dependabot-composer 0.154.2 → 0.155.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/composer.lock +5 -5
- data/helpers/v2/composer.lock +5 -5
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +1 -1
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +4 -6
- data/lib/dependabot/composer/update_checker/version_resolver.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 39ada4ad6001e182c36be5e53885a5b04852e62c0f14b9baba45553970e56740
|
4
|
+
data.tar.gz: 797e76a6679129f8697ea3d1d1395e84b33432f3f24ee7af872cf8aa80642357
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b797f22b24502f442501458bb141658bc2e420940b055e6e4a7fcad86e7edb15ad6fcc93b7cd46b37a8a9eeba1db88e399a56a623c4faff68fb3d08a77895f7b
|
7
|
+
data.tar.gz: df6f7a0af0a97be52b29d44e3d20cc22364a746a2a4ac99c666bab16b762b54debd38fd7490fb0a74e8a387b0c17f324f3ea80107c6fd80a9a7fd0b1531aed21
|
data/helpers/v1/composer.lock
CHANGED
@@ -1835,16 +1835,16 @@
|
|
1835
1835
|
},
|
1836
1836
|
{
|
1837
1837
|
"name": "phpstan/phpstan",
|
1838
|
-
"version": "0.12.
|
1838
|
+
"version": "0.12.90",
|
1839
1839
|
"source": {
|
1840
1840
|
"type": "git",
|
1841
1841
|
"url": "https://github.com/phpstan/phpstan.git",
|
1842
|
-
"reference": "
|
1842
|
+
"reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
|
1843
1843
|
},
|
1844
1844
|
"dist": {
|
1845
1845
|
"type": "zip",
|
1846
|
-
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/
|
1847
|
-
"reference": "
|
1846
|
+
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
|
1847
|
+
"reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
|
1848
1848
|
"shasum": ""
|
1849
1849
|
},
|
1850
1850
|
"require": {
|
@@ -1891,7 +1891,7 @@
|
|
1891
1891
|
"type": "tidelift"
|
1892
1892
|
}
|
1893
1893
|
],
|
1894
|
-
"time": "2021-06-
|
1894
|
+
"time": "2021-06-18T07:15:38+00:00"
|
1895
1895
|
},
|
1896
1896
|
{
|
1897
1897
|
"name": "psr/event-dispatcher",
|
data/helpers/v2/composer.lock
CHANGED
@@ -1989,16 +1989,16 @@
|
|
1989
1989
|
},
|
1990
1990
|
{
|
1991
1991
|
"name": "phpstan/phpstan",
|
1992
|
-
"version": "0.12.
|
1992
|
+
"version": "0.12.90",
|
1993
1993
|
"source": {
|
1994
1994
|
"type": "git",
|
1995
1995
|
"url": "https://github.com/phpstan/phpstan.git",
|
1996
|
-
"reference": "
|
1996
|
+
"reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4"
|
1997
1997
|
},
|
1998
1998
|
"dist": {
|
1999
1999
|
"type": "zip",
|
2000
|
-
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/
|
2001
|
-
"reference": "
|
2000
|
+
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/f0e4b56630fc3d4eb5be86606d07212ac212ede4",
|
2001
|
+
"reference": "f0e4b56630fc3d4eb5be86606d07212ac212ede4",
|
2002
2002
|
"shasum": ""
|
2003
2003
|
},
|
2004
2004
|
"require": {
|
@@ -2045,7 +2045,7 @@
|
|
2045
2045
|
"type": "tidelift"
|
2046
2046
|
}
|
2047
2047
|
],
|
2048
|
-
"time": "2021-06-
|
2048
|
+
"time": "2021-06-18T07:15:38+00:00"
|
2049
2049
|
},
|
2050
2050
|
{
|
2051
2051
|
"name": "psr/cache",
|
@@ -321,7 +321,7 @@ module Dependabot
|
|
321
321
|
fetch(keys[:lockfile], []).
|
322
322
|
find { |d| d["name"] == name }&.
|
323
323
|
dig("source", "reference")
|
324
|
-
updated_req_parts = req.split
|
324
|
+
updated_req_parts = req.split
|
325
325
|
updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
|
326
326
|
json[keys[:manifest]][name] = updated_req_parts.join(" ")
|
327
327
|
end
|
@@ -4,6 +4,7 @@ require "excon"
|
|
4
4
|
require "json"
|
5
5
|
|
6
6
|
require "dependabot/composer/update_checker"
|
7
|
+
require "dependabot/update_checkers/version_filters"
|
7
8
|
require "dependabot/shared_helpers"
|
8
9
|
require "dependabot/errors"
|
9
10
|
|
@@ -45,9 +46,11 @@ module Dependabot
|
|
45
46
|
def fetch_lowest_security_fix_version
|
46
47
|
versions = available_versions
|
47
48
|
versions = filter_prerelease_versions(versions)
|
48
|
-
versions = filter_vulnerable_versions(versions
|
49
|
+
versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
|
50
|
+
security_advisories)
|
49
51
|
versions = filter_ignored_versions(versions)
|
50
52
|
versions = filter_lower_versions(versions)
|
53
|
+
|
51
54
|
versions.min
|
52
55
|
end
|
53
56
|
|
@@ -69,11 +72,6 @@ module Dependabot
|
|
69
72
|
filtered
|
70
73
|
end
|
71
74
|
|
72
|
-
def filter_vulnerable_versions(versions_array)
|
73
|
-
versions_array.
|
74
|
-
reject { |v| security_advisories.any? { |a| a.vulnerable?(v) } }
|
75
|
-
end
|
76
|
-
|
77
75
|
def filter_lower_versions(versions_array)
|
78
76
|
return versions_array unless dependency.version && version_class.correct?(dependency.version)
|
79
77
|
|
@@ -186,7 +186,7 @@ module Dependabot
|
|
186
186
|
fetch(keys[:lockfile], []).
|
187
187
|
find { |d| d["name"] == name }&.
|
188
188
|
dig("source", "reference")
|
189
|
-
updated_req_parts = req.split
|
189
|
+
updated_req_parts = req.split
|
190
190
|
updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
|
191
191
|
json[keys[:manifest]][name] = updated_req_parts.join(" ")
|
192
192
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.155.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-06-
|
11
|
+
date: 2021-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.155.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.155.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|