dependabot-composer 0.148.6 → 0.149.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6860a87595a4fba08c6a2d479d0cfc4600282fc9592881d3383a58bbc5bb5c4b
|
4
|
+
data.tar.gz: b351759e582036db2369e8889ed51037b7b0fff671be830742af77108a25a368
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c643260bec7e1267e701b4bf8809b1d0a4122aa7da50f150fd871b50c1a44f448430fb7b8b7d11a1de2d2148b6fbfe93e430a3d3c942dcbbb46a6f562864e430
|
7
|
+
data.tar.gz: a7d5e4f2e3318a6666f86e9b729f5f41c16fe92f72a4656b11460494e4e6a68ce4eb11ea9fbc1f55eb0bc73cfe732dbaa99a0fcbfaf963b9b2d8feebe4943f75
|
@@ -75,7 +75,7 @@ module Dependabot
|
|
75
75
|
end
|
76
76
|
|
77
77
|
def filter_lower_versions(versions_array)
|
78
|
-
return versions_array unless dependency.version
|
78
|
+
return versions_array unless dependency.version && version_class.correct?(dependency.version)
|
79
79
|
|
80
80
|
versions_array.
|
81
81
|
select { |version| version > version_class.new(dependency.version) }
|
@@ -37,6 +37,8 @@ module Dependabot
|
|
37
37
|
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
|
38
38
|
SOURCE_TIMED_OUT_REGEX =
|
39
39
|
/The "(?<url>[^"]+packages\.json)".*timed out/.freeze
|
40
|
+
FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --mirror[^']*'(?<url>.*?)'/.freeze
|
41
|
+
FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
|
40
42
|
|
41
43
|
def initialize(credentials:, dependency:, dependency_files:,
|
42
44
|
requirements_to_unlock:, latest_allowable_version:)
|
@@ -244,15 +246,11 @@ module Dependabot
|
|
244
246
|
raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
|
245
247
|
end
|
246
248
|
|
247
|
-
if error.message.
|
248
|
-
dependency_url =
|
249
|
-
error.message.match(/--mirror '(?<url>.*?)'/).
|
250
|
-
named_captures.fetch("url")
|
249
|
+
if error.message.match?(FAILED_GIT_CLONE_WITH_MIRROR)
|
250
|
+
dependency_url = error.message.match(FAILED_GIT_CLONE_WITH_MIRROR).named_captures.fetch("url")
|
251
251
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
252
|
-
elsif error.message.
|
253
|
-
dependency_url =
|
254
|
-
error.message.match(/Failed to clone (?<url>.*?) via/).
|
255
|
-
named_captures.fetch("url")
|
252
|
+
elsif error.message.match?(FAILED_GIT_CLONE)
|
253
|
+
dependency_url = error.message.match(FAILED_GIT_CLONE).named_captures.fetch("url")
|
256
254
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
257
255
|
elsif unresolvable_error?(error)
|
258
256
|
raise Dependabot::DependencyFileNotResolvable, sanitized_message
|
@@ -304,13 +302,10 @@ module Dependabot
|
|
304
302
|
nil
|
305
303
|
elsif error.message.include?("URL required authentication") ||
|
306
304
|
error.message.include?("403 Forbidden")
|
307
|
-
source =
|
308
|
-
error.message.match(%r{https?://(?<source>[^/]+)/}).
|
309
|
-
named_captures.fetch("source")
|
305
|
+
source = error.message.match(%r{https?://(?<source>[^/]+)/}).named_captures.fetch("source")
|
310
306
|
raise Dependabot::PrivateSourceAuthenticationFailure, source
|
311
307
|
elsif error.message.match?(SOURCE_TIMED_OUT_REGEX)
|
312
|
-
url = error.message.match(SOURCE_TIMED_OUT_REGEX).
|
313
|
-
named_captures.fetch("url")
|
308
|
+
url = error.message.match(SOURCE_TIMED_OUT_REGEX).named_captures.fetch("url")
|
314
309
|
raise if url.include?("packagist.org")
|
315
310
|
|
316
311
|
source = url.gsub(%r{/packages.json$}, "")
|
@@ -336,6 +331,11 @@ module Dependabot
|
|
336
331
|
#
|
337
332
|
# Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
|
338
333
|
nil
|
334
|
+
elsif error.message.include?("does not match the expected JSON schema")
|
335
|
+
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
|
336
|
+
"Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
|
337
|
+
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
338
|
+
raise Dependabot::DependencyFileNotParseable, msg
|
339
339
|
else
|
340
340
|
raise error
|
341
341
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.149.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-05-
|
11
|
+
date: 2021-05-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.149.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.149.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|