RubyGems - dependabot-composer - Versions diffs - 0.128.2 → 0.129.4 - Mend

dependabot-composer 0.128.2 → 0.129.4

Files changed (31) hide show

checksums.yaml +4 -4
data/helpers/{.php_cs → v1/.php_cs} +0 -0
data/helpers/{bin → v1/bin}/run +0 -0
data/helpers/v1/build +20 -0
data/helpers/{composer.json → v1/composer.json} +0 -0
data/helpers/{composer.lock → v1/composer.lock} +63 -61
data/helpers/{phpstan.neon → v1/phpstan.neon} +0 -0
data/helpers/{src → v1/src}/DependabotInstallationManager.php +0 -0
data/helpers/{src → v1/src}/DependabotPluginManager.php +0 -0
data/helpers/{src → v1/src}/ExceptionIO.php +0 -0
data/helpers/{src → v1/src}/Hasher.php +0 -0
data/helpers/{src → v1/src}/UpdateChecker.php +0 -0
data/helpers/{src → v1/src}/Updater.php +0 -0
data/helpers/v2/.php_cs +32 -0
data/helpers/v2/bin/run +86 -0
data/helpers/{build → v2/build} +0 -0
data/helpers/v2/composer.json +23 -0
data/helpers/v2/composer.lock +2483 -0
data/helpers/v2/phpstan.neon +5 -0
data/helpers/v2/src/DependabotInstallationManager.php +67 -0
data/helpers/v2/src/DependabotPluginManager.php +23 -0
data/helpers/v2/src/ExceptionIO.php +25 -0
data/helpers/v2/src/Hasher.php +28 -0
data/helpers/v2/src/UpdateChecker.php +133 -0
data/helpers/v2/src/Updater.php +99 -0
data/lib/dependabot/composer/file_updater/lockfile_updater.rb +26 -2
data/lib/dependabot/composer/helpers.rb +20 -0
data/lib/dependabot/composer/native_helpers.rb +2 -2
data/lib/dependabot/composer/update_checker/version_resolver.rb +10 -2
metadata +33 -21
data/helpers/setup.sh +0 -17

data/lib/dependabot/composer/helpers.rb ADDED

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require "dependabot/composer/version"
+module Dependabot
+  module Composer
+    module Helpers
+      # From composers json-schema: https://getcomposer.org/schema.json
+      COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
+      def self.composer_version(composer_json, parsed_lockfile = nil)
+        return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
+        return "v2" unless parsed_lockfile && parsed_lockfile["plugin-api-version"]
+        version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
+        version.canonical_segments.first == 1 ? "v1" : "v2"
+      end
+    end
+  end
+end

data/lib/dependabot/composer/native_helpers.rb CHANGED

@@ -3,8 +3,8 @@
 module Dependabot
   module Composer
     module NativeHelpers
-      def self.composer_helper_path
-        File.join(composer_helpers_dir, "bin/run")
+      def self.composer_helper_path(composer_version: "v2")
+        File.join(composer_helpers_dir, composer_version, "bin/run")
       end
       def self.composer_helpers_dir

data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED

@@ -8,6 +8,8 @@ require "dependabot/composer/version"
 require "dependabot/composer/requirement"
 require "dependabot/composer/native_helpers"
 require "dependabot/composer/file_parser"
+require "dependabot/composer/helpers"
 module Dependabot
   module Composer
     class UpdateChecker
@@ -29,7 +31,8 @@ module Dependabot
         MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
           %r{
             (?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
-            (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)
+            (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
+            (?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
           }x.freeze
         VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
         SOURCE_TIMED_OUT_REGEX =
@@ -428,7 +431,12 @@ module Dependabot
         end
         def php_helper_path
-          NativeHelpers.composer_helper_path
+          NativeHelpers.composer_helper_path(composer_version: composer_version)
+        end
+        def composer_version
+          parsed_lockfile_or_nil = lockfile ? parsed_lockfile : nil
+          @composer_version ||= Helpers.composer_version(parsed_composer_file, parsed_lockfile_or_nil)
         end
         def initial_platform

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.128.2
+  version: 0.129.4
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-14 00:00:00.000000000 Z
+date: 2021-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.128.2
+        version: 0.129.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.128.2
+        version: 0.129.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.7.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.20.0
+        version: 0.21.0
 - !ruby/object:Gem::Dependency
   name: simplecov-console
   requirement: !ruby/object:Gem::Requirement
@@ -171,19 +171,30 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- helpers/.php_cs
-- helpers/bin/run
-- helpers/build
-- helpers/composer.json
-- helpers/composer.lock
-- helpers/phpstan.neon
-- helpers/setup.sh
-- helpers/src/DependabotInstallationManager.php
-- helpers/src/DependabotPluginManager.php
-- helpers/src/ExceptionIO.php
-- helpers/src/Hasher.php
-- helpers/src/UpdateChecker.php
-- helpers/src/Updater.php
+- helpers/v1/.php_cs
+- helpers/v1/bin/run
+- helpers/v1/build
+- helpers/v1/composer.json
+- helpers/v1/composer.lock
+- helpers/v1/phpstan.neon
+- helpers/v1/src/DependabotInstallationManager.php
+- helpers/v1/src/DependabotPluginManager.php
+- helpers/v1/src/ExceptionIO.php
+- helpers/v1/src/Hasher.php
+- helpers/v1/src/UpdateChecker.php
+- helpers/v1/src/Updater.php
+- helpers/v2/.php_cs
+- helpers/v2/bin/run
+- helpers/v2/build
+- helpers/v2/composer.json
+- helpers/v2/composer.lock
+- helpers/v2/phpstan.neon
+- helpers/v2/src/DependabotInstallationManager.php
+- helpers/v2/src/DependabotPluginManager.php
+- helpers/v2/src/ExceptionIO.php
+- helpers/v2/src/Hasher.php
+- helpers/v2/src/UpdateChecker.php
+- helpers/v2/src/Updater.php
 - lib/dependabot/composer.rb
 - lib/dependabot/composer/file_fetcher.rb
 - lib/dependabot/composer/file_fetcher/path_dependency_builder.rb
@@ -191,6 +202,7 @@ files:
 - lib/dependabot/composer/file_updater.rb
 - lib/dependabot/composer/file_updater/lockfile_updater.rb
 - lib/dependabot/composer/file_updater/manifest_updater.rb
+- lib/dependabot/composer/helpers.rb
 - lib/dependabot/composer/metadata_finder.rb
 - lib/dependabot/composer/native_helpers.rb
 - lib/dependabot/composer/requirement.rb

data/helpers/setup.sh DELETED

@@ -1,17 +0,0 @@
-#!/bin/sh
-EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
-php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
-if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
-then
-    >&2 echo 'ERROR: Invalid installer signature'
-    rm composer-setup.php
-    exit 1
-fi
-php composer-setup.php --quiet
-RESULT=$?
-rm composer-setup.php
-exit $RESULT