RubyGems - dependabot-composer - Versions diffs - 0.375.0 → 0.376.0 - Mend

dependabot-composer 0.375.0 → 0.376.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/composer/helpers.rb +12 -3
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cce5b0acae8cc93d9ad98e94dc2cdd771d73df7424b62c5bac89b7b346cd1cce
-  data.tar.gz: 9b50dd5fc35f90b7f477e94dbfa32adfc93a077e76b67816ab8380a731d64522
+  metadata.gz: 815e6ae05cc11b8147ee266a044b4bfd3d1d1dc1140510b98d997a92e7eb1ff4
+  data.tar.gz: 50170d53833bfc1812052b05300b05114ead26c3dac5ddd5d8cae590f3bb4d2a
 SHA512:
-  metadata.gz: 6a061c9a30a8c10af8f3c37a7c9027d89ec33ad8c99f8a289d77a11cb39d6d1c3ae9544ccc9983bd550534f3c01194af464808248356b2aa51ca014316ec6ad2
-  data.tar.gz: 8c71652c16dacdc77ff603773e07b93be83ccf186d515f37fae94a13b221e69225f6cdada0a4af1180d6bd9325550d4b1cef9910325af49114321a1f60bd08ef
+  metadata.gz: 9d8c8f5395b48682b2159f0f00e0dc6289a315952443a3792163a0217f37d27ff0fe3754196e050bfca6382ef46e64ac3cdc256ddafc89cbbf5b5e3f73db6cec
+  data.tar.gz: 13bd7de1ff00a7171d3ad174f06479d0e63daad2da0973a682ef3b11ed1ef3fa31b30e08272d7a3ea2c5bf05eadc6ba3a0a70805486283b593bc7d3dfced2970

data/lib/dependabot/composer/helpers.rb CHANGED Viewed

@@ -11,6 +11,7 @@ module Dependabot
       V1 = T.let("1", String)
       V2 = T.let("2", String)
       # If we are updating a project with no lock file then the default should be the newest version
       DEFAULT = T.let(V2, String)
@@ -48,13 +49,21 @@ module Dependabot
           .returns(String)
       end
       def self.composer_version(composer_json, parsed_lockfile = nil)
-        # If the parsed lockfile has a plugin API version, we return either V1 or V2
-        # based on the major version of the lockfile.
+        # If the parsed lockfile has a plugin API version, always use V2.
+        # V1 helpers have been removed, so we run with Composer V2 regardless.
         if parsed_lockfile && parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY]
           version = Composer::Version.new(parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY])
           major_version = version.canonical_segments.first
-          return major_version.nil? || major_version > 1 ? V2 : V1
+          if major_version && major_version <= 1
+            plugin_api_version = parsed_lockfile[PackageManager::PLUGIN_API_VERSION_KEY]
+            Dependabot.logger.warn(
+              "Composer V1 lockfile detected (plugin-api-version: #{plugin_api_version}). " \
+              "Dependabot no longer supports Composer V1. Running with Composer V2."
+            )
+          end
+          return V2
         end
         # Check if the composer name does not follow the Composer V2 naming conventions.

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-composer
 version: !ruby/object:Gem::Version
-  version: 0.375.0
+  version: 0.376.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.375.0
+        version: 0.376.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.375.0
+        version: 0.376.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -276,7 +276,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.375.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
 rdoc_options: []
 require_paths:
 - lib