Sha256: e3089883fe8e99415b696d17c33194d599c6df93d05dd816cf534c9f56a6e3d8
Contents?: true
Size: 1.86 KB
Versions: 213
Compression:
Stored size: 1.86 KB
Contents
# frozen_string_literal: true
require "excon"
require "dependabot/metadata_finders"
require "dependabot/metadata_finders/base"
require "dependabot/shared_helpers"
require "dependabot/composer/version"
module Dependabot
module Composer
class MetadataFinder < Dependabot::MetadataFinders::Base
private
def look_up_source
source_from_dependency || look_up_source_from_packagist
end
def source_from_dependency
source_url =
dependency.requirements.
map { |r| r.fetch(:source) }.compact.
first&.fetch(:url, nil)
Source.from_url(source_url)
end
def look_up_source_from_packagist
return nil if packagist_listing&.fetch("packages", nil) == []
return nil unless packagist_listing&.dig("packages", dependency.name.downcase)
version_listings =
packagist_listing["packages"][dependency.name.downcase].
select { |version, _| Composer::Version.correct?(version) }.
sort_by { |version, _| Composer::Version.new(version) }.
map { |_, listing| listing }.
reverse
potential_source_urls =
version_listings.
flat_map { |info| [info["homepage"], info.dig("source", "url")] }.
compact
source_url = potential_source_urls.find { |url| Source.from_url(url) }
Source.from_url(source_url)
end
def packagist_listing
return @packagist_listing unless @packagist_listing.nil?
response = Excon.get(
"https://packagist.org/p/#{dependency.name.downcase}.json",
idempotent: true,
**SharedHelpers.excon_defaults
)
return nil unless response.status == 200
@packagist_listing = JSON.parse(response.body)
end
end
end
end
Dependabot::MetadataFinders.
register("composer", Dependabot::Composer::MetadataFinder)
Version data entries
213 entries across 213 versions & 1 rubygems