RubyGems - dependabot-core - Versions diffs - 0.88.3 → 0.89.0 - Mend

dependabot-core 0.88.3 → 0.89.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/helpers/test/run.rb +3 -0
data/lib/dependabot/file_fetchers.rb +0 -2
data/lib/dependabot/file_parsers.rb +0 -2
data/lib/dependabot/file_updaters.rb +0 -2
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +11 -8
data/lib/dependabot/metadata_finders.rb +0 -2
data/lib/dependabot/shared_helpers.rb +47 -24
data/lib/dependabot/update_checkers.rb +0 -2
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +11 -7
data/lib/dependabot/utils.rb +0 -4
data/lib/dependabot/version.rb +1 -1
metadata +2 -25
data/helpers/php/.php_cs +0 -34
data/helpers/php/bin/run.php +0 -84
data/helpers/php/composer.json +0 -14
data/helpers/php/composer.lock +0 -1528
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +0 -4
data/helpers/php/src/DependabotInstallationManager.php +0 -61
data/helpers/php/src/DependabotPluginManager.php +0 -23
data/helpers/php/src/ExceptionIO.php +0 -25
data/helpers/php/src/Hasher.php +0 -21
data/helpers/php/src/UpdateChecker.php +0 -123
data/helpers/php/src/Updater.php +0 -97
data/lib/dependabot/file_fetchers/php/composer.rb +0 -131
data/lib/dependabot/file_parsers/php/composer.rb +0 -177
data/lib/dependabot/file_updaters/php/composer.rb +0 -78
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +0 -269
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +0 -70
data/lib/dependabot/metadata_finders/php/composer.rb +0 -66
data/lib/dependabot/update_checkers/php/composer.rb +0 -175
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +0 -258
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +0 -216
data/lib/dependabot/utils/php/requirement.rb +0 -97
data/lib/dependabot/utils/php/version.rb +0 -24

data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb DELETED Viewed

@@ -1,70 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_updaters/php/composer"
-module Dependabot
-  module FileUpdaters
-    module Php
-      class Composer
-        class ManifestUpdater
-          def initialize(dependencies:, manifest:)
-            @dependencies = dependencies
-            @manifest = manifest
-          end
-          def updated_manifest_content
-            dependencies.reduce(manifest.content.dup) do |content, dep|
-              updated_content = content
-              updated_requirements(dep).each do |new_req|
-                old_req = old_requirement(dep, new_req).fetch(:requirement)
-                updated_req = new_req.fetch(:requirement)
-                regex =
-                  /
-                    "#{Regexp.escape(dep.name)}"\s*:\s*
-                    "#{Regexp.escape(old_req)}"
-                  /x
-                updated_content = content.gsub(regex) do |declaration|
-                  declaration.gsub(%("#{old_req}"), %("#{updated_req}"))
-                end
-                if content == updated_content
-                  raise "Expected content to change!"
-                end
-              end
-              updated_content
-            end
-          end
-          private
-          attr_reader :dependencies, :manifest
-          def new_requirements(dependency)
-            dependency.requirements.select { |r| r[:file] == manifest.name }
-          end
-          def old_requirement(dependency, new_requirement)
-            dependency.previous_requirements.
-              select { |r| r[:file] == manifest.name }.
-              find { |r| r[:groups] == new_requirement[:groups] }
-          end
-          def updated_requirements(dependency)
-            new_requirements(dependency).
-              reject { |r| dependency.previous_requirements.include?(r) }
-          end
-          def requirement_changed?(file, dependency)
-            changed_requirements =
-              dependency.requirements - dependency.previous_requirements
-            changed_requirements.any? { |f| f[:file] == file.name }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/metadata_finders/php/composer.rb DELETED Viewed

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/metadata_finders/base"
-require "dependabot/shared_helpers"
-require "dependabot/utils"
-module Dependabot
-  module MetadataFinders
-    module Php
-      class Composer < Dependabot::MetadataFinders::Base
-        private
-        def look_up_source
-          source_from_dependency || look_up_source_from_packagist
-        end
-        def source_from_dependency
-          source_url =
-            dependency.requirements.
-            map { |r| r.fetch(:source) }.compact.
-            first&.fetch(:url, nil)
-          Source.from_url(source_url)
-        end
-        def look_up_source_from_packagist
-          return nil if packagist_listing&.fetch("packages", nil) == []
-          unless packagist_listing&.dig("packages", dependency.name.downcase)
-            return nil
-          end
-          version_listings =
-            packagist_listing["packages"][dependency.name.downcase].
-            select { |version, _| Utils::Php::Version.correct?(version) }.
-            sort_by { |version, _| Utils::Php::Version.new(version) }.
-            map { |_, listing| listing }.
-            reverse
-          potential_source_urls =
-            version_listings.
-            flat_map { |info| [info["homepage"], info.dig("source", "url")] }.
-            compact
-          source_url = potential_source_urls.find { |url| Source.from_url(url) }
-          Source.from_url(source_url)
-        end
-        def packagist_listing
-          return @packagist_listing unless @packagist_listing.nil?
-          response = Excon.get(
-            "https://packagist.org/p/#{dependency.name.downcase}.json",
-            idempotent: true,
-            **SharedHelpers.excon_defaults
-          )
-          return nil unless response.status == 200
-          @packagist_listing = JSON.parse(response.body)
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/php/composer.rb DELETED Viewed

@@ -1,175 +0,0 @@
-# frozen_string_literal: true
-require "excon"
-require "dependabot/update_checkers/base"
-require "dependabot/shared_helpers"
-require "dependabot/errors"
-require "json"
-module Dependabot
-  module UpdateCheckers
-    module Php
-      class Composer < Dependabot::UpdateCheckers::Base
-        require_relative "composer/requirements_updater"
-        require_relative "composer/version_resolver"
-        def latest_version
-          return nil if path_dependency?
-          # Fall back to latest_resolvable_version if no listings found
-          latest_version_from_registry || latest_resolvable_version
-        end
-        def latest_resolvable_version
-          return nil if path_dependency?
-          @latest_resolvable_version ||=
-            VersionResolver.new(
-              credentials: credentials,
-              dependency: dependency,
-              dependency_files: dependency_files,
-              latest_allowable_version: latest_version_from_registry,
-              requirements_to_unlock: :own
-            ).latest_resolvable_version
-        end
-        def latest_resolvable_version_with_no_unlock
-          return nil if path_dependency?
-          @latest_resolvable_version_with_no_unlock ||=
-            VersionResolver.new(
-              credentials: credentials,
-              dependency: dependency,
-              dependency_files: dependency_files,
-              latest_allowable_version: latest_version_from_registry,
-              requirements_to_unlock: :none
-            ).latest_resolvable_version
-        end
-        def updated_requirements
-          RequirementsUpdater.new(
-            requirements: dependency.requirements,
-            latest_version: latest_version&.to_s,
-            latest_resolvable_version: latest_resolvable_version&.to_s,
-            update_strategy: requirements_update_strategy
-          ).updated_requirements
-        end
-        def requirements_update_strategy
-          # If passed in as an option (in the base class) honour that option
-          if @requirements_update_strategy
-            return @requirements_update_strategy.to_sym
-          end
-          # Otherwise, widen ranges for libraries and bump versions for apps
-          library? ? :widen_ranges : :bump_versions_if_necessary
-        end
-        private
-        def latest_version_resolvable_with_full_unlock?
-          # Full unlock checks aren't implemented for Composer (yet)
-          false
-        end
-        def latest_version_from_registry
-          versions =
-            registry_versions.
-            select { |version| version_class.correct?(version.gsub(/^v/, "")) }.
-            map { |version| version_class.new(version.gsub(/^v/, "")) }
-          versions.reject!(&:prerelease?) unless wants_prerelease?
-          versions.reject! { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
-          versions.max
-        end
-        def wants_prerelease?
-          current_version = dependency.version
-          if current_version && version_class.new(current_version).prerelease?
-            return true
-          end
-          dependency.requirements.any? do |req|
-            req[:requirement].match?(/\d-[A-Za-z]/)
-          end
-        end
-        def updated_dependencies_after_full_unlock
-          raise NotImplementedError
-        end
-        def path_dependency?
-          dependency.requirements.any? { |r| r.dig(:source, :type) == "path" }
-        end
-        def composer_file
-          composer_file =
-            dependency_files.find { |f| f.name == "composer.json" }
-          raise "No composer.json!" unless composer_file
-          composer_file
-        end
-        def lockfile
-          dependency_files.find { |f| f.name == "composer.lock" }
-        end
-        def registry_versions
-          return @registry_versions unless @registry_versions.nil?
-          repositories =
-            JSON.parse(composer_file.content).
-            fetch("repositories", []).
-            select { |r| r.is_a?(Hash) }
-          urls = repositories.
-                 select { |h| h["type"] == "composer" }.
-                 map { |h| h["url"] }.compact.
-                 map { |url| url.gsub(%r{\/$}, "") + "/packages.json" }
-          unless repositories.any? { |rep| rep["packagist.org"] == false }
-            urls << "https://packagist.org/p/#{dependency.name.downcase}.json"
-          end
-          @registry_versions = []
-          urls.each do |url|
-            @registry_versions += fetch_registry_versions_from_url(url)
-          end
-          @registry_versions.uniq
-        end
-        def fetch_registry_versions_from_url(url)
-          cred = registry_credentials.find { |c| url.include?(c["registry"]) }
-          response = Excon.get(
-            url,
-            idempotent: true,
-            user: cred&.fetch("username", nil),
-            password: cred&.fetch("password", nil),
-            **SharedHelpers.excon_defaults
-          )
-          return [] unless response.status == 200
-          listing = JSON.parse(response.body)
-          return [] if listing.nil?
-          return [] if listing.fetch("packages", []) == []
-          return [] unless listing.dig("packages", dependency.name.downcase)
-          listing.dig("packages", dependency.name.downcase).keys
-        rescue Excon::Error::Socket, Excon::Error::Timeout
-          []
-        end
-        def library?
-          JSON.parse(composer_file.content)["type"] == "library"
-        end
-        def registry_credentials
-          credentials.select { |cred| cred["type"] == "composer_repository" }
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb DELETED Viewed

@@ -1,258 +0,0 @@
-# frozen_string_literal: true
-################################################################################
-# For more details on Composer version constraints, see:                       #
-# https://getcomposer.org/doc/articles/versions.md#writing-version-constraints #
-################################################################################
-require "dependabot/update_checkers/php/composer"
-require "dependabot/utils/php/version"
-require "dependabot/utils/php/requirement"
-module Dependabot
-  module UpdateCheckers
-    module Php
-      class Composer
-        class RequirementsUpdater
-          ALIAS_REGEX = /[a-z0-9\-_\.]*\sas\s+/.freeze
-          VERSION_REGEX =
-            /(?:#{ALIAS_REGEX})?[0-9]+(?:\.[a-zA-Z0-9*\-]+)*/.freeze
-          AND_SEPARATOR =
-            /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
-          OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
-          SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
-          ALLOWED_UPDATE_STRATEGIES =
-            %i(widen_ranges bump_versions bump_versions_if_necessary).freeze
-          def initialize(requirements:, update_strategy:,
-                         latest_version:, latest_resolvable_version:)
-            @requirements = requirements
-            @update_strategy = update_strategy
-            check_update_strategy
-            if latest_version
-              @latest_version = version_class.new(latest_version)
-            end
-            return unless latest_resolvable_version
-            @latest_resolvable_version =
-              version_class.new(latest_resolvable_version)
-          end
-          def updated_requirements
-            return requirements unless latest_resolvable_version
-            requirements.map { |req| updated_requirement(req) }
-          end
-          private
-          attr_reader :requirements, :update_strategy,
-                      :latest_version, :latest_resolvable_version
-          def check_update_strategy
-            return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
-            raise "Unknown update strategy: #{update_strategy}"
-          end
-          # rubocop:disable Metrics/PerceivedComplexity
-          # rubocop:disable Metrics/CyclomaticComplexity
-          def updated_requirement(req)
-            req_string = req[:requirement].strip
-            or_string_reqs = req_string.split(OR_SEPARATOR)
-            or_separator = req_string.match(OR_SEPARATOR)&.to_s || " || "
-            numeric_or_string_reqs = or_string_reqs.
-                                     reject { |r| r.start_with?("dev-") }
-            branch_or_string_reqs = or_string_reqs.
-                                    select { |r| r.start_with?("dev-") }
-            return req unless req_string.match?(/\d/)
-            return req if numeric_or_string_reqs.none?
-            return updated_alias(req) if req_string.match?(ALIAS_REGEX)
-            return req if req_satisfied_by_latest_resolvable?(req_string) &&
-                          update_strategy != :bump_versions
-            new_req =
-              case update_strategy
-              when :widen_ranges
-                widen_requirement(req, or_separator)
-              when :bump_versions, :bump_versions_if_necessary
-                update_requirement_version(req, or_separator)
-              end
-            new_req_string =
-              [new_req[:requirement], *branch_or_string_reqs].join(or_separator)
-            new_req.merge(requirement: new_req_string)
-          end
-          # rubocop:enable Metrics/PerceivedComplexity
-          # rubocop:enable Metrics/CyclomaticComplexity
-          def updated_alias(req)
-            req_string = req[:requirement]
-            real_version = req_string.split(/\sas\s/).first.strip
-            # If the version we're aliasing isn't a version then we don't know
-            # how to update it, so we just return the existing requirement.
-            return req unless version_class.correct?(real_version)
-            new_version_string = latest_resolvable_version.to_s
-            new_req = req_string.sub(real_version, new_version_string)
-            req.merge(requirement: new_req)
-          end
-          def widen_requirement(req, or_separator)
-            current_requirement = req[:requirement]
-            reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
-            updated_requirement =
-              if reqs.any? { |r| r.start_with?("^") }
-                update_caret_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.start_with?("~") }
-                update_tilda_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.include?("*") }
-                update_wildcard_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
-                update_range_requirement(current_requirement, or_separator)
-              else
-                update_version_string(current_requirement)
-              end
-            req.merge(requirement: updated_requirement)
-          end
-          def update_requirement_version(req, or_separator)
-            current_requirement = req[:requirement]
-            reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
-            updated_requirement =
-              if reqs.count > 1
-                "^#{latest_resolvable_version}"
-              elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
-                update_range_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.match?(/>[^=]/) }
-                current_requirement
-              else
-                update_version_string(current_requirement)
-              end
-            req.merge(requirement: updated_requirement)
-          end
-          def req_satisfied_by_latest_resolvable?(requirement_string)
-            ruby_requirements(requirement_string).
-              any? { |r| r.satisfied_by?(latest_resolvable_version) }
-          end
-          def update_version_string(req_string)
-            req_string.
-              sub(VERSION_REGEX) do |old_version|
-                unless req_string.match?(/[~*\^]/)
-                  next latest_resolvable_version.to_s
-                end
-                old_parts = old_version.split(".")
-                new_parts = latest_resolvable_version.to_s.split(".").
-                            first(old_parts.count)
-                new_parts.map.with_index do |part, i|
-                  old_parts[i] == "*" ? "*" : part
-                end.join(".")
-              end
-          end
-          def ruby_requirements(requirement_string)
-            Utils::Php::Requirement.requirements_array(requirement_string)
-          end
-          def update_caret_requirement(req_string, or_separator)
-            caret_requirements =
-              req_string.split(SEPARATOR).select { |r| r.start_with?("^") }
-            version_parts = latest_resolvable_version.segments
-            min_existing_precision =
-              caret_requirements.map { |r| r.split(".").count }.min
-            first_non_zero_index =
-              version_parts.count.times.find { |i| version_parts[i] != 0 }
-            precision = [min_existing_precision, first_non_zero_index + 1].max
-            version = version_parts.first(precision).map.with_index do |part, i|
-              i <= first_non_zero_index ? part : 0
-            end.join(".")
-            req_string + "#{or_separator}^#{version}"
-          end
-          def update_tilda_requirement(req_string, or_separator)
-            tilda_requirements =
-              req_string.split(SEPARATOR).select { |r| r.start_with?("~") }
-            precision = tilda_requirements.map { |r| r.split(".").count }.min
-            version_parts = latest_resolvable_version.segments.first(precision)
-            version_parts[-1] = 0
-            version = version_parts.join(".")
-            req_string + "#{or_separator}~#{version}"
-          end
-          def update_wildcard_requirement(req_string, or_separator)
-            wildcard_requirements =
-              req_string.split(SEPARATOR).select { |r| r.include?("*") }
-            precision = wildcard_requirements.map do |r|
-              r.split(".").reject { |s| s == "*" }.count
-            end.min
-            wildcard_count = wildcard_requirements.map do |r|
-              r.split(".").select { |s| s == "*" }.count
-            end.min
-            version_parts = latest_resolvable_version.segments.first(precision)
-            version = version_parts.join(".")
-            req_string + "#{or_separator}#{version}#{'.*' * wildcard_count}"
-          end
-          def update_range_requirement(req_string, or_separator)
-            range_requirements =
-              req_string.split(SEPARATOR).select { |r| r.match?(/<|(\s+-\s+)/) }
-            if range_requirements.count == 1
-              range_requirement = range_requirements.first
-              versions = range_requirement.scan(VERSION_REGEX)
-              upper_bound = versions.map { |v| version_class.new(v) }.max
-              new_upper_bound = update_greatest_version(
-                upper_bound,
-                latest_resolvable_version
-              )
-              req_string.sub(upper_bound.to_s, new_upper_bound.to_s)
-            else
-              req_string + "#{or_separator}^#{latest_resolvable_version}"
-            end
-          end
-          def update_greatest_version(old_version, version_to_be_permitted)
-            version = version_class.new(old_version)
-            version = version.release if version.prerelease?
-            index_to_update =
-              version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max
-            version.segments.map.with_index do |_, index|
-              if index < index_to_update
-                version_to_be_permitted.segments[index]
-              elsif index == index_to_update
-                version_to_be_permitted.segments[index] + 1
-              else 0
-              end
-            end.join(".")
-          end
-          def version_class
-            Utils::Php::Version
-          end
-        end
-      end
-    end
-  end
-end