dependabot-composer 0.238.0 → 0.239.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/v1/build +1 -1
- data/helpers/v2/build +1 -1
- data/lib/dependabot/composer/file_fetcher.rb +46 -3
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +11 -0
- data/lib/dependabot/composer/requirement.rb +8 -2
- data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -0
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 243823ddde365951ade479a3f1342dc58d8167e1a435ac8c802d602c996143c6
|
4
|
+
data.tar.gz: 75877dc0ab7ca581ce37863806997c08b9fce38355ec73444d8d691a874de4ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59d83d007f9422e557ebb0be3ad674eb419b23c93397363b1d1a17f9a731834ab6b7be4da751f790d6a4febc87d29ce33209e408ff60c20d3d635355682cc0bd
|
7
|
+
data.tar.gz: fd0d699b8b885e0247a36307fdd3762c33f3837b9575949ccd301ba449416af24efac36028bd07cd79298dbc9b1766d23fc5a52ec2524d81d38506abcf55f2c6
|
data/helpers/v1/build
CHANGED
data/helpers/v2/build
CHANGED
@@ -37,6 +37,7 @@ module Dependabot
|
|
37
37
|
fetched_files << composer_json
|
38
38
|
fetched_files << composer_lock if composer_lock
|
39
39
|
fetched_files << auth_json if auth_json
|
40
|
+
fetched_files += artifact_dependencies
|
40
41
|
fetched_files += path_dependencies
|
41
42
|
fetched_files
|
42
43
|
end
|
@@ -60,6 +61,41 @@ module Dependabot
|
|
60
61
|
@auth_json = fetch_support_file("auth.json")
|
61
62
|
end
|
62
63
|
|
64
|
+
def artifact_dependencies
|
65
|
+
return @artifact_dependencies if defined?(@artifact_dependencies)
|
66
|
+
|
67
|
+
# Find zip files in the artifact sources and download them.
|
68
|
+
@artifact_dependencies =
|
69
|
+
artifact_sources.map do |url|
|
70
|
+
repo_contents(dir: url)
|
71
|
+
.select { |file| file.type == "file" && file.name.end_with?(".zip") }
|
72
|
+
.map { |file| File.join(url, file.name) }
|
73
|
+
.map do |zip_file|
|
74
|
+
DependencyFile.new(
|
75
|
+
name: zip_file,
|
76
|
+
content: _fetch_file_content(zip_file),
|
77
|
+
directory: directory,
|
78
|
+
type: "file"
|
79
|
+
)
|
80
|
+
end
|
81
|
+
end.flatten
|
82
|
+
|
83
|
+
# Add .gitkeep to all directories in case they are empty. Composer isn't ok with empty directories.
|
84
|
+
@artifact_dependencies += artifact_sources.map do |url|
|
85
|
+
DependencyFile.new(
|
86
|
+
name: File.join(url, ".gitkeep"),
|
87
|
+
content: "",
|
88
|
+
directory: directory,
|
89
|
+
type: "file"
|
90
|
+
)
|
91
|
+
end
|
92
|
+
|
93
|
+
# Don't try to update these files, only used by composer for package resolution.
|
94
|
+
@artifact_dependencies.each { |f| f.support_file = true }
|
95
|
+
|
96
|
+
@artifact_dependencies
|
97
|
+
end
|
98
|
+
|
63
99
|
def path_dependencies
|
64
100
|
@path_dependencies ||=
|
65
101
|
begin
|
@@ -90,8 +126,16 @@ module Dependabot
|
|
90
126
|
end
|
91
127
|
end
|
92
128
|
|
129
|
+
def artifact_sources
|
130
|
+
sources.select { |details| details["type"] == "artifact" }.map { |details| details["url"] }
|
131
|
+
end
|
132
|
+
|
93
133
|
def path_sources
|
94
|
-
|
134
|
+
sources.select { |details| details["type"] == "path" }.map { |details| details["url"] }
|
135
|
+
end
|
136
|
+
|
137
|
+
def sources
|
138
|
+
@sources ||=
|
95
139
|
begin
|
96
140
|
repos = parsed_composer_json.fetch("repositories", [])
|
97
141
|
if repos.is_a?(Hash) || repos.is_a?(Array)
|
@@ -99,8 +143,7 @@ module Dependabot
|
|
99
143
|
repos = repos.select { |r| r.is_a?(Hash) }
|
100
144
|
|
101
145
|
repos
|
102
|
-
.select { |details| details["type"] == "path" }
|
103
|
-
.map { |details| details["url"] }
|
146
|
+
.select { |details| details["type"] == "path" || details["type"] == "artifact" }
|
104
147
|
else
|
105
148
|
[]
|
106
149
|
end
|
@@ -242,6 +242,12 @@ module Dependabot
|
|
242
242
|
end
|
243
243
|
|
244
244
|
def write_temporary_dependency_files
|
245
|
+
artifact_dependencies.each do |file|
|
246
|
+
path = file.name
|
247
|
+
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
248
|
+
File.write(file.name, file.content)
|
249
|
+
end
|
250
|
+
|
245
251
|
path_dependencies.each do |file|
|
246
252
|
path = file.name
|
247
253
|
FileUtils.mkdir_p(Pathname.new(path).dirname)
|
@@ -509,6 +515,11 @@ module Dependabot
|
|
509
515
|
@auth_json ||= dependency_files.find { |f| f.name == "auth.json" }
|
510
516
|
end
|
511
517
|
|
518
|
+
def artifact_dependencies
|
519
|
+
@artifact_dependencies ||=
|
520
|
+
dependency_files.select { |f| f.name.end_with?(".zip", ".gitkeep") }
|
521
|
+
end
|
522
|
+
|
512
523
|
def path_dependencies
|
513
524
|
@path_dependencies ||=
|
514
525
|
dependency_files.select { |f| f.name.end_with?("/composer.json") }
|
@@ -1,11 +1,16 @@
|
|
1
1
|
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
6
|
+
require "dependabot/requirement"
|
4
7
|
require "dependabot/utils"
|
5
8
|
|
6
9
|
module Dependabot
|
7
10
|
module Composer
|
8
|
-
class Requirement <
|
11
|
+
class Requirement < Dependabot::Requirement
|
12
|
+
extend T::Sig
|
13
|
+
|
9
14
|
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
10
15
|
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
11
16
|
|
@@ -18,8 +23,9 @@ module Dependabot
|
|
18
23
|
|
19
24
|
# Returns an array of requirements. At least one requirement from the
|
20
25
|
# returned array must be satisfied for a version to be valid.
|
26
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
21
27
|
def self.requirements_array(requirement_string)
|
22
|
-
requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
|
28
|
+
T.must(requirement_string).strip.split(OR_SEPARATOR).map do |req_string|
|
23
29
|
new(req_string)
|
24
30
|
end
|
25
31
|
end
|
@@ -91,10 +91,18 @@ module Dependabot
|
|
91
91
|
def write_temporary_dependency_files(unlock_requirement: true)
|
92
92
|
write_dependency_file(unlock_requirement: unlock_requirement)
|
93
93
|
write_path_dependency_files
|
94
|
+
write_zipped_path_dependency_files
|
94
95
|
write_lockfile
|
95
96
|
write_auth_file
|
96
97
|
end
|
97
98
|
|
99
|
+
def write_zipped_path_dependency_files
|
100
|
+
zipped_path_dependency_files.each do |file|
|
101
|
+
FileUtils.mkdir_p(Pathname.new(file.name).dirname)
|
102
|
+
File.write(file.name, file.content)
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
98
106
|
def write_dependency_file(unlock_requirement:)
|
99
107
|
File.write(
|
100
108
|
"composer.json",
|
@@ -471,6 +479,11 @@ module Dependabot
|
|
471
479
|
dependency_files.select { |f| f.name.end_with?("/composer.json") }
|
472
480
|
end
|
473
481
|
|
482
|
+
def zipped_path_dependency_files
|
483
|
+
@zipped_path_dependency_files ||=
|
484
|
+
dependency_files.select { |f| f.name.end_with?(".zip", ".gitkeep") }
|
485
|
+
end
|
486
|
+
|
474
487
|
def lockfile
|
475
488
|
@lockfile ||=
|
476
489
|
dependency_files.find { |f| f.name == "composer.lock" }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.239.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-12-
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.239.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.239.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.58.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.58.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -258,7 +258,7 @@ licenses:
|
|
258
258
|
- Nonstandard
|
259
259
|
metadata:
|
260
260
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
261
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
261
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
262
262
|
post_install_message:
|
263
263
|
rdoc_options: []
|
264
264
|
require_paths:
|