dependabot-hex 0.261.0 → 0.261.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7a1982afe65fa3a20dc24e88e76ccb71e14504f542e53871d8cbb043ddc69db
-  data.tar.gz: 649fe3b1df9d36d3bf06afc7a0b21013ac57d72be6724b2b6428c8ebd50d3cbb
+  metadata.gz: 27d33792dfe1e80e7983633d35c802b8e740e597b27511bbf5b62d7d53d2524e
+  data.tar.gz: f8a13617553b91170a7dca0a50ebdb3a9d68326961c3919851119e1b6b08b972
 SHA512:
-  metadata.gz: 4ac067d549efcb29b1264fc56191592c5b19a2527973cb534143d24a71c1edc313c116360ebca81e1b95cd03c6838c044298dfb1c15a54d7fd1b9e4400855023
-  data.tar.gz: daae200036c3f100ae25c08bbe1989df254bab20c37a3e6db8257fce4dc9e23a71163b7cc0ffbf4bfb932289bfe13e12ddd67c5af4d0025b722c1325e8a031a8
+  metadata.gz: d21ffaea5f67baf3b4c937d578cc1f2f7dc5945d7cdc90e6f7bd28a38309f58b2821aff0df65d41aa3be7d970995bc8792045f23a83da1c4c79f16b730b14e3c
+  data.tar.gz: ab89c2440795290fd4088ed5b6d7d705d8d4b2d33f96e396ea3e5c56492c9ab7f943783282cb91b28759ce10e3c00982a27ef0b57c9bb5bb9bbd583cffcdd726

data/lib/dependabot/hex/credential_helpers.rb

@@ -1,13 +1,19 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 module Dependabot
   module Hex
     module CredentialHelpers
+      extend T::Sig
+
+      sig { params(credentials: T::Array[Dependabot::Credential]).returns(T::Array[Dependabot::Credential]) }
       def self.hex_credentials(credentials)
         organization_credentials(credentials) + repo_credentials(credentials)
       end
 
+      sig { params(credentials: T.untyped).returns(T::Array[Dependabot::Credential]) }
       def self.organization_credentials(credentials)
         defaults = Dependabot::Credential.new({ "organization" => "", "token" => "" })
         keys = %w(type organization token)
@@ -16,7 +22,7 @@ module Dependabot
           .select { |cred| cred["type"] == "hex_organization" }
           .flat_map { |cred| defaults.merge(cred).slice(*keys).values }
       end
-
+      sig { params(credentials: T::Array[Dependabot::Credential]).returns(T::Array[Dependabot::Credential]) }
       def self.repo_credentials(credentials)
         # Credentials are serialized as an array that may not have optional fields. Using a
         # default ensures that the array is always the same length, even if values are empty.

data/lib/dependabot/hex/file_parser.rb

@@ -1,6 +1,7 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
+require "sorbet-runtime"
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
@@ -13,8 +14,10 @@ require "dependabot/errors"
 module Dependabot
   module Hex
     class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
       require "dependabot/file_parsers/base/dependency_set"
 
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         # TODO: git sourced dependency's mixfiles are evaluated. Provide guards before removing this.
         raise ::Dependabot::UnexpectedExternalCode if @reject_external_code
@@ -43,11 +46,12 @@ module Dependabot
 
       private
 
+      sig { returns(T::Array[T.any(T::Hash[String, String], T::Hash[String, T.untyped])]) }
       def dependency_details
         SharedHelpers.in_a_temporary_directory do
           write_sanitized_mixfiles
           write_sanitized_supporting_files
-          File.write("mix.lock", lockfile.content) if lockfile
+          File.write("mix.lock", lockfile&.content) if lockfile
           FileUtils.cp(elixir_helper_parse_deps_path, "parse_deps.exs")
 
           SharedHelpers.run_helper_subprocess(
@@ -69,28 +73,32 @@ module Dependabot
         JSON.parse(result_json).fetch("result")
       end
 
+      sig { void }
       def write_sanitized_mixfiles
         mixfiles.each do |file|
           path = file.name
           FileUtils.mkdir_p(Pathname.new(path).dirname)
-          File.write(path, sanitize_mixfile(file.content))
+          File.write(path, sanitize_mixfile(T.must(file.content)))
         end
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def write_sanitized_supporting_files
         dependency_files.select(&:support_file).each do |file|
           path = file.name
           FileUtils.mkdir_p(Pathname.new(path).dirname)
-          File.write(path, sanitize_mixfile(file.content))
+          File.write(path, sanitize_mixfile(T.must(file.content)))
         end
       end
 
+      sig { params(content: String).returns(String) }
       def sanitize_mixfile(content)
         Hex::FileUpdater::MixfileSanitizer.new(
           mixfile_content: content
         ).sanitized_content
       end
 
+      sig { returns(T::Hash[String, String]) }
       def mix_env
         {
           "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
@@ -100,28 +108,34 @@ module Dependabot
         }
       end
 
+      sig { returns(String) }
       def elixir_helper_path
         File.join(NativeHelpers.hex_helpers_dir, "lib/run.exs")
       end
 
+      sig { returns(String) }
       def elixir_helper_parse_deps_path
         File.join(NativeHelpers.hex_helpers_dir, "lib/parse_deps.exs")
       end
 
+      sig { override.void }
       def check_required_files
         raise "No mixfile!" if mixfiles.none?
       end
 
+      sig { params(hash: T::Hash[String, String]).returns(T::Hash[Symbol, T.nilable(String)]) }
       def symbolize_keys(hash)
         hash.keys.to_h { |k| [k.to_sym, hash[k]] }
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def mixfiles
         dependency_files.select { |f| f.name.end_with?("mix.exs") }
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def lockfile
-        @lockfile ||= get_original_file("mix.lock")
+        @lockfile ||= T.let(get_original_file("mix.lock"), T.nilable(Dependabot::DependencyFile))
       end
     end
   end

data/lib/dependabot/hex/file_updater/mixfile_sanitizer.rb

@@ -1,20 +1,23 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "dependabot/hex/file_updater"
 require "dependabot/shared_helpers"
+require "sorbet-runtime"
 
 module Dependabot
   module Hex
     class FileUpdater
       class MixfileSanitizer
+        extend T::Sig
+        sig { params(mixfile_content: String).void }
         def initialize(mixfile_content:)
           @mixfile_content = mixfile_content
         end
 
         FILE_READ      = /File.read\(.*?\)/
         FILE_READ_BANG = /File.read!\(.*?\)/
-        PIPE           = Regexp.escape("|>").freeze
+        PIPE           = T.let(Regexp.escape("|>").freeze, String)
         VERSION_FILE   = /"VERSION"/i
 
         NESTED_VERSION_FILE_READ = /String\.trim\(#{FILE_READ}\)/
@@ -22,18 +25,25 @@ module Dependabot
         PIPED_VERSION_FILE_READ = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ}/
         PIPED_VERSION_FILE_READ_BANG = /#{VERSION_FILE}[[:space:]]+#{PIPE}[[:space:]]+#{FILE_READ_BANG}/
 
-        # rubocop:disable Performance/MethodObjectAsBlock
+        sig { returns(String) }
         def sanitized_content
-          mixfile_content
-            .then(&method(:prevent_version_file_loading))
-            .then(&method(:prevent_config_path_loading))
+          @mixfile_content
+            .then { |content| prevent_version_file_loading(content) }
+            .then { |content| prevent_config_path_loading(content) }
         end
-        # rubocop:enable Performance/MethodObjectAsBlock
 
         private
 
+        sig { returns(String) }
         attr_reader :mixfile_content
 
+        sig { params(configuration: String).returns(String) }
+        def prevent_config_path_loading(configuration)
+          configuration
+            .gsub(/^\s*config_path:.*(?:,|$)/, "")
+        end
+
+        sig { params(configuration: String).returns(String) }
         def prevent_version_file_loading(configuration)
           configuration
             .gsub(NESTED_VERSION_FILE_READ_BANG, 'String.trim("0.0.1")')
@@ -41,11 +51,6 @@ module Dependabot
             .gsub(PIPED_VERSION_FILE_READ, '{:ok, "0.0.1"}')
             .gsub(PIPED_VERSION_FILE_READ_BANG, '"0.0.1"')
         end
-
-        def prevent_config_path_loading(configuration)
-          configuration
-            .gsub(/^\s*config_path:.*(?:,|$)/, "")
-        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.261.0
+  version: 0.261.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-06-13 00:00:00.000000000 Z
+date: 2024-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.261.0
+        version: 0.261.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.261.0
+        version: 0.261.1
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -272,7 +272,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.1
 post_install_message: 
 rdoc_options: []
 require_paths: