dependabot-composer 0.230.0 → 0.231.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_fetcher/path_dependency_builder.rb +3 -2
  3. data/lib/dependabot/composer/file_fetcher.rb +17 -16
  4. data/lib/dependabot/composer/file_parser.rb +5 -4
  5. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +47 -46
  6. data/lib/dependabot/composer/file_updater/manifest_updater.rb +6 -5
  7. data/lib/dependabot/composer/file_updater.rb +1 -0
  8. data/lib/dependabot/composer/helpers.rb +1 -0
  9. data/lib/dependabot/composer/metadata_finder.rb +6 -5
  10. data/lib/dependabot/composer/native_helpers.rb +1 -0
  11. data/lib/dependabot/composer/requirement.rb +6 -5
  12. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +16 -15
  13. data/lib/dependabot/composer/update_checker/requirements_updater.rb +11 -10
  14. data/lib/dependabot/composer/update_checker/version_resolver.rb +31 -30
  15. data/lib/dependabot/composer/update_checker.rb +3 -2
  16. data/lib/dependabot/composer/version.rb +3 -2
  17. data/lib/dependabot/composer.rb +3 -2
  18. metadata +19 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a616ac1f8585d909dab986a81b6d5fdc91f2e5ceef146468412445481aaef41f
4
- data.tar.gz: 95a7f04a69c9c39faa7f9c0491238d2a9174e9ab817639b98930e64cac19d904
3
+ metadata.gz: 62da312e85d8bc75382a2da24e5ceb2313bd25773c4cee90be6f2199c4a9da5e
4
+ data.tar.gz: 9979ec4c9358f9c79ae8d109a41379917b393f4374c006d2b2548676ab7d63d8
5
5
  SHA512:
6
- metadata.gz: d2d91c86bff8595ca6c4ad76cb4d69ebd90eba7e81f4636caf0654805f491087ea5ef2ec55df4c9baa7d0aa26ca0882eea4ad8d3125c847df8630f786073c96c
7
- data.tar.gz: 8bf8453d50f4cbcd2154df4e44f4a47a63227a6c1b923ce26940bf0646003c45bf180e7317721df371b642fd60c20e25a038ad390c9bf6acb485a9914996f565
6
+ metadata.gz: 7682702d0285cf78e894bb63d8a5d70e6926ceea98acf33599438c805f4e4004bab227a884a13895fd821cffbec4f1e610b8d0d1813d0cac09f11e133de0fb3b
7
+ data.tar.gz: 7884afdbbf0f985c25438feb37f26501fa2ca5f60bd9b4998d9e542a93b5fe4221af3f6de3c964629d1ff49e77a3fd556ad82261a278f5feba11bbfdf9778c4c
data/lib/dependabot/composer/file_fetcher/path_dependency_builder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -37,8 +38,8 @@ module Dependabot
37
38
  attr_reader :path, :lockfile, :directory
38
39
 
39
40
  def details_from_lockfile
40
- keys = FileParser::DEPENDENCY_GROUP_KEYS.
41
- map { |h| h.fetch(:lockfile) }
41
+ keys = FileParser::DEPENDENCY_GROUP_KEYS
42
+ .map { |h| h.fetch(:lockfile) }
42
43
 
43
44
  keys.each do |key|
44
45
  next unless parsed_lockfile[key]
data/lib/dependabot/composer/file_fetcher.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -91,9 +92,9 @@ module Dependabot
91
92
  repos = repos.values if repos.is_a?(Hash)
92
93
  repos = repos.select { |r| r.is_a?(Hash) }
93
94
 
94
- repos.
95
- select { |details| details["type"] == "path" }.
96
- map { |details| details["url"] }
95
+ repos
96
+ .select { |details| details["type"] == "path" }
97
+ .map { |details| details["url"] }
97
98
  else
98
99
  []
99
100
  end
@@ -117,34 +118,34 @@ module Dependabot
117
118
  path = path.gsub(%r{\*/$}, "")
118
119
  wildcard_depth += 1
119
120
  end
120
- directories = repo_contents(dir: path).
121
- select { |file| file.type == "dir" }.
122
- map { |f| File.join(path, f.name) }
121
+ directories = repo_contents(dir: path)
122
+ .select { |file| file.type == "dir" }
123
+ .map { |f| File.join(path, f.name) }
123
124
 
124
125
  while wildcard_depth.positive?
125
126
  directories.each do |dir|
126
- directories += repo_contents(dir: dir).
127
- select { |file| file.type == "dir" }.
128
- map { |f| File.join(dir, f.name) }
127
+ directories += repo_contents(dir: dir)
128
+ .select { |file| file.type == "dir" }
129
+ .map { |f| File.join(dir, f.name) }
129
130
  end
130
131
  wildcard_depth -= 1
131
132
  end
132
133
  directories
133
134
  rescue Octokit::NotFound, Gitlab::Error::NotFound
134
- lockfile_path_dependency_paths.
135
- select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
135
+ lockfile_path_dependency_paths
136
+ .select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
136
137
  end
137
138
 
138
139
  def lockfile_path_dependency_paths
139
- keys = FileParser::DEPENDENCY_GROUP_KEYS.
140
- map { |h| h.fetch(:lockfile) }
140
+ keys = FileParser::DEPENDENCY_GROUP_KEYS
141
+ .map { |h| h.fetch(:lockfile) }
141
142
 
142
143
  keys.flat_map do |key|
143
144
  next [] unless parsed_lockfile[key]
144
145
 
145
- parsed_lockfile[key].
146
- select { |details| details.dig("dist", "type") == "path" }.
147
- map { |details| details.dig("dist", "url") }
146
+ parsed_lockfile[key]
147
+ .select { |details| details.dig("dist", "type") == "path" }
148
+ .map { |details| details.dig("dist", "url") }
148
149
  end
149
150
  end
150
151
 
data/lib/dependabot/composer/file_parser.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/dependency"
@@ -149,10 +150,10 @@ module Dependabot
149
150
 
150
151
  branch =
151
152
  if requirement.start_with?("dev-")
152
- requirement.
153
- sub(/^dev-/, "").
154
- sub(/\s+as\s.*/, "").
155
- split("#").first
153
+ requirement
154
+ .sub(/^dev-/, "")
155
+ .sub(/\s+as\s.*/, "")
156
+ .split("#").first
156
157
  elsif package_details.fetch("version")&.to_s&.start_with?("dev-")
157
158
  package_details.fetch("version")&.to_s&.sub(/^dev-/, "")
158
159
  end
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/shared_helpers"
@@ -137,8 +138,8 @@ module Dependabot
137
138
  # These errors occur when platform requirements declared explicitly
138
139
  # in the composer.json aren't met.
139
140
  missing_extensions =
140
- error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
141
- map do |extension_string|
141
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
142
+ .map do |extension_string|
142
143
  name, requirement = extension_string.strip.split(" ", 2)
143
144
  { name: name, requirement: requirement }
144
145
  end
@@ -148,8 +149,8 @@ module Dependabot
148
149
  !initial_platform.empty? &&
149
150
  implicit_platform_reqs_satisfiable?(error.message)
150
151
  missing_extensions =
151
- error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
152
- map do |extension_string|
152
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
153
+ .map do |extension_string|
153
154
  name, requirement = extension_string.strip.split(" ", 2)
154
155
  { name: name, requirement: requirement }
155
156
  end
@@ -171,14 +172,14 @@ module Dependabot
171
172
  end
172
173
 
173
174
  if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
174
- dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR).
175
- named_captures.fetch("url")
175
+ dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
176
+ .named_captures.fetch("url")
176
177
  raise Dependabot::GitDependenciesNotReachable, dependency_url
177
178
  end
178
179
 
179
180
  if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
180
- dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE).
181
- named_captures.fetch("url")
181
+ dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
182
+ .named_captures.fetch("url")
182
183
  raise Dependabot::GitDependenciesNotReachable, dependency_url
183
184
  end
184
185
 
@@ -205,8 +206,8 @@ module Dependabot
205
206
  raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
206
207
 
207
208
  if error.message.include?("403 Forbidden")
208
- source = error.message.match(%r{https?://(?<source>[^/]+)/}).
209
- named_captures.fetch("source")
209
+ source = error.message.match(%r{https?://(?<source>[^/]+)/})
210
+ .named_captures.fetch("source")
210
211
  raise PrivateSourceAuthenticationFailure, source
211
212
  end
212
213
 
@@ -237,8 +238,8 @@ module Dependabot
237
238
 
238
239
  def implicit_platform_reqs_satisfiable?(message)
239
240
  missing_extensions =
240
- message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
241
- map do |extension_string|
241
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
242
+ .map do |extension_string|
242
243
  name, requirement = extension_string.strip.split(" ", 2)
243
244
  { name: name, requirement: requirement }
244
245
  end
@@ -288,8 +289,8 @@ module Dependabot
288
289
  next content unless Composer::Version.correct?(updated_req)
289
290
 
290
291
  old_req =
291
- dep.requirements.find { |r| r[:file] == "composer.json" }&.
292
- fetch(:requirement)
292
+ dep.requirements.find { |r| r[:file] == "composer.json" }
293
+ &.fetch(:requirement)
293
294
 
294
295
  # When updating a subdep there won't be an old requirement
295
296
  next content unless old_req
@@ -316,10 +317,10 @@ module Dependabot
316
317
  next unless req.start_with?("dev-")
317
318
  next if req.include?("#")
318
319
 
319
- commit_sha = parsed_lockfile.
320
- fetch(keys[:lockfile], []).
321
- find { |d| d["name"] == name }&.
322
- dig("source", "reference")
320
+ commit_sha = parsed_lockfile
321
+ .fetch(keys[:lockfile], [])
322
+ .find { |d| d["name"] == name }
323
+ &.dig("source", "reference")
323
324
  updated_req_parts = req.split
324
325
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
325
326
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
@@ -330,13 +331,13 @@ module Dependabot
330
331
  end
331
332
 
332
333
  def git_dependency_reference_error(error)
333
- ref = error.message.match(/checkout '(?<ref>.*?)'/).
334
- named_captures.fetch("ref")
334
+ ref = error.message.match(/checkout '(?<ref>.*?)'/)
335
+ .named_captures.fetch("ref")
335
336
  dependency_name =
336
- JSON.parse(lockfile.content).
337
- values_at("packages", "packages-dev").flatten(1).
338
- find { |dep| dep.dig("source", "reference") == ref }&.
339
- fetch("name")
337
+ JSON.parse(lockfile.content)
338
+ .values_at("packages", "packages-dev").flatten(1)
339
+ .find { |dep| dep.dig("source", "reference") == ref }
340
+ &.fetch("name")
340
341
 
341
342
  raise unless dependency_name
342
343
 
@@ -358,9 +359,9 @@ module Dependabot
358
359
 
359
360
  updated_object = JSON.parse(content)
360
361
  updated_object_package =
361
- updated_object.
362
- fetch(package_type).
363
- find { |d| d["name"] == details["name"] }
362
+ updated_object
363
+ .fetch(package_type)
364
+ .find { |d| d["name"] == details["name"] }
364
365
 
365
366
  next unless updated_object_package
366
367
 
@@ -368,9 +369,9 @@ module Dependabot
368
369
  updated_object_package["extra"]["patches_applied"] = patches
369
370
 
370
371
  content =
371
- JSON.pretty_generate(updated_object, indent: " ").
372
- gsub(/\[\n\n\s*\]/, "[]").
373
- gsub(/\}\z/, "}\n")
372
+ JSON.pretty_generate(updated_object, indent: " ")
373
+ .gsub(/\[\n\n\s*\]/, "[]")
374
+ .gsub(/\}\z/, "}\n")
374
375
  end
375
376
  end
376
377
  content
@@ -405,15 +406,15 @@ module Dependabot
405
406
  updated_object.delete("platform-overrides")
406
407
  end
407
408
 
408
- JSON.pretty_generate(updated_object, indent: " ").
409
- gsub(/\[\n\n\s*\]/, "[]").
410
- gsub(/\}\z/, "}\n")
409
+ JSON.pretty_generate(updated_object, indent: " ")
410
+ .gsub(/\[\n\n\s*\]/, "[]")
411
+ .gsub(/\}\z/, "}\n")
411
412
  end
412
413
 
413
414
  def version_for_reqs(requirements)
414
415
  req_arrays =
415
- requirements.
416
- map { |str| Composer::Requirement.requirements_array(str) }
416
+ requirements
417
+ .map { |str| Composer::Requirement.requirements_array(str) }
417
418
  potential_versions =
418
419
  req_arrays.flatten.map do |req|
419
420
  op, version = req.requirements.first
@@ -425,8 +426,8 @@ module Dependabot
425
426
  end
426
427
 
427
428
  version =
428
- potential_versions.
429
- find do |v|
429
+ potential_versions
430
+ .find do |v|
430
431
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
431
432
  end
432
433
  raise "No matching version for #{requirements}!" unless version
@@ -453,21 +454,21 @@ module Dependabot
453
454
  end
454
455
 
455
456
  def credentials_env
456
- credentials.
457
- select { |c| c.fetch("type") == "php_environment_variable" }.
458
- to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
457
+ credentials
458
+ .select { |c| c.fetch("type") == "php_environment_variable" }
459
+ .to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
459
460
  end
460
461
 
461
462
  def git_credentials
462
- credentials.
463
- select { |cred| cred.fetch("type") == "git_source" }.
464
- select { |cred| cred["password"] }
463
+ credentials
464
+ .select { |cred| cred.fetch("type") == "git_source" }
465
+ .select { |cred| cred["password"] }
465
466
  end
466
467
 
467
468
  def registry_credentials
468
- credentials.
469
- select { |cred| cred.fetch("type") == "composer_repository" }.
470
- select { |cred| cred["password"] }
469
+ credentials
470
+ .select { |cred| cred.fetch("type") == "composer_repository" }
471
+ .select { |cred| cred["password"] }
471
472
  end
472
473
 
473
474
  def initial_platform
data/lib/dependabot/composer/file_updater/manifest_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/composer/file_updater"
@@ -44,14 +45,14 @@ module Dependabot
44
45
  end
45
46
 
46
47
  def old_requirement(dependency, new_requirement)
47
- dependency.previous_requirements.
48
- select { |r| r[:file] == manifest.name }.
49
- find { |r| r[:groups] == new_requirement[:groups] }
48
+ dependency.previous_requirements
49
+ .select { |r| r[:file] == manifest.name }
50
+ .find { |r| r[:groups] == new_requirement[:groups] }
50
51
  end
51
52
 
52
53
  def updated_requirements(dependency)
53
- new_requirements(dependency).
54
- reject { |r| dependency.previous_requirements.include?(r) }
54
+ new_requirements(dependency)
55
+ .reject { |r| dependency.previous_requirements.include?(r) }
55
56
  end
56
57
 
57
58
  def requirement_changed?(file, dependency)
data/lib/dependabot/composer/file_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/file_updaters"
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/composer/version"
data/lib/dependabot/composer/metadata_finder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -17,9 +18,9 @@ module Dependabot
17
18
 
18
19
  def source_from_dependency
19
20
  source_url =
20
- dependency.requirements.
21
- filter_map { |r| r.fetch(:source) }.
22
- first&.fetch(:url, nil)
21
+ dependency.requirements
22
+ .filter_map { |r| r.fetch(:source) }
23
+ .first&.fetch(:url, nil)
23
24
 
24
25
  Source.from_url(source_url)
25
26
  end
@@ -57,5 +58,5 @@ module Dependabot
57
58
  end
58
59
  end
59
60
 
60
- Dependabot::MetadataFinders.
61
- register("composer", Dependabot::Composer::MetadataFinder)
61
+ Dependabot::MetadataFinders
62
+ .register("composer", Dependabot::Composer::MetadataFinder)
data/lib/dependabot/composer/native_helpers.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  module Dependabot
data/lib/dependabot/composer/requirement.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/utils"
@@ -25,9 +26,9 @@ module Dependabot
25
26
 
26
27
  def initialize(*requirements)
27
28
  requirements =
28
- requirements.flatten.
29
- flat_map { |req_string| req_string.split(AND_SEPARATOR) }.
30
- flat_map { |req| convert_php_constraint_to_ruby_constraint(req) }
29
+ requirements.flatten
30
+ .flat_map { |req_string| req_string.split(AND_SEPARATOR) }
31
+ .flat_map { |req| convert_php_constraint_to_ruby_constraint(req) }
31
32
 
32
33
  super(requirements)
33
34
  end
@@ -100,5 +101,5 @@ module Dependabot
100
101
  end
101
102
  end
102
103
 
103
- Dependabot::Utils.
104
- register_requirement_class("composer", Dependabot::Composer::Requirement)
104
+ Dependabot::Utils
105
+ .register_requirement_class("composer", Dependabot::Composer::Requirement)
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -62,8 +63,8 @@ module Dependabot
62
63
 
63
64
  def filter_ignored_versions(versions_array)
64
65
  filtered =
65
- versions_array.
66
- reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
66
+ versions_array
67
+ .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
67
68
 
68
69
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
69
70
  raise AllVersionsIgnored
@@ -75,8 +76,8 @@ module Dependabot
75
76
  def filter_lower_versions(versions_array)
76
77
  return versions_array unless dependency.numeric_version
77
78
 
78
- versions_array.
79
- select { |version| version > dependency.numeric_version }
79
+ versions_array
80
+ .select { |version| version > dependency.numeric_version }
80
81
  end
81
82
 
82
83
  def wants_prerelease?
@@ -89,23 +90,23 @@ module Dependabot
89
90
  end
90
91
 
91
92
  def available_versions
92
- registry_version_details.
93
- select { |version| version_class.correct?(version.gsub(/^v/, "")) }.
94
- map { |version| version_class.new(version.gsub(/^v/, "")) }
93
+ registry_version_details
94
+ .select { |version| version_class.correct?(version.gsub(/^v/, "")) }
95
+ .map { |version| version_class.new(version.gsub(/^v/, "")) }
95
96
  end
96
97
 
97
98
  def registry_version_details
98
99
  return @registry_version_details unless @registry_version_details.nil?
99
100
 
100
101
  repositories =
101
- JSON.parse(composer_file.content).
102
- fetch("repositories", []).
103
- select { |r| r.is_a?(Hash) }
104
-
105
- urls = repositories.
106
- select { |h| h["type"] == "composer" }.
107
- filter_map { |h| h["url"] }.
108
- map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
102
+ JSON.parse(composer_file.content)
103
+ .fetch("repositories", [])
104
+ .select { |r| r.is_a?(Hash) }
105
+
106
+ urls = repositories
107
+ .select { |h| h["type"] == "composer" }
108
+ .filter_map { |h| h["url"] }
109
+ .map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
109
110
 
110
111
  unless repositories.any? { |rep| rep["packagist.org"] == false }
111
112
  urls << "https://repo.packagist.org/p2/#{dependency.name.downcase}.json"
data/lib/dependabot/composer/update_checker/requirements_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  ################################################################################
@@ -57,10 +58,10 @@ module Dependabot
57
58
  req_string = req[:requirement].strip
58
59
  or_string_reqs = req_string.split(OR_SEPARATOR)
59
60
  or_separator = req_string.match(OR_SEPARATOR)&.to_s || " || "
60
- numeric_or_string_reqs = or_string_reqs.
61
- reject { |r| r.strip.start_with?("dev-") }
62
- branch_or_string_reqs = or_string_reqs.
63
- select { |r| r.strip.start_with?("dev-") }
61
+ numeric_or_string_reqs = or_string_reqs
62
+ .reject { |r| r.strip.start_with?("dev-") }
63
+ branch_or_string_reqs = or_string_reqs
64
+ .select { |r| r.strip.start_with?("dev-") }
64
65
 
65
66
  return req unless req_string.match?(/\d/)
66
67
  return req if numeric_or_string_reqs.none?
@@ -136,18 +137,18 @@ module Dependabot
136
137
  end
137
138
 
138
139
  def req_satisfied_by_latest_resolvable?(requirement_string)
139
- ruby_requirements(requirement_string).
140
- any? { |r| r.satisfied_by?(latest_resolvable_version) }
140
+ ruby_requirements(requirement_string)
141
+ .any? { |r| r.satisfied_by?(latest_resolvable_version) }
141
142
  end
142
143
 
143
144
  def update_version_string(req_string)
144
- req_string.
145
- sub(VERSION_REGEX) do |old_version|
145
+ req_string
146
+ .sub(VERSION_REGEX) do |old_version|
146
147
  next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
147
148
 
148
149
  old_parts = old_version.split(".")
149
- new_parts = latest_resolvable_version.to_s.split(".").
150
- first(old_parts.count)
150
+ new_parts = latest_resolvable_version.to_s.split(".")
151
+ .first(old_parts.count)
151
152
  new_parts.map.with_index do |part, i|
152
153
  old_parts[i] == "*" ? "*" : part
153
154
  end.join(".")
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -184,10 +185,10 @@ module Dependabot
184
185
  next unless req.start_with?("dev-")
185
186
  next if req.include?("#")
186
187
 
187
- commit_sha = parsed_lockfile.
188
- fetch(keys[:lockfile], []).
189
- find { |d| d["name"] == name }&.
190
- dig("source", "reference")
188
+ commit_sha = parsed_lockfile
189
+ .fetch(keys[:lockfile], [])
190
+ .find { |d| d["name"] == name }
191
+ &.dig("source", "reference")
191
192
  updated_req_parts = req.split
192
193
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
193
194
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
@@ -206,12 +207,12 @@ module Dependabot
206
207
  ">= #{dependency.version}"
207
208
  else
208
209
  version_for_requirement =
209
- dependency.requirements.filter_map { |r| r[:requirement] }.
210
- reject { |req_string| req_string.start_with?("<") }.
211
- select { |req_string| req_string.match?(VERSION_REGEX) }.
212
- map { |req_string| req_string.match(VERSION_REGEX) }.
213
- select { |version| requirement_valid?(">= #{version}") }.
214
- max_by { |version| Composer::Version.new(version) }
210
+ dependency.requirements.filter_map { |r| r[:requirement] }
211
+ .reject { |req_string| req_string.start_with?("<") }
212
+ .select { |req_string| req_string.match?(VERSION_REGEX) }
213
+ .map { |req_string| req_string.match(VERSION_REGEX) }
214
+ .select { |version| requirement_valid?(">= #{version}") }
215
+ .max_by { |version| Composer::Version.new(version) }
215
216
 
216
217
  ">= #{version_for_requirement || 0}"
217
218
  end
@@ -258,8 +259,8 @@ module Dependabot
258
259
  # These errors occur when platform requirements declared explicitly
259
260
  # in the composer.json aren't met.
260
261
  missing_extensions =
261
- error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
262
- map do |extension_string|
262
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
263
+ .map do |extension_string|
263
264
  name, requirement = extension_string.strip.split(" ", 2)
264
265
  { name: name, requirement: requirement }
265
266
  end
@@ -269,8 +270,8 @@ module Dependabot
269
270
  !initial_platform.empty? &&
270
271
  implicit_platform_reqs_satisfiable?(error.message)
271
272
  missing_extensions =
272
- error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
273
- map do |extension_string|
273
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
274
+ .map do |extension_string|
274
275
  name, requirement = extension_string.strip.split(" ", 2)
275
276
  { name: name, requirement: requirement }
276
277
  end
@@ -352,8 +353,8 @@ module Dependabot
352
353
 
353
354
  def implicit_platform_reqs_satisfiable?(message)
354
355
  missing_extensions =
355
- message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
356
- map do |extension_string|
356
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
357
+ .map do |extension_string|
357
358
  name, requirement = extension_string.strip.split(" ", 2)
358
359
  { name: name, requirement: requirement }
359
360
  end
@@ -376,8 +377,8 @@ module Dependabot
376
377
  rescue SharedHelpers::HelperSubprocessFailed => e
377
378
  if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
378
379
  missing_extensions =
379
- e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
380
- map do |extension_string|
380
+ e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
381
+ .map do |extension_string|
381
382
  name, requirement = extension_string.strip.split(" ", 2)
382
383
  { name: name, requirement: requirement }
383
384
  end
@@ -385,8 +386,8 @@ module Dependabot
385
386
  elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
386
387
  implicit_platform_reqs_satisfiable?(e.message)
387
388
  missing_extensions =
388
- e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
389
- map do |extension_string|
389
+ e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
390
+ .map do |extension_string|
390
391
  name, requirement = extension_string.strip.split(" ", 2)
391
392
  { name: name, requirement: requirement }
392
393
  end
@@ -398,8 +399,8 @@ module Dependabot
398
399
 
399
400
  def version_for_reqs(requirements)
400
401
  req_arrays =
401
- requirements.
402
- map { |str| Composer::Requirement.requirements_array(str) }
402
+ requirements
403
+ .map { |str| Composer::Requirement.requirements_array(str) }
403
404
  potential_versions =
404
405
  req_arrays.flatten.map do |req|
405
406
  op, version = req.requirements.first
@@ -411,8 +412,8 @@ module Dependabot
411
412
  end
412
413
 
413
414
  version =
414
- potential_versions.
415
- find do |v|
415
+ potential_versions
416
+ .find do |v|
416
417
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
417
418
  end
418
419
  return unless version
@@ -501,15 +502,15 @@ module Dependabot
501
502
  end
502
503
 
503
504
  def git_credentials
504
- credentials.
505
- select { |cred| cred["type"] == "git_source" }.
506
- select { |cred| cred["password"] }
505
+ credentials
506
+ .select { |cred| cred["type"] == "git_source" }
507
+ .select { |cred| cred["password"] }
507
508
  end
508
509
 
509
510
  def registry_credentials
510
- credentials.
511
- select { |cred| cred["type"] == "composer_repository" }.
512
- select { |cred| cred["password"] }
511
+ credentials
512
+ .select { |cred| cred["type"] == "composer_repository" }
513
+ .select { |cred| cred["password"] }
513
514
  end
514
515
  end
515
516
  end
data/lib/dependabot/composer/update_checker.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -177,5 +178,5 @@ module Dependabot
177
178
  end
178
179
  end
179
180
 
180
- Dependabot::UpdateCheckers.
181
- register("composer", Dependabot::Composer::UpdateChecker)
181
+ Dependabot::UpdateCheckers
182
+ .register("composer", Dependabot::Composer::UpdateChecker)
data/lib/dependabot/composer/version.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/version"
@@ -22,5 +23,5 @@ module Dependabot
22
23
  end
23
24
  end
24
25
 
25
- Dependabot::Utils.
26
- register_version_class("composer", Dependabot::Composer::Version)
26
+ Dependabot::Utils
27
+ .register_version_class("composer", Dependabot::Composer::Version)
data/lib/dependabot/composer.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  # These all need to be required so the various classes can be registered in a
@@ -11,8 +12,8 @@ require "dependabot/composer/requirement"
11
12
  require "dependabot/composer/version"
12
13
 
13
14
  require "dependabot/pull_request_creator/labeler"
14
- Dependabot::PullRequestCreator::Labeler.
15
- register_label_details("composer", name: "php", colour: "45229e")
15
+ Dependabot::PullRequestCreator::Labeler
16
+ .register_label_details("composer", name: "php", colour: "45229e")
16
17
 
17
18
  require "dependabot/dependency"
18
19
  Dependabot::Dependency.register_production_check(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.230.0
4
+ version: 0.231.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-08 00:00:00.000000000 Z
11
+ date: 2023-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.230.0
19
+ version: 0.231.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.230.0
26
+ version: 0.231.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-sorbet
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.7.3
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.7.3
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: stackprof
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +244,7 @@ licenses:
230
244
  - Nonstandard
231
245
  metadata:
232
246
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
233
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.230.0
247
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
234
248
  post_install_message:
235
249
  rdoc_options: []
236
250
  require_paths: