dependabot-composer 0.125.0 → 0.125.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +5 -13
- data/lib/dependabot/composer/metadata_finder.rb +1 -3
- data/lib/dependabot/composer/update_checker.rb +3 -9
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +2 -6
- data/lib/dependabot/composer/update_checker/requirements_updater.rb +1 -3
- data/lib/dependabot/composer/update_checker/version_resolver.rb +4 -10
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6885269253903d23339f9399348f5eb72db9d9a5e1cc1645d0a5e6a926f738b6
|
4
|
+
data.tar.gz: 0c33a7149543c98850e06330f7cbb3b1bf51d3a86099c3d4c7b016fb9f7f6bd0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aa52bfbf08d737f17d1f4633612df6a581717ea1607848669d086b3178bc2e3cc48ce23ae1433b0719f263c4261ae68776d8e09cf152d4593f29b452a22bc62f
|
7
|
+
data.tar.gz: 7bf71319598a3b1ef32c31bf9c46212abee3de312198c61043a7051414a587a87ea768d028baade83862048221e7fee6d0074cc28408a849882b73ee91600b74
|
@@ -65,9 +65,7 @@ module Dependabot
|
|
65
65
|
updated_content = run_update_helper.fetch("composer.lock")
|
66
66
|
|
67
67
|
updated_content = post_process_lockfile(updated_content)
|
68
|
-
if lockfile.content == updated_content
|
69
|
-
raise "Expected content to change!"
|
70
|
-
end
|
68
|
+
raise "Expected content to change!" if lockfile.content == updated_content
|
71
69
|
|
72
70
|
updated_content
|
73
71
|
end
|
@@ -92,7 +90,7 @@ module Dependabot
|
|
92
90
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
93
91
|
SharedHelpers.run_helper_subprocess(
|
94
92
|
command: "php -d memory_limit=-1 #{php_helper_path}",
|
95
|
-
|
93
|
+
allow_unsafe_shell_command: true,
|
96
94
|
function: "update",
|
97
95
|
env: credentials_env,
|
98
96
|
args: [
|
@@ -159,9 +157,7 @@ module Dependabot
|
|
159
157
|
raise MissingExtensions, [missing_extension]
|
160
158
|
end
|
161
159
|
|
162
|
-
if error.message.start_with?("Failed to execute git checkout")
|
163
|
-
raise git_dependency_reference_error(error)
|
164
|
-
end
|
160
|
+
raise git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
|
165
161
|
|
166
162
|
# Special case for Laravel Nova, which will fall back to attempting
|
167
163
|
# to close a private repo if given invalid (or no) credentials
|
@@ -193,9 +189,7 @@ module Dependabot
|
|
193
189
|
raise DependencyFileNotResolvable, error.message
|
194
190
|
end
|
195
191
|
|
196
|
-
if error.message.start_with?("Allowed memory size")
|
197
|
-
raise Dependabot::OutOfMemory
|
198
|
-
end
|
192
|
+
raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
|
199
193
|
|
200
194
|
if error.message.include?("403 Forbidden")
|
201
195
|
source = error.message.match(%r{https?://(?<source>[^/]+)/}).
|
@@ -457,9 +451,7 @@ module Dependabot
|
|
457
451
|
platform_php = parsed_composer_json.dig("config", "platform", "php")
|
458
452
|
|
459
453
|
platform = {}
|
460
|
-
if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
461
|
-
platform["php"] = [platform_php]
|
462
|
-
end
|
454
|
+
platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
463
455
|
|
464
456
|
# Note: We *don't* include the require-dev PHP version in our initial
|
465
457
|
# platform. If we fail to resolve with the PHP version specified in
|
@@ -26,9 +26,7 @@ module Dependabot
|
|
26
26
|
|
27
27
|
def look_up_source_from_packagist
|
28
28
|
return nil if packagist_listing&.fetch("packages", nil) == []
|
29
|
-
unless packagist_listing&.dig("packages", dependency.name.downcase)
|
30
|
-
return nil
|
31
|
-
end
|
29
|
+
return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
|
32
30
|
|
33
31
|
version_listings =
|
34
32
|
packagist_listing["packages"][dependency.name.downcase].
|
@@ -41,9 +41,7 @@ module Dependabot
|
|
41
41
|
def lowest_resolvable_security_fix_version
|
42
42
|
raise "Dependency not vulnerable!" unless vulnerable?
|
43
43
|
|
44
|
-
if defined?(@lowest_resolvable_security_fix_version)
|
45
|
-
return @lowest_resolvable_security_fix_version
|
46
|
-
end
|
44
|
+
return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
|
47
45
|
|
48
46
|
@lowest_resolvable_security_fix_version =
|
49
47
|
fetch_lowest_resolvable_security_fix_version
|
@@ -72,9 +70,7 @@ module Dependabot
|
|
72
70
|
|
73
71
|
def requirements_update_strategy
|
74
72
|
# If passed in as an option (in the base class) honour that option
|
75
|
-
if @requirements_update_strategy
|
76
|
-
return @requirements_update_strategy.to_sym
|
77
|
-
end
|
73
|
+
return @requirements_update_strategy.to_sym if @requirements_update_strategy
|
78
74
|
|
79
75
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
80
76
|
library? ? :widen_ranges : :bump_versions_if_necessary
|
@@ -149,9 +145,7 @@ module Dependabot
|
|
149
145
|
def latest_version_for_git_dependency
|
150
146
|
# If the dependency isn't pinned then we just want to check that it
|
151
147
|
# points to the latest commit on the relevant branch.
|
152
|
-
unless git_commit_checker.pinned?
|
153
|
-
return git_commit_checker.head_commit_for_current_branch
|
154
|
-
end
|
148
|
+
return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
|
155
149
|
|
156
150
|
# If the dependency is pinned to a tag that looks like a version then
|
157
151
|
# we want to update that tag. The latest version will then be the SHA
|
@@ -62,9 +62,7 @@ module Dependabot
|
|
62
62
|
versions_array.
|
63
63
|
reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
|
64
64
|
|
65
|
-
if @raise_on_ignored && filtered.empty? && versions_array.any?
|
66
|
-
raise AllVersionsIgnored
|
67
|
-
end
|
65
|
+
raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
|
68
66
|
|
69
67
|
filtered
|
70
68
|
end
|
@@ -81,9 +79,7 @@ module Dependabot
|
|
81
79
|
|
82
80
|
def wants_prerelease?
|
83
81
|
current_version = dependency.version
|
84
|
-
if current_version && version_class.new(current_version).prerelease?
|
85
|
-
return true
|
86
|
-
end
|
82
|
+
return true if current_version && version_class.new(current_version).prerelease?
|
87
83
|
|
88
84
|
dependency.requirements.any? do |req|
|
89
85
|
req[:requirement].match?(/\d-[A-Za-z]/)
|
@@ -144,9 +144,7 @@ module Dependabot
|
|
144
144
|
def update_version_string(req_string)
|
145
145
|
req_string.
|
146
146
|
sub(VERSION_REGEX) do |old_version|
|
147
|
-
unless req_string.match?(/[~*\^]/)
|
148
|
-
next latest_resolvable_version.to_s
|
149
|
-
end
|
147
|
+
next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
|
150
148
|
|
151
149
|
old_parts = old_version.split(".")
|
152
150
|
new_parts = latest_resolvable_version.to_s.split(".").
|
@@ -125,7 +125,7 @@ module Dependabot
|
|
125
125
|
SharedHelpers.with_git_configured(credentials: credentials) do
|
126
126
|
SharedHelpers.run_helper_subprocess(
|
127
127
|
command: "php -d memory_limit=-1 #{php_helper_path}",
|
128
|
-
|
128
|
+
allow_unsafe_shell_command: true,
|
129
129
|
function: "get_latest_resolvable_version",
|
130
130
|
args: [
|
131
131
|
Dir.pwd,
|
@@ -156,9 +156,7 @@ module Dependabot
|
|
156
156
|
json = JSON.parse(content)
|
157
157
|
|
158
158
|
composer_platform_extensions.each do |extension, requirements|
|
159
|
-
unless version_for_reqs(requirements)
|
160
|
-
raise "No matching version for #{requirements}!"
|
161
|
-
end
|
159
|
+
raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
|
162
160
|
|
163
161
|
json["config"] ||= {}
|
164
162
|
json["config"]["platform"] ||= {}
|
@@ -223,9 +221,7 @@ module Dependabot
|
|
223
221
|
|
224
222
|
# If the original requirement is just a stability flag we append that
|
225
223
|
# flag to the requirement
|
226
|
-
if lower_bound.strip.start_with?("@")
|
227
|
-
return "<=#{latest_allowable_version}#{lower_bound.strip}"
|
228
|
-
end
|
224
|
+
return "<=#{latest_allowable_version}#{lower_bound.strip}" if lower_bound.strip.start_with?("@")
|
229
225
|
|
230
226
|
lower_bound + ", <= #{latest_allowable_version}"
|
231
227
|
end
|
@@ -439,9 +435,7 @@ module Dependabot
|
|
439
435
|
platform_php = parsed_composer_file.dig("config", "platform", "php")
|
440
436
|
|
441
437
|
platform = {}
|
442
|
-
if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
443
|
-
platform["php"] = [platform_php]
|
444
|
-
end
|
438
|
+
platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
|
445
439
|
|
446
440
|
# Note: We *don't* include the require-dev PHP version in our initial
|
447
441
|
# platform. If we fail to resolve with the PHP version specified in
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.125.
|
4
|
+
version: 0.125.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.125.
|
19
|
+
version: 0.125.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.125.
|
26
|
+
version: 0.125.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|