dependabot-composer 0.230.0 → 0.232.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_fetcher/path_dependency_builder.rb +3 -2
  3. data/lib/dependabot/composer/file_fetcher.rb +17 -16
  4. data/lib/dependabot/composer/file_parser.rb +5 -4
  5. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +47 -46
  6. data/lib/dependabot/composer/file_updater/manifest_updater.rb +6 -5
  7. data/lib/dependabot/composer/file_updater.rb +1 -0
  8. data/lib/dependabot/composer/helpers.rb +1 -0
  9. data/lib/dependabot/composer/metadata_finder.rb +6 -5
  10. data/lib/dependabot/composer/native_helpers.rb +1 -0
  11. data/lib/dependabot/composer/requirement.rb +6 -5
  12. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +16 -15
  13. data/lib/dependabot/composer/update_checker/requirements_updater.rb +11 -10
  14. data/lib/dependabot/composer/update_checker/version_resolver.rb +31 -30
  15. data/lib/dependabot/composer/update_checker.rb +3 -2
  16. data/lib/dependabot/composer/version.rb +3 -2
  17. data/lib/dependabot/composer.rb +3 -2
  18. metadata +19 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a616ac1f8585d909dab986a81b6d5fdc91f2e5ceef146468412445481aaef41f
4
- data.tar.gz: 95a7f04a69c9c39faa7f9c0491238d2a9174e9ab817639b98930e64cac19d904
3
+ metadata.gz: e6ee9d2713c67203e08765c34b290b474f54f09dd6fc301fc1b69c38fa08cf28
4
+ data.tar.gz: e5ee304eb85d6333c9136dd1cc7bbd26b1db21197b25956294967b80b4f1690b
5
5
  SHA512:
6
- metadata.gz: d2d91c86bff8595ca6c4ad76cb4d69ebd90eba7e81f4636caf0654805f491087ea5ef2ec55df4c9baa7d0aa26ca0882eea4ad8d3125c847df8630f786073c96c
7
- data.tar.gz: 8bf8453d50f4cbcd2154df4e44f4a47a63227a6c1b923ce26940bf0646003c45bf180e7317721df371b642fd60c20e25a038ad390c9bf6acb485a9914996f565
6
+ metadata.gz: 9535dda677fc9be6a2e049bcd364c273e2a2d1b9de3733ab0a92d68f2b292e55747d5422bf678fd58f0684635d651f210feb9b2e5fbece817fca69e2b991543d
7
+ data.tar.gz: a0bb045eb36b50be8d771a1fb8b2c5b9a37def243ec1bf8728007c07da6dedf549c5921440dfc250e496e502070bb5daf3e954d47c383ac77702469346a1593b
data/lib/dependabot/composer/file_fetcher/path_dependency_builder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -37,8 +38,8 @@ module Dependabot
37
38
  attr_reader :path, :lockfile, :directory
38
39
 
39
40
  def details_from_lockfile
40
- keys = FileParser::DEPENDENCY_GROUP_KEYS.
41
- map { |h| h.fetch(:lockfile) }
41
+ keys = FileParser::DEPENDENCY_GROUP_KEYS
42
+ .map { |h| h.fetch(:lockfile) }
42
43
 
43
44
  keys.each do |key|
44
45
  next unless parsed_lockfile[key]
data/lib/dependabot/composer/file_fetcher.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -91,9 +92,9 @@ module Dependabot
91
92
  repos = repos.values if repos.is_a?(Hash)
92
93
  repos = repos.select { |r| r.is_a?(Hash) }
93
94
 
94
- repos.
95
- select { |details| details["type"] == "path" }.
96
- map { |details| details["url"] }
95
+ repos
96
+ .select { |details| details["type"] == "path" }
97
+ .map { |details| details["url"] }
97
98
  else
98
99
  []
99
100
  end
@@ -117,34 +118,34 @@ module Dependabot
117
118
  path = path.gsub(%r{\*/$}, "")
118
119
  wildcard_depth += 1
119
120
  end
120
- directories = repo_contents(dir: path).
121
- select { |file| file.type == "dir" }.
122
- map { |f| File.join(path, f.name) }
121
+ directories = repo_contents(dir: path)
122
+ .select { |file| file.type == "dir" }
123
+ .map { |f| File.join(path, f.name) }
123
124
 
124
125
  while wildcard_depth.positive?
125
126
  directories.each do |dir|
126
- directories += repo_contents(dir: dir).
127
- select { |file| file.type == "dir" }.
128
- map { |f| File.join(dir, f.name) }
127
+ directories += repo_contents(dir: dir)
128
+ .select { |file| file.type == "dir" }
129
+ .map { |f| File.join(dir, f.name) }
129
130
  end
130
131
  wildcard_depth -= 1
131
132
  end
132
133
  directories
133
134
  rescue Octokit::NotFound, Gitlab::Error::NotFound
134
- lockfile_path_dependency_paths.
135
- select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
135
+ lockfile_path_dependency_paths
136
+ .select { |p| p.to_s.start_with?(path.gsub(/\*$/, "")) }
136
137
  end
137
138
 
138
139
  def lockfile_path_dependency_paths
139
- keys = FileParser::DEPENDENCY_GROUP_KEYS.
140
- map { |h| h.fetch(:lockfile) }
140
+ keys = FileParser::DEPENDENCY_GROUP_KEYS
141
+ .map { |h| h.fetch(:lockfile) }
141
142
 
142
143
  keys.flat_map do |key|
143
144
  next [] unless parsed_lockfile[key]
144
145
 
145
- parsed_lockfile[key].
146
- select { |details| details.dig("dist", "type") == "path" }.
147
- map { |details| details.dig("dist", "url") }
146
+ parsed_lockfile[key]
147
+ .select { |details| details.dig("dist", "type") == "path" }
148
+ .map { |details| details.dig("dist", "url") }
148
149
  end
149
150
  end
150
151
 
data/lib/dependabot/composer/file_parser.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/dependency"
@@ -149,10 +150,10 @@ module Dependabot
149
150
 
150
151
  branch =
151
152
  if requirement.start_with?("dev-")
152
- requirement.
153
- sub(/^dev-/, "").
154
- sub(/\s+as\s.*/, "").
155
- split("#").first
153
+ requirement
154
+ .sub(/^dev-/, "")
155
+ .sub(/\s+as\s.*/, "")
156
+ .split("#").first
156
157
  elsif package_details.fetch("version")&.to_s&.start_with?("dev-")
157
158
  package_details.fetch("version")&.to_s&.sub(/^dev-/, "")
158
159
  end
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/shared_helpers"
@@ -137,8 +138,8 @@ module Dependabot
137
138
  # These errors occur when platform requirements declared explicitly
138
139
  # in the composer.json aren't met.
139
140
  missing_extensions =
140
- error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
141
- map do |extension_string|
141
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
142
+ .map do |extension_string|
142
143
  name, requirement = extension_string.strip.split(" ", 2)
143
144
  { name: name, requirement: requirement }
144
145
  end
@@ -148,8 +149,8 @@ module Dependabot
148
149
  !initial_platform.empty? &&
149
150
  implicit_platform_reqs_satisfiable?(error.message)
150
151
  missing_extensions =
151
- error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
152
- map do |extension_string|
152
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
153
+ .map do |extension_string|
153
154
  name, requirement = extension_string.strip.split(" ", 2)
154
155
  { name: name, requirement: requirement }
155
156
  end
@@ -171,14 +172,14 @@ module Dependabot
171
172
  end
172
173
 
173
174
  if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
174
- dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR).
175
- named_captures.fetch("url")
175
+ dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE_WITH_MIRROR)
176
+ .named_captures.fetch("url")
176
177
  raise Dependabot::GitDependenciesNotReachable, dependency_url
177
178
  end
178
179
 
179
180
  if error.message.match?(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
180
- dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE).
181
- named_captures.fetch("url")
181
+ dependency_url = error.message.match(UpdateChecker::VersionResolver::FAILED_GIT_CLONE)
182
+ .named_captures.fetch("url")
182
183
  raise Dependabot::GitDependenciesNotReachable, dependency_url
183
184
  end
184
185
 
@@ -205,8 +206,8 @@ module Dependabot
205
206
  raise Dependabot::OutOfMemory if error.message.start_with?("Allowed memory size")
206
207
 
207
208
  if error.message.include?("403 Forbidden")
208
- source = error.message.match(%r{https?://(?<source>[^/]+)/}).
209
- named_captures.fetch("source")
209
+ source = error.message.match(%r{https?://(?<source>[^/]+)/})
210
+ .named_captures.fetch("source")
210
211
  raise PrivateSourceAuthenticationFailure, source
211
212
  end
212
213
 
@@ -237,8 +238,8 @@ module Dependabot
237
238
 
238
239
  def implicit_platform_reqs_satisfiable?(message)
239
240
  missing_extensions =
240
- message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
241
- map do |extension_string|
241
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
242
+ .map do |extension_string|
242
243
  name, requirement = extension_string.strip.split(" ", 2)
243
244
  { name: name, requirement: requirement }
244
245
  end
@@ -288,8 +289,8 @@ module Dependabot
288
289
  next content unless Composer::Version.correct?(updated_req)
289
290
 
290
291
  old_req =
291
- dep.requirements.find { |r| r[:file] == "composer.json" }&.
292
- fetch(:requirement)
292
+ dep.requirements.find { |r| r[:file] == "composer.json" }
293
+ &.fetch(:requirement)
293
294
 
294
295
  # When updating a subdep there won't be an old requirement
295
296
  next content unless old_req
@@ -316,10 +317,10 @@ module Dependabot
316
317
  next unless req.start_with?("dev-")
317
318
  next if req.include?("#")
318
319
 
319
- commit_sha = parsed_lockfile.
320
- fetch(keys[:lockfile], []).
321
- find { |d| d["name"] == name }&.
322
- dig("source", "reference")
320
+ commit_sha = parsed_lockfile
321
+ .fetch(keys[:lockfile], [])
322
+ .find { |d| d["name"] == name }
323
+ &.dig("source", "reference")
323
324
  updated_req_parts = req.split
324
325
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
325
326
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
@@ -330,13 +331,13 @@ module Dependabot
330
331
  end
331
332
 
332
333
  def git_dependency_reference_error(error)
333
- ref = error.message.match(/checkout '(?<ref>.*?)'/).
334
- named_captures.fetch("ref")
334
+ ref = error.message.match(/checkout '(?<ref>.*?)'/)
335
+ .named_captures.fetch("ref")
335
336
  dependency_name =
336
- JSON.parse(lockfile.content).
337
- values_at("packages", "packages-dev").flatten(1).
338
- find { |dep| dep.dig("source", "reference") == ref }&.
339
- fetch("name")
337
+ JSON.parse(lockfile.content)
338
+ .values_at("packages", "packages-dev").flatten(1)
339
+ .find { |dep| dep.dig("source", "reference") == ref }
340
+ &.fetch("name")
340
341
 
341
342
  raise unless dependency_name
342
343
 
@@ -358,9 +359,9 @@ module Dependabot
358
359
 
359
360
  updated_object = JSON.parse(content)
360
361
  updated_object_package =
361
- updated_object.
362
- fetch(package_type).
363
- find { |d| d["name"] == details["name"] }
362
+ updated_object
363
+ .fetch(package_type)
364
+ .find { |d| d["name"] == details["name"] }
364
365
 
365
366
  next unless updated_object_package
366
367
 
@@ -368,9 +369,9 @@ module Dependabot
368
369
  updated_object_package["extra"]["patches_applied"] = patches
369
370
 
370
371
  content =
371
- JSON.pretty_generate(updated_object, indent: " ").
372
- gsub(/\[\n\n\s*\]/, "[]").
373
- gsub(/\}\z/, "}\n")
372
+ JSON.pretty_generate(updated_object, indent: " ")
373
+ .gsub(/\[\n\n\s*\]/, "[]")
374
+ .gsub(/\}\z/, "}\n")
374
375
  end
375
376
  end
376
377
  content
@@ -405,15 +406,15 @@ module Dependabot
405
406
  updated_object.delete("platform-overrides")
406
407
  end
407
408
 
408
- JSON.pretty_generate(updated_object, indent: " ").
409
- gsub(/\[\n\n\s*\]/, "[]").
410
- gsub(/\}\z/, "}\n")
409
+ JSON.pretty_generate(updated_object, indent: " ")
410
+ .gsub(/\[\n\n\s*\]/, "[]")
411
+ .gsub(/\}\z/, "}\n")
411
412
  end
412
413
 
413
414
  def version_for_reqs(requirements)
414
415
  req_arrays =
415
- requirements.
416
- map { |str| Composer::Requirement.requirements_array(str) }
416
+ requirements
417
+ .map { |str| Composer::Requirement.requirements_array(str) }
417
418
  potential_versions =
418
419
  req_arrays.flatten.map do |req|
419
420
  op, version = req.requirements.first
@@ -425,8 +426,8 @@ module Dependabot
425
426
  end
426
427
 
427
428
  version =
428
- potential_versions.
429
- find do |v|
429
+ potential_versions
430
+ .find do |v|
430
431
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
431
432
  end
432
433
  raise "No matching version for #{requirements}!" unless version
@@ -453,21 +454,21 @@ module Dependabot
453
454
  end
454
455
 
455
456
  def credentials_env
456
- credentials.
457
- select { |c| c.fetch("type") == "php_environment_variable" }.
458
- to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
457
+ credentials
458
+ .select { |c| c.fetch("type") == "php_environment_variable" }
459
+ .to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
459
460
  end
460
461
 
461
462
  def git_credentials
462
- credentials.
463
- select { |cred| cred.fetch("type") == "git_source" }.
464
- select { |cred| cred["password"] }
463
+ credentials
464
+ .select { |cred| cred.fetch("type") == "git_source" }
465
+ .select { |cred| cred["password"] }
465
466
  end
466
467
 
467
468
  def registry_credentials
468
- credentials.
469
- select { |cred| cred.fetch("type") == "composer_repository" }.
470
- select { |cred| cred["password"] }
469
+ credentials
470
+ .select { |cred| cred.fetch("type") == "composer_repository" }
471
+ .select { |cred| cred["password"] }
471
472
  end
472
473
 
473
474
  def initial_platform
data/lib/dependabot/composer/file_updater/manifest_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/composer/file_updater"
@@ -44,14 +45,14 @@ module Dependabot
44
45
  end
45
46
 
46
47
  def old_requirement(dependency, new_requirement)
47
- dependency.previous_requirements.
48
- select { |r| r[:file] == manifest.name }.
49
- find { |r| r[:groups] == new_requirement[:groups] }
48
+ dependency.previous_requirements
49
+ .select { |r| r[:file] == manifest.name }
50
+ .find { |r| r[:groups] == new_requirement[:groups] }
50
51
  end
51
52
 
52
53
  def updated_requirements(dependency)
53
- new_requirements(dependency).
54
- reject { |r| dependency.previous_requirements.include?(r) }
54
+ new_requirements(dependency)
55
+ .reject { |r| dependency.previous_requirements.include?(r) }
55
56
  end
56
57
 
57
58
  def requirement_changed?(file, dependency)
data/lib/dependabot/composer/file_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/file_updaters"
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/composer/version"
data/lib/dependabot/composer/metadata_finder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -17,9 +18,9 @@ module Dependabot
17
18
 
18
19
  def source_from_dependency
19
20
  source_url =
20
- dependency.requirements.
21
- filter_map { |r| r.fetch(:source) }.
22
- first&.fetch(:url, nil)
21
+ dependency.requirements
22
+ .filter_map { |r| r.fetch(:source) }
23
+ .first&.fetch(:url, nil)
23
24
 
24
25
  Source.from_url(source_url)
25
26
  end
@@ -57,5 +58,5 @@ module Dependabot
57
58
  end
58
59
  end
59
60
 
60
- Dependabot::MetadataFinders.
61
- register("composer", Dependabot::Composer::MetadataFinder)
61
+ Dependabot::MetadataFinders
62
+ .register("composer", Dependabot::Composer::MetadataFinder)
data/lib/dependabot/composer/native_helpers.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  module Dependabot
data/lib/dependabot/composer/requirement.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/utils"
@@ -25,9 +26,9 @@ module Dependabot
25
26
 
26
27
  def initialize(*requirements)
27
28
  requirements =
28
- requirements.flatten.
29
- flat_map { |req_string| req_string.split(AND_SEPARATOR) }.
30
- flat_map { |req| convert_php_constraint_to_ruby_constraint(req) }
29
+ requirements.flatten
30
+ .flat_map { |req_string| req_string.split(AND_SEPARATOR) }
31
+ .flat_map { |req| convert_php_constraint_to_ruby_constraint(req) }
31
32
 
32
33
  super(requirements)
33
34
  end
@@ -100,5 +101,5 @@ module Dependabot
100
101
  end
101
102
  end
102
103
 
103
- Dependabot::Utils.
104
- register_requirement_class("composer", Dependabot::Composer::Requirement)
104
+ Dependabot::Utils
105
+ .register_requirement_class("composer", Dependabot::Composer::Requirement)
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "excon"
@@ -62,8 +63,8 @@ module Dependabot
62
63
 
63
64
  def filter_ignored_versions(versions_array)
64
65
  filtered =
65
- versions_array.
66
- reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
66
+ versions_array
67
+ .reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
67
68
 
68
69
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
69
70
  raise AllVersionsIgnored
@@ -75,8 +76,8 @@ module Dependabot
75
76
  def filter_lower_versions(versions_array)
76
77
  return versions_array unless dependency.numeric_version
77
78
 
78
- versions_array.
79
- select { |version| version > dependency.numeric_version }
79
+ versions_array
80
+ .select { |version| version > dependency.numeric_version }
80
81
  end
81
82
 
82
83
  def wants_prerelease?
@@ -89,23 +90,23 @@ module Dependabot
89
90
  end
90
91
 
91
92
  def available_versions
92
- registry_version_details.
93
- select { |version| version_class.correct?(version.gsub(/^v/, "")) }.
94
- map { |version| version_class.new(version.gsub(/^v/, "")) }
93
+ registry_version_details
94
+ .select { |version| version_class.correct?(version.gsub(/^v/, "")) }
95
+ .map { |version| version_class.new(version.gsub(/^v/, "")) }
95
96
  end
96
97
 
97
98
  def registry_version_details
98
99
  return @registry_version_details unless @registry_version_details.nil?
99
100
 
100
101
  repositories =
101
- JSON.parse(composer_file.content).
102
- fetch("repositories", []).
103
- select { |r| r.is_a?(Hash) }
104
-
105
- urls = repositories.
106
- select { |h| h["type"] == "composer" }.
107
- filter_map { |h| h["url"] }.
108
- map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
102
+ JSON.parse(composer_file.content)
103
+ .fetch("repositories", [])
104
+ .select { |r| r.is_a?(Hash) }
105
+
106
+ urls = repositories
107
+ .select { |h| h["type"] == "composer" }
108
+ .filter_map { |h| h["url"] }
109
+ .map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
109
110
 
110
111
  unless repositories.any? { |rep| rep["packagist.org"] == false }
111
112
  urls << "https://repo.packagist.org/p2/#{dependency.name.downcase}.json"
data/lib/dependabot/composer/update_checker/requirements_updater.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  ################################################################################
@@ -57,10 +58,10 @@ module Dependabot
57
58
  req_string = req[:requirement].strip
58
59
  or_string_reqs = req_string.split(OR_SEPARATOR)
59
60
  or_separator = req_string.match(OR_SEPARATOR)&.to_s || " || "
60
- numeric_or_string_reqs = or_string_reqs.
61
- reject { |r| r.strip.start_with?("dev-") }
62
- branch_or_string_reqs = or_string_reqs.
63
- select { |r| r.strip.start_with?("dev-") }
61
+ numeric_or_string_reqs = or_string_reqs
62
+ .reject { |r| r.strip.start_with?("dev-") }
63
+ branch_or_string_reqs = or_string_reqs
64
+ .select { |r| r.strip.start_with?("dev-") }
64
65
 
65
66
  return req unless req_string.match?(/\d/)
66
67
  return req if numeric_or_string_reqs.none?
@@ -136,18 +137,18 @@ module Dependabot
136
137
  end
137
138
 
138
139
  def req_satisfied_by_latest_resolvable?(requirement_string)
139
- ruby_requirements(requirement_string).
140
- any? { |r| r.satisfied_by?(latest_resolvable_version) }
140
+ ruby_requirements(requirement_string)
141
+ .any? { |r| r.satisfied_by?(latest_resolvable_version) }
141
142
  end
142
143
 
143
144
  def update_version_string(req_string)
144
- req_string.
145
- sub(VERSION_REGEX) do |old_version|
145
+ req_string
146
+ .sub(VERSION_REGEX) do |old_version|
146
147
  next latest_resolvable_version.to_s unless req_string.match?(/[~*\^]/)
147
148
 
148
149
  old_parts = old_version.split(".")
149
- new_parts = latest_resolvable_version.to_s.split(".").
150
- first(old_parts.count)
150
+ new_parts = latest_resolvable_version.to_s.split(".")
151
+ .first(old_parts.count)
151
152
  new_parts.map.with_index do |part, i|
152
153
  old_parts[i] == "*" ? "*" : part
153
154
  end.join(".")
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: false
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -184,10 +185,10 @@ module Dependabot
184
185
  next unless req.start_with?("dev-")
185
186
  next if req.include?("#")
186
187
 
187
- commit_sha = parsed_lockfile.
188
- fetch(keys[:lockfile], []).
189
- find { |d| d["name"] == name }&.
190
- dig("source", "reference")
188
+ commit_sha = parsed_lockfile
189
+ .fetch(keys[:lockfile], [])
190
+ .find { |d| d["name"] == name }
191
+ &.dig("source", "reference")
191
192
  updated_req_parts = req.split
192
193
  updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
193
194
  json[keys[:manifest]][name] = updated_req_parts.join(" ")
@@ -206,12 +207,12 @@ module Dependabot
206
207
  ">= #{dependency.version}"
207
208
  else
208
209
  version_for_requirement =
209
- dependency.requirements.filter_map { |r| r[:requirement] }.
210
- reject { |req_string| req_string.start_with?("<") }.
211
- select { |req_string| req_string.match?(VERSION_REGEX) }.
212
- map { |req_string| req_string.match(VERSION_REGEX) }.
213
- select { |version| requirement_valid?(">= #{version}") }.
214
- max_by { |version| Composer::Version.new(version) }
210
+ dependency.requirements.filter_map { |r| r[:requirement] }
211
+ .reject { |req_string| req_string.start_with?("<") }
212
+ .select { |req_string| req_string.match?(VERSION_REGEX) }
213
+ .map { |req_string| req_string.match(VERSION_REGEX) }
214
+ .select { |version| requirement_valid?(">= #{version}") }
215
+ .max_by { |version| Composer::Version.new(version) }
215
216
 
216
217
  ">= #{version_for_requirement || 0}"
217
218
  end
@@ -258,8 +259,8 @@ module Dependabot
258
259
  # These errors occur when platform requirements declared explicitly
259
260
  # in the composer.json aren't met.
260
261
  missing_extensions =
261
- error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
262
- map do |extension_string|
262
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
263
+ .map do |extension_string|
263
264
  name, requirement = extension_string.strip.split(" ", 2)
264
265
  { name: name, requirement: requirement }
265
266
  end
@@ -269,8 +270,8 @@ module Dependabot
269
270
  !initial_platform.empty? &&
270
271
  implicit_platform_reqs_satisfiable?(error.message)
271
272
  missing_extensions =
272
- error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
273
- map do |extension_string|
273
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
274
+ .map do |extension_string|
274
275
  name, requirement = extension_string.strip.split(" ", 2)
275
276
  { name: name, requirement: requirement }
276
277
  end
@@ -352,8 +353,8 @@ module Dependabot
352
353
 
353
354
  def implicit_platform_reqs_satisfiable?(message)
354
355
  missing_extensions =
355
- message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
356
- map do |extension_string|
356
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
357
+ .map do |extension_string|
357
358
  name, requirement = extension_string.strip.split(" ", 2)
358
359
  { name: name, requirement: requirement }
359
360
  end
@@ -376,8 +377,8 @@ module Dependabot
376
377
  rescue SharedHelpers::HelperSubprocessFailed => e
377
378
  if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
378
379
  missing_extensions =
379
- e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
380
- map do |extension_string|
380
+ e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
381
+ .map do |extension_string|
381
382
  name, requirement = extension_string.strip.split(" ", 2)
382
383
  { name: name, requirement: requirement }
383
384
  end
@@ -385,8 +386,8 @@ module Dependabot
385
386
  elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
386
387
  implicit_platform_reqs_satisfiable?(e.message)
387
388
  missing_extensions =
388
- e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
389
- map do |extension_string|
389
+ e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
390
+ .map do |extension_string|
390
391
  name, requirement = extension_string.strip.split(" ", 2)
391
392
  { name: name, requirement: requirement }
392
393
  end
@@ -398,8 +399,8 @@ module Dependabot
398
399
 
399
400
  def version_for_reqs(requirements)
400
401
  req_arrays =
401
- requirements.
402
- map { |str| Composer::Requirement.requirements_array(str) }
402
+ requirements
403
+ .map { |str| Composer::Requirement.requirements_array(str) }
403
404
  potential_versions =
404
405
  req_arrays.flatten.map do |req|
405
406
  op, version = req.requirements.first
@@ -411,8 +412,8 @@ module Dependabot
411
412
  end
412
413
 
413
414
  version =
414
- potential_versions.
415
- find do |v|
415
+ potential_versions
416
+ .find do |v|
416
417
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
417
418
  end
418
419
  return unless version
@@ -501,15 +502,15 @@ module Dependabot
501
502
  end
502
503
 
503
504
  def git_credentials
504
- credentials.
505
- select { |cred| cred["type"] == "git_source" }.
506
- select { |cred| cred["password"] }
505
+ credentials
506
+ .select { |cred| cred["type"] == "git_source" }
507
+ .select { |cred| cred["password"] }
507
508
  end
508
509
 
509
510
  def registry_credentials
510
- credentials.
511
- select { |cred| cred["type"] == "composer_repository" }.
512
- select { |cred| cred["password"] }
511
+ credentials
512
+ .select { |cred| cred["type"] == "composer_repository" }
513
+ .select { |cred| cred["password"] }
513
514
  end
514
515
  end
515
516
  end
data/lib/dependabot/composer/update_checker.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "json"
@@ -177,5 +178,5 @@ module Dependabot
177
178
  end
178
179
  end
179
180
 
180
- Dependabot::UpdateCheckers.
181
- register("composer", Dependabot::Composer::UpdateChecker)
181
+ Dependabot::UpdateCheckers
182
+ .register("composer", Dependabot::Composer::UpdateChecker)
data/lib/dependabot/composer/version.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  require "dependabot/version"
@@ -22,5 +23,5 @@ module Dependabot
22
23
  end
23
24
  end
24
25
 
25
- Dependabot::Utils.
26
- register_version_class("composer", Dependabot::Composer::Version)
26
+ Dependabot::Utils
27
+ .register_version_class("composer", Dependabot::Composer::Version)
data/lib/dependabot/composer.rb CHANGED
@@ -1,3 +1,4 @@
1
+ # typed: true
1
2
  # frozen_string_literal: true
2
3
 
3
4
  # These all need to be required so the various classes can be registered in a
@@ -11,8 +12,8 @@ require "dependabot/composer/requirement"
11
12
  require "dependabot/composer/version"
12
13
 
13
14
  require "dependabot/pull_request_creator/labeler"
14
- Dependabot::PullRequestCreator::Labeler.
15
- register_label_details("composer", name: "php", colour: "45229e")
15
+ Dependabot::PullRequestCreator::Labeler
16
+ .register_label_details("composer", name: "php", colour: "45229e")
16
17
 
17
18
  require "dependabot/dependency"
18
19
  Dependabot::Dependency.register_production_check(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.230.0
4
+ version: 0.232.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-09-08 00:00:00.000000000 Z
11
+ date: 2023-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.230.0
19
+ version: 0.232.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.230.0
26
+ version: 0.232.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.19.0
139
+ - !ruby/object:Gem::Dependency
140
+ name: rubocop-sorbet
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: 0.7.3
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: 0.7.3
139
153
  - !ruby/object:Gem::Dependency
140
154
  name: stackprof
141
155
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +244,7 @@ licenses:
230
244
  - Nonstandard
231
245
  metadata:
232
246
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
233
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.230.0
247
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
234
248
  post_install_message:
235
249
  rdoc_options: []
236
250
  require_paths: