RubyGems - dependabot-composer - Versions diffs - 0.357.0 → 0.358.0 - Mend

dependabot-composer 0.357.0 → 0.358.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/composer/file_parser.rb +6 -8
data/lib/dependabot/composer/file_updater/lockfile_updater.rb +8 -4
data/lib/dependabot/composer/update_checker/version_resolver.rb +8 -4
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3cc4e03f9b9fd87e626d411feda258055ebc4893688cf446d55cbc345ddd2267
-  data.tar.gz: deea4163ce5259e456d5ebadf5be130b5b30c3d0bc8273a7965019368ebc0841
+  metadata.gz: a2a0e8033028f311e8ce4b4ea3f7dd08147704e5049fe93b1e925b1207b1ed93
+  data.tar.gz: 9eed74d422ef7987da8d7d8594999f52c45fd9026f8c53b4113c73f5b2c66345
 SHA512:
-  metadata.gz: 15951c880a59b58ed71f68a6ddd561c8995636925b7453e37daa6819def4f27ccf039d3d356051ec74bf85f9c9fa3511f263f5c3df516080035cac2b199b2a7c
-  data.tar.gz: 7054c26674e5c025355714ace0621c0d2be978c4b13f30491935c6f4188793fbe62e3e8c63e79ce48b3573ddc7946a2cdbb091a00c20a89aaca1ecfb14a20582
+  metadata.gz: 364c6fdbe31b3050d789cdd277e5348122fd448273027734cc8d49591d5cc4b0cc2f1ade927cead02d4ad0911701379fe2bd957c7f8ec8007a4836e420896f34
+  data.tar.gz: 22645a7903c437e5202a49292402cfd9238f68fbba874a3d321a28270a61fcdf135182ae93054b204475993998e720537b8beb1c011fb8262270c72df6d777eb

data/lib/dependabot/composer/file_parser.rb CHANGED Viewed

@@ -122,14 +122,12 @@ module Dependabot
           parsed_composer_json[manifest].each do |name, req|
             next unless package?(name)
-            if Dependabot::Experiments.enabled?(:exclude_local_composer_packages)
-              local_package_prefix = ["dev-main", "dev-master", "@dev"]
-              # we avoid updating local packages, so we skip them adding to dependency list
-              if local_package_prefix.include?(req)
-                Dependabot.logger.info("Skipping #{name} with version #{req} as it cannot be updated.")
-                next
-              end
+            local_package_prefix = ["dev-main", "dev-master", "@dev"]
+            # we avoid updating local packages, so we skip them adding to dependency list
+            if local_package_prefix.include?(req)
+              Dependabot.logger.info("Skipping #{name} with version #{req} as it cannot be updated.")
+              next
             end
             if lockfile

data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED Viewed

@@ -349,10 +349,14 @@ module Dependabot
               next unless req.start_with?("dev-")
               next if req.include?("#")
-              commit_sha = parsed_lockfile
-                           .fetch(T.must(keys[:lockfile]), [])
-                           .find { |d| d["name"] == name }
-                           &.dig("source", "reference")
+              package = parsed_lockfile
+                        .fetch(T.must(keys[:lockfile]), [])
+                        .find { |d| d["name"] == name }
+              commit_sha = package&.dig("source", "reference") || package&.dig("dist", "reference")
+              next unless commit_sha
               updated_req_parts = req.split
               updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
               json[keys[:manifest]][name] = updated_req_parts.join(" ")

data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED Viewed

@@ -253,10 +253,14 @@ module Dependabot
               next unless req.start_with?("dev-")
               next if req.include?("#")
-              commit_sha = parsed_lockfile
-                           .fetch(T.must(keys[:lockfile]), [])
-                           .find { |d| d["name"] == name }
-                           &.dig("source", "reference")
+              package = parsed_lockfile
+                        .fetch(T.must(keys[:lockfile]), [])
+                        .find { |d| d["name"] == name }
+              commit_sha = package&.dig("source", "reference") || package&.dig("dist", "reference")
+              next unless commit_sha
               updated_req_parts = req.split
               updated_req_parts[0] = updated_req_parts[0] + "##{commit_sha}"
               json[keys[:manifest]][name] = updated_req_parts.join(" ")

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.357.0
+  version: 0.358.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -276,7 +276,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.357.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.358.0
 rdoc_options: []
 require_paths:
 - lib