From 2eea6cccad3d891e41fa5944265cc76b1084cebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Thu, 12 Dec 2024 21:16:01 +0100 Subject: [PATCH 01/17] Fix unsupported PNPM error message (#10094) PNPM 9 is now supported. Co-authored-by: Jeff Widman --- npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb index 199d7c828f..6b146d6143 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb @@ -509,7 +509,7 @@ def raise_if_unsupported!(name, version) return unless name == PNPMPackageManager::NAME return unless Version.new(version) < Version.new("7") - raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*") + raise ToolVersionNotSupported.new(PNPMPackageManager::NAME.upcase, version, "7.*, 8.*, 9.*") end sig { params(name: String, version: T.nilable(String)).void } From 83a4aab485f51534e76c9f2d3017063d9bb172f6 Mon Sep 17 00:00:00 2001 From: Noorul Islam K M Date: Fri, 13 Dec 2024 02:54:38 +0530 Subject: [PATCH 02/17] Bump poetry version from 1.8.3 to 1.8.5 (#11107) --- python/helpers/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt index 5c3cdeebc5..206e2cbb3e 100644 --- a/python/helpers/requirements.txt +++ b/python/helpers/requirements.txt @@ -4,7 +4,7 @@ flake8==7.1.0 hashin==1.0.1 pipenv==2024.0.2 plette==2.1.0 -poetry==1.8.3 +poetry==1.8.5 # TODO: Replace 3p package `toml` with 3.11's new stdlib `tomllib` once we drop support for Python 3.10. toml==0.10.2 From 066d49cd9114d8db9418020d47791ea765e82bb3 Mon Sep 17 00:00:00 2001 From: Dmitrii Korzhimanov <52735121+HrMathematiker@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:43:09 +0100 Subject: [PATCH 03/17] Support Python 3.12.7 (#10831) --- python/Dockerfile | 2 +- python/lib/dependabot/python/language_version_manager.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/Dockerfile b/python/Dockerfile index 7729665d28..884cecb81a 100644 --- a/python/Dockerfile +++ b/python/Dockerfile @@ -1,6 +1,6 @@ # This list must match the versions specified in # python/lib/dependabot/python/language_version_manager.rb: PRE_INSTALLED_PYTHON_VERSIONS -ARG PY_3_12=3.12.5 +ARG PY_3_12=3.12.7 ARG PY_3_11=3.11.9 ARG PY_3_10=3.10.15 ARG PY_3_9=3.9.18 diff --git a/python/lib/dependabot/python/language_version_manager.rb b/python/lib/dependabot/python/language_version_manager.rb index 4bad712e78..df9c639022 100644 --- a/python/lib/dependabot/python/language_version_manager.rb +++ b/python/lib/dependabot/python/language_version_manager.rb @@ -9,7 +9,7 @@ module Python class LanguageVersionManager # This list must match the versions specified at the top of `python/Dockerfile` PRE_INSTALLED_PYTHON_VERSIONS = %w( - 3.12.5 + 3.12.7 3.11.9 3.10.15 3.9.18 From 0d0bcaa3c4c3cd7a4a4d351f964bb2d8c6fb5eae Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Thu, 12 Dec 2024 16:57:38 -0700 Subject: [PATCH 04/17] Bump pnpm to 9.15.0 (#11114) I'm debugging a `pnpm`-related issue and noticed we're a few versions behind... let's get caught up to pickup any upstream bugfixes. --- npm_and_yarn/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/npm_and_yarn/Dockerfile b/npm_and_yarn/Dockerfile index d682fcf8c5..b31f69fc4c 100644 --- a/npm_and_yarn/Dockerfile +++ b/npm_and_yarn/Dockerfile @@ -4,7 +4,7 @@ FROM ghcr.io/dependabot/dependabot-updater-core ARG COREPACK_VERSION=0.24.0 # Check for updates at https://github.com/pnpm/pnpm/releases -ARG PNPM_VERSION=9.4.0 +ARG PNPM_VERSION=9.15.0 # Check for updates at https://github.com/yarnpkg/berry/releases ARG YARN_VERSION=4.1.1 From 38b1137b79142cf40dced9df8a25e569dffb550f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 00:02:02 +0000 Subject: [PATCH 05/17] Bump symfony/process from 5.4.40 to 5.4.47 in /composer/helpers/v2 (#11117) Bumps [symfony/process](https://github.com/symfony/process) from 5.4.40 to 5.4.47. - [Release notes](https://github.com/symfony/process/releases) - [Changelog](https://github.com/symfony/process/blob/7.2/CHANGELOG.md) - [Commits](https://github.com/symfony/process/compare/v5.4.40...v5.4.47) --- updated-dependencies: - dependency-name: symfony/process dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer/helpers/v2/composer.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/composer/helpers/v2/composer.lock b/composer/helpers/v2/composer.lock index b9eb43fad3..1aeeaa37ce 100644 --- a/composer/helpers/v2/composer.lock +++ b/composer/helpers/v2/composer.lock @@ -1742,26 +1742,26 @@ }, { "name": "symfony/polyfill-php80", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b" + "reference": "60328e362d4c2c802a54fcbf04f9d3fb892b4cf8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", - "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/60328e362d4c2c802a54fcbf04f9d3fb892b4cf8", + "reference": "60328e362d4c2c802a54fcbf04f9d3fb892b4cf8", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1802,7 +1802,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.31.0" }, "funding": [ { @@ -1818,7 +1818,7 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-php81", @@ -1898,16 +1898,16 @@ }, { "name": "symfony/process", - "version": "v5.4.40", + "version": "v5.4.47", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "deedcb3bb4669cae2148bc920eafd2b16dc7c046" + "reference": "5d1662fb32ebc94f17ddb8d635454a776066733d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/deedcb3bb4669cae2148bc920eafd2b16dc7c046", - "reference": "deedcb3bb4669cae2148bc920eafd2b16dc7c046", + "url": "https://api.github.com/repos/symfony/process/zipball/5d1662fb32ebc94f17ddb8d635454a776066733d", + "reference": "5d1662fb32ebc94f17ddb8d635454a776066733d", "shasum": "" }, "require": { @@ -1940,7 +1940,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v5.4.40" + "source": "https://github.com/symfony/process/tree/v5.4.47" }, "funding": [ { @@ -1956,7 +1956,7 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:33:22+00:00" + "time": "2024-11-06T11:36:42+00:00" }, { "name": "symfony/service-contracts", From 5b3381fa8ff418fd4fbc616320603c37e0c2439d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 00:07:37 +0000 Subject: [PATCH 06/17] Bump friendsofphp/php-cs-fixer (#11034) Bumps the dev-dependencies group with 1 update in the /composer/helpers/v2 directory: [friendsofphp/php-cs-fixer](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer). Updates `friendsofphp/php-cs-fixer` from 3.54.0 to 3.65.0 - [Release notes](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases) - [Changelog](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/blob/master/CHANGELOG.md) - [Commits](https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/compare/v3.54.0...v3.65.0) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer/helpers/v2/composer.lock | 915 +++++++++++++++++++++++++----- 1 file changed, 777 insertions(+), 138 deletions(-) diff --git a/composer/helpers/v2/composer.lock b/composer/helpers/v2/composer.lock index 1aeeaa37ce..1865a48df5 100644 --- a/composer/helpers/v2/composer.lock +++ b/composer/helpers/v2/composer.lock @@ -411,24 +411,24 @@ }, { "name": "composer/semver", - "version": "3.4.0", + "version": "3.4.3", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "35e8d0af4486141bc745f23a29cc2091eb624a32" + "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/35e8d0af4486141bc745f23a29cc2091eb624a32", - "reference": "35e8d0af4486141bc745f23a29cc2091eb624a32", + "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", + "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^1.4", - "symfony/phpunit-bridge": "^4.2 || ^5" + "phpstan/phpstan": "^1.11", + "symfony/phpunit-bridge": "^3 || ^7" }, "type": "library", "extra": { @@ -472,7 +472,7 @@ "support": { "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.4.0" + "source": "https://github.com/composer/semver/tree/3.4.3" }, "funding": [ { @@ -488,7 +488,7 @@ "type": "tidelift" } ], - "time": "2023-08-31T09:50:34+00:00" + "time": "2024-09-19T14:15:21+00:00" }, { "name": "composer/spdx-licenses", @@ -1052,16 +1052,16 @@ }, { "name": "symfony/console", - "version": "v5.4.40", + "version": "v5.4.47", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "aa73115c0c24220b523625bfcfa655d7d73662dd" + "reference": "c4ba980ca61a9eb18ee6bcc73f28e475852bb1ed" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/aa73115c0c24220b523625bfcfa655d7d73662dd", - "reference": "aa73115c0c24220b523625bfcfa655d7d73662dd", + "url": "https://api.github.com/repos/symfony/console/zipball/c4ba980ca61a9eb18ee6bcc73f28e475852bb1ed", + "reference": "c4ba980ca61a9eb18ee6bcc73f28e475852bb1ed", "shasum": "" }, "require": { @@ -1131,7 +1131,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v5.4.40" + "source": "https://github.com/symfony/console/tree/v5.4.47" }, "funding": [ { @@ -1147,20 +1147,20 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:33:22+00:00" + "time": "2024-11-06T11:30:55+00:00" }, { "name": "symfony/deprecation-contracts", - "version": "v2.5.3", + "version": "v2.5.4", "source": { "type": "git", "url": "https://github.com/symfony/deprecation-contracts.git", - "reference": "80d075412b557d41002320b96a096ca65aa2c98d" + "reference": "605389f2a7e5625f273b53960dc46aeaf9c62918" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/80d075412b557d41002320b96a096ca65aa2c98d", - "reference": "80d075412b557d41002320b96a096ca65aa2c98d", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/605389f2a7e5625f273b53960dc46aeaf9c62918", + "reference": "605389f2a7e5625f273b53960dc46aeaf9c62918", "shasum": "" }, "require": { @@ -1198,7 +1198,7 @@ "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.3" + "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.4" }, "funding": [ { @@ -1214,20 +1214,20 @@ "type": "tidelift" } ], - "time": "2023-01-24T14:02:46+00:00" + "time": "2024-09-25T14:11:13+00:00" }, { "name": "symfony/filesystem", - "version": "v5.4.40", + "version": "v5.4.45", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "26dd9912df6940810ea00f8f53ad48d6a3424995" + "reference": "57c8294ed37d4a055b77057827c67f9558c95c54" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/26dd9912df6940810ea00f8f53ad48d6a3424995", - "reference": "26dd9912df6940810ea00f8f53ad48d6a3424995", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/57c8294ed37d4a055b77057827c67f9558c95c54", + "reference": "57c8294ed37d4a055b77057827c67f9558c95c54", "shasum": "" }, "require": { @@ -1265,7 +1265,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v5.4.40" + "source": "https://github.com/symfony/filesystem/tree/v5.4.45" }, "funding": [ { @@ -1281,20 +1281,20 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:33:22+00:00" + "time": "2024-10-22T13:05:35+00:00" }, { "name": "symfony/finder", - "version": "v5.4.40", + "version": "v5.4.45", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "f51cff4687547641c7d8180d74932ab40b2205ce" + "reference": "63741784cd7b9967975eec610b256eed3ede022b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/f51cff4687547641c7d8180d74932ab40b2205ce", - "reference": "f51cff4687547641c7d8180d74932ab40b2205ce", + "url": "https://api.github.com/repos/symfony/finder/zipball/63741784cd7b9967975eec610b256eed3ede022b", + "reference": "63741784cd7b9967975eec610b256eed3ede022b", "shasum": "" }, "require": { @@ -1328,7 +1328,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v5.4.40" + "source": "https://github.com/symfony/finder/tree/v5.4.45" }, "funding": [ { @@ -1344,24 +1344,24 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:33:22+00:00" + "time": "2024-09-28T13:32:08+00:00" }, { "name": "symfony/polyfill-ctype", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4" + "reference": "a3cc8b044a6ea513310cbd48ef7333b384945638" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638", + "reference": "a3cc8b044a6ea513310cbd48ef7333b384945638", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "provide": { "ext-ctype": "*" @@ -1372,8 +1372,8 @@ "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1407,7 +1407,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.31.0" }, "funding": [ { @@ -1423,24 +1423,24 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-intl-grapheme", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-grapheme.git", - "reference": "32a9da87d7b3245e09ac426c83d334ae9f06f80f" + "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/32a9da87d7b3245e09ac426c83d334ae9f06f80f", - "reference": "32a9da87d7b3245e09ac426c83d334ae9f06f80f", + "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe", + "reference": "b9123926e3b7bc2f98c02ad54f6a4b02b91a8abe", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "suggest": { "ext-intl": "For best performance" @@ -1448,8 +1448,8 @@ "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1485,7 +1485,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.31.0" }, "funding": [ { @@ -1501,24 +1501,24 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-intl-normalizer", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-intl-normalizer.git", - "reference": "bc45c394692b948b4d383a08d7753968bed9a83d" + "reference": "3833d7255cc303546435cb650316bff708a1c75c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/bc45c394692b948b4d383a08d7753968bed9a83d", - "reference": "bc45c394692b948b4d383a08d7753968bed9a83d", + "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c", + "reference": "3833d7255cc303546435cb650316bff708a1c75c", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "suggest": { "ext-intl": "For best performance" @@ -1526,8 +1526,8 @@ "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1566,7 +1566,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.31.0" }, "funding": [ { @@ -1582,24 +1582,24 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec" + "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341", + "reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "provide": { "ext-mbstring": "*" @@ -1610,8 +1610,8 @@ "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1646,7 +1646,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.31.0" }, "funding": [ { @@ -1662,30 +1662,30 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-php73", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "21bd091060673a1177ae842c0ef8fe30893114d2" + "reference": "0f68c03565dcaaf25a890667542e8bd75fe7e5bb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/21bd091060673a1177ae842c0ef8fe30893114d2", - "reference": "21bd091060673a1177ae842c0ef8fe30893114d2", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/0f68c03565dcaaf25a890667542e8bd75fe7e5bb", + "reference": "0f68c03565dcaaf25a890667542e8bd75fe7e5bb", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1722,7 +1722,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php73/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-php73/tree/v1.31.0" }, "funding": [ { @@ -1738,7 +1738,7 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/polyfill-php80", @@ -1822,26 +1822,26 @@ }, { "name": "symfony/polyfill-php81", - "version": "v1.29.0", + "version": "v1.31.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d" + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d", - "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", + "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -1878,7 +1878,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.31.0" }, "funding": [ { @@ -1894,7 +1894,7 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-09-09T11:45:10+00:00" }, { "name": "symfony/process", @@ -1960,16 +1960,16 @@ }, { "name": "symfony/service-contracts", - "version": "v2.5.3", + "version": "v2.5.4", "source": { "type": "git", "url": "https://github.com/symfony/service-contracts.git", - "reference": "a2329596ddc8fd568900e3fc76cba42489ecc7f3" + "reference": "f37b419f7aea2e9abf10abd261832cace12e3300" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/service-contracts/zipball/a2329596ddc8fd568900e3fc76cba42489ecc7f3", - "reference": "a2329596ddc8fd568900e3fc76cba42489ecc7f3", + "url": "https://api.github.com/repos/symfony/service-contracts/zipball/f37b419f7aea2e9abf10abd261832cace12e3300", + "reference": "f37b419f7aea2e9abf10abd261832cace12e3300", "shasum": "" }, "require": { @@ -2023,7 +2023,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/service-contracts/tree/v2.5.3" + "source": "https://github.com/symfony/service-contracts/tree/v2.5.4" }, "funding": [ { @@ -2039,20 +2039,20 @@ "type": "tidelift" } ], - "time": "2023-04-21T15:04:16+00:00" + "time": "2024-09-25T14:11:13+00:00" }, { "name": "symfony/string", - "version": "v5.4.40", + "version": "v5.4.47", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "142877285aa974a6f7685e292ab5ba9aae86b143" + "reference": "136ca7d72f72b599f2631aca474a4f8e26719799" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/142877285aa974a6f7685e292ab5ba9aae86b143", - "reference": "142877285aa974a6f7685e292ab5ba9aae86b143", + "url": "https://api.github.com/repos/symfony/string/zipball/136ca7d72f72b599f2631aca474a4f8e26719799", + "reference": "136ca7d72f72b599f2631aca474a4f8e26719799", "shasum": "" }, "require": { @@ -2109,7 +2109,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v5.4.40" + "source": "https://github.com/symfony/string/tree/v5.4.47" }, "funding": [ { @@ -2125,31 +2125,210 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:33:22+00:00" + "time": "2024-11-10T20:33:58+00:00" } ], "packages-dev": [ + { + "name": "clue/ndjson-react", + "version": "v1.3.0", + "source": { + "type": "git", + "url": "https://github.com/clue/reactphp-ndjson.git", + "reference": "392dc165fce93b5bb5c637b67e59619223c931b0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/clue/reactphp-ndjson/zipball/392dc165fce93b5bb5c637b67e59619223c931b0", + "reference": "392dc165fce93b5bb5c637b67e59619223c931b0", + "shasum": "" + }, + "require": { + "php": ">=5.3", + "react/stream": "^1.2" + }, + "require-dev": { + "phpunit/phpunit": "^9.5 || ^5.7 || ^4.8.35", + "react/event-loop": "^1.2" + }, + "type": "library", + "autoload": { + "psr-4": { + "Clue\\React\\NDJson\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering" + } + ], + "description": "Streaming newline-delimited JSON (NDJSON) parser and encoder for ReactPHP.", + "homepage": "https://github.com/clue/reactphp-ndjson", + "keywords": [ + "NDJSON", + "json", + "jsonlines", + "newline", + "reactphp", + "streaming" + ], + "support": { + "issues": "https://github.com/clue/reactphp-ndjson/issues", + "source": "https://github.com/clue/reactphp-ndjson/tree/v1.3.0" + }, + "funding": [ + { + "url": "https://clue.engineering/support", + "type": "custom" + }, + { + "url": "https://github.com/clue", + "type": "github" + } + ], + "time": "2022-12-23T10:58:28+00:00" + }, + { + "name": "evenement/evenement", + "version": "v3.0.2", + "source": { + "type": "git", + "url": "https://github.com/igorw/evenement.git", + "reference": "0a16b0d71ab13284339abb99d9d2bd813640efbc" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/igorw/evenement/zipball/0a16b0d71ab13284339abb99d9d2bd813640efbc", + "reference": "0a16b0d71ab13284339abb99d9d2bd813640efbc", + "shasum": "" + }, + "require": { + "php": ">=7.0" + }, + "require-dev": { + "phpunit/phpunit": "^9 || ^6" + }, + "type": "library", + "autoload": { + "psr-4": { + "Evenement\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Igor Wiedler", + "email": "igor@wiedler.ch" + } + ], + "description": "Événement is a very simple event dispatching library for PHP", + "keywords": [ + "event-dispatcher", + "event-emitter" + ], + "support": { + "issues": "https://github.com/igorw/evenement/issues", + "source": "https://github.com/igorw/evenement/tree/v3.0.2" + }, + "time": "2023-08-08T05:53:35+00:00" + }, + { + "name": "fidry/cpu-core-counter", + "version": "1.2.0", + "source": { + "type": "git", + "url": "https://github.com/theofidry/cpu-core-counter.git", + "reference": "8520451a140d3f46ac33042715115e290cf5785f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/theofidry/cpu-core-counter/zipball/8520451a140d3f46ac33042715115e290cf5785f", + "reference": "8520451a140d3f46ac33042715115e290cf5785f", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0" + }, + "require-dev": { + "fidry/makefile": "^0.2.0", + "fidry/php-cs-fixer-config": "^1.1.2", + "phpstan/extension-installer": "^1.2.0", + "phpstan/phpstan": "^1.9.2", + "phpstan/phpstan-deprecation-rules": "^1.0.0", + "phpstan/phpstan-phpunit": "^1.2.2", + "phpstan/phpstan-strict-rules": "^1.4.4", + "phpunit/phpunit": "^8.5.31 || ^9.5.26", + "webmozarts/strict-phpunit": "^7.5" + }, + "type": "library", + "autoload": { + "psr-4": { + "Fidry\\CpuCoreCounter\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Théo FIDRY", + "email": "theo.fidry@gmail.com" + } + ], + "description": "Tiny utility to get the number of CPU cores.", + "keywords": [ + "CPU", + "core" + ], + "support": { + "issues": "https://github.com/theofidry/cpu-core-counter/issues", + "source": "https://github.com/theofidry/cpu-core-counter/tree/1.2.0" + }, + "funding": [ + { + "url": "https://github.com/theofidry", + "type": "github" + } + ], + "time": "2024-08-06T10:04:20+00:00" + }, { "name": "friendsofphp/php-cs-fixer", - "version": "v3.54.0", + "version": "v3.65.0", "source": { "type": "git", "url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git", - "reference": "2aecbc8640d7906c38777b3dcab6f4ca79004d08" + "reference": "79d4f3e77b250a7d8043d76c6af8f0695e8a469f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/2aecbc8640d7906c38777b3dcab6f4ca79004d08", - "reference": "2aecbc8640d7906c38777b3dcab6f4ca79004d08", + "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/79d4f3e77b250a7d8043d76c6af8f0695e8a469f", + "reference": "79d4f3e77b250a7d8043d76c6af8f0695e8a469f", "shasum": "" }, "require": { + "clue/ndjson-react": "^1.0", "composer/semver": "^3.4", "composer/xdebug-handler": "^3.0.3", "ext-filter": "*", "ext-json": "*", "ext-tokenizer": "*", + "fidry/cpu-core-counter": "^1.2", "php": "^7.4 || ^8.0", + "react/child-process": "^0.6.5", + "react/event-loop": "^1.0", + "react/promise": "^2.0 || ^3.0", + "react/socket": "^1.0", + "react/stream": "^1.0", "sebastian/diff": "^4.0 || ^5.0 || ^6.0", "symfony/console": "^5.4 || ^6.0 || ^7.0", "symfony/event-dispatcher": "^5.4 || ^6.0 || ^7.0", @@ -2163,18 +2342,18 @@ "symfony/stopwatch": "^5.4 || ^6.0 || ^7.0" }, "require-dev": { - "facile-it/paraunit": "^1.3 || ^2.0", - "infection/infection": "^0.27.11", - "justinrainbow/json-schema": "^5.2", + "facile-it/paraunit": "^1.3.1 || ^2.4", + "infection/infection": "^0.29.8", + "justinrainbow/json-schema": "^5.3 || ^6.0", "keradus/cli-executor": "^2.1", - "mikey179/vfsstream": "^1.6.11", + "mikey179/vfsstream": "^1.6.12", "php-coveralls/php-coveralls": "^2.7", "php-cs-fixer/accessible-object": "^1.1", - "php-cs-fixer/phpunit-constraint-isidenticalstring": "^1.4", - "php-cs-fixer/phpunit-constraint-xmlmatchesxsd": "^1.4", - "phpunit/phpunit": "^9.6 || ^10.5.5 || ^11.0.2", - "symfony/var-dumper": "^5.4 || ^6.0 || ^7.0", - "symfony/yaml": "^5.4 || ^6.0 || ^7.0" + "php-cs-fixer/phpunit-constraint-isidenticalstring": "^1.5", + "php-cs-fixer/phpunit-constraint-xmlmatchesxsd": "^1.5", + "phpunit/phpunit": "^9.6.21 || ^10.5.38 || ^11.4.3", + "symfony/var-dumper": "^5.4.47 || ^6.4.15 || ^7.1.8", + "symfony/yaml": "^5.4.45 || ^6.4.13 || ^7.1.6" }, "suggest": { "ext-dom": "For handling output formats in XML", @@ -2187,7 +2366,10 @@ "autoload": { "psr-4": { "PhpCsFixer\\": "src/" - } + }, + "exclude-from-classmap": [ + "src/Fixer/Internal/*" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -2212,7 +2394,7 @@ ], "support": { "issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues", - "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.54.0" + "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.65.0" }, "funding": [ { @@ -2220,7 +2402,7 @@ "type": "github" } ], - "time": "2024-04-17T08:12:13+00:00" + "time": "2024-11-25T00:39:24+00:00" }, { "name": "phpstan/phpstan", @@ -2330,6 +2512,463 @@ }, "time": "2019-01-08T18:20:26+00:00" }, + { + "name": "react/cache", + "version": "v1.2.0", + "source": { + "type": "git", + "url": "https://github.com/reactphp/cache.git", + "reference": "d47c472b64aa5608225f47965a484b75c7817d5b" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/cache/zipball/d47c472b64aa5608225f47965a484b75c7817d5b", + "reference": "d47c472b64aa5608225f47965a484b75c7817d5b", + "shasum": "" + }, + "require": { + "php": ">=5.3.0", + "react/promise": "^3.0 || ^2.0 || ^1.1" + }, + "require-dev": { + "phpunit/phpunit": "^9.5 || ^5.7 || ^4.8.35" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\Cache\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "Async, Promise-based cache interface for ReactPHP", + "keywords": [ + "cache", + "caching", + "promise", + "reactphp" + ], + "support": { + "issues": "https://github.com/reactphp/cache/issues", + "source": "https://github.com/reactphp/cache/tree/v1.2.0" + }, + "funding": [ + { + "url": "https://opencollective.com/reactphp", + "type": "open_collective" + } + ], + "time": "2022-11-30T15:59:55+00:00" + }, + { + "name": "react/child-process", + "version": "v0.6.5", + "source": { + "type": "git", + "url": "https://github.com/reactphp/child-process.git", + "reference": "e71eb1aa55f057c7a4a0d08d06b0b0a484bead43" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/child-process/zipball/e71eb1aa55f057c7a4a0d08d06b0b0a484bead43", + "reference": "e71eb1aa55f057c7a4a0d08d06b0b0a484bead43", + "shasum": "" + }, + "require": { + "evenement/evenement": "^3.0 || ^2.0 || ^1.0", + "php": ">=5.3.0", + "react/event-loop": "^1.2", + "react/stream": "^1.2" + }, + "require-dev": { + "phpunit/phpunit": "^9.3 || ^5.7 || ^4.8.35", + "react/socket": "^1.8", + "sebastian/environment": "^5.0 || ^3.0 || ^2.0 || ^1.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\ChildProcess\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "Event-driven library for executing child processes with ReactPHP.", + "keywords": [ + "event-driven", + "process", + "reactphp" + ], + "support": { + "issues": "https://github.com/reactphp/child-process/issues", + "source": "https://github.com/reactphp/child-process/tree/v0.6.5" + }, + "funding": [ + { + "url": "https://github.com/WyriHaximus", + "type": "github" + }, + { + "url": "https://github.com/clue", + "type": "github" + } + ], + "time": "2022-09-16T13:41:56+00:00" + }, + { + "name": "react/dns", + "version": "v1.13.0", + "source": { + "type": "git", + "url": "https://github.com/reactphp/dns.git", + "reference": "eb8ae001b5a455665c89c1df97f6fb682f8fb0f5" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/dns/zipball/eb8ae001b5a455665c89c1df97f6fb682f8fb0f5", + "reference": "eb8ae001b5a455665c89c1df97f6fb682f8fb0f5", + "shasum": "" + }, + "require": { + "php": ">=5.3.0", + "react/cache": "^1.0 || ^0.6 || ^0.5", + "react/event-loop": "^1.2", + "react/promise": "^3.2 || ^2.7 || ^1.2.1" + }, + "require-dev": { + "phpunit/phpunit": "^9.6 || ^5.7 || ^4.8.36", + "react/async": "^4.3 || ^3 || ^2", + "react/promise-timer": "^1.11" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\Dns\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "Async DNS resolver for ReactPHP", + "keywords": [ + "async", + "dns", + "dns-resolver", + "reactphp" + ], + "support": { + "issues": "https://github.com/reactphp/dns/issues", + "source": "https://github.com/reactphp/dns/tree/v1.13.0" + }, + "funding": [ + { + "url": "https://opencollective.com/reactphp", + "type": "open_collective" + } + ], + "time": "2024-06-13T14:18:03+00:00" + }, + { + "name": "react/event-loop", + "version": "v1.5.0", + "source": { + "type": "git", + "url": "https://github.com/reactphp/event-loop.git", + "reference": "bbe0bd8c51ffc05ee43f1729087ed3bdf7d53354" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/event-loop/zipball/bbe0bd8c51ffc05ee43f1729087ed3bdf7d53354", + "reference": "bbe0bd8c51ffc05ee43f1729087ed3bdf7d53354", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": "^9.6 || ^5.7 || ^4.8.36" + }, + "suggest": { + "ext-pcntl": "For signal handling support when using the StreamSelectLoop" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\EventLoop\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "ReactPHP's core reactor event loop that libraries can use for evented I/O.", + "keywords": [ + "asynchronous", + "event-loop" + ], + "support": { + "issues": "https://github.com/reactphp/event-loop/issues", + "source": "https://github.com/reactphp/event-loop/tree/v1.5.0" + }, + "funding": [ + { + "url": "https://opencollective.com/reactphp", + "type": "open_collective" + } + ], + "time": "2023-11-13T13:48:05+00:00" + }, + { + "name": "react/socket", + "version": "v1.16.0", + "source": { + "type": "git", + "url": "https://github.com/reactphp/socket.git", + "reference": "23e4ff33ea3e160d2d1f59a0e6050e4b0fb0eac1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/socket/zipball/23e4ff33ea3e160d2d1f59a0e6050e4b0fb0eac1", + "reference": "23e4ff33ea3e160d2d1f59a0e6050e4b0fb0eac1", + "shasum": "" + }, + "require": { + "evenement/evenement": "^3.0 || ^2.0 || ^1.0", + "php": ">=5.3.0", + "react/dns": "^1.13", + "react/event-loop": "^1.2", + "react/promise": "^3.2 || ^2.6 || ^1.2.1", + "react/stream": "^1.4" + }, + "require-dev": { + "phpunit/phpunit": "^9.6 || ^5.7 || ^4.8.36", + "react/async": "^4.3 || ^3.3 || ^2", + "react/promise-stream": "^1.4", + "react/promise-timer": "^1.11" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\Socket\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "Async, streaming plaintext TCP/IP and secure TLS socket server and client connections for ReactPHP", + "keywords": [ + "Connection", + "Socket", + "async", + "reactphp", + "stream" + ], + "support": { + "issues": "https://github.com/reactphp/socket/issues", + "source": "https://github.com/reactphp/socket/tree/v1.16.0" + }, + "funding": [ + { + "url": "https://opencollective.com/reactphp", + "type": "open_collective" + } + ], + "time": "2024-07-26T10:38:09+00:00" + }, + { + "name": "react/stream", + "version": "v1.4.0", + "source": { + "type": "git", + "url": "https://github.com/reactphp/stream.git", + "reference": "1e5b0acb8fe55143b5b426817155190eb6f5b18d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/reactphp/stream/zipball/1e5b0acb8fe55143b5b426817155190eb6f5b18d", + "reference": "1e5b0acb8fe55143b5b426817155190eb6f5b18d", + "shasum": "" + }, + "require": { + "evenement/evenement": "^3.0 || ^2.0 || ^1.0", + "php": ">=5.3.8", + "react/event-loop": "^1.2" + }, + "require-dev": { + "clue/stream-filter": "~1.2", + "phpunit/phpunit": "^9.6 || ^5.7 || ^4.8.36" + }, + "type": "library", + "autoload": { + "psr-4": { + "React\\Stream\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Christian Lück", + "email": "christian@clue.engineering", + "homepage": "https://clue.engineering/" + }, + { + "name": "Cees-Jan Kiewiet", + "email": "reactphp@ceesjankiewiet.nl", + "homepage": "https://wyrihaximus.net/" + }, + { + "name": "Jan Sorgalla", + "email": "jsorgalla@gmail.com", + "homepage": "https://sorgalla.com/" + }, + { + "name": "Chris Boden", + "email": "cboden@gmail.com", + "homepage": "https://cboden.dev/" + } + ], + "description": "Event-driven readable and writable streams for non-blocking I/O in ReactPHP", + "keywords": [ + "event-driven", + "io", + "non-blocking", + "pipe", + "reactphp", + "readable", + "stream", + "writable" + ], + "support": { + "issues": "https://github.com/reactphp/stream/issues", + "source": "https://github.com/reactphp/stream/tree/v1.4.0" + }, + "funding": [ + { + "url": "https://opencollective.com/reactphp", + "type": "open_collective" + } + ], + "time": "2024-06-11T12:45:25+00:00" + }, { "name": "sebastian/diff", "version": "4.0.6", @@ -2398,16 +3037,16 @@ }, { "name": "symfony/event-dispatcher", - "version": "v5.4.35", + "version": "v5.4.45", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "7a69a85c7ea5bdd1e875806a99c51a87d3a74b38" + "reference": "72982eb416f61003e9bb6e91f8b3213600dcf9e9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/7a69a85c7ea5bdd1e875806a99c51a87d3a74b38", - "reference": "7a69a85c7ea5bdd1e875806a99c51a87d3a74b38", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/72982eb416f61003e9bb6e91f8b3213600dcf9e9", + "reference": "72982eb416f61003e9bb6e91f8b3213600dcf9e9", "shasum": "" }, "require": { @@ -2463,7 +3102,7 @@ "description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/event-dispatcher/tree/v5.4.35" + "source": "https://github.com/symfony/event-dispatcher/tree/v5.4.45" }, "funding": [ { @@ -2479,20 +3118,20 @@ "type": "tidelift" } ], - "time": "2024-01-23T13:51:25+00:00" + "time": "2024-09-25T14:11:13+00:00" }, { "name": "symfony/event-dispatcher-contracts", - "version": "v2.5.3", + "version": "v2.5.4", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher-contracts.git", - "reference": "540f4c73e87fd0c71ca44a6aa305d024ac68cb73" + "reference": "e0fe3d79b516eb75126ac6fa4cbf19b79b08c99f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/540f4c73e87fd0c71ca44a6aa305d024ac68cb73", - "reference": "540f4c73e87fd0c71ca44a6aa305d024ac68cb73", + "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/e0fe3d79b516eb75126ac6fa4cbf19b79b08c99f", + "reference": "e0fe3d79b516eb75126ac6fa4cbf19b79b08c99f", "shasum": "" }, "require": { @@ -2542,7 +3181,7 @@ "standards" ], "support": { - "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v2.5.3" + "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v2.5.4" }, "funding": [ { @@ -2558,20 +3197,20 @@ "type": "tidelift" } ], - "time": "2024-01-23T13:51:25+00:00" + "time": "2024-09-25T14:11:13+00:00" }, { "name": "symfony/options-resolver", - "version": "v5.4.21", + "version": "v5.4.45", "source": { "type": "git", "url": "https://github.com/symfony/options-resolver.git", - "reference": "4fe5cf6ede71096839f0e4b4444d65dd3a7c1eb9" + "reference": "74e5b6f0db3e8589e6cfd5efb317a1fc2bb52fb6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/options-resolver/zipball/4fe5cf6ede71096839f0e4b4444d65dd3a7c1eb9", - "reference": "4fe5cf6ede71096839f0e4b4444d65dd3a7c1eb9", + "url": "https://api.github.com/repos/symfony/options-resolver/zipball/74e5b6f0db3e8589e6cfd5efb317a1fc2bb52fb6", + "reference": "74e5b6f0db3e8589e6cfd5efb317a1fc2bb52fb6", "shasum": "" }, "require": { @@ -2611,7 +3250,7 @@ "options" ], "support": { - "source": "https://github.com/symfony/options-resolver/tree/v5.4.21" + "source": "https://github.com/symfony/options-resolver/tree/v5.4.45" }, "funding": [ { @@ -2627,20 +3266,20 @@ "type": "tidelift" } ], - "time": "2023-02-14T08:03:56+00:00" + "time": "2024-09-25T14:11:13+00:00" }, { "name": "symfony/stopwatch", - "version": "v5.4.35", + "version": "v5.4.45", "source": { "type": "git", "url": "https://github.com/symfony/stopwatch.git", - "reference": "887762aa99ff16f65dc8b48aafead415f942d407" + "reference": "fb2c199cf302eb207f8c23e7ee174c1c31a5c004" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/stopwatch/zipball/887762aa99ff16f65dc8b48aafead415f942d407", - "reference": "887762aa99ff16f65dc8b48aafead415f942d407", + "url": "https://api.github.com/repos/symfony/stopwatch/zipball/fb2c199cf302eb207f8c23e7ee174c1c31a5c004", + "reference": "fb2c199cf302eb207f8c23e7ee174c1c31a5c004", "shasum": "" }, "require": { @@ -2673,7 +3312,7 @@ "description": "Provides a way to profile code", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/stopwatch/tree/v5.4.35" + "source": "https://github.com/symfony/stopwatch/tree/v5.4.45" }, "funding": [ { @@ -2689,7 +3328,7 @@ "type": "tidelift" } ], - "time": "2024-01-23T13:51:25+00:00" + "time": "2024-09-25T14:11:13+00:00" } ], "aliases": [], From e655e3667c43aa630929fda23c01ff67abfb75b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 00:15:55 +0000 Subject: [PATCH 07/17] Bump nock in /npm_and_yarn/helpers in the npm-dependencies group (#10922) Bumps the npm-dependencies group in /npm_and_yarn/helpers with 1 update: [nock](https://github.com/nock/nock). Updates `nock` from 13.5.5 to 13.5.6 - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](https://github.com/nock/nock/compare/v13.5.5...v13.5.6) --- updated-dependencies: - dependency-name: nock dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- npm_and_yarn/helpers/package-lock.json | 14 +++++++------- npm_and_yarn/helpers/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/npm_and_yarn/helpers/package-lock.json b/npm_and_yarn/helpers/package-lock.json index 2b396b6387..0b4a9e291e 100644 --- a/npm_and_yarn/helpers/package-lock.json +++ b/npm_and_yarn/helpers/package-lock.json @@ -12,7 +12,7 @@ "@pnpm/dependency-path": "^5.1.1", "@pnpm/lockfile-file": "^9.1.2", "detect-indent": "^6.1.0", - "nock": "^13.5.5", + "nock": "^13.5.6", "npm": "6.14.18", "patch-package": "^8.0.0", "semver": "^7.6.3" @@ -9007,9 +9007,9 @@ "integrity": "sha512-EZSPZB70jiVsivaBLYDCyntd5eH8NTSMOn3rB+HxwdmKThGELLdYv8qVIMWvZEFy9w8ZZpW9h9OB32l1rGtj7g==" }, "node_modules/nock": { - "version": "13.5.5", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.5.tgz", - "integrity": "sha512-XKYnqUrCwXC8DGG1xX4YH5yNIrlh9c065uaMZZHUoeUUINTOyt+x/G+ezYk0Ft6ExSREVIs+qBJDK503viTfFA==", + "version": "13.5.6", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.6.tgz", + "integrity": "sha512-o2zOYiCpzRqSzPj0Zt/dQ/DqZeYoaQ7TUonc/xUPjCGl9WeHpNbxgVvOquXYAaJzI0M9BXV3HTzG0p8IUAbBTQ==", "dependencies": { "debug": "^4.1.0", "json-stringify-safe": "^5.0.1", @@ -23068,9 +23068,9 @@ "integrity": "sha512-EZSPZB70jiVsivaBLYDCyntd5eH8NTSMOn3rB+HxwdmKThGELLdYv8qVIMWvZEFy9w8ZZpW9h9OB32l1rGtj7g==" }, "nock": { - "version": "13.5.5", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.5.tgz", - "integrity": "sha512-XKYnqUrCwXC8DGG1xX4YH5yNIrlh9c065uaMZZHUoeUUINTOyt+x/G+ezYk0Ft6ExSREVIs+qBJDK503viTfFA==", + "version": "13.5.6", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.5.6.tgz", + "integrity": "sha512-o2zOYiCpzRqSzPj0Zt/dQ/DqZeYoaQ7TUonc/xUPjCGl9WeHpNbxgVvOquXYAaJzI0M9BXV3HTzG0p8IUAbBTQ==", "requires": { "debug": "^4.1.0", "json-stringify-safe": "^5.0.1", diff --git a/npm_and_yarn/helpers/package.json b/npm_and_yarn/helpers/package.json index c8c03515a4..b42595ffee 100644 --- a/npm_and_yarn/helpers/package.json +++ b/npm_and_yarn/helpers/package.json @@ -13,7 +13,7 @@ "@dependabot/yarn-lib": "^1.22.22", "@npmcli/arborist": "^8.0.0", "detect-indent": "^6.1.0", - "nock": "^13.5.5", + "nock": "^13.5.6", "npm": "6.14.18", "@pnpm/lockfile-file": "^9.1.2", "@pnpm/dependency-path": "^5.1.1", From d62c604d1b7acca070872871d15667d5d3381de8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 00:24:25 +0000 Subject: [PATCH 08/17] Bump the dev-dependencies group across 1 directory with 2 updates (#11078) Bumps the dev-dependencies group with 2 updates in the /npm_and_yarn/helpers directory: [eslint](https://github.com/eslint/eslint) and [prettier](https://github.com/prettier/prettier). Updates `eslint` from 9.14.0 to 9.16.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.14.0...v9.16.0) Updates `prettier` from 3.3.3 to 3.4.2 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.2) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- npm_and_yarn/helpers/package-lock.json | 234 +++++++++++-------------- npm_and_yarn/helpers/package.json | 4 +- 2 files changed, 109 insertions(+), 129 deletions(-) diff --git a/npm_and_yarn/helpers/package-lock.json b/npm_and_yarn/helpers/package-lock.json index 0b4a9e291e..058a7791ee 100644 --- a/npm_and_yarn/helpers/package-lock.json +++ b/npm_and_yarn/helpers/package-lock.json @@ -21,10 +21,10 @@ "helper": "run.js" }, "devDependencies": { - "eslint": "^9.14.0", + "eslint": "^9.16.0", "eslint-config-prettier": "^9.1.0", "jest": "^29.7.0", - "prettier": "^3.3.3" + "prettier": "^3.4.2" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -732,12 +732,12 @@ } }, "node_modules/@eslint/config-array": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.18.0.tgz", - "integrity": "sha512-fTxvnS1sRMu3+JjXwJG0j/i4RT9u4qJ+lqS/yCGap4lH4zZGzQ7tu+xZqQmcMZq5OBZDL4QRxQzRjkWcGt8IVw==", + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.19.1.tgz", + "integrity": "sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==", "dev": true, "dependencies": { - "@eslint/object-schema": "^2.1.4", + "@eslint/object-schema": "^2.1.5", "debug": "^4.3.1", "minimatch": "^3.1.2" }, @@ -746,9 +746,9 @@ } }, "node_modules/@eslint/config-array/node_modules/debug": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", - "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", + "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", "dev": true, "dependencies": { "ms": "^2.1.3" @@ -763,18 +763,21 @@ } }, "node_modules/@eslint/core": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.7.0.tgz", - "integrity": "sha512-xp5Jirz5DyPYlPiKat8jaq0EmYvDXKKpzTbxXMpT9eqlRJkRKIz9AGMdlvYjih+im+QlhWrpvVjl8IPC/lHlUw==", + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.9.1.tgz", + "integrity": "sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==", "dev": true, + "dependencies": { + "@types/json-schema": "^7.0.15" + }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, "node_modules/@eslint/eslintrc": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.1.0.tgz", - "integrity": "sha512-4Bfj15dVJdoy3RfZmmo86RK1Fwzn6SstsvK9JS+BaVKqC6QQQQyXekNaC+g+LKNgkQ+2VhGAzm6hO40AhMR3zQ==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz", + "integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==", "dev": true, "dependencies": { "ajv": "^6.12.4", @@ -801,12 +804,12 @@ "dev": true }, "node_modules/@eslint/eslintrc/node_modules/debug": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "integrity": "sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==", + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", + "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", "dev": true, "dependencies": { - "ms": "2.1.2" + "ms": "^2.1.3" }, "engines": { "node": ">=6.0" @@ -829,34 +832,28 @@ "js-yaml": "bin/js-yaml.js" } }, - "node_modules/@eslint/eslintrc/node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - }, "node_modules/@eslint/js": { - "version": "9.14.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.14.0.tgz", - "integrity": "sha512-pFoEtFWCPyDOl+C6Ift+wC7Ro89otjigCf5vcuWqWgqNSQbRrpjSvdeE6ofLz4dHmyxD5f7gIdGT4+p36L6Twg==", + "version": "9.16.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.16.0.tgz", + "integrity": "sha512-tw2HxzQkrbeuvyj1tG2Yqq+0H9wGoI2IMk4EOsQeX+vmd75FtJAzf+gTA69WF+baUKRYQ3x2kbLE08js5OsTVg==", "dev": true, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, "node_modules/@eslint/object-schema": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.4.tgz", - "integrity": "sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==", + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.5.tgz", + "integrity": "sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==", "dev": true, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" } }, "node_modules/@eslint/plugin-kit": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz", - "integrity": "sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.4.tgz", + "integrity": "sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==", "dev": true, "dependencies": { "levn": "^0.4.1" @@ -914,9 +911,9 @@ } }, "node_modules/@humanwhocodes/retry": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.0.tgz", - "integrity": "sha512-xnRgu9DxZbkWak/te3fcytNyp8MTbuiZIaueg2rgEvBuN55n04nwLYLU9TX/VVlusc9L2ZNXi99nUFNkHXtr5g==", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz", + "integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==", "dev": true, "engines": { "node": ">=18.18" @@ -4286,9 +4283,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -4592,26 +4589,26 @@ } }, "node_modules/eslint": { - "version": "9.14.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.14.0.tgz", - "integrity": "sha512-c2FHsVBr87lnUtjP4Yhvk4yEhKrQavGafRA/Se1ouse8PfbfC/Qh9Mxa00yWsZRlqeUB9raXip0aiiUZkgnr9g==", + "version": "9.16.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.16.0.tgz", + "integrity": "sha512-whp8mSQI4C8VXd+fLgSM0lh3UlmcFtVwUQjyKCFfsp+2ItAIYhlq/hqGahGqHE6cv9unM41VlqKk2VtKYR2TaA==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", - "@eslint/config-array": "^0.18.0", - "@eslint/core": "^0.7.0", - "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.14.0", - "@eslint/plugin-kit": "^0.2.0", + "@eslint/config-array": "^0.19.0", + "@eslint/core": "^0.9.0", + "@eslint/eslintrc": "^3.2.0", + "@eslint/js": "9.16.0", + "@eslint/plugin-kit": "^0.2.3", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", - "@humanwhocodes/retry": "^0.4.0", + "@humanwhocodes/retry": "^0.4.1", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", - "cross-spawn": "^7.0.2", + "cross-spawn": "^7.0.5", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.2.0", @@ -4630,8 +4627,7 @@ "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", - "optionator": "^0.9.3", - "text-table": "^0.2.0" + "optionator": "^0.9.3" }, "bin": { "eslint": "bin/eslint.js" @@ -5755,9 +5751,9 @@ } }, "node_modules/ignore": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", - "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", "dev": true, "engines": { "node": ">= 4" @@ -14557,9 +14553,9 @@ } }, "node_modules/prettier": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz", - "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz", + "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==", "dev": true, "bin": { "prettier": "bin/prettier.cjs" @@ -15729,12 +15725,6 @@ "node": ">=8" } }, - "node_modules/text-table": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", - "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", - "dev": true - }, "node_modules/thenify": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", @@ -16895,20 +16885,20 @@ "dev": true }, "@eslint/config-array": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.18.0.tgz", - "integrity": "sha512-fTxvnS1sRMu3+JjXwJG0j/i4RT9u4qJ+lqS/yCGap4lH4zZGzQ7tu+xZqQmcMZq5OBZDL4QRxQzRjkWcGt8IVw==", + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.19.1.tgz", + "integrity": "sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==", "dev": true, "requires": { - "@eslint/object-schema": "^2.1.4", + "@eslint/object-schema": "^2.1.5", "debug": "^4.3.1", "minimatch": "^3.1.2" }, "dependencies": { "debug": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", - "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", + "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", "dev": true, "requires": { "ms": "^2.1.3" @@ -16917,15 +16907,18 @@ } }, "@eslint/core": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.7.0.tgz", - "integrity": "sha512-xp5Jirz5DyPYlPiKat8jaq0EmYvDXKKpzTbxXMpT9eqlRJkRKIz9AGMdlvYjih+im+QlhWrpvVjl8IPC/lHlUw==", - "dev": true + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.9.1.tgz", + "integrity": "sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==", + "dev": true, + "requires": { + "@types/json-schema": "^7.0.15" + } }, "@eslint/eslintrc": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.1.0.tgz", - "integrity": "sha512-4Bfj15dVJdoy3RfZmmo86RK1Fwzn6SstsvK9JS+BaVKqC6QQQQyXekNaC+g+LKNgkQ+2VhGAzm6hO40AhMR3zQ==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz", + "integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==", "dev": true, "requires": { "ajv": "^6.12.4", @@ -16946,12 +16939,12 @@ "dev": true }, "debug": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "integrity": "sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==", + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", + "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", "dev": true, "requires": { - "ms": "2.1.2" + "ms": "^2.1.3" } }, "js-yaml": { @@ -16962,31 +16955,25 @@ "requires": { "argparse": "^2.0.1" } - }, - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true } } }, "@eslint/js": { - "version": "9.14.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.14.0.tgz", - "integrity": "sha512-pFoEtFWCPyDOl+C6Ift+wC7Ro89otjigCf5vcuWqWgqNSQbRrpjSvdeE6ofLz4dHmyxD5f7gIdGT4+p36L6Twg==", + "version": "9.16.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.16.0.tgz", + "integrity": "sha512-tw2HxzQkrbeuvyj1tG2Yqq+0H9wGoI2IMk4EOsQeX+vmd75FtJAzf+gTA69WF+baUKRYQ3x2kbLE08js5OsTVg==", "dev": true }, "@eslint/object-schema": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.4.tgz", - "integrity": "sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==", + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.5.tgz", + "integrity": "sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==", "dev": true }, "@eslint/plugin-kit": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz", - "integrity": "sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==", + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.4.tgz", + "integrity": "sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==", "dev": true, "requires": { "levn": "^0.4.1" @@ -17023,9 +17010,9 @@ "dev": true }, "@humanwhocodes/retry": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.0.tgz", - "integrity": "sha512-xnRgu9DxZbkWak/te3fcytNyp8MTbuiZIaueg2rgEvBuN55n04nwLYLU9TX/VVlusc9L2ZNXi99nUFNkHXtr5g==", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz", + "integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==", "dev": true }, "@isaacs/cliui": { @@ -19545,9 +19532,9 @@ } }, "cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "requires": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -19780,26 +19767,26 @@ "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=" }, "eslint": { - "version": "9.14.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.14.0.tgz", - "integrity": "sha512-c2FHsVBr87lnUtjP4Yhvk4yEhKrQavGafRA/Se1ouse8PfbfC/Qh9Mxa00yWsZRlqeUB9raXip0aiiUZkgnr9g==", + "version": "9.16.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.16.0.tgz", + "integrity": "sha512-whp8mSQI4C8VXd+fLgSM0lh3UlmcFtVwUQjyKCFfsp+2ItAIYhlq/hqGahGqHE6cv9unM41VlqKk2VtKYR2TaA==", "dev": true, "requires": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.12.1", - "@eslint/config-array": "^0.18.0", - "@eslint/core": "^0.7.0", - "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.14.0", - "@eslint/plugin-kit": "^0.2.0", + "@eslint/config-array": "^0.19.0", + "@eslint/core": "^0.9.0", + "@eslint/eslintrc": "^3.2.0", + "@eslint/js": "9.16.0", + "@eslint/plugin-kit": "^0.2.3", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", - "@humanwhocodes/retry": "^0.4.0", + "@humanwhocodes/retry": "^0.4.1", "@types/estree": "^1.0.6", "@types/json-schema": "^7.0.15", "ajv": "^6.12.4", "chalk": "^4.0.0", - "cross-spawn": "^7.0.2", + "cross-spawn": "^7.0.5", "debug": "^4.3.2", "escape-string-regexp": "^4.0.0", "eslint-scope": "^8.2.0", @@ -19818,8 +19805,7 @@ "lodash.merge": "^4.6.2", "minimatch": "^3.1.2", "natural-compare": "^1.4.0", - "optionator": "^0.9.3", - "text-table": "^0.2.0" + "optionator": "^0.9.3" }, "dependencies": { "ansi-styles": { @@ -20629,9 +20615,9 @@ } }, "ignore": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", - "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", "dev": true }, "ignore-walk": { @@ -27170,9 +27156,9 @@ "integrity": "sha1-gV7R9uvGWSb4ZbMQwHE7yzMVzks=" }, "prettier": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz", - "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz", + "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==", "dev": true }, "pretty-format": { @@ -28069,12 +28055,6 @@ "minimatch": "^3.0.4" } }, - "text-table": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", - "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=", - "dev": true - }, "thenify": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", diff --git a/npm_and_yarn/helpers/package.json b/npm_and_yarn/helpers/package.json index b42595ffee..eb988bdb25 100644 --- a/npm_and_yarn/helpers/package.json +++ b/npm_and_yarn/helpers/package.json @@ -21,9 +21,9 @@ "patch-package": "^8.0.0" }, "devDependencies": { - "eslint": "^9.14.0", + "eslint": "^9.16.0", "eslint-config-prettier": "^9.1.0", "jest": "^29.7.0", - "prettier": "^3.3.3" + "prettier": "^3.4.2" } } From a6d9362c957fd45dd5365a43512a9ee72d06f193 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Rodr=C3=ADguez?= Date: Fri, 13 Dec 2024 01:34:56 +0100 Subject: [PATCH 09/17] Raise a proper user error when package.json is just a dummy string (#8747) --- .../dependabot/npm_and_yarn/file_fetcher.rb | 5 ++++- .../npm_and_yarn/file_fetcher_spec.rb | 20 +++++++++++++++++++ .../npm/package_json_faked/package.json | 1 + 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 npm_and_yarn/spec/fixtures/projects/npm/package_json_faked/package.json diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb index ad1da67a7b..aa18e5a886 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_fetcher.rb @@ -614,7 +614,10 @@ def yarn_ignored_glob(glob) sig { returns(T.untyped) } def parsed_package_json - JSON.parse(T.must(package_json.content)) + parsed = JSON.parse(T.must(package_json.content)) + raise Dependabot::DependencyFileNotParseable, package_json.path unless parsed.is_a?(Hash) + + parsed rescue JSON::ParserError raise Dependabot::DependencyFileNotParseable, package_json.path end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb index db4b0e3e58..3ef3f99a60 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_fetcher_spec.rb @@ -1944,6 +1944,26 @@ end end + context "with package.json file just including a dummy string" do + before do + allow(file_fetcher_instance).to receive(:commit).and_return("sha") + + stub_request(:get, File.join(url, "package.json?ref=sha")) + .to_return( + status: 200, + body: fixture_to_response("projects/npm/package_json_faked", "package.json"), + headers: json_header + ) + end + + it "raises a DependencyFileNotParseable error" do + expect { file_fetcher_instance.files } + .to raise_error(Dependabot::DependencyFileNotParseable) do |error| + expect(error.file_name).to eq("package.json") + end + end + end + context "with an unparseable package-lock.json file" do before do allow(file_fetcher_instance).to receive(:commit).and_return("sha") diff --git a/npm_and_yarn/spec/fixtures/projects/npm/package_json_faked/package.json b/npm_and_yarn/spec/fixtures/projects/npm/package_json_faked/package.json new file mode 100644 index 0000000000..068bd9a379 --- /dev/null +++ b/npm_and_yarn/spec/fixtures/projects/npm/package_json_faked/package.json @@ -0,0 +1 @@ +"These examples have been moved to https://github.com/grpc/grpc-node/tree/master/examples" From 5b21cd7ac0e0cb70de5162c3e18f14905d681db3 Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Thu, 12 Dec 2024 18:06:49 -0700 Subject: [PATCH 10/17] Stop checking for Composer 1 dependencies (#11120) Composer 1 was removed in: * https://github.com/dependabot/dependabot-core/pull/10934 But we've still got a Dependabot job looking for PHP dependencies in the V1 folder, which no longer exists. So delete that job. --- .github/dependabot.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6b2eeac62d..0317987bb2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -32,7 +32,6 @@ updates: # Watch the per-ecosystem native helpers - package-ecosystem: "composer" directories: - - "/composer/helpers/v1" - "/composer/helpers/v2" schedule: interval: "weekly" From d1608d6ecae730ea6acb957ced9cb8c67216f540 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 17:46:07 -0800 Subject: [PATCH 11/17] Bump the all-actions group across 1 directory with 5 updates (#11118) Bumps the all-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.199.0` | `1.203.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.1.0` | `5.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.27.0` | `3.27.9` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.4.0` | `4.5.0` | | [actions/cache](https://github.com/actions/cache) | `4.1.2` | `4.2.0` | Updates `ruby/setup-ruby` from 1.199.0 to 1.203.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](https://github.com/ruby/setup-ruby/compare/7d3497fd78c07c0d84ebafa58d8dac60cd1f0763...2a18b06812b0e15bb916e1df298d3e740422c47e) Updates `actions/setup-go` from 5.1.0 to 5.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed...3041bf56c941b39c61721a86cd11f3bb1338122a) Updates `github/codeql-action` from 3.27.0 to 3.27.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...df409f7d9260372bd5f19e5b04e83cb3c43714ae) Updates `actions/dependency-review-action` from 4.4.0 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4081bf99e2866ebe428fc0477b69eb4fcda7220a...3b139cfc5fae8b618d3eae3675e383bb1769c019) Updates `actions/cache` from 4.1.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/6849a6489940f00c2f30c0fb92c6274307ccb58a...1bd1e32a3bdc45362d1e726936510720a7c30a57) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 4 ++-- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/dependency-review.yml | 2 +- .github/workflows/gems-bump-version.yml | 2 +- .github/workflows/gems-release-to-rubygems.yml | 2 +- .github/workflows/scorecards.yaml | 2 +- .github/workflows/smoke.yml | 4 ++-- .github/workflows/sorbet.yml | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b15aa4a756..f676159053 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: BUNDLE_GEMFILE: updater/Gemfile steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0 + - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 with: bundler-cache: true - run: ./bin/lint @@ -109,7 +109,7 @@ jobs: - name: Build ecosystem image run: script/build silent - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: 1.22 - name: Download Dependabot CLI diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 68cd42731c..6f2b3957b4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL (ruby) - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: languages: ${{ matrix.language }} config: | @@ -60,7 +60,7 @@ jobs: if: matrix.language == 'ruby' - name: Initialize CodeQL (others) - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: languages: ${{ matrix.language }} if: matrix.language != 'ruby' @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -82,4 +82,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c6ca0c4599..7728f9fd90 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,4 +22,4 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Perform Dependency Review - uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/gems-bump-version.yml b/.github/workflows/gems-bump-version.yml index c8ceed3819..eb119414eb 100644 --- a/.github/workflows/gems-bump-version.yml +++ b/.github/workflows/gems-bump-version.yml @@ -31,7 +31,7 @@ jobs: ref: "main" # bump-version.rb needs bundler - - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0 + - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 with: # Use the version of bundler specified in `updater/Gemfile.lock`. # Otherwise the generated PR will change `BUNDLED WITH` in diff --git a/.github/workflows/gems-release-to-rubygems.yml b/.github/workflows/gems-release-to-rubygems.yml index 5149dd6ebc..792fcd90b0 100644 --- a/.github/workflows/gems-release-to-rubygems.yml +++ b/.github/workflows/gems-release-to-rubygems.yml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0 + - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 - run: | [ -d ~/.gem ] || mkdir ~/.gem echo "---" > ~/.gem/credentials diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml index 103e42274d..4121c0596a 100644 --- a/.github/workflows/scorecards.yaml +++ b/.github/workflows/scorecards.yaml @@ -30,6 +30,6 @@ jobs: results_format: sarif publish_results: true - - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml index dd801a93b9..ee413cf292 100644 --- a/.github/workflows/smoke.yml +++ b/.github/workflows/smoke.yml @@ -76,7 +76,7 @@ jobs: - name: Restore Smoke Test id: cache-smoke-test - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: smoke.yaml key: ${{ matrix.suite.sha }}-${{ matrix.suite.name }} @@ -89,7 +89,7 @@ jobs: - name: Cache Smoke Test if: steps.cache-smoke-test.outputs.cache-hit != 'true' - uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: smoke.yaml key: ${{ steps.cache-smoke-test.outputs.cache-primary-key }} diff --git a/.github/workflows/sorbet.yml b/.github/workflows/sorbet.yml index c2073a5777..d42e5b29df 100644 --- a/.github/workflows/sorbet.yml +++ b/.github/workflows/sorbet.yml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: ruby/setup-ruby@7d3497fd78c07c0d84ebafa58d8dac60cd1f0763 # v1.199.0 + - uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0 with: bundler-cache: true From aae5818513fde71155958133f7c7f66550323ad7 Mon Sep 17 00:00:00 2001 From: Alfred Mazimbe Date: Fri, 13 Dec 2024 14:23:37 +0000 Subject: [PATCH 12/17] Add support for NPM V6 deprecation warning and unsupported error (#11112) --- .../npm_and_yarn/package_manager.rb | 12 +- .../npm_and_yarn/npm_package_manager_spec.rb | 108 ++++++++++++++++++ 2 files changed, 116 insertions(+), 4 deletions(-) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb index 6b146d6143..dfe419ccd1 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/package_manager.rb @@ -62,14 +62,13 @@ class NpmPackageManager < Ecosystem::VersionManager # Keep versions in ascending order SUPPORTED_VERSIONS = T.let([ - Version.new(NPM_V6), Version.new(NPM_V7), Version.new(NPM_V8), Version.new(NPM_V9), Version.new(NPM_V10) ].freeze, T::Array[Dependabot::Version]) - DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version]) + DEPRECATED_VERSIONS = T.let([Version.new(NPM_V6)].freeze, T::Array[Dependabot::Version]) sig do params( @@ -89,12 +88,17 @@ def initialize(raw_version, requirement: nil) sig { override.returns(T::Boolean) } def deprecated? - false + return false if unsupported? + return false unless Dependabot::Experiments.enabled?(:npm_v6_deprecation_warning) + + deprecated_versions.include?(version) end sig { override.returns(T::Boolean) } def unsupported? - false + return false unless Dependabot::Experiments.enabled?(:npm_v6_unsupported_error) + + supported_versions.all? { |supported| supported > version } end end diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb index 77ac6c251b..f0e68da32a 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/npm_package_manager_spec.rb @@ -38,6 +38,54 @@ it "returns false" do expect(package_manager.deprecated?).to be false end + + context "with feature flag npm_v6_deprecation_warning" do + before do + allow(Dependabot::Experiments).to receive(:enabled?) + .with(:npm_v6_deprecation_warning) + .and_return(deprecation_enabled) + allow(Dependabot::Experiments).to receive(:enabled?) + .with(:npm_v6_unsupported_error) + .and_return(unsupported_enabled) + end + + context "when npm_v6_deprecation_warning is enabled and version is deprecated" do + let(:deprecation_enabled) { true } + let(:unsupported_enabled) { false } + + it "returns true" do + expect(package_manager.deprecated?).to be true + end + end + + context "when npm_v6_deprecation_warning is enabled but version is not deprecated" do + let(:version) { "9" } + let(:deprecation_enabled) { true } + let(:unsupported_enabled) { false } + + it "returns false" do + expect(package_manager.deprecated?).to be false + end + end + + context "when npm_v6_deprecation_warning is disabled" do + let(:deprecation_enabled) { false } + let(:unsupported_enabled) { false } + + it "returns false" do + expect(package_manager.deprecated?).to be false + end + end + + context "when version is unsupported" do + let(:deprecation_enabled) { true } + let(:unsupported_enabled) { true } + + it "returns false, as unsupported takes precedence" do + expect(package_manager.deprecated?).to be false + end + end + end end describe "#unsupported?" do @@ -46,5 +94,65 @@ it "returns false for supported versions" do expect(package_manager.unsupported?).to be false end + + context "with feature flag npm_v6_unsupported_error" do + before do + allow(Dependabot::Experiments).to receive(:enabled?) + .with(:npm_v6_unsupported_error) + .and_return(unsupported_enabled) + end + + context "when npm_v6_unsupported_error is enabled and version is unsupported" do + let(:version) { "6" } + let(:unsupported_enabled) { true } + + it "returns true" do + expect(package_manager.unsupported?).to be true + end + end + + context "when npm_v6_unsupported_error is enabled but version is supported" do + let(:version) { "7" } + let(:unsupported_enabled) { true } + + it "returns false" do + expect(package_manager.unsupported?).to be false + end + end + + context "when npm_v6_unsupported_error is disabled" do + let(:unsupported_enabled) { false } + + it "returns false" do + expect(package_manager.unsupported?).to be false + end + end + end + end + + describe "#raise_if_unsupported!" do + before do + allow(Dependabot::Experiments).to receive(:enabled?) + .with(:npm_v6_unsupported_error) + .and_return(unsupported_enabled) + end + + context "when npm_v6_unsupported_error is enabled and version is unsupported" do + let(:version) { "6" } + let(:unsupported_enabled) { true } + + it "raises a ToolVersionNotSupported error" do + expect { package_manager.raise_if_unsupported! }.to raise_error(Dependabot::ToolVersionNotSupported) + end + end + + context "when npm_v6_unsupported_error is disabled" do + let(:version) { "6" } + let(:unsupported_enabled) { false } + + it "does not raise an error" do + expect { package_manager.raise_if_unsupported! }.not_to raise_error + end + end end end From b3bb7da00e196b3fa1d33d963dab042dff67a7d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 19:02:14 +0000 Subject: [PATCH 13/17] Bump hashin from 1.0.1 to 1.0.3 in /python/helpers in the poetry group across 1 directory (#11115) * Bump hashin in /python/helpers in the poetry group across 1 directory Bumps the poetry group with 1 update in the /python/helpers directory: [hashin](https://github.com/peterbe/hashin). Updates `hashin` from 1.0.1 to 1.0.3 - [Release notes](https://github.com/peterbe/hashin/releases) - [Commits](https://github.com/peterbe/hashin/compare/1.0.1...1.0.3) --- updated-dependencies: - dependency-name: hashin dependency-type: direct:production update-type: version-update:semver-patch dependency-group: poetry ... Signed-off-by: dependabot[bot] * Update python/helpers/requirements.txt --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeff Widman --- python/helpers/requirements.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/helpers/requirements.txt b/python/helpers/requirements.txt index 206e2cbb3e..f5998ed5e9 100644 --- a/python/helpers/requirements.txt +++ b/python/helpers/requirements.txt @@ -1,7 +1,9 @@ pip==24.0 pip-tools==7.4.1 flake8==7.1.0 -hashin==1.0.1 +# TODO: Drop the conditions and use the latest version once we drop support for Python 3.8. +hashin==1.0.2; python_version < '3.9' +hashin==1.0.3; python_version >= '3.9' pipenv==2024.0.2 plette==2.1.0 poetry==1.8.5 From 21cb4925eeb1a46c2e2f0dd3c1c966478582c723 Mon Sep 17 00:00:00 2001 From: Jeff Widman Date: Fri, 13 Dec 2024 12:29:26 -0700 Subject: [PATCH 14/17] Bump yarn to 4.5.3 (#11123) * Bump yarn to 4.5.3 * Update test to match new handling of peer deps This is the failing test: https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875 Full commit including lockfiles: https://github.com/dependabot/dependabot-core/commit/1dcda58569f95d079d3b239876a12f10205406a3 Interestingly, it doesn't fail in Yarn `4.3.1` as seen in: * https://github.com/dependabot/dependabot-core/pull/8265 Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR: * https://github.com/yarnpkg/berry/pull/6517 My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56): ``` 1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq # Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) } expected: # got: # (compared using ==) Diff: @@ -1 +1 @@ -Gem::Version.new("15.2.0") +Gem::Version.new("16.3.1") # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in ' # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in ' # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in ' ``` --- npm_and_yarn/Dockerfile | 2 +- .../npm_and_yarn/update_checker/version_resolver_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/npm_and_yarn/Dockerfile b/npm_and_yarn/Dockerfile index b31f69fc4c..41a16f11f3 100644 --- a/npm_and_yarn/Dockerfile +++ b/npm_and_yarn/Dockerfile @@ -7,7 +7,7 @@ ARG COREPACK_VERSION=0.24.0 ARG PNPM_VERSION=9.15.0 # Check for updates at https://github.com/yarnpkg/berry/releases -ARG YARN_VERSION=4.1.1 +ARG YARN_VERSION=4.5.3 # See https://github.com/nodesource/distributions#installation-instructions diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb index c0a864611c..0387075973 100644 --- a/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb +++ b/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb @@ -870,7 +870,7 @@ ) end - it { is_expected.to eq(Gem::Version.new("15.2.0")) } + it { is_expected.to eq(Gem::Version.new("16.3.1")) } end end From 3f1e9f848aec5605a394b7ca971cc30f80d9d4b4 Mon Sep 17 00:00:00 2001 From: Hariharan Thavachelvam <164553783+thavaahariharangit@users.noreply.github.com> Date: Mon, 16 Dec 2024 16:59:07 +0000 Subject: [PATCH 15/17] If overridden file exists, then process it and find the missing key values from base file. (#11137) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * If overridden file exists, then process it and find the missing key values from parent. * Updated as per review comments, Sorbet fixes. * lint error fixes * Lint error fixes --------- Co-authored-by: “Thavachelvam <“thavaahariharangit@git.com”> --- .../lib/dependabot/terraform/file_parser.rb | 8 +++++ .../lib/dependabot/terraform/file_selector.rb | 36 ++++++++++++++++++- .../dependabot/terraform/file_parser_spec.rb | 12 +++++++ .../child_module_with_no_source/main.tf | 4 +++ .../child_module_with_no_source/override.tf | 3 ++ 5 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 terraform/spec/fixtures/projects/child_module_with_no_source/main.tf create mode 100644 terraform/spec/fixtures/projects/child_module_with_no_source/override.tf diff --git a/terraform/lib/dependabot/terraform/file_parser.rb b/terraform/lib/dependabot/terraform/file_parser.rb index ee25a3e297..0eb9b5438e 100644 --- a/terraform/lib/dependabot/terraform/file_parser.rb +++ b/terraform/lib/dependabot/terraform/file_parser.rb @@ -58,6 +58,14 @@ def ecosystem def parse_terraform_files(dependency_set) terraform_files.each do |file| modules = parsed_file(file).fetch("module", {}) + # If override.tf files are present, we need to merge the modules + if override_terraform_files.any? + override_terraform_files.each do |override_file| + override_modules = parsed_file(override_file).fetch("module", {}) + modules = merge_modules(override_modules, modules) + end + end + modules.each do |name, details| details = details.first diff --git a/terraform/lib/dependabot/terraform/file_selector.rb b/terraform/lib/dependabot/terraform/file_selector.rb index 6b6431c47b..0488006137 100644 --- a/terraform/lib/dependabot/terraform/file_selector.rb +++ b/terraform/lib/dependabot/terraform/file_selector.rb @@ -11,6 +11,9 @@ module FileSelector extend T::Sig extend T::Helpers + TF_EXTENSION = ".tf" + OVERRIDE_TF_EXTENSION = "override.tf" + abstract! sig { abstract.returns(T::Array[Dependabot::DependencyFile]) } @@ -22,7 +25,12 @@ def dependency_files; end sig { returns(T::Array[Dependabot::DependencyFile]) } def terraform_files - dependency_files.select { |f| f.name.end_with?(".tf") } + dependency_files.select { |f| f.name.end_with?(TF_EXTENSION) && !f.name.end_with?(OVERRIDE_TF_EXTENSION) } + end + + sig { returns(T::Array[Dependabot::DependencyFile]) } + def override_terraform_files + dependency_files.select { |f| f.name.end_with?(OVERRIDE_TF_EXTENSION) } end sig { returns(T::Array[Dependabot::DependencyFile]) } @@ -34,6 +42,32 @@ def terragrunt_files def lockfile dependency_files.find { |f| lockfile?(f.name) } end + + sig do + params(modules: T::Hash[String, T::Array[T::Hash[String, T.untyped]]], + base_modules: T::Hash[String, + T::Array[T::Hash[String, + T.untyped]]]) + .returns(T::Hash[String, + T::Array[T::Hash[String, + T.untyped]]]) + end + def merge_modules(modules, base_modules) + merged_modules = base_modules.dup + + modules.each do |key, value| + merged_modules[key] = + if merged_modules.key?(key) + T.must(merged_modules[key]).map do |base_value| + base_value.merge(T.must(value.first)) + end + else + value + end + end + + merged_modules + end end end end diff --git a/terraform/spec/dependabot/terraform/file_parser_spec.rb b/terraform/spec/dependabot/terraform/file_parser_spec.rb index fce0de48fd..b814e2f213 100644 --- a/terraform/spec/dependabot/terraform/file_parser_spec.rb +++ b/terraform/spec/dependabot/terraform/file_parser_spec.rb @@ -870,6 +870,18 @@ end end + context "when the overridden module does not include source" do + let(:files) { project_dependency_files("child_module_with_no_source") } + + it "has the module with no source" do + module_dependency = dependencies.find { |d| d.name == "babbel/cloudfront-bucket/aws" } + + expect(module_dependency).not_to be_nil + expect(module_dependency.version).to eq("2.2.0") + expect(module_dependency.requirements.first[:source][:module_identifier]).to eq("babbel/cloudfront-bucket/aws") + end + end + context "with a toplevel provider" do let(:files) { project_dependency_files("provider") } diff --git a/terraform/spec/fixtures/projects/child_module_with_no_source/main.tf b/terraform/spec/fixtures/projects/child_module_with_no_source/main.tf new file mode 100644 index 0000000000..c813efb265 --- /dev/null +++ b/terraform/spec/fixtures/projects/child_module_with_no_source/main.tf @@ -0,0 +1,4 @@ +module "aws" { + source = "babbel/cloudfront-bucket/aws" + version = "2.0.0" +} diff --git a/terraform/spec/fixtures/projects/child_module_with_no_source/override.tf b/terraform/spec/fixtures/projects/child_module_with_no_source/override.tf new file mode 100644 index 0000000000..0be201d2e5 --- /dev/null +++ b/terraform/spec/fixtures/projects/child_module_with_no_source/override.tf @@ -0,0 +1,3 @@ +module "aws" { + version = "2.2.0" +} From 6fee66c52e510e98877fd512bff2d05529c5d18a Mon Sep 17 00:00:00 2001 From: Bryan Barajas Date: Thu, 17 Oct 2024 12:44:17 +0000 Subject: [PATCH 16/17] Terraform tests added for less than/equals, '<=', constraint and less than, '<' constraint --- .../terraform/requirements_updater_spec.rb | 71 +++++++++++++++++-- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/terraform/spec/dependabot/terraform/requirements_updater_spec.rb b/terraform/spec/dependabot/terraform/requirements_updater_spec.rb index 379c0f604f..b692035338 100644 --- a/terraform/spec/dependabot/terraform/requirements_updater_spec.rb +++ b/terraform/spec/dependabot/terraform/requirements_updater_spec.rb @@ -77,7 +77,49 @@ end end - context "when a =>,< requirement was previously specified" do + context "when <= requirement was previously specified" do + context "when it is satisfied" do + let(:requirement) { "<= 0.3.7" } + + it { is_expected.to eq(requirements.first) } + end + + context "when it is not satisfied" do + let(:requirement) { "<= 0.1.9" } + + its([:requirement]) { is_expected.to eq("<= 0.3.7") } + + context "when specifying two version segments" do + let(:requirement) { "<= 0.3" } + let(:latest_version) { version_class.new("2.8.5") } + + its([:requirement]) { is_expected.to eq("<= 2.8.5") } + end + + context "when specifying three version segments" do + let(:requirement) { "<= 0.3.7" } + let(:latest_version) { version_class.new("2.8.5") } + + its([:requirement]) { is_expected.to eq("<= 2.8.5") } + end + + context "when minor and patch updated" do + let(:requirement) { "<= 0.3.7" } + let(:latest_version) { version_class.new("0.4.0") } + + its([:requirement]) { is_expected.to eq("<= 0.4.0") } + end + + context "when major, minor and patch updated" do + let(:requirement) { "<= 0.3.7" } + let(:latest_version) { version_class.new("1.4.0") } + + its([:requirement]) { is_expected.to eq("<= 1.4.0") } + end + end + end + + context "when a =>,<,<= requirement was previously specified" do context "when satisfied" do let(:requirement) { ">= 0.2.1, < 0.4.0" } let(:latest_version) { "0.3.7" } @@ -85,11 +127,32 @@ its([:requirement]) { is_expected.to eq(">= 0.2.1, < 0.4.0") } end - context "when not satisfied" do - let(:requirement) { ">= 0.2.1, < 0.3.0" } + context "when not satisfied, 0 patch version" do + let(:requirement) { ">= 0.2.1, < 0.3.0, <= 0.3.0" } let(:latest_version) { "0.3.7" } - its([:requirement]) { is_expected.to eq(">= 0.2.1, < 0.4.0") } + its([:requirement]) { is_expected.to eq(">= 0.2.1, < 0.3.8, <= 0.3.7") } + end + + context "when not satisfied, non-0 patch version" do + let(:requirement) { ">= 0.2.1, < 0.3.2, <= 0.3.2" } + let(:latest_version) { "0.3.7" } + + its([:requirement]) { is_expected.to eq(">= 0.2.1, < 0.3.8, <= 0.3.7") } + end + + context "when not satisfied, major and minor only" do + let(:requirement) { ">= 0.2.1, < 0.3, <= 0.3" } + let(:latest_version) { "0.3.7" } + + its([:requirement]) { is_expected.to eq(">= 0.2.1, < 0.4, <= 0.3.7") } + end + + context "when not satisfied, major and minor only" do + let(:requirement) { ">= 0.2.1, < 0.3, <= 0.3" } + let(:latest_version) { "1.4.0" } + + its([:requirement]) { is_expected.to eq(">= 0.2.1, < 1.5, <= 1.4.0") } end end end From f682f152f9974650e4a5a4f73e4429715ada0f67 Mon Sep 17 00:00:00 2001 From: Bryan Barajas Date: Thu, 17 Oct 2024 12:45:50 +0000 Subject: [PATCH 17/17] Terraform requirements updater - update update_greatest_version to handle both less than and less-than/equal operators - 'index_to_update' would sometimes pick the middle or first segement instead of the last segment leading to the wrong version segment being incremented - less-than/equals would always get incremented instead of taking the version as-is - minor or patch version would sometimes get set to 0 once the 'index_to_update' was set --- .../terraform/requirements_updater.rb | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/terraform/lib/dependabot/terraform/requirements_updater.rb b/terraform/lib/dependabot/terraform/requirements_updater.rb index 250e8145cc..aa42da396c 100644 --- a/terraform/lib/dependabot/terraform/requirements_updater.rb +++ b/terraform/lib/dependabot/terraform/requirements_updater.rb @@ -190,17 +190,20 @@ def update_greatest_version(requirement, version_to_be_permitted) op, version = requirement.requirements.first version = version.release if version.prerelease? - index_to_update = - version.segments.map.with_index { |seg, i| seg.zero? ? 0 : i }.max - - new_segments = version.segments.map.with_index do |_, index| - if index < index_to_update + # When 'less than'/'<', + # increment the last available segment only so that the new version is within the constraint + if op == "<" + new_segments = version.segments.map.with_index do |_, index| version_to_be_permitted.segments[index] - elsif index == index_to_update - version_to_be_permitted.segments[index].to_i + 1 - else - 0 end + new_segments[-1] += 1 + # When 'less-than/equal'/'<=', use the new version as-is even when previously set as a non-semver version + # Terraform treats shortened versions the same as a version with any remaining segments as 0 + # Example: '0.2' is treated as '0.2.0' | '1' is treated as '1.0.0' + elsif op == "<=" + new_segments = version_to_be_permitted.segments + else + raise "Unexpected operation: #{op}" end requirement_class.new("#{op} #{new_segments.join('.')}")