dependabot-core 0.86.17 → 0.86.18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43499cb13c5c2925ba980601df64c7beec419999d81734bb35bdb1a048b6ba73
-  data.tar.gz: 6770f5379b263acc06a436cd31aba9df3e3256432274d3814e3b93239731a992
+  metadata.gz: 3f21bbdf41e2e8d4af7b0dca36eb0936edbb2b3a8caeece17733698c641e44b2
+  data.tar.gz: bf2d55c6e586d4b205b7b9ade1d8cc3cdc8d0f79f9ff2d156c854cffd307d1bf
 SHA512:
-  metadata.gz: 1138a1918a8e11e015cff3f73476220e1bdce23588cffdb4485e481240efc02e931b8be41c9f35c97d9ceb82a7ea72b4684f5bd28e6fa4bcab7eaccdd43a1d58
-  data.tar.gz: 3395b58fd8474ca2d867562aa414b749ef4de60e487a0dea86e2dc402bbee96139e1dce0f0dcb3129eae7fc9e66332708c6071866754a080d03887f1b9a0895a
+  metadata.gz: '01106807ae7db8c7e7fdc081bd62b67d51c2a492c566c037b6d9c01b49a219f5bec5574d5cb6a0ef67e41157e853408dd750030a437274655bfd81c7c7606772'
+  data.tar.gz: c026e17253882ab49466c5ea32a5d0116ea4820573bd389a15c9a40db4bd765f6c450a3e3388633e89945794a6508898eb62b3efdf8e89fbe5d6d40ab7df19b4

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.86.18, 30 December 2018
+
+- PHP: Handle > requirements correctly when bumping versions
+- PHP: Add widen_ranges update strategy to PHP
+- PHP: Allow update strategy to be passed as an option
+
 ## v0.86.17, 27 December 2018
 
 - Add ext-sqlite3 support for PHP by adding in Dockerfile

data/helpers/npm/package.json

@@ -8,7 +8,7 @@
   },
   "devDependencies": {
     "eslint": "5.11.1",
-    "eslint-plugin-prettier": "3.0.0",
+    "eslint-plugin-prettier": "3.0.1",
     "fs-extra": "7.0.1",
     "jest": "23.6.0",
     "nock": "10.0.5",

data/helpers/npm/yarn.lock

@@ -1453,10 +1453,10 @@ escodegen@^1.9.0:
   optionalDependencies:
     source-map "~0.6.1"
 
-eslint-plugin-prettier@3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.0.tgz#f6b823e065f8c36529918cdb766d7a0e975ec30c"
-  integrity sha512-4g11opzhqq/8+AMmo5Vc2Gn7z9alZ4JqrbZ+D4i8KlSyxeQhZHlmIrY8U9Akf514MoEhogPa87Jgkq87aZ2Ohw==
+eslint-plugin-prettier@3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.1.tgz#19d521e3981f69dd6d14f64aec8c6a6ac6eb0b0d"
+  integrity sha512-/PMttrarPAY78PLvV3xfWibMOdMDl57hmlQ2XqFeA37wd+CJ7WSxV7txqjVPHi/AAFKd2lX0ZqfsOc/i5yFCSQ==
   dependencies:
     prettier-linter-helpers "^1.0.0"
 

data/helpers/yarn/package.json

@@ -8,7 +8,7 @@
   },
   "devDependencies": {
     "eslint": "5.11.1",
-    "eslint-plugin-prettier": "3.0.0",
+    "eslint-plugin-prettier": "3.0.1",
     "fs-extra": "7.0.1",
     "jest": "23.6.0",
     "nock": "10.0.5",

data/helpers/yarn/yarn.lock

@@ -1256,10 +1256,10 @@ escodegen@^1.9.0:
   optionalDependencies:
     source-map "~0.5.6"
 
-eslint-plugin-prettier@3.0.0:
-  version "3.0.0"
-  resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.0.tgz#f6b823e065f8c36529918cdb766d7a0e975ec30c"
-  integrity sha512-4g11opzhqq/8+AMmo5Vc2Gn7z9alZ4JqrbZ+D4i8KlSyxeQhZHlmIrY8U9Akf514MoEhogPa87Jgkq87aZ2Ohw==
+eslint-plugin-prettier@3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-prettier/-/eslint-plugin-prettier-3.0.1.tgz#19d521e3981f69dd6d14f64aec8c6a6ac6eb0b0d"
+  integrity sha512-/PMttrarPAY78PLvV3xfWibMOdMDl57hmlQ2XqFeA37wd+CJ7WSxV7txqjVPHi/AAFKd2lX0ZqfsOc/i5yFCSQ==
   dependencies:
     prettier-linter-helpers "^1.0.0"
 

data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb

@@ -21,11 +21,15 @@ module Dependabot
             /(?<=[a-zA-Z0-9*])(?<!\sas)[\s,]+(?![\s,]*[|-]|as)/.freeze
           OR_SEPARATOR = /(?<=[a-zA-Z0-9*])[\s,]*\|\|?\s*/.freeze
           SEPARATOR = /(?:#{AND_SEPARATOR})|(?:#{OR_SEPARATOR})/.freeze
+          ALLOWED_UPDATE_STRATEGIES =
+            %i(widen_ranges bump_versions bump_versions_if_necessary).freeze
 
-          def initialize(requirements:, library:,
+          def initialize(requirements:, update_strategy:,
                          latest_version:, latest_resolvable_version:)
             @requirements = requirements
-            @library = library
+            @update_strategy = update_strategy
+
+            check_update_strategy
 
             if latest_version
               @latest_version = version_class.new(latest_version)
@@ -45,9 +49,17 @@ module Dependabot
 
           private
 
-          attr_reader :requirements, :latest_version, :latest_resolvable_version
+          attr_reader :requirements, :update_strategy,
+                      :latest_version, :latest_resolvable_version
+
+          def check_update_strategy
+            return if ALLOWED_UPDATE_STRATEGIES.include?(update_strategy)
+
+            raise "Unknown update strategy: #{update_strategy}"
+          end
 
           # rubocop:disable Metrics/PerceivedComplexity
+          # rubocop:disable Metrics/CyclomaticComplexity
           def updated_requirement(req)
             req_string = req[:requirement].strip
             or_string_reqs = req_string.split(OR_SEPARATOR)
@@ -60,11 +72,15 @@ module Dependabot
             return req unless req_string.match?(/\d/)
             return req if numeric_or_string_reqs.none?
             return updated_alias(req) if req_string.match?(ALIAS_REGEX)
-            return req if req_satisfied_by_latest_resolvable?(req_string)
+            return req if req_satisfied_by_latest_resolvable?(req_string) &&
+                          update_strategy != :bump_versions
 
             new_req =
-              if library? then updated_library_requirement(req, or_separator)
-              else updated_app_requirement(req, or_separator)
+              case update_strategy
+              when :widen_ranges
+                widen_requirement(req, or_separator)
+              when :bump_versions, :bump_versions_if_necessary
+                update_requirement_version(req, or_separator)
               end
 
             new_req_string =
@@ -72,6 +88,7 @@ module Dependabot
             new_req.merge(requirement: new_req_string)
           end
           # rubocop:enable Metrics/PerceivedComplexity
+          # rubocop:enable Metrics/CyclomaticComplexity
 
           def updated_alias(req)
             req_string = req[:requirement]
@@ -86,17 +103,17 @@ module Dependabot
             req.merge(requirement: new_req)
           end
 
-          def library?
-            @library
-          end
-
-          def updated_app_requirement(req, or_separator)
+          def widen_requirement(req, or_separator)
             current_requirement = req[:requirement]
             reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
 
             updated_requirement =
-              if reqs.count > 1
-                "^#{latest_resolvable_version}"
+              if reqs.any? { |r| r.start_with?("^") }
+                update_caret_requirement(current_requirement, or_separator)
+              elsif reqs.any? { |r| r.start_with?("~") }
+                update_tilda_requirement(current_requirement, or_separator)
+              elsif reqs.any? { |r| r.include?("*") }
+                update_wildcard_requirement(current_requirement, or_separator)
               elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
                 update_range_requirement(current_requirement, or_separator)
               else
@@ -106,19 +123,17 @@ module Dependabot
             req.merge(requirement: updated_requirement)
           end
 
-          def updated_library_requirement(req, or_separator)
+          def update_requirement_version(req, or_separator)
             current_requirement = req[:requirement]
             reqs = current_requirement.strip.split(SEPARATOR).map(&:strip)
 
             updated_requirement =
-              if reqs.any? { |r| r.start_with?("^") }
-                update_caret_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.start_with?("~") }
-                update_tilda_requirement(current_requirement, or_separator)
-              elsif reqs.any? { |r| r.include?("*") }
-                update_wildcard_requirement(current_requirement, or_separator)
+              if reqs.count > 1
+                "^#{latest_resolvable_version}"
               elsif reqs.any? { |r| r.match?(/<|(\s+-\s+)/) }
                 update_range_requirement(current_requirement, or_separator)
+              elsif reqs.any? { |r| r.match?(/>[^=]/) }
+                current_requirement
               else
                 update_version_string(current_requirement)
               end

data/lib/dependabot/update_checkers/php/composer.rb

@@ -52,10 +52,20 @@ module Dependabot
             requirements: dependency.requirements,
             latest_version: latest_version&.to_s,
             latest_resolvable_version: latest_resolvable_version&.to_s,
-            library: library?
+            update_strategy: requirements_update_strategy
           ).updated_requirements
         end
 
+        def requirements_update_strategy
+          # If passed in as an option (in the base class) honour that option
+          if @requirements_update_strategy
+            return @requirements_update_strategy.to_sym
+          end
+
+          # Otherwise, widen ranges for libraries and bump versions for apps
+          library? ? :widen_ranges : :bump_versions_if_necessary
+        end
+
         private
 
         def latest_version_resolvable_with_full_unlock?

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.86.17"
+  VERSION = "0.86.18"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.86.17
+  version: 0.86.18
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-27 00:00:00.000000000 Z
+date: 2018-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr