dependabot-composer 0.124.5 → 0.125.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/bin/run +19 -15
- data/helpers/composer.lock +5 -5
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +5 -13
- data/lib/dependabot/composer/metadata_finder.rb +1 -3
- data/lib/dependabot/composer/update_checker.rb +3 -9
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/composer/update_checker/requirements_updater.rb +1 -3
- data/lib/dependabot/composer/update_checker/version_resolver.rb +8 -10
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6885269253903d23339f9399348f5eb72db9d9a5e1cc1645d0a5e6a926f738b6
|
|
4
|
+
data.tar.gz: 0c33a7149543c98850e06330f7cbb3b1bf51d3a86099c3d4c7b016fb9f7f6bd0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aa52bfbf08d737f17d1f4633612df6a581717ea1607848669d086b3178bc2e3cc48ce23ae1433b0719f263c4261ae68776d8e09cf152d4593f29b452a22bc62f
|
|
7
|
+
data.tar.gz: 7bf71319598a3b1ef32c31bf9c46212abee3de312198c61043a7051414a587a87ea768d028baade83862048221e7fee6d0074cc28408a849882b73ee91600b74
|
data/helpers/bin/run
CHANGED
|
@@ -11,25 +11,25 @@ require __DIR__ . '/../vendor/autoload.php';
|
|
|
11
11
|
// and an `args` method, as passed in by UpdateCheckers::Php
|
|
12
12
|
$request = json_decode(file_get_contents('php://stdin'), true);
|
|
13
13
|
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
$
|
|
17
|
-
|
|
18
|
-
$value
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
$value *= 1024;
|
|
25
|
-
}
|
|
14
|
+
function memoryInBytes($value) {
|
|
15
|
+
$unit = strtolower(substr($value, -1, 1));
|
|
16
|
+
$value = (int) $value;
|
|
17
|
+
if ($unit == 'g') {
|
|
18
|
+
$value *= (1024 * 1024 * 1024);
|
|
19
|
+
} elseif ($unit == 'm') {
|
|
20
|
+
$value *= (1024 * 1024);
|
|
21
|
+
} elseif ($unit == 'k') {
|
|
22
|
+
$value *= 1024;
|
|
23
|
+
}
|
|
26
24
|
|
|
27
|
-
|
|
28
|
-
|
|
25
|
+
return $value;
|
|
26
|
+
}
|
|
29
27
|
|
|
28
|
+
// Increase the default memory limit the same way Composer does (but clearer)
|
|
29
|
+
if (function_exists('ini_set')) {
|
|
30
30
|
$memoryLimit = trim(ini_get('memory_limit'));
|
|
31
31
|
// Increase memory_limit if it is lower than 1900MB
|
|
32
|
-
if ($memoryLimit != -1 &&
|
|
32
|
+
if ($memoryLimit != -1 && memoryInBytes($memoryLimit) < 1024 * 1024 * 1900) {
|
|
33
33
|
@ini_set('memory_limit', '1900M');
|
|
34
34
|
}
|
|
35
35
|
|
|
@@ -54,6 +54,10 @@ register_shutdown_function(function (): void {
|
|
|
54
54
|
}
|
|
55
55
|
});
|
|
56
56
|
|
|
57
|
+
if ($memoryAlloc = getenv('DEPENDABOT_TEST_MEMORY_ALLOCATION')) {
|
|
58
|
+
str_repeat('*', memoryInBytes($memoryAlloc));
|
|
59
|
+
}
|
|
60
|
+
|
|
57
61
|
try {
|
|
58
62
|
switch ($request['function']) {
|
|
59
63
|
case 'update':
|
data/helpers/composer.lock
CHANGED
|
@@ -1854,16 +1854,16 @@
|
|
|
1854
1854
|
},
|
|
1855
1855
|
{
|
|
1856
1856
|
"name": "phpstan/phpstan",
|
|
1857
|
-
"version": "0.12.
|
|
1857
|
+
"version": "0.12.53",
|
|
1858
1858
|
"source": {
|
|
1859
1859
|
"type": "git",
|
|
1860
1860
|
"url": "https://github.com/phpstan/phpstan.git",
|
|
1861
|
-
"reference": "
|
|
1861
|
+
"reference": "dbbdb0d7c2434ecd5289f6114d16473e694caa67"
|
|
1862
1862
|
},
|
|
1863
1863
|
"dist": {
|
|
1864
1864
|
"type": "zip",
|
|
1865
|
-
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/
|
|
1866
|
-
"reference": "
|
|
1865
|
+
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/dbbdb0d7c2434ecd5289f6114d16473e694caa67",
|
|
1866
|
+
"reference": "dbbdb0d7c2434ecd5289f6114d16473e694caa67",
|
|
1867
1867
|
"shasum": ""
|
|
1868
1868
|
},
|
|
1869
1869
|
"require": {
|
|
@@ -1906,7 +1906,7 @@
|
|
|
1906
1906
|
"type": "tidelift"
|
|
1907
1907
|
}
|
|
1908
1908
|
],
|
|
1909
|
-
"time": "2020-
|
|
1909
|
+
"time": "2020-11-01T14:51:50+00:00"
|
|
1910
1910
|
},
|
|
1911
1911
|
{
|
|
1912
1912
|
"name": "psr/event-dispatcher",
|
|
@@ -65,9 +65,7 @@ module Dependabot
|
|
|
65
65
|
updated_content = run_update_helper.fetch("composer.lock")
|
|
66
66
|
|
|
67
67
|
updated_content = post_process_lockfile(updated_content)
|
|
68
|
-
if lockfile.content == updated_content
|
|
69
|
-
raise "Expected content to change!"
|
|
70
|
-
end
|
|
68
|
+
raise "Expected content to change!" if lockfile.content == updated_content
|
|
71
69
|
|
|
72
70
|
updated_content
|
|
73
71
|
end
|
|
@@ -92,7 +90,7 @@ module Dependabot
|
|
|
92
90
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
93
91
|
SharedHelpers.run_helper_subprocess(
|
|
94
92
|
command: "php -d memory_limit=-1 #{php_helper_path}",
|
|
95
|
-
|
|
93
|
+
allow_unsafe_shell_command: true,
|
|
96
94
|
function: "update",
|
|
97
95
|
env: credentials_env,
|
|
98
96
|
args: [
|
|
@@ -159,9 +157,7 @@ module Dependabot
|
|
|
159
157
|
raise MissingExtensions, [missing_extension]
|
|
160
158
|
end
|
|
161
159
|
|
|
162
|
-
if error.message.start_with?("Failed to execute git checkout")
|
|
163
|
-
raise git_dependency_reference_error(error)
|
|
164
|
-
end
|
|
160
|
+
raise git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
|
|
165
161
|
|
|
166
162
|
# Special case for Laravel Nova, which will fall back to attempting
|
|
167
163
|
# to close a private repo if given invalid (or no) credentials
|
|
@@ -193,9 +189,7 @@ module Dependabot
|
|
|
193
189
|
raise DependencyFileNotResolvable, error.message
|
|
194
190
|
end
|
|
195
191
|
|
|
196
|
-
if error.message.start_with?("Allowed memory size")
|
|
197
|
-
raise Dependabot::OutOfMemory
|
|
198
|
-
end
|
|
192
|
+
raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
|
|
199
193
|
|
|
200
194
|
if error.message.include?("403 Forbidden")
|
|
201
195
|
source = error.message.match(%r{https?://(?<source>[^/]+)/}).
|
|
@@ -457,9 +451,7 @@ module Dependabot
|
|
|
457
451
|
platform_php = parsed_composer_json.dig("config", "platform", "php")
|
|
458
452
|
|
|
459
453
|
platform = {}
|
|
460
|
-
if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
|
461
|
-
platform["php"] = [platform_php]
|
|
462
|
-
end
|
|
454
|
+
platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
|
463
455
|
|
|
464
456
|
# Note: We *don't* include the require-dev PHP version in our initial
|
|
465
457
|
# platform. If we fail to resolve with the PHP version specified in
|
|
@@ -26,9 +26,7 @@ module Dependabot
|
|
|
26
26
|
|
|
27
27
|
def look_up_source_from_packagist
|
|
28
28
|
return nil if packagist_listing&.fetch("packages", nil) == []
|
|
29
|
-
unless packagist_listing&.dig("packages", dependency.name.downcase)
|
|
30
|
-
return nil
|
|
31
|
-
end
|
|
29
|
+
return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
|
|
32
30
|
|
|
33
31
|
version_listings =
|
|
34
32
|
packagist_listing["packages"][dependency.name.downcase].
|
|
@@ -41,9 +41,7 @@ module Dependabot
|
|
|
41
41
|
def lowest_resolvable_security_fix_version
|
|
42
42
|
raise "Dependency not vulnerable!" unless vulnerable?
|
|
43
43
|
|
|
44
|
-
if defined?(@lowest_resolvable_security_fix_version)
|
|
45
|
-
return @lowest_resolvable_security_fix_version
|
|
46
|
-
end
|
|
44
|
+
return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
|
|
47
45
|
|
|
48
46
|
@lowest_resolvable_security_fix_version =
|
|
49
47
|
fetch_lowest_resolvable_security_fix_version
|
|
@@ -72,9 +70,7 @@ module Dependabot
|
|
|
72
70
|
|
|
73
71
|
def requirements_update_strategy
|
|
74
72
|
# If passed in as an option (in the base class) honour that option
|
|
75
|
-
if @requirements_update_strategy
|
|
76
|
-
return @requirements_update_strategy.to_sym
|
|
77
|
-
end
|
|
73
|
+
return @requirements_update_strategy.to_sym if @requirements_update_strategy
|
|
78
74
|
|
|
79
75
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
80
76
|
library? ? :widen_ranges : :bump_versions_if_necessary
|
|
@@ -149,9 +145,7 @@ module Dependabot
|
|
|
149
145
|
def latest_version_for_git_dependency
|
|
150
146
|
# If the dependency isn't pinned then we just want to check that it
|
|
151
147
|
# points to the latest commit on the relevant branch.
|
|
152
|
-
unless git_commit_checker.pinned?
|
|
153
|
-
return git_commit_checker.head_commit_for_current_branch
|
|
154
|
-
end
|
|
148
|
+
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
|
155
149
|
|
|
156
150
|
# If the dependency is pinned to a tag that looks like a version then
|
|
157
151
|
# we want to update that tag. The latest version will then be the SHA
|
|
@@ -62,9 +62,7 @@ module Dependabot
|
|
|
62
62
|
versions_array.
|
|
63
63
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
|
64
64
|
|
|
65
|
-
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
66
|
-
raise AllVersionsIgnored
|
|
67
|
-
end
|
|
65
|
+
raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
|
68
66
|
|
|
69
67
|
filtered
|
|
70
68
|
end
|
|
@@ -81,9 +79,7 @@ module Dependabot
|
|
|
81
79
|
|
|
82
80
|
def wants_prerelease?
|
|
83
81
|
current_version = dependency.version
|
|
84
|
-
if current_version && version_class.new(current_version).prerelease?
|
|
85
|
-
return true
|
|
86
|
-
end
|
|
82
|
+
return true if current_version && version_class.new(current_version).prerelease?
|
|
87
83
|
|
|
88
84
|
dependency.requirements.any? do |req|
|
|
89
85
|
req[:requirement].match?(/\d-[A-Za-z]/)
|
|
@@ -144,9 +144,7 @@ module Dependabot
|
|
|
144
144
|
def update_version_string(req_string)
|
|
145
145
|
req_string.
|
|
146
146
|
sub(VERSION_REGEX) do |old_version|
|
|
147
|
-
unless req_string.match?(/[~*\^]/)
|
|
148
|
-
next latest_resolvable_version.to_s
|
|
149
|
-
end
|
|
147
|
+
next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
|
|
150
148
|
|
|
151
149
|
old_parts = old_version.split(".")
|
|
152
150
|
new_parts = latest_resolvable_version.to_s.split(".").
|
|
@@ -125,7 +125,7 @@ module Dependabot
|
|
|
125
125
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
|
126
126
|
SharedHelpers.run_helper_subprocess(
|
|
127
127
|
command: "php -d memory_limit=-1 #{php_helper_path}",
|
|
128
|
-
|
|
128
|
+
allow_unsafe_shell_command: true,
|
|
129
129
|
function: "get_latest_resolvable_version",
|
|
130
130
|
args: [
|
|
131
131
|
Dir.pwd,
|
|
@@ -156,9 +156,7 @@ module Dependabot
|
|
|
156
156
|
json = JSON.parse(content)
|
|
157
157
|
|
|
158
158
|
composer_platform_extensions.each do |extension, requirements|
|
|
159
|
-
unless version_for_reqs(requirements)
|
|
160
|
-
raise "No matching version for #{requirements}!"
|
|
161
|
-
end
|
|
159
|
+
raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
|
|
162
160
|
|
|
163
161
|
json["config"] ||= {}
|
|
164
162
|
json["config"]["platform"] ||= {}
|
|
@@ -223,9 +221,7 @@ module Dependabot
|
|
|
223
221
|
|
|
224
222
|
# If the original requirement is just a stability flag we append that
|
|
225
223
|
# flag to the requirement
|
|
226
|
-
if lower_bound.strip.start_with?("@")
|
|
227
|
-
return "<=#{latest_allowable_version}#{lower_bound.strip}"
|
|
228
|
-
end
|
|
224
|
+
return "<=#{latest_allowable_version}#{lower_bound.strip}" if lower_bound.strip.start_with?("@")
|
|
229
225
|
|
|
230
226
|
lower_bound + ", <= #{latest_allowable_version}"
|
|
231
227
|
end
|
|
@@ -320,6 +316,10 @@ module Dependabot
|
|
|
320
316
|
elsif error.message.start_with?("Allowed memory size") ||
|
|
321
317
|
error.message.start_with?("Out of memory")
|
|
322
318
|
raise Dependabot::OutOfMemory
|
|
319
|
+
elsif error.error_context[:process_termsig] ==
|
|
320
|
+
Dependabot::SharedHelpers::SIGKILL
|
|
321
|
+
# If the helper was SIGKILL-ed, assume the OOMKiller did it
|
|
322
|
+
raise Dependabot::OutOfMemory
|
|
323
323
|
elsif error.message.start_with?("Package not found in updated") &&
|
|
324
324
|
!dependency.top_level?
|
|
325
325
|
# If we can't find the dependency in the composer.lock after an
|
|
@@ -435,9 +435,7 @@ module Dependabot
|
|
|
435
435
|
platform_php = parsed_composer_file.dig("config", "platform", "php")
|
|
436
436
|
|
|
437
437
|
platform = {}
|
|
438
|
-
if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
|
439
|
-
platform["php"] = [platform_php]
|
|
440
|
-
end
|
|
438
|
+
platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
|
441
439
|
|
|
442
440
|
# Note: We *don't* include the require-dev PHP version in our initial
|
|
443
441
|
# platform. If we fail to resolve with the PHP version specified in
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.125.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-11-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.125.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.125.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|