dependabot-composer 0.245.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 118a4d16af508e1bcb354b4c3df9ad8592ea6496b531dd10226614b8647d0027
|
|
4
|
+
data.tar.gz: 7940777e44b23cd0c483a8300a34f0c897396487bbc52675c82f405285bf634c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a538299023942027e90ae24dfdb09805384a9adec19c94ce3022237959732fec0b4ea7666982f172a4f38d8984aafc56c1fd60f910565e8c4788bc014b32304
|
|
7
|
+
data.tar.gz: b6ac252eea9883d506350c0983c3955d74b896e0fe59b09f31ade5d67598156971f30b6c40b262c288d7cf54a1948da2100e40df985aecec4f54bbeb1ef00a5d
|
|
@@ -6,21 +6,33 @@
|
|
|
6
6
|
# https://getcomposer.org/doc/articles/versions.md#writing-version-constraints #
|
|
7
7
|
################################################################################
|
|
8
8
|
|
|
9
|
+
require "sorbet-runtime"
|
|
10
|
+
|
|
11
|
+
require "dependabot/composer/requirement"
|
|
9
12
|
require "dependabot/composer/update_checker"
|
|
10
13
|
require "dependabot/composer/version"
|
|
11
|
-
require "dependabot/
|
|
14
|
+
require "dependabot/requirements_update_strategy"
|
|
12
15
|
|
|
13
16
|
module Dependabot
|
|
14
17
|
module Composer
|
|
15
18
|
class UpdateChecker
|
|
16
19
|
class RequirementsUpdater
|
|
20
|
+
extend T::Sig
|
|
21
|
+
|
|
17
22
|
ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/
|
|
18
23
|
VERSION_REGEX = /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/
|
|
19
24
|
AND_SEPARATOR = /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/
|
|
20
25
|
OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/
|
|
21
26
|
SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/
|
|
22
|
-
ALLOWED_UPDATE_STRATEGIES =
|
|
23
|
-
|
|
27
|
+
ALLOWED_UPDATE_STRATEGIES = T.let(
|
|
28
|
+
[
|
|
29
|
+
RequirementsUpdateStrategy::LockfileOnly,
|
|
30
|
+
RequirementsUpdateStrategy::WidenRanges,
|
|
31
|
+
RequirementsUpdateStrategy::BumpVersions,
|
|
32
|
+
RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
33
|
+
].freeze,
|
|
34
|
+
T::Array[Dependabot::RequirementsUpdateStrategy]
|
|
35
|
+
)
|
|
24
36
|
|
|
25
37
|
def initialize(requirements:, update_strategy:,
|
|
26
38
|
latest_resolvable_version:)
|
|
@@ -36,7 +48,7 @@ module Dependabot
|
|
|
36
48
|
end
|
|
37
49
|
|
|
38
50
|
def updated_requirements
|
|
39
|
-
return requirements if update_strategy ==
|
|
51
|
+
return requirements if update_strategy == RequirementsUpdateStrategy::LockfileOnly
|
|
40
52
|
return requirements unless latest_resolvable_version
|
|
41
53
|
|
|
42
54
|
requirements.map { |req| updated_requirement(req) }
|
|
@@ -67,13 +79,13 @@ module Dependabot
|
|
|
67
79
|
return req if numeric_or_string_reqs.none?
|
|
68
80
|
return updated_alias(req) if req_string.match?(ALIAS_REGEX)
|
|
69
81
|
return req if req_satisfied_by_latest_resolvable?(req_string) &&
|
|
70
|
-
update_strategy !=
|
|
82
|
+
update_strategy != RequirementsUpdateStrategy::BumpVersions
|
|
71
83
|
|
|
72
84
|
new_req =
|
|
73
85
|
case update_strategy
|
|
74
|
-
when
|
|
86
|
+
when RequirementsUpdateStrategy::WidenRanges
|
|
75
87
|
widen_requirement(req, or_separator)
|
|
76
|
-
when
|
|
88
|
+
when RequirementsUpdateStrategy::BumpVersions, RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
77
89
|
update_requirement_version(req, or_separator)
|
|
78
90
|
end
|
|
79
91
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
@@ -383,7 +383,7 @@ module Dependabot
|
|
|
383
383
|
if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
|
384
384
|
missing_extensions =
|
|
385
385
|
e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
|
386
|
-
.
|
|
386
|
+
.flatten.flat_map do |extension_string|
|
|
387
387
|
name, requirement = extension_string.strip.split(" ", 2)
|
|
388
388
|
{ name: name, requirement: requirement }
|
|
389
389
|
end
|
|
@@ -392,7 +392,7 @@ module Dependabot
|
|
|
392
392
|
implicit_platform_reqs_satisfiable?(e.message)
|
|
393
393
|
missing_extensions =
|
|
394
394
|
e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX)
|
|
395
|
-
.
|
|
395
|
+
.flatten.flat_map do |extension_string|
|
|
396
396
|
name, requirement = extension_string.strip.split(" ", 2)
|
|
397
397
|
{ name: name, requirement: requirement }
|
|
398
398
|
end
|
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "json"
|
|
5
|
+
|
|
6
|
+
require "dependabot/errors"
|
|
7
|
+
require "dependabot/requirements_update_strategy"
|
|
8
|
+
require "dependabot/shared_helpers"
|
|
5
9
|
require "dependabot/update_checkers"
|
|
6
10
|
require "dependabot/update_checkers/base"
|
|
7
|
-
require "dependabot/shared_helpers"
|
|
8
|
-
require "dependabot/errors"
|
|
9
11
|
|
|
10
12
|
module Dependabot
|
|
11
13
|
module Composer
|
|
@@ -70,15 +72,15 @@ module Dependabot
|
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
def requirements_unlocked_or_can_be?
|
|
73
|
-
requirements_update_strategy !=
|
|
75
|
+
requirements_update_strategy != RequirementsUpdateStrategy::LockfileOnly
|
|
74
76
|
end
|
|
75
77
|
|
|
76
78
|
def requirements_update_strategy
|
|
77
79
|
# If passed in as an option (in the base class) honour that option
|
|
78
|
-
return @requirements_update_strategy
|
|
80
|
+
return @requirements_update_strategy if @requirements_update_strategy
|
|
79
81
|
|
|
80
82
|
# Otherwise, widen ranges for libraries and bump versions for apps
|
|
81
|
-
library? ?
|
|
83
|
+
library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersionsIfNecessary
|
|
82
84
|
end
|
|
83
85
|
|
|
84
86
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.247.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.247.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.247.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -136,6 +136,20 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: 1.19.0
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: rubocop-rspec
|
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
|
142
|
+
requirements:
|
|
143
|
+
- - "~>"
|
|
144
|
+
- !ruby/object:Gem::Version
|
|
145
|
+
version: 2.27.1
|
|
146
|
+
type: :development
|
|
147
|
+
prerelease: false
|
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
+
requirements:
|
|
150
|
+
- - "~>"
|
|
151
|
+
- !ruby/object:Gem::Version
|
|
152
|
+
version: 2.27.1
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rubocop-sorbet
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -272,7 +286,7 @@ licenses:
|
|
|
272
286
|
- Nonstandard
|
|
273
287
|
metadata:
|
|
274
288
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
275
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
289
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
|
276
290
|
post_install_message:
|
|
277
291
|
rdoc_options: []
|
|
278
292
|
require_paths:
|