dependabot-composer 0.112.17 → 0.112.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +43 -7
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +65 -11
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6373b67a953a57260ceae7218a91678d520fe1eda6ec7f86cba91580401f53cf
4
- data.tar.gz: 197f5b37ce9116348803c5c50b1a149ec690ccced64c2da154f3450a508de8a2
3
+ metadata.gz: 5f8dd3d02ef37c4db350f2cd47924bb35a218abec6ff79ef09baf9014287216a
4
+ data.tar.gz: c761e25d35945121c57884a82a7e774f4ffef96f7c99f23442a57440d898592c
5
5
  SHA512:
6
- metadata.gz: a4b7a0bcaf533e923ef577f2a63672700ed0f034a5e8b08a3551d3df15bd534badda508e558b1b207da7ae4c696d34cdc4e3c3c15a1200ad029f4e76306afe13
7
- data.tar.gz: 1c3a71790db31e5759e29baa066c727e198c53ba60950a57b02584a02826e39ef9cd93b10e0accdc41c115fda077efdbf137ba408b8ab34be312dc5c72e5bf42
6
+ metadata.gz: 112ceeb3fe14023d0da4a7fd12572cf48390d3dfb57d8b30bb94dede9226c35bf2be2fcfe1dd58b5926379721e90e3a10ea1b6cc043dd131ce7efe8ecdf09a7e
7
+ data.tar.gz: f4628265ef52fbe56f47dd2ea59ca368136e217feea449378f949fa1966f3225bd370dcec709facd7a13a58aa46e888d54e0f53f6430bd093348f65d0a262580
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -24,10 +24,15 @@ module Dependabot
24
24
  end
25
25
  end
26
26
 
27
- MISSING_PLATFORM_REQ_REGEX =
27
+ MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
28
28
  /
29
- \sext\-[^\s]+\s.*?\s(?=->|is|but)|
30
- (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->|is|but)
29
+ (?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
30
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
31
+ /x.freeze
32
+ MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
33
+ /
34
+ \sext\-[^\s]+\s.*?\s(?=->)|
35
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
31
36
  /x.freeze
32
37
 
33
38
  def initialize(dependencies:, dependency_files:, credentials:)
@@ -125,16 +130,33 @@ module Dependabot
125
130
  # rubocop:disable Metrics/MethodLength
126
131
  # rubocop:disable Metrics/PerceivedComplexity
127
132
  def handle_composer_errors(error)
128
- if error.message.include?("package requires php") ||
129
- error.message.include?("requested PHP extension") ||
130
- !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
133
+ if error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
134
+ # These errors occur when platform requirements declared explicitly
135
+ # in the composer.json aren't met.
131
136
  missing_extensions =
132
- error.message.scan(MISSING_PLATFORM_REQ_REGEX).
137
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
133
138
  map do |extension_string|
134
139
  name, requirement = extension_string.strip.split(" ", 2)
135
140
  { name: name, requirement: requirement }
136
141
  end
137
142
  raise MissingExtensions, missing_extensions
143
+ elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
144
+ !library? &&
145
+ !initial_platform.empty? &&
146
+ implicit_platform_reqs_satisfiable?(error.message)
147
+ missing_extensions =
148
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
149
+ map do |extension_string|
150
+ name, requirement = extension_string.strip.split(" ", 2)
151
+ { name: name, requirement: requirement }
152
+ end
153
+
154
+ missing_extension = missing_extensions.find do |hash|
155
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
156
+ version_for_reqs(existing_reqs + [hash[:requirement]])
157
+ end
158
+
159
+ raise MissingExtensions, [missing_extension]
138
160
  end
139
161
 
140
162
  if error.message.start_with?("Failed to execute git checkout")
@@ -199,6 +221,20 @@ module Dependabot
199
221
  parsed_composer_json["type"] == "library"
200
222
  end
201
223
 
224
+ def implicit_platform_reqs_satisfiable?(message)
225
+ missing_extensions =
226
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
227
+ map do |extension_string|
228
+ name, requirement = extension_string.strip.split(" ", 2)
229
+ { name: name, requirement: requirement }
230
+ end
231
+
232
+ missing_extensions.any? do |hash|
233
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
234
+ version_for_reqs(existing_reqs + [hash[:requirement]])
235
+ end
236
+ end
237
+
202
238
  def write_temporary_dependency_files
203
239
  path_dependencies.each do |file|
204
240
  path = file.name
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -23,10 +23,15 @@ module Dependabot
23
23
  end
24
24
  end
25
25
 
26
- MISSING_PLATFORM_REQ_REGEX =
26
+ MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
27
27
  /
28
- \sext\-[^\s]+\s.*?\s(?=->|is|but)|
29
- (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->|is|but)
28
+ (?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
29
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
30
+ /x.freeze
31
+ MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
32
+ /
33
+ \sext\-[^\s]+\s.*?\s(?=->)|
34
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
30
35
  /x.freeze
31
36
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
32
37
  SOURCE_TIMED_OUT_REGEX =
@@ -125,6 +130,10 @@ module Dependabot
125
130
  json = JSON.parse(content)
126
131
 
127
132
  composer_platform_extensions.each do |extension, requirements|
133
+ unless version_for_reqs(requirements)
134
+ raise "No matching version for #{requirements}!"
135
+ end
136
+
128
137
  json["config"] ||= {}
129
138
  json["config"]["platform"] ||= {}
130
139
  json["config"]["platform"][extension] =
@@ -218,16 +227,33 @@ module Dependabot
218
227
  elsif error.message.start_with?("Could not parse version") ||
219
228
  error.message.include?("does not allow connections to http://")
220
229
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
221
- elsif error.message.include?("package requires php") ||
222
- error.message.include?("requested PHP extension") ||
223
- !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
230
+ elsif error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
231
+ # These errors occur when platform requirements declared explicitly
232
+ # in the composer.json aren't met.
224
233
  missing_extensions =
225
- error.message.scan(MISSING_PLATFORM_REQ_REGEX).
234
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
226
235
  map do |extension_string|
227
236
  name, requirement = extension_string.strip.split(" ", 2)
228
237
  { name: name, requirement: requirement }
229
238
  end
230
239
  raise MissingExtensions, missing_extensions
240
+ elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
241
+ !library? &&
242
+ !initial_platform.empty? &&
243
+ implicit_platform_reqs_satisfiable?(error.message)
244
+ missing_extensions =
245
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
246
+ map do |extension_string|
247
+ name, requirement = extension_string.strip.split(" ", 2)
248
+ { name: name, requirement: requirement }
249
+ end
250
+
251
+ missing_extension = missing_extensions.find do |hash|
252
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
253
+ version_for_reqs(existing_reqs + [hash[:requirement]])
254
+ end
255
+
256
+ raise MissingExtensions, [missing_extension]
231
257
  elsif error.message.include?("cannot require itself") ||
232
258
  error.message.include?('packages.json" file could not be down')
233
259
  raise Dependabot::DependencyFileNotResolvable, error.message
@@ -289,6 +315,23 @@ module Dependabot
289
315
  parsed_composer_file["type"] == "library"
290
316
  end
291
317
 
318
+ def implicit_platform_reqs_satisfiable?(message)
319
+ missing_extensions =
320
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
321
+ map do |extension_string|
322
+ name, requirement = extension_string.strip.split(" ", 2)
323
+ { name: name, requirement: requirement }
324
+ end
325
+
326
+ missing_extensions.any? do |hash|
327
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
328
+ version_for_reqs(existing_reqs + [hash[:requirement]])
329
+ end
330
+ end
331
+
332
+ # rubocop:disable Metrics/AbcSize
333
+ # rubocop:disable Metrics/MethodLength
334
+ # rubocop:disable Metrics/PerceivedComplexity
292
335
  def check_original_requirements_resolvable
293
336
  base_directory = dependency_files.first.directory
294
337
  SharedHelpers.in_a_temporary_directory(base_directory) do
@@ -304,10 +347,18 @@ module Dependabot
304
347
 
305
348
  true
306
349
  rescue SharedHelpers::HelperSubprocessFailed => e
307
- if e.message.include?("requires php") ||
308
- e.message.include?("requested PHP extension")
350
+ if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
351
+ missing_extensions =
352
+ e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
353
+ map do |extension_string|
354
+ name, requirement = extension_string.strip.split(" ", 2)
355
+ { name: name, requirement: requirement }
356
+ end
357
+ raise MissingExtensions, missing_extensions
358
+ elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
359
+ implicit_platform_reqs_satisfiable?(e.message)
309
360
  missing_extensions =
310
- e.message.scan(MISSING_PLATFORM_REQ_REGEX).
361
+ e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
311
362
  map do |extension_string|
312
363
  name, requirement = extension_string.strip.split(" ", 2)
313
364
  { name: name, requirement: requirement }
@@ -317,6 +368,9 @@ module Dependabot
317
368
 
318
369
  raise Dependabot::DependencyFileNotResolvable, e.message
319
370
  end
371
+ # rubocop:enable Metrics/AbcSize
372
+ # rubocop:enable Metrics/MethodLength
373
+ # rubocop:enable Metrics/PerceivedComplexity
320
374
 
321
375
  def version_for_reqs(requirements)
322
376
  req_arrays =
@@ -337,7 +391,7 @@ module Dependabot
337
391
  find do |v|
338
392
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
339
393
  end
340
- raise "No matching version for #{requirements}!" unless version
394
+ return unless version
341
395
 
342
396
  version.to_s
343
397
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.17
4
+ version: 0.112.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.17
19
+ version: 0.112.18
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.17
26
+ version: 0.112.18
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement