dependabot-core 0.88.3 → 0.89.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0e6c6a4759ea4d2d3cae2b28e1a8d8b5202e6842ef2691c86c7788de550a87c
-  data.tar.gz: e505e0c88738581c8829796ac9257b525a605c1f983030ad1b21e08f0ea6949a
+  metadata.gz: d2ca034df04f9743dedbff69bb879866ab4c742ade532c0f47943d890758b8dd
+  data.tar.gz: c0fa023b23be7ca8d530c1fbb53944b45653931b379ac60ebf9b438a8fc73acd
 SHA512:
-  metadata.gz: 36fb8a79be75b4291cf6db404328558ab9ad2d0a2cdea5f0df79071ac6fde7da4aaa148faf7680c53b3d80a155b7985e382def88cdf5b7f3767e583b2de2384a
-  data.tar.gz: 5297ce846d69eff52cc593a38e5690a760a529037379c71f282dfba6f21d77557016dabefa587e016df892b3b42a08eb1178a641a403d735fa8aa8546e2014df
+  metadata.gz: ab0c26c03ee079d6efa7ac92b28be5f86bb1ed7eda16a8e803092aa239cf7901f2134a4b1b5008b8b880891ecaa46f4966f3466be020264dc54c003a4def5ab7
+  data.tar.gz: aae500ba23f524f503c8f22273f7d1d079f1adf0a1ae474fa5c3e793f95f5ff4c4abfa06eb52d9c9098a7718b20396720ebf35c2170bbabab701bccfb0c25a79

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v0.89.0, 11 January 2019
+
+- PHP reorg
+- Change subprocess IO.popen to Open3.capture2
+- Add error context when helper subprocesses fail
+
 ## v0.88.3, 10 January 2019
 
 - Ruby: Add Ruby 2.6.0 to list of rubies in RubyRequirementSetter

data/helpers/test/run.rb

@@ -7,6 +7,9 @@ case request["function"]
 when "error"
   $stdout.write(JSON.dump(error: "Something went wrong"))
   exit 1
+when "useful_error"
+  $stderr.write("Some useful error")
+  exit 1
 when "hard_error"
   puts "Oh no!"
   exit 0

data/lib/dependabot/file_fetchers.rb

@@ -2,7 +2,6 @@
 
 require "dependabot/file_fetchers/ruby/bundler"
 require "dependabot/file_fetchers/java_script/npm_and_yarn"
-require "dependabot/file_fetchers/php/composer"
 require "dependabot/file_fetchers/go/dep"
 
 module Dependabot
@@ -10,7 +9,6 @@ module Dependabot
     @file_fetchers = {
       "bundler" => FileFetchers::Ruby::Bundler,
       "npm_and_yarn" => FileFetchers::JavaScript::NpmAndYarn,
-      "composer" => FileFetchers::Php::Composer,
       "dep" => FileFetchers::Go::Dep
     }
 

data/lib/dependabot/file_parsers.rb

@@ -2,7 +2,6 @@
 
 require "dependabot/file_parsers/ruby/bundler"
 require "dependabot/file_parsers/java_script/npm_and_yarn"
-require "dependabot/file_parsers/php/composer"
 require "dependabot/file_parsers/go/dep"
 
 module Dependabot
@@ -10,7 +9,6 @@ module Dependabot
     @file_parsers = {
       "bundler" => FileParsers::Ruby::Bundler,
       "npm_and_yarn" => FileParsers::JavaScript::NpmAndYarn,
-      "composer" => FileParsers::Php::Composer,
       "dep" => FileParsers::Go::Dep
     }
 

data/lib/dependabot/file_updaters.rb

@@ -2,7 +2,6 @@
 
 require "dependabot/file_updaters/ruby/bundler"
 require "dependabot/file_updaters/java_script/npm_and_yarn"
-require "dependabot/file_updaters/php/composer"
 require "dependabot/file_updaters/go/dep"
 
 module Dependabot
@@ -10,7 +9,6 @@ module Dependabot
     @file_updaters = {
       "bundler" => FileUpdaters::Ruby::Bundler,
       "npm_and_yarn" => FileUpdaters::JavaScript::NpmAndYarn,
-      "composer" => FileUpdaters::Php::Composer,
       "dep" => FileUpdaters::Go::Dep
     }
 

data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "toml-rb"
-
+require "open3"
 require "dependabot/shared_helpers"
 require "dependabot/dependency_file"
 require "dependabot/file_updaters/go/dep"
@@ -51,18 +51,21 @@ module Dependabot
           attr_reader :dependencies, :dependency_files, :credentials
 
           def run_shell_command(command, env = {})
-            raw_response = nil
-            IO.popen(env, command, err: %i(child out)) do |process|
-              raw_response = process.read
-            end
+            start = Time.now
+            stdout, process = Open3.capture2e(env, command)
+            time_taken = start - Time.now
 
             # Raise an error with the output from the shell session if dep
             # returns a non-zero status
-            return if $CHILD_STATUS.success?
+            return if process.success?
 
             raise SharedHelpers::HelperSubprocessFailed.new(
-              raw_response,
-              command
+              message: stdout,
+              error_context: {
+                command: command,
+                time_taken: time_taken,
+                process_exit_value: process.to_s
+              }
             )
           end
 

data/lib/dependabot/metadata_finders.rb

@@ -2,7 +2,6 @@
 
 require "dependabot/metadata_finders/ruby/bundler"
 require "dependabot/metadata_finders/java_script/npm_and_yarn"
-require "dependabot/metadata_finders/php/composer"
 require "dependabot/metadata_finders/go/dep"
 
 module Dependabot
@@ -10,7 +9,6 @@ module Dependabot
     @metadata_finders = {
       "bundler" => MetadataFinders::Ruby::Bundler,
       "npm_and_yarn" => MetadataFinders::JavaScript::NpmAndYarn,
-      "composer" => MetadataFinders::Php::Composer,
       "dep" => MetadataFinders::Go::Dep
     }
 

data/lib/dependabot/shared_helpers.rb

@@ -5,6 +5,7 @@ require "tmpdir"
 require "excon"
 require "English"
 require "digest"
+require "open3"
 
 module Dependabot
   module SharedHelpers
@@ -62,34 +63,51 @@ module Dependabot
     end
 
     class HelperSubprocessFailed < StandardError
-      def initialize(message, command)
+      def initialize(message:, error_context:)
         super(message)
-        @command = command
+        @error_context = error_context
+        @command = error_context[:command]
       end
 
       def raven_context
-        { fingerprint: [@command] }
+        { fingerprint: [@command], extra: @error_context }
       end
     end
 
     def self.run_helper_subprocess(command:, function:, args:, env: nil,
-                                   popen_opts: {})
-      raw_response = nil
-      popen_args = [env, command, "w+"].compact
-      IO.popen(*popen_args, popen_opts) do |process|
-        process.write(JSON.dump(function: function, args: args))
-        process.close_write
-        raw_response = process.read
-      end
+                                   stderr_to_stdout: false)
+      start = Time.now
+      stdin_data = JSON.dump(function: function, args: args)
+      env_cmd = [env, command].compact
+      stdout, stderr, process = Open3.capture3(*env_cmd, stdin_data: stdin_data)
+      time_taken = Time.now - start
+
+      # Some package managers output useful stuff to stderr instead of stdout so
+      # we want to parse this, most package manager will output garbage here so
+      # would mess up json response from stdout
+      stdout = "#{stderr}\n#{stdout}" if stderr_to_stdout
+
+      error_context = {
+        command: command,
+        function: function,
+        args: args,
+        time_taken: time_taken,
+        stderr_output: stderr ? stderr[0..50_000] : "", # Truncate to ~100kb
+        process_exit_value: process.to_s
+      }
 
-      response = JSON.parse(raw_response)
-      return response["result"] if $CHILD_STATUS.success?
+      response = JSON.parse(stdout)
+      return response["result"] if process.success?
 
-      raise HelperSubprocessFailed.new(response["error"], command)
+      raise HelperSubprocessFailed.new(
+        message: response["error"],
+        error_context: error_context
+      )
     rescue JSON::ParserError
-      raise HelperSubprocessFailed.new(raw_response, command) if raw_response
-
-      raise HelperSubprocessFailed.new("No output from command", command)
+      raise HelperSubprocessFailed.new(
+        message: stdout || "No output from command",
+        error_context: error_context
+      )
     end
 
     def self.excon_middleware
@@ -183,18 +201,23 @@ module Dependabot
     end
 
     def self.run_shell_command(command)
-      raw_response = nil
-      IO.popen(command, err: %i(child out)) do |process|
-        raw_response = process.read
-      end
+      start = Time.now
+      stdout, process = Open3.capture2e(command)
+      time_taken = start - Time.now
 
       # Raise an error with the output from the shell session if the
       # command returns a non-zero status
-      return if $CHILD_STATUS.success?
+      return if process.success?
+
+      error_context = {
+        command: command,
+        time_taken: time_taken,
+        process_exit_value: process.to_s
+      }
 
       raise SharedHelpers::HelperSubprocessFailed.new(
-        raw_response,
-        command
+        message: stdout,
+        error_context: error_context
       )
     end
   end

data/lib/dependabot/update_checkers.rb

@@ -2,7 +2,6 @@
 
 require "dependabot/update_checkers/ruby/bundler"
 require "dependabot/update_checkers/java_script/npm_and_yarn"
-require "dependabot/update_checkers/php/composer"
 require "dependabot/update_checkers/go/dep"
 
 module Dependabot
@@ -10,7 +9,6 @@ module Dependabot
     @update_checkers = {
       "bundler" => UpdateCheckers::Ruby::Bundler,
       "npm_and_yarn" => UpdateCheckers::JavaScript::NpmAndYarn,
-      "composer" => UpdateCheckers::Php::Composer,
       "dep" => UpdateCheckers::Go::Dep
     }
 

data/lib/dependabot/update_checkers/go/dep/version_resolver.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "toml-rb"
+require "open3"
 require "dependabot/shared_helpers"
 require "dependabot/update_checkers/go/dep"
 require "dependabot/errors"
@@ -94,18 +95,21 @@ module Dependabot
           end
 
           def run_shell_command(command, env = {})
-            raw_response = nil
-            IO.popen(env, command, err: %i(child out)) do |process|
-              raw_response = process.read
-            end
+            start = Time.now
+            stdout, process = Open3.capture2e(env, command)
+            time_taken = start - Time.now
 
             # Raise an error with the output from the shell session if dep
             # returns a non-zero status
-            return if $CHILD_STATUS.success?
+            return if process.success?
 
             raise SharedHelpers::HelperSubprocessFailed.new(
-              raw_response,
-              command
+              message: stdout,
+              error_context: {
+                command: command,
+                time_taken: time_taken,
+                process_exit_value: process.to_s
+              }
             )
           end
 

data/lib/dependabot/utils.rb

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
 
 require "dependabot/utils/java_script/version"
-require "dependabot/utils/php/version"
 require "dependabot/utils/go/version"
 
 require "dependabot/utils/java_script/requirement"
-require "dependabot/utils/php/requirement"
 require "dependabot/utils/ruby/requirement"
 require "dependabot/utils/go/requirement"
 
@@ -18,7 +16,6 @@ module Dependabot
       "submodules" => Gem::Version,
       "docker" => Gem::Version,
       "npm_and_yarn" => Utils::JavaScript::Version,
-      "composer" => Utils::Php::Version,
       "dep" => Utils::Go::Version
     }
 
@@ -38,7 +35,6 @@ module Dependabot
       "submodules" => Utils::Ruby::Requirement,
       "docker" => Utils::Ruby::Requirement,
       "npm_and_yarn" => Utils::JavaScript::Requirement,
-      "composer" => Utils::Php::Requirement,
       "dep" => Utils::Go::Requirement
     }
 

data/lib/dependabot/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dependabot
-  VERSION = "0.88.3"
+  VERSION = "0.89.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-core
 version: !ruby/object:Gem::Version
-  version: 0.88.3
+  version: 0.89.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-10 00:00:00.000000000 Z
+date: 2019-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ecr
@@ -318,18 +318,6 @@ files:
 - helpers/npm/test/helpers.js
 - helpers/npm/test/updater.test.js
 - helpers/npm/yarn.lock
-- helpers/php/.php_cs
-- helpers/php/bin/run.php
-- helpers/php/composer.json
-- helpers/php/composer.lock
-- helpers/php/composer.phar
-- helpers/php/setup.sh
-- helpers/php/src/DependabotInstallationManager.php
-- helpers/php/src/DependabotPluginManager.php
-- helpers/php/src/ExceptionIO.php
-- helpers/php/src/Hasher.php
-- helpers/php/src/UpdateChecker.php
-- helpers/php/src/Updater.php
 - helpers/test/run.rb
 - helpers/utils/git-credential-store-immutable
 - helpers/yarn/.eslintrc
@@ -368,7 +356,6 @@ files:
 - lib/dependabot/file_fetchers/go/dep.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb
 - lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb
-- lib/dependabot/file_fetchers/php/composer.rb
 - lib/dependabot/file_fetchers/ruby/bundler.rb
 - lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb
 - lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb
@@ -379,7 +366,6 @@ files:
 - lib/dependabot/file_parsers/base/dependency_set.rb
 - lib/dependabot/file_parsers/go/dep.rb
 - lib/dependabot/file_parsers/java_script/npm_and_yarn.rb
-- lib/dependabot/file_parsers/php/composer.rb
 - lib/dependabot/file_parsers/ruby/bundler.rb
 - lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb
 - lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb
@@ -395,9 +381,6 @@ files:
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb
 - lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb
-- lib/dependabot/file_updaters/php/composer.rb
-- lib/dependabot/file_updaters/php/composer/lockfile_updater.rb
-- lib/dependabot/file_updaters/php/composer/manifest_updater.rb
 - lib/dependabot/file_updaters/ruby/bundler.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb
 - lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb
@@ -417,7 +400,6 @@ files:
 - lib/dependabot/metadata_finders/base/release_finder.rb
 - lib/dependabot/metadata_finders/go/dep.rb
 - lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb
-- lib/dependabot/metadata_finders/php/composer.rb
 - lib/dependabot/metadata_finders/ruby/bundler.rb
 - lib/dependabot/pull_request_creator.rb
 - lib/dependabot/pull_request_creator/branch_namer.rb
@@ -445,9 +427,6 @@ files:
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb
 - lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb
-- lib/dependabot/update_checkers/php/composer.rb
-- lib/dependabot/update_checkers/php/composer/requirements_updater.rb
-- lib/dependabot/update_checkers/php/composer/version_resolver.rb
 - lib/dependabot/update_checkers/ruby/bundler.rb
 - lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb
 - lib/dependabot/update_checkers/ruby/bundler/force_updater.rb
@@ -463,8 +442,6 @@ files:
 - lib/dependabot/utils/go/version.rb
 - lib/dependabot/utils/java_script/requirement.rb
 - lib/dependabot/utils/java_script/version.rb
-- lib/dependabot/utils/php/requirement.rb
-- lib/dependabot/utils/php/version.rb
 - lib/dependabot/utils/ruby/requirement.rb
 - lib/dependabot/version.rb
 - lib/rubygems_version_patch.rb

data/helpers/php/.php_cs

@@ -1,34 +0,0 @@
-<?php
-
-$finder = PhpCsFixer\Finder::create()
-    ->in(__DIR__ . '/src')
-    ->in(__DIR__ . '/bin');
-
-return PhpCsFixer\Config::create()
-    ->setRules([
-        '@Symfony' => true,
-        'array_syntax' => ['syntax' => 'short'],
-        'blank_line_after_opening_tag' => true,
-        'concat_space' => ['spacing' => 'one'],
-        'declare_strict_types' => true,
-        'increment_style' => ['style' => 'post'],
-        'is_null' => ['use_yoda_style' => false],
-        'list_syntax' => ['syntax' => 'short'],
-        'method_argument_space' => ['ensure_fully_multiline' => true],
-        'modernize_types_casting' => true,
-        'no_multiline_whitespace_before_semicolons' => true,
-        'no_useless_else' => true,
-        'no_useless_return' => true,
-        'ordered_imports' => true,
-        'phpdoc_align' => false,
-        'phpdoc_order' => true,
-        'php_unit_construct' => true,
-        'php_unit_dedicate_assert' => true,
-        'single_line_comment_style' => true,
-        'ternary_to_null_coalescing' => true,
-        'yoda_style' => false,
-        'void_return' => true,
-    ])
-    ->setFinder($finder)
-    ->setUsingCache(true)
-    ->setRiskyAllowed(true);