dependabot-composer 0.148.3 → 0.148.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +2 -0
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -13
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5ac5d31129e20132e01c050a257ae4946718ab89a2a9553146672489ea599342
4
- data.tar.gz: ae764620f232d42d488796f54d0c44e1a58743324659eed1fe125e250e0822a9
3
+ metadata.gz: 63a0158c54de172fab190eed3de3b2184b4370d8c71468dd801ba991a5598c96
4
+ data.tar.gz: 8c94e36b34e49d3d31c7777d8b324c0ca4646d02a043ce0e7b054806feb4fd93
5
5
  SHA512:
6
- metadata.gz: 9f81bd586a3a6f12bcbd119c4ff09cec5ca4976447a9e24b0fd89cec873a94f072484bd04a58f39e514e6a87172ef40d09433953a748c01de7c61b214ab94c7c
7
- data.tar.gz: 109899e8b29f34cf823fbda69e068c9b1fdf41b6b7c248406d8433170016ed6a327d628114fd0e8fcac21ea9494194e59dba7b95bdb3cb53fca4e3c152c3f06f
6
+ metadata.gz: f9546dfb7a5c8bcc0aa64f787c46d652da4781bd73f605cdf82d5771d710e3255ceb0dbef19926b240a3bc4070a9bf3ed93570c75c3166d7e0ef0993db3003e9
7
+ data.tar.gz: 96d24dc6d13a96852621b5ebd86ed7be7c4f83a7ecae52ed9f775f15232d64f64dd281e442c5087fdc69acacab99e1abb176a62d85d238ce441b40eda55fd75a
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -75,6 +75,8 @@ module Dependabot
75
75
  end
76
76
 
77
77
  def filter_lower_versions(versions_array)
78
+ return versions_array unless dependency.version
79
+
78
80
  versions_array.
79
81
  select { |version| version > version_class.new(dependency.version) }
80
82
  end
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -37,6 +37,8 @@ module Dependabot
37
37
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
38
38
  SOURCE_TIMED_OUT_REGEX =
39
39
  /The "(?<url>[^"]+packages\.json)".*timed out/.freeze
40
+ FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --mirror[^']*'(?<url>.*?)'/.freeze
41
+ FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
40
42
 
41
43
  def initialize(credentials:, dependency:, dependency_files:,
42
44
  requirements_to_unlock:, latest_allowable_version:)
@@ -244,15 +246,11 @@ module Dependabot
244
246
  raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
245
247
  end
246
248
 
247
- if error.message.start_with?("Failed to execute git clone")
248
- dependency_url =
249
- error.message.match(/--mirror '(?<url>.*?)'/).
250
- named_captures.fetch("url")
249
+ if error.message.match?(FAILED_GIT_CLONE_WITH_MIRROR)
250
+ dependency_url = error.message.match(FAILED_GIT_CLONE_WITH_MIRROR).named_captures.fetch("url")
251
251
  raise Dependabot::GitDependenciesNotReachable, dependency_url
252
- elsif error.message.start_with?("Failed to clone")
253
- dependency_url =
254
- error.message.match(/Failed to clone (?<url>.*?) via/).
255
- named_captures.fetch("url")
252
+ elsif error.message.match?(FAILED_GIT_CLONE)
253
+ dependency_url = error.message.match(FAILED_GIT_CLONE).named_captures.fetch("url")
256
254
  raise Dependabot::GitDependenciesNotReachable, dependency_url
257
255
  elsif unresolvable_error?(error)
258
256
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
@@ -304,13 +302,10 @@ module Dependabot
304
302
  nil
305
303
  elsif error.message.include?("URL required authentication") ||
306
304
  error.message.include?("403 Forbidden")
307
- source =
308
- error.message.match(%r{https?://(?<source>[^/]+)/}).
309
- named_captures.fetch("source")
305
+ source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")
310
306
  raise Dependabot::PrivateSourceAuthenticationFailure, source
311
307
  elsif error.message.match?(SOURCE_TIMED_OUT_REGEX)
312
- url = error.message.match(SOURCE_TIMED_OUT_REGEX).
313
- named_captures.fetch("url")
308
+ url = error.message.match(SOURCE_TIMED_OUT_REGEX).named_captures.fetch("url")
314
309
  raise if url.include?("packagist.org")
315
310
 
316
311
  source = url.gsub(%r{/packages.json$}, "")
@@ -336,6 +331,11 @@ module Dependabot
336
331
  #
337
332
  # Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
338
333
  nil
334
+ elsif error.message.include?("does not match the expected JSON schema")
335
+ msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
336
+ "Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
337
+ "See https://getcomposer.org/doc/04-schema.md for details on the schema."
338
+ raise Dependabot::DependencyFileNotParseable, msg
339
339
  else
340
340
  raise error
341
341
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.148.3
4
+ version: 0.148.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-19 00:00:00.000000000 Z
11
+ date: 2021-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.148.3
19
+ version: 0.148.8
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.148.3
26
+ version: 0.148.8
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement