata +5 -6
- data/helpers/mix.lock +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8609a364f6676b8c6c27de9c8bce1b4d443220cce69a803fd0fb693e9ee2b2ac
|
|
4
|
+
data.tar.gz: 8c7ca23ead09dac3b36641bd646537a6f5bbf211b69b7f6daa51afb3db8d0392
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f99d4ed707fd463b1a6ce67946c9904943d63f7bceb2862284c992c65d23032f909784058c5b7e490993450d20fd6349ccbfdd0bda51c933c6801a0061b27e3e
|
|
7
|
+
data.tar.gz: 7d8482e5d9826404a775193c24ef4a10f7a939c5fc43990e587aceb9390b58aea388c73fa6fa9a899786c01b1f15733f5c7ab009b0770705d7cb6bc44fca8746
|
data/helpers/build
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
defmodule UpdateChecker do
|
|
2
2
|
def run(dependency_name) do
|
|
3
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
4
|
+
Mix.ensure_application!(:hex)
|
|
5
|
+
|
|
3
6
|
# Update the lockfile in a session that we can time out
|
|
4
7
|
task = Task.async(fn -> do_resolution(dependency_name) end)
|
|
5
8
|
|
|
@@ -45,24 +48,28 @@ end
|
|
|
45
48
|
|
|
46
49
|
[dependency_name] = System.argv()
|
|
47
50
|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
51
|
+
result =
|
|
52
|
+
case UpdateChecker.run(dependency_name) do
|
|
53
|
+
{:ok, version} ->
|
|
54
|
+
{:ok, version}
|
|
55
|
+
|
|
56
|
+
{:error, %Version.InvalidRequirementError{} = error} ->
|
|
57
|
+
{:error, "Invalid requirement: #{error.requirement}"}
|
|
52
58
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
IO.write(:stdio, result)
|
|
59
|
+
{:error, %Mix.Error{} = error} ->
|
|
60
|
+
{:error, "Dependency resolution failed: #{error.message}"}
|
|
56
61
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
62
|
+
{:error, :dependency_resolution_timed_out} ->
|
|
63
|
+
# We do nothing here because Hex is already printing out a message in stdout
|
|
64
|
+
nil
|
|
60
65
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
66
|
+
{:error, error} ->
|
|
67
|
+
{:error, "Unknown error in check_update: #{inspect(error)}"}
|
|
68
|
+
end
|
|
64
69
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
70
|
+
if not is_nil(result) do
|
|
71
|
+
result
|
|
72
|
+
|> :erlang.term_to_binary()
|
|
73
|
+
|> Base.encode64()
|
|
74
|
+
|> IO.write()
|
|
68
75
|
end
|
data/helpers/lib/do_update.exs
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
2
|
+
Mix.ensure_application!(:hex)
|
|
3
|
+
|
|
1
4
|
dependency =
|
|
2
5
|
System.argv()
|
|
3
6
|
|> List.first()
|
|
@@ -7,25 +10,16 @@ dependency =
|
|
|
7
10
|
{dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
|
|
8
11
|
Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, [])
|
|
9
12
|
|
|
10
|
-
|
|
11
|
-
"
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
"--no-elixir-version-check",
|
|
16
|
-
],
|
|
17
|
-
[
|
|
18
|
-
env: %{
|
|
19
|
-
"MIX_EXS" => nil,
|
|
20
|
-
"MIX_LOCK" => nil,
|
|
21
|
-
"MIX_DEPS" => nil
|
|
22
|
-
}
|
|
23
|
-
]
|
|
24
|
-
)
|
|
13
|
+
args = [
|
|
14
|
+
"deps.get",
|
|
15
|
+
"--no-compile",
|
|
16
|
+
"--no-elixir-version-check",
|
|
17
|
+
]
|
|
25
18
|
|
|
26
|
-
|
|
27
|
-
"mix.lock"
|
|
28
|
-
|> File.read()
|
|
29
|
-
|> :erlang.term_to_binary()
|
|
19
|
+
System.cmd("mix", args, [env: %{"MIX_EXS" => nil}])
|
|
30
20
|
|
|
31
|
-
|
|
21
|
+
"mix.lock"
|
|
22
|
+
|> File.read()
|
|
23
|
+
|> :erlang.term_to_binary()
|
|
24
|
+
|> Base.encode64()
|
|
25
|
+
|> IO.write()
|
data/helpers/lib/parse_deps.exs
CHANGED
|
@@ -1,8 +1,25 @@
|
|
|
1
1
|
defmodule Parser do
|
|
2
|
+
@allowed_scms [Hex.SCM, Mix.SCM.Git, Mix.SCM.Path]
|
|
3
|
+
|
|
2
4
|
def run do
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
5
|
+
# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
|
|
6
|
+
Mix.ensure_application!(:hex)
|
|
7
|
+
|
|
8
|
+
with {:ok, deps} <- converge_deps() do
|
|
9
|
+
result =
|
|
10
|
+
for %Mix.Dep{scm: scm} = dep <- deps, scm in @allowed_scms,
|
|
11
|
+
expanded_dep <- expand_deps(dep) do
|
|
12
|
+
build_dependency(expanded_dep.opts[:lock], expanded_dep)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
{:ok, result}
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
defp converge_deps do
|
|
20
|
+
{:ok, Mix.Dep.Converger.converge()}
|
|
21
|
+
rescue e ->
|
|
22
|
+
{:error, Exception.format_banner(:error, e, __STACKTRACE__)}
|
|
6
23
|
end
|
|
7
24
|
|
|
8
25
|
defp build_dependency(nil, dep) do
|
|
@@ -36,7 +53,7 @@ defmodule Parser do
|
|
|
36
53
|
defp parse_groups(only), do: [only]
|
|
37
54
|
|
|
38
55
|
# path dependency
|
|
39
|
-
defp
|
|
56
|
+
defp expand_deps(%{scm: Mix.SCM.Path, opts: opts} = dep) do
|
|
40
57
|
cond do
|
|
41
58
|
# umbrella dependency - ignore
|
|
42
59
|
opts[:in_umbrella] ->
|
|
@@ -52,10 +69,7 @@ defmodule Parser do
|
|
|
52
69
|
end
|
|
53
70
|
|
|
54
71
|
# hex, git dependency
|
|
55
|
-
defp
|
|
56
|
-
|
|
57
|
-
# unsupported
|
|
58
|
-
defp parse_dep(_dep), do: []
|
|
72
|
+
defp expand_deps(%{scm: scm} = dep) when scm in [Hex.SCM, Mix.SCM.Git], do: [dep]
|
|
59
73
|
|
|
60
74
|
defp umbrella_top_level_dep?(dep) do
|
|
61
75
|
if Mix.Project.umbrella?() do
|
|
@@ -82,7 +96,9 @@ defmodule Parser do
|
|
|
82
96
|
|> empty_str_to_nil()
|
|
83
97
|
end
|
|
84
98
|
|
|
85
|
-
defp maybe_regex_to_str(
|
|
99
|
+
defp maybe_regex_to_str(%Regex{} = s), do: Regex.source(s)
|
|
100
|
+
defp maybe_regex_to_str(s), do: s
|
|
101
|
+
|
|
86
102
|
defp empty_str_to_nil(""), do: nil
|
|
87
103
|
defp empty_str_to_nil(s), do: s
|
|
88
104
|
|
|
@@ -99,6 +115,7 @@ defmodule Parser do
|
|
|
99
115
|
end
|
|
100
116
|
end
|
|
101
117
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
118
|
+
Parser.run()
|
|
119
|
+
|> :erlang.term_to_binary()
|
|
120
|
+
|> Base.encode64()
|
|
121
|
+
|> IO.write()
|
data/helpers/lib/run.exs
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
defmodule DependencyHelper do
|
|
2
2
|
def main() do
|
|
3
|
-
IO.read(:stdio, :
|
|
4
|
-
|>
|
|
3
|
+
IO.read(:stdio, :eof)
|
|
4
|
+
|> JSON.decode!()
|
|
5
5
|
|> run()
|
|
6
6
|
|> case do
|
|
7
7
|
{output, 0} ->
|
|
8
|
+
output = Base.decode64!(output)
|
|
8
9
|
if output =~ "No authenticated organization found" do
|
|
9
10
|
{:error, output}
|
|
10
11
|
else
|
|
@@ -12,6 +13,7 @@ defmodule DependencyHelper do
|
|
|
12
13
|
end
|
|
13
14
|
|
|
14
15
|
{error, 1} ->
|
|
16
|
+
Base.decode64!(error)
|
|
15
17
|
{:error, error}
|
|
16
18
|
end
|
|
17
19
|
|> handle_result()
|
|
@@ -33,7 +35,7 @@ defmodule DependencyHelper do
|
|
|
33
35
|
|
|
34
36
|
defp encode_and_write(content) do
|
|
35
37
|
content
|
|
36
|
-
|>
|
|
38
|
+
|> JSON.encode!()
|
|
37
39
|
|> IO.write()
|
|
38
40
|
end
|
|
39
41
|
|
|
@@ -67,16 +69,7 @@ defmodule DependencyHelper do
|
|
|
67
69
|
script
|
|
68
70
|
] ++ args
|
|
69
71
|
|
|
70
|
-
System.cmd(
|
|
71
|
-
"mix",
|
|
72
|
-
args,
|
|
73
|
-
cd: dir,
|
|
74
|
-
env: %{
|
|
75
|
-
"MIX_EXS" => nil,
|
|
76
|
-
"MIX_LOCK" => nil,
|
|
77
|
-
"MIX_DEPS" => nil
|
|
78
|
-
}
|
|
79
|
-
)
|
|
72
|
+
System.cmd("mix", args, cd: dir, env: %{"MIX_EXS" => nil})
|
|
80
73
|
end
|
|
81
74
|
|
|
82
75
|
defp set_credentials([]), do: :ok
|
data/helpers/mix.exs
CHANGED
|
@@ -2,20 +2,16 @@ defmodule DependabotCore.Mixfile do
|
|
|
2
2
|
use Mix.Project
|
|
3
3
|
|
|
4
4
|
def project do
|
|
5
|
-
[
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
5
|
+
[
|
|
6
|
+
app: :dependabot_core,
|
|
7
|
+
version: "0.1.0",
|
|
8
|
+
elixir: "~> 1.18",
|
|
9
|
+
start_permanent: Mix.env == :prod,
|
|
10
|
+
deps: []
|
|
11
|
+
]
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def application do
|
|
15
|
-
[extra_applications: [:logger]]
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
defp deps() do
|
|
19
|
-
[{:jason, "~> 1.0"}]
|
|
15
|
+
[extra_applications: [:hex, :logger, :ssh]]
|
|
20
16
|
end
|
|
21
17
|
end
|
|
@@ -117,8 +117,6 @@ module Dependabot
|
|
|
117
117
|
def mix_env
|
|
118
118
|
{
|
|
119
119
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
120
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
121
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
122
120
|
"MIX_QUIET" => "1"
|
|
123
121
|
}
|
|
124
122
|
end
|
|
@@ -114,8 +114,6 @@ module Dependabot
|
|
|
114
114
|
def mix_env
|
|
115
115
|
{
|
|
116
116
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
117
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
118
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
119
117
|
"MIX_QUIET" => "1"
|
|
120
118
|
}
|
|
121
119
|
end
|
|
@@ -167,8 +167,6 @@ module Dependabot
|
|
|
167
167
|
def mix_env
|
|
168
168
|
{
|
|
169
169
|
"MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
|
|
170
|
-
"MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
|
|
171
|
-
"MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
|
|
172
170
|
"MIX_QUIET" => "1"
|
|
173
171
|
}
|
|
174
172
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-hex
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.295.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-01-
|
|
11
|
+
date: 2025-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.295.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.295.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -248,7 +248,6 @@ files:
|
|
|
248
248
|
- helpers/lib/parse_deps.exs
|
|
249
249
|
- helpers/lib/run.exs
|
|
250
250
|
- helpers/mix.exs
|
|
251
|
-
- helpers/mix.lock
|
|
252
251
|
- lib/dependabot/hex.rb
|
|
253
252
|
- lib/dependabot/hex/credential_helpers.rb
|
|
254
253
|
- lib/dependabot/hex/file_fetcher.rb
|
|
@@ -274,7 +273,7 @@ licenses:
|
|
|
274
273
|
- MIT
|
|
275
274
|
metadata:
|
|
276
275
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
277
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
276
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.295.0
|
|
278
277
|
post_install_message:
|
|
279
278
|
rdoc_options: []
|
|
280
279
|
require_paths:
|
data/helpers/mix.lock
DELETED
|
@@ -1,3 +0,0 @@
|
|
|
1
|
-
%{
|
|
2
|
-
"jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
|
|
3
|
-
}
|