dependabot-composer 0.130.0 → 0.131.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/composer.lock +97 -97
  3. data/helpers/v2/composer.lock +97 -97
  4. data/lib/dependabot/composer/helpers.rb +14 -6
  5. data/lib/dependabot/composer/requirement.rb +3 -3
  6. data/lib/dependabot/composer/update_checker/version_resolver.rb +9 -3
  7. metadata +9 -9
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -7,21 +7,29 @@ module Dependabot
7
7
  module Helpers
8
8
  # From composers json-schema: https://getcomposer.org/schema.json
9
9
  COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
10
+ # From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
11
+ PLATFORM_PACKAGE_REGEX = /
12
+ ^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
13
+ |composer-(?:plugin|runtime)-api)$
14
+ /x.freeze
10
15
 
11
16
  def self.composer_version(composer_json, parsed_lockfile = nil)
12
- return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
13
- return "v1" if invalid_v2_requirement?(composer_json)
14
- return "v2" unless parsed_lockfile && parsed_lockfile["plugin-api-version"]
17
+ if parsed_lockfile && parsed_lockfile["plugin-api-version"]
18
+ version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
19
+ return version.canonical_segments.first == 1 ? "v1" : "v2"
20
+ else
21
+ return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
22
+ return "v1" if invalid_v2_requirement?(composer_json)
23
+ end
15
24
 
16
- version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
17
- version.canonical_segments.first == 1 ? "v1" : "v2"
25
+ "v2"
18
26
  end
19
27
 
20
28
  def self.invalid_v2_requirement?(composer_json)
21
29
  return false unless composer_json.key?("require")
22
30
 
23
31
  composer_json["require"].keys.any? do |key|
24
- key != "php" && key !~ COMPOSER_V2_NAME_REGEX
32
+ key !~ PLATFORM_PACKAGE_REGEX && key !~ COMPOSER_V2_NAME_REGEX
25
33
  end
26
34
  end
27
35
  private_class_method :invalid_v2_requirement?
data/lib/dependabot/composer/requirement.rb CHANGED
@@ -44,9 +44,9 @@ module Dependabot
44
44
 
45
45
  if req_string.start_with?("*", "x") then ">= 0"
46
46
  elsif req_string.include?("*") then convert_wildcard_req(req_string)
47
- elsif req_string.include?(".x") then convert_wildcard_req(req_string)
48
- elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
49
47
  elsif req_string.start_with?("^") then convert_caret_req(req_string)
48
+ elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
49
+ elsif req_string.include?(".x") then convert_wildcard_req(req_string)
50
50
  elsif req_string.match?(/\s-\s/) then convert_hyphen_req(req_string)
51
51
  else req_string
52
52
  end
@@ -68,7 +68,7 @@ module Dependabot
68
68
  end
69
69
 
70
70
  def convert_caret_req(req_string)
71
- version = req_string.gsub(/^\^/, "")
71
+ version = req_string.gsub(/^\^/, "").gsub("x-dev", "0")
72
72
  parts = version.split(".")
73
73
  first_non_zero = parts.find { |d| d != "0" }
74
74
  first_non_zero_index =
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -159,7 +159,7 @@ module Dependabot
159
159
  json = JSON.parse(content)
160
160
 
161
161
  composer_platform_extensions.each do |extension, requirements|
162
- raise "No matching version for #{requirements}!" unless version_for_reqs(requirements)
162
+ next unless version_for_reqs(requirements)
163
163
 
164
164
  json["config"] ||= {}
165
165
  json["config"]["platform"] ||= {}
@@ -254,8 +254,7 @@ module Dependabot
254
254
  error.message.match(/Failed to clone (?<url>.*?) via/).
255
255
  named_captures.fetch("url")
256
256
  raise Dependabot::GitDependenciesNotReachable, dependency_url
257
- elsif error.message.start_with?("Could not parse version") ||
258
- error.message.include?("does not allow connections to http://")
257
+ elsif unresolvable_error?(error)
259
258
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
260
259
  elsif error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
261
260
  # These errors occur when platform requirements declared explicitly
@@ -346,6 +345,13 @@ module Dependabot
346
345
  # rubocop:enable Metrics/CyclomaticComplexity
347
346
  # rubocop:enable Metrics/MethodLength
348
347
 
348
+ def unresolvable_error?(error)
349
+ error.message.start_with?("Could not parse version") ||
350
+ error.message.include?("does not allow connections to http://") ||
351
+ error.message.match?(/The `url` supplied for the path .* does not exist/) ||
352
+ error.message.start_with?("Invalid version string")
353
+ end
354
+
349
355
  def library?
350
356
  parsed_composer_file["type"] == "library"
351
357
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.130.0
4
+ version: 0.131.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-13 00:00:00.000000000 Z
11
+ date: 2021-02-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.130.0
19
+ version: 0.131.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.130.0
26
+ version: 0.131.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.0
103
+ version: 1.9.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.0
110
+ version: 1.9.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.8.0
131
+ version: 0.9.1
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.8.0
138
+ version: 0.9.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: vcr
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
230
230
  - !ruby/object:Gem::Version
231
231
  version: 2.5.0
232
232
  requirements: []
233
- rubygems_version: 3.1.4
233
+ rubygems_version: 3.2.3
234
234
  signing_key:
235
235
  specification_version: 4
236
236
  summary: PHP (Composer) support for dependabot