dependabot-composer 0.148.6 → 0.149.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +1 -1
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -13
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 186ba5c11b26d71c423f55d6d4f68353d7069eeed3f58bb666dd4d19bec6e22b
4
- data.tar.gz: 305be883767c691aad2afcc8b6bcedbd38cb70fb55e11324ccb2c86a28f7e5e3
3
+ metadata.gz: 6860a87595a4fba08c6a2d479d0cfc4600282fc9592881d3383a58bbc5bb5c4b
4
+ data.tar.gz: b351759e582036db2369e8889ed51037b7b0fff671be830742af77108a25a368
5
5
  SHA512:
6
- metadata.gz: a5f5a115c35c4a0cc0a5932d8218cbdf8c43c1ec99fcd713e68e990a9a8f4f386f58abb95da2ac18e3d2a341966da7cd4ab24f7514c011f526f60086c2469471
7
- data.tar.gz: 229ece24b5b1397ca2acc802d4a5d294c2247139add639a1b4090438364f6980566fbf89d4e4d9d1a07c8d2b82bfc6120608085888c4a7f4cada5dfe8413381f
6
+ metadata.gz: c643260bec7e1267e701b4bf8809b1d0a4122aa7da50f150fd871b50c1a44f448430fb7b8b7d11a1de2d2148b6fbfe93e430a3d3c942dcbbb46a6f562864e430
7
+ data.tar.gz: a7d5e4f2e3318a6666f86e9b729f5f41c16fe92f72a4656b11460494e4e6a68ce4eb11ea9fbc1f55eb0bc73cfe732dbaa99a0fcbfaf963b9b2d8feebe4943f75
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -75,7 +75,7 @@ module Dependabot
75
75
  end
76
76
 
77
77
  def filter_lower_versions(versions_array)
78
- return versions_array unless dependency.version
78
+ return versions_array unless dependency.version && version_class.correct?(dependency.version)
79
79
 
80
80
  versions_array.
81
81
  select { |version| version > version_class.new(dependency.version) }
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -37,6 +37,8 @@ module Dependabot
37
37
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
38
38
  SOURCE_TIMED_OUT_REGEX =
39
39
  /The "(?<url>[^"]+packages\.json)".*timed out/.freeze
40
+ FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --mirror[^']*'(?<url>.*?)'/.freeze
41
+ FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
40
42
 
41
43
  def initialize(credentials:, dependency:, dependency_files:,
42
44
  requirements_to_unlock:, latest_allowable_version:)
@@ -244,15 +246,11 @@ module Dependabot
244
246
  raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
245
247
  end
246
248
 
247
- if error.message.start_with?("Failed to execute git clone")
248
- dependency_url =
249
- error.message.match(/--mirror '(?<url>.*?)'/).
250
- named_captures.fetch("url")
249
+ if error.message.match?(FAILED_GIT_CLONE_WITH_MIRROR)
250
+ dependency_url = error.message.match(FAILED_GIT_CLONE_WITH_MIRROR).named_captures.fetch("url")
251
251
  raise Dependabot::GitDependenciesNotReachable, dependency_url
252
- elsif error.message.start_with?("Failed to clone")
253
- dependency_url =
254
- error.message.match(/Failed to clone (?<url>.*?) via/).
255
- named_captures.fetch("url")
252
+ elsif error.message.match?(FAILED_GIT_CLONE)
253
+ dependency_url = error.message.match(FAILED_GIT_CLONE).named_captures.fetch("url")
256
254
  raise Dependabot::GitDependenciesNotReachable, dependency_url
257
255
  elsif unresolvable_error?(error)
258
256
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
@@ -304,13 +302,10 @@ module Dependabot
304
302
  nil
305
303
  elsif error.message.include?("URL required authentication") ||
306
304
  error.message.include?("403 Forbidden")
307
- source =
308
- error.message.match(%r{https?://(?<source>[^/]+)/}).
309
- named_captures.fetch("source")
305
+ source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")
310
306
  raise Dependabot::PrivateSourceAuthenticationFailure, source
311
307
  elsif error.message.match?(SOURCE_TIMED_OUT_REGEX)
312
- url = error.message.match(SOURCE_TIMED_OUT_REGEX).
313
- named_captures.fetch("url")
308
+ url = error.message.match(SOURCE_TIMED_OUT_REGEX).named_captures.fetch("url")
314
309
  raise if url.include?("packagist.org")
315
310
 
316
311
  source = url.gsub(%r{/packages.json$}, "")
@@ -336,6 +331,11 @@ module Dependabot
336
331
  #
337
332
  # Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
338
333
  nil
334
+ elsif error.message.include?("does not match the expected JSON schema")
335
+ msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
336
+ "Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
337
+ "See https://getcomposer.org/doc/04-schema.md for details on the schema."
338
+ raise Dependabot::DependencyFileNotParseable, msg
339
339
  else
340
340
  raise error
341
341
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.148.6
4
+ version: 0.149.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-21 00:00:00.000000000 Z
11
+ date: 2021-05-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.148.6
19
+ version: 0.149.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.148.6
26
+ version: 0.149.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement