dependabot-composer 0.125.0 → 0.125.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89424b97e7fe4cd7b4deed7e17d5daedc91a3a4bdb678434f5a68480c2e59094
4
- data.tar.gz: 3c20c798d8f51f1ff9a3c294d215350eb3bfe221dc915b8842db2791f829d7ee
3
+ metadata.gz: 6885269253903d23339f9399348f5eb72db9d9a5e1cc1645d0a5e6a926f738b6
4
+ data.tar.gz: 0c33a7149543c98850e06330f7cbb3b1bf51d3a86099c3d4c7b016fb9f7f6bd0
5
5
  SHA512:
6
- metadata.gz: 6b11054ecfd23a20c426f39a5e5e2fbdcd994f8b25779aa0201176fbb7dfaae74e82a6d9a121c354691a7f808b51d675cb3e29d0bf907d7dc4e6c8bd64a49350
7
- data.tar.gz: 5b74ccdbc6bf5ba2f0b6af7c7f7e34a51cfba792996dc5af74ee9e2e2df7c1cd2f2e5af0acaa0323b4f9df05f620a78435af0560269ed4705f4de08c4162b72a
6
+ metadata.gz: aa52bfbf08d737f17d1f4633612df6a581717ea1607848669d086b3178bc2e3cc48ce23ae1433b0719f263c4261ae68776d8e09cf152d4593f29b452a22bc62f
7
+ data.tar.gz: 7bf71319598a3b1ef32c31bf9c46212abee3de312198c61043a7051414a587a87ea768d028baade83862048221e7fee6d0074cc28408a849882b73ee91600b74
@@ -65,9 +65,7 @@ module Dependabot
65
65
  updated_content = run_update_helper.fetch("composer.lock")
66
66
 
67
67
  updated_content = post_process_lockfile(updated_content)
68
- if lockfile.content == updated_content
69
- raise "Expected content to change!"
70
- end
68
+ raise "Expected content to change!" if lockfile.content == updated_content
71
69
 
72
70
  updated_content
73
71
  end
@@ -92,7 +90,7 @@ module Dependabot
92
90
  SharedHelpers.with_git_configured(credentials: credentials) do
93
91
  SharedHelpers.run_helper_subprocess(
94
92
  command: "php -d memory_limit=-1 #{php_helper_path}",
95
- escape_command_str: false,
93
+ allow_unsafe_shell_command: true,
96
94
  function: "update",
97
95
  env: credentials_env,
98
96
  args: [
@@ -159,9 +157,7 @@ module Dependabot
159
157
  raise MissingExtensions, [missing_extension]
160
158
  end
161
159
 
162
- if error.message.start_with?("Failed to execute git checkout")
163
- raise git_dependency_reference_error(error)
164
- end
160
+ raise git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
165
161
 
166
162
  # Special case for Laravel Nova, which will fall back to attempting
167
163
  # to close a private repo if given invalid (or no) credentials
@@ -193,9 +189,7 @@ module Dependabot
193
189
  raise DependencyFileNotResolvable, error.message
194
190
  end
195
191
 
196
- if error.message.start_with?("Allowed memory size")
197
- raise Dependabot::OutOfMemory
198
- end
192
+ raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
199
193
 
200
194
  if error.message.include?("403 Forbidden")
201
195
  source = error.message.match(%r{https?://(?<source>[^/]+)/}).
@@ -457,9 +451,7 @@ module Dependabot
457
451
  platform_php = parsed_composer_json.dig("config", "platform", "php")
458
452
 
459
453
  platform = {}
460
- if platform_php.is_a?(String) && requirement_valid?(platform_php)
461
- platform["php"] = [platform_php]
462
- end
454
+ platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
463
455
 
464
456
  # Note: We *don't* include the require-dev PHP version in our initial
465
457
  # platform. If we fail to resolve with the PHP version specified in
@@ -26,9 +26,7 @@ module Dependabot
26
26
 
27
27
  def look_up_source_from_packagist
28
28
  return nil if packagist_listing&.fetch("packages", nil) == []
29
- unless packagist_listing&.dig("packages", dependency.name.downcase)
30
- return nil
31
- end
29
+ return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
32
30
 
33
31
  version_listings =
34
32
  packagist_listing["packages"][dependency.name.downcase].
@@ -41,9 +41,7 @@ module Dependabot
41
41
  def lowest_resolvable_security_fix_version
42
42
  raise "Dependency not vulnerable!" unless vulnerable?
43
43
 
44
- if defined?(@lowest_resolvable_security_fix_version)
45
- return @lowest_resolvable_security_fix_version
46
- end
44
+ return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)
47
45
 
48
46
  @lowest_resolvable_security_fix_version =
49
47
  fetch_lowest_resolvable_security_fix_version
@@ -72,9 +70,7 @@ module Dependabot
72
70
 
73
71
  def requirements_update_strategy
74
72
  # If passed in as an option (in the base class) honour that option
75
- if @requirements_update_strategy
76
- return @requirements_update_strategy.to_sym
77
- end
73
+ return @requirements_update_strategy.to_sym if @requirements_update_strategy
78
74
 
79
75
  # Otherwise, widen ranges for libraries and bump versions for apps
80
76
  library? ? :widen_ranges : :bump_versions_if_necessary
@@ -149,9 +145,7 @@ module Dependabot
149
145
  def latest_version_for_git_dependency
150
146
  # If the dependency isn't pinned then we just want to check that it
151
147
  # points to the latest commit on the relevant branch.
152
- unless git_commit_checker.pinned?
153
- return git_commit_checker.head_commit_for_current_branch
154
- end
148
+ return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?
155
149
 
156
150
  # If the dependency is pinned to a tag that looks like a version then
157
151
  # we want to update that tag. The latest version will then be the SHA
@@ -62,9 +62,7 @@ module Dependabot
62
62
  versions_array.
63
63
  reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
64
64
 
65
- if @raise_on_ignored && filtered.empty? && versions_array.any?
66
- raise AllVersionsIgnored
67
- end
65
+ raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && versions_array.any?
68
66
 
69
67
  filtered
70
68
  end
@@ -81,9 +79,7 @@ module Dependabot
81
79
 
82
80
  def wants_prerelease?
83
81
  current_version = dependency.version
84
- if current_version && version_class.new(current_version).prerelease?
85
- return true
86
- end
82
+ return true if current_version && version_class.new(current_version).prerelease?
87
83
 
88
84
  dependency.requirements.any? do |req|
89
85
  req[:requirement].match?(/\d-[A-Za-z]/)
@@ -144,9 +144,7 @@ module Dependabot
144
144
  def update_version_string(req_string)
145
145
  req_string.
146
146
  sub(VERSION_REGEX) do |old_version|
147
- unless req_string.match?(/[~*\^]/)
148
- next latest_resolvable_version.to_s
149
- end
147
+ next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
150
148
 
151
149
  old_parts = old_version.split(".")
152
150
  new_parts = latest_resolvable_version.to_s.split(".").
@@ -125,7 +125,7 @@ module Dependabot
125
125
  SharedHelpers.with_git_configured(credentials: credentials) do
126
126
  SharedHelpers.run_helper_subprocess(
127
127
  command: "php -d memory_limit=-1 #{php_helper_path}",
128
- escape_command_str: false,
128
+ allow_unsafe_shell_command: true,
129
129
  function: "get_latest_resolvable_version",
130
130
  args: [
131
131
  Dir.pwd,
@@ -156,9 +156,7 @@ module Dependabot
156
156
  json = JSON.parse(content)
157
157
 
158
158
  composer_platform_extensions.each do |extension, requirements|
159
- unless version_for_reqs(requirements)
160
- raise "No matching version for #{requirements}!"
161
- end
159
+ raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
162
160
 
163
161
  json["config"] ||= {}
164
162
  json["config"]["platform"] ||= {}
@@ -223,9 +221,7 @@ module Dependabot
223
221
 
224
222
  # If the original requirement is just a stability flag we append that
225
223
  # flag to the requirement
226
- if lower_bound.strip.start_with?("@")
227
- return "<=#{latest_allowable_version}#{lower_bound.strip}"
228
- end
224
+ return "<=#{latest_allowable_version}#{lower_bound.strip}" if lower_bound.strip.start_with?("@")
229
225
 
230
226
  lower_bound + ", <= #{latest_allowable_version}"
231
227
  end
@@ -439,9 +435,7 @@ module Dependabot
439
435
  platform_php = parsed_composer_file.dig("config", "platform", "php")
440
436
 
441
437
  platform = {}
442
- if platform_php.is_a?(String) && requirement_valid?(platform_php)
443
- platform["php"] = [platform_php]
444
- end
438
+ platform["php"] = [platform_php] if platform_php.is_a?(String) && requirement_valid?(platform_php)
445
439
 
446
440
  # Note: We *don't* include the require-dev PHP version in our initial
447
441
  # platform. If we fail to resolve with the PHP version specified in
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.125.0
4
+ version: 0.125.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.125.0
19
+ version: 0.125.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.125.0
26
+ version: 0.125.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement