dependabot-composer 0.211.0 → 0.213.0

data/lib/dependabot/composer/file_fetcher.rb

@@ -93,13 +93,13 @@ module Dependabot
       end
 
       def build_unfetchable_deps(unfetchable_deps)
-        unfetchable_deps.map do |path|
+        unfetchable_deps.filter_map do |path|
           PathDependencyBuilder.new(
             path: path,
             directory: directory,
             lockfile: composer_lock
           ).dependency_file
-        end.compact
+        end
       end
 
       def expand_path(path)

data/lib/dependabot/composer/file_updater/lockfile_updater.rb

@@ -30,13 +30,13 @@ module Dependabot
           %r{
             (?<=PHP\sextension\s)ext\-[^\s/]+\s.*?\s(?=is|but)|
             (?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=but)
-          }x.freeze
+          }x
         MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
           %r{
             (?<!with|for|by)\sext\-[^\s/]+\s.*?\s(?=->)|
             (?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=->)
-          }x.freeze
-        MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set/.freeze
+          }x
+        MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set/
 
         def initialize(dependencies:, dependency_files:, credentials:)
           @dependencies = dependencies
@@ -185,8 +185,7 @@ module Dependabot
           # NOTE: This matches an error message from composer plugins used to install ACF PRO
           # https://github.com/PhilippBaschke/acf-pro-installer/blob/772cec99c6ef8bc67ba6768419014cc60d141b27/src/ACFProInstaller/Exceptions/MissingKeyException.php#L14
           # https://github.com/pivvenit/acf-pro-installer/blob/f2d4812839ee2c333709b0ad4c6c134e4c25fd6d/src/Exceptions/MissingKeyException.php#L25
-          if error.message.start_with?("Could not find a key for ACF PRO") ||
-             error.message.start_with?("Could not find a license key for ACF PRO")
+          if error.message.start_with?("Could not find a key for ACF PRO", "Could not find a license key for ACF PRO")
             raise MissingEnvironmentVariable, "ACF_PRO_KEY"
           end
 
@@ -213,8 +212,8 @@ module Dependabot
 
           # NOTE: This error is raised by composer v1
           if error.message.include?("Argument 1 passed to Composer")
-            msg = "One of your Composer plugins is not compatible with the "\
-                  "latest version of Composer. Please update Composer and "\
+            msg = "One of your Composer plugins is not compatible with the " \
+                  "latest version of Composer. Please update Composer and " \
                   "try running `composer update` to debug further."
             raise DependencyFileNotResolvable, msg
           end
@@ -456,8 +455,7 @@ module Dependabot
         def credentials_env
           credentials.
             select { |c| c.fetch("type") == "php_environment_variable" }.
-            map { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }.
-            to_h
+            to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
         end
 
         def git_credentials

data/lib/dependabot/composer/helpers.rb

@@ -6,12 +6,12 @@ module Dependabot
   module Composer
     module Helpers
       # From composers json-schema: https://getcomposer.org/schema.json
-      COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
+      COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}
       # From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
       PLATFORM_PACKAGE_REGEX = /
         ^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
         |composer-(?:plugin|runtime)-api)$
-      /x.freeze
+      /x
 
       def self.composer_version(composer_json, parsed_lockfile = nil)
         if parsed_lockfile && parsed_lockfile["plugin-api-version"]

data/lib/dependabot/composer/metadata_finder.rb

@@ -18,7 +18,7 @@ module Dependabot
       def source_from_dependency
         source_url =
           dependency.requirements.
-          map { |r| r.fetch(:source) }.compact.
+          filter_map { |r| r.fetch(:source) }.
           first&.fetch(:url, nil)
 
         Source.from_url(source_url)

data/lib/dependabot/composer/requirement.rb

@@ -5,9 +5,8 @@ require "dependabot/utils"
 module Dependabot
   module Composer
     class Requirement < Gem::Requirement
-      AND_SEPARATOR =
-        /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
-      OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
+      AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
+      OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
 
       def self.parse(obj)
         new_obj = obj.gsub(/@\w+/, "").gsub(/[a-z0-9\-_\.]*\sas\s+/i, "")

data/lib/dependabot/composer/update_checker/latest_version_finder.rb

@@ -104,7 +104,7 @@ module Dependabot
 
           urls = repositories.
                  select { |h| h["type"] == "composer" }.
-                 map { |h| h["url"] }.compact.
+                 filter_map { |h| h["url"] }.
                  map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
 
           unless repositories.any? { |rep| rep["packagist.org"] == false }

data/lib/dependabot/composer/update_checker/requirements_updater.rb

@@ -13,13 +13,11 @@ module Dependabot
   module Composer
     class UpdateChecker
       class RequirementsUpdater
-        ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/.freeze
-        VERSION_REGEX =
-          /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/.freeze
-        AND_SEPARATOR =
-          /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
-        OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
-        SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
+        ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
+        VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
+        AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
+        OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
+        SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
         ALLOWED_UPDATE_STRATEGIES =
           %i(widen_ranges bump_versions bump_versions_if_necessary).freeze
 

data/lib/dependabot/composer/update_checker/version_resolver.rb

@@ -29,18 +29,18 @@ module Dependabot
           %r{
             (?<=PHP\sextension\s)ext\-[^\s\/]+\s.*?\s(?=is|but)|
             (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=but)
-          }x.freeze
+          }x
         MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
           %r{
             (?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
             (?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
             (?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
-          }x.freeze
-        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
+          }x
+        VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
         SOURCE_TIMED_OUT_REGEX =
-          /The "(?<url>[^"]+packages\.json)".*timed out/.freeze
-        FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'/.freeze
-        FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/.freeze
+          /The "(?<url>[^"]+packages\.json)".*timed out/
+        FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'/
+        FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/
 
         def initialize(credentials:, dependency:, dependency_files:,
                        requirements_to_unlock:, latest_allowable_version:)
@@ -198,7 +198,6 @@ module Dependabot
         end
 
         # rubocop:disable Metrics/PerceivedComplexity
-        # rubocop:disable Metrics/AbcSize
         def updated_version_requirement_string
           lower_bound =
             if requirements_to_unlock == :none
@@ -207,7 +206,7 @@ module Dependabot
               ">= #{dependency.version}"
             else
               version_for_requirement =
-                dependency.requirements.map { |r| r[:requirement] }.compact.
+                dependency.requirements.filter_map { |r| r[:requirement] }.
                 reject { |req_string| req_string.start_with?("<") }.
                 select { |req_string| req_string.match?(VERSION_REGEX) }.
                 map { |req_string| req_string.match(VERSION_REGEX) }.
@@ -232,7 +231,6 @@ module Dependabot
 
           lower_bound + ", <= #{latest_allowable_version}"
         end
-        # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/PerceivedComplexity
 
         # TODO: Extract error handling and share between the lockfile updater
@@ -290,8 +288,8 @@ module Dependabot
             raise Dependabot::DependencyFileNotResolvable, error.message
           elsif error.message.include?("No driver found to handle VCS") &&
                 !error.message.include?("@") && !error.message.include?("://")
-            msg = "Dependabot detected a VCS requirement with a local path, "\
-                  "rather than a URL. Dependabot does not support this "\
+            msg = "Dependabot detected a VCS requirement with a local path, " \
+                  "rather than a URL. Dependabot does not support this " \
                   "setup.\n\nThe underlying error was:\n\n#{error.message}"
             raise Dependabot::DependencyFileNotResolvable, msg
           elsif error.message.include?("requirements could not be resolved")
@@ -317,7 +315,7 @@ module Dependabot
 
             source = url.gsub(%r{/packages.json$}, "")
             raise Dependabot::PrivateSourceTimedOut, source
-          elsif error.message.start_with?("Allowed memory size") || error.message.start_with?("Out of memory")
+          elsif error.message.start_with?("Allowed memory size", "Out of memory")
             raise Dependabot::OutOfMemory
           elsif error.error_context[:process_termsig] == Dependabot::SharedHelpers::SIGKILL
             # If the helper was SIGKILL-ed, assume the OOMKiller did it
@@ -337,8 +335,8 @@ module Dependabot
             # Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
             nil
           elsif error.message.include?("does not match the expected JSON schema")
-            msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
-                  "Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
+            msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n" \
+                  "Run `composer validate` to check your composer.json and composer.lock files.\n\n" \
                   "See https://getcomposer.org/doc/04-schema.md for details on the schema."
             raise Dependabot::DependencyFileNotParseable, msg
           else

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.211.0
+  version: 0.213.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
+        version: 0.213.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
-- !ruby/object:Gem::Dependency
-  name: debase
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-- !ruby/object:Gem::Dependency
-  name: debase-ruby_core_source
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
+        version: 0.213.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
 - !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -241,12 +213,12 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- helpers/v1/.php_cs
+- helpers/v1/.php-cs-fixer.dist.php
 - helpers/v1/bin/run
 - helpers/v1/build
 - helpers/v1/composer.json
 - helpers/v1/composer.lock
-- helpers/v1/phpstan.neon
+- helpers/v1/phpstan.dist.neon
 - helpers/v1/src/DependabotInstallationManager.php
 - helpers/v1/src/DependabotPluginManager.php
 - helpers/v1/src/ExceptionIO.php
@@ -258,7 +230,7 @@ files:
 - helpers/v2/build
 - helpers/v2/composer.json
 - helpers/v2/composer.lock
-- helpers/v2/phpstan.neon
+- helpers/v2/phpstan.dist.neon
 - helpers/v2/src/DependabotPluginManager.php
 - helpers/v2/src/ExceptionIO.php
 - helpers/v2/src/Hasher.php
@@ -292,14 +264,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: PHP (Composer) support for dependabot