dependabot-composer 0.128.0 → 0.129.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "dependabot/composer/version"
4
+
5
+ module Dependabot
6
+ module Composer
7
+ module Helpers
8
+ # From composers json-schema: https://getcomposer.org/schema.json
9
+ COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
10
+
11
+ def self.composer_version(composer_json, parsed_lockfile = nil)
12
+ return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
13
+ return "v2" unless parsed_lockfile && parsed_lockfile["plugin-api-version"]
14
+
15
+ version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
16
+ version.canonical_segments.first == 1 ? "v1" : "v2"
17
+ end
18
+ end
19
+ end
20
+ end
@@ -3,8 +3,8 @@
3
3
  module Dependabot
4
4
  module Composer
5
5
  module NativeHelpers
6
- def self.composer_helper_path
7
- File.join(composer_helpers_dir, "bin/run")
6
+ def self.composer_helper_path(composer_version: "v2")
7
+ File.join(composer_helpers_dir, composer_version, "bin/run")
8
8
  end
9
9
 
10
10
  def self.composer_helpers_dir
@@ -8,6 +8,8 @@ require "dependabot/composer/version"
8
8
  require "dependabot/composer/requirement"
9
9
  require "dependabot/composer/native_helpers"
10
10
  require "dependabot/composer/file_parser"
11
+ require "dependabot/composer/helpers"
12
+
11
13
  module Dependabot
12
14
  module Composer
13
15
  class UpdateChecker
@@ -29,7 +31,8 @@ module Dependabot
29
31
  MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
30
32
  %r{
31
33
  (?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
32
- (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)
34
+ (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
35
+ (?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
33
36
  }x.freeze
34
37
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
35
38
  SOURCE_TIMED_OUT_REGEX =
@@ -428,7 +431,12 @@ module Dependabot
428
431
  end
429
432
 
430
433
  def php_helper_path
431
- NativeHelpers.composer_helper_path
434
+ NativeHelpers.composer_helper_path(composer_version: composer_version)
435
+ end
436
+
437
+ def composer_version
438
+ parsed_lockfile_or_nil = lockfile ? parsed_lockfile : nil
439
+ @composer_version ||= Helpers.composer_version(parsed_composer_file, parsed_lockfile_or_nil)
432
440
  end
433
441
 
434
442
  def initial_platform
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.128.0
4
+ version: 0.129.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-14 00:00:00.000000000 Z
11
+ date: 2021-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.128.0
19
+ version: 0.129.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.128.0
26
+ version: 0.129.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.6.0
103
+ version: 1.7.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.6.0
110
+ version: 1.7.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.20.0
117
+ version: 0.21.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.20.0
124
+ version: 0.21.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov-console
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -171,19 +171,30 @@ executables: []
171
171
  extensions: []
172
172
  extra_rdoc_files: []
173
173
  files:
174
- - helpers/.php_cs
175
- - helpers/bin/run
176
- - helpers/build
177
- - helpers/composer.json
178
- - helpers/composer.lock
179
- - helpers/phpstan.neon
180
- - helpers/setup.sh
181
- - helpers/src/DependabotInstallationManager.php
182
- - helpers/src/DependabotPluginManager.php
183
- - helpers/src/ExceptionIO.php
184
- - helpers/src/Hasher.php
185
- - helpers/src/UpdateChecker.php
186
- - helpers/src/Updater.php
174
+ - helpers/v1/.php_cs
175
+ - helpers/v1/bin/run
176
+ - helpers/v1/build
177
+ - helpers/v1/composer.json
178
+ - helpers/v1/composer.lock
179
+ - helpers/v1/phpstan.neon
180
+ - helpers/v1/src/DependabotInstallationManager.php
181
+ - helpers/v1/src/DependabotPluginManager.php
182
+ - helpers/v1/src/ExceptionIO.php
183
+ - helpers/v1/src/Hasher.php
184
+ - helpers/v1/src/UpdateChecker.php
185
+ - helpers/v1/src/Updater.php
186
+ - helpers/v2/.php_cs
187
+ - helpers/v2/bin/run
188
+ - helpers/v2/build
189
+ - helpers/v2/composer.json
190
+ - helpers/v2/composer.lock
191
+ - helpers/v2/phpstan.neon
192
+ - helpers/v2/src/DependabotInstallationManager.php
193
+ - helpers/v2/src/DependabotPluginManager.php
194
+ - helpers/v2/src/ExceptionIO.php
195
+ - helpers/v2/src/Hasher.php
196
+ - helpers/v2/src/UpdateChecker.php
197
+ - helpers/v2/src/Updater.php
187
198
  - lib/dependabot/composer.rb
188
199
  - lib/dependabot/composer/file_fetcher.rb
189
200
  - lib/dependabot/composer/file_fetcher/path_dependency_builder.rb
@@ -191,6 +202,7 @@ files:
191
202
  - lib/dependabot/composer/file_updater.rb
192
203
  - lib/dependabot/composer/file_updater/lockfile_updater.rb
193
204
  - lib/dependabot/composer/file_updater/manifest_updater.rb
205
+ - lib/dependabot/composer/helpers.rb
194
206
  - lib/dependabot/composer/metadata_finder.rb
195
207
  - lib/dependabot/composer/native_helpers.rb
196
208
  - lib/dependabot/composer/requirement.rb
@@ -1,17 +0,0 @@
1
- #!/bin/sh
2
-
3
- EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
4
- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
5
- ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
6
-
7
- if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
8
- then
9
- >&2 echo 'ERROR: Invalid installer signature'
10
- rm composer-setup.php
11
- exit 1
12
- fi
13
-
14
- php composer-setup.php --quiet
15
- RESULT=$?
16
- rm composer-setup.php
17
- exit $RESULT