dependabot-composer 0.211.0 → 0.212.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/composer/file_fetcher.rb +2 -2
- data/lib/dependabot/composer/file_updater/lockfile_updater.rb +4 -6
- data/lib/dependabot/composer/metadata_finder.rb +1 -1
- data/lib/dependabot/composer/update_checker/latest_version_finder.rb +1 -1
- data/lib/dependabot/composer/update_checker/version_resolver.rb +6 -8
- metadata +22 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d54231e2c281495a4b8c6c292612268409f32c987bdc18ee855801c53c9988ef
|
|
4
|
+
data.tar.gz: f2d4a3d1ffbee23ae2f91e2d391f4fd9491cde895df260ecaa39ac9b1ecf8611
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a822c49151406db75f91190c6db1960709e35dc84459bf51122db466e200c5cbf70eaa23319e563f0d405759678b212f70784b7675418931f971f6e4f91d3fb
|
|
7
|
+
data.tar.gz: 8463be054bcec7b7619d2d4638a66c03946ed1c788ce5b42a647520b6c1b84dbdc77f705b901412d900f8d96305cbe63ce7b19642ed05be5dc1734540022c87c
|
|
@@ -93,13 +93,13 @@ module Dependabot
|
|
|
93
93
|
end
|
|
94
94
|
|
|
95
95
|
def build_unfetchable_deps(unfetchable_deps)
|
|
96
|
-
unfetchable_deps.
|
|
96
|
+
unfetchable_deps.filter_map do |path|
|
|
97
97
|
PathDependencyBuilder.new(
|
|
98
98
|
path: path,
|
|
99
99
|
directory: directory,
|
|
100
100
|
lockfile: composer_lock
|
|
101
101
|
).dependency_file
|
|
102
|
-
end
|
|
102
|
+
end
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
def expand_path(path)
|
|
@@ -185,8 +185,7 @@ module Dependabot
|
|
|
185
185
|
# NOTE: This matches an error message from composer plugins used to install ACF PRO
|
|
186
186
|
# https://github.com/PhilippBaschke/acf-pro-installer/blob/772cec99c6ef8bc67ba6768419014cc60d141b27/src/ACFProInstaller/Exceptions/MissingKeyException.php#L14
|
|
187
187
|
# https://github.com/pivvenit/acf-pro-installer/blob/f2d4812839ee2c333709b0ad4c6c134e4c25fd6d/src/Exceptions/MissingKeyException.php#L25
|
|
188
|
-
if error.message.start_with?("Could not find a key for ACF PRO")
|
|
189
|
-
error.message.start_with?("Could not find a license key for ACF PRO")
|
|
188
|
+
if error.message.start_with?("Could not find a key for ACF PRO", "Could not find a license key for ACF PRO")
|
|
190
189
|
raise MissingEnvironmentVariable, "ACF_PRO_KEY"
|
|
191
190
|
end
|
|
192
191
|
|
|
@@ -213,8 +212,8 @@ module Dependabot
|
|
|
213
212
|
|
|
214
213
|
# NOTE: This error is raised by composer v1
|
|
215
214
|
if error.message.include?("Argument 1 passed to Composer")
|
|
216
|
-
msg = "One of your Composer plugins is not compatible with the "\
|
|
217
|
-
"latest version of Composer. Please update Composer and "\
|
|
215
|
+
msg = "One of your Composer plugins is not compatible with the " \
|
|
216
|
+
"latest version of Composer. Please update Composer and " \
|
|
218
217
|
"try running `composer update` to debug further."
|
|
219
218
|
raise DependencyFileNotResolvable, msg
|
|
220
219
|
end
|
|
@@ -456,8 +455,7 @@ module Dependabot
|
|
|
456
455
|
def credentials_env
|
|
457
456
|
credentials.
|
|
458
457
|
select { |c| c.fetch("type") == "php_environment_variable" }.
|
|
459
|
-
|
|
460
|
-
to_h
|
|
458
|
+
to_h { |cred| [cred["env-key"], cred.fetch("env-value", "-")] }
|
|
461
459
|
end
|
|
462
460
|
|
|
463
461
|
def git_credentials
|
|
@@ -104,7 +104,7 @@ module Dependabot
|
|
|
104
104
|
|
|
105
105
|
urls = repositories.
|
|
106
106
|
select { |h| h["type"] == "composer" }.
|
|
107
|
-
|
|
107
|
+
filter_map { |h| h["url"] }.
|
|
108
108
|
map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
|
|
109
109
|
|
|
110
110
|
unless repositories.any? { |rep| rep["packagist.org"] == false }
|
|
@@ -198,7 +198,6 @@ module Dependabot
|
|
|
198
198
|
end
|
|
199
199
|
|
|
200
200
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
201
|
-
# rubocop:disable Metrics/AbcSize
|
|
202
201
|
def updated_version_requirement_string
|
|
203
202
|
lower_bound =
|
|
204
203
|
if requirements_to_unlock == :none
|
|
@@ -207,7 +206,7 @@ module Dependabot
|
|
|
207
206
|
">= #{dependency.version}"
|
|
208
207
|
else
|
|
209
208
|
version_for_requirement =
|
|
210
|
-
dependency.requirements.
|
|
209
|
+
dependency.requirements.filter_map { |r| r[:requirement] }.
|
|
211
210
|
reject { |req_string| req_string.start_with?("<") }.
|
|
212
211
|
select { |req_string| req_string.match?(VERSION_REGEX) }.
|
|
213
212
|
map { |req_string| req_string.match(VERSION_REGEX) }.
|
|
@@ -232,7 +231,6 @@ module Dependabot
|
|
|
232
231
|
|
|
233
232
|
lower_bound + ", <= #{latest_allowable_version}"
|
|
234
233
|
end
|
|
235
|
-
# rubocop:enable Metrics/AbcSize
|
|
236
234
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
237
235
|
|
|
238
236
|
# TODO: Extract error handling and share between the lockfile updater
|
|
@@ -290,8 +288,8 @@ module Dependabot
|
|
|
290
288
|
raise Dependabot::DependencyFileNotResolvable, error.message
|
|
291
289
|
elsif error.message.include?("No driver found to handle VCS") &&
|
|
292
290
|
!error.message.include?("@") && !error.message.include?("://")
|
|
293
|
-
msg = "Dependabot detected a VCS requirement with a local path, "\
|
|
294
|
-
"rather than a URL. Dependabot does not support this "\
|
|
291
|
+
msg = "Dependabot detected a VCS requirement with a local path, " \
|
|
292
|
+
"rather than a URL. Dependabot does not support this " \
|
|
295
293
|
"setup.\n\nThe underlying error was:\n\n#{error.message}"
|
|
296
294
|
raise Dependabot::DependencyFileNotResolvable, msg
|
|
297
295
|
elsif error.message.include?("requirements could not be resolved")
|
|
@@ -317,7 +315,7 @@ module Dependabot
|
|
|
317
315
|
|
|
318
316
|
source = url.gsub(%r{/packages.json$}, "")
|
|
319
317
|
raise Dependabot::PrivateSourceTimedOut, source
|
|
320
|
-
elsif error.message.start_with?("Allowed memory size"
|
|
318
|
+
elsif error.message.start_with?("Allowed memory size", "Out of memory")
|
|
321
319
|
raise Dependabot::OutOfMemory
|
|
322
320
|
elsif error.error_context[:process_termsig] == Dependabot::SharedHelpers::SIGKILL
|
|
323
321
|
# If the helper was SIGKILL-ed, assume the OOMKiller did it
|
|
@@ -337,8 +335,8 @@ module Dependabot
|
|
|
337
335
|
# Package is not installed: stefandoorn/sitemap-plugin-1.0.0.0
|
|
338
336
|
nil
|
|
339
337
|
elsif error.message.include?("does not match the expected JSON schema")
|
|
340
|
-
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n"\
|
|
341
|
-
"Run `composer validate` to check your composer.json and composer.lock files.\n\n"\
|
|
338
|
+
msg = "Composer failed to parse your composer.json as it does not match the expected JSON schema.\n" \
|
|
339
|
+
"Run `composer validate` to check your composer.json and composer.lock files.\n\n" \
|
|
342
340
|
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
|
343
341
|
raise Dependabot::DependencyFileNotParseable, msg
|
|
344
342
|
else
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.212.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.212.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.212.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
89
|
+
version: 3.12.0
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
96
|
+
version: 3.12.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: rake
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +142,28 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
145
|
+
version: 1.36.0
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
152
|
+
version: 1.36.0
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: rubocop-performance
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 1.14.2
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 1.14.2
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: ruby-debug-ide
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|