dependabot-hex 0.118.16 → 0.119.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 966641c97b9444eb8970f7c71a823145222ac31a91908f850757e1f8c66a4074
-  data.tar.gz: 51c261247173648cb33ec489d020f3b1b734317044a0f803cdb219f32544fc0a
+  metadata.gz: 3604a148074d38433c48025d48dbc44da12cd64132cfd55372445b47dd830864
+  data.tar.gz: db60087432ed4e23f7edc0014348bb47175ca81fa5cdd1b1811936c747c0f260
 SHA512:
-  metadata.gz: 20d4406f524c498fc57fab05d8e6da910d115114721a49882c3c0ffb271c027413d178e82abd4514d6e5ef727eb5e06d15014d7ab18c3dbd5862dce05bcba0e0
-  data.tar.gz: 6674fa19ead51028acf8ed3617854793d42cbf920d6392a8ef8d2c47f8010e7feaa9f7bf897675a6fede2ba61dadc1f419a0e5614b8e3ec2f701c2ce0295f554
+  metadata.gz: 4cc9b3bafe4314ea6147a566e4c99ba1f5ef9d53d8428fa50cf0bdd70736dc996b7c3e16d4e7c5869224504632d850ebe69f85fa4037a4b961633d9b8a2b5f4d
+  data.tar.gz: 549c1b9f72347c16f9bfbde5137e1ddf92a163283f0c016ea331867efa41e0ec64a4669074a6c4fd872235063b8621958b68980c3d7686a0d7ca68a8e4b7fa2c

data/helpers/install-dir/hex/deps/jason/CHANGELOG.md

@@ -0,0 +1,88 @@
+# Changelog
+
+## 1.2.1 (04.05.2020)
+
+### Security
+
+* Fix `html_safe` escaping in `Jason.encode`
+
+The `<!--` sequence of characters would not be escaped in `Jason.encode`
+with`html_escape` mode, which could lead to DoS attacks when used for
+embedding of arbitrary, user controlled strings into HTML through JSON
+(e.g. inside of `<script>` tags).
+
+If you were not using the `html_safe` option, you are not affected.
+
+Affected versions: < 1.2.1
+Patched versions: >= 1.2.1
+
+## 1.2.0 (17.03.2020)
+
+### Enhancements
+
+* Add `Jason.Encode.keyword/2`
+  ([cb1f26a](https://github.com/michalmuskala/jason/commit/cb1f26a)).
+
+### Bug fixes
+
+* Fix `Jason.Helpers.json_map/1` value expansion
+  ([70b046a](https://github.com/michalmuskala/jason/commit/70b046a)).
+
+## 1.1.2 (19.10.2018)
+
+### Bug fixes
+
+* correctly handle the `pretty: false` option
+  ([ba318c8](https://github.com/michalmuskala/jason/commit/ba318c8)).
+
+## 1.1.1 (10.07.2018)
+
+### Bug fixes
+
+* correctly handle escape sequences in strings when pretty printing
+  ([794bbe4](https://github.com/michalmuskala/jason/commit/794bbe4)).
+
+## 1.1.0 (02.07.2018)
+
+### Enhancements
+
+* pretty-printing support through `Jason.Formatter` and `pretty: true` option
+  in `Jason.encode/2` ([d758e36](https://github.com/michalmuskala/jason/commit/d758e36)).
+
+### Bug fixes
+
+* silence variable warnings for fields with underscores used during deriving
+  ([88dd85c](https://github.com/michalmuskala/jason/commit/88dd85c)).
+* **potential incompatibility** don't raise `Protocol.UndefinedError` in non-bang functions
+  ([ad0f57b](https://github.com/michalmuskala/jason/commit/ad0f57b)).
+
+## 1.0.1 (02.07.2018)
+
+### Bug fixes
+
+* fix `Jason.Encode.escape` type ([a57b430](https://github.com/michalmuskala/jason/commit/a57b430))
+* multiple documentation improvements
+
+## 1.0.0 (26.01.2018)
+
+No changes
+
+## 1.0.0-rc.3 (26.01.2018)
+
+### Changes
+
+* update `escape` option of `Jason.encode/2` to take values:
+  `:json | :unicode_safe | :html_safe | :javascript_safe` for consistency. Old values of
+  `:unicode` and `:javascript` are still supported for compatibility with Poison.
+  ([f42dcbd](https://github.com/michalmuskala/jason/commit/f42dcbd))
+
+## 1.0.0-rc.2 (07.01.2018)
+
+### Bug fixes
+
+* add type for `strings` option ([b459ee4](https://github.com/michalmuskala/jason/commit/b459ee4))
+* support iodata in `decode!` ([a1f3456](https://github.com/michalmuskala/jason/commit/a1f3456))
+
+## 1.0.0-rc.1 (22.12.2017)
+
+Initial release

data/helpers/install-dir/hex/deps/jason/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2017 Michał Muskała
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/helpers/install-dir/hex/deps/jason/README.md

@@ -0,0 +1,141 @@
+# Jason
+
+A blazing fast JSON parser and generator in pure Elixir.
+
+The parser and generator are at least twice as fast as other Elixir/Erlang libraries
+(most notably `Poison`).
+The performance is comparable to `jiffy`, which is implemented in C as a NIF.
+Jason is usually only twice as slow.
+
+Both parser and generator fully conform to
+[RFC 8259](https://tools.ietf.org/html/rfc8259) and
+[ECMA 404](http://www.ecma-international.org/publications/standards/Ecma-404.htm)
+standards. The parser is tested using [JSONTestSuite](https://github.com/nst/JSONTestSuite).
+
+## Installation
+
+The package can be installed by adding `jason` to your list of dependencies
+in `mix.exs`:
+
+```elixir
+def deps do
+  [{:jason, "~> 1.2"}]
+end
+```
+
+## Basic Usage
+
+``` elixir
+iex(1)> Jason.encode!(%{"age" => 44, "name" => "Steve Irwin", "nationality" => "Australian"})
+"{\"age\":44,\"name\":\"Steve Irwin\",\"nationality\":\"Australian\"}"
+
+iex(2)> Jason.decode!(~s({"age":44,"name":"Steve Irwin","nationality":"Australian"}))
+%{"age" => 44, "name" => "Steve Irwin", "nationality" => "Australian"}
+```
+
+Full documentation can be found at [https://hexdocs.pm/jason](https://hexdocs.pm/jason).
+
+## Use with other libraries
+
+### Postgrex
+
+Versions starting at 0.14.0 use `Jason` by default. For earlier versions, please refer to
+[previous versions of this document](https://github.com/michalmuskala/jason/tree/v1.1.2#postgrex).
+
+### Ecto
+
+Versions starting at 3.0.0 use `Jason` by default. For earlier versions, please refer to
+[previous versions of this document](https://github.com/michalmuskala/jason/tree/v1.1.2#ecto).
+
+### Plug (and Phoenix)
+
+Phoenix starting at 1.4.0 uses `Jason` by default. For earlier versions, please refer to
+[previous versions of this document](https://github.com/michalmuskala/jason/tree/v1.1.2#plug-and-phoenix).
+
+### Absinthe
+
+You need to pass the `:json_codec` option to `Absinthe.Plug`
+
+```elixir
+# When called directly:
+plug Absinthe.Plug,
+  schema: MyApp.Schema,
+  json_codec: Jason
+
+# When used in phoenix router:
+forward "/api",
+  to: Absinthe.Plug,
+  init_opts: [schema: MyApp.Schema, json_codec: Jason]
+```
+
+## Benchmarks
+
+Detailed benchmarks (including memory measurements):
+https://gist.github.com/michalmuskala/4d64a5a7696ca84ac7c169a0206640d5
+
+HTML reports for the benchmark (only performance measurements):
+http://michal.muskala.eu/jason/decode.html and http://michal.muskala.eu/jason/encode.html
+
+### Running
+
+Benchmarks against most popular Elixir & Erlang json libraries can be executed after
+going into the `bench/` folder and then executing `mix bench.encode` and `mix bench.decode`.
+A HTML report of the benchmarks (after their execution) can be found in
+`bench/output/encode.html` and `bench/output/decode.html` respectively.
+
+## Differences to Poison
+
+Jason has a couple feature differences compared to Poison.
+
+  * Jason follows the JSON spec more strictly, for example it does not allow
+    unescaped newline characters in JSON strings - e.g. `"\"\n\""` will
+    produce a decoding error.
+  * no support for decoding into data structures (the `as:` option).
+  * no built-in encoders for `MapSet`, `Range` and `Stream`.
+  * no support for encoding arbitrary structs - explicit implementation
+    of the `Jason.Encoder` protocol is always required.
+  * different pretty-printing customisation options (default `pretty: true` works the same)
+
+If you require encoders for any of the unsupported collection types, I suggest
+adding the needed implementations directly to your project:
+
+```elixir
+defimpl Jason.Encoder, for: [MapSet, Range, Stream] do
+  def encode(struct, opts) do
+    Jason.Encode.list(Enum.to_list(struct), opts)
+  end
+end
+```
+
+If you need to encode some struct that does not implement the protocol,
+if you own the struct, you can derive the implementation specifying
+which fields should be encoded to JSON:
+
+```elixir
+@derive {Jason.Encoder, only: [....]}
+defstruct # ...
+```
+
+It is also possible to encode all fields, although this should be
+used carefully to avoid accidentally leaking private information
+when new fields are added:
+
+```elixir
+@derive Jason.Encoder
+defstruct # ...
+```
+
+Finally, if you don't own the struct you want to encode to JSON,
+you may use `Protocol.derive/3` placed outside of any module:
+
+```elixir
+Protocol.derive(Jason.Encoder, NameOfTheStruct, only: [...])
+Protocol.derive(Jason.Encoder, NameOfTheStruct)
+```
+
+## License
+
+Jason is released under the Apache License 2.0 - see the [LICENSE](LICENSE) file.
+
+Some elements of tests and benchmarks have their origins in the
+[Poison library](https://github.com/devinus/poison) and were initially licensed under [CC0-1.0](https://creativecommons.org/publicdomain/zero/1.0/).

data/helpers/install-dir/hex/deps/jason/hex_metadata.config

@@ -0,0 +1,20 @@
+{<<"app">>,<<"jason">>}.
+{<<"build_tools">>,[<<"mix">>]}.
+{<<"description">>,
+ <<"A blazing fast JSON parser and generator in pure Elixir.">>}.
+{<<"elixir">>,<<"~> 1.4">>}.
+{<<"files">>,
+ [<<"lib">>,<<"lib/jason.ex">>,<<"lib/encoder.ex">>,<<"lib/decoder.ex">>,
+  <<"lib/formatter.ex">>,<<"lib/encode.ex">>,<<"lib/codegen.ex">>,
+  <<"lib/helpers.ex">>,<<"lib/fragment.ex">>,<<"mix.exs">>,<<"README.md">>,
+  <<"LICENSE">>,<<"CHANGELOG.md">>]}.
+{<<"licenses">>,[<<"Apache-2.0">>]}.
+{<<"links">>,[{<<"GitHub">>,<<"https://github.com/michalmuskala/jason">>}]}.
+{<<"name">>,<<"jason">>}.
+{<<"requirements">>,
+ [[{<<"app">>,<<"decimal">>},
+   {<<"name">>,<<"decimal">>},
+   {<<"optional">>,true},
+   {<<"repository">>,<<"hexpm">>},
+   {<<"requirement">>,<<"~> 1.0">>}]]}.
+{<<"version">>,<<"1.2.1">>}.

data/helpers/install-dir/hex/deps/jason/lib/codegen.ex

@@ -0,0 +1,138 @@
+defmodule Jason.Codegen do
+  @moduledoc false
+
+  alias Jason.{Encode, EncodeError}
+
+  def jump_table(ranges, default) do
+    ranges
+    |> ranges_to_orddict()
+    |> :array.from_orddict(default)
+    |> :array.to_orddict()
+  end
+
+  def jump_table(ranges, default, max) do
+    ranges
+    |> ranges_to_orddict()
+    |> :array.from_orddict(default)
+    |> resize(max)
+    |> :array.to_orddict()
+  end
+
+  defmacro bytecase(var, do: clauses) do
+    {ranges, default, literals} = clauses_to_ranges(clauses, [])
+
+    jump_table = jump_table(ranges, default)
+
+    quote do
+      case unquote(var) do
+        unquote(jump_table_to_clauses(jump_table, literals))
+      end
+    end
+  end
+
+  defmacro bytecase(var, max, do: clauses) do
+    {ranges, default, empty} = clauses_to_ranges(clauses, [])
+
+    jump_table = jump_table(ranges, default, max)
+
+    quote do
+      case unquote(var) do
+        unquote(jump_table_to_clauses(jump_table, empty))
+      end
+    end
+  end
+
+  def build_kv_iodata(kv, encode_args) do
+    elements =
+      kv
+      |> Enum.map(&encode_pair(&1, encode_args))
+      |> Enum.intersperse(",")
+
+    collapse_static(List.flatten(["{", elements] ++ '}'))
+  end
+
+  defp clauses_to_ranges([{:->, _, [[{:in, _, [byte, range]}, rest], action]} | tail], acc) do
+    clauses_to_ranges(tail, [{range, {byte, rest, action}} | acc])
+  end
+
+  defp clauses_to_ranges([{:->, _, [[default, rest], action]} | tail], acc) do
+    {Enum.reverse(acc), {default, rest, action}, literal_clauses(tail)}
+  end
+
+  defp literal_clauses(clauses) do
+    Enum.map(clauses, fn {:->, _, [[literal], action]} ->
+      {literal, action}
+    end)
+  end
+
+  defp jump_table_to_clauses([{val, {{:_, _, _}, rest, action}} | tail], empty) do
+    quote do
+      <<unquote(val), unquote(rest)::bits>> ->
+        unquote(action)
+    end ++ jump_table_to_clauses(tail, empty)
+  end
+
+  defp jump_table_to_clauses([{val, {byte, rest, action}} | tail], empty) do
+    quote do
+      <<unquote(byte), unquote(rest)::bits>> when unquote(byte) === unquote(val) ->
+        unquote(action)
+    end ++ jump_table_to_clauses(tail, empty)
+  end
+
+  defp jump_table_to_clauses([], literals) do
+    Enum.flat_map(literals, fn {pattern, action} ->
+      quote do
+        unquote(pattern) ->
+          unquote(action)
+      end
+    end)
+  end
+
+  defp resize(array, size), do: :array.resize(size, array)
+
+  defp ranges_to_orddict(ranges) do
+    ranges
+    |> Enum.flat_map(fn
+         {int, value} when is_integer(int) ->
+           [{int, value}]
+
+         {enum, value} ->
+           Enum.map(enum, &{&1, value})
+       end)
+    |> :orddict.from_list()
+  end
+
+  defp encode_pair({key, value}, encode_args) do
+    key = IO.iodata_to_binary(Encode.key(key, &escape_key/3))
+    key = "\"" <> key <> "\":"
+    [key, quote(do: Encode.value(unquote(value), unquote_splicing(encode_args)))]
+  end
+
+  defp escape_key(binary, _original, _skip) do
+    check_safe_key!(binary)
+    binary
+  end
+
+  defp check_safe_key!(binary) do
+    for <<(<<byte>> <- binary)>> do
+      if byte > 0x7F or byte < 0x1F or byte in '"\\/' do
+        raise EncodeError,
+              "invalid byte #{inspect(byte, base: :hex)} in literal key: #{inspect(binary)}"
+      end
+    end
+
+    :ok
+  end
+
+  defp collapse_static([bin1, bin2 | rest]) when is_binary(bin1) and is_binary(bin2) do
+    collapse_static([bin1 <> bin2 | rest])
+  end
+
+  defp collapse_static([other | rest]) do
+    [other | collapse_static(rest)]
+  end
+
+  defp collapse_static([]) do
+    []
+  end
+end