dependabot-hex 0.293.0 → 0.294.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f96fbbcd594e46f4707887586efc59ae081e18152fdc924b44b6718aea1b79d
-  data.tar.gz: 403c8e4a903e538aa9fece23bec3ba232311698e9d729be8d226ceb88d283c36
+  metadata.gz: c1e408c3a5aa471b3f7f5412c4cd336a215415e8cea34aca76eb1c3d12f61c41
+  data.tar.gz: b31cb3def54f4c3527f3ae4f3ab194805f49a0878d7d58e2f56ec50d193d7a4d
 SHA512:
-  metadata.gz: 444b471a4fa4074c228af3dd6339a5923eeda50efb6f41394973261a8bd47d962c6f5e81fe8ecf1953b85015353f09cf27ddf878bb23c1e421be9b62c9700ab6
-  data.tar.gz: 80a8b0c3be399604ce24c82682adf3f7ac16aecd3bd3ded242fb33f5b2d3a6cd192b09a48529147085fe8111a83ae418e26109295758f67a48af74a785869318
+  metadata.gz: 206240e07df406a494142b6c81913987212fe386cca5b281b4308bd6916dc606d9952323ab5e93bab502fdc5aa55677211302149d41dde0fae48cc89602e24a7
+  data.tar.gz: 90d8e47c2456337e7b08abcfd1e3f086cc5f0da4036b01a04ef4a97ec3030c4ed39bed27713f401ba8062277623f3008090d626a0a8fddd77ecc798da033d132

data/helpers/build

@@ -26,7 +26,5 @@ esac
 
 cp $CP_OPTS "$helpers_dir/lib" "$install_dir"
 cp $CP_OPTS "$helpers_dir/mix.exs" "$install_dir"
-cp $CP_OPTS "$helpers_dir/mix.lock" "$install_dir"
 
 cd "$install_dir"
-mix deps.get

data/helpers/lib/check_update.exs

@@ -1,5 +1,8 @@
 defmodule UpdateChecker do
   def run(dependency_name) do
+    # This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
+    Mix.ensure_application!(:hex)
+
     # Update the lockfile in a session that we can time out
     task = Task.async(fn -> do_resolution(dependency_name) end)
 
@@ -45,24 +48,28 @@ end
 
 [dependency_name] = System.argv()
 
-case UpdateChecker.run(dependency_name) do
-  {:ok, version} ->
-    version = :erlang.term_to_binary({:ok, version})
-    IO.write(:stdio, version)
+result =
+  case UpdateChecker.run(dependency_name) do
+    {:ok, version} ->
+      {:ok, version}
+
+    {:error, %Version.InvalidRequirementError{} = error}  ->
+      {:error, "Invalid requirement: #{error.requirement}"}
 
-  {:error, %Version.InvalidRequirementError{} = error}  ->
-    result = :erlang.term_to_binary({:error, "Invalid requirement: #{error.requirement}"})
-    IO.write(:stdio, result)
+    {:error, %Mix.Error{} = error} ->
+      {:error, "Dependency resolution failed: #{error.message}"}
 
-  {:error, %Mix.Error{} = error} ->
-    result = :erlang.term_to_binary({:error, "Dependency resolution failed: #{error.message}"})
-    IO.write(:stdio, result)
+    {:error, :dependency_resolution_timed_out} ->
+      # We do nothing here because Hex is already printing out a message in stdout
+      nil
 
-  {:error, :dependency_resolution_timed_out} ->
-    # We do nothing here because Hex is already printing out a message in stdout
-    nil
+    {:error, error} ->
+      {:error, "Unknown error in check_update: #{inspect(error)}"}
+  end
 
-  {:error, error} ->
-    result = :erlang.term_to_binary({:error, "Unknown error in check_update: #{inspect(error)}"})
-    IO.write(:stdio, result)
+if not is_nil(result) do
+  result
+  |> :erlang.term_to_binary()
+  |> Base.encode64()
+  |> IO.write()
 end

data/helpers/lib/do_update.exs

@@ -1,3 +1,6 @@
+# This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
+Mix.ensure_application!(:hex)
+
 dependency =
   System.argv()
   |> List.first()
@@ -7,25 +10,16 @@ dependency =
 {dependency_lock, rest_lock} = Map.split(Mix.Dep.Lock.read(), [dependency])
 Mix.Dep.Fetcher.by_name([dependency], dependency_lock, rest_lock, [])
 
-System.cmd(
-  "mix",
-  [
-    "deps.get",
-    "--no-compile",
-    "--no-elixir-version-check",
-  ],
-  [
-    env: %{
-      "MIX_EXS" => nil,
-      "MIX_LOCK" => nil,
-      "MIX_DEPS" => nil
-    }
-  ]
-)
+args = [
+  "deps.get",
+  "--no-compile",
+  "--no-elixir-version-check",
+]
 
-lockfile_content =
-  "mix.lock"
-  |> File.read()
-  |> :erlang.term_to_binary()
+System.cmd("mix", args, [env: %{"MIX_EXS" => nil}])
 
-IO.write(:stdio, lockfile_content)
+"mix.lock"
+|> File.read()
+|> :erlang.term_to_binary()
+|> Base.encode64()
+|> IO.write()

data/helpers/lib/parse_deps.exs

@@ -1,6 +1,9 @@
 defmodule Parser do
   def run do
-    Mix.Dep.load_on_environment([])
+    # This is necessary because we can't specify :extra_applications to have :hex in other mixfiles.
+    Mix.ensure_application!(:hex)
+
+    Mix.Dep.Converger.converge()
     |> Enum.flat_map(&parse_dep/1)
     |> Enum.map(&build_dependency(&1.opts[:lock], &1))
   end
@@ -82,7 +85,7 @@ defmodule Parser do
     |> empty_str_to_nil()
   end
 
-  defp maybe_regex_to_str(s), do: if Regex.regex?(s), do: Regex.source(s), else: s
+  defp maybe_regex_to_str(s), do: if(Regex.regex?(s), do: Regex.source(s), else: s)
   defp empty_str_to_nil(""), do: nil
   defp empty_str_to_nil(s), do: s
 
@@ -99,6 +102,7 @@ defmodule Parser do
   end
 end
 
-dependencies = :erlang.term_to_binary({:ok, Parser.run()})
-
-IO.write(:stdio, dependencies)
+{:ok, Parser.run()}
+|> :erlang.term_to_binary()
+|> Base.encode64()
+|> IO.write()

data/helpers/lib/run.exs

@@ -1,10 +1,11 @@
 defmodule DependencyHelper do
   def main() do
-    IO.read(:stdio, :all)
-    |> Jason.decode!()
+    IO.read(:stdio, :eof)
+    |> JSON.decode!()
     |> run()
     |> case do
       {output, 0} ->
+        output = Base.decode64!(output)
         if output =~ "No authenticated organization found" do
           {:error, output}
         else
@@ -12,6 +13,7 @@ defmodule DependencyHelper do
         end
 
       {error, 1} ->
+        Base.decode64!(error)
         {:error, error}
     end
     |> handle_result()
@@ -33,7 +35,7 @@ defmodule DependencyHelper do
 
   defp encode_and_write(content) do
     content
-    |> Jason.encode!()
+    |> JSON.encode!()
     |> IO.write()
   end
 
@@ -67,16 +69,7 @@ defmodule DependencyHelper do
         script
       ] ++ args
 
-    System.cmd(
-      "mix",
-      args,
-      cd: dir,
-      env: %{
-        "MIX_EXS" => nil,
-        "MIX_LOCK" => nil,
-        "MIX_DEPS" => nil
-      }
-    )
+    System.cmd("mix", args, cd: dir, env: %{"MIX_EXS" => nil})
   end
 
   defp set_credentials([]), do: :ok

data/helpers/mix.exs

@@ -2,20 +2,16 @@ defmodule DependabotCore.Mixfile do
   use Mix.Project
 
   def project do
-    [app: :dependabot_core,
-     version: "0.1.0",
-     elixir: "~> 1.5",
-     start_permanent: Mix.env == :prod,
-     lockfile: System.get_env("MIX_LOCK") || "mix.lock",
-     deps_path: System.get_env("MIX_DEPS") || "deps",
-     deps: deps()]
+    [
+      app: :dependabot_core,
+      version: "0.1.0",
+      elixir: "~> 1.18",
+      start_permanent: Mix.env == :prod,
+      deps: []
+    ]
   end
 
   def application do
-    [extra_applications: [:logger]]
-  end
-
-  defp deps() do
-    [{:jason, "~> 1.0"}]
+    [extra_applications: [:hex, :logger, :ssh]]
   end
 end

data/lib/dependabot/hex/file_parser.rb

@@ -117,8 +117,6 @@ module Dependabot
       def mix_env
         {
           "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
-          "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
-          "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
           "MIX_QUIET" => "1"
         }
       end

data/lib/dependabot/hex/file_updater/lockfile_updater.rb

@@ -114,8 +114,6 @@ module Dependabot
         def mix_env
           {
             "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
-            "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
-            "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
             "MIX_QUIET" => "1"
           }
         end

data/lib/dependabot/hex/update_checker/version_resolver.rb

@@ -167,8 +167,6 @@ module Dependabot
         def mix_env
           {
             "MIX_EXS" => File.join(NativeHelpers.hex_helpers_dir, "mix.exs"),
-            "MIX_LOCK" => File.join(NativeHelpers.hex_helpers_dir, "mix.lock"),
-            "MIX_DEPS" => File.join(NativeHelpers.hex_helpers_dir, "deps"),
             "MIX_QUIET" => "1"
           }
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.293.0
+  version: 0.294.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-16 00:00:00.000000000 Z
+date: 2025-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.293.0
+        version: 0.294.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.293.0
+        version: 0.294.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -248,7 +248,6 @@ files:
 - helpers/lib/parse_deps.exs
 - helpers/lib/run.exs
 - helpers/mix.exs
-- helpers/mix.lock
 - lib/dependabot/hex.rb
 - lib/dependabot/hex/credential_helpers.rb
 - lib/dependabot/hex/file_fetcher.rb
@@ -274,7 +273,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.293.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.294.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/helpers/mix.lock

@@ -1,3 +0,0 @@
-%{
-  "jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"},
-}