dependabot-composer 0.124.5 → 0.125.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f254c89055bf3ee41ea44cc048cc501e008bf141d5f23d838481d7c3e9675207
-  data.tar.gz: bbcab05269df834b3ae3ef3395052ce257cd4386485ddba550982e390ce576a4
+  metadata.gz: 6885269253903d23339f9399348f5eb72db9d9a5e1cc1645d0a5e6a926f738b6
+  data.tar.gz: 0c33a7149543c98850e06330f7cbb3b1bf51d3a86099c3d4c7b016fb9f7f6bd0
 SHA512:
-  metadata.gz: 41e611bb0536ffd76f87392cff8338f16900e9e10261ef3049bf0b2cbd3dcda272bdc4abb3de2dc68cfccd8590b0696f1665368829cf7dfc0964ea4dbe72c438
-  data.tar.gz: e8dc6ef9018bfa9329c34f663012320662c33c54488b1527c1cd15a0358bf295cd04ffb4c7688f43376e00a657f4571e4a4867b72070bcac60a284a0db2b16c5
+  metadata.gz: aa52bfbf08d737f17d1f4633612df6a581717ea1607848669d086b3178bc2e3cc48ce23ae1433b0719f263c4261ae68776d8e09cf152d4593f29b452a22bc62f
+  data.tar.gz: 7bf71319598a3b1ef32c31bf9c46212abee3de312198c61043a7051414a587a87ea768d028baade83862048221e7fee6d0074cc28408a849882b73ee91600b74

data/helpers/bin/run

@@ -11,25 +11,25 @@ require __DIR__ . '/../vendor/autoload.php';
 // and an `args` method, as passed in by UpdateCheckers::Php
 $request = json_decode(file_get_contents('php://stdin'), true);
 
-// Increase the default memory limit the same way Composer does (but clearer)
-if (function_exists('ini_set')) {
-    $memoryInBytes = function ($value) {
-        $unit = strtolower(substr($value, -1, 1));
-        $value = (int) $value;
-        if ($unit == 'g') {
-            $value *= (1024 * 1024 * 1024);
-        } elseif ($unit == 'm') {
-            $value *= (1024 * 1024);
-        } elseif ($unit == 'k') {
-            $value *= 1024;
-        }
+function memoryInBytes($value) {
+    $unit = strtolower(substr($value, -1, 1));
+    $value = (int) $value;
+    if ($unit == 'g') {
+        $value *= (1024 * 1024 * 1024);
+    } elseif ($unit == 'm') {
+        $value *= (1024 * 1024);
+    } elseif ($unit == 'k') {
+        $value *= 1024;
+    }
 
-        return $value;
-    };
+    return $value;
+}
 
+// Increase the default memory limit the same way Composer does (but clearer)
+if (function_exists('ini_set')) {
     $memoryLimit = trim(ini_get('memory_limit'));
     // Increase memory_limit if it is lower than 1900MB
-    if ($memoryLimit != -1 && $memoryInBytes($memoryLimit) < 1024 * 1024 * 1900) {
+    if ($memoryLimit != -1 && memoryInBytes($memoryLimit) < 1024 * 1024 * 1900) {
         @ini_set('memory_limit', '1900M');
     }
 
@@ -54,6 +54,10 @@ register_shutdown_function(function (): void {
     }
 });
 
+if ($memoryAlloc = getenv('DEPENDABOT_TEST_MEMORY_ALLOCATION')) {
+    str_repeat('*', memoryInBytes($memoryAlloc));
+}
+
 try {
     switch ($request['function']) {
         case 'update':

data/helpers/composer.lock

@@ -1854,16 +1854,16 @@
         },
         {
             "name": "phpstan/phpstan",
-            "version": "0.12.49",
+            "version": "0.12.53",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpstan.git",
-                "reference": "9a6136c2b39d5214da78de37128d5fe08e5d5b05"
+                "reference": "dbbdb0d7c2434ecd5289f6114d16473e694caa67"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpstan/zipball/9a6136c2b39d5214da78de37128d5fe08e5d5b05",
-                "reference": "9a6136c2b39d5214da78de37128d5fe08e5d5b05",
+                "url": "https://api.github.com/repos/phpstan/phpstan/zipball/dbbdb0d7c2434ecd5289f6114d16473e694caa67",
+                "reference": "dbbdb0d7c2434ecd5289f6114d16473e694caa67",
                 "shasum": ""
             },
             "require": {
@@ -1906,7 +1906,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2020-10-12T14:10:44+00:00"
+            "time": "2020-11-01T14:51:50+00:00"
         },
         {
             "name": "psr/event-dispatcher",

data/lib/dependabot/composer/file_updater/lockfile_updater.rb

@@ -65,9 +65,7 @@ module Dependabot
             updated_content = run_update_helper.fetch("composer.lock")
 
             updated_content = post_process_lockfile(updated_content)
-            if lockfile.content == updated_content
-              raise "Expected content to change!"
-            end
+            raise "Expected content to change!" if lockfile.content == updated_content
 
             updated_content
           end
@@ -92,7 +90,7 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             SharedHelpers.run_helper_subprocess(
               command: "php -d memory_limit=-1 #{php_helper_path}",
-              escape_command_str: false,
+              allow_unsafe_shell_command: true,
               function: "update",
               env: credentials_env,
               args: [
@@ -159,9 +157,7 @@ module Dependabot
             raise MissingExtensions, [missing_extension]
           end
 
-          if error.message.start_with?("Failed to execute git checkout")
-            raise git_dependency_reference_error(error)
-          end
+          raise git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
 
           # Special case for Laravel Nova, which will fall back to attempting
           # to close a private repo if given invalid (or no) credentials
@@ -193,9 +189,7 @@ module Dependabot
             raise DependencyFileNotResolvable, error.message
           end
 
-          if error.message.start_with?("Allowed memory size")
-            raise Dependabot::OutOfMemory
-          end
+          raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
 
           if error.message.include?("403 Forbidden")
             source = error.message.match(%r{https?://(?<source>[^/]+)/}).
@@ -457,9 +451,7 @@ module Dependabot
           platform_php = parsed_composer_json.dig("config", "platform", "php")
 
           platform = {}
-          if platform_php.is_a?(String) && requirement_valid?(platform_php)
-            platform["php"] = [platform_php]
-          end
+          platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
 
           # Note: We *don't* include the require-dev PHP version in our initial
           # platform. If we fail to resolve with the PHP version specified in

data/lib/dependabot/composer/metadata_finder.rb

@@ -26,9 +26,7 @@ module Dependabot
 
       def look_up_source_from_packagist
         return nil if packagist_listing&.fetch("packages", nil) == []
-        unless packagist_listing&.dig("packages", dependency.name.downcase)
-          return nil
-        end
+        return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
 
         version_listings =
           packagist_listing["packages"][dependency.name.downcase].

data/lib/dependabot/composer/update_checker.rb

@@ -41,9 +41,7 @@ module Dependabot
       def lowest_resolvable_security_fix_version
         raise "Dependency not vulnerable!" unless vulnerable?
 
-        if defined?(@lowest_resolvable_security_fix_version)
-          return @lowest_resolvable_security_fix_version
-        end
+        return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
 
         @lowest_resolvable_security_fix_version =
           fetch_lowest_resolvable_security_fix_version
@@ -72,9 +70,7 @@ module Dependabot
 
       def requirements_update_strategy
         # If passed in as an option (in the base class) honour that option
-        if @requirements_update_strategy
-          return @requirements_update_strategy.to_sym
-        end
+        return @requirements_update_strategy.to_sym if @requirements_update_strategy
 
         # Otherwise, widen ranges for libraries and bump versions for apps
         library? ? :widen_ranges : :bump_versions_if_necessary
@@ -149,9 +145,7 @@ module Dependabot
       def latest_version_for_git_dependency
         # If the dependency isn't pinned then we just want to check that it
         # points to the latest commit on the relevant branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
+        return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA

data/lib/dependabot/composer/update_checker/latest_version_finder.rb

@@ -62,9 +62,7 @@ module Dependabot
             versions_array.
             reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
 
-          if @raise_on_ignored && filtered.empty? && versions_array.any?
-            raise AllVersionsIgnored
-          end
+          raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
 
           filtered
         end
@@ -81,9 +79,7 @@ module Dependabot
 
         def wants_prerelease?
           current_version = dependency.version
-          if current_version && version_class.new(current_version).prerelease?
-            return true
-          end
+          return true if current_version && version_class.new(current_version).prerelease?
 
           dependency.requirements.any? do |req|
             req[:requirement].match?(/\d-[A-Za-z]/)

data/lib/dependabot/composer/update_checker/requirements_updater.rb

@@ -144,9 +144,7 @@ module Dependabot
         def update_version_string(req_string)
           req_string.
             sub(VERSION_REGEX) do |old_version|
-              unless req_string.match?(/[~*\^]/)
-                next latest_resolvable_version.to_s
-              end
+              next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
 
               old_parts = old_version.split(".")
               new_parts = latest_resolvable_version.to_s.split(".").

data/lib/dependabot/composer/update_checker/version_resolver.rb

@@ -125,7 +125,7 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             SharedHelpers.run_helper_subprocess(
               command: "php -d memory_limit=-1 #{php_helper_path}",
-              escape_command_str: false,
+              allow_unsafe_shell_command: true,
               function: "get_latest_resolvable_version",
               args: [
                 Dir.pwd,
@@ -156,9 +156,7 @@ module Dependabot
           json = JSON.parse(content)
 
           composer_platform_extensions.each do |extension, requirements|
-            unless version_for_reqs(requirements)
-              raise "No matching version for #{requirements}!"
-            end
+            raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
 
             json["config"] ||= {}
             json["config"]["platform"] ||= {}
@@ -223,9 +221,7 @@ module Dependabot
 
           # If the original requirement is just a stability flag we append that
           # flag to the requirement
-          if lower_bound.strip.start_with?("@")
-            return "<=#{latest_allowable_version}#{lower_bound.strip}"
-          end
+          return "<=#{latest_allowable_version}#{lower_bound.strip}" if lower_bound.strip.start_with?("@")
 
           lower_bound + ", <= #{latest_allowable_version}"
         end
@@ -320,6 +316,10 @@ module Dependabot
           elsif error.message.start_with?("Allowed memory size") ||
                 error.message.start_with?("Out of memory")
             raise Dependabot::OutOfMemory
+          elsif error.error_context[:process_termsig] ==
+                Dependabot::SharedHelpers::SIGKILL
+            # If the helper was SIGKILL-ed, assume the OOMKiller did it
+            raise Dependabot::OutOfMemory
           elsif error.message.start_with?("Package not found in updated") &&
                 !dependency.top_level?
             # If we can't find the dependency in the composer.lock after an
@@ -435,9 +435,7 @@ module Dependabot
           platform_php = parsed_composer_file.dig("config", "platform", "php")
 
           platform = {}
-          if platform_php.is_a?(String) && requirement_valid?(platform_php)
-            platform["php"] = [platform_php]
-          end
+          platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
 
           # Note: We *don't* include the require-dev PHP version in our initial
           # platform. If we fail to resolve with the PHP version specified in

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.124.5
+  version: 0.125.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-30 00:00:00.000000000 Z
+date: 2020-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.5
+        version: 0.125.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.124.5
+        version: 0.125.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement