dependabot-composer 0.112.13 → 0.112.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +28 -8
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +18 -4
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a0b719288dd5f6a3665d1ea7af743acbcf26045966c46c8fe33d2d8261460ba9
4
- data.tar.gz: 18d1ec9ee8f1e1af15d3404f4f7b3077f82b373a9cf00b7626ea872266fda0df
3
+ metadata.gz: ec045c6643c947a26fd27cd96387d9a4d7bb3a16acfe6c420608451806cbb925
4
+ data.tar.gz: 27408a5151879a65b03ce2c56bf152e4a68d5bc1e28cb636df527838bda22c01
5
5
  SHA512:
6
- metadata.gz: 56ef078a97030517d06442165836949dd1e93bea43811bcc56d75db9d86118d1a5297c53f77a27a3af447f173d87e256d2d9668adb18282b0e05ae054e02d266
7
- data.tar.gz: d94a4440f5140d9cf68e38a298de181f13e8fe7174e73f331bea045d717452db52d5a3f8ee7a6c366f77a6c66fa418a0afe4917ac62990177c4493f238cba9e3
6
+ metadata.gz: df2c112c12f6329b51378924eda9ae6d38c094cc6937fb4c3939f47c8eece6033b91805b122ab3cc9e507dcbf14983af380e7435d3a4d49444fce514bb372319
7
+ data.tar.gz: 82c6456e9a5d8f53cb2b970be143eb0361226be58670a5022baf97e4b2bd29f237720f530011344824cdf162e2bed276e0e3c4015b2105c92fcc026d88012b15
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -126,7 +126,8 @@ module Dependabot
126
126
  # rubocop:disable Metrics/PerceivedComplexity
127
127
  def handle_composer_errors(error)
128
128
  if error.message.include?("package requires php") ||
129
- error.message.include?("requested PHP extension")
129
+ error.message.include?("requested PHP extension") ||
130
+ !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
130
131
  missing_extensions =
131
132
  error.message.scan(MISSING_PLATFORM_REQ_REGEX).
132
133
  map do |extension_string|
@@ -194,6 +195,10 @@ module Dependabot
194
195
  # rubocop:enable Metrics/MethodLength
195
196
  # rubocop:enable Metrics/PerceivedComplexity
196
197
 
198
+ def library?
199
+ parsed_composer_json["type"] == "library"
200
+ end
201
+
197
202
  def write_temporary_dependency_files
198
203
  path_dependencies.each do |file|
199
204
  path = file.name
@@ -411,15 +416,30 @@ module Dependabot
411
416
  end
412
417
 
413
418
  def initial_platform
414
- return {} unless parsed_composer_json["type"] == "library"
419
+ platform_php = parsed_composer_json.dig("config", "platform", "php")
420
+
421
+ platform = {}
422
+ if platform_php.is_a?(String) && requirement_valid?(platform_php)
423
+ platform["php"] = [platform_php]
424
+ end
425
+
426
+ # Note: We *don't* include the require-dev PHP version in our initial
427
+ # platform. If we fail to resolve with the PHP version specified in
428
+ # `require` then it will be picked up in a subsequent iteration.
429
+ requirement_php = parsed_composer_json.dig("require", "php")
430
+ return platform unless requirement_php.is_a?(String)
431
+ return platform unless requirement_valid?(requirement_php)
415
432
 
416
- php_requirements = [
417
- parsed_composer_json.dig("require", "php"),
418
- parsed_composer_json.dig("require-dev", "php")
419
- ].compact
420
- return {} if php_requirements.empty?
433
+ platform["php"] ||= []
434
+ platform["php"] << requirement_php
435
+ platform
436
+ end
421
437
 
422
- { "php" => php_requirements }
438
+ def requirement_valid?(req_string)
439
+ Composer::Requirement.requirements_array(req_string)
440
+ true
441
+ rescue Gem::Requirement::BadRequirementError
442
+ false
423
443
  end
424
444
 
425
445
  def parsed_composer_json
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -219,7 +219,8 @@ module Dependabot
219
219
  error.message.include?("does not allow connections to http://")
220
220
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
221
221
  elsif error.message.include?("package requires php") ||
222
- error.message.include?("requested PHP extension")
222
+ error.message.include?("requested PHP extension") ||
223
+ !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
223
224
  missing_extensions =
224
225
  error.message.scan(MISSING_PLATFORM_REQ_REGEX).
225
226
  map do |extension_string|
@@ -284,6 +285,10 @@ module Dependabot
284
285
  # rubocop:enable Metrics/CyclomaticComplexity
285
286
  # rubocop:enable Metrics/MethodLength
286
287
 
288
+ def library?
289
+ parsed_composer_file["type"] == "library"
290
+ end
291
+
287
292
  def check_original_requirements_resolvable
288
293
  base_directory = dependency_files.first.directory
289
294
  SharedHelpers.in_a_temporary_directory(base_directory) do
@@ -352,14 +357,23 @@ module Dependabot
352
357
  end
353
358
 
354
359
  def initial_platform
355
- return {} unless parsed_composer_file["type"] == "library"
360
+ platform_php = parsed_composer_file.dig("config", "platform", "php")
361
+
362
+ platform = {}
363
+ if platform_php.is_a?(String) && requirement_valid?(platform_php)
364
+ platform["php"] = [platform_php]
365
+ end
356
366
 
357
367
  # Note: We *don't* include the require-dev PHP version in our initial
358
368
  # platform. If we fail to resolve with the PHP version specified in
359
369
  # `require` then it will be picked up in a subsequent iteration.
360
- return {} unless parsed_composer_file.dig("require", "php")
370
+ requirement_php = parsed_composer_file.dig("require", "php")
371
+ return platform unless requirement_php.is_a?(String)
372
+ return platform unless requirement_valid?(requirement_php)
361
373
 
362
- { "php" => [parsed_composer_file.dig("require", "php")] }
374
+ platform["php"] ||= []
375
+ platform["php"] << requirement_php
376
+ platform
363
377
  end
364
378
 
365
379
  def parsed_composer_file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.13
4
+ version: 0.112.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.13
19
+ version: 0.112.14
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.13
26
+ version: 0.112.14
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement