dependabot-composer 0.98.31 → 0.98.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: da13b2ccaa88210d58d9fee2498718b30a571ed0a668ff9fab6b13c0518b5a41
|
|
4
|
+
data.tar.gz: 53045ed445c8b0a1221113da47bdcd6afab4de5fd318f446f77c5c8ecfdf0757
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d7a76841eeefaa6fc2d43c4bfbb1a7c267fe3a1fe8a36fbe1eca20877e463a298cfecc78c87746dcc89f4f2b4585b3f7695426316b56b68893dadb7c6229cd9
|
|
7
|
+
data.tar.gz: e63734f21052fae6161549d8d7bd741f20561aa931575c9184613aa57c951e2667e985aada1dba136f306d62348e4b5193e62c8ae8498b4730b17f2ab9a08fdc
|
|
@@ -247,12 +247,14 @@ module Dependabot
|
|
|
247
247
|
|
|
248
248
|
def git_credentials
|
|
249
249
|
credentials.
|
|
250
|
-
select { |cred| cred.fetch("type") == "git_source" }
|
|
250
|
+
select { |cred| cred.fetch("type") == "git_source" }.
|
|
251
|
+
select { |cred| cred["password"] }
|
|
251
252
|
end
|
|
252
253
|
|
|
253
254
|
def registry_credentials
|
|
254
255
|
credentials.
|
|
255
|
-
select { |cred| cred.fetch("type") == "composer_repository" }
|
|
256
|
+
select { |cred| cred.fetch("type") == "composer_repository" }.
|
|
257
|
+
select { |cred| cred["password"] }
|
|
256
258
|
end
|
|
257
259
|
|
|
258
260
|
def composer_json
|
|
@@ -122,6 +122,8 @@ module Dependabot
|
|
|
122
122
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
123
123
|
# rubocop:disable Metrics/MethodLength
|
|
124
124
|
def handle_composer_errors(error)
|
|
125
|
+
sanitized_message = remove_url_credentials(error.message)
|
|
126
|
+
|
|
125
127
|
if error.message.start_with?("Failed to execute git clone")
|
|
126
128
|
dependency_url =
|
|
127
129
|
error.message.match(/--mirror '(?<url>.*?)'/).
|
|
@@ -132,8 +134,9 @@ module Dependabot
|
|
|
132
134
|
error.message.match(/Failed to clone (?<url>.*?) via/).
|
|
133
135
|
named_captures.fetch("url")
|
|
134
136
|
raise Dependabot::GitDependenciesNotReachable, dependency_url
|
|
135
|
-
elsif error.message.start_with?("Could not parse version")
|
|
136
|
-
|
|
137
|
+
elsif error.message.start_with?("Could not parse version") ||
|
|
138
|
+
error.message.include?("does not allow connections to http://")
|
|
139
|
+
raise Dependabot::DependencyFileNotResolvable, sanitized_message
|
|
137
140
|
elsif error.message.include?("requested PHP extension")
|
|
138
141
|
extensions = error.message.scan(/\sext\-.*?\s/).map(&:strip).uniq
|
|
139
142
|
msg = "Dependabot's installed extensions didn't match those "\
|
|
@@ -212,11 +215,19 @@ module Dependabot
|
|
|
212
215
|
end
|
|
213
216
|
|
|
214
217
|
def git_credentials
|
|
215
|
-
credentials.
|
|
218
|
+
credentials.
|
|
219
|
+
select { |cred| cred["type"] == "git_source" }.
|
|
220
|
+
select { |cred| cred["password"] }
|
|
216
221
|
end
|
|
217
222
|
|
|
218
223
|
def registry_credentials
|
|
219
|
-
credentials.
|
|
224
|
+
credentials.
|
|
225
|
+
select { |cred| cred["type"] == "composer_repository" }.
|
|
226
|
+
select { |cred| cred["password"] }
|
|
227
|
+
end
|
|
228
|
+
|
|
229
|
+
def remove_url_credentials(message)
|
|
230
|
+
message.gsub(%r{(?<=://)[^\s]*:[^\s]*(?=@)}, "****")
|
|
220
231
|
end
|
|
221
232
|
end
|
|
222
233
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-composer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.98.
|
|
4
|
+
version: 0.98.32
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-03-
|
|
11
|
+
date: 2019-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.98.
|
|
19
|
+
version: 0.98.32
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.98.
|
|
26
|
+
version: 0.98.32
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|