RubyGems - dependabot-composer - Versions diffs - 0.128.2 → 0.129.0 - Mend

dependabot-composer 0.128.2 → 0.129.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +4 -4
data/helpers/{.php_cs → v1/.php_cs} +0 -0
data/helpers/{bin → v1/bin}/run +0 -0
data/helpers/v1/build +20 -0
data/helpers/{composer.json → v1/composer.json} +0 -0
data/helpers/{composer.lock → v1/composer.lock} +10 -5
data/helpers/{phpstan.neon → v1/phpstan.neon} +0 -0
data/helpers/{src → v1/src}/DependabotInstallationManager.php +0 -0
data/helpers/{src → v1/src}/DependabotPluginManager.php +0 -0
data/helpers/{src → v1/src}/ExceptionIO.php +0 -0
data/helpers/{src → v1/src}/Hasher.php +0 -0
data/helpers/{src → v1/src}/UpdateChecker.php +0 -0
data/helpers/{src → v1/src}/Updater.php +0 -0
data/helpers/v2/.php_cs +32 -0
data/helpers/v2/bin/run +86 -0
data/helpers/{build → v2/build} +0 -0
data/helpers/v2/composer.json +23 -0
data/helpers/v2/composer.lock +2610 -0
data/helpers/v2/phpstan.neon +5 -0
data/helpers/v2/src/DependabotInstallationManager.php +67 -0
data/helpers/v2/src/DependabotPluginManager.php +23 -0
data/helpers/v2/src/ExceptionIO.php +25 -0
data/helpers/v2/src/Hasher.php +28 -0
data/helpers/v2/src/UpdateChecker.php +133 -0
data/helpers/v2/src/Updater.php +99 -0
data/lib/dependabot/composer/file_updater/lockfile_updater.rb +31 -2
data/lib/dependabot/composer/native_helpers.rb +2 -2
data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -2
metadata +28 -17
data/helpers/setup.sh +0 -17

data/lib/dependabot/composer/native_helpers.rb CHANGED

@@ -3,8 +3,8 @@
 module Dependabot
   module Composer
     module NativeHelpers
-      def self.composer_helper_path
-        File.join(composer_helpers_dir, "bin/run")
+      def self.composer_helper_path(composer_version: "v2")
+        File.join(composer_helpers_dir, composer_version, "bin/run")
       end
       def self.composer_helpers_dir

data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED

@@ -29,7 +29,8 @@ module Dependabot
         MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
           %r{
             (?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
-            (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)
+            (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
+            (?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
           }x.freeze
         VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
         SOURCE_TIMED_OUT_REGEX =
@@ -428,7 +429,17 @@ module Dependabot
         end
         def php_helper_path
-          NativeHelpers.composer_helper_path
+          NativeHelpers.composer_helper_path(composer_version: composer_version)
+        end
+        def composer_version
+          @composer_version ||=
+            begin
+              return "v2" unless lockfile && parsed_lockfile["plugin-api-version"]
+              version = Version.new(parsed_lockfile["plugin-api-version"])
+              version.canonical_segments.first == 1 ? "v1" : "v2"
+            end
         end
         def initial_platform

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.128.2
+  version: 0.129.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-14 00:00:00.000000000 Z
+date: 2020-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.128.2
+        version: 0.129.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.128.2
+        version: 0.129.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -171,19 +171,30 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- helpers/.php_cs
-- helpers/bin/run
-- helpers/build
-- helpers/composer.json
-- helpers/composer.lock
-- helpers/phpstan.neon
-- helpers/setup.sh
-- helpers/src/DependabotInstallationManager.php
-- helpers/src/DependabotPluginManager.php
-- helpers/src/ExceptionIO.php
-- helpers/src/Hasher.php
-- helpers/src/UpdateChecker.php
-- helpers/src/Updater.php
+- helpers/v1/.php_cs
+- helpers/v1/bin/run
+- helpers/v1/build
+- helpers/v1/composer.json
+- helpers/v1/composer.lock
+- helpers/v1/phpstan.neon
+- helpers/v1/src/DependabotInstallationManager.php
+- helpers/v1/src/DependabotPluginManager.php
+- helpers/v1/src/ExceptionIO.php
+- helpers/v1/src/Hasher.php
+- helpers/v1/src/UpdateChecker.php
+- helpers/v1/src/Updater.php
+- helpers/v2/.php_cs
+- helpers/v2/bin/run
+- helpers/v2/build
+- helpers/v2/composer.json
+- helpers/v2/composer.lock
+- helpers/v2/phpstan.neon
+- helpers/v2/src/DependabotInstallationManager.php
+- helpers/v2/src/DependabotPluginManager.php
+- helpers/v2/src/ExceptionIO.php
+- helpers/v2/src/Hasher.php
+- helpers/v2/src/UpdateChecker.php
+- helpers/v2/src/Updater.php
 - lib/dependabot/composer.rb
 - lib/dependabot/composer/file_fetcher.rb
 - lib/dependabot/composer/file_fetcher/path_dependency_builder.rb

data/helpers/setup.sh DELETED

@@ -1,17 +0,0 @@
-#!/bin/sh
-EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
-if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
-then
-    >&2 echo 'ERROR: Invalid installer signature'
-    rm composer-setup.php
-    exit 1
-fi
-php composer-setup.php --quiet
-RESULT=$?
-rm composer-setup.php
-exit $RESULT