dependabot-composer 0.292.0 → 0.294.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/v1/build +34 -0
  3. data/helpers/v1/composer.json +26 -0
  4. data/helpers/v1/composer.lock +2649 -0
  5. data/helpers/v1/src/UpdateChecker.php +129 -0
  6. data/helpers/v2/composer.json +1 -1
  7. data/helpers/v2/composer.lock +436 -806
  8. data/lib/dependabot/composer/file_updater.rb +15 -6
  9. metadata +9 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a5b18f569628d859443c19310162b313bd37341928d2e287b1ee9c33b8c7186a
4
- data.tar.gz: a5c9a4e5e08b3d00d6f9970c535b61682151a2acb5bfd54d5056531b4a747893
3
+ metadata.gz: 4f30f0782de230703a63f19bd2b1e4388d7b1324fa839c560339b549a7e3909e
4
+ data.tar.gz: be53992037a356dec982399fbd7f7675161ba7e2f8cd2988c75fe8a2e275d744
5
5
  SHA512:
6
- metadata.gz: a9186f5abde9f582f32d2c70603ebe2fde54ed14534ace2f58d0ac1cfbb3b5f784a2385fb76418ae8bed75abe6754835d3d9f2a9e805abe6c622d97ce8aa9d1c
7
- data.tar.gz: bde562d186042da9b0011ecdc062104fa6bcca82417ca61f51d3d7b199fceec59977005f86b64e7b657d4331f86481bcc5f20289b85a58e8428903c5ebeb4dcd
6
+ metadata.gz: '0369213b2a744990438aedf4c92ec02b78d9b9067962598f508a8e349a14430588fd37a1ee0124bd18cb9a99b724cfb27f6f33bb8feeaa9e2bddaf8d17f73b6b'
7
+ data.tar.gz: 0eef23954c97ac778b27c02024ddeeaca3a946836ce4a1eed58b78359edfacb9759f4eb5ec576aaf12cd175a960acba14a1f2ce590170bc418dc61c3bc5e260a
data/helpers/v1/build ADDED
@@ -0,0 +1,34 @@
1
+ #!/bin/bash
2
+
3
+ set -e
4
+
5
+ if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
+ echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
+ exit 1
8
+ fi
9
+
10
+ install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/composer/v1"
11
+ mkdir -p "$install_dir"
12
+
13
+ helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
+ cp -r \
15
+ "$helpers_dir/bin" \
16
+ "$helpers_dir/src" \
17
+ "$helpers_dir/.php-cs-fixer.dist.php" \
18
+ "$helpers_dir/composer.json" \
19
+ "$helpers_dir/composer.lock" \
20
+ "$helpers_dir/phpstan.dist.neon" \
21
+ "$install_dir"
22
+
23
+ cd "$install_dir"
24
+
25
+ composer1 validate --no-check-publish
26
+ composer1 install
27
+ # php-cs-fixer 3.15 added support for PHP 8.2, but also requires composer/semver ^3.3, which conflicts with composer1.
28
+ # So the older version of php-cs-fixer errors that it doesn't know about PHP 8.2 syntax which breaks the build.
29
+ # So PHP_CS_FIXER_IGNORE_ENV disables that error until we get around to deprecating composer 1 support.
30
+ PHP_CS_FIXER_IGNORE_ENV=true composer1 run lint -- --dry-run
31
+ composer1 run stan
32
+
33
+ # Composer caches source zips and repo metadata, none of which is useful. Save space in this layer
34
+ rm -Rf ~/.composer/cache
data/helpers/v1/composer.json ADDED
@@ -0,0 +1,26 @@
1
+ {
2
+ "name": "dependabot/composer-v1-helper",
3
+ "description": "A helper package for Dependabot to perform updates using Composer",
4
+ "license": "The Prosperity Public License 2.0.0",
5
+ "require": {
6
+ "php": "^8.2",
7
+ "ext-json": "*",
8
+ "composer/composer": "^1"
9
+ },
10
+ "require-dev": {
11
+ "friendsofphp/php-cs-fixer": "^2.9",
12
+ "phpstan/phpstan": "~1.10.3"
13
+ },
14
+ "autoload": {
15
+ "psr-4": {
16
+ "Dependabot\\Composer\\": "src/"
17
+ }
18
+ },
19
+ "scripts": {
20
+ "lint": "php-cs-fixer fix --diff --verbose",
21
+ "stan": "phpstan analyse"
22
+ },
23
+ "config": {
24
+ "sort-packages": true
25
+ }
26
+ }