dependabot-composer 0.112.13 → 0.112.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0b719288dd5f6a3665d1ea7af743acbcf26045966c46c8fe33d2d8261460ba9
-  data.tar.gz: 18d1ec9ee8f1e1af15d3404f4f7b3077f82b373a9cf00b7626ea872266fda0df
+  metadata.gz: ec045c6643c947a26fd27cd96387d9a4d7bb3a16acfe6c420608451806cbb925
+  data.tar.gz: 27408a5151879a65b03ce2c56bf152e4a68d5bc1e28cb636df527838bda22c01
 SHA512:
-  metadata.gz: 56ef078a97030517d06442165836949dd1e93bea43811bcc56d75db9d86118d1a5297c53f77a27a3af447f173d87e256d2d9668adb18282b0e05ae054e02d266
-  data.tar.gz: d94a4440f5140d9cf68e38a298de181f13e8fe7174e73f331bea045d717452db52d5a3f8ee7a6c366f77a6c66fa418a0afe4917ac62990177c4493f238cba9e3
+  metadata.gz: df2c112c12f6329b51378924eda9ae6d38c094cc6937fb4c3939f47c8eece6033b91805b122ab3cc9e507dcbf14983af380e7435d3a4d49444fce514bb372319
+  data.tar.gz: 82c6456e9a5d8f53cb2b970be143eb0361226be58670a5022baf97e4b2bd29f237720f530011344824cdf162e2bed276e0e3c4015b2105c92fcc026d88012b15

data/lib/dependabot/composer/file_updater/lockfile_updater.rb

@@ -126,7 +126,8 @@ module Dependabot
         # rubocop:disable Metrics/PerceivedComplexity
         def handle_composer_errors(error)
           if error.message.include?("package requires php") ||
-             error.message.include?("requested PHP extension")
+             error.message.include?("requested PHP extension") ||
+             !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
             missing_extensions =
               error.message.scan(MISSING_PLATFORM_REQ_REGEX).
               map do |extension_string|
@@ -194,6 +195,10 @@ module Dependabot
         # rubocop:enable Metrics/MethodLength
         # rubocop:enable Metrics/PerceivedComplexity
 
+        def library?
+          parsed_composer_json["type"] == "library"
+        end
+
         def write_temporary_dependency_files
           path_dependencies.each do |file|
             path = file.name
@@ -411,15 +416,30 @@ module Dependabot
         end
 
         def initial_platform
-          return {} unless parsed_composer_json["type"] == "library"
+          platform_php = parsed_composer_json.dig("config", "platform", "php")
+
+          platform = {}
+          if platform_php.is_a?(String) && requirement_valid?(platform_php)
+            platform["php"] = [platform_php]
+          end
+
+          # Note: We *don't* include the require-dev PHP version in our initial
+          # platform. If we fail to resolve with the PHP version specified in
+          # `require` then it will be picked up in a subsequent iteration.
+          requirement_php = parsed_composer_json.dig("require", "php")
+          return platform unless requirement_php.is_a?(String)
+          return platform unless requirement_valid?(requirement_php)
 
-          php_requirements = [
-            parsed_composer_json.dig("require", "php"),
-            parsed_composer_json.dig("require-dev", "php")
-          ].compact
-          return {} if php_requirements.empty?
+          platform["php"] ||= []
+          platform["php"] << requirement_php
+          platform
+        end
 
-          { "php" => php_requirements }
+        def requirement_valid?(req_string)
+          Composer::Requirement.requirements_array(req_string)
+          true
+        rescue Gem::Requirement::BadRequirementError
+          false
         end
 
         def parsed_composer_json

data/lib/dependabot/composer/update_checker/version_resolver.rb

@@ -219,7 +219,8 @@ module Dependabot
                 error.message.include?("does not allow connections to http://")
             raise Dependabot::DependencyFileNotResolvable, sanitized_message
           elsif error.message.include?("package requires php") ||
-                error.message.include?("requested PHP extension")
+                error.message.include?("requested PHP extension") ||
+                !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
             missing_extensions =
               error.message.scan(MISSING_PLATFORM_REQ_REGEX).
               map do |extension_string|
@@ -284,6 +285,10 @@ module Dependabot
         # rubocop:enable Metrics/CyclomaticComplexity
         # rubocop:enable Metrics/MethodLength
 
+        def library?
+          parsed_composer_file["type"] == "library"
+        end
+
         def check_original_requirements_resolvable
           base_directory = dependency_files.first.directory
           SharedHelpers.in_a_temporary_directory(base_directory) do
@@ -352,14 +357,23 @@ module Dependabot
         end
 
         def initial_platform
-          return {} unless parsed_composer_file["type"] == "library"
+          platform_php = parsed_composer_file.dig("config", "platform", "php")
+
+          platform = {}
+          if platform_php.is_a?(String) && requirement_valid?(platform_php)
+            platform["php"] = [platform_php]
+          end
 
           # Note: We *don't* include the require-dev PHP version in our initial
           # platform. If we fail to resolve with the PHP version specified in
           # `require` then it will be picked up in a subsequent iteration.
-          return {} unless parsed_composer_file.dig("require", "php")
+          requirement_php = parsed_composer_file.dig("require", "php")
+          return platform unless requirement_php.is_a?(String)
+          return platform unless requirement_valid?(requirement_php)
 
-          { "php" => [parsed_composer_file.dig("require", "php")] }
+          platform["php"] ||= []
+          platform["php"] << requirement_php
+          platform
         end
 
         def parsed_composer_file

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.112.13
+  version: 0.112.14
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.112.13
+        version: 0.112.14
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.112.13
+        version: 0.112.14
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement