dependabot-composer 0.112.17 → 0.112.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/file_updater/lockfile_updater.rb +43 -7
  3. data/lib/dependabot/composer/update_checker/version_resolver.rb +65 -11
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6373b67a953a57260ceae7218a91678d520fe1eda6ec7f86cba91580401f53cf
4
- data.tar.gz: 197f5b37ce9116348803c5c50b1a149ec690ccced64c2da154f3450a508de8a2
3
+ metadata.gz: 5f8dd3d02ef37c4db350f2cd47924bb35a218abec6ff79ef09baf9014287216a
4
+ data.tar.gz: c761e25d35945121c57884a82a7e774f4ffef96f7c99f23442a57440d898592c
5
5
  SHA512:
6
- metadata.gz: a4b7a0bcaf533e923ef577f2a63672700ed0f034a5e8b08a3551d3df15bd534badda508e558b1b207da7ae4c696d34cdc4e3c3c15a1200ad029f4e76306afe13
7
- data.tar.gz: 1c3a71790db31e5759e29baa066c727e198c53ba60950a57b02584a02826e39ef9cd93b10e0accdc41c115fda077efdbf137ba408b8ab34be312dc5c72e5bf42
6
+ metadata.gz: 112ceeb3fe14023d0da4a7fd12572cf48390d3dfb57d8b30bb94dede9226c35bf2be2fcfe1dd58b5926379721e90e3a10ea1b6cc043dd131ce7efe8ecdf09a7e
7
+ data.tar.gz: f4628265ef52fbe56f47dd2ea59ca368136e217feea449378f949fa1966f3225bd370dcec709facd7a13a58aa46e888d54e0f53f6430bd093348f65d0a262580
data/lib/dependabot/composer/file_updater/lockfile_updater.rb CHANGED
@@ -24,10 +24,15 @@ module Dependabot
24
24
  end
25
25
  end
26
26
 
27
- MISSING_PLATFORM_REQ_REGEX =
27
+ MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
28
28
  /
29
- \sext\-[^\s]+\s.*?\s(?=->|is|but)|
30
- (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->|is|but)
29
+ (?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
30
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
31
+ /x.freeze
32
+ MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
33
+ /
34
+ \sext\-[^\s]+\s.*?\s(?=->)|
35
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
31
36
  /x.freeze
32
37
 
33
38
  def initialize(dependencies:, dependency_files:, credentials:)
@@ -125,16 +130,33 @@ module Dependabot
125
130
  # rubocop:disable Metrics/MethodLength
126
131
  # rubocop:disable Metrics/PerceivedComplexity
127
132
  def handle_composer_errors(error)
128
- if error.message.include?("package requires php") ||
129
- error.message.include?("requested PHP extension") ||
130
- !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
133
+ if error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
134
+ # These errors occur when platform requirements declared explicitly
135
+ # in the composer.json aren't met.
131
136
  missing_extensions =
132
- error.message.scan(MISSING_PLATFORM_REQ_REGEX).
137
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
133
138
  map do |extension_string|
134
139
  name, requirement = extension_string.strip.split(" ", 2)
135
140
  { name: name, requirement: requirement }
136
141
  end
137
142
  raise MissingExtensions, missing_extensions
143
+ elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
144
+ !library? &&
145
+ !initial_platform.empty? &&
146
+ implicit_platform_reqs_satisfiable?(error.message)
147
+ missing_extensions =
148
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
149
+ map do |extension_string|
150
+ name, requirement = extension_string.strip.split(" ", 2)
151
+ { name: name, requirement: requirement }
152
+ end
153
+
154
+ missing_extension = missing_extensions.find do |hash|
155
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
156
+ version_for_reqs(existing_reqs + [hash[:requirement]])
157
+ end
158
+
159
+ raise MissingExtensions, [missing_extension]
138
160
  end
139
161
 
140
162
  if error.message.start_with?("Failed to execute git checkout")
@@ -199,6 +221,20 @@ module Dependabot
199
221
  parsed_composer_json["type"] == "library"
200
222
  end
201
223
 
224
+ def implicit_platform_reqs_satisfiable?(message)
225
+ missing_extensions =
226
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
227
+ map do |extension_string|
228
+ name, requirement = extension_string.strip.split(" ", 2)
229
+ { name: name, requirement: requirement }
230
+ end
231
+
232
+ missing_extensions.any? do |hash|
233
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
234
+ version_for_reqs(existing_reqs + [hash[:requirement]])
235
+ end
236
+ end
237
+
202
238
  def write_temporary_dependency_files
203
239
  path_dependencies.each do |file|
204
240
  path = file.name
data/lib/dependabot/composer/update_checker/version_resolver.rb CHANGED
@@ -23,10 +23,15 @@ module Dependabot
23
23
  end
24
24
  end
25
25
 
26
- MISSING_PLATFORM_REQ_REGEX =
26
+ MISSING_EXPLICIT_PLATFORM_REQ_REGEX =
27
27
  /
28
- \sext\-[^\s]+\s.*?\s(?=->|is|but)|
29
- (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->|is|but)
28
+ (?<=PHP\sextension\s)ext\-[^\s]+\s.*?\s(?=is|but)|
29
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=but)
30
+ /x.freeze
31
+ MISSING_IMPLICIT_PLATFORM_REQ_REGEX =
32
+ /
33
+ \sext\-[^\s]+\s.*?\s(?=->)|
34
+ (?<=requires\s)php(?:\-[^\s]+)?\s.*?\s(?=->)
30
35
  /x.freeze
31
36
  VERSION_REGEX = /[0-9]+(?:\.[A-Za-z0-9\-_]+)*/.freeze
32
37
  SOURCE_TIMED_OUT_REGEX =
@@ -125,6 +130,10 @@ module Dependabot
125
130
  json = JSON.parse(content)
126
131
 
127
132
  composer_platform_extensions.each do |extension, requirements|
133
+ unless version_for_reqs(requirements)
134
+ raise "No matching version for #{requirements}!"
135
+ end
136
+
128
137
  json["config"] ||= {}
129
138
  json["config"]["platform"] ||= {}
130
139
  json["config"]["platform"][extension] =
@@ -218,16 +227,33 @@ module Dependabot
218
227
  elsif error.message.start_with?("Could not parse version") ||
219
228
  error.message.include?("does not allow connections to http://")
220
229
  raise Dependabot::DependencyFileNotResolvable, sanitized_message
221
- elsif error.message.include?("package requires php") ||
222
- error.message.include?("requested PHP extension") ||
223
- !library? && error.message.match?(MISSING_PLATFORM_REQ_REGEX)
230
+ elsif error.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
231
+ # These errors occur when platform requirements declared explicitly
232
+ # in the composer.json aren't met.
224
233
  missing_extensions =
225
- error.message.scan(MISSING_PLATFORM_REQ_REGEX).
234
+ error.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
226
235
  map do |extension_string|
227
236
  name, requirement = extension_string.strip.split(" ", 2)
228
237
  { name: name, requirement: requirement }
229
238
  end
230
239
  raise MissingExtensions, missing_extensions
240
+ elsif error.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
241
+ !library? &&
242
+ !initial_platform.empty? &&
243
+ implicit_platform_reqs_satisfiable?(error.message)
244
+ missing_extensions =
245
+ error.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
246
+ map do |extension_string|
247
+ name, requirement = extension_string.strip.split(" ", 2)
248
+ { name: name, requirement: requirement }
249
+ end
250
+
251
+ missing_extension = missing_extensions.find do |hash|
252
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
253
+ version_for_reqs(existing_reqs + [hash[:requirement]])
254
+ end
255
+
256
+ raise MissingExtensions, [missing_extension]
231
257
  elsif error.message.include?("cannot require itself") ||
232
258
  error.message.include?('packages.json" file could not be down')
233
259
  raise Dependabot::DependencyFileNotResolvable, error.message
@@ -289,6 +315,23 @@ module Dependabot
289
315
  parsed_composer_file["type"] == "library"
290
316
  end
291
317
 
318
+ def implicit_platform_reqs_satisfiable?(message)
319
+ missing_extensions =
320
+ message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
321
+ map do |extension_string|
322
+ name, requirement = extension_string.strip.split(" ", 2)
323
+ { name: name, requirement: requirement }
324
+ end
325
+
326
+ missing_extensions.any? do |hash|
327
+ existing_reqs = composer_platform_extensions[hash[:name]] || []
328
+ version_for_reqs(existing_reqs + [hash[:requirement]])
329
+ end
330
+ end
331
+
332
+ # rubocop:disable Metrics/AbcSize
333
+ # rubocop:disable Metrics/MethodLength
334
+ # rubocop:disable Metrics/PerceivedComplexity
292
335
  def check_original_requirements_resolvable
293
336
  base_directory = dependency_files.first.directory
294
337
  SharedHelpers.in_a_temporary_directory(base_directory) do
@@ -304,10 +347,18 @@ module Dependabot
304
347
 
305
348
  true
306
349
  rescue SharedHelpers::HelperSubprocessFailed => e
307
- if e.message.include?("requires php") ||
308
- e.message.include?("requested PHP extension")
350
+ if e.message.match?(MISSING_EXPLICIT_PLATFORM_REQ_REGEX)
351
+ missing_extensions =
352
+ e.message.scan(MISSING_EXPLICIT_PLATFORM_REQ_REGEX).
353
+ map do |extension_string|
354
+ name, requirement = extension_string.strip.split(" ", 2)
355
+ { name: name, requirement: requirement }
356
+ end
357
+ raise MissingExtensions, missing_extensions
358
+ elsif e.message.match?(MISSING_IMPLICIT_PLATFORM_REQ_REGEX) &&
359
+ implicit_platform_reqs_satisfiable?(e.message)
309
360
  missing_extensions =
310
- e.message.scan(MISSING_PLATFORM_REQ_REGEX).
361
+ e.message.scan(MISSING_IMPLICIT_PLATFORM_REQ_REGEX).
311
362
  map do |extension_string|
312
363
  name, requirement = extension_string.strip.split(" ", 2)
313
364
  { name: name, requirement: requirement }
@@ -317,6 +368,9 @@ module Dependabot
317
368
 
318
369
  raise Dependabot::DependencyFileNotResolvable, e.message
319
370
  end
371
+ # rubocop:enable Metrics/AbcSize
372
+ # rubocop:enable Metrics/MethodLength
373
+ # rubocop:enable Metrics/PerceivedComplexity
320
374
 
321
375
  def version_for_reqs(requirements)
322
376
  req_arrays =
@@ -337,7 +391,7 @@ module Dependabot
337
391
  find do |v|
338
392
  req_arrays.all? { |reqs| reqs.any? { |r| r.satisfied_by?(v) } }
339
393
  end
340
- raise "No matching version for #{requirements}!" unless version
394
+ return unless version
341
395
 
342
396
  version.to_s
343
397
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.112.17
4
+ version: 0.112.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.112.17
19
+ version: 0.112.18
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.112.17
26
+ version: 0.112.18
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement