dependabot-composer 0.212.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/{.php_cs → .php-cs-fixer.dist.php} +4 -4
- data/helpers/v1/build +2 -2
- data/helpers/v1/composer.json +5 -2
- data/helpers/v1/composer.lock +149 -151
- data/helpers/v1/{phpstan.neon → phpstan.dist.neon} +0 -0
- data/helpers/v2/build +1 -1
- data/helpers/v2/composer.json +3 -0
- data/helpers/v2/composer.lock +253 -102
- data/helpers/v2/{phpstan.neon → phpstan.dist.neon} +0 -0
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +3 -3
- data/lib/dependabot/composer/helpers.rb +2 -2
- data/lib/dependabot/composer/requirement.rb +2 -3
- data/lib/dependabot/composer/update_checker/requirements_updater.rb +5 -7
- data/lib/dependabot/composer/update_checker/version_resolver.rb +6 -6
- metadata +16 -58
File without changes
|
@@ -30,13 +30,13 @@ module Dependabot
|
|
30
30
|
%r{
|
31
31
|
(?<=PHP\sextension\s)ext\-[^\s/]+\s.*?\s(?=is|but)|
|
32
32
|
(?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=but)
|
33
|
-
}x
|
33
|
+
}x
|
34
34
|
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
35
35
|
%r{
|
36
36
|
(?<!with|for|by)\sext\-[^\s/]+\s.*?\s(?=->)|
|
37
37
|
(?<=requires\s)php(?:\-[^\s/]+)?\s.*?\s(?=->)
|
38
|
-
}x
|
39
|
-
MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set
|
38
|
+
}x
|
39
|
+
MISSING_ENV_VAR_REGEX = /Environment variable '(?<env_var>.[^']+)' is not set/
|
40
40
|
|
41
41
|
def initialize(dependencies:, dependency_files:, credentials:)
|
42
42
|
@dependencies = dependencies
|
@@ -6,12 +6,12 @@ module Dependabot
|
|
6
6
|
module Composer
|
7
7
|
module Helpers
|
8
8
|
# From composers json-schema: https://getcomposer.org/schema.json
|
9
|
-
COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}
|
9
|
+
COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}
|
10
10
|
# From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
|
11
11
|
PLATFORM_PACKAGE_REGEX = /
|
12
12
|
^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
|
13
13
|
|composer-(?:plugin|runtime)-api)$
|
14
|
-
/x
|
14
|
+
/x
|
15
15
|
|
16
16
|
def self.composer_version(composer_json, parsed_lockfile = nil)
|
17
17
|
if parsed_lockfile && parsed_lockfile["plugin-api-version"]
|
@@ -5,9 +5,8 @@ require "dependabot/utils"
|
|
5
5
|
module Dependabot
|
6
6
|
module Composer
|
7
7
|
class Requirement < Gem::Requirement
|
8
|
-
AND_SEPARATOR =
|
9
|
-
|
10
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
|
8
|
+
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
9
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
11
10
|
|
12
11
|
def self.parse(obj)
|
13
12
|
new_obj = obj.gsub(/@\w+/, "").gsub(/[a-z0-9\-_\.]*\sas\s+/i, "")
|
@@ -13,13 +13,11 @@ module Dependabot
|
|
13
13
|
module Composer
|
14
14
|
class UpdateChecker
|
15
15
|
class RequirementsUpdater
|
16
|
-
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s
|
17
|
-
VERSION_REGEX =
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
|
22
|
-
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
|
16
|
+
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
|
17
|
+
VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
|
18
|
+
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
19
|
+
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
20
|
+
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
|
23
21
|
ALLOWED_UPDATE_STRATEGIES =
|
24
22
|
%i(widen_ranges bump_versions bump_versions_if_necessary).freeze
|
25
23
|
|
@@ -29,18 +29,18 @@ module Dependabot
|
|
29
29
|
%r{
|
30
30
|
(?<=PHP\sextension\s)ext\-[^\s\/]+\s.*?\s(?=is|but)|
|
31
31
|
(?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=but)
|
32
|
-
}x
|
32
|
+
}x
|
33
33
|
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
34
34
|
%r{
|
35
35
|
(?<!with|for|by)\sext\-[^\s\/]+\s.*?\s(?=->)|
|
36
36
|
(?<=requires\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->)| # composer v1
|
37
37
|
(?<=require\s)php(?:\-[^\s\/]+)?\s.*?\s(?=->) # composer v2
|
38
|
-
}x
|
39
|
-
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)
|
38
|
+
}x
|
39
|
+
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/
|
40
40
|
SOURCE_TIMED_OUT_REGEX =
|
41
|
-
/The "(?<url>[^"]+packages\.json)".*timed out
|
42
|
-
FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'
|
43
|
-
FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via
|
41
|
+
/The "(?<url>[^"]+packages\.json)".*timed out/
|
42
|
+
FAILED_GIT_CLONE_WITH_MIRROR = /Failed to execute git clone --(mirror|checkout)[^']*'(?<url>.*?)'/
|
43
|
+
FAILED_GIT_CLONE = /Failed to clone (?<url>.*?) via/
|
44
44
|
|
45
45
|
def initialize(credentials:, dependency:, dependency_files:,
|
46
46
|
requirements_to_unlock:, latest_allowable_version:)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.213.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,42 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.213.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: debase
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - '='
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.3
|
34
|
-
type: :development
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - '='
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.3
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: debase-ruby_core_source
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - '='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.10.16
|
48
|
-
type: :development
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - '='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.10.16
|
26
|
+
version: 0.213.0
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: debug
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +58,14 @@ dependencies:
|
|
86
58
|
requirements:
|
87
59
|
- - "~>"
|
88
60
|
- !ruby/object:Gem::Version
|
89
|
-
version: 3.
|
61
|
+
version: 3.13.0
|
90
62
|
type: :development
|
91
63
|
prerelease: false
|
92
64
|
version_requirements: !ruby/object:Gem::Requirement
|
93
65
|
requirements:
|
94
66
|
- - "~>"
|
95
67
|
- !ruby/object:Gem::Version
|
96
|
-
version: 3.
|
68
|
+
version: 3.13.0
|
97
69
|
- !ruby/object:Gem::Dependency
|
98
70
|
name: rake
|
99
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,42 +114,28 @@ dependencies:
|
|
142
114
|
requirements:
|
143
115
|
- - "~>"
|
144
116
|
- !ruby/object:Gem::Version
|
145
|
-
version: 1.
|
117
|
+
version: 1.37.1
|
146
118
|
type: :development
|
147
119
|
prerelease: false
|
148
120
|
version_requirements: !ruby/object:Gem::Requirement
|
149
121
|
requirements:
|
150
122
|
- - "~>"
|
151
123
|
- !ruby/object:Gem::Version
|
152
|
-
version: 1.
|
124
|
+
version: 1.37.1
|
153
125
|
- !ruby/object:Gem::Dependency
|
154
126
|
name: rubocop-performance
|
155
127
|
requirement: !ruby/object:Gem::Requirement
|
156
128
|
requirements:
|
157
129
|
- - "~>"
|
158
130
|
- !ruby/object:Gem::Version
|
159
|
-
version: 1.
|
160
|
-
type: :development
|
161
|
-
prerelease: false
|
162
|
-
version_requirements: !ruby/object:Gem::Requirement
|
163
|
-
requirements:
|
164
|
-
- - "~>"
|
165
|
-
- !ruby/object:Gem::Version
|
166
|
-
version: 1.14.2
|
167
|
-
- !ruby/object:Gem::Dependency
|
168
|
-
name: ruby-debug-ide
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
170
|
-
requirements:
|
171
|
-
- - "~>"
|
172
|
-
- !ruby/object:Gem::Version
|
173
|
-
version: 0.7.3
|
131
|
+
version: 1.15.0
|
174
132
|
type: :development
|
175
133
|
prerelease: false
|
176
134
|
version_requirements: !ruby/object:Gem::Requirement
|
177
135
|
requirements:
|
178
136
|
- - "~>"
|
179
137
|
- !ruby/object:Gem::Version
|
180
|
-
version:
|
138
|
+
version: 1.15.0
|
181
139
|
- !ruby/object:Gem::Dependency
|
182
140
|
name: simplecov
|
183
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,12 +213,12 @@ executables: []
|
|
255
213
|
extensions: []
|
256
214
|
extra_rdoc_files: []
|
257
215
|
files:
|
258
|
-
- helpers/v1/.
|
216
|
+
- helpers/v1/.php-cs-fixer.dist.php
|
259
217
|
- helpers/v1/bin/run
|
260
218
|
- helpers/v1/build
|
261
219
|
- helpers/v1/composer.json
|
262
220
|
- helpers/v1/composer.lock
|
263
|
-
- helpers/v1/phpstan.neon
|
221
|
+
- helpers/v1/phpstan.dist.neon
|
264
222
|
- helpers/v1/src/DependabotInstallationManager.php
|
265
223
|
- helpers/v1/src/DependabotPluginManager.php
|
266
224
|
- helpers/v1/src/ExceptionIO.php
|
@@ -272,7 +230,7 @@ files:
|
|
272
230
|
- helpers/v2/build
|
273
231
|
- helpers/v2/composer.json
|
274
232
|
- helpers/v2/composer.lock
|
275
|
-
- helpers/v2/phpstan.neon
|
233
|
+
- helpers/v2/phpstan.dist.neon
|
276
234
|
- helpers/v2/src/DependabotPluginManager.php
|
277
235
|
- helpers/v2/src/ExceptionIO.php
|
278
236
|
- helpers/v2/src/Hasher.php
|
@@ -306,14 +264,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
306
264
|
requirements:
|
307
265
|
- - ">="
|
308
266
|
- !ruby/object:Gem::Version
|
309
|
-
version:
|
267
|
+
version: 3.1.0
|
310
268
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
311
269
|
requirements:
|
312
270
|
- - ">="
|
313
271
|
- !ruby/object:Gem::Version
|
314
|
-
version:
|
272
|
+
version: 3.1.0
|
315
273
|
requirements: []
|
316
|
-
rubygems_version: 3.
|
274
|
+
rubygems_version: 3.3.7
|
317
275
|
signing_key:
|
318
276
|
specification_version: 4
|
319
277
|
summary: PHP (Composer) support for dependabot
|