dependabot-hex 0.260.0 → 0.261.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb +15 -1
  3. data/lib/dependabot/hex/file_updater.rb +19 -9
  4. data/lib/dependabot/hex/metadata_finder.rb +13 -5
  5. data/lib/dependabot/hex/native_helpers.rb +7 -1
  6. data/lib/dependabot/hex/update_checker/file_preparer.rb +6 -2
  7. data/lib/dependabot/hex/version.rb +7 -3
  8. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 39dd9ca7f95a819b66edcc28326f4f0a95b1e3998d34722026c306a0b19fb800
4
- data.tar.gz: 1a55909dce2ef7233bfcf75b48885a4d7c6d0ada3e4a2f61ba285a6ee724de2a
3
+ metadata.gz: b7a1982afe65fa3a20dc24e88e76ccb71e14504f542e53871d8cbb043ddc69db
4
+ data.tar.gz: 649fe3b1df9d36d3bf06afc7a0b21013ac57d72be6724b2b6428c8ebd50d3cbb
5
5
  SHA512:
6
- metadata.gz: 7e319edb1873858b339c1bcdc7063a55e452f6c1d6d5b071e03b49079f9151dd8b4cf5723190d0ec0f349b624a98129a9e41b2debab8c160ae0d66929bb72738
7
- data.tar.gz: 46c804f5470f9fc7969fe24b9e1bf076737786215042baea77f457eac52e67a8c4775e7094dce8faef76675f6d62605fa5100f8d0324fd2e8b72422ed4a58fa2
6
+ metadata.gz: 4ac067d549efcb29b1264fc56191592c5b19a2527973cb534143d24a71c1edc313c116360ebca81e1b95cd03c6838c044298dfb1c15a54d7fd1b9e4400855023
7
+ data.tar.gz: daae200036c3f100ae25c08bbe1989df254bab20c37a3e6db8257fce4dc9e23a71163b7cc0ffbf4bfb932289bfe13e12ddd67c5af4d0025b722c1325e8a031a8
data/lib/dependabot/hex/file_updater/mixfile_git_pin_updater.rb CHANGED
@@ -1,13 +1,17 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/hex/file_updater"
5
5
  require "dependabot/shared_helpers"
6
+ require "sorbet-runtime"
6
7
 
7
8
  module Dependabot
8
9
  module Hex
9
10
  class FileUpdater
10
11
  class MixfileGitPinUpdater
12
+ extend T::Sig
13
+
14
+ sig { params(dependency_name: String, mixfile_content: String, previous_pin: String, updated_pin: String).void }
11
15
  def initialize(dependency_name:, mixfile_content:,
12
16
  previous_pin:, updated_pin:)
13
17
  @dependency_name = dependency_name
@@ -16,6 +20,7 @@ module Dependabot
16
20
  @updated_pin = updated_pin
17
21
  end
18
22
 
23
+ sig { returns(String) }
19
24
  def updated_content
20
25
  updated_content = update_pin(mixfile_content)
21
26
 
@@ -26,11 +31,19 @@ module Dependabot
26
31
 
27
32
  private
28
33
 
34
+ sig { returns(String) }
29
35
  attr_reader :dependency_name
36
+
37
+ sig { returns(String) }
30
38
  attr_reader :mixfile_content
39
+
40
+ sig { returns(String) }
31
41
  attr_reader :previous_pin
42
+
43
+ sig { returns(String) }
32
44
  attr_reader :updated_pin
33
45
 
46
+ sig { params(content: String).returns(String) }
34
47
  def update_pin(content)
35
48
  requirement_line_regex =
36
49
  /
@@ -43,6 +56,7 @@ module Dependabot
43
56
  end
44
57
  end
45
58
 
59
+ sig { returns(T::Boolean) }
46
60
  def content_should_change?
47
61
  previous_pin == updated_pin
48
62
  end
data/lib/dependabot/hex/file_updater.rb CHANGED
@@ -1,16 +1,20 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/file_updaters"
5
5
  require "dependabot/file_updaters/base"
6
6
  require "dependabot/shared_helpers"
7
+ require "sorbet-runtime"
7
8
 
8
9
  module Dependabot
9
10
  module Hex
10
11
  class FileUpdater < Dependabot::FileUpdaters::Base
12
+ extend T::Sig
13
+
11
14
  require_relative "file_updater/mixfile_updater"
12
15
  require_relative "file_updater/lockfile_updater"
13
16
 
17
+ sig { override.returns(T::Array[Regexp]) }
14
18
  def self.updated_files_regex
15
19
  [
16
20
  /^mix\.exs$/,
@@ -18,6 +22,7 @@ module Dependabot
18
22
  ]
19
23
  end
20
24
 
25
+ sig { override.returns(T::Array[Dependabot::DependencyFile]) }
21
26
  def updated_dependency_files
22
27
  updated_files = []
23
28
 
@@ -30,7 +35,7 @@ module Dependabot
30
35
 
31
36
  if lockfile
32
37
  updated_files <<
33
- updated_file(file: lockfile, content: updated_lockfile_content)
38
+ updated_file(file: T.must(lockfile), content: updated_lockfile_content)
34
39
  end
35
40
 
36
41
  updated_files
@@ -38,10 +43,12 @@ module Dependabot
38
43
 
39
44
  private
40
45
 
46
+ sig { override.void }
41
47
  def check_required_files
42
48
  raise "No mix.exs!" unless get_original_file("mix.exs")
43
49
  end
44
50
 
51
+ sig { params(file: Dependabot::DependencyFile).returns(String) }
45
52
  def updated_mixfile_content(file)
46
53
  MixfileUpdater.new(
47
54
  dependencies: dependencies,
@@ -49,21 +56,24 @@ module Dependabot
49
56
  ).updated_mixfile_content
50
57
  end
51
58
 
59
+ sig { returns(String) }
52
60
  def updated_lockfile_content
53
- @updated_lockfile_content ||=
54
- LockfileUpdater.new(
55
- dependencies: dependencies,
56
- dependency_files: dependency_files,
57
- credentials: credentials
58
- ).updated_lockfile_content
61
+ @updated_lockfile_content ||= T.let(nil, T.nilable(String))
62
+ LockfileUpdater.new(
63
+ dependencies: dependencies,
64
+ dependency_files: dependency_files,
65
+ credentials: credentials
66
+ ).updated_lockfile_content
59
67
  end
60
68
 
69
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
61
70
  def mixfiles
62
71
  dependency_files.select { |f| f.name.end_with?("mix.exs") }
63
72
  end
64
73
 
74
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
65
75
  def lockfile
66
- @lockfile ||= get_original_file("mix.lock")
76
+ @lockfile ||= T.let(get_original_file("mix.lock"), T.nilable(Dependabot::DependencyFile))
67
77
  end
68
78
  end
69
79
  end
data/lib/dependabot/hex/metadata_finder.rb CHANGED
@@ -1,23 +1,27 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "excon"
5
5
  require "dependabot/metadata_finders"
6
6
  require "dependabot/metadata_finders/base"
7
7
  require "dependabot/registry_client"
8
+ require "sorbet-runtime"
8
9
 
9
10
  module Dependabot
10
11
  module Hex
11
12
  class MetadataFinder < Dependabot::MetadataFinders::Base
12
- SOURCE_KEYS = %w(
13
+ extend T::Sig
14
+
15
+ SOURCE_KEYS = T.let(%w(
13
16
  GitHub Github github
14
17
  GitLab Gitlab gitlab
15
18
  BitBucket Bitbucket bitbucket
16
19
  Source source
17
- ).freeze
20
+ ).freeze, T::Array[String])
18
21
 
19
22
  private
20
23
 
24
+ sig { override.returns(T.nilable(Dependabot::Source)) }
21
25
  def look_up_source
22
26
  case new_source_type
23
27
  when "default" then find_source_from_hex_listing
@@ -26,19 +30,22 @@ module Dependabot
26
30
  end
27
31
  end
28
32
 
33
+ sig { returns(T.nilable(String)) }
29
34
  def new_source_type
30
35
  dependency.source_type
31
36
  end
32
37
 
38
+ sig { returns(T.nilable(Dependabot::Source)) }
33
39
  def find_source_from_hex_listing
34
40
  potential_source_urls =
35
41
  SOURCE_KEYS
36
- .filter_map { |key| hex_listing.dig("meta", "links", key) }
42
+ .filter_map { |key| T.must(hex_listing).dig("meta", "links", key) }
37
43
 
38
44
  source_url = potential_source_urls.find { |url| Source.from_url(url) }
39
45
  Source.from_url(source_url)
40
46
  end
41
47
 
48
+ sig { returns(T.nilable(Dependabot::Source)) }
42
49
  def find_source_from_git_url
43
50
  info = dependency.requirements.filter_map { |r| r[:source] }.first
44
51
 
@@ -46,11 +53,12 @@ module Dependabot
46
53
  Source.from_url(url)
47
54
  end
48
55
 
56
+ sig { returns(T.nilable(T::Hash[String, T.untyped])) }
49
57
  def hex_listing
50
58
  return @hex_listing unless @hex_listing.nil?
51
59
 
52
60
  response = Dependabot::RegistryClient.get(url: "https://hex.pm/api/packages/#{dependency.name}")
53
- @hex_listing = JSON.parse(response.body)
61
+ @hex_listing = T.let(JSON.parse(response.body), T.nilable(T::Hash[String, T.untyped]))
54
62
  end
55
63
  end
56
64
  end
data/lib/dependabot/hex/native_helpers.rb CHANGED
@@ -1,9 +1,14 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  module Dependabot
5
7
  module Hex
6
8
  module NativeHelpers
9
+ extend T::Sig
10
+
11
+ sig { returns(String) }
7
12
  def self.hex_helpers_dir
8
13
  helpers_root = ENV.fetch("DEPENDABOT_NATIVE_HELPERS_PATH", nil)
9
14
  return File.join(helpers_root, "hex") unless helpers_root.nil?
@@ -11,6 +16,7 @@ module Dependabot
11
16
  File.join(__dir__, "../../../../hex/helpers")
12
17
  end
13
18
 
19
+ sig { params(path: String).returns(String) }
14
20
  def self.clean_path(path)
15
21
  Pathname.new(path).cleanpath.to_path
16
22
  end
data/lib/dependabot/hex/update_checker/file_preparer.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/dependency_file"
5
7
  require "dependabot/hex/update_checker"
6
8
  require "dependabot/hex/file_updater/mixfile_requirement_updater"
@@ -14,6 +16,8 @@ module Dependabot
14
16
  # This class takes a set of dependency files and sanitizes them for use
15
17
  # in UpdateCheckers::Elixir::Hex.
16
18
  class FilePreparer
19
+ extend T::Sig
20
+
17
21
  def initialize(dependency_files:, dependency:,
18
22
  unlock_requirement: true,
19
23
  replacement_git_pin: nil,
@@ -179,7 +183,7 @@ module Dependabot
179
183
  end
180
184
 
181
185
  def version_regex
182
- version_class::VERSION_PATTERN
186
+ Dependabot::Hex::Version::VERSION_PATTERN
183
187
  end
184
188
 
185
189
  def dependency_appears_in_file?(file_name)
data/lib/dependabot/hex/version.rb CHANGED
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/version"
5
7
  require "dependabot/utils"
6
8
 
@@ -11,6 +13,8 @@ require "dependabot/utils"
11
13
  module Dependabot
12
14
  module Hex
13
15
  class Version < Dependabot::Version
16
+ extend T::Sig
17
+
14
18
  attr_reader :build_info
15
19
 
16
20
  VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
@@ -40,7 +44,7 @@ module Dependabot
40
44
 
41
45
  def <=>(other)
42
46
  version_comparison = super(other)
43
- return version_comparison unless version_comparison.zero?
47
+ return version_comparison unless version_comparison&.zero?
44
48
 
45
49
  return build_info.nil? ? 0 : 1 unless other.is_a?(Hex::Version)
46
50
 
@@ -54,7 +58,7 @@ module Dependabot
54
58
 
55
59
  local_comparison = Gem::Version.new(lhs) <=> Gem::Version.new(rhs)
56
60
 
57
- return local_comparison unless local_comparison.zero?
61
+ return local_comparison unless local_comparison&.zero?
58
62
 
59
63
  lhsegments.count <=> rhsegments.count
60
64
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-hex
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.260.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-06 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.260.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.260.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ licenses:
272
272
  - MIT
273
273
  metadata:
274
274
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
275
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
275
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
276
276
  post_install_message:
277
277
  rdoc_options: []
278
278
  require_paths: