dependabot-composer 0.125.0 → 0.125.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 89424b97e7fe4cd7b4deed7e17d5daedc91a3a4bdb678434f5a68480c2e59094
-  data.tar.gz: 3c20c798d8f51f1ff9a3c294d215350eb3bfe221dc915b8842db2791f829d7ee
+  metadata.gz: 6885269253903d23339f9399348f5eb72db9d9a5e1cc1645d0a5e6a926f738b6
+  data.tar.gz: 0c33a7149543c98850e06330f7cbb3b1bf51d3a86099c3d4c7b016fb9f7f6bd0
 SHA512:
-  metadata.gz: 6b11054ecfd23a20c426f39a5e5e2fbdcd994f8b25779aa0201176fbb7dfaae74e82a6d9a121c354691a7f808b51d675cb3e29d0bf907d7dc4e6c8bd64a49350
-  data.tar.gz: 5b74ccdbc6bf5ba2f0b6af7c7f7e34a51cfba792996dc5af74ee9e2e2df7c1cd2f2e5af0acaa0323b4f9df05f620a78435af0560269ed4705f4de08c4162b72a
+  metadata.gz: aa52bfbf08d737f17d1f4633612df6a581717ea1607848669d086b3178bc2e3cc48ce23ae1433b0719f263c4261ae68776d8e09cf152d4593f29b452a22bc62f
+  data.tar.gz: 7bf71319598a3b1ef32c31bf9c46212abee3de312198c61043a7051414a587a87ea768d028baade83862048221e7fee6d0074cc28408a849882b73ee91600b74

data/lib/dependabot/composer/file_updater/lockfile_updater.rb

@@ -65,9 +65,7 @@ module Dependabot
             updated_content = run_update_helper.fetch("composer.lock")
 
             updated_content = post_process_lockfile(updated_content)
-            if lockfile.content == updated_content
-              raise "Expected content to change!"
-            end
+            raise "Expected content to change!" if lockfile.content == updated_content
 
             updated_content
           end
@@ -92,7 +90,7 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             SharedHelpers.run_helper_subprocess(
               command: "php -d memory_limit=-1 #{php_helper_path}",
-              escape_command_str: false,
+              allow_unsafe_shell_command: true,
               function: "update",
               env: credentials_env,
               args: [
@@ -159,9 +157,7 @@ module Dependabot
             raise MissingExtensions, [missing_extension]
           end
 
-          if error.message.start_with?("Failed to execute git checkout")
-            raise git_dependency_reference_error(error)
-          end
+          raise git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
 
           # Special case for Laravel Nova, which will fall back to attempting
           # to close a private repo if given invalid (or no) credentials
@@ -193,9 +189,7 @@ module Dependabot
             raise DependencyFileNotResolvable, error.message
           end
 
-          if error.message.start_with?("Allowed memory size")
-            raise Dependabot::OutOfMemory
-          end
+          raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
 
           if error.message.include?("403 Forbidden")
             source = error.message.match(%r{https?://(?<source>[^/]+)/}).
@@ -457,9 +451,7 @@ module Dependabot
           platform_php = parsed_composer_json.dig("config", "platform", "php")
 
           platform = {}
-          if platform_php.is_a?(String) && requirement_valid?(platform_php)
-            platform["php"] = [platform_php]
-          end
+          platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
 
           # Note: We *don't* include the require-dev PHP version in our initial
           # platform. If we fail to resolve with the PHP version specified in

data/lib/dependabot/composer/metadata_finder.rb

@@ -26,9 +26,7 @@ module Dependabot
 
       def look_up_source_from_packagist
         return nil if packagist_listing&.fetch("packages", nil) == []
-        unless packagist_listing&.dig("packages", dependency.name.downcase)
-          return nil
-        end
+        return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
 
         version_listings =
           packagist_listing["packages"][dependency.name.downcase].

data/lib/dependabot/composer/update_checker.rb

@@ -41,9 +41,7 @@ module Dependabot
       def lowest_resolvable_security_fix_version
         raise "Dependency not vulnerable!" unless vulnerable?
 
-        if defined?(@lowest_resolvable_security_fix_version)
-          return @lowest_resolvable_security_fix_version
-        end
+        return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
 
         @lowest_resolvable_security_fix_version =
           fetch_lowest_resolvable_security_fix_version
@@ -72,9 +70,7 @@ module Dependabot
 
       def requirements_update_strategy
         # If passed in as an option (in the base class) honour that option
-        if @requirements_update_strategy
-          return @requirements_update_strategy.to_sym
-        end
+        return @requirements_update_strategy.to_sym if @requirements_update_strategy
 
         # Otherwise, widen ranges for libraries and bump versions for apps
         library? ? :widen_ranges : :bump_versions_if_necessary
@@ -149,9 +145,7 @@ module Dependabot
       def latest_version_for_git_dependency
         # If the dependency isn't pinned then we just want to check that it
         # points to the latest commit on the relevant branch.
-        unless git_commit_checker.pinned?
-          return git_commit_checker.head_commit_for_current_branch
-        end
+        return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
 
         # If the dependency is pinned to a tag that looks like a version then
         # we want to update that tag. The latest version will then be the SHA

data/lib/dependabot/composer/update_checker/latest_version_finder.rb

@@ -62,9 +62,7 @@ module Dependabot
             versions_array.
             reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
 
-          if @raise_on_ignored && filtered.empty? && versions_array.any?
-            raise AllVersionsIgnored
-          end
+          raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
 
           filtered
         end
@@ -81,9 +79,7 @@ module Dependabot
 
         def wants_prerelease?
           current_version = dependency.version
-          if current_version && version_class.new(current_version).prerelease?
-            return true
-          end
+          return true if current_version && version_class.new(current_version).prerelease?
 
           dependency.requirements.any? do |req|
             req[:requirement].match?(/\d-[A-Za-z]/)

data/lib/dependabot/composer/update_checker/requirements_updater.rb

@@ -144,9 +144,7 @@ module Dependabot
         def update_version_string(req_string)
           req_string.
             sub(VERSION_REGEX) do |old_version|
-              unless req_string.match?(/[~*\^]/)
-                next latest_resolvable_version.to_s
-              end
+              next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
 
               old_parts = old_version.split(".")
               new_parts = latest_resolvable_version.to_s.split(".").

data/lib/dependabot/composer/update_checker/version_resolver.rb

@@ -125,7 +125,7 @@ module Dependabot
           SharedHelpers.with_git_configured(credentials: credentials) do
             SharedHelpers.run_helper_subprocess(
               command: "php -d memory_limit=-1 #{php_helper_path}",
-              escape_command_str: false,
+              allow_unsafe_shell_command: true,
               function: "get_latest_resolvable_version",
               args: [
                 Dir.pwd,
@@ -156,9 +156,7 @@ module Dependabot
           json = JSON.parse(content)
 
           composer_platform_extensions.each do |extension, requirements|
-            unless version_for_reqs(requirements)
-              raise "No matching version for #{requirements}!"
-            end
+            raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
 
             json["config"] ||= {}
             json["config"]["platform"] ||= {}
@@ -223,9 +221,7 @@ module Dependabot
 
           # If the original requirement is just a stability flag we append that
           # flag to the requirement
-          if lower_bound.strip.start_with?("@")
-            return "<=#{latest_allowable_version}#{lower_bound.strip}"
-          end
+          return "<=#{latest_allowable_version}#{lower_bound.strip}" if lower_bound.strip.start_with?("@")
 
           lower_bound + ", <= #{latest_allowable_version}"
         end
@@ -439,9 +435,7 @@ module Dependabot
           platform_php = parsed_composer_file.dig("config", "platform", "php")
 
           platform = {}
-          if platform_php.is_a?(String) && requirement_valid?(platform_php)
-            platform["php"] = [platform_php]
-          end
+          platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
 
           # Note: We *don't* include the require-dev PHP version in our initial
           # platform. If we fail to resolve with the PHP version specified in

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.125.0
+  version: 0.125.1
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.125.0
+        version: 0.125.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement