dependabot-composer 0.111.21 → 0.111.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +16 -6
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +5 -1
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cb5eda2964699209aa592be6f51636a66e2b7a18eb3c160fb96427c2867023c0
4
- data.tar.gz: 812ea41e4e821bc4bbcded2ae7322ddee937a8a0b258f8f5640db4b8d2b26c6b
3
+ metadata.gz: b49add2188a910860cf1d9553ea2b989367516d32ade7f2720de3548c08d16f1
4
+ data.tar.gz: 1d659ec8d7e06833d765e3d34faca38dfa3cde2d58a9e7216dd69e1dab1d7981
5
5
  SHA512:
6
- metadata.gz: f31f508311f3f3f7e05afdf4b273964336273dce1e65daa560aa6063d777f63347b7604471e0e84c6b8fc94ce6debcca9936f4fc29c0e101ce864fb5fcc81ca1
7
- data.tar.gz: 580176b874cce02fc00e72021c910961175d2666d054b504ed48d065ed3a543be2838bcfd36b2637b31662b383e875c3c46181078a6769c47c7980c2e861d961
6
+ metadata.gz: bc7dd463e367b57b036ef5873ea0dd6085065784285616bb2a7d73749f8f9c3235b032ad9b34098fb2705306fe107753a376a2d642aa192bc7db7f9c288e29bd
7
+ data.tar.gz: 3adb07ffc095e7da30e3f7e7a0e41ebc5a1caf14857dd048d8750e45be5e9c20869f6949dc27bed0a4628121cdedbf758c03df49f04031957fabaa7996b2dec7
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -302,9 +302,11 @@ module Dependabot
302
302
  end
303
303
 
304
304
  def version_for_reqs(requirements)
305
- req_array = requirements.map { |str| Composer::Requirement.new(str) }
305
+ req_arrays =
306
+ requirements.
307
+ map { |str| Composer::Requirement.requirements_array(str) }
306
308
  potential_versions =
307
- req_array.map do |req|
309
+ req_arrays.flatten.map do |req|
308
310
  op, version = req.requirements.first
309
311
  case op
310
312
  when ">" then version.bump
@@ -313,8 +315,11 @@ module Dependabot
313
315
  end
314
316
  end
315
317
 
316
- version = potential_versions.
317
- find { |v| req_array.all? { |r| r.satisfied_by?(v) } }
318
+ version =
319
+ potential_versions.
320
+ find do |v|
321
+ req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
322
+ end
318
323
  raise "No matching version for #{requirements}!" unless version
319
324
 
320
325
  version.to_s
@@ -355,9 +360,14 @@ module Dependabot
355
360
 
356
361
  def initial_platform
357
362
  return {} unless parsed_composer_json["type"] == "library"
358
- return {} unless parsed_composer_json.dig("require", "php")
359
363
 
360
- { "php" => [parsed_composer_json.dig("require", "php")] }
364
+ php_requirements = [
365
+ parsed_composer_json.dig("require", "php"),
366
+ parsed_composer_json.dig("require-dev", "php")
367
+ ].compact
368
+ return {} if php_requirements.empty?
369
+
370
+ { "php" => php_requirements }
361
371
  end
362
372
 
363
373
  def parsed_composer_json
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -255,7 +255,7 @@ module Dependabot
255
255
  version =
256
256
  potential_versions.
257
257
  find do |v|
258
- req_arrays.any? { |reqs| reqs.all? { |r| r.satisfied_by?(v) } }
258
+ req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
259
259
  end
260
260
  raise "No matching version for #{requirements}!" unless version
261
261
 
@@ -278,6 +278,10 @@ module Dependabot
278
278
 
279
279
  def initial_platform
280
280
  return {} unless parsed_composer_file["type"] == "library"
281
+
282
+ # Note: We *don't* include the require-dev PHP version in our initial
283
+ # platform. If we fail to resolve with the PHP version specified in
284
+ # `require` then it will be picked up in a subsequent iteration.
281
285
  return {} unless parsed_composer_file.dig("require", "php")
282
286
 
283
287
  { "php" => [parsed_composer_file.dig("require", "php")] }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.111.21
4
+ version: 0.111.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-20 00:00:00.000000000 Z
11
+ date: 2019-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.111.21
19
+ version: 0.111.22
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.111.21
26
+ version: 0.111.22
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement