dependabot-composer 0.112.12 → 0.112.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_parser.rb +23 -16
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a0b719288dd5f6a3665d1ea7af743acbcf26045966c46c8fe33d2d8261460ba9
|
|
4
|
+
data.tar.gz: 18d1ec9ee8f1e1af15d3404f4f7b3077f82b373a9cf00b7626ea872266fda0df
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 56ef078a97030517d06442165836949dd1e93bea43811bcc56d75db9d86118d1a5297c53f77a27a3af447f173d87e256d2d9668adb18282b0e05ae054e02d266
|
|
7
|
+
data.tar.gz: d94a4440f5140d9cf68e38a298de181f13e8fe7174e73f331bea045d717452db52d5a3f8ee7a6c366f77a6c66fa418a0afe4917ac62990177c4493f238cba9e3
|
|
@@ -38,7 +38,7 @@ module Dependabot
|
|
|
38
38
|
dependencies = DependencySet.new
|
|
39
39
|
|
|
40
40
|
DEPENDENCY_GROUP_KEYS.each do |keys|
|
|
41
|
-
next unless parsed_composer_json[keys[:manifest]]
|
|
41
|
+
next unless parsed_composer_json[keys[:manifest]].is_a?(Hash)
|
|
42
42
|
|
|
43
43
|
parsed_composer_json[keys[:manifest]].each do |name, req|
|
|
44
44
|
next unless package?(name)
|
|
@@ -78,39 +78,46 @@ module Dependabot
|
|
|
78
78
|
)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
|
82
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
|
81
83
|
def lockfile_dependencies
|
|
82
84
|
dependencies = DependencySet.new
|
|
83
85
|
|
|
84
86
|
return dependencies unless lockfile
|
|
85
87
|
|
|
86
|
-
DEPENDENCY_GROUP_KEYS.each do |
|
|
87
|
-
key =
|
|
88
|
-
next unless parsed_lockfile[key]
|
|
88
|
+
DEPENDENCY_GROUP_KEYS.each do |keys|
|
|
89
|
+
key = keys.fetch(:lockfile)
|
|
90
|
+
next unless parsed_lockfile[key].is_a?(Array)
|
|
89
91
|
|
|
90
92
|
parsed_lockfile[key].each do |details|
|
|
91
93
|
name = details["name"]
|
|
92
|
-
next unless package?(name)
|
|
94
|
+
next unless name.is_a?(String) && package?(name)
|
|
93
95
|
|
|
94
96
|
version = details["version"]&.to_s&.sub(/^v?/, "")
|
|
95
|
-
next
|
|
97
|
+
next unless version.is_a?(String)
|
|
96
98
|
next unless version.match?(/^\d/) ||
|
|
97
99
|
version.match?(/^[0-9a-f]{40}$/)
|
|
98
100
|
|
|
99
|
-
dependencies <<
|
|
100
|
-
Dependency.new(
|
|
101
|
-
name: name,
|
|
102
|
-
version: version,
|
|
103
|
-
requirements: [],
|
|
104
|
-
package_manager: "composer",
|
|
105
|
-
subdependency_metadata: [{
|
|
106
|
-
production: h.fetch(:group) != "development"
|
|
107
|
-
}]
|
|
108
|
-
)
|
|
101
|
+
dependencies << build_lockfile_dependency(name, version, keys)
|
|
109
102
|
end
|
|
110
103
|
end
|
|
111
104
|
|
|
112
105
|
dependencies
|
|
113
106
|
end
|
|
107
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
|
108
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
|
109
|
+
|
|
110
|
+
def build_lockfile_dependency(name, version, keys)
|
|
111
|
+
Dependency.new(
|
|
112
|
+
name: name,
|
|
113
|
+
version: version,
|
|
114
|
+
requirements: [],
|
|
115
|
+
package_manager: "composer",
|
|
116
|
+
subdependency_metadata: [{
|
|
117
|
+
production: keys.fetch(:group) != "development"
|
|
118
|
+
}]
|
|
119
|
+
)
|
|
120
|
+
end
|
|
114
121
|
|
|
115
122
|
def dependency_version(name:, type:)
|
|
116
123
|
return unless lockfile
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.112.
|
|
4
|
+
version: 0.112.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.112.
|
|
19
|
+
version: 0.112.13
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.112.
|
|
26
|
+
version: 0.112.13
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|