dependabot-composer 0.295.0 → 0.296.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0af2f173fa02cd21f81d4f91269332f220886a0c1fa3a272def5cbc85ec40368
|
|
4
|
+
data.tar.gz: a10e62096f71cd6b0636f562790a6213cdc2d92aaecf3726dad56df76ced281e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f93ec5ad2f8755b01b16b1fbe37da6581f60e50c48ded3224fcd68bda2ff4f527dcc90656ab26a6d93d56394557a04cfdfde0d0011d1464bdc29907f85a08f21
|
|
7
|
+
data.tar.gz: 867705928cce53572e4d7a5369d22d09602943a7322c4336b4d8ce98ce5c7542b0cd12de1db83a5461a6273d1d2ccdf3ad864c28d0b39f71f0e3bf15f8ab296b
|
|
@@ -48,6 +48,7 @@ module Dependabot
|
|
|
48
48
|
@requirements_to_unlock = requirements_to_unlock
|
|
49
49
|
@latest_allowable_version = latest_allowable_version
|
|
50
50
|
@composer_platform_extensions = initial_platform
|
|
51
|
+
@error_handler = ComposerErrorHandler.new
|
|
51
52
|
end
|
|
52
53
|
|
|
53
54
|
def latest_resolvable_version
|
|
@@ -62,6 +63,7 @@ module Dependabot
|
|
|
62
63
|
attr_reader :requirements_to_unlock
|
|
63
64
|
attr_reader :latest_allowable_version
|
|
64
65
|
attr_reader :composer_platform_extensions
|
|
66
|
+
attr_reader :error_handler
|
|
65
67
|
|
|
66
68
|
def fetch_latest_resolvable_version
|
|
67
69
|
version = fetch_latest_resolvable_version_string
|
|
@@ -344,6 +346,8 @@ module Dependabot
|
|
|
344
346
|
"See https://getcomposer.org/doc/04-schema.md for details on the schema."
|
|
345
347
|
raise Dependabot::DependencyFileNotParseable, msg
|
|
346
348
|
else
|
|
349
|
+
error_handler.handle_composer_error(error)
|
|
350
|
+
|
|
347
351
|
raise error
|
|
348
352
|
end
|
|
349
353
|
end
|
|
@@ -524,5 +528,52 @@ module Dependabot
|
|
|
524
528
|
end
|
|
525
529
|
end
|
|
526
530
|
end
|
|
531
|
+
|
|
532
|
+
class ComposerErrorHandler
|
|
533
|
+
extend T::Sig
|
|
534
|
+
|
|
535
|
+
# Private source errors
|
|
536
|
+
CURL_ERROR = /curl error 52 while downloading (?<url>.*): Empty reply from server/
|
|
537
|
+
|
|
538
|
+
PRIVATE_SOURCE_AUTH_FAIL = [
|
|
539
|
+
/Could not authenticate against (?<url>.*)/,
|
|
540
|
+
/The '(?<url>.*)' URL could not be accessed \(HTTP 403\)/,
|
|
541
|
+
/The "(?<url>.*)" file could not be downloaded/
|
|
542
|
+
].freeze
|
|
543
|
+
|
|
544
|
+
REQUIREMENT_ERROR = /^(?<req>.*) is invalid, it should not contain uppercase characters/
|
|
545
|
+
|
|
546
|
+
NO_URL = "No URL specified"
|
|
547
|
+
|
|
548
|
+
def sanitize_uri(url)
|
|
549
|
+
url = "http://#{url}" unless url.start_with?("http")
|
|
550
|
+
uri = URI.parse(url)
|
|
551
|
+
host = T.must(uri.host).downcase
|
|
552
|
+
host.start_with?("www.") ? host[4..-1] : host
|
|
553
|
+
end
|
|
554
|
+
|
|
555
|
+
# Handles errors with specific to composer error codes
|
|
556
|
+
sig { params(error: SharedHelpers::HelperSubprocessFailed).void }
|
|
557
|
+
def handle_composer_error(error)
|
|
558
|
+
# private source auth errors
|
|
559
|
+
PRIVATE_SOURCE_AUTH_FAIL.each do |regex|
|
|
560
|
+
next unless error.message.match?(regex)
|
|
561
|
+
|
|
562
|
+
url = T.must(error.message.match(regex)).named_captures["url"]
|
|
563
|
+
raise Dependabot::PrivateSourceAuthenticationFailure, sanitize_uri(url).empty? ? NO_URL : sanitize_uri(url)
|
|
564
|
+
end
|
|
565
|
+
|
|
566
|
+
# invalid requirement mentioned in manifest file
|
|
567
|
+
if error.message.match?(REQUIREMENT_ERROR)
|
|
568
|
+
raise DependencyFileNotResolvable,
|
|
569
|
+
"Invalid requirement: #{T.must(error.message.match(REQUIREMENT_ERROR)).named_captures['req']}"
|
|
570
|
+
end
|
|
571
|
+
|
|
572
|
+
return unless error.message.match?(CURL_ERROR)
|
|
573
|
+
|
|
574
|
+
url = T.must(error.message.match(CURL_ERROR)).named_captures["url"]
|
|
575
|
+
raise PrivateSourceBadResponse, url
|
|
576
|
+
end
|
|
577
|
+
end
|
|
527
578
|
end
|
|
528
579
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.296.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-
|
|
11
|
+
date: 2025-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.296.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.296.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -280,7 +280,7 @@ licenses:
|
|
|
280
280
|
- MIT
|
|
281
281
|
metadata:
|
|
282
282
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
283
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.296.0
|
|
284
284
|
post_install_message:
|
|
285
285
|
rdoc_options: []
|
|
286
286
|
require_paths:
|