RubyGems - dependabot-composer - Versions diffs - 0.148.6 → 0.149.0 - Mend

dependabot-composer 0.148.6 → 0.149.0

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/dependabot/composer/update_checker/latest_version_finder.rb +1 -1
data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -13
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 186ba5c11b26d71c423f55d6d4f68353d7069eeed3f58bb666dd4d19bec6e22b
-  data.tar.gz: 305be883767c691aad2afcc8b6bcedbd38cb70fb55e11324ccb2c86a28f7e5e3
+  metadata.gz: 6860a87595a4fba08c6a2d479d0cfc4600282fc9592881d3383a58bbc5bb5c4b
+  data.tar.gz: b351759e582036db2369e8889ed51037b7b0fff671be830742af77108a25a368
 SHA512:
-  metadata.gz: a5f5a115c35c4a0cc0a5932d8218cbdf8c43c1ec99fcd713e68e990a9a8f4f386f58abb95da2ac18e3d2a341966da7cd4ab24f7514c011f526f60086c2469471
-  data.tar.gz: 229ece24b5b1397ca2acc802d4a5d294c2247139add639a1b4090438364f6980566fbf89d4e4d9d1a07c8d2b82bfc6120608085888c4a7f4cada5dfe8413381f
+  metadata.gz: c643260bec7e1267e701b4bf8809b1d0a4122aa7da50f150fd871b50c1a44f448430fb7b8b7d11a1de2d2148b6fbfe93e430a3d3c942dcbbb46a6f562864e430
+  data.tar.gz: a7d5e4f2e3318a6666f86e9b729f5f41c16fe92f72a4656b11460494e4e6a68ce4eb11ea9fbc1f55eb0bc73cfe732dbaa99a0fcbfaf963b9b2d8feebe4943f75

data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED Viewed

@@ -75,7 +75,7 @@ module Dependabot
         end
         def filter_lower_versions(versions_array)
-          return versions_array unless dependency.version
+          return versions_array unless dependency.version && version_class.correct?(dependency.version)
           versions_array.
             select { |version| version > version_class.new(dependency.version) }

data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED Viewed

@@ -37,6 +37,8 @@ module Dependabot
         VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
         SOURCE_TIMED_OUT_REGEX =
           /The "(?<url>[^"]+packages\.json)".*timed out/.freeze
+        FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --mirror[^']*'(?<url>.*?)'/.freeze
+        FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
         def initialize(credentials:, dependency:, dependency_files:,
                        requirements_to_unlock:, latest_allowable_version:)
@@ -244,15 +246,11 @@ module Dependabot
             raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
           end
-          if error.message.start_with?("Failed to execute git clone")
-            dependency_url =
-              error.message.match(/--mirror '(?<url>.*?)'/).
-              named_captures.fetch("url")
+          if error.message.match?(FAILED_GIT_CLONE_WITH_MIRROR)
+            dependency_url = error.message.match(FAILED_GIT_CLONE_WITH_MIRROR).named_captures.fetch("url")
             raise Dependabot::GitDependenciesNotReachable, dependency_url
-          elsif error.message.start_with?("Failed to clone")
-            dependency_url =
-              error.message.match(/Failed to clone (?<url>.*?) via/).
-              named_captures.fetch("url")
+          elsif error.message.match?(FAILED_GIT_CLONE)
+            dependency_url = error.message.match(FAILED_GIT_CLONE).named_captures.fetch("url")
             raise Dependabot::GitDependenciesNotReachable, dependency_url
           elsif unresolvable_error?(error)
             raise Dependabot::DependencyFileNotResolvable, sanitized_message
@@ -304,13 +302,10 @@ module Dependabot
             nil
           elsif error.message.include?("URL required authentication") ||
                 error.message.include?("403 Forbidden")
-            source =
-              error.message.match(%r{https?://(?<source>[^/]+)/}).
-              named_captures.fetch("source")
+            source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")
             raise Dependabot::PrivateSourceAuthenticationFailure, source
           elsif error.message.match?(SOURCE_TIMED_OUT_REGEX)
-            url = error.message.match(SOURCE_TIMED_OUT_REGEX).
-                  named_captures.fetch("url")
+            url = error.message.match(SOURCE_TIMED_OUT_REGEX).named_captures.fetch("url")
             raise if url.include?("packagist.org")
             source = url.gsub(%r{/packages.json$}, "")
@@ -336,6 +331,11 @@ module Dependabot
             #
             # Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
             nil
+          elsif error.message.include?("does not match the expected JSON schema")
+            msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
+                  "Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
+                  "See https://getcomposer.org/doc/04-schema.md for details on the schema."
+            raise Dependabot::DependencyFileNotParseable, msg
           else
             raise error
           end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.148.6
+  version: 0.149.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-21 00:00:00.000000000 Z
+date: 2021-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.6
+        version: 0.149.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.148.6
+        version: 0.149.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement