dependabot-composer 0.230.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_fetcher/path_dependency_builder.rb +3 -2
- data/lib/dependabot/composer/file_fetcher.rb +17 -16
- data/lib/dependabot/composer/file_parser.rb +5 -4
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +47 -46
- data/lib/dependabot/composer/file_updater/manifest_updater.rb +6 -5
- data/lib/dependabot/composer/file_updater.rb +1 -0
- data/lib/dependabot/composer/helpers.rb +1 -0
- data/lib/dependabot/composer/metadata_finder.rb +6 -5
- data/lib/dependabot/composer/native_helpers.rb +1 -0
- data/lib/dependabot/composer/requirement.rb +6 -5
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +16 -15
- data/lib/dependabot/composer/update_checker/requirements_updater.rb +11 -10
- data/lib/dependabot/composer/update_checker/version_resolver.rb +31 -30
- data/lib/dependabot/composer/update_checker.rb +3 -2
- data/lib/dependabot/composer/version.rb +3 -2
- data/lib/dependabot/composer.rb +3 -2
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62da312e85d8bc75382a2da24e5ceb2313bd25773c4cee90be6f2199c4a9da5e
|
4
|
+
data.tar.gz: 9979ec4c9358f9c79ae8d109a41379917b393f4374c006d2b2548676ab7d63d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7682702d0285cf78e894bb63d8a5d70e6926ceea98acf33599438c805f4e4004bab227a884a13895fd821cffbec4f1e610b8d0d1813d0cac09f11e133de0fb3b
|
7
|
+
data.tar.gz: 7884afdbbf0f985c25438feb37f26501fa2ca5f60bd9b4998d9e542a93b5fe4221af3f6de3c964629d1ff49e77a3fd556ad82261a278f5feba11bbfdf9778c4c
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "json"
|
@@ -37,8 +38,8 @@ module Dependabot
|
|
37
38
|
attr_reader :path, :lockfile, :directory
|
38
39
|
|
39
40
|
def details_from_lockfile
|
40
|
-
keys = FileParser::DEPENDENCY_GROUP_KEYS
|
41
|
-
map { |h| h.fetch(:lockfile) }
|
41
|
+
keys = FileParser::DEPENDENCY_GROUP_KEYS
|
42
|
+
.map { |h| h.fetch(:lockfile) }
|
42
43
|
|
43
44
|
keys.each do |key|
|
44
45
|
next unless parsed_lockfile[key]
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "json"
|
@@ -91,9 +92,9 @@ module Dependabot
|
|
91
92
|
repos = repos.values if repos.is_a?(Hash)
|
92
93
|
repos = repos.select { |r| r.is_a?(Hash) }
|
93
94
|
|
94
|
-
repos
|
95
|
-
select { |details| details["type"] == "path" }
|
96
|
-
map { |details| details["url"] }
|
95
|
+
repos
|
96
|
+
.select { |details| details["type"] == "path" }
|
97
|
+
.map { |details| details["url"] }
|
97
98
|
else
|
98
99
|
[]
|
99
100
|
end
|
@@ -117,34 +118,34 @@ module Dependabot
|
|
117
118
|
path = path.gsub(%r{\*/$}, "")
|
118
119
|
wildcard_depth += 1
|
119
120
|
end
|
120
|
-
directories = repo_contents(dir: path)
|
121
|
-
select { |file| file.type == "dir" }
|
122
|
-
map { |f| File.join(path, f.name) }
|
121
|
+
directories = repo_contents(dir: path)
|
122
|
+
.select { |file| file.type == "dir" }
|
123
|
+
.map { |f| File.join(path, f.name) }
|
123
124
|
|
124
125
|
while wildcard_depth.positive?
|
125
126
|
directories.each do |dir|
|
126
|
-
directories += repo_contents(dir: dir)
|
127
|
-
select { |file| file.type == "dir" }
|
128
|
-
map { |f| File.join(dir, f.name) }
|
127
|
+
directories += repo_contents(dir: dir)
|
128
|
+
.select { |file| file.type == "dir" }
|
129
|
+
.map { |f| File.join(dir, f.name) }
|
129
130
|
end
|
130
131
|
wildcard_depth -= 1
|
131
132
|
end
|
132
133
|
directories
|
133
134
|
rescue Octokit::NotFound, Gitlab::Error::NotFound
|
134
|
-
lockfile_path_dependency_paths
|
135
|
-
select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
|
135
|
+
lockfile_path_dependency_paths
|
136
|
+
.select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
|
136
137
|
end
|
137
138
|
|
138
139
|
def lockfile_path_dependency_paths
|
139
|
-
keys = FileParser::DEPENDENCY_GROUP_KEYS
|
140
|
-
map { |h| h.fetch(:lockfile) }
|
140
|
+
keys = FileParser::DEPENDENCY_GROUP_KEYS
|
141
|
+
.map { |h| h.fetch(:lockfile) }
|
141
142
|
|
142
143
|
keys.flat_map do |key|
|
143
144
|
next [] unless parsed_lockfile[key]
|
144
145
|
|
145
|
-
parsed_lockfile[key]
|
146
|
-
select { |details| details.dig("dist", "type") == "path" }
|
147
|
-
map { |details| details.dig("dist", "url") }
|
146
|
+
parsed_lockfile[key]
|
147
|
+
.select { |details| details.dig("dist", "type") == "path" }
|
148
|
+
.map { |details| details.dig("dist", "url") }
|
148
149
|
end
|
149
150
|
end
|
150
151
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/dependency"
|
@@ -149,10 +150,10 @@ module Dependabot
|
|
149
150
|
|
150
151
|
branch =
|
151
152
|
if requirement.start_with?("dev-")
|
152
|
-
requirement
|
153
|
-
sub(/^dev-/, "")
|
154
|
-
sub(/\s+as\s.*/, "")
|
155
|
-
split("#").first
|
153
|
+
requirement
|
154
|
+
.sub(/^dev-/, "")
|
155
|
+
.sub(/\s+as\s.*/, "")
|
156
|
+
.split("#").first
|
156
157
|
elsif package_details.fetch("version")&.to_s&.start_with?("dev-")
|
157
158
|
package_details.fetch("version")&.to_s&.sub(/^dev-/, "")
|
158
159
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/shared_helpers"
|
@@ -137,8 +138,8 @@ module Dependabot
|
|
137
138
|
# These errors occur when platform requirements declared explicitly
|
138
139
|
# in the composer.json aren't met.
|
139
140
|
missing_extensions =
|
140
|
-
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
141
|
-
|
141
|
+
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
142
|
+
.map do |extension_string|
|
142
143
|
name, requirement = extension_string.strip.split(" ", 2)
|
143
144
|
{ name: name, requirement: requirement }
|
144
145
|
end
|
@@ -148,8 +149,8 @@ module Dependabot
|
|
148
149
|
!initial_platform.empty? &&
|
149
150
|
implicit_platform_reqs_satisfiable?(error.message)
|
150
151
|
missing_extensions =
|
151
|
-
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
152
|
-
|
152
|
+
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
153
|
+
.map do |extension_string|
|
153
154
|
name, requirement = extension_string.strip.split(" ", 2)
|
154
155
|
{ name: name, requirement: requirement }
|
155
156
|
end
|
@@ -171,14 +172,14 @@ module Dependabot
|
|
171
172
|
end
|
172
173
|
|
173
174
|
if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
|
174
|
-
dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
|
175
|
-
|
175
|
+
dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
|
176
|
+
.named_captures.fetch("url")
|
176
177
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
177
178
|
end
|
178
179
|
|
179
180
|
if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
|
180
|
-
dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
|
181
|
-
|
181
|
+
dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
|
182
|
+
.named_captures.fetch("url")
|
182
183
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
183
184
|
end
|
184
185
|
|
@@ -205,8 +206,8 @@ module Dependabot
|
|
205
206
|
raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
|
206
207
|
|
207
208
|
if error.message.include?("403 Forbidden")
|
208
|
-
source = error.message.match(%r{https?://(?<source>[^/]+)/})
|
209
|
-
|
209
|
+
source = error.message.match(%r{https?://(?<source>[^/]+)/})
|
210
|
+
.named_captures.fetch("source")
|
210
211
|
raise PrivateSourceAuthenticationFailure, source
|
211
212
|
end
|
212
213
|
|
@@ -237,8 +238,8 @@ module Dependabot
|
|
237
238
|
|
238
239
|
def implicit_platform_reqs_satisfiable?(message)
|
239
240
|
missing_extensions =
|
240
|
-
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
241
|
-
|
241
|
+
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
242
|
+
.map do |extension_string|
|
242
243
|
name, requirement = extension_string.strip.split(" ", 2)
|
243
244
|
{ name: name, requirement: requirement }
|
244
245
|
end
|
@@ -288,8 +289,8 @@ module Dependabot
|
|
288
289
|
next content unless Composer::Version.correct?(updated_req)
|
289
290
|
|
290
291
|
old_req =
|
291
|
-
dep.requirements.find { |r| r[:file] == "composer.json" }
|
292
|
-
fetch(:requirement)
|
292
|
+
dep.requirements.find { |r| r[:file] == "composer.json" }
|
293
|
+
&.fetch(:requirement)
|
293
294
|
|
294
295
|
# When updating a subdep there won't be an old requirement
|
295
296
|
next content unless old_req
|
@@ -316,10 +317,10 @@ module Dependabot
|
|
316
317
|
next unless req.start_with?("dev-")
|
317
318
|
next if req.include?("#")
|
318
319
|
|
319
|
-
commit_sha = parsed_lockfile
|
320
|
-
fetch(keys[:lockfile], [])
|
321
|
-
find { |d| d["name"] == name }
|
322
|
-
dig("source", "reference")
|
320
|
+
commit_sha = parsed_lockfile
|
321
|
+
.fetch(keys[:lockfile], [])
|
322
|
+
.find { |d| d["name"] == name }
|
323
|
+
&.dig("source", "reference")
|
323
324
|
updated_req_parts = req.split
|
324
325
|
updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
|
325
326
|
json[keys[:manifest]][name] = updated_req_parts.join(" ")
|
@@ -330,13 +331,13 @@ module Dependabot
|
|
330
331
|
end
|
331
332
|
|
332
333
|
def git_dependency_reference_error(error)
|
333
|
-
ref = error.message.match(/checkout '(?<ref>.*?)'/)
|
334
|
-
|
334
|
+
ref = error.message.match(/checkout '(?<ref>.*?)'/)
|
335
|
+
.named_captures.fetch("ref")
|
335
336
|
dependency_name =
|
336
|
-
JSON.parse(lockfile.content)
|
337
|
-
|
338
|
-
|
339
|
-
fetch("name")
|
337
|
+
JSON.parse(lockfile.content)
|
338
|
+
.values_at("packages", "packages-dev").flatten(1)
|
339
|
+
.find { |dep| dep.dig("source", "reference") == ref }
|
340
|
+
&.fetch("name")
|
340
341
|
|
341
342
|
raise unless dependency_name
|
342
343
|
|
@@ -358,9 +359,9 @@ module Dependabot
|
|
358
359
|
|
359
360
|
updated_object = JSON.parse(content)
|
360
361
|
updated_object_package =
|
361
|
-
updated_object
|
362
|
-
fetch(package_type)
|
363
|
-
find { |d| d["name"] == details["name"] }
|
362
|
+
updated_object
|
363
|
+
.fetch(package_type)
|
364
|
+
.find { |d| d["name"] == details["name"] }
|
364
365
|
|
365
366
|
next unless updated_object_package
|
366
367
|
|
@@ -368,9 +369,9 @@ module Dependabot
|
|
368
369
|
updated_object_package["extra"]["patches_applied"] = patches
|
369
370
|
|
370
371
|
content =
|
371
|
-
JSON.pretty_generate(updated_object, indent: " ")
|
372
|
-
|
373
|
-
|
372
|
+
JSON.pretty_generate(updated_object, indent: " ")
|
373
|
+
.gsub(/\[\n\n\s*\]/, "[]")
|
374
|
+
.gsub(/\}\z/, "}\n")
|
374
375
|
end
|
375
376
|
end
|
376
377
|
content
|
@@ -405,15 +406,15 @@ module Dependabot
|
|
405
406
|
updated_object.delete("platform-overrides")
|
406
407
|
end
|
407
408
|
|
408
|
-
JSON.pretty_generate(updated_object, indent: " ")
|
409
|
-
|
410
|
-
|
409
|
+
JSON.pretty_generate(updated_object, indent: " ")
|
410
|
+
.gsub(/\[\n\n\s*\]/, "[]")
|
411
|
+
.gsub(/\}\z/, "}\n")
|
411
412
|
end
|
412
413
|
|
413
414
|
def version_for_reqs(requirements)
|
414
415
|
req_arrays =
|
415
|
-
requirements
|
416
|
-
map { |str| Composer::Requirement.requirements_array(str) }
|
416
|
+
requirements
|
417
|
+
.map { |str| Composer::Requirement.requirements_array(str) }
|
417
418
|
potential_versions =
|
418
419
|
req_arrays.flatten.map do |req|
|
419
420
|
op, version = req.requirements.first
|
@@ -425,8 +426,8 @@ module Dependabot
|
|
425
426
|
end
|
426
427
|
|
427
428
|
version =
|
428
|
-
potential_versions
|
429
|
-
find do |v|
|
429
|
+
potential_versions
|
430
|
+
.find do |v|
|
430
431
|
req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
|
431
432
|
end
|
432
433
|
raise "No matching version for #{requirements}!" unless version
|
@@ -453,21 +454,21 @@ module Dependabot
|
|
453
454
|
end
|
454
455
|
|
455
456
|
def credentials_env
|
456
|
-
credentials
|
457
|
-
select { |c| c.fetch("type") == "php_environment_variable" }
|
458
|
-
to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
|
457
|
+
credentials
|
458
|
+
.select { |c| c.fetch("type") == "php_environment_variable" }
|
459
|
+
.to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
|
459
460
|
end
|
460
461
|
|
461
462
|
def git_credentials
|
462
|
-
credentials
|
463
|
-
select { |cred| cred.fetch("type") == "git_source" }
|
464
|
-
select { |cred| cred["password"] }
|
463
|
+
credentials
|
464
|
+
.select { |cred| cred.fetch("type") == "git_source" }
|
465
|
+
.select { |cred| cred["password"] }
|
465
466
|
end
|
466
467
|
|
467
468
|
def registry_credentials
|
468
|
-
credentials
|
469
|
-
select { |cred| cred.fetch("type") == "composer_repository" }
|
470
|
-
select { |cred| cred["password"] }
|
469
|
+
credentials
|
470
|
+
.select { |cred| cred.fetch("type") == "composer_repository" }
|
471
|
+
.select { |cred| cred["password"] }
|
471
472
|
end
|
472
473
|
|
473
474
|
def initial_platform
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/composer/file_updater"
|
@@ -44,14 +45,14 @@ module Dependabot
|
|
44
45
|
end
|
45
46
|
|
46
47
|
def old_requirement(dependency, new_requirement)
|
47
|
-
dependency.previous_requirements
|
48
|
-
|
49
|
-
|
48
|
+
dependency.previous_requirements
|
49
|
+
.select { |r| r[:file] == manifest.name }
|
50
|
+
.find { |r| r[:groups] == new_requirement[:groups] }
|
50
51
|
end
|
51
52
|
|
52
53
|
def updated_requirements(dependency)
|
53
|
-
new_requirements(dependency)
|
54
|
-
reject { |r| dependency.previous_requirements.include?(r) }
|
54
|
+
new_requirements(dependency)
|
55
|
+
.reject { |r| dependency.previous_requirements.include?(r) }
|
55
56
|
end
|
56
57
|
|
57
58
|
def requirement_changed?(file, dependency)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -17,9 +18,9 @@ module Dependabot
|
|
17
18
|
|
18
19
|
def source_from_dependency
|
19
20
|
source_url =
|
20
|
-
dependency.requirements
|
21
|
-
|
22
|
-
|
21
|
+
dependency.requirements
|
22
|
+
.filter_map { |r| r.fetch(:source) }
|
23
|
+
.first&.fetch(:url, nil)
|
23
24
|
|
24
25
|
Source.from_url(source_url)
|
25
26
|
end
|
@@ -57,5 +58,5 @@ module Dependabot
|
|
57
58
|
end
|
58
59
|
end
|
59
60
|
|
60
|
-
Dependabot::MetadataFinders
|
61
|
-
register("composer", Dependabot::Composer::MetadataFinder)
|
61
|
+
Dependabot::MetadataFinders
|
62
|
+
.register("composer", Dependabot::Composer::MetadataFinder)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/utils"
|
@@ -25,9 +26,9 @@ module Dependabot
|
|
25
26
|
|
26
27
|
def initialize(*requirements)
|
27
28
|
requirements =
|
28
|
-
requirements.flatten
|
29
|
-
|
30
|
-
|
29
|
+
requirements.flatten
|
30
|
+
.flat_map { |req_string| req_string.split(AND_SEPARATOR) }
|
31
|
+
.flat_map { |req| convert_php_constraint_to_ruby_constraint(req) }
|
31
32
|
|
32
33
|
super(requirements)
|
33
34
|
end
|
@@ -100,5 +101,5 @@ module Dependabot
|
|
100
101
|
end
|
101
102
|
end
|
102
103
|
|
103
|
-
Dependabot::Utils
|
104
|
-
register_requirement_class("composer", Dependabot::Composer::Requirement)
|
104
|
+
Dependabot::Utils
|
105
|
+
.register_requirement_class("composer", Dependabot::Composer::Requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "excon"
|
@@ -62,8 +63,8 @@ module Dependabot
|
|
62
63
|
|
63
64
|
def filter_ignored_versions(versions_array)
|
64
65
|
filtered =
|
65
|
-
versions_array
|
66
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
66
|
+
versions_array
|
67
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
|
67
68
|
|
68
69
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
|
69
70
|
raise AllVersionsIgnored
|
@@ -75,8 +76,8 @@ module Dependabot
|
|
75
76
|
def filter_lower_versions(versions_array)
|
76
77
|
return versions_array unless dependency.numeric_version
|
77
78
|
|
78
|
-
versions_array
|
79
|
-
select { |version| version > dependency.numeric_version }
|
79
|
+
versions_array
|
80
|
+
.select { |version| version > dependency.numeric_version }
|
80
81
|
end
|
81
82
|
|
82
83
|
def wants_prerelease?
|
@@ -89,23 +90,23 @@ module Dependabot
|
|
89
90
|
end
|
90
91
|
|
91
92
|
def available_versions
|
92
|
-
registry_version_details
|
93
|
-
select { |version| version_class.correct?(version.gsub(/^v/, "")) }
|
94
|
-
map { |version| version_class.new(version.gsub(/^v/, "")) }
|
93
|
+
registry_version_details
|
94
|
+
.select { |version| version_class.correct?(version.gsub(/^v/, "")) }
|
95
|
+
.map { |version| version_class.new(version.gsub(/^v/, "")) }
|
95
96
|
end
|
96
97
|
|
97
98
|
def registry_version_details
|
98
99
|
return @registry_version_details unless @registry_version_details.nil?
|
99
100
|
|
100
101
|
repositories =
|
101
|
-
JSON.parse(composer_file.content)
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
urls = repositories
|
106
|
-
select { |h| h["type"] == "composer" }
|
107
|
-
filter_map { |h| h["url"] }
|
108
|
-
map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
|
102
|
+
JSON.parse(composer_file.content)
|
103
|
+
.fetch("repositories", [])
|
104
|
+
.select { |r| r.is_a?(Hash) }
|
105
|
+
|
106
|
+
urls = repositories
|
107
|
+
.select { |h| h["type"] == "composer" }
|
108
|
+
.filter_map { |h| h["url"] }
|
109
|
+
.map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
|
109
110
|
|
110
111
|
unless repositories.any? { |rep| rep["packagist.org"] == false }
|
111
112
|
urls << "https://repo.packagist.org/p2/#{dependency.name.downcase}.json"
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
################################################################################
|
@@ -57,10 +58,10 @@ module Dependabot
|
|
57
58
|
req_string = req[:requirement].strip
|
58
59
|
or_string_reqs = req_string.split(OR_SEPARATOR)
|
59
60
|
or_separator = req_string.match(OR_SEPARATOR)&.to_s || " || "
|
60
|
-
numeric_or_string_reqs = or_string_reqs
|
61
|
-
reject { |r| r.strip.start_with?("dev-") }
|
62
|
-
branch_or_string_reqs = or_string_reqs
|
63
|
-
select { |r| r.strip.start_with?("dev-") }
|
61
|
+
numeric_or_string_reqs = or_string_reqs
|
62
|
+
.reject { |r| r.strip.start_with?("dev-") }
|
63
|
+
branch_or_string_reqs = or_string_reqs
|
64
|
+
.select { |r| r.strip.start_with?("dev-") }
|
64
65
|
|
65
66
|
return req unless req_string.match?(/\d/)
|
66
67
|
return req if numeric_or_string_reqs.none?
|
@@ -136,18 +137,18 @@ module Dependabot
|
|
136
137
|
end
|
137
138
|
|
138
139
|
def req_satisfied_by_latest_resolvable?(requirement_string)
|
139
|
-
ruby_requirements(requirement_string)
|
140
|
-
any? { |r| r.satisfied_by?(latest_resolvable_version) }
|
140
|
+
ruby_requirements(requirement_string)
|
141
|
+
.any? { |r| r.satisfied_by?(latest_resolvable_version) }
|
141
142
|
end
|
142
143
|
|
143
144
|
def update_version_string(req_string)
|
144
|
-
req_string
|
145
|
-
sub(VERSION_REGEX) do |old_version|
|
145
|
+
req_string
|
146
|
+
.sub(VERSION_REGEX) do |old_version|
|
146
147
|
next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
|
147
148
|
|
148
149
|
old_parts = old_version.split(".")
|
149
|
-
new_parts = latest_resolvable_version.to_s.split(".")
|
150
|
-
|
150
|
+
new_parts = latest_resolvable_version.to_s.split(".")
|
151
|
+
.first(old_parts.count)
|
151
152
|
new_parts.map.with_index do |part, i|
|
152
153
|
old_parts[i] == "*" ? "*" : part
|
153
154
|
end.join(".")
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "json"
|
@@ -184,10 +185,10 @@ module Dependabot
|
|
184
185
|
next unless req.start_with?("dev-")
|
185
186
|
next if req.include?("#")
|
186
187
|
|
187
|
-
commit_sha = parsed_lockfile
|
188
|
-
fetch(keys[:lockfile], [])
|
189
|
-
find { |d| d["name"] == name }
|
190
|
-
dig("source", "reference")
|
188
|
+
commit_sha = parsed_lockfile
|
189
|
+
.fetch(keys[:lockfile], [])
|
190
|
+
.find { |d| d["name"] == name }
|
191
|
+
&.dig("source", "reference")
|
191
192
|
updated_req_parts = req.split
|
192
193
|
updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
|
193
194
|
json[keys[:manifest]][name] = updated_req_parts.join(" ")
|
@@ -206,12 +207,12 @@ module Dependabot
|
|
206
207
|
">= #{dependency.version}"
|
207
208
|
else
|
208
209
|
version_for_requirement =
|
209
|
-
dependency.requirements.filter_map { |r| r[:requirement] }
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
210
|
+
dependency.requirements.filter_map { |r| r[:requirement] }
|
211
|
+
.reject { |req_string| req_string.start_with?("<") }
|
212
|
+
.select { |req_string| req_string.match?(VERSION_REGEX) }
|
213
|
+
.map { |req_string| req_string.match(VERSION_REGEX) }
|
214
|
+
.select { |version| requirement_valid?(">= #{version}") }
|
215
|
+
.max_by { |version| Composer::Version.new(version) }
|
215
216
|
|
216
217
|
">= #{version_for_requirement || 0}"
|
217
218
|
end
|
@@ -258,8 +259,8 @@ module Dependabot
|
|
258
259
|
# These errors occur when platform requirements declared explicitly
|
259
260
|
# in the composer.json aren't met.
|
260
261
|
missing_extensions =
|
261
|
-
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
262
|
-
|
262
|
+
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
263
|
+
.map do |extension_string|
|
263
264
|
name, requirement = extension_string.strip.split(" ", 2)
|
264
265
|
{ name: name, requirement: requirement }
|
265
266
|
end
|
@@ -269,8 +270,8 @@ module Dependabot
|
|
269
270
|
!initial_platform.empty? &&
|
270
271
|
implicit_platform_reqs_satisfiable?(error.message)
|
271
272
|
missing_extensions =
|
272
|
-
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
273
|
-
|
273
|
+
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
274
|
+
.map do |extension_string|
|
274
275
|
name, requirement = extension_string.strip.split(" ", 2)
|
275
276
|
{ name: name, requirement: requirement }
|
276
277
|
end
|
@@ -352,8 +353,8 @@ module Dependabot
|
|
352
353
|
|
353
354
|
def implicit_platform_reqs_satisfiable?(message)
|
354
355
|
missing_extensions =
|
355
|
-
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
356
|
-
|
356
|
+
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
357
|
+
.map do |extension_string|
|
357
358
|
name, requirement = extension_string.strip.split(" ", 2)
|
358
359
|
{ name: name, requirement: requirement }
|
359
360
|
end
|
@@ -376,8 +377,8 @@ module Dependabot
|
|
376
377
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
377
378
|
if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
378
379
|
missing_extensions =
|
379
|
-
e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
380
|
-
|
380
|
+
e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
381
|
+
.map do |extension_string|
|
381
382
|
name, requirement = extension_string.strip.split(" ", 2)
|
382
383
|
{ name: name, requirement: requirement }
|
383
384
|
end
|
@@ -385,8 +386,8 @@ module Dependabot
|
|
385
386
|
elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
|
386
387
|
implicit_platform_reqs_satisfiable?(e.message)
|
387
388
|
missing_extensions =
|
388
|
-
e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
389
|
-
|
389
|
+
e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
390
|
+
.map do |extension_string|
|
390
391
|
name, requirement = extension_string.strip.split(" ", 2)
|
391
392
|
{ name: name, requirement: requirement }
|
392
393
|
end
|
@@ -398,8 +399,8 @@ module Dependabot
|
|
398
399
|
|
399
400
|
def version_for_reqs(requirements)
|
400
401
|
req_arrays =
|
401
|
-
requirements
|
402
|
-
map { |str| Composer::Requirement.requirements_array(str) }
|
402
|
+
requirements
|
403
|
+
.map { |str| Composer::Requirement.requirements_array(str) }
|
403
404
|
potential_versions =
|
404
405
|
req_arrays.flatten.map do |req|
|
405
406
|
op, version = req.requirements.first
|
@@ -411,8 +412,8 @@ module Dependabot
|
|
411
412
|
end
|
412
413
|
|
413
414
|
version =
|
414
|
-
potential_versions
|
415
|
-
find do |v|
|
415
|
+
potential_versions
|
416
|
+
.find do |v|
|
416
417
|
req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
|
417
418
|
end
|
418
419
|
return unless version
|
@@ -501,15 +502,15 @@ module Dependabot
|
|
501
502
|
end
|
502
503
|
|
503
504
|
def git_credentials
|
504
|
-
credentials
|
505
|
-
select { |cred| cred["type"] == "git_source" }
|
506
|
-
select { |cred| cred["password"] }
|
505
|
+
credentials
|
506
|
+
.select { |cred| cred["type"] == "git_source" }
|
507
|
+
.select { |cred| cred["password"] }
|
507
508
|
end
|
508
509
|
|
509
510
|
def registry_credentials
|
510
|
-
credentials
|
511
|
-
select { |cred| cred["type"] == "composer_repository" }
|
512
|
-
select { |cred| cred["password"] }
|
511
|
+
credentials
|
512
|
+
.select { |cred| cred["type"] == "composer_repository" }
|
513
|
+
.select { |cred| cred["password"] }
|
513
514
|
end
|
514
515
|
end
|
515
516
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "json"
|
@@ -177,5 +178,5 @@ module Dependabot
|
|
177
178
|
end
|
178
179
|
end
|
179
180
|
|
180
|
-
Dependabot::UpdateCheckers
|
181
|
-
register("composer", Dependabot::Composer::UpdateChecker)
|
181
|
+
Dependabot::UpdateCheckers
|
182
|
+
.register("composer", Dependabot::Composer::UpdateChecker)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/version"
|
@@ -22,5 +23,5 @@ module Dependabot
|
|
22
23
|
end
|
23
24
|
end
|
24
25
|
|
25
|
-
Dependabot::Utils
|
26
|
-
register_version_class("composer", Dependabot::Composer::Version)
|
26
|
+
Dependabot::Utils
|
27
|
+
.register_version_class("composer", Dependabot::Composer::Version)
|
data/lib/dependabot/composer.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
@@ -11,8 +12,8 @@ require "dependabot/composer/requirement"
|
|
11
12
|
require "dependabot/composer/version"
|
12
13
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
15
|
-
register_label_details("composer", name: "php", colour: "45229e")
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
16
|
+
.register_label_details("composer", name: "php", colour: "45229e")
|
16
17
|
|
17
18
|
require "dependabot/dependency"
|
18
19
|
Dependabot::Dependency.register_production_check(
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.231.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-09-
|
11
|
+
date: 2023-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.231.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.231.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-sorbet
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 0.7.3
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 0.7.3
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: stackprof
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -230,7 +244,7 @@ licenses:
|
|
230
244
|
- Nonstandard
|
231
245
|
metadata:
|
232
246
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
233
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
247
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
|
234
248
|
post_install_message:
|
235
249
|
rdoc_options: []
|
236
250
|
require_paths:
|