dependabot-composer 0.130.0 → 0.131.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/composer.lock +97 -97
  3. data/helpers/v2/composer.lock +97 -97
  4. data/lib/dependabot/composer/helpers.rb +14 -6
  5. data/lib/dependabot/composer/requirement.rb +3 -3
  6. data/lib/dependabot/composer/update_checker/version_resolver.rb +9 -3
  7. metadata +9 -9
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -7,21 +7,29 @@ module Dependabot
7
7
  module Helpers
8
8
  # From composers json-schema: https://getcomposer.org/schema.json
9
9
  COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
10
+ # From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
11
+ PLATFORM_PACKAGE_REGEX = /
12
+ ^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
13
+ |composer-(?:plugin|runtime)-api)$
14
+ /x.freeze
10
15
 
11
16
  def self.composer_version(composer_json, parsed_lockfile = nil)
12
- return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
13
- return "v1" if invalid_v2_requirement?(composer_json)
14
- return "v2" unless parsed_lockfile && parsed_lockfile["plugin-api-version"]
17
+ if parsed_lockfile && parsed_lockfile["plugin-api-version"]
18
+ version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
19
+ return version.canonical_segments.first == 1 ? "v1" : "v2"
20
+ else
21
+ return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
22
+ return "v1" if invalid_v2_requirement?(composer_json)
23
+ end
15
24
 
16
- version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
17
- version.canonical_segments.first == 1 ? "v1" : "v2"
25
+ "v2"
18
26
  end
19
27
 
20
28
  def self.invalid_v2_requirement?(composer_json)
21
29
  return false unless composer_json.key?("require")
22
30
 
23
31
  composer_json["require"].keys.any? do |key|
24
- key != "php" && key !~ COMPOSER_V2_NAME_REGEX
32
+ key !~ PLATFORM_PACKAGE_REGEX && key !~ COMPOSER_V2_NAME_REGEX
25
33
  end
26
34
  end
27
35
  private_class_method :invalid_v2_requirement?
data/lib/dependabot/composer/requirement.rb CHANGED
@@ -44,9 +44,9 @@ module Dependabot
44
44
 
45
45
  if req_string.start_with?("*", "x") then ">= 0"
46
46
  elsif req_string.include?("*") then convert_wildcard_req(req_string)
47
- elsif req_string.include?(".x") then convert_wildcard_req(req_string)
48
- elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
49
47
  elsif req_string.start_with?("^") then convert_caret_req(req_string)
48
+ elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
49
+ elsif req_string.include?(".x") then convert_wildcard_req(req_string)
50
50
  elsif req_string.match?(/\s-\s/) then convert_hyphen_req(req_string)
51
51
  else req_string
52
52
  end
@@ -68,7 +68,7 @@ module Dependabot
68
68
  end
69
69
 
70
70
  def convert_caret_req(req_string)
71
- version = req_string.gsub(/^\^/, "")
71
+ version = req_string.gsub(/^\^/, "").gsub("x-dev", "0")
72
72
  parts = version.split(".")
73
73
  first_non_zero = parts.find { |d| d != "0" }
74
74
  first_non_zero_index =
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -159,7 +159,7 @@ module Dependabot
159
159
  json = JSON.parse(content)
160
160
 
161
161
  composer_platform_extensions.each do |extension, requirements|
162
- raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
162
+ next unless version_for_reqs(requirements)
163
163
 
164
164
  json["config"] ||= {}
165
165
  json["config"]["platform"] ||= {}
@@ -254,8 +254,7 @@ module Dependabot
254
254
  error.message.match(/Failed to clone (?<url>.*?) via/).
255
255
  named_captures.fetch("url")
256
256
  raise Dependabot::GitDependenciesNotReachable, dependency_url
257
- elsif error.message.start_with?("Could not parse version") ||
258
- error.message.include?("does not allow connections to http://")
257
+ elsif unresolvable_error?(error)
259
258
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
260
259
  elsif error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
261
260
  # These errors occur when platform requirements declared explicitly
@@ -346,6 +345,13 @@ module Dependabot
346
345
  # rubocop:enable Metrics/CyclomaticComplexity
347
346
  # rubocop:enable Metrics/MethodLength
348
347
 
348
+ def unresolvable_error?(error)
349
+ error.message.start_with?("Could not parse version") ||
350
+ error.message.include?("does not allow connections to http://") ||
351
+ error.message.match?(/The `url` supplied for the path .* does not exist/) ||
352
+ error.message.start_with?("Invalid version string")
353
+ end
354
+
349
355
  def library?
350
356
  parsed_composer_file["type"] == "library"
351
357
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.130.0
4
+ version: 0.131.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-13 00:00:00.000000000 Z
11
+ date: 2021-02-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.130.0
19
+ version: 0.131.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.130.0
26
+ version: 0.131.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.0
103
+ version: 1.9.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.0
110
+ version: 1.9.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.8.0
131
+ version: 0.9.1
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.8.0
138
+ version: 0.9.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
230
230
  - !ruby/object:Gem::Version
231
231
  version: 2.5.0
232
232
  requirements: []
233
- rubygems_version: 3.1.4
233
+ rubygems_version: 3.2.3
234
234
  signing_key:
235
235
  specification_version: 4
236
236
  summary: PHP (Composer) support for dependabot