dependabot-composer 0.130.2 → 0.130.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3ff0d11ce9d8da233db098f18b7ff0ad6e419d55da4b540a4688934325f16f51
4
- data.tar.gz: 8c263e390d8ffc368aac43f5d232386d2912cdf4de57fc8c60860adac88a295a
3
+ metadata.gz: f12166d2e05b5890fe2ff233b25aea5d130090d99878a341d4ac295da986b7e2
4
+ data.tar.gz: 6a837db7643f74f7202629151218d23b9fb39852de41773bee5c587b4a503768
5
5
  SHA512:
6
- metadata.gz: f19e13275d98bffd5243745393bfb3dabc28805c33700111c5534f04fb754814e1958a61a97ddef2a417ad04fff8aa1d7f8af12c8d6df1a5ffb897444f5013b2
7
- data.tar.gz: 1b86c7790ddab42c28267b100b0c28fa89603d8da7223df691c6633e82cf6ef143ca08428f64de97d1e5cc2eda8aa1ea176b4a5bc8a47548efdd7ae796d3a2e9
6
+ metadata.gz: 1592b144516035f747cf1add393a3db1d7c4d05ddde1d61f1457db0f8ef05b263328ef7d62c0698db86ead36410fe19b4808c44856d85b9a229515146fd26ed6
7
+ data.tar.gz: c07d99fb3fa07a1fd6e7e63533d3cffbf6f1076cdccc8b8b298046a717f16028cbeb64265b6dc665ef70f6d81f3e3bb12d1daaeee1147bd0e42e7e82c26b50d2
@@ -7,21 +7,29 @@ module Dependabot
7
7
  module Helpers
8
8
  # From composers json-schema: https://getcomposer.org/schema.json
9
9
  COMPOSER_V2_NAME_REGEX = %r{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$}.freeze
10
+ # From https://github.com/composer/composer/blob/b7d770659b4e3ef21423bd67ade935572913a4c1/src/Composer/Repository/PlatformRepository.php#L33
11
+ PLATFORM_PACKAGE_REGEX = /
12
+ ^(?:php(?:-64bit|-ipv6|-zts|-debug)?|hhvm|(?:ext|lib)-[a-z0-9](?:[_.-]?[a-z0-9]+)*
13
+ |composer-(?:plugin|runtime)-api)$
14
+ /x.freeze
10
15
 
11
16
  def self.composer_version(composer_json, parsed_lockfile = nil)
12
- return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
13
- return "v1" if invalid_v2_requirement?(composer_json)
14
- return "v2" unless parsed_lockfile && parsed_lockfile["plugin-api-version"]
17
+ if parsed_lockfile && parsed_lockfile["plugin-api-version"]
18
+ version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
19
+ return version.canonical_segments.first == 1 ? "v1" : "v2"
20
+ else
21
+ return "v1" if composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
22
+ return "v1" if invalid_v2_requirement?(composer_json)
23
+ end
15
24
 
16
- version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
17
- version.canonical_segments.first == 1 ? "v1" : "v2"
25
+ "v2"
18
26
  end
19
27
 
20
28
  def self.invalid_v2_requirement?(composer_json)
21
29
  return false unless composer_json.key?("require")
22
30
 
23
31
  composer_json["require"].keys.any? do |key|
24
- key != "php" && key !~ COMPOSER_V2_NAME_REGEX
32
+ key !~ PLATFORM_PACKAGE_REGEX && key !~ COMPOSER_V2_NAME_REGEX
25
33
  end
26
34
  end
27
35
  private_class_method :invalid_v2_requirement?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.130.2
4
+ version: 0.130.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-19 00:00:00.000000000 Z
11
+ date: 2021-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.130.2
19
+ version: 0.130.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.130.2
26
+ version: 0.130.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -230,7 +230,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
230
230
  - !ruby/object:Gem::Version
231
231
  version: 2.5.0
232
232
  requirements: []
233
- rubygems_version: 3.2.3
233
+ rubygems_version: 3.1.4
234
234
  signing_key:
235
235
  specification_version: 4
236
236
  summary: PHP (Composer) support for dependabot