RubyGems - dependabot-hex - Versions diffs - 0.367.0 → 0.368.0 - Mend

dependabot-hex 0.367.0 → 0.368.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/helpers/lib/run.exs +11 -4
data/lib/dependabot/hex/file_updater/lockfile_updater.rb +1 -1
data/lib/dependabot/hex/update_checker/version_resolver.rb +4 -0
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d496793073bfe45c28f11a88096553dcd32d74027b3fb8303a013d3ffe574b7e
-  data.tar.gz: cd2f09b2377fd0bddfc01290edbbd23c58e0deafba2fadaa53ad8d79aa0ba57c
+  metadata.gz: fef15c4c0ef2af7e208cd26ad8e43bab2e0e685af628c119bd4c8dc619dc1191
+  data.tar.gz: 05a29f5880ac5109faf59287e70e13e31ca14ddf60ee6a7f63566ec9b9d605b1
 SHA512:
-  metadata.gz: d5caf9181ccdc354fa365217bcf07eb50518e943bd5e07ab5a554b3f99ba0f75e8de57f4b76b9032ea511a167f4ef69e95c393f47353a0265c2fb5e43f9e29f4
-  data.tar.gz: 6ac2e8ab8594c8d200e75bd44bd07534f9e8c08d4e5c8ac9879956eaaaef71675c7720b766f1a0399e1fc49be094addd9e541bde22190d081718493a4121d9d9
+  metadata.gz: fa878ff298775c6ce1f425fc706a02758e9b752f0d608ae1e52db3a133635e8e15433b824858d2d55442dba67828efc259b3f4d4cef0026c4e56b9b2b0bbd67b
+  data.tar.gz: 294dc65e3324b6050f6eaf1370e209e5e36365129106bdf87742545d09a53ea5d419da22a2d9a1bcd133dec46d27e0c4aa5a8439e5b795942c3efdbc594d2bda

data/helpers/lib/run.exs CHANGED Viewed

@@ -123,10 +123,17 @@ defmodule DependencyHelper do
   defp fetch_public_key(repo, repo_url, auth_key, fingerprint) do
     case Hex.Repo.get_public_key(%{trusted: true, url: repo_url, auth_key: auth_key}) do
       {:ok, {200, _headers, key}} ->
-        if public_key_matches?(key, fingerprint) do
-          {:ok, key}
-        else
-          {:error, "Public key fingerprint mismatch for repo \"#{repo}\""}
+        try do
+          if public_key_matches?(key, fingerprint) do
+            {:ok, key}
+          else
+            {:error, "Public key fingerprint mismatch for repo \"#{repo}\""}
+          end
+        rescue
+          e in FunctionClauseError ->
+            {:error,
+             "Failed to decode public key for repo \"#{repo}\": " <>
+               "#{Exception.message(e)} (#{inspect(e.__struct__)})"}
         end
       {:ok, {code, _headers, _body}} ->

data/lib/dependabot/hex/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -86,7 +86,7 @@ module Dependabot
           match = error.message.match(/No authenticated organization found for (?<repo>[a-z_]+)\./)
           match ||= error.message.match(/Public key fingerprint mismatch for repo "(?<repo>[a-z_]+)"/)
           match ||= error.message.match(/Missing credentials for "(?<repo>[a-z_]+)"/)
-          match ||= error.message.match(/Downloading public key for repo "(?<repo>[a-z_]+)"/)
+          match ||= error.message.match(/(?:Downloading|Failed to decode) public key for repo "(?<repo>[a-z_]+)"/)
           match ||= error.message.match(/Failed to fetch record for (?<repo>[a-z_]+)(?::(?<org>[a-z_]+))?/)
           if match

data/lib/dependabot/hex/update_checker/version_resolver.rb CHANGED Viewed

@@ -109,6 +109,10 @@ module Dependabot
             raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
           end
+          if (match = error.message.match(/Failed to decode public key for repo "(?<repo>[a-z_]+)"/))
+            raise Dependabot::PrivateSourceAuthenticationFailure, match[:repo]
+          end
           if (match = error.message.match(/Failed to fetch record for (?<repo>[a-z_]+)(?::(?<org>[a-z_]+))?/))
             name = match[:org] || match[:repo]
             raise Dependabot::PrivateSourceAuthenticationFailure, name

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-hex
 version: !ruby/object:Gem::Version
-  version: 0.367.0
+  version: 0.368.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.367.0
+        version: 0.368.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.367.0
+        version: 0.368.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -274,7 +274,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.367.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.368.0
 rdoc_options: []
 require_paths:
 - lib