dependabot-composer 0.211.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/{.php_cs → .php-cs-fixer.dist.php} +4 -4
- data/helpers/v1/build +2 -2
- data/helpers/v1/composer.json +5 -2
- data/helpers/v1/composer.lock +149 -151
- data/helpers/v1/{phpstan.neon → phpstan.dist.neon} +0 -0
- data/helpers/v2/build +1 -1
- data/helpers/v2/composer.json +3 -0
- data/helpers/v2/composer.lock +253 -102
- data/helpers/v2/{phpstan.neon → phpstan.dist.neon} +0 -0
- data/lib/dependabot/composer/file_fetcher.rb +2 -2
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +7 -9
- data/lib/dependabot/composer/helpers.rb +2 -2
- data/lib/dependabot/composer/metadata_finder.rb +1 -1
- data/lib/dependabot/composer/requirement.rb +2 -3
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +1 -1
- data/lib/dependabot/composer/update_checker/requirements_updater.rb +5 -7
- data/lib/dependabot/composer/update_checker/version_resolver.rb +12 -14
- metadata +17 -45
File without changes
|
@@ -93,13 +93,13 @@ module Dependabot
|
|
93
93
|
end
|
94
94
|
|
95
95
|
def build_unfetchable_deps(unfetchable_deps)
|
96
|
-
unfetchable_deps.
|
96
|
+
unfetchable_deps.filter_map do |path|
|
97
97
|
PathDependencyBuilder.new(
|
98
98
|
path: path,
|
99
99
|
directory: directory,
|
100
100
|
lockfile: composer_lock
|
101
101
|
).dependency_file
|
102
|
-
end
|
102
|
+
end
|
103
103
|
end
|
104
104
|
|
105
105
|
def expand_path(path)
|
@@ -30,13 +30,13 @@ module Dependabot
|
|
30
30
|
%r{
|
31
31
|
(?<=PHP\sextension\s)ext\-[^\s/]+\s.*?\s(?=is|but)|
|
32
32
|
(?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=but)
|
33
|
-
}x
|
33
|
+
}x
|
34
34
|
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
35
35
|
%r{
|
36
36
|
(?<!with|for|by)\sext\-[^\s/]+\s.*?\s(?=->)|
|
37
37
|
(?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=->)
|
38
|
-
}x
|
39
|
-
MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set
|
38
|
+
}x
|
39
|
+
MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set/
|
40
40
|
|
41
41
|
def initialize(dependencies:, dependency_files:, credentials:)
|
42
42
|
@dependencies = dependencies
|
@@ -185,8 +185,7 @@ module Dependabot
|
|
185
185
|
# NOTE: This matches an error message from composer plugins used to install ACF PRO
|
186
186
|
# https://github.com/PhilippBaschke/acf-pro-installer/blob/772cec99c6ef8bc67ba6768419014cc60d141b27/src/ACFProInstaller/Exceptions/MissingKeyException.php#L14
|
187
187
|
# https://github.com/pivvenit/acf-pro-installer/blob/f2d4812839ee2c333709b0ad4c6c134e4c25fd6d/src/Exceptions/MissingKeyException.php#L25
|
188
|
-
if error.message.start_with?("Could not find a key for ACF PRO")
|
189
|
-
error.message.start_with?("Could not find a license key for ACF PRO")
|
188
|
+
if error.message.start_with?("Could not find a key for ACF PRO", "Could not find a license key for ACF PRO")
|
190
189
|
raise MissingEnvironmentVariable, "ACF_PRO_KEY"
|
191
190
|
end
|
192
191
|
|
@@ -213,8 +212,8 @@ module Dependabot
|
|
213
212
|
|
214
213
|
# NOTE: This error is raised by composer v1
|
215
214
|
if error.message.include?("Argument 1 passed to Composer")
|
216
|
-
msg = "One of your Composer plugins is not compatible with the "\
|
217
|
-
"latest version of Composer. Please update Composer and "\
|
215
|
+
msg = "One of your Composer plugins is not compatible with the " \
|
216
|
+
"latest version of Composer. Please update Composer and " \
|
218
217
|
"try running `composer update` to debug further."
|
219
218
|
raise DependencyFileNotResolvable, msg
|
220
219
|
end
|
@@ -456,8 +455,7 @@ module Dependabot
|
|
456
455
|
def credentials_env
|
457
456
|
credentials.
|
458
457
|
select { |c| c.fetch("type") == "php_environment_variable" }.
|
459
|
-
|
460
|
-
to_h
|
458
|
+
to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
|
461
459
|
end
|
462
460
|
|
463
461
|
def git_credentials
|
@@ -6,12 +6,12 @@ module Dependabot
|
|
6
6
|
module Composer
|
7
7
|
module Helpers
|
8
8
|
# From composers json-schema: https://getcomposer.org/schema.json
|
9
|
-
COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}
|
9
|
+
COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}
|
10
10
|
# From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
|
11
11
|
PLATFORM_PACKAGE_REGEX = /
|
12
12
|
^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
|
13
13
|
|composer-(?:plugin|runtime)-api)$
|
14
|
-
/x
|
14
|
+
/x
|
15
15
|
|
16
16
|
def self.composer_version(composer_json, parsed_lockfile = nil)
|
17
17
|
if parsed_lockfile && parsed_lockfile["plugin-api-version"]
|
@@ -5,9 +5,8 @@ require "dependabot/utils"
|
|
5
5
|
module Dependabot
|
6
6
|
module Composer
|
7
7
|
class Requirement < Gem::Requirement
|
8
|
-
AND_SEPARATOR =
|
9
|
-
|
10
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
|
8
|
+
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
9
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
11
10
|
|
12
11
|
def self.parse(obj)
|
13
12
|
new_obj = obj.gsub(/@\w+/, "").gsub(/[a-z0-9\-_\.]*\sas\s+/i, "")
|
@@ -104,7 +104,7 @@ module Dependabot
|
|
104
104
|
|
105
105
|
urls = repositories.
|
106
106
|
select { |h| h["type"] == "composer" }.
|
107
|
-
|
107
|
+
filter_map { |h| h["url"] }.
|
108
108
|
map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
|
109
109
|
|
110
110
|
unless repositories.any? { |rep| rep["packagist.org"] == false }
|
@@ -13,13 +13,11 @@ module Dependabot
|
|
13
13
|
module Composer
|
14
14
|
class UpdateChecker
|
15
15
|
class RequirementsUpdater
|
16
|
-
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s
|
17
|
-
VERSION_REGEX =
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
|
22
|
-
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
|
16
|
+
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
|
17
|
+
VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
|
18
|
+
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
19
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
20
|
+
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
|
23
21
|
ALLOWED_UPDATE_STRATEGIES =
|
24
22
|
%i(widen_ranges bump_versions bump_versions_if_necessary).freeze
|
25
23
|
|
@@ -29,18 +29,18 @@ module Dependabot
|
|
29
29
|
%r{
|
30
30
|
(?<=PHP\sextension\s)ext\-[^\s\/]+\s.*?\s(?=is|but)|
|
31
31
|
(?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=but)
|
32
|
-
}x
|
32
|
+
}x
|
33
33
|
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
34
34
|
%r{
|
35
35
|
(?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
|
36
36
|
(?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
|
37
37
|
(?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
|
38
|
-
}x
|
39
|
-
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)
|
38
|
+
}x
|
39
|
+
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
|
40
40
|
SOURCE_TIMED_OUT_REGEX =
|
41
|
-
/The "(?<url>[^"]+packages\.json)".*timed out
|
42
|
-
FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'
|
43
|
-
FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via
|
41
|
+
/The "(?<url>[^"]+packages\.json)".*timed out/
|
42
|
+
FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'/
|
43
|
+
FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/
|
44
44
|
|
45
45
|
def initialize(credentials:, dependency:, dependency_files:,
|
46
46
|
requirements_to_unlock:, latest_allowable_version:)
|
@@ -198,7 +198,6 @@ module Dependabot
|
|
198
198
|
end
|
199
199
|
|
200
200
|
# rubocop:disable Metrics/PerceivedComplexity
|
201
|
-
# rubocop:disable Metrics/AbcSize
|
202
201
|
def updated_version_requirement_string
|
203
202
|
lower_bound =
|
204
203
|
if requirements_to_unlock == :none
|
@@ -207,7 +206,7 @@ module Dependabot
|
|
207
206
|
">= #{dependency.version}"
|
208
207
|
else
|
209
208
|
version_for_requirement =
|
210
|
-
dependency.requirements.
|
209
|
+
dependency.requirements.filter_map { |r| r[:requirement] }.
|
211
210
|
reject { |req_string| req_string.start_with?("<") }.
|
212
211
|
select { |req_string| req_string.match?(VERSION_REGEX) }.
|
213
212
|
map { |req_string| req_string.match(VERSION_REGEX) }.
|
@@ -232,7 +231,6 @@ module Dependabot
|
|
232
231
|
|
233
232
|
lower_bound + ", <= #{latest_allowable_version}"
|
234
233
|
end
|
235
|
-
# rubocop:enable Metrics/AbcSize
|
236
234
|
# rubocop:enable Metrics/PerceivedComplexity
|
237
235
|
|
238
236
|
# TODO: Extract error handling and share between the lockfile updater
|
@@ -290,8 +288,8 @@ module Dependabot
|
|
290
288
|
raise Dependabot::DependencyFileNotResolvable, error.message
|
291
289
|
elsif error.message.include?("No driver found to handle VCS") &&
|
292
290
|
!error.message.include?("@") && !error.message.include?("://")
|
293
|
-
msg = "Dependabot detected a VCS requirement with a local path, "\
|
294
|
-
"rather than a URL. Dependabot does not support this "\
|
291
|
+
msg = "Dependabot detected a VCS requirement with a local path, " \
|
292
|
+
"rather than a URL. Dependabot does not support this " \
|
295
293
|
"setup.\n\nThe underlying error was:\n\n#{error.message}"
|
296
294
|
raise Dependabot::DependencyFileNotResolvable, msg
|
297
295
|
elsif error.message.include?("requirements could not be resolved")
|
@@ -317,7 +315,7 @@ module Dependabot
|
|
317
315
|
|
318
316
|
source = url.gsub(%r{/packages.json$}, "")
|
319
317
|
raise Dependabot::PrivateSourceTimedOut, source
|
320
|
-
elsif error.message.start_with?("Allowed memory size"
|
318
|
+
elsif error.message.start_with?("Allowed memory size", "Out of memory")
|
321
319
|
raise Dependabot::OutOfMemory
|
322
320
|
elsif error.error_context[:process_termsig] == Dependabot::SharedHelpers::SIGKILL
|
323
321
|
# If the helper was SIGKILL-ed, assume the OOMKiller did it
|
@@ -337,8 +335,8 @@ module Dependabot
|
|
337
335
|
# Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
|
338
336
|
nil
|
339
337
|
elsif error.message.include?("does not match the expected JSON schema")
|
340
|
-
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
|
341
|
-
"Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
|
338
|
+
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n" \
|
339
|
+
"Run `composer validate` to check your composer.json and composer.lock files.\n\n" \
|
342
340
|
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
343
341
|
raise Dependabot::DependencyFileNotParseable, msg
|
344
342
|
else
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.213.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,42 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.213.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: debase
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.3
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.3
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: debase-ruby_core_source
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - '='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.10.16
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - '='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.10.16
|
26
|
+
version: 0.213.0
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: debug
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +58,14 @@ dependencies:
|
|
86
58
|
requirements:
|
87
59
|
- - "~>"
|
88
60
|
- !ruby/object:Gem::Version
|
89
|
-
version: 3.
|
61
|
+
version: 3.13.0
|
90
62
|
type: :development
|
91
63
|
prerelease: false
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
93
65
|
requirements:
|
94
66
|
- - "~>"
|
95
67
|
- !ruby/object:Gem::Version
|
96
|
-
version: 3.
|
68
|
+
version: 3.13.0
|
97
69
|
- !ruby/object:Gem::Dependency
|
98
70
|
name: rake
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,28 +114,28 @@ dependencies:
|
|
142
114
|
requirements:
|
143
115
|
- - "~>"
|
144
116
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
117
|
+
version: 1.37.1
|
146
118
|
type: :development
|
147
119
|
prerelease: false
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
149
121
|
requirements:
|
150
122
|
- - "~>"
|
151
123
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
124
|
+
version: 1.37.1
|
153
125
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
126
|
+
name: rubocop-performance
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
156
128
|
requirements:
|
157
129
|
- - "~>"
|
158
130
|
- !ruby/object:Gem::Version
|
159
|
-
version:
|
131
|
+
version: 1.15.0
|
160
132
|
type: :development
|
161
133
|
prerelease: false
|
162
134
|
version_requirements: !ruby/object:Gem::Requirement
|
163
135
|
requirements:
|
164
136
|
- - "~>"
|
165
137
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
138
|
+
version: 1.15.0
|
167
139
|
- !ruby/object:Gem::Dependency
|
168
140
|
name: simplecov
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -241,12 +213,12 @@ executables: []
|
|
241
213
|
extensions: []
|
242
214
|
extra_rdoc_files: []
|
243
215
|
files:
|
244
|
-
- helpers/v1/.
|
216
|
+
- helpers/v1/.php-cs-fixer.dist.php
|
245
217
|
- helpers/v1/bin/run
|
246
218
|
- helpers/v1/build
|
247
219
|
- helpers/v1/composer.json
|
248
220
|
- helpers/v1/composer.lock
|
249
|
-
- helpers/v1/phpstan.neon
|
221
|
+
- helpers/v1/phpstan.dist.neon
|
250
222
|
- helpers/v1/src/DependabotInstallationManager.php
|
251
223
|
- helpers/v1/src/DependabotPluginManager.php
|
252
224
|
- helpers/v1/src/ExceptionIO.php
|
@@ -258,7 +230,7 @@ files:
|
|
258
230
|
- helpers/v2/build
|
259
231
|
- helpers/v2/composer.json
|
260
232
|
- helpers/v2/composer.lock
|
261
|
-
- helpers/v2/phpstan.neon
|
233
|
+
- helpers/v2/phpstan.dist.neon
|
262
234
|
- helpers/v2/src/DependabotPluginManager.php
|
263
235
|
- helpers/v2/src/ExceptionIO.php
|
264
236
|
- helpers/v2/src/Hasher.php
|
@@ -292,14 +264,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
292
264
|
requirements:
|
293
265
|
- - ">="
|
294
266
|
- !ruby/object:Gem::Version
|
295
|
-
version:
|
267
|
+
version: 3.1.0
|
296
268
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
297
269
|
requirements:
|
298
270
|
- - ">="
|
299
271
|
- !ruby/object:Gem::Version
|
300
|
-
version:
|
272
|
+
version: 3.1.0
|
301
273
|
requirements: []
|
302
|
-
rubygems_version: 3.
|
274
|
+
rubygems_version: 3.3.7
|
303
275
|
signing_key:
|
304
276
|
specification_version: 4
|
305
277
|
summary: PHP (Composer) support for dependabot
|