dependabot-composer 0.238.0 → 0.239.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/build +1 -1
  3. data/helpers/v2/build +1 -1
  4. data/lib/dependabot/composer/file_fetcher.rb +46 -3
  5. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +11 -0
  6. data/lib/dependabot/composer/requirement.rb +8 -2
  7. data/lib/dependabot/composer/update_checker/version_resolver.rb +13 -0
  8. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1b8037a1e1283d33035f449b4c622fea79ea2a08545cd79155baf6f8dbdb4e79
4
- data.tar.gz: 1fe6a98682abde302f7c33dba4e7772c4f919b022e7fd8dc02d236ecaac3abf5
3
+ metadata.gz: 243823ddde365951ade479a3f1342dc58d8167e1a435ac8c802d602c996143c6
4
+ data.tar.gz: 75877dc0ab7ca581ce37863806997c08b9fce38355ec73444d8d691a874de4ce
5
5
  SHA512:
6
- metadata.gz: f93a2b0223c2a611541d89ac0c13dae8608c9af250a28c3132a8b5c629af37d33fa2ca3eb9abe6d7753bddb65768e198f71c2128cdc4317565ee75d299390b16
7
- data.tar.gz: 88dedd07728d42dc6e92617a2ccf6f4c791ae190e9528c66b3c392c2ad31363cfb210e506b2aa56dccd74212e20aba30a83c5a7ff0f848175687668bd6cb08d7
6
+ metadata.gz: 59d83d007f9422e557ebb0be3ad674eb419b23c93397363b1d1a17f9a731834ab6b7be4da751f790d6a4febc87d29ce33209e408ff60c20d3d635355682cc0bd
7
+ data.tar.gz: fd0d699b8b885e0247a36307fdd3762c33f3837b9575949ccd301ba449416af24efac36028bd07cd79298dbc9b1766d23fc5a52ec2524d81d38506abcf55f2c6
data/helpers/v1/build CHANGED
@@ -1,4 +1,4 @@
1
- #!/bin/bash
1
+ #!/usr/bin/env bash
2
2
 
3
3
  set -e
4
4
 
data/helpers/v2/build CHANGED
@@ -1,4 +1,4 @@
1
- #!/bin/bash
1
+ #!/usr/bin/env bash
2
2
 
3
3
  set -e
4
4
 
data/lib/dependabot/composer/file_fetcher.rb CHANGED
@@ -37,6 +37,7 @@ module Dependabot
37
37
  fetched_files << composer_json
38
38
  fetched_files << composer_lock if composer_lock
39
39
  fetched_files << auth_json if auth_json
40
+ fetched_files += artifact_dependencies
40
41
  fetched_files += path_dependencies
41
42
  fetched_files
42
43
  end
@@ -60,6 +61,41 @@ module Dependabot
60
61
  @auth_json = fetch_support_file("auth.json")
61
62
  end
62
63
 
64
+ def artifact_dependencies
65
+ return @artifact_dependencies if defined?(@artifact_dependencies)
66
+
67
+ # Find zip files in the artifact sources and download them.
68
+ @artifact_dependencies =
69
+ artifact_sources.map do |url|
70
+ repo_contents(dir: url)
71
+ .select { |file| file.type == "file" && file.name.end_with?(".zip") }
72
+ .map { |file| File.join(url, file.name) }
73
+ .map do |zip_file|
74
+ DependencyFile.new(
75
+ name: zip_file,
76
+ content: _fetch_file_content(zip_file),
77
+ directory: directory,
78
+ type: "file"
79
+ )
80
+ end
81
+ end.flatten
82
+
83
+ # Add .gitkeep to all directories in case they are empty. Composer isn't ok with empty directories.
84
+ @artifact_dependencies += artifact_sources.map do |url|
85
+ DependencyFile.new(
86
+ name: File.join(url, ".gitkeep"),
87
+ content: "",
88
+ directory: directory,
89
+ type: "file"
90
+ )
91
+ end
92
+
93
+ # Don't try to update these files, only used by composer for package resolution.
94
+ @artifact_dependencies.each { |f| f.support_file = true }
95
+
96
+ @artifact_dependencies
97
+ end
98
+
63
99
  def path_dependencies
64
100
  @path_dependencies ||=
65
101
  begin
@@ -90,8 +126,16 @@ module Dependabot
90
126
  end
91
127
  end
92
128
 
129
+ def artifact_sources
130
+ sources.select { |details| details["type"] == "artifact" }.map { |details| details["url"] }
131
+ end
132
+
93
133
  def path_sources
94
- @path_sources ||=
134
+ sources.select { |details| details["type"] == "path" }.map { |details| details["url"] }
135
+ end
136
+
137
+ def sources
138
+ @sources ||=
95
139
  begin
96
140
  repos = parsed_composer_json.fetch("repositories", [])
97
141
  if repos.is_a?(Hash) || repos.is_a?(Array)
@@ -99,8 +143,7 @@ module Dependabot
99
143
  repos = repos.select { |r| r.is_a?(Hash) }
100
144
 
101
145
  repos
102
- .select { |details| details["type"] == "path" }
103
- .map { |details| details["url"] }
146
+ .select { |details| details["type"] == "path" || details["type"] == "artifact" }
104
147
  else
105
148
  []
106
149
  end
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -242,6 +242,12 @@ module Dependabot
242
242
  end
243
243
 
244
244
  def write_temporary_dependency_files
245
+ artifact_dependencies.each do |file|
246
+ path = file.name
247
+ FileUtils.mkdir_p(Pathname.new(path).dirname)
248
+ File.write(file.name, file.content)
249
+ end
250
+
245
251
  path_dependencies.each do |file|
246
252
  path = file.name
247
253
  FileUtils.mkdir_p(Pathname.new(path).dirname)
@@ -509,6 +515,11 @@ module Dependabot
509
515
  @auth_json ||= dependency_files.find { |f| f.name == "auth.json" }
510
516
  end
511
517
 
518
+ def artifact_dependencies
519
+ @artifact_dependencies ||=
520
+ dependency_files.select { |f| f.name.end_with?(".zip", ".gitkeep") }
521
+ end
522
+
512
523
  def path_dependencies
513
524
  @path_dependencies ||=
514
525
  dependency_files.select { |f| f.name.end_with?("/composer.json") }
data/lib/dependabot/composer/requirement.rb CHANGED
@@ -1,11 +1,16 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
6
+ require "dependabot/requirement"
4
7
  require "dependabot/utils"
5
8
 
6
9
  module Dependabot
7
10
  module Composer
8
- class Requirement < Gem::Requirement
11
+ class Requirement < Dependabot::Requirement
12
+ extend T::Sig
13
+
9
14
  AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
10
15
  OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
11
16
 
@@ -18,8 +23,9 @@ module Dependabot
18
23
 
19
24
  # Returns an array of requirements. At least one requirement from the
20
25
  # returned array must be satisfied for a version to be valid.
26
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
21
27
  def self.requirements_array(requirement_string)
22
- requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
28
+ T.must(requirement_string).strip.split(OR_SEPARATOR).map do |req_string|
23
29
  new(req_string)
24
30
  end
25
31
  end
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -91,10 +91,18 @@ module Dependabot
91
91
  def write_temporary_dependency_files(unlock_requirement: true)
92
92
  write_dependency_file(unlock_requirement: unlock_requirement)
93
93
  write_path_dependency_files
94
+ write_zipped_path_dependency_files
94
95
  write_lockfile
95
96
  write_auth_file
96
97
  end
97
98
 
99
+ def write_zipped_path_dependency_files
100
+ zipped_path_dependency_files.each do |file|
101
+ FileUtils.mkdir_p(Pathname.new(file.name).dirname)
102
+ File.write(file.name, file.content)
103
+ end
104
+ end
105
+
98
106
  def write_dependency_file(unlock_requirement:)
99
107
  File.write(
100
108
  "composer.json",
@@ -471,6 +479,11 @@ module Dependabot
471
479
  dependency_files.select { |f| f.name.end_with?("/composer.json") }
472
480
  end
473
481
 
482
+ def zipped_path_dependency_files
483
+ @zipped_path_dependency_files ||=
484
+ dependency_files.select { |f| f.name.end_with?(".zip", ".gitkeep") }
485
+ end
486
+
474
487
  def lockfile
475
488
  @lockfile ||=
476
489
  dependency_files.find { |f| f.name == "composer.lock" }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.238.0
4
+ version: 0.239.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-07 00:00:00.000000000 Z
11
+ date: 2023-12-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.238.0
19
+ version: 0.239.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.238.0
26
+ version: 0.239.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.57.2
117
+ version: 1.58.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.57.2
124
+ version: 1.58.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -258,7 +258,7 @@ licenses:
258
258
  - Nonstandard
259
259
  metadata:
260
260
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
261
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
261
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
262
262
  post_install_message:
263
263
  rdoc_options: []
264
264
  require_paths: