dependabot-composer 0.154.1 → 0.155.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/composer.lock +5 -5
  3. data/helpers/v2/composer.lock +5 -5
  4. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +1 -1
  5. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +4 -6
  6. data/lib/dependabot/composer/update_checker/version_resolver.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 28cb416992fb99eed45c632cb598c7387e7ee6f4e1339b29201e2a4971f628c5
4
- data.tar.gz: 7e36c3d19fab24df103a5086c337fbb3a72cbc4cc51ed2b758884734de83e6fb
3
+ metadata.gz: 25c69bc4fe60ac1dad962f729604ce0e41fbbadbc782c830b6e77207adc88ca5
4
+ data.tar.gz: f11d8363f995f72b4f7f35d0f2de6e8d3081237d6fe4b031199df69fcac160db
5
5
  SHA512:
6
- metadata.gz: 54323c2cfa08f31b96d5ff3f913fb041eac6435783fe8598249e2da4e81d8c3611ed0797b729f7d38b334eb03753b1129599eaef8074cf86936f9ae159c65adc
7
- data.tar.gz: 9e8d2a616001fa70a27d280a1a64fe6e8eb94b1b234b054cb565e53c6da3e33ae4dee1b50df84eff6e0a2a865830b2069d8e9793d390cad99e0390d19d373ebe
6
+ metadata.gz: 6fea90b2bcb1a6bdca3332c9367b8c2716c13f6c83b6b9854c358dc622b1377d1a8e1b66693538df81ed9f194efd42b364ec389c034418757c87ae2ac0aff8f6
7
+ data.tar.gz: 19c36ca09ce59ccdb20ca86ac79cf1cd8304163569cb7f6831aea2a9d269f81fb69469658c289d60dbebe465464c4d0c6ae5ffd68e7a3370e5c79ebd26f98bcc
data/helpers/v1/composer.lock CHANGED
@@ -1835,16 +1835,16 @@
1835
1835
  },
1836
1836
  {
1837
1837
  "name": "phpstan/phpstan",
1838
- "version": "0.12.89",
1838
+ "version": "0.12.90",
1839
1839
  "source": {
1840
1840
  "type": "git",
1841
1841
  "url": "https://github.com/phpstan/phpstan.git",
1842
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1842
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1843
1843
  },
1844
1844
  "dist": {
1845
1845
  "type": "zip",
1846
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
1847
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
1846
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1847
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
1848
1848
  "shasum": ""
1849
1849
  },
1850
1850
  "require": {
@@ -1891,7 +1891,7 @@
1891
1891
  "type": "tidelift"
1892
1892
  }
1893
1893
  ],
1894
- "time": "2021-06-09T20:23:49+00:00"
1894
+ "time": "2021-06-18T07:15:38+00:00"
1895
1895
  },
1896
1896
  {
1897
1897
  "name": "psr/event-dispatcher",
data/helpers/v2/composer.lock CHANGED
@@ -1989,16 +1989,16 @@
1989
1989
  },
1990
1990
  {
1991
1991
  "name": "phpstan/phpstan",
1992
- "version": "0.12.89",
1992
+ "version": "0.12.90",
1993
1993
  "source": {
1994
1994
  "type": "git",
1995
1995
  "url": "https://github.com/phpstan/phpstan.git",
1996
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542"
1996
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
1997
1997
  },
1998
1998
  "dist": {
1999
1999
  "type": "zip",
2000
- "url": "https://api.github.com/repos/phpstan/phpstan/zipball/54c0f5a6c30511b77128d58b6369f718df250542",
2001
- "reference": "54c0f5a6c30511b77128d58b6369f718df250542",
2000
+ "url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2001
+ "reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
2002
2002
  "shasum": ""
2003
2003
  },
2004
2004
  "require": {
@@ -2045,7 +2045,7 @@
2045
2045
  "type": "tidelift"
2046
2046
  }
2047
2047
  ],
2048
- "time": "2021-06-09T20:23:49+00:00"
2048
+ "time": "2021-06-18T07:15:38+00:00"
2049
2049
  },
2050
2050
  {
2051
2051
  "name": "psr/cache",
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -321,7 +321,7 @@ module Dependabot
321
321
  fetch(keys[:lockfile], []).
322
322
  find { |d| d["name"] == name }&.
323
323
  dig("source", "reference")
324
- updated_req_parts = req.split(" ")
324
+ updated_req_parts = req.split
325
325
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
326
326
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
327
327
  end
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -4,6 +4,7 @@ require "excon"
4
4
  require "json"
5
5
 
6
6
  require "dependabot/composer/update_checker"
7
+ require "dependabot/update_checkers/version_filters"
7
8
  require "dependabot/shared_helpers"
8
9
  require "dependabot/errors"
9
10
 
@@ -45,9 +46,11 @@ module Dependabot
45
46
  def fetch_lowest_security_fix_version
46
47
  versions = available_versions
47
48
  versions = filter_prerelease_versions(versions)
48
- versions = filter_vulnerable_versions(versions)
49
+ versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
50
+ security_advisories)
49
51
  versions = filter_ignored_versions(versions)
50
52
  versions = filter_lower_versions(versions)
53
+
51
54
  versions.min
52
55
  end
53
56
 
@@ -69,11 +72,6 @@ module Dependabot
69
72
  filtered
70
73
  end
71
74
 
72
- def filter_vulnerable_versions(versions_array)
73
- versions_array.
74
- reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
75
- end
76
-
77
75
  def filter_lower_versions(versions_array)
78
76
  return versions_array unless dependency.version && version_class.correct?(dependency.version)
79
77
 
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -186,7 +186,7 @@ module Dependabot
186
186
  fetch(keys[:lockfile], []).
187
187
  find { |d| d["name"] == name }&.
188
188
  dig("source", "reference")
189
- updated_req_parts = req.split(" ")
189
+ updated_req_parts = req.split
190
190
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
191
191
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
192
192
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.154.1
4
+ version: 0.155.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-16 00:00:00.000000000 Z
11
+ date: 2021-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.154.1
19
+ version: 0.155.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.154.1
26
+ version: 0.155.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement