dependabot-composer 0.332.0 → 0.334.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91db08f546cb6c2ea2b4870527a5c59fa6685b42a85c0a102cfe092c5c992d49
|
|
4
|
+
data.tar.gz: b83412521e3ac415989585422374d85e0d8db86172816dda4703ef11dfa56e6b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 186875970ccddc0a19fef7c0d41b8c809aea458eb65faac1499075106ddd4b34364a0a73ec2f122c9de314e54b65cef596cdcd5c876c5dff7ccb03db0cb1acc0
|
|
7
|
+
data.tar.gz: 912331741a6f9a37ae3704e70461eb2d8257d6604f845eea25a17ec04a024ac79d0bc37e01fc293a7c643fea289f9ead5f4fc901388ce7538fcbdd366007d70d
|
|
@@ -5,6 +5,7 @@ require "json"
|
|
|
5
5
|
require "sorbet-runtime"
|
|
6
6
|
require "dependabot/file_fetchers"
|
|
7
7
|
require "dependabot/file_fetchers/base"
|
|
8
|
+
require "dependabot/file_filtering"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Composer
|
|
@@ -42,7 +43,13 @@ module Dependabot
|
|
|
42
43
|
fetched_files << auth_json if auth_json
|
|
43
44
|
fetched_files += artifact_dependencies
|
|
44
45
|
fetched_files += path_dependencies
|
|
45
|
-
|
|
46
|
+
|
|
47
|
+
# Filter excluded files from final collection
|
|
48
|
+
filtered_files = fetched_files.reject do |file|
|
|
49
|
+
Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
filtered_files
|
|
46
53
|
end
|
|
47
54
|
|
|
48
55
|
private
|
|
@@ -121,6 +128,8 @@ module Dependabot
|
|
|
121
128
|
directories.each do |dir|
|
|
122
129
|
file = File.join(dir, PackageManager::MANIFEST_FILENAME)
|
|
123
130
|
|
|
131
|
+
next if Dependabot::FileFiltering.should_exclude_path?(file, "path dependency file", @exclude_paths)
|
|
132
|
+
|
|
124
133
|
begin
|
|
125
134
|
composer_json_files << fetch_file_with_root_fallback(file)
|
|
126
135
|
rescue Dependabot::DependencyFileNotFound
|
|
@@ -158,7 +167,7 @@ module Dependabot
|
|
|
158
167
|
repos = parsed_composer_json.fetch("repositories", [])
|
|
159
168
|
if repos.is_a?(Hash) || repos.is_a?(Array)
|
|
160
169
|
repos = repos.values if repos.is_a?(Hash)
|
|
161
|
-
repos = repos.
|
|
170
|
+
repos = repos.grep(Hash)
|
|
162
171
|
|
|
163
172
|
repos
|
|
164
173
|
.select { |details| details["type"] == "path" || details["type"] == "artifact" }
|
|
@@ -195,7 +195,7 @@ module Dependabot
|
|
|
195
195
|
version_for_reqs(existing_reqs + [hash[:requirement]])
|
|
196
196
|
end
|
|
197
197
|
|
|
198
|
-
raise
|
|
198
|
+
raise(MissingExtensions, T.must(missing_extension).then { |ext| [ext] })
|
|
199
199
|
end
|
|
200
200
|
|
|
201
201
|
git_dependency_reference_error(error) if error.message.start_with?("Failed to execute git checkout")
|
|
@@ -104,8 +104,7 @@ module Dependabot
|
|
|
104
104
|
|
|
105
105
|
repositories =
|
|
106
106
|
JSON.parse(T.must(composer_file.content))
|
|
107
|
-
.fetch("repositories", [])
|
|
108
|
-
.select { |r| r.is_a?(Hash) }
|
|
107
|
+
.fetch("repositories", []).grep(Hash)
|
|
109
108
|
|
|
110
109
|
urls = repositories
|
|
111
110
|
.select { |h| h["type"] == PackageManager::NAME }
|
|
@@ -252,7 +252,7 @@ module Dependabot
|
|
|
252
252
|
range_requirements =
|
|
253
253
|
req_string.split(SEPARATOR).select { |r| r.match?(/<|(\s+-\s+)/) }
|
|
254
254
|
|
|
255
|
-
if range_requirements.
|
|
255
|
+
if range_requirements.one?
|
|
256
256
|
range_requirement = T.must(range_requirements.first)
|
|
257
257
|
versions = range_requirement.scan(VERSION_REGEX)
|
|
258
258
|
# Convert version strings to Version objects and find the maximum
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.334.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.334.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.334.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -211,14 +211,14 @@ dependencies:
|
|
|
211
211
|
requirements:
|
|
212
212
|
- - "~>"
|
|
213
213
|
- !ruby/object:Gem::Version
|
|
214
|
-
version: '3.
|
|
214
|
+
version: '3.25'
|
|
215
215
|
type: :development
|
|
216
216
|
prerelease: false
|
|
217
217
|
version_requirements: !ruby/object:Gem::Requirement
|
|
218
218
|
requirements:
|
|
219
219
|
- - "~>"
|
|
220
220
|
- !ruby/object:Gem::Version
|
|
221
|
-
version: '3.
|
|
221
|
+
version: '3.25'
|
|
222
222
|
- !ruby/object:Gem::Dependency
|
|
223
223
|
name: webrick
|
|
224
224
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -276,7 +276,7 @@ licenses:
|
|
|
276
276
|
- MIT
|
|
277
277
|
metadata:
|
|
278
278
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
279
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
279
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
|
|
280
280
|
rdoc_options: []
|
|
281
281
|
require_paths:
|
|
282
282
|
- lib
|