dependabot-composer 0.148.4 → 0.148.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bb00999594d24b11259f358c46ef8de11b20e8f2e9aa82805e839a05b6897174
-  data.tar.gz: 61770c7233e5b37e25c8f0fd7be46bfec32457a0f4846572cbb8e78f981e9456
+  metadata.gz: 70fc7cb7461f28a3b85cd71afb52ffbc5a80aa9f1e6d8f531d0121a579fadd9a
+  data.tar.gz: fafb6ba0e5afbc61cb22a5fcedb99522f058358b8812cdc89ca4ddea5d1a06b5
 SHA512:
-  metadata.gz: 3200528d584855cf7617835a41438975c82ab3a3b1816c7bd1667aae0fdc72cfbbd11438a744e8a9ad7899682ad6c1906cbbd6cf610ff55f1bbcb9b9acd15e57
-  data.tar.gz: 3d74e4ab6af069ba611ee3d9dea84fa011287bfe837ffe256a9e6e32d172c2f4e4948501b6f1ef55a684334aac31ab363d0c738e1bfc6d3e447a43c9fae2c21a
+  metadata.gz: 1a8e09763faaa113d0f39eaa443229297d869f290745eceb2af43f5fadcf0f9376e15c83a5413184f2b2ec2f2d8c2b3c59d884fa9de63b503b5fc1058733c6e2
+  data.tar.gz: 22d4a0547fcee78f23c4d1b6d53844b73e8a122b6b514f46f80dae6feff5a596198a6cfbd46fe0c3d942287492c05cc9118b7dcf605164c1a0e67773838c3458

data/lib/dependabot/composer/update_checker/latest_version_finder.rb

@@ -75,6 +75,8 @@ module Dependabot
         end
 
         def filter_lower_versions(versions_array)
+          return versions_array unless dependency.version && version_class.correct?(dependency.version)
+
           versions_array.
             select { |version| version > version_class.new(dependency.version) }
         end

data/lib/dependabot/composer/update_checker/version_resolver.rb

@@ -37,6 +37,8 @@ module Dependabot
         VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
         SOURCE_TIMED_OUT_REGEX =
           /The "(?<url>[^"]+packages\.json)".*timed out/.freeze
+        FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --mirror[^']*'(?<url>.*?)'/.freeze
+        FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
 
         def initialize(credentials:, dependency:, dependency_files:,
                        requirements_to_unlock:, latest_allowable_version:)
@@ -244,15 +246,11 @@ module Dependabot
             raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
           end
 
-          if error.message.start_with?("Failed to execute git clone")
-            dependency_url =
-              error.message.match(/--mirror '(?<url>.*?)'/).
-              named_captures.fetch("url")
+          if error.message.match?(FAILED_GIT_CLONE_WITH_MIRROR)
+            dependency_url = error.message.match(FAILED_GIT_CLONE_WITH_MIRROR).named_captures.fetch("url")
             raise Dependabot::GitDependenciesNotReachable, dependency_url
-          elsif error.message.start_with?("Failed to clone")
-            dependency_url =
-              error.message.match(/Failed to clone (?<url>.*?) via/).
-              named_captures.fetch("url")
+          elsif error.message.match?(FAILED_GIT_CLONE)
+            dependency_url = error.message.match(FAILED_GIT_CLONE).named_captures.fetch("url")
             raise Dependabot::GitDependenciesNotReachable, dependency_url
           elsif unresolvable_error?(error)
             raise Dependabot::DependencyFileNotResolvable, sanitized_message
@@ -304,13 +302,10 @@ module Dependabot
             nil
           elsif error.message.include?("URL required authentication") ||
                 error.message.include?("403 Forbidden")
-            source =
-              error.message.match(%r{https?://(?<source>[^/]+)/}).
-              named_captures.fetch("source")
+            source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")
             raise Dependabot::PrivateSourceAuthenticationFailure, source
           elsif error.message.match?(SOURCE_TIMED_OUT_REGEX)
-            url = error.message.match(SOURCE_TIMED_OUT_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(SOURCE_TIMED_OUT_REGEX).named_captures.fetch("url")
             raise if url.include?("packagist.org")
 
             source = url.gsub(%r{/packages.json$}, "")
@@ -336,6 +331,11 @@ module Dependabot
             #
             # Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
             nil
+          elsif error.message.include?("does not match the expected JSON schema")
+            msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
+                  "Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
+                  "See https://getcomposer.org/doc/04-schema.md for details on the schema."
+            raise Dependabot::DependencyFileNotParseable, msg
           else
             raise error
           end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.148.4
+  version: 0.148.9
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-21 00:00:00.000000000 Z
+date: 2021-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.4
+        version: 0.148.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.4
+        version: 0.148.9
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement