dependabot-composer 0.98.31 → 0.98.32

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33403db147e2782406f3b54bc6310b92ad6848ef2de0490eae35a68a5f3b814a
4
- data.tar.gz: ee765d016c894e1974ef44343359be855e40e9cbfd91bf1656cb666781d78bb3
3
+ metadata.gz: da13b2ccaa88210d58d9fee2498718b30a571ed0a668ff9fab6b13c0518b5a41
4
+ data.tar.gz: 53045ed445c8b0a1221113da47bdcd6afab4de5fd318f446f77c5c8ecfdf0757
5
5
  SHA512:
6
- metadata.gz: e6c39a7ca1bea32d86061091aabe367caca04fbdd50934e57c6707f3313750b604ead44745700d8d208fe23e07ed4260933ddd6c4e8374f390ec0eb62b410812
7
- data.tar.gz: efe70d97b5acbaace955d501f3eb87f2ce8fc6a381bb754eaf7ed908294fc78e8acd4966ff85acabd5f629de8d4824f894e4da0245b67b745c097bfe5097740c
6
+ metadata.gz: 9d7a76841eeefaa6fc2d43c4bfbb1a7c267fe3a1fe8a36fbe1eca20877e463a298cfecc78c87746dcc89f4f2b4585b3f7695426316b56b68893dadb7c6229cd9
7
+ data.tar.gz: e63734f21052fae6161549d8d7bd741f20561aa931575c9184613aa57c951e2667e985aada1dba136f306d62348e4b5193e62c8ae8498b4730b17f2ab9a08fdc
@@ -247,12 +247,14 @@ module Dependabot
247
247
 
248
248
  def git_credentials
249
249
  credentials.
250
- select { |cred| cred.fetch("type") == "git_source" }
250
+ select { |cred| cred.fetch("type") == "git_source" }.
251
+ select { |cred| cred["password"] }
251
252
  end
252
253
 
253
254
  def registry_credentials
254
255
  credentials.
255
- select { |cred| cred.fetch("type") == "composer_repository" }
256
+ select { |cred| cred.fetch("type") == "composer_repository" }.
257
+ select { |cred| cred["password"] }
256
258
  end
257
259
 
258
260
  def composer_json
@@ -122,6 +122,8 @@ module Dependabot
122
122
  # rubocop:disable Metrics/CyclomaticComplexity
123
123
  # rubocop:disable Metrics/MethodLength
124
124
  def handle_composer_errors(error)
125
+ sanitized_message = remove_url_credentials(error.message)
126
+
125
127
  if error.message.start_with?("Failed to execute git clone")
126
128
  dependency_url =
127
129
  error.message.match(/--mirror '(?<url>.*?)'/).
@@ -132,8 +134,9 @@ module Dependabot
132
134
  error.message.match(/Failed to clone (?<url>.*?) via/).
133
135
  named_captures.fetch("url")
134
136
  raise Dependabot::GitDependenciesNotReachable, dependency_url
135
- elsif error.message.start_with?("Could not parse version")
136
- raise Dependabot::DependencyFileNotResolvable, error.message
137
+ elsif error.message.start_with?("Could not parse version") ||
138
+ error.message.include?("does not allow connections to http://")
139
+ raise Dependabot::DependencyFileNotResolvable, sanitized_message
137
140
  elsif error.message.include?("requested PHP extension")
138
141
  extensions = error.message.scan(/\sext\-.*?\s/).map(&:strip).uniq
139
142
  msg = "Dependabot's installed extensions didn't match those "\
@@ -212,11 +215,19 @@ module Dependabot
212
215
  end
213
216
 
214
217
  def git_credentials
215
- credentials.select { |cred| cred["type"] == "git_source" }
218
+ credentials.
219
+ select { |cred| cred["type"] == "git_source" }.
220
+ select { |cred| cred["password"] }
216
221
  end
217
222
 
218
223
  def registry_credentials
219
- credentials.select { |cred| cred["type"] == "composer_repository" }
224
+ credentials.
225
+ select { |cred| cred["type"] == "composer_repository" }.
226
+ select { |cred| cred["password"] }
227
+ end
228
+
229
+ def remove_url_credentials(message)
230
+ message.gsub(%r{(?<=://)[^\s]*:[^\s]*(?=@)}, "****")
220
231
  end
221
232
  end
222
233
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.98.31
4
+ version: 0.98.32
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-22 00:00:00.000000000 Z
11
+ date: 2019-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.98.31
19
+ version: 0.98.32
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.98.31
26
+ version: 0.98.32
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement