dependabot-composer 0.110.11 → 0.110.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0e30c6039fcc46be98984b1bc968cca392581e64d6ff8f4d520fb13dd92f40d1
4
- data.tar.gz: f368f5e8424df290a63f39576deffc230fa4e829de5a0c492279f16e20f2bbde
3
+ metadata.gz: 98acd79574fd23cc58b391b0811dea57ec709665f242603e577901f62d838e37
4
+ data.tar.gz: 69a8fde2fbe34bd7ff92fac939ae2ea199faac68f94a77fd23c09eeae3981b5e
5
5
  SHA512:
6
- metadata.gz: 52b48c39490a6dc693d31ebb14fa3794614420950f1526c522447eb577245f08fb8e4381a5817e3cf97769495aba15bc273ec036f2999248f33f1f94f44d3e7e
7
- data.tar.gz: b4c4b40ce45e2f922743ea16061fb185447e3fb361c53f2dc1fbefd0a7356c04f716b1c1ba47be0cced20080e7a83b4fb96705a76871034d2a3fb53178920bfa
6
+ metadata.gz: '0569b1987caeb3a6ab816118272140907cc667f487c9890a3c2086463c0ae72e7a0386b57f73ff5e4f426367dd7662b8d7b5de327386356f55ce66d159e10cf9'
7
+ data.tar.gz: 1e11a8f8992ac2ac403d71b4c25501f657bef4055cfe38e75d24c97ae89fe3b264a288f4775877a4dd8b2854c0f3d86405daf446a4a531604539f9872b122807
@@ -148,6 +148,7 @@ module Dependabot
148
148
 
149
149
  File.write("composer.json", locked_composer_json_content)
150
150
  File.write("composer.lock", lockfile.content)
151
+ File.write("auth.json", auth_json.content) if auth_json
151
152
  end
152
153
 
153
154
  def locked_composer_json_content
@@ -271,6 +272,10 @@ module Dependabot
271
272
  dependency_files.find { |f| f.name == "composer.lock" }
272
273
  end
273
274
 
275
+ def auth_json
276
+ @auth_json ||= dependency_files.find { |f| f.name == "auth.json" }
277
+ end
278
+
274
279
  def path_dependencies
275
280
  @path_dependencies ||=
276
281
  dependency_files.select { |f| f.name.end_with?("/composer.json") }
@@ -142,7 +142,23 @@ module Dependabot
142
142
  end
143
143
 
144
144
  def registry_credentials
145
- credentials.select { |cred| cred["type"] == "composer_repository" }
145
+ credentials.select { |cred| cred["type"] == "composer_repository" } +
146
+ auth_json_credentials
147
+ end
148
+
149
+ def auth_json_credentials
150
+ return [] unless auth_json
151
+
152
+ parsed_auth_json = JSON.parse(auth_json.content)
153
+ parsed_auth_json.fetch("http-basic", {}).map do |reg, details|
154
+ {
155
+ "registry" => reg,
156
+ "username" => details["username"],
157
+ "password" => details["password"]
158
+ }
159
+ end
160
+ rescue JSON::ParserError
161
+ raise Dependabot::DependencyFileNotParseable, auth_json.path
146
162
  end
147
163
 
148
164
  def composer_file
@@ -153,6 +169,10 @@ module Dependabot
153
169
  composer_file
154
170
  end
155
171
 
172
+ def auth_json
173
+ dependency_files.find { |f| f.name == "auth.json" }
174
+ end
175
+
156
176
  def ignore_reqs
157
177
  ignored_versions.map { |req| requirement_class.new(req.split(",")) }
158
178
  end
@@ -44,6 +44,7 @@ module Dependabot
44
44
  SharedHelpers.in_a_temporary_directory(base_directory) do
45
45
  File.write("composer.json", prepared_composer_json_content)
46
46
  File.write("composer.lock", lockfile.content) if lockfile
47
+ File.write("auth.json", auth_json.content) if auth_json
47
48
 
48
49
  run_update_checker
49
50
  end
@@ -221,6 +222,10 @@ module Dependabot
221
222
  dependency_files.find { |f| f.name == "composer.lock" }
222
223
  end
223
224
 
225
+ def auth_json
226
+ @auth_json ||= dependency_files.find { |f| f.name == "auth.json" }
227
+ end
228
+
224
229
  def git_credentials
225
230
  credentials.
226
231
  select { |cred| cred["type"] == "git_source" }.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.110.11
4
+ version: 0.110.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.110.11
19
+ version: 0.110.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.110.11
26
+ version: 0.110.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement