dependabot-composer 0.112.17 → 0.112.18
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5f8dd3d02ef37c4db350f2cd47924bb35a218abec6ff79ef09baf9014287216a
|
4
|
+
data.tar.gz: c761e25d35945121c57884a82a7e774f4ffef96f7c99f23442a57440d898592c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 112ceeb3fe14023d0da4a7fd12572cf48390d3dfb57d8b30bb94dede9226c35bf2be2fcfe1dd58b5926379721e90e3a10ea1b6cc043dd131ce7efe8ecdf09a7e
|
7
|
+
data.tar.gz: f4628265ef52fbe56f47dd2ea59ca368136e217feea449378f949fa1966f3225bd370dcec709facd7a13a58aa46e888d54e0f53f6430bd093348f65d0a262580
|
@@ -24,10 +24,15 @@ module Dependabot
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
|
27
|
+
MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
|
28
28
|
/
|
29
|
-
\
|
30
|
-
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(
|
29
|
+
(?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
|
30
|
+
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
|
31
|
+
/x.freeze
|
32
|
+
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
33
|
+
/
|
34
|
+
\sext\-[^\s]+\s.*?\s(?=->)|
|
35
|
+
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
|
31
36
|
/x.freeze
|
32
37
|
|
33
38
|
def initialize(dependencies:, dependency_files:, credentials:)
|
@@ -125,16 +130,33 @@ module Dependabot
|
|
125
130
|
# rubocop:disable Metrics/MethodLength
|
126
131
|
# rubocop:disable Metrics/PerceivedComplexity
|
127
132
|
def handle_composer_errors(error)
|
128
|
-
if error.message.
|
129
|
-
|
130
|
-
|
133
|
+
if error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
134
|
+
# These errors occur when platform requirements declared explicitly
|
135
|
+
# in the composer.json aren't met.
|
131
136
|
missing_extensions =
|
132
|
-
error.message.scan(
|
137
|
+
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
|
133
138
|
map do |extension_string|
|
134
139
|
name, requirement = extension_string.strip.split(" ", 2)
|
135
140
|
{ name: name, requirement: requirement }
|
136
141
|
end
|
137
142
|
raise MissingExtensions, missing_extensions
|
143
|
+
elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
|
144
|
+
!library? &&
|
145
|
+
!initial_platform.empty? &&
|
146
|
+
implicit_platform_reqs_satisfiable?(error.message)
|
147
|
+
missing_extensions =
|
148
|
+
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
|
149
|
+
map do |extension_string|
|
150
|
+
name, requirement = extension_string.strip.split(" ", 2)
|
151
|
+
{ name: name, requirement: requirement }
|
152
|
+
end
|
153
|
+
|
154
|
+
missing_extension = missing_extensions.find do |hash|
|
155
|
+
existing_reqs = composer_platform_extensions[hash[:name]] || []
|
156
|
+
version_for_reqs(existing_reqs + [hash[:requirement]])
|
157
|
+
end
|
158
|
+
|
159
|
+
raise MissingExtensions, [missing_extension]
|
138
160
|
end
|
139
161
|
|
140
162
|
if error.message.start_with?("Failed to execute git checkout")
|
@@ -199,6 +221,20 @@ module Dependabot
|
|
199
221
|
parsed_composer_json["type"] == "library"
|
200
222
|
end
|
201
223
|
|
224
|
+
def implicit_platform_reqs_satisfiable?(message)
|
225
|
+
missing_extensions =
|
226
|
+
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
|
227
|
+
map do |extension_string|
|
228
|
+
name, requirement = extension_string.strip.split(" ", 2)
|
229
|
+
{ name: name, requirement: requirement }
|
230
|
+
end
|
231
|
+
|
232
|
+
missing_extensions.any? do |hash|
|
233
|
+
existing_reqs = composer_platform_extensions[hash[:name]] || []
|
234
|
+
version_for_reqs(existing_reqs + [hash[:requirement]])
|
235
|
+
end
|
236
|
+
end
|
237
|
+
|
202
238
|
def write_temporary_dependency_files
|
203
239
|
path_dependencies.each do |file|
|
204
240
|
path = file.name
|
@@ -23,10 +23,15 @@ module Dependabot
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
|
26
|
+
MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
|
27
27
|
/
|
28
|
-
\
|
29
|
-
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(
|
28
|
+
(?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
|
29
|
+
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
|
30
|
+
/x.freeze
|
31
|
+
MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
|
32
|
+
/
|
33
|
+
\sext\-[^\s]+\s.*?\s(?=->)|
|
34
|
+
(?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
|
30
35
|
/x.freeze
|
31
36
|
VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
|
32
37
|
SOURCE_TIMED_OUT_REGEX =
|
@@ -125,6 +130,10 @@ module Dependabot
|
|
125
130
|
json = JSON.parse(content)
|
126
131
|
|
127
132
|
composer_platform_extensions.each do |extension, requirements|
|
133
|
+
unless version_for_reqs(requirements)
|
134
|
+
raise "No matching version for #{requirements}!"
|
135
|
+
end
|
136
|
+
|
128
137
|
json["config"] ||= {}
|
129
138
|
json["config"]["platform"] ||= {}
|
130
139
|
json["config"]["platform"][extension] =
|
@@ -218,16 +227,33 @@ module Dependabot
|
|
218
227
|
elsif error.message.start_with?("Could not parse version") ||
|
219
228
|
error.message.include?("does not allow connections to http://")
|
220
229
|
raise Dependabot::DependencyFileNotResolvable, sanitized_message
|
221
|
-
elsif error.message.
|
222
|
-
|
223
|
-
|
230
|
+
elsif error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
231
|
+
# These errors occur when platform requirements declared explicitly
|
232
|
+
# in the composer.json aren't met.
|
224
233
|
missing_extensions =
|
225
|
-
error.message.scan(
|
234
|
+
error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
|
226
235
|
map do |extension_string|
|
227
236
|
name, requirement = extension_string.strip.split(" ", 2)
|
228
237
|
{ name: name, requirement: requirement }
|
229
238
|
end
|
230
239
|
raise MissingExtensions, missing_extensions
|
240
|
+
elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
|
241
|
+
!library? &&
|
242
|
+
!initial_platform.empty? &&
|
243
|
+
implicit_platform_reqs_satisfiable?(error.message)
|
244
|
+
missing_extensions =
|
245
|
+
error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
|
246
|
+
map do |extension_string|
|
247
|
+
name, requirement = extension_string.strip.split(" ", 2)
|
248
|
+
{ name: name, requirement: requirement }
|
249
|
+
end
|
250
|
+
|
251
|
+
missing_extension = missing_extensions.find do |hash|
|
252
|
+
existing_reqs = composer_platform_extensions[hash[:name]] || []
|
253
|
+
version_for_reqs(existing_reqs + [hash[:requirement]])
|
254
|
+
end
|
255
|
+
|
256
|
+
raise MissingExtensions, [missing_extension]
|
231
257
|
elsif error.message.include?("cannot require itself") ||
|
232
258
|
error.message.include?('packages.json" file could not be down')
|
233
259
|
raise Dependabot::DependencyFileNotResolvable, error.message
|
@@ -289,6 +315,23 @@ module Dependabot
|
|
289
315
|
parsed_composer_file["type"] == "library"
|
290
316
|
end
|
291
317
|
|
318
|
+
def implicit_platform_reqs_satisfiable?(message)
|
319
|
+
missing_extensions =
|
320
|
+
message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
|
321
|
+
map do |extension_string|
|
322
|
+
name, requirement = extension_string.strip.split(" ", 2)
|
323
|
+
{ name: name, requirement: requirement }
|
324
|
+
end
|
325
|
+
|
326
|
+
missing_extensions.any? do |hash|
|
327
|
+
existing_reqs = composer_platform_extensions[hash[:name]] || []
|
328
|
+
version_for_reqs(existing_reqs + [hash[:requirement]])
|
329
|
+
end
|
330
|
+
end
|
331
|
+
|
332
|
+
# rubocop:disable Metrics/AbcSize
|
333
|
+
# rubocop:disable Metrics/MethodLength
|
334
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
292
335
|
def check_original_requirements_resolvable
|
293
336
|
base_directory = dependency_files.first.directory
|
294
337
|
SharedHelpers.in_a_temporary_directory(base_directory) do
|
@@ -304,10 +347,18 @@ module Dependabot
|
|
304
347
|
|
305
348
|
true
|
306
349
|
rescue SharedHelpers::HelperSubprocessFailed => e
|
307
|
-
if e.message.
|
308
|
-
|
350
|
+
if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
|
351
|
+
missing_extensions =
|
352
|
+
e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
|
353
|
+
map do |extension_string|
|
354
|
+
name, requirement = extension_string.strip.split(" ", 2)
|
355
|
+
{ name: name, requirement: requirement }
|
356
|
+
end
|
357
|
+
raise MissingExtensions, missing_extensions
|
358
|
+
elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
|
359
|
+
implicit_platform_reqs_satisfiable?(e.message)
|
309
360
|
missing_extensions =
|
310
|
-
e.message.scan(
|
361
|
+
e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
|
311
362
|
map do |extension_string|
|
312
363
|
name, requirement = extension_string.strip.split(" ", 2)
|
313
364
|
{ name: name, requirement: requirement }
|
@@ -317,6 +368,9 @@ module Dependabot
|
|
317
368
|
|
318
369
|
raise Dependabot::DependencyFileNotResolvable, e.message
|
319
370
|
end
|
371
|
+
# rubocop:enable Metrics/AbcSize
|
372
|
+
# rubocop:enable Metrics/MethodLength
|
373
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
320
374
|
|
321
375
|
def version_for_reqs(requirements)
|
322
376
|
req_arrays =
|
@@ -337,7 +391,7 @@ module Dependabot
|
|
337
391
|
find do |v|
|
338
392
|
req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
|
339
393
|
end
|
340
|
-
|
394
|
+
return unless version
|
341
395
|
|
342
396
|
version.to_s
|
343
397
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-composer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.112.
|
4
|
+
version: 0.112.18
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.112.
|
19
|
+
version: 0.112.18
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.112.
|
26
|
+
version: 0.112.18
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|