dependabot-composer 0.334.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_parser.rb +24 -16
  3. data/lib/dependabot/composer/file_updater/manifest_updater.rb +20 -18
  4. data/lib/dependabot/composer/file_updater.rb +4 -2
  5. data/lib/dependabot/composer/package/package_details_fetcher.rb +7 -5
  6. data/lib/dependabot/composer/update_checker/latest_version_finder.rb +4 -2
  7. data/lib/dependabot/composer/update_checker/requirements_updater.rb +5 -2
  8. data/lib/dependabot/composer/update_checker/version_resolver.rb +15 -7
  9. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 91db08f546cb6c2ea2b4870527a5c59fa6685b42a85c0a102cfe092c5c992d49
4
- data.tar.gz: b83412521e3ac415989585422374d85e0d8db86172816dda4703ef11dfa56e6b
3
+ metadata.gz: c1583381ef2a66a39150b750f5dbd4325a029a0faa6aef978455ea8e7096dc32
4
+ data.tar.gz: 6d50ca55ecb55bccd9e1fe3da7eebfa723c746dccac97f02e09b0982d588a73b
5
5
  SHA512:
6
- metadata.gz: 186875970ccddc0a19fef7c0d41b8c809aea458eb65faac1499075106ddd4b34364a0a73ec2f122c9de314e54b65cef596cdcd5c876c5dff7ccb03db0cb1acc0
7
- data.tar.gz: 912331741a6f9a37ae3704e70461eb2d8257d6604f845eea25a17ec04a024ac79d0bc37e01fc293a7c643fea289f9ead5f4fc901388ce7538fcbdd366007d70d
6
+ metadata.gz: e89aca1d6664c7b314eeb131d4d98a2bbd03d831915b481390f8a677a594dc613000590b1c421ed5b3a6127dd9c29dc13346015b8880b0097d5e67bdbb2a6073
7
+ data.tar.gz: 10ad1dd0559dfa79eebcedab2ee6cfc7f39856a5c978551b733c3ebdfa7de71cc79e209b80fa9f54a9ae09cc90f8e80072a0b37a24a57fb62fd74efc07438927
data/lib/dependabot/composer/file_parser.rb CHANGED
@@ -20,18 +20,21 @@ module Dependabot
20
20
  class FileParser < Dependabot::FileParsers::Base
21
21
  require "dependabot/file_parsers/base/dependency_set"
22
22
 
23
- DEPENDENCY_GROUP_KEYS = T.let([
24
- {
25
- manifest: "require",
26
- lockfile: "packages",
27
- group: "runtime"
28
- },
29
- {
30
- manifest: "require-dev",
31
- lockfile: "packages-dev",
32
- group: "development"
33
- }
34
- ].freeze, T::Array[T::Hash[Symbol, String]])
23
+ DEPENDENCY_GROUP_KEYS = T.let(
24
+ [
25
+ {
26
+ manifest: "require",
27
+ lockfile: "packages",
28
+ group: "runtime"
29
+ },
30
+ {
31
+ manifest: "require-dev",
32
+ lockfile: "packages-dev",
33
+ group: "development"
34
+ }
35
+ ].freeze,
36
+ T::Array[T::Hash[Symbol, String]]
37
+ )
35
38
 
36
39
  sig { override.returns(T::Array[Dependabot::Dependency]) }
37
40
  def parse
@@ -225,8 +228,11 @@ module Dependabot
225
228
  end
226
229
 
227
230
  sig do
228
- params(name: String, type: String,
229
- requirement: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)]))
231
+ params(
232
+ name: String,
233
+ type: String,
234
+ requirement: String
235
+ ).returns(T.nilable(T::Hash[Symbol, T.nilable(String)]))
230
236
  end
231
237
  def dependency_source(name:, type:, requirement:)
232
238
  return unless lockfile
@@ -243,8 +249,10 @@ module Dependabot
243
249
  end
244
250
 
245
251
  sig do
246
- params(package_details: T::Hash[String, T.untyped],
247
- requirement: String).returns(T.nilable(T::Hash[Symbol, T.nilable(String)]))
252
+ params(
253
+ package_details: T::Hash[String, T.untyped],
254
+ requirement: String
255
+ ).returns(T.nilable(T::Hash[Symbol, T.nilable(String)]))
248
256
  end
249
257
  def git_dependency_details(package_details, requirement)
250
258
  return unless package_details.dig("source", "type") == "git"
data/lib/dependabot/composer/file_updater/manifest_updater.rb CHANGED
@@ -19,27 +19,29 @@ module Dependabot
19
19
 
20
20
  sig { returns(String) }
21
21
  def updated_manifest_content
22
- T.must(dependencies.reduce(manifest.content.dup) do |content, dep|
23
- updated_content = content
24
- updated_requirements(dep).each do |new_req|
25
- old_req = old_requirement(dep, new_req)&.fetch(:requirement)
26
- updated_req = new_req.fetch(:requirement)
27
-
28
- regex =
29
- /
30
- "#{Regexp.escape(dep.name)}"\s*:\s*
31
- "#{Regexp.escape(old_req)}"
32
- /x
33
-
34
- updated_content = content&.gsub(regex) do |declaration|
35
- declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
22
+ T.must(
23
+ dependencies.reduce(manifest.content.dup) do |content, dep|
24
+ updated_content = content
25
+ updated_requirements(dep).each do |new_req|
26
+ old_req = old_requirement(dep, new_req)&.fetch(:requirement)
27
+ updated_req = new_req.fetch(:requirement)
28
+
29
+ regex =
30
+ /
31
+ "#{Regexp.escape(dep.name)}"\s*:\s*
32
+ "#{Regexp.escape(old_req)}"
33
+ /x
34
+
35
+ updated_content = content&.gsub(regex) do |declaration|
36
+ declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
37
+ end
38
+
39
+ raise "Expected content to change!" if content == updated_content
36
40
  end
37
41
 
38
- raise "Expected content to change!" if content == updated_content
42
+ updated_content
39
43
  end
40
-
41
- updated_content
42
- end)
44
+ )
43
45
  end
44
46
 
45
47
  private
data/lib/dependabot/composer/file_updater.rb CHANGED
@@ -74,8 +74,10 @@ module Dependabot
74
74
 
75
75
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
76
76
  def composer_json
77
- @composer_json ||= T.let(get_original_file(PackageManager::MANIFEST_FILENAME),
78
- T.nilable(Dependabot::DependencyFile))
77
+ @composer_json ||= T.let(
78
+ get_original_file(PackageManager::MANIFEST_FILENAME),
79
+ T.nilable(Dependabot::DependencyFile)
80
+ )
79
81
  end
80
82
 
81
83
  sig { returns(T.nilable(Dependabot::DependencyFile)) }
data/lib/dependabot/composer/package/package_details_fetcher.rb CHANGED
@@ -246,11 +246,13 @@ module Dependabot
246
246
 
247
247
  parsed_auth_json = JSON.parse(T.must(json.content))
248
248
  parsed_auth_json.fetch("http-basic", {}).map do |reg, details|
249
- Dependabot::Credential.new({
250
- "registry" => reg,
251
- "username" => details["username"],
252
- "password" => details["password"]
253
- })
249
+ Dependabot::Credential.new(
250
+ {
251
+ "registry" => reg,
252
+ "username" => details["username"],
253
+ "password" => details["password"]
254
+ }
255
+ )
254
256
  end
255
257
  rescue JSON::ParserError
256
258
  raise Dependabot::DependencyFileNotParseable, json.path if json
data/lib/dependabot/composer/update_checker/latest_version_finder.rb CHANGED
@@ -59,8 +59,10 @@ module Dependabot
59
59
  def fetch_lowest_security_fix_version(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
60
60
  releases = available_versions
61
61
  releases = filter_prerelease_versions(releases)
62
- releases = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(releases,
63
- security_advisories)
62
+ releases = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(
63
+ releases,
64
+ security_advisories
65
+ )
64
66
  releases = filter_ignored_versions(releases)
65
67
  releases = filter_lower_versions(releases)
66
68
  releases.min_by(&:version)&.version
data/lib/dependabot/composer/update_checker/requirements_updater.rb CHANGED
@@ -41,8 +41,11 @@ module Dependabot
41
41
  latest_resolvable_version: T.nilable(T.any(String, Composer::Version))
42
42
  ).void
43
43
  end
44
- def initialize(requirements:, update_strategy:,
45
- latest_resolvable_version:)
44
+ def initialize(
45
+ requirements:,
46
+ update_strategy:,
47
+ latest_resolvable_version:
48
+ )
46
49
  @requirements = requirements
47
50
  @update_strategy = update_strategy
48
51
 
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -61,8 +61,13 @@ module Dependabot
61
61
  latest_allowable_version: T.nilable(Gem::Version)
62
62
  ).void
63
63
  end
64
- def initialize(credentials:, dependency:, dependency_files:,
65
- requirements_to_unlock:, latest_allowable_version:)
64
+ def initialize(
65
+ credentials:,
66
+ dependency:,
67
+ dependency_files:,
68
+ requirements_to_unlock:,
69
+ latest_allowable_version:
70
+ )
66
71
  @credentials = credentials
67
72
  @dependency = dependency
68
73
  @dependency_files = dependency_files
@@ -637,11 +642,14 @@ module Dependabot
637
642
  # Private source errors
638
643
  CURL_ERROR = T.let(/curl error 52 while downloading (?<url>.*): Empty reply from server/, Regexp)
639
644
 
640
- PRIVATE_SOURCE_AUTH_FAIL = T.let([
641
- /Could not authenticate against (?<url>.*)/,
642
- /The '(?<url>.*)' URL could not be accessed \(HTTP 403\)/,
643
- /The "(?<url>.*)" file could not be downloaded/
644
- ].freeze, T::Array[Regexp])
645
+ PRIVATE_SOURCE_AUTH_FAIL = T.let(
646
+ [
647
+ /Could not authenticate against (?<url>.*)/,
648
+ /The '(?<url>.*)' URL could not be accessed \(HTTP 403\)/,
649
+ /The "(?<url>.*)" file could not be downloaded/
650
+ ].freeze,
651
+ T::Array[Regexp]
652
+ )
645
653
 
646
654
  REQUIREMENT_ERROR = T.let(/^(?<req>.*) is invalid, it should not contain uppercase characters/, Regexp)
647
655
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.334.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.334.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.334.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -276,7 +276,7 @@ licenses:
276
276
  - MIT
277
277
  metadata:
278
278
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
279
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
279
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
280
280
  rdoc_options: []
281
281
  require_paths:
282
282
  - lib