RubyGems - dependabot-composer - Versions diffs - 0.103.0 → 0.103.1 - Mend

dependabot-composer 0.103.0 → 0.103.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/composer/file_fetcher.rb +23 -15
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3083a8f3347ae0158c14b6d01a35c3bff89456b2ecd143cd56d8525ec9ad44bf
-  data.tar.gz: 0e316e6d184ed6b0ac8be4d53ab0d36db9aa40dc0ce4f7d192bdf3a94b2a14e0
+  metadata.gz: 8a00f0b1d602746a20b3eb2cac2a4c244e4825eca5609d1437da9c887c7f9c9d
+  data.tar.gz: b53978ab4a8106a365cf9bdb4258f8e8f2d3b6f5b88374b2a31f3fd09c783830
 SHA512:
-  metadata.gz: 35efb0f0daffb7f0da63584dd6724fdce4a4ecf988226e93f352c01ee3d70cbd3114191d62561966c228e7414a8c8713ca6f137b23624b51cc5be895eec695d3
-  data.tar.gz: ce7d49889b2fd4133877f68c56f115db8af64c1c886f0e17201b0829a781edbdacf3ac8358d95628def7b8a28cf034a50676195cee421e55aed4a8cca5c4f199
+  metadata.gz: 44aacb1a8124e4afc26fb5a6288f05f47dd68b2823c9991000d6567ed85807c9267dd0270d6a9509c3da95abd43ab7181e6d105cc53a3d10f65dd3f186dcb298
+  data.tar.gz: 57a7ae70391187a9d057f00d48c05bb62b1612c37d2b628f799bcae0017c515773390dd7fbe7098524f0be163488b98508425b51234d8c2f6207777187191bb7

data/lib/dependabot/composer/file_fetcher.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require "json"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
@@ -59,7 +60,7 @@ module Dependabot
                 begin
                   composer_json_files << fetch_file_with_root_fallback(file)
                 rescue Dependabot::DependencyFileNotFound
-                  unfetchable_deps << path
+                  unfetchable_deps << dir
                 end
               end
             end
@@ -99,22 +100,29 @@ module Dependabot
           select { |file| file.type == "dir" }.
           map { |f| path.gsub(/\*$/, f.name) }
       rescue Octokit::NotFound, Gitlab::Error::NotFound
-        # If there's no lockfile, or if none of the dependencies are path
-        # dependencies, then we can ignore failures to find path deps
-        return [] unless composer_lock&.content&.include?('"path"')
+        lockfile_path_dependency_paths.
+          select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
+      end
-        # Otherwise, we don't know what to do. For now, just raise. If we see
-        # this in the wild we can make a call on the correct handling
-        raise if directory == "/"
+      def lockfile_path_dependency_paths
+        keys = FileParser::DEPENDENCY_GROUP_KEYS.
+               map { |h| h.fetch(:lockfile) }
-        # If the directory isn't found at the full path, try looking for it
-        # at the root of the repository.
-        depth = directory.gsub(%r{^/}, "").gsub(%r{/$}, "").split("/").count
-        dir = "../" * depth + path.gsub(/\*$/, "").gsub(/^\.*/, "")
+        keys.flat_map do |key|
+          next [] unless parsed_lockfile[key]
-        repo_contents(dir: dir).
-          select { |file| file.type == "dir" }.
-          map { |f| path.gsub(/\*$/, f.name) }
+          parsed_lockfile[key].
+            select { |details| details.dig("dist", "type") == "path" }.
+            map { |details| details.dig("dist", "url") }
+        end
+      end
+      def parsed_lockfile
+        return {} unless composer_lock
+        @parsed_lockfile ||= JSON.parse(composer_lock.content)
+      rescue JSON::ParserError
+        {}
       end
       def fetch_file_with_root_fallback(filename)
@@ -125,7 +133,7 @@ module Dependabot
         rescue Dependabot::DependencyFileNotFound
           # If the file isn't found at the full path, try looking for it
           # without considering the directory (i.e., check if the path should
-          # have been relevative to the root of the repository).
+          # have been relative to the root of the repository).
           cleaned_filename = filename.gsub(/^\./, "")
           cleaned_filename = Pathname.new(cleaned_filename).cleanpath.to_path

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.103.0
+  version: 0.103.1
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.103.0
+        version: 0.103.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.103.0
+        version: 0.103.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement