dependabot-composer 0.286.0 → 0.287.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/composer/helpers.rb +5 -9
  3. data/lib/dependabot/composer/package_manager.rb +0 -18
  4. metadata +5 -17
  5. data/helpers/v1/.php-cs-fixer.dist.php +0 -32
  6. data/helpers/v1/bin/run +0 -86
  7. data/helpers/v1/build +0 -31
  8. data/helpers/v1/composer.json +0 -26
  9. data/helpers/v1/composer.lock +0 -2501
  10. data/helpers/v1/phpstan.dist.neon +0 -5
  11. data/helpers/v1/src/DependabotInstallationManager.php +0 -61
  12. data/helpers/v1/src/DependabotPluginManager.php +0 -23
  13. data/helpers/v1/src/ExceptionIO.php +0 -25
  14. data/helpers/v1/src/Hasher.php +0 -28
  15. data/helpers/v1/src/UpdateChecker.php +0 -121
  16. data/helpers/v1/src/Updater.php +0 -98
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4d544676aafa67c45ff3d489882678802b0d168f9fd6652a1545552a49b8beb5
4
- data.tar.gz: d5ecf28b2e85c494136db0f09293e8a268b18ac7c52685958a23381499a0708f
3
+ metadata.gz: 33efc3aae325bc2acdd965e6ec6904a390e1e69c730028acbf543ae50c7f853e
4
+ data.tar.gz: 3d70840ea14077b634287b459b5168ebcc991f341cc305e78cde0efbd0796694
5
5
  SHA512:
6
- metadata.gz: a683c8a8b3363618a1b87fd9269246100de66ca595eb4c89709fe6d4b4c626fe4b2d3d0cc9af00f10c43ef06b7b67acdc48f92fb01f35882abc7d4287fe0e91f
7
- data.tar.gz: 84e4afce44edf09ddd4922ca0e89fe80b2e20857ac7258ecf416ab7658f892bf2c8153ad11c948d02e62639403642ba1b3903b2d91ff0aaa91ace47a7288ac5e
6
+ metadata.gz: b274ddd490c9d93fa441e06404df4bad8e172178a54963307d3b804865cd45e448caeb55d7446a9d13030c7a71637712a405e6a4311a1e539dfa04b21a4c3139
7
+ data.tar.gz: 7d06ec720c22e6e88602a76e987887aa1a927e3b031673b9773d61884ddb19272a02d9efe12d13aa4091e6a0c635a93f7340c533d4839e3a84eef8a93aba9a8d
data/lib/dependabot/composer/helpers.rb CHANGED
@@ -43,13 +43,13 @@ module Dependabot
43
43
  .returns(String)
44
44
  end
45
45
  def self.composer_version(composer_json, parsed_lockfile = nil)
46
- v1_unsupported = Dependabot::Experiments.enabled?(:composer_v1_unsupported_error)
47
-
48
46
  # If the parsed lockfile has a plugin API version, we return either V1 or V2
49
47
  # based on the major version of the lockfile.
50
48
  if parsed_lockfile && parsed_lockfile["plugin-api-version"]
51
49
  version = Composer::Version.new(parsed_lockfile["plugin-api-version"])
52
- return version.canonical_segments.first == 1 ? V1 : V2
50
+ major_version = version.canonical_segments.first
51
+
52
+ return major_version.nil? || major_version > 1 ? V2 : V1
53
53
  end
54
54
 
55
55
  # Check if the composer name does not follow the Composer V2 naming conventions.
@@ -57,18 +57,14 @@ module Dependabot
57
57
  composer_name_invalid = composer_json["name"] && composer_json["name"] !~ COMPOSER_V2_NAME_REGEX
58
58
 
59
59
  # If the name is invalid returns the fallback version.
60
- if composer_name_invalid
61
- return v1_unsupported ? V2 : V1
62
- end
60
+ return V2 if composer_name_invalid
63
61
 
64
62
  # Check if the composer.json file contains "require" entries that don't follow
65
63
  # either the platform package naming conventions or the Composer V2 name conventions.
66
64
  invalid_v2 = invalid_v2_requirement?(composer_json)
67
65
 
68
66
  # If there are invalid requirements returns fallback version.
69
- if invalid_v2
70
- return v1_unsupported ? V2 : V1
71
- end
67
+ return V2 if invalid_v2
72
68
 
73
69
  # If no conditions are met return V2 by default.
74
70
  V2
data/lib/dependabot/composer/package_manager.rb CHANGED
@@ -29,24 +29,6 @@ module Dependabot
29
29
  SUPPORTED_COMPOSER_VERSIONS,
30
30
  )
31
31
  end
32
-
33
- sig { override.returns(T::Boolean) }
34
- def deprecated?
35
- return false if unsupported?
36
-
37
- # Check if the feature flag for Composer v1 deprecation warning is enabled.
38
- return false unless Dependabot::Experiments.enabled?(:composer_v1_deprecation_warning)
39
-
40
- super
41
- end
42
-
43
- sig { override.returns(T::Boolean) }
44
- def unsupported?
45
- # Check if the feature flag for Composer v1 unsupported error is enabled.
46
- return false unless Dependabot::Experiments.enabled?(:composer_v1_unsupported_error)
47
-
48
- super
49
- end
50
32
  end
51
33
  end
52
34
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-composer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.286.0
4
+ version: 0.287.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-11-14 00:00:00.000000000 Z
11
+ date: 2024-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.286.0
19
+ version: 0.287.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.286.0
26
+ version: 0.287.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -242,18 +242,6 @@ executables: []
242
242
  extensions: []
243
243
  extra_rdoc_files: []
244
244
  files:
245
- - helpers/v1/.php-cs-fixer.dist.php
246
- - helpers/v1/bin/run
247
- - helpers/v1/build
248
- - helpers/v1/composer.json
249
- - helpers/v1/composer.lock
250
- - helpers/v1/phpstan.dist.neon
251
- - helpers/v1/src/DependabotInstallationManager.php
252
- - helpers/v1/src/DependabotPluginManager.php
253
- - helpers/v1/src/ExceptionIO.php
254
- - helpers/v1/src/Hasher.php
255
- - helpers/v1/src/UpdateChecker.php
256
- - helpers/v1/src/Updater.php
257
245
  - helpers/v2/.php-cs-fixer.php
258
246
  - helpers/v2/bin/run
259
247
  - helpers/v2/build
@@ -287,7 +275,7 @@ licenses:
287
275
  - MIT
288
276
  metadata:
289
277
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
290
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.286.0
278
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.287.0
291
279
  post_install_message:
292
280
  rdoc_options: []
293
281
  require_paths:
data/helpers/v1/.php-cs-fixer.dist.php DELETED
@@ -1,32 +0,0 @@
1
- <?php
2
- $finder = PhpCsFixer\Finder::create()
3
- ->in(__DIR__ . '/src')
4
- ->in(__DIR__ . '/bin');
5
- $config = new PhpCsFixer\Config();
6
- return $config
7
- ->setRules([
8
- '@Symfony' => true,
9
- 'array_syntax' => ['syntax' => 'short'],
10
- 'blank_line_after_opening_tag' => true,
11
- 'concat_space' => ['spacing' => 'one'],
12
- 'declare_strict_types' => true,
13
- 'increment_style' => ['style' => 'post'],
14
- 'list_syntax' => ['syntax' => 'short'],
15
- 'method_argument_space' => ['on_multiline' => 'ensure_fully_multiline'],
16
- 'modernize_types_casting' => true,
17
- 'multiline_whitespace_before_semicolons' => true,
18
- 'no_useless_else' => true,
19
- 'no_useless_return' => true,
20
- 'ordered_imports' => true,
21
- 'php_unit_construct' => true,
22
- 'php_unit_dedicate_assert' => true,
23
- 'phpdoc_align' => false,
24
- 'phpdoc_order' => true,
25
- 'single_line_comment_style' => true,
26
- 'ternary_to_null_coalescing' => true,
27
- 'void_return' => true,
28
- 'yoda_style' => false,
29
- ])
30
- ->setFinder($finder)
31
- ->setUsingCache(true)
32
- ->setRiskyAllowed(true);
data/helpers/v1/bin/run DELETED
@@ -1,86 +0,0 @@
1
- #!/usr/bin/env php
2
- <?php
3
-
4
- declare(strict_types=1);
5
-
6
- namespace Dependabot\Composer;
7
-
8
- require __DIR__ . '/../vendor/autoload.php';
9
-
10
- // Get details of the process to run from STDIN. It will have a `function`
11
- // and an `args` method, as passed in by UpdateCheckers::Php
12
- $request = json_decode(file_get_contents('php://stdin'), true);
13
-
14
- function memoryInBytes($value) {
15
- $unit = strtolower(substr($value, -1, 1));
16
- $value = (int) $value;
17
- if ($unit == 'g') {
18
- $value *= (1024 * 1024 * 1024);
19
- } elseif ($unit == 'm') {
20
- $value *= (1024 * 1024);
21
- } elseif ($unit == 'k') {
22
- $value *= 1024;
23
- }
24
-
25
- return $value;
26
- }
27
-
28
- // Increase the default memory limit the same way Composer does (but clearer)
29
- if (function_exists('ini_set')) {
30
- $memoryLimit = trim(ini_get('memory_limit'));
31
- // Increase memory_limit if it is lower than 1900MB
32
- if ($memoryLimit != -1 && memoryInBytes($memoryLimit) < 1024 * 1024 * 1900) {
33
- @ini_set('memory_limit', '1900M');
34
- }
35
-
36
- // Set user defined memory limit
37
- if ($memoryLimit = getenv('COMPOSER_MEMORY_LIMIT')) {
38
- @ini_set('memory_limit', $memoryLimit);
39
- }
40
- unset($memoryInBytes, $memoryLimit);
41
- }
42
-
43
- date_default_timezone_set('Europe/London');
44
-
45
- // This storage is freed on error (case of allowed memory exhausted)
46
- $memory = str_repeat('*', 1024 * 1024);
47
-
48
- register_shutdown_function(function (): void {
49
- global $memory;
50
- $memory = null;
51
- $error = error_get_last();
52
- if (null !== $error) {
53
- fwrite(STDOUT, json_encode(['error' => $error['message']]));
54
- }
55
- });
56
-
57
- if ($memoryAlloc = getenv('DEPENDABOT_TEST_MEMORY_ALLOCATION')) {
58
- str_repeat('*', memoryInBytes($memoryAlloc));
59
- }
60
-
61
- try {
62
- switch ($request['function']) {
63
- case 'update':
64
- $updatedFiles = Updater::update($request['args']);
65
- fwrite(STDOUT, json_encode(['result' => $updatedFiles]));
66
- error_clear_last();
67
- break;
68
- case 'get_latest_resolvable_version':
69
- $latestVersion = UpdateChecker::getLatestResolvableVersion($request['args']);
70
- fwrite(STDOUT, json_encode(['result' => $latestVersion]));
71
- error_clear_last();
72
- break;
73
- case 'get_content_hash':
74
- $content_hash = Hasher::getContentHash($request['args']);
75
- fwrite(STDOUT, json_encode(['result' => $content_hash]));
76
- error_clear_last();
77
- break;
78
- default:
79
- fwrite(STDOUT, json_encode(['error' => "Invalid function {$request['function']}"]));
80
- exit(1);
81
- }
82
- } catch (\Exception $e) {
83
- fwrite(STDOUT, json_encode(['error' => $e->getMessage()]));
84
- error_clear_last();
85
- exit(1);
86
- }
data/helpers/v1/build DELETED
@@ -1,31 +0,0 @@
1
- #!/usr/bin/env bash
2
-
3
- set -e
4
-
5
- if [ -z "$DEPENDABOT_NATIVE_HELPERS_PATH" ]; then
6
- echo "Unable to build, DEPENDABOT_NATIVE_HELPERS_PATH is not set"
7
- exit 1
8
- fi
9
-
10
- install_dir="$DEPENDABOT_NATIVE_HELPERS_PATH/composer/v1"
11
- mkdir -p "$install_dir"
12
-
13
- helpers_dir="$(dirname "${BASH_SOURCE[0]}")"
14
- cp -r \
15
- "$helpers_dir/bin" \
16
- "$helpers_dir/src" \
17
- "$helpers_dir/.php-cs-fixer.dist.php" \
18
- "$helpers_dir/composer.json" \
19
- "$helpers_dir/composer.lock" \
20
- "$helpers_dir/phpstan.dist.neon" \
21
- "$install_dir"
22
-
23
- cd "$install_dir"
24
-
25
- composer1 validate --no-check-publish
26
- composer1 install
27
- composer1 run lint -- --dry-run
28
- composer1 run stan
29
-
30
- # Composer caches source zips and repo metadata, none of which is useful. Save space in this layer
31
- rm -Rf ~/.composer/cache
data/helpers/v1/composer.json DELETED
@@ -1,26 +0,0 @@
1
- {
2
- "name": "dependabot/composer-v1-helper",
3
- "description": "A helper package for Dependabot to perform updates using Composer",
4
- "license": "MIT",
5
- "require": {
6
- "php": "^7.4",
7
- "ext-json": "*",
8
- "composer/composer": "^1"
9
- },
10
- "require-dev": {
11
- "friendsofphp/php-cs-fixer": "^2.9",
12
- "phpstan/phpstan": "~1.10.3"
13
- },
14
- "autoload": {
15
- "psr-4": {
16
- "Dependabot\\Composer\\": "src/"
17
- }
18
- },
19
- "scripts": {
20
- "lint": "php-cs-fixer fix --diff --verbose",
21
- "stan": "phpstan analyse"
22
- },
23
- "config": {
24
- "sort-packages": true
25
- }
26
- }