dependabot-composer 0.374.0 → 0.376.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/helpers.rb +12 -3
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a187daab761bf03811b6ab46383a34596361f8d5f7ce96b33a73f59dd3e52fd6
4
- data.tar.gz: 9b50dd5fc35f90b7f477e94dbfa32adfc93a077e76b67816ab8380a731d64522
3
+ metadata.gz: 815e6ae05cc11b8147ee266a044b4bfd3d1d1dc1140510b98d997a92e7eb1ff4
4
+ data.tar.gz: 50170d53833bfc1812052b05300b05114ead26c3dac5ddd5d8cae590f3bb4d2a
5
5
  SHA512:
6
- metadata.gz: 2336d55371de9f0a27707f761bf9f2a525726539d47d5b43363e7314ff1dba22e0ea2ba27bb08f3aafbe4a023aeb0c7b5bc47b1a969c276c2a7310bcff4d5df0
7
- data.tar.gz: 8c71652c16dacdc77ff603773e07b93be83ccf186d515f37fae94a13b221e69225f6cdada0a4af1180d6bd9325550d4b1cef9910325af49114321a1f60bd08ef
6
+ metadata.gz: 9d8c8f5395b48682b2159f0f00e0dc6289a315952443a3792163a0217f37d27ff0fe3754196e050bfca6382ef46e64ac3cdc256ddafc89cbbf5b5e3f73db6cec
7
+ data.tar.gz: 13bd7de1ff00a7171d3ad174f06479d0e63daad2da0973a682ef3b11ed1ef3fa31b30e08272d7a3ea2c5bf05eadc6ba3a0a70805486283b593bc7d3dfced2970
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -11,6 +11,7 @@ module Dependabot
11
11
 
12
12
  V1 = T.let("1", String)
13
13
  V2 = T.let("2", String)
14
+
14
15
  # If we are updating a project with no lock file then the default should be the newest version
15
16
  DEFAULT = T.let(V2, String)
16
17
 
@@ -48,13 +49,21 @@ module Dependabot
48
49
  .returns(String)
49
50
  end
50
51
  def self.composer_version(composer_json, parsed_lockfile = nil)
51
- # If the parsed lockfile has a plugin API version, we return either V1 or V2
52
- # based on the major version of the lockfile.
52
+ # If the parsed lockfile has a plugin API version, always use V2.
53
+ # V1 helpers have been removed, so we run with Composer V2 regardless.
53
54
  if parsed_lockfile && parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY]
54
55
  version = Composer::Version.new(parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY])
55
56
  major_version = version.canonical_segments.first
56
57
 
57
- return major_version.nil? || major_version > 1 ? V2 : V1
58
+ if major_version && major_version <= 1
59
+ plugin_api_version = parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY]
60
+ Dependabot.logger.warn(
61
+ "Composer V1 lockfile detected (plugin-api-version: #{plugin_api_version}). " \
62
+ "Dependabot no longer supports Composer V1. Running with Composer V2."
63
+ )
64
+ end
65
+
66
+ return V2
58
67
  end
59
68
 
60
69
  # Check if the composer name does not follow the Composer V2 naming conventions.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.374.0
4
+ version: 0.376.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.374.0
18
+ version: 0.376.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.374.0
25
+ version: 0.376.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -276,7 +276,7 @@ licenses:
276
276
  - MIT
277
277
  metadata:
278
278
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
279
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.374.0
279
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
280
280
  rdoc_options: []
281
281
  require_paths:
282
282
  - lib