dependabot-composer 0.154.0 → 0.154.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/composer.lock +5 -5
  3. data/helpers/v2/composer.lock +5 -5
  4. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +1 -1
  5. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +4 -6
  6. data/lib/dependabot/composer/update_checker/version_resolver.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e42513347f4d0f8a07ef529098c88c5f5029b3199ffba1e3ca2bc6497cd828e5
4
- data.tar.gz: 506c0b8080702e6d717ca7c361706e43060c4545da1133cfae9d10fb97e6b33f
3
+ metadata.gz: 76a31ad903137a4810b34a17ccb449d0c6e97f05a6fb74fac0db804d48b3c3ea
4
+ data.tar.gz: 59624eb4b935bbdc213ae9be95e6e3a732173747afb7f893eee132861f03d52d
5
5
  SHA512:
6
- metadata.gz: 823e4ba06c8617099e41c04f30a2acf24aa56805526b9bbe1eb5e0bacaf7478ef01c5feaac50f9142d2ea4dd618a4d6f4a8de276ada5c0fa4216145c639f8d34
7
- data.tar.gz: 839890291e8925193b454375858952541d4bd7a46b9ef93cb01818ae25e20b1dee939394758bba06858c15e3f9763d9ca68c7860465479bf91faef97cdda22be
6
+ metadata.gz: 5fafe03c27b309e8a7cd27ddfa0ebddecdb45b24da44584a0e355f7b8fd46a70fc2799841e9ffb1fbdf22859a09923ad856410eaa763c19057369b6a9436e589
7
+ data.tar.gz: 0d6fa4dbc077e0b60eefebfe73ba57219405551ebba2cd706b3f28b275507e4e03939cb21d646aa46744f30fd8ad34304380aacb40141fc47df25f38bcb21b37
data/helpers/v1/composer.lock CHANGED
@@ -1835,16 +1835,16 @@
1835
1835
  },
1836
1836
  {
1837
1837
  "name": "phpstan/phpstan",
1838
- "version": "0.12.89",
1838
+ "version": "0.12.90",
1839
1839
  "source": {
1840
1840
  "type": "git",
1841
1841
  "url": "https://github.com/phpstan/phpstan.git",
1842
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1842
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1843
1843
  },
1844
1844
  "dist": {
1845
1845
  "type": "zip",
1846
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
1847
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
1846
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1847
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1848
1848
  "shasum": ""
1849
1849
  },
1850
1850
  "require": {
@@ -1891,7 +1891,7 @@
1891
1891
  "type": "tidelift"
1892
1892
  }
1893
1893
  ],
1894
- "time": "2021-06-09T20:23:49+00:00"
1894
+ "time": "2021-06-18T07:15:38+00:00"
1895
1895
  },
1896
1896
  {
1897
1897
  "name": "psr/event-dispatcher",
data/helpers/v2/composer.lock CHANGED
@@ -1989,16 +1989,16 @@
1989
1989
  },
1990
1990
  {
1991
1991
  "name": "phpstan/phpstan",
1992
- "version": "0.12.89",
1992
+ "version": "0.12.90",
1993
1993
  "source": {
1994
1994
  "type": "git",
1995
1995
  "url": "https://github.com/phpstan/phpstan.git",
1996
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1996
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1997
1997
  },
1998
1998
  "dist": {
1999
1999
  "type": "zip",
2000
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
2001
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
2000
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2001
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2002
2002
  "shasum": ""
2003
2003
  },
2004
2004
  "require": {
@@ -2045,7 +2045,7 @@
2045
2045
  "type": "tidelift"
2046
2046
  }
2047
2047
  ],
2048
- "time": "2021-06-09T20:23:49+00:00"
2048
+ "time": "2021-06-18T07:15:38+00:00"
2049
2049
  },
2050
2050
  {
2051
2051
  "name": "psr/cache",
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -321,7 +321,7 @@ module Dependabot
321
321
  fetch(keys[:lockfile], []).
322
322
  find { |d| d["name"] == name }&.
323
323
  dig("source", "reference")
324
- updated_req_parts = req.split(" ")
324
+ updated_req_parts = req.split
325
325
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
326
326
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
327
327
  end
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -4,6 +4,7 @@ require "excon"
4
4
  require "json"
5
5
 
6
6
  require "dependabot/composer/update_checker"
7
+ require "dependabot/update_checkers/version_filters"
7
8
  require "dependabot/shared_helpers"
8
9
  require "dependabot/errors"
9
10
 
@@ -45,9 +46,11 @@ module Dependabot
45
46
  def fetch_lowest_security_fix_version
46
47
  versions = available_versions
47
48
  versions = filter_prerelease_versions(versions)
48
- versions = filter_vulnerable_versions(versions)
49
+ versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
50
+ security_advisories)
49
51
  versions = filter_ignored_versions(versions)
50
52
  versions = filter_lower_versions(versions)
53
+
51
54
  versions.min
52
55
  end
53
56
 
@@ -69,11 +72,6 @@ module Dependabot
69
72
  filtered
70
73
  end
71
74
 
72
- def filter_vulnerable_versions(versions_array)
73
- versions_array.
74
- reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
75
- end
76
-
77
75
  def filter_lower_versions(versions_array)
78
76
  return versions_array unless dependency.version && version_class.correct?(dependency.version)
79
77
 
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -186,7 +186,7 @@ module Dependabot
186
186
  fetch(keys[:lockfile], []).
187
187
  find { |d| d["name"] == name }&.
188
188
  dig("source", "reference")
189
- updated_req_parts = req.split(" ")
189
+ updated_req_parts = req.split
190
190
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
191
191
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
192
192
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.154.0
4
+ version: 0.154.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-15 00:00:00.000000000 Z
11
+ date: 2021-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.154.0
19
+ version: 0.154.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.154.0
26
+ version: 0.154.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement