RubyGems - dependabot-core - Versions diffs - 0.88.3 → 0.89.0 - Mend

dependabot-core 0.88.3 → 0.89.0

Files changed (37) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/helpers/test/run.rb +3 -0
data/lib/dependabot/file_fetchers.rb +0 -2
data/lib/dependabot/file_parsers.rb +0 -2
data/lib/dependabot/file_updaters.rb +0 -2
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +11 -8
data/lib/dependabot/metadata_finders.rb +0 -2
data/lib/dependabot/shared_helpers.rb +47 -24
data/lib/dependabot/update_checkers.rb +0 -2
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +11 -7
data/lib/dependabot/utils.rb +0 -4
data/lib/dependabot/version.rb +1 -1
metadata +2 -25
data/helpers/php/.php_cs +0 -34
data/helpers/php/bin/run.php +0 -84
data/helpers/php/composer.json +0 -14
data/helpers/php/composer.lock +0 -1528
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +0 -4
data/helpers/php/src/DependabotInstallationManager.php +0 -61
data/helpers/php/src/DependabotPluginManager.php +0 -23
data/helpers/php/src/ExceptionIO.php +0 -25
data/helpers/php/src/Hasher.php +0 -21
data/helpers/php/src/UpdateChecker.php +0 -123
data/helpers/php/src/Updater.php +0 -97
data/lib/dependabot/file_fetchers/php/composer.rb +0 -131
data/lib/dependabot/file_parsers/php/composer.rb +0 -177
data/lib/dependabot/file_updaters/php/composer.rb +0 -78
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +0 -269
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +0 -70
data/lib/dependabot/metadata_finders/php/composer.rb +0 -66
data/lib/dependabot/update_checkers/php/composer.rb +0 -175
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +0 -258
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +0 -216
data/lib/dependabot/utils/php/requirement.rb +0 -97
data/lib/dependabot/utils/php/version.rb +0 -24

data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb DELETED Viewed

@@ -1,70 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/php/composer"
-module Dependabot
-  module FileUpdaters
-    module Php
-      class Composer
-        class ManifestUpdater
-          def initialize(dependencies:, manifest:)
-            @dependencies = dependencies
-            @manifest = manifest
-          end
-          def updated_manifest_content
-            dependencies.reduce(manifest.content.dup) do |content, dep|
-              updated_content = content
-              updated_requirements(dep).each do |new_req|
-                old_req = old_requirement(dep, new_req).fetch(:requirement)
-                updated_req = new_req.fetch(:requirement)
-                regex =
-                  /
-                    "#{Regexp.escape(dep.name)}"\s*:\s*
-                    "#{Regexp.escape(old_req)}"
-                  /x
-                updated_content = content.gsub(regex) do |declaration|
-                  declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
-                end
-                if content == updated_content
-                  raise "Expected content to change!"
-                end
-              end
-              updated_content
-            end
-          end
-          private
-          attr_reader :dependencies, :manifest
-          def new_requirements(dependency)
-            dependency.requirements.select { |r| r[:file] == manifest.name }
-          end
-          def old_requirement(dependency, new_requirement)
-            dependency.previous_requirements.
-              select { |r| r[:file] == manifest.name }.
-              find { |r| r[:groups] == new_requirement[:groups] }
-          end
-          def updated_requirements(dependency)
-            new_requirements(dependency).
-              reject { |r| dependency.previous_requirements.include?(r) }
-          end
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/php/composer.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
-require "dependabot/utils"
-module Dependabot
-  module MetadataFinders
-    module Php
-      class Composer < Dependabot::MetadataFinders::Base
-        private
-        def look_up_source
-          source_from_dependency || look_up_source_from_packagist
-        end
-        def source_from_dependency
-          source_url =
-            dependency.requirements.
-            map { |r| r.fetch(:source) }.compact.
-            first&.fetch(:url, nil)
-          Source.from_url(source_url)
-        end
-        def look_up_source_from_packagist
-          return nil if packagist_listing&.fetch("packages", nil) == []
-          unless packagist_listing&.dig("packages", dependency.name.downcase)
-            return nil
-          end
-          version_listings =
-            packagist_listing["packages"][dependency.name.downcase].
-            select { |version, _| Utils::Php::Version.correct?(version) }.
-            sort_by { |version, _| Utils::Php::Version.new(version) }.
-            map { |_, listing| listing }.
-            reverse
-          potential_source_urls =
-            version_listings.
-            flat_map { |info| [info["homepage"], info.dig("source", "url")] }.
-            compact
-          source_url = potential_source_urls.find { |url| Source.from_url(url) }
-          Source.from_url(source_url)
-        end
-        def packagist_listing
-          return @packagist_listing unless @packagist_listing.nil?
-          response = Excon.get(
-            "https://packagist.org/p/#{dependency.name.downcase}.json",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-          return nil unless response.status == 200
-          @packagist_listing = JSON.parse(response.body)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/php/composer.rb DELETED Viewed

@@ -1,175 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-require "json"
-module Dependabot
-  module UpdateCheckers
-    module Php
-      class Composer < Dependabot::UpdateCheckers::Base
-        require_relative "composer/requirements_updater"
-        require_relative "composer/version_resolver"
-        def latest_version
-          return nil if path_dependency?
-          # Fall back to latest_resolvable_version if no listings found
-          latest_version_from_registry || latest_resolvable_version
-        end
-        def latest_resolvable_version
-          return nil if path_dependency?
-          @latest_resolvable_version ||=
-            VersionResolver.new(
-              credentials: credentials,
-              dependency: dependency,
-              dependency_files: dependency_files,
-              latest_allowable_version: latest_version_from_registry,
-              requirements_to_unlock: :own
-            ).latest_resolvable_version
-        end
-        def latest_resolvable_version_with_no_unlock
-          return nil if path_dependency?
-          @latest_resolvable_version_with_no_unlock ||=
-            VersionResolver.new(
-              credentials: credentials,
-              dependency: dependency,
-              dependency_files: dependency_files,
-              latest_allowable_version: latest_version_from_registry,
-              requirements_to_unlock: :none
-            ).latest_resolvable_version
-        end
-        def updated_requirements
-          RequirementsUpdater.new(
-            requirements: dependency.requirements,
-            latest_version: latest_version&.to_s,
-            latest_resolvable_version: latest_resolvable_version&.to_s,
-            update_strategy: requirements_update_strategy
-          ).updated_requirements
-        end
-        def requirements_update_strategy
-          # If passed in as an option (in the base class) honour that option
-          if @requirements_update_strategy
-            return @requirements_update_strategy.to_sym
-          end
-          # Otherwise, widen ranges for libraries and bump versions for apps
-          library? ? :widen_ranges : :bump_versions_if_necessary
-        end
-        private
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Composer (yet)
-          false
-        end
-        def latest_version_from_registry
-          versions =
-            registry_versions.
-            select { |version| version_class.correct?(version.gsub(/^v/, "")) }.
-            map { |version| version_class.new(version.gsub(/^v/, "")) }
-          versions.reject!(&:prerelease?) unless wants_prerelease?
-          versions.reject! { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
-          versions.max
-        end
-        def wants_prerelease?
-          current_version = dependency.version
-          if current_version && version_class.new(current_version).prerelease?
-            return true
-          end
-          dependency.requirements.any? do |req|
-            req[:requirement].match?(/\d-[A-Za-z]/)
-          end
-        end
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-        def path_dependency?
-          dependency.requirements.any? { |r| r.dig(:source, :type) == "path" }
-        end
-        def composer_file
-          composer_file =
-            dependency_files.find { |f| f.name == "composer.json" }
-          raise "No composer.json!" unless composer_file
-          composer_file
-        end
-        def lockfile
-          dependency_files.find { |f| f.name == "composer.lock" }
-        end
-        def registry_versions
-          return @registry_versions unless @registry_versions.nil?
-          repositories =
-            JSON.parse(composer_file.content).
-            fetch("repositories", []).
-            select { |r| r.is_a?(Hash) }
-          urls = repositories.
-                 select { |h| h["type"] == "composer" }.
-                 map { |h| h["url"] }.compact.
-                 map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
-          unless repositories.any? { |rep| rep["packagist.org"] == false }
-            urls << "https://packagist.org/p/#{dependency.name.downcase}.json"
-          end
-          @registry_versions = []
-          urls.each do |url|
-            @registry_versions += fetch_registry_versions_from_url(url)
-          end
-          @registry_versions.uniq
-        end
-        def fetch_registry_versions_from_url(url)
-          cred = registry_credentials.find { |c| url.include?(c["registry"]) }
-          response = Excon.get(
-            url,
-            idempotent: true,
-            user: cred&.fetch("username", nil),
-            password: cred&.fetch("password", nil),
-            **SharedHelpers.excon_defaults
-          )
-          return [] unless response.status == 200
-          listing = JSON.parse(response.body)
-          return [] if listing.nil?
-          return [] if listing.fetch("packages", []) == []
-          return [] unless listing.dig("packages", dependency.name.downcase)
-          listing.dig("packages", dependency.name.downcase).keys
-        rescue Excon::Error::Socket, Excon::Error::Timeout
-          []
-        end
-        def library?
-          JSON.parse(composer_file.content)["type"] == "library"
-        end
-        def registry_credentials
-          credentials.select { |cred| cred["type"] == "composer_repository" }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb DELETED Viewed

@@ -1,258 +0,0 @@
-# frozen_string_literal: true
-################################################################################
-# For more details on Composer version constraints, see:                       #
-# https://getcomposer.org/doc/articles/versions.md#writing-version-constraints #
-################################################################################
-require "dependabot/update_checkers/php/composer"
-require "dependabot/utils/php/version"
-require "dependabot/utils/php/requirement"
-module Dependabot
-  module UpdateCheckers
-    module Php
-      class Composer
-        class RequirementsUpdater
-          ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/.freeze
-          VERSION_REGEX =
-            /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/.freeze
-          AND_SEPARATOR =
-            /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
-          OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
-          SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
-          ALLOWED_UPDATE_STRATEGIES =
-            %i(widen_ranges bump_versions bump_versions_if_necessary).freeze
-          def initialize(requirements:, update_strategy:,
-                         latest_version:, latest_resolvable_version:)
-            @requirements = requirements
-            @update_strategy = update_strategy
-            check_update_strategy
-            if latest_version
-              @latest_version = version_class.new(latest_version)
-            end
-            return unless latest_resolvable_version
-            @latest_resolvable_version =
-              version_class.new(latest_resolvable_version)
-          end
-          def updated_requirements
-            return requirements unless latest_resolvable_version
-            requirements.map { |req| updated_requirement(req) }
-          end
-          private
-          attr_reader :requirements, :update_strategy,
-                      :latest_version, :latest_resolvable_version
-          def check_update_strategy
-            return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
-            raise "Unknown update strategy: #{update_strategy}"
-          end
-          # rubocop:disable Metrics/PerceivedComplexity
-          # rubocop:disable Metrics/CyclomaticComplexity
-          def updated_requirement(req)
-            req_string = req[:requirement].strip
-            or_string_reqs = req_string.split(OR_SEPARATOR)
-            or_separator = req_string.match(OR_SEPARATOR)&.to_s || " || "
-            numeric_or_string_reqs = or_string_reqs.
-                                     reject { |r| r.start_with?("dev-") }
-            branch_or_string_reqs = or_string_reqs.
-                                    select { |r| r.start_with?("dev-") }
-            return req unless req_string.match?(/\d/)
-            return req if numeric_or_string_reqs.none?
-            return updated_alias(req) if req_string.match?(ALIAS_REGEX)
-            return req if req_satisfied_by_latest_resolvable?(req_string) &&
-                          update_strategy != :bump_versions
-            new_req =
-              case update_strategy
-              when :widen_ranges
-                widen_requirement(req, or_separator)
-              when :bump_versions, :bump_versions_if_necessary
-                update_requirement_version(req, or_separator)
-              end
-            new_req_string =
-              [new_req[:requirement], *branch_or_string_reqs].join(or_separator)
-            new_req.merge(requirement: new_req_string)
-          end
-          # rubocop:enable Metrics/PerceivedComplexity
-          # rubocop:enable Metrics/CyclomaticComplexity
-          def updated_alias(req)
-            req_string = req[:requirement]
-            real_version = req_string.split(/\sas\s/).first.strip
-            # If the version we're aliasing isn't a version then we don't know
-            # how to update it, so we just return the existing requirement.
-            return req unless version_class.correct?(real_version)
-            new_version_string = latest_resolvable_version.to_s
-            new_req = req_string.sub(real_version, new_version_string)
-            req.merge(requirement: new_req)
-          end
-          def widen_requirement(req, or_separator)
-            current_requirement = req[:requirement]
-            reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
-            updated_requirement =
-              if reqs.any? { |r| r.start_with?("^") }
-                update_caret_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.start_with?("~") }
-                update_tilda_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.include?("*") }
-                update_wildcard_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
-                update_range_requirement(current_requirement, or_separator)
-              else
-                update_version_string(current_requirement)
-              end
-            req.merge(requirement: updated_requirement)
-          end
-          def update_requirement_version(req, or_separator)
-            current_requirement = req[:requirement]
-            reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
-            updated_requirement =
-              if reqs.count > 1
-                "^#{latest_resolvable_version}"
-              elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
-                update_range_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.match?(/>[^=]/) }
-                current_requirement
-              else
-                update_version_string(current_requirement)
-              end
-            req.merge(requirement: updated_requirement)
-          end
-          def req_satisfied_by_latest_resolvable?(requirement_string)
-            ruby_requirements(requirement_string).
-              any? { |r| r.satisfied_by?(latest_resolvable_version) }
-          end
-          def update_version_string(req_string)
-            req_string.
-              sub(VERSION_REGEX) do |old_version|
-                unless req_string.match?(/[~*\^]/)
-                  next latest_resolvable_version.to_s
-                end
-                old_parts = old_version.split(".")
-                new_parts = latest_resolvable_version.to_s.split(".").
-                            first(old_parts.count)
-                new_parts.map.with_index do |part, i|
-                  old_parts[i] == "*" ? "*" : part
-                end.join(".")
-              end
-          end
-          def ruby_requirements(requirement_string)
-            Utils::Php::Requirement.requirements_array(requirement_string)
-          end
-          def update_caret_requirement(req_string, or_separator)
-            caret_requirements =
-              req_string.split(SEPARATOR).select { |r| r.start_with?("^") }
-            version_parts = latest_resolvable_version.segments
-            min_existing_precision =
-              caret_requirements.map { |r| r.split(".").count }.min
-            first_non_zero_index =
-              version_parts.count.times.find { |i| version_parts[i] != 0 }
-            precision = [min_existing_precision, first_non_zero_index + 1].max
-            version = version_parts.first(precision).map.with_index do |part, i|
-              i <= first_non_zero_index ? part : 0
-            end.join(".")
-            req_string + "#{or_separator}^#{version}"
-          end
-          def update_tilda_requirement(req_string, or_separator)
-            tilda_requirements =
-              req_string.split(SEPARATOR).select { |r| r.start_with?("~") }
-            precision = tilda_requirements.map { |r| r.split(".").count }.min
-            version_parts = latest_resolvable_version.segments.first(precision)
-            version_parts[-1] = 0
-            version = version_parts.join(".")
-            req_string + "#{or_separator}~#{version}"
-          end
-          def update_wildcard_requirement(req_string, or_separator)
-            wildcard_requirements =
-              req_string.split(SEPARATOR).select { |r| r.include?("*") }
-            precision = wildcard_requirements.map do |r|
-              r.split(".").reject { |s| s == "*" }.count
-            end.min
-            wildcard_count = wildcard_requirements.map do |r|
-              r.split(".").select { |s| s == "*" }.count
-            end.min
-            version_parts = latest_resolvable_version.segments.first(precision)
-            version = version_parts.join(".")
-            req_string + "#{or_separator}#{version}#{'.*' * wildcard_count}"
-          end
-          def update_range_requirement(req_string, or_separator)
-            range_requirements =
-              req_string.split(SEPARATOR).select { |r| r.match?(/<|(\s+-\s+)/) }
-            if range_requirements.count == 1
-              range_requirement = range_requirements.first
-              versions = range_requirement.scan(VERSION_REGEX)
-              upper_bound = versions.map { |v| version_class.new(v) }.max
-              new_upper_bound = update_greatest_version(
-                upper_bound,
-                latest_resolvable_version
-              )
-              req_string.sub(upper_bound.to_s, new_upper_bound.to_s)
-            else
-              req_string + "#{or_separator}^#{latest_resolvable_version}"
-            end
-          end
-          def update_greatest_version(old_version, version_to_be_permitted)
-            version = version_class.new(old_version)
-            version = version.release if version.prerelease?
-            index_to_update =
-              version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-            version.segments.map.with_index do |_, index|
-              if index < index_to_update
-                version_to_be_permitted.segments[index]
-              elsif index == index_to_update
-                version_to_be_permitted.segments[index] + 1
-              else 0
-              end
-            end.join(".")
-          end
-          def version_class
-            Utils::Php::Version
-          end
-        end
-      end
-    end
-  end
-end