dependabot-composer 0.211.0 → 0.212.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_fetcher.rb +2 -2
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +4 -6
- data/lib/dependabot/composer/metadata_finder.rb +1 -1
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +1 -1
- data/lib/dependabot/composer/update_checker/version_resolver.rb +6 -8
- metadata +22 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d54231e2c281495a4b8c6c292612268409f32c987bdc18ee855801c53c9988ef
|
|
4
|
+
data.tar.gz: f2d4a3d1ffbee23ae2f91e2d391f4fd9491cde895df260ecaa39ac9b1ecf8611
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a822c49151406db75f91190c6db1960709e35dc84459bf51122db466e200c5cbf70eaa23319e563f0d405759678b212f70784b7675418931f971f6e4f91d3fb
|
|
7
|
+
data.tar.gz: 8463be054bcec7b7619d2d4638a66c03946ed1c788ce5b42a647520b6c1b84dbdc77f705b901412d900f8d96305cbe63ce7b19642ed05be5dc1734540022c87c
|
|
@@ -93,13 +93,13 @@ module Dependabot
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def build_unfetchable_deps(unfetchable_deps)
|
|
96
|
-
unfetchable_deps.
|
|
96
|
+
unfetchable_deps.filter_map do |path|
|
|
97
97
|
PathDependencyBuilder.new(
|
|
98
98
|
path: path,
|
|
99
99
|
directory: directory,
|
|
100
100
|
lockfile: composer_lock
|
|
101
101
|
).dependency_file
|
|
102
|
-
end
|
|
102
|
+
end
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
def expand_path(path)
|
|
@@ -185,8 +185,7 @@ module Dependabot
|
|
|
185
185
|
# NOTE: This matches an error message from composer plugins used to install ACF PRO
|
|
186
186
|
# https://github.com/PhilippBaschke/acf-pro-installer/blob/772cec99c6ef8bc67ba6768419014cc60d141b27/src/ACFProInstaller/Exceptions/MissingKeyException.php#L14
|
|
187
187
|
# https://github.com/pivvenit/acf-pro-installer/blob/f2d4812839ee2c333709b0ad4c6c134e4c25fd6d/src/Exceptions/MissingKeyException.php#L25
|
|
188
|
-
if error.message.start_with?("Could not find a key for ACF PRO")
|
|
189
|
-
error.message.start_with?("Could not find a license key for ACF PRO")
|
|
188
|
+
if error.message.start_with?("Could not find a key for ACF PRO", "Could not find a license key for ACF PRO")
|
|
190
189
|
raise MissingEnvironmentVariable, "ACF_PRO_KEY"
|
|
191
190
|
end
|
|
192
191
|
|
|
@@ -213,8 +212,8 @@ module Dependabot
|
|
|
213
212
|
|
|
214
213
|
# NOTE: This error is raised by composer v1
|
|
215
214
|
if error.message.include?("Argument 1 passed to Composer")
|
|
216
|
-
msg = "One of your Composer plugins is not compatible with the "\
|
|
217
|
-
"latest version of Composer. Please update Composer and "\
|
|
215
|
+
msg = "One of your Composer plugins is not compatible with the " \
|
|
216
|
+
"latest version of Composer. Please update Composer and " \
|
|
218
217
|
"try running `composer update` to debug further."
|
|
219
218
|
raise DependencyFileNotResolvable, msg
|
|
220
219
|
end
|
|
@@ -456,8 +455,7 @@ module Dependabot
|
|
|
456
455
|
def credentials_env
|
|
457
456
|
credentials.
|
|
458
457
|
select { |c| c.fetch("type") == "php_environment_variable" }.
|
|
459
|
-
|
|
460
|
-
to_h
|
|
458
|
+
to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
|
|
461
459
|
end
|
|
462
460
|
|
|
463
461
|
def git_credentials
|
|
@@ -104,7 +104,7 @@ module Dependabot
|
|
|
104
104
|
|
|
105
105
|
urls = repositories.
|
|
106
106
|
select { |h| h["type"] == "composer" }.
|
|
107
|
-
|
|
107
|
+
filter_map { |h| h["url"] }.
|
|
108
108
|
map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
|
|
109
109
|
|
|
110
110
|
unless repositories.any? { |rep| rep["packagist.org"] == false }
|
|
@@ -198,7 +198,6 @@ module Dependabot
|
|
|
198
198
|
end
|
|
199
199
|
|
|
200
200
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
201
|
-
# rubocop:disable Metrics/AbcSize
|
|
202
201
|
def updated_version_requirement_string
|
|
203
202
|
lower_bound =
|
|
204
203
|
if requirements_to_unlock == :none
|
|
@@ -207,7 +206,7 @@ module Dependabot
|
|
|
207
206
|
">= #{dependency.version}"
|
|
208
207
|
else
|
|
209
208
|
version_for_requirement =
|
|
210
|
-
dependency.requirements.
|
|
209
|
+
dependency.requirements.filter_map { |r| r[:requirement] }.
|
|
211
210
|
reject { |req_string| req_string.start_with?("<") }.
|
|
212
211
|
select { |req_string| req_string.match?(VERSION_REGEX) }.
|
|
213
212
|
map { |req_string| req_string.match(VERSION_REGEX) }.
|
|
@@ -232,7 +231,6 @@ module Dependabot
|
|
|
232
231
|
|
|
233
232
|
lower_bound + ", <= #{latest_allowable_version}"
|
|
234
233
|
end
|
|
235
|
-
# rubocop:enable Metrics/AbcSize
|
|
236
234
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
237
235
|
|
|
238
236
|
# TODO: Extract error handling and share between the lockfile updater
|
|
@@ -290,8 +288,8 @@ module Dependabot
|
|
|
290
288
|
raise Dependabot::DependencyFileNotResolvable, error.message
|
|
291
289
|
elsif error.message.include?("No driver found to handle VCS") &&
|
|
292
290
|
!error.message.include?("@") && !error.message.include?("://")
|
|
293
|
-
msg = "Dependabot detected a VCS requirement with a local path, "\
|
|
294
|
-
"rather than a URL. Dependabot does not support this "\
|
|
291
|
+
msg = "Dependabot detected a VCS requirement with a local path, " \
|
|
292
|
+
"rather than a URL. Dependabot does not support this " \
|
|
295
293
|
"setup.\n\nThe underlying error was:\n\n#{error.message}"
|
|
296
294
|
raise Dependabot::DependencyFileNotResolvable, msg
|
|
297
295
|
elsif error.message.include?("requirements could not be resolved")
|
|
@@ -317,7 +315,7 @@ module Dependabot
|
|
|
317
315
|
|
|
318
316
|
source = url.gsub(%r{/packages.json$}, "")
|
|
319
317
|
raise Dependabot::PrivateSourceTimedOut, source
|
|
320
|
-
elsif error.message.start_with?("Allowed memory size"
|
|
318
|
+
elsif error.message.start_with?("Allowed memory size", "Out of memory")
|
|
321
319
|
raise Dependabot::OutOfMemory
|
|
322
320
|
elsif error.error_context[:process_termsig] == Dependabot::SharedHelpers::SIGKILL
|
|
323
321
|
# If the helper was SIGKILL-ed, assume the OOMKiller did it
|
|
@@ -337,8 +335,8 @@ module Dependabot
|
|
|
337
335
|
# Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
|
|
338
336
|
nil
|
|
339
337
|
elsif error.message.include?("does not match the expected JSON schema")
|
|
340
|
-
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
|
|
341
|
-
"Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
|
|
338
|
+
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n" \
|
|
339
|
+
"Run `composer validate` to check your composer.json and composer.lock files.\n\n" \
|
|
342
340
|
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
|
343
341
|
raise Dependabot::DependencyFileNotParseable, msg
|
|
344
342
|
else
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.212.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.212.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.212.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
89
|
+
version: 3.12.0
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
96
|
+
version: 3.12.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: rake
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +142,28 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
145
|
+
version: 1.36.0
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
152
|
+
version: 1.36.0
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: rubocop-performance
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 1.14.2
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 1.14.2
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: ruby-debug-ide
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|