dependabot-composer 0.153.0 → 0.154.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/composer.lock +5 -5
  3. data/helpers/v2/composer.lock +5 -5
  4. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +1 -1
  5. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +4 -6
  6. data/lib/dependabot/composer/update_checker/version_resolver.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce0ef098d6fd32f69af6c225af7b6560c0a612fe19d4babddb2e60859f091ffc
4
- data.tar.gz: 382b2491cdae17b529c1a26ce14833619dabb847f6b3298c4dce202e60ab48f9
3
+ metadata.gz: a08c594e462a1af5af3e685c473e44020ad56520d027cb242ee08c82b4853dd7
4
+ data.tar.gz: eed43b2703f54a7c30aa2d6cce489a86d99a372d2f6e0f0c3c5251ec47c671a9
5
5
  SHA512:
6
- metadata.gz: 3da1efd74850c0112a7fa8d749e909fb94a6ea1ee1370b19913d9d393a19cb073e1a0e7ce63f71bd7fa83807acbd4de3fa73045443d81138bf5f847467ec4913
7
- data.tar.gz: e69237d3439fbb2568b344543fef5f8a0d0c0bcefce6b5f74137affca75665792df5a4d40ec76bc7dd8aeedbac62a2e43baf14c13883999ebcc9d97d097b5dc9
6
+ metadata.gz: e9d016a360df4080f864606dfb5256f5d264a7c717fd7f262276e6527fac767b83634dfab6661bae7a692042dbf06abca2fe786e6c15958f7d4b55b2f2c3d730
7
+ data.tar.gz: 10fd0ee1ae31d604cea4eca706dbfa72a3b5e259fb360c05f69a0da65bb2da855d745d1ea627f28d838ee9f38a02a493803bd47599404e13644ea2bf8033b459
data/helpers/v1/composer.lock CHANGED
@@ -1835,16 +1835,16 @@
1835
1835
  },
1836
1836
  {
1837
1837
  "name": "phpstan/phpstan",
1838
- "version": "0.12.89",
1838
+ "version": "0.12.90",
1839
1839
  "source": {
1840
1840
  "type": "git",
1841
1841
  "url": "https://github.com/phpstan/phpstan.git",
1842
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1842
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1843
1843
  },
1844
1844
  "dist": {
1845
1845
  "type": "zip",
1846
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
1847
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
1846
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1847
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1848
1848
  "shasum": ""
1849
1849
  },
1850
1850
  "require": {
@@ -1891,7 +1891,7 @@
1891
1891
  "type": "tidelift"
1892
1892
  }
1893
1893
  ],
1894
- "time": "2021-06-09T20:23:49+00:00"
1894
+ "time": "2021-06-18T07:15:38+00:00"
1895
1895
  },
1896
1896
  {
1897
1897
  "name": "psr/event-dispatcher",
data/helpers/v2/composer.lock CHANGED
@@ -1989,16 +1989,16 @@
1989
1989
  },
1990
1990
  {
1991
1991
  "name": "phpstan/phpstan",
1992
- "version": "0.12.89",
1992
+ "version": "0.12.90",
1993
1993
  "source": {
1994
1994
  "type": "git",
1995
1995
  "url": "https://github.com/phpstan/phpstan.git",
1996
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1996
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1997
1997
  },
1998
1998
  "dist": {
1999
1999
  "type": "zip",
2000
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
2001
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
2000
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2001
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2002
2002
  "shasum": ""
2003
2003
  },
2004
2004
  "require": {
@@ -2045,7 +2045,7 @@
2045
2045
  "type": "tidelift"
2046
2046
  }
2047
2047
  ],
2048
- "time": "2021-06-09T20:23:49+00:00"
2048
+ "time": "2021-06-18T07:15:38+00:00"
2049
2049
  },
2050
2050
  {
2051
2051
  "name": "psr/cache",
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -321,7 +321,7 @@ module Dependabot
321
321
  fetch(keys[:lockfile], []).
322
322
  find { |d| d["name"] == name }&.
323
323
  dig("source", "reference")
324
- updated_req_parts = req.split(" ")
324
+ updated_req_parts = req.split
325
325
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
326
326
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
327
327
  end
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -4,6 +4,7 @@ require "excon"
4
4
  require "json"
5
5
 
6
6
  require "dependabot/composer/update_checker"
7
+ require "dependabot/update_checkers/version_filters"
7
8
  require "dependabot/shared_helpers"
8
9
  require "dependabot/errors"
9
10
 
@@ -45,9 +46,11 @@ module Dependabot
45
46
  def fetch_lowest_security_fix_version
46
47
  versions = available_versions
47
48
  versions = filter_prerelease_versions(versions)
48
- versions = filter_vulnerable_versions(versions)
49
+ versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
50
+ security_advisories)
49
51
  versions = filter_ignored_versions(versions)
50
52
  versions = filter_lower_versions(versions)
53
+
51
54
  versions.min
52
55
  end
53
56
 
@@ -69,11 +72,6 @@ module Dependabot
69
72
  filtered
70
73
  end
71
74
 
72
- def filter_vulnerable_versions(versions_array)
73
- versions_array.
74
- reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
75
- end
76
-
77
75
  def filter_lower_versions(versions_array)
78
76
  return versions_array unless dependency.version && version_class.correct?(dependency.version)
79
77
 
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -186,7 +186,7 @@ module Dependabot
186
186
  fetch(keys[:lockfile], []).
187
187
  find { |d| d["name"] == name }&.
188
188
  dig("source", "reference")
189
- updated_req_parts = req.split(" ")
189
+ updated_req_parts = req.split
190
190
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
191
191
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
192
192
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.153.0
4
+ version: 0.154.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-14 00:00:00.000000000 Z
11
+ date: 2021-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.153.0
19
+ version: 0.154.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.153.0
26
+ version: 0.154.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement