dependabot-composer 0.112.12 → 0.112.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_parser.rb +23 -16
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a0b719288dd5f6a3665d1ea7af743acbcf26045966c46c8fe33d2d8261460ba9
|
4
|
+
data.tar.gz: 18d1ec9ee8f1e1af15d3404f4f7b3077f82b373a9cf00b7626ea872266fda0df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 56ef078a97030517d06442165836949dd1e93bea43811bcc56d75db9d86118d1a5297c53f77a27a3af447f173d87e256d2d9668adb18282b0e05ae054e02d266
|
7
|
+
data.tar.gz: d94a4440f5140d9cf68e38a298de181f13e8fe7174e73f331bea045d717452db52d5a3f8ee7a6c366f77a6c66fa418a0afe4917ac62990177c4493f238cba9e3
|
@@ -38,7 +38,7 @@ module Dependabot
|
|
38
38
|
dependencies = DependencySet.new
|
39
39
|
|
40
40
|
DEPENDENCY_GROUP_KEYS.each do |keys|
|
41
|
-
next unless parsed_composer_json[keys[:manifest]]
|
41
|
+
next unless parsed_composer_json[keys[:manifest]].is_a?(Hash)
|
42
42
|
|
43
43
|
parsed_composer_json[keys[:manifest]].each do |name, req|
|
44
44
|
next unless package?(name)
|
@@ -78,39 +78,46 @@ module Dependabot
|
|
78
78
|
)
|
79
79
|
end
|
80
80
|
|
81
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
82
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
81
83
|
def lockfile_dependencies
|
82
84
|
dependencies = DependencySet.new
|
83
85
|
|
84
86
|
return dependencies unless lockfile
|
85
87
|
|
86
|
-
DEPENDENCY_GROUP_KEYS.each do |
|
87
|
-
key =
|
88
|
-
next unless parsed_lockfile[key]
|
88
|
+
DEPENDENCY_GROUP_KEYS.each do |keys|
|
89
|
+
key = keys.fetch(:lockfile)
|
90
|
+
next unless parsed_lockfile[key].is_a?(Array)
|
89
91
|
|
90
92
|
parsed_lockfile[key].each do |details|
|
91
93
|
name = details["name"]
|
92
|
-
next unless package?(name)
|
94
|
+
next unless name.is_a?(String) && package?(name)
|
93
95
|
|
94
96
|
version = details["version"]&.to_s&.sub(/^v?/, "")
|
95
|
-
next
|
97
|
+
next unless version.is_a?(String)
|
96
98
|
next unless version.match?(/^\d/) ||
|
97
99
|
version.match?(/^[0-9a-f]{40}$/)
|
98
100
|
|
99
|
-
dependencies <<
|
100
|
-
Dependency.new(
|
101
|
-
name: name,
|
102
|
-
version: version,
|
103
|
-
requirements: [],
|
104
|
-
package_manager: "composer",
|
105
|
-
subdependency_metadata: [{
|
106
|
-
production: h.fetch(:group) != "development"
|
107
|
-
}]
|
108
|
-
)
|
101
|
+
dependencies << build_lockfile_dependency(name, version, keys)
|
109
102
|
end
|
110
103
|
end
|
111
104
|
|
112
105
|
dependencies
|
113
106
|
end
|
107
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
108
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
109
|
+
|
110
|
+
def build_lockfile_dependency(name, version, keys)
|
111
|
+
Dependency.new(
|
112
|
+
name: name,
|
113
|
+
version: version,
|
114
|
+
requirements: [],
|
115
|
+
package_manager: "composer",
|
116
|
+
subdependency_metadata: [{
|
117
|
+
production: keys.fetch(:group) != "development"
|
118
|
+
}]
|
119
|
+
)
|
120
|
+
end
|
114
121
|
|
115
122
|
def dependency_version(name:, type:)
|
116
123
|
return unless lockfile
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.112.
|
4
|
+
version: 0.112.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.112.
|
19
|
+
version: 0.112.13
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.112.
|
26
|
+
version: 0.112.13
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|