dependabot-composer 0.294.0 → 0.296.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0af2f173fa02cd21f81d4f91269332f220886a0c1fa3a272def5cbc85ec40368
|
|
4
|
+
data.tar.gz: a10e62096f71cd6b0636f562790a6213cdc2d92aaecf3726dad56df76ced281e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f93ec5ad2f8755b01b16b1fbe37da6581f60e50c48ded3224fcd68bda2ff4f527dcc90656ab26a6d93d56394557a04cfdfde0d0011d1464bdc29907f85a08f21
|
|
7
|
+
data.tar.gz: 867705928cce53572e4d7a5369d22d09602943a7322c4336b4d8ce98ce5c7542b0cd12de1db83a5461a6273d1d2ccdf3ad864c28d0b39f71f0e3bf15f8ab296b
|
|
@@ -48,6 +48,7 @@ module Dependabot
|
|
|
48
48
|
@requirements_to_unlock = requirements_to_unlock
|
|
49
49
|
@latest_allowable_version = latest_allowable_version
|
|
50
50
|
@composer_platform_extensions = initial_platform
|
|
51
|
+
@error_handler = ComposerErrorHandler.new
|
|
51
52
|
end
|
|
52
53
|
|
|
53
54
|
def latest_resolvable_version
|
|
@@ -62,6 +63,7 @@ module Dependabot
|
|
|
62
63
|
attr_reader :requirements_to_unlock
|
|
63
64
|
attr_reader :latest_allowable_version
|
|
64
65
|
attr_reader :composer_platform_extensions
|
|
66
|
+
attr_reader :error_handler
|
|
65
67
|
|
|
66
68
|
def fetch_latest_resolvable_version
|
|
67
69
|
version = fetch_latest_resolvable_version_string
|
|
@@ -344,6 +346,8 @@ module Dependabot
|
|
|
344
346
|
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
|
345
347
|
raise Dependabot::DependencyFileNotParseable, msg
|
|
346
348
|
else
|
|
349
|
+
error_handler.handle_composer_error(error)
|
|
350
|
+
|
|
347
351
|
raise error
|
|
348
352
|
end
|
|
349
353
|
end
|
|
@@ -524,5 +528,52 @@ module Dependabot
|
|
|
524
528
|
end
|
|
525
529
|
end
|
|
526
530
|
end
|
|
531
|
+
|
|
532
|
+
class ComposerErrorHandler
|
|
533
|
+
extend T::Sig
|
|
534
|
+
|
|
535
|
+
# Private source errors
|
|
536
|
+
CURL_ERROR = /curl error 52 while downloading (?<url>.*): Empty reply from server/
|
|
537
|
+
|
|
538
|
+
PRIVATE_SOURCE_AUTH_FAIL = [
|
|
539
|
+
/Could not authenticate against (?<url>.*)/,
|
|
540
|
+
/The '(?<url>.*)' URL could not be accessed \(HTTP 403\)/,
|
|
541
|
+
/The "(?<url>.*)" file could not be downloaded/
|
|
542
|
+
].freeze
|
|
543
|
+
|
|
544
|
+
REQUIREMENT_ERROR = /^(?<req>.*) is invalid, it should not contain uppercase characters/
|
|
545
|
+
|
|
546
|
+
NO_URL = "No URL specified"
|
|
547
|
+
|
|
548
|
+
def sanitize_uri(url)
|
|
549
|
+
url = "http://#{url}" unless url.start_with?("http")
|
|
550
|
+
uri = URI.parse(url)
|
|
551
|
+
host = T.must(uri.host).downcase
|
|
552
|
+
host.start_with?("www.") ? host[4..-1] : host
|
|
553
|
+
end
|
|
554
|
+
|
|
555
|
+
# Handles errors with specific to composer error codes
|
|
556
|
+
sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
|
|
557
|
+
def handle_composer_error(error)
|
|
558
|
+
# private source auth errors
|
|
559
|
+
PRIVATE_SOURCE_AUTH_FAIL.each do |regex|
|
|
560
|
+
next unless error.message.match?(regex)
|
|
561
|
+
|
|
562
|
+
url = T.must(error.message.match(regex)).named_captures["url"]
|
|
563
|
+
raise Dependabot::PrivateSourceAuthenticationFailure, sanitize_uri(url).empty? ? NO_URL : sanitize_uri(url)
|
|
564
|
+
end
|
|
565
|
+
|
|
566
|
+
# invalid requirement mentioned in manifest file
|
|
567
|
+
if error.message.match?(REQUIREMENT_ERROR)
|
|
568
|
+
raise DependencyFileNotResolvable,
|
|
569
|
+
"Invalid requirement: #{T.must(error.message.match(REQUIREMENT_ERROR)).named_captures['req']}"
|
|
570
|
+
end
|
|
571
|
+
|
|
572
|
+
return unless error.message.match?(CURL_ERROR)
|
|
573
|
+
|
|
574
|
+
url = T.must(error.message.match(CURL_ERROR)).named_captures["url"]
|
|
575
|
+
raise PrivateSourceBadResponse, url
|
|
576
|
+
end
|
|
577
|
+
end
|
|
527
578
|
end
|
|
528
579
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.296.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.296.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.296.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -280,7 +280,7 @@ licenses:
|
|
|
280
280
|
- MIT
|
|
281
281
|
metadata:
|
|
282
282
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
283
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.0
|
|
284
284
|
post_install_message:
|
|
285
285
|
rdoc_options: []
|
|
286
286
|
require_paths:
|