From 3df7ef07787a5cb0adb4cc3692b19a5c4da6dd08 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 12:01:06 -0400 Subject: [PATCH 01/17] Issue 5919 - added check for nil in file parser. fileparser.spec is still in need of work. --- .../lib/dependabot/composer/file_parser.rb | 19 +++++++++++---- .../dependabot/composer/file_parser_spec.rb | 24 ++++++++++++++++++- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 8bd8b1972a8..20a79dcc8f5 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,9 +165,19 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - key = lockfile_key(type) - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } - end + p "name:#{name}\ntype:#{type}" + begin + key = lockfile_key(type) + rescue + key = nil + end + + if key is nil + raise Dependabot::DependencyFileNotParseable + else + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } + end + end def lockfile_key(type) case type @@ -188,7 +198,8 @@ def check_required_files end def parsed_lockfile - return unless lockfile + return unless lockfile + @parsed_lockfile ||= JSON.parse(lockfile.content) rescue JSON::ParserError diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index b266ccabb19..ccffceead73 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -154,7 +154,7 @@ end end - describe "a development subdependency" do + describe "a development subdependency" do subject(:subdep) do dependencies.find { |d| d.name == "phpunit/php-token-stream" } end @@ -164,6 +164,26 @@ expect(subdep.subdependency_metadata).to eq([{ production: false }]) end end + + describe "unknown type dependency" do + subject(:subdep) do + dependencies.find{|d| d.name == "zathros-says" } # nonexistent lockfile + p dependencies + end + + /it "raises a DependencyFileNotParseable error" do + expect { dependencies.length } + .to raise_error(Dependabot::DependencyFileNotParseable) do |error| + expect(error.file_name).to eq("zathros-says") + end + end/ + it "parses the details correctly" do + expect(subdep.version).to eq("9.9.9") + expect(subdep.subdependency_metadata).to eq([{ production: true }]) + end + + end + end context "with a version with a 'v' prefix" do @@ -370,6 +390,8 @@ end end end + + context "with a bad composer.json" do let(:project_name) { "unparseable_composer_json" } From 0e246cdcafc70291bfcdbe332a2fdeb4b87dbed0 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 14:54:41 -0400 Subject: [PATCH 02/17] issue #5919 - cleaning up test code --- composer/lib/dependabot/composer/file_parser.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 20a79dcc8f5..98ccd7fe1bc 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,7 +165,6 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - p "name:#{name}\ntype:#{type}" begin key = lockfile_key(type) rescue @@ -173,7 +172,7 @@ def lockfile_details(name:, type:) end if key is nil - raise Dependabot::DependencyFileNotParseable + raise Dependabot::DependencyFileNotParseable else parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } end From 2cc20e432ed63f03be365fa5634bf89b4f70f44e Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 15:04:53 -0400 Subject: [PATCH 03/17] issue #5919 - cleaning up test code error --- composer/lib/dependabot/composer/file_parser.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 98ccd7fe1bc..2d8afedc425 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -171,7 +171,7 @@ def lockfile_details(name:, type:) key = nil end - if key is nil + if key.nil? raise Dependabot::DependencyFileNotParseable else parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } From 85f669a15865081388389b45d80404141085b936 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 15:10:00 -0400 Subject: [PATCH 04/17] issue #5919 - cleaning up test code error --- composer/spec/dependabot/composer/file_parser_spec.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index ccffceead73..ded910a2d5e 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -171,16 +171,12 @@ p dependencies end - /it "raises a DependencyFileNotParseable error" do + it "raises a DependencyFileNotParseable error" do expect { dependencies.length } .to raise_error(Dependabot::DependencyFileNotParseable) do |error| - expect(error.file_name).to eq("zathros-says") + expect(error).to eq(nil) end - end/ - it "parses the details correctly" do - expect(subdep.version).to eq("9.9.9") - expect(subdep.subdependency_metadata).to eq([{ production: true }]) - end + end end From 95bbce079b00bfb6c4d3b19092e1b9c4835d01b0 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 12:01:06 -0400 Subject: [PATCH 05/17] Issue 5919 - added check for nil in file parser. fileparser.spec is still in need of work. --- .../lib/dependabot/composer/file_parser.rb | 19 +++++++++++---- .../dependabot/composer/file_parser_spec.rb | 24 ++++++++++++++++++- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 8bd8b1972a8..20a79dcc8f5 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,9 +165,19 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - key = lockfile_key(type) - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } - end + p "name:#{name}\ntype:#{type}" + begin + key = lockfile_key(type) + rescue + key = nil + end + + if key is nil + raise Dependabot::DependencyFileNotParseable + else + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } + end + end def lockfile_key(type) case type @@ -188,7 +198,8 @@ def check_required_files end def parsed_lockfile - return unless lockfile + return unless lockfile + @parsed_lockfile ||= JSON.parse(lockfile.content) rescue JSON::ParserError diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index b266ccabb19..ccffceead73 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -154,7 +154,7 @@ end end - describe "a development subdependency" do + describe "a development subdependency" do subject(:subdep) do dependencies.find { |d| d.name == "phpunit/php-token-stream" } end @@ -164,6 +164,26 @@ expect(subdep.subdependency_metadata).to eq([{ production: false }]) end end + + describe "unknown type dependency" do + subject(:subdep) do + dependencies.find{|d| d.name == "zathros-says" } # nonexistent lockfile + p dependencies + end + + /it "raises a DependencyFileNotParseable error" do + expect { dependencies.length } + .to raise_error(Dependabot::DependencyFileNotParseable) do |error| + expect(error.file_name).to eq("zathros-says") + end + end/ + it "parses the details correctly" do + expect(subdep.version).to eq("9.9.9") + expect(subdep.subdependency_metadata).to eq([{ production: true }]) + end + + end + end context "with a version with a 'v' prefix" do @@ -370,6 +390,8 @@ end end end + + context "with a bad composer.json" do let(:project_name) { "unparseable_composer_json" } From 81a0a455e54d526d603ef866e4c407fbacf0f469 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 14:54:41 -0400 Subject: [PATCH 06/17] issue #5919 - cleaning up test code --- composer/lib/dependabot/composer/file_parser.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 20a79dcc8f5..98ccd7fe1bc 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,7 +165,6 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - p "name:#{name}\ntype:#{type}" begin key = lockfile_key(type) rescue @@ -173,7 +172,7 @@ def lockfile_details(name:, type:) end if key is nil - raise Dependabot::DependencyFileNotParseable + raise Dependabot::DependencyFileNotParseable else parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } end From c344e7d588f156bbc3ac57afcc1f211d15973e5a Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 15:04:53 -0400 Subject: [PATCH 07/17] issue #5919 - cleaning up test code error --- composer/lib/dependabot/composer/file_parser.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 98ccd7fe1bc..2d8afedc425 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -171,7 +171,7 @@ def lockfile_details(name:, type:) key = nil end - if key is nil + if key.nil? raise Dependabot::DependencyFileNotParseable else parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } From e0894f251b263ede4291471cda4448c37220b7cd Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 15:10:00 -0400 Subject: [PATCH 08/17] issue #5919 - cleaning up test code error --- composer/spec/dependabot/composer/file_parser_spec.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index ccffceead73..ded910a2d5e 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -171,16 +171,12 @@ p dependencies end - /it "raises a DependencyFileNotParseable error" do + it "raises a DependencyFileNotParseable error" do expect { dependencies.length } .to raise_error(Dependabot::DependencyFileNotParseable) do |error| - expect(error.file_name).to eq("zathros-says") + expect(error).to eq(nil) end - end/ - it "parses the details correctly" do - expect(subdep.version).to eq("9.9.9") - expect(subdep.subdependency_metadata).to eq([{ production: true }]) - end + end end From f6de867378c7649a4b837edf475e81beef83c072 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Mon, 29 Apr 2024 16:20:26 -0400 Subject: [PATCH 09/17] issue #5919 - cleaning up Lint issues --- composer/lib/dependabot/composer/file_parser.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 2d8afedc425..a4c152e6caa 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,19 +165,19 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - begin - key = lockfile_key(type) + begin + key = lockfile_key(type) rescue key = nil end - if key.nil? + if key.nil? || parsed_lockfile.nil? || parsed_lockfile.fetch(key,[]).nil? raise Dependabot::DependencyFileNotParseable else - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } end end - + def lockfile_key(type) case type when "runtime" then "packages" From 269af04f183ef7945f9179e73770fec10fd7f257 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Tue, 30 Apr 2024 13:13:21 -0400 Subject: [PATCH 10/17] Issue #9634 - cleaned up code to remove overthought solution. --- composer/lib/dependabot/composer/file_parser.rb | 13 ++----------- .../spec/dependabot/composer/file_parser_spec.rb | 16 +--------------- 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index a4c152e6caa..2290eb2dd8b 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,17 +165,8 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - begin key = lockfile_key(type) - rescue - key = nil - end - - if key.nil? || parsed_lockfile.nil? || parsed_lockfile.fetch(key,[]).nil? - raise Dependabot::DependencyFileNotParseable - else - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } - end + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } if !parsed_lockfile.fetch(key, []).empty? end def lockfile_key(type) @@ -197,7 +188,7 @@ def check_required_files end def parsed_lockfile - return unless lockfile + return unless lockfile @parsed_lockfile ||= JSON.parse(lockfile.content) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index ded910a2d5e..9c4ebb09337 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -165,21 +165,7 @@ end end - describe "unknown type dependency" do - subject(:subdep) do - dependencies.find{|d| d.name == "zathros-says" } # nonexistent lockfile - p dependencies - end - - it "raises a DependencyFileNotParseable error" do - expect { dependencies.length } - .to raise_error(Dependabot::DependencyFileNotParseable) do |error| - expect(error).to eq(nil) - end - end - - end - + end context "with a version with a 'v' prefix" do From 34667ad833b429243731776d915927594a249a71 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Tue, 30 Apr 2024 14:12:56 -0400 Subject: [PATCH 11/17] Issue #9643 - cleaned up lint issues in code. --- composer/lib/dependabot/composer/file_parser.rb | 6 +++--- composer/spec/dependabot/composer/file_parser_spec.rb | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 2290eb2dd8b..1779f29db9a 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -165,9 +165,9 @@ def git_dependency_details(package_details, requirement) end def lockfile_details(name:, type:) - key = lockfile_key(type) - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } if !parsed_lockfile.fetch(key, []).empty? - end + key = lockfile_key(type) + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } if !parsed_lockfile.fetch(key, []).empty? + end def lockfile_key(type) case type diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index 9c4ebb09337..8786ca06940 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -154,7 +154,7 @@ end end - describe "a development subdependency" do + describe "a development subdependency" do subject(:subdep) do dependencies.find { |d| d.name == "phpunit/php-token-stream" } end @@ -164,7 +164,6 @@ expect(subdep.subdependency_metadata).to eq([{ production: false }]) end end - end From 2ff1e7219fe72af6c2e3981f3a44fb7615808d56 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Tue, 30 Apr 2024 14:24:31 -0400 Subject: [PATCH 12/17] Issue #9643 - cleaned up lint issues in code. --- composer/lib/dependabot/composer/file_parser.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 1779f29db9a..f60bcd37d3f 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -166,7 +166,7 @@ def git_dependency_details(package_details, requirement) def lockfile_details(name:, type:) key = lockfile_key(type) - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } if !parsed_lockfile.fetch(key, []).empty? + parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } unless parsed_lockfile.fetch(key, []).empty? end def lockfile_key(type) From 39f2e62e40c78f397343d1234b897a18f0d9bc2c Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Tue, 30 Apr 2024 14:36:11 -0400 Subject: [PATCH 13/17] Issue #9643 - cleaned up lint issues in code. --- composer/spec/dependabot/composer/file_parser_spec.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index 8786ca06940..b266ccabb19 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -164,7 +164,6 @@ expect(subdep.subdependency_metadata).to eq([{ production: false }]) end end - end context "with a version with a 'v' prefix" do @@ -371,8 +370,6 @@ end end end - - context "with a bad composer.json" do let(:project_name) { "unparseable_composer_json" } From 006fa5287bf89b6f877547446da240e8449b19f5 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Tue, 30 Apr 2024 14:40:56 -0400 Subject: [PATCH 14/17] Issue #9643 - cleaned up lint issues in code. --- composer/lib/dependabot/composer/file_parser.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index f60bcd37d3f..6b6e92f2ff9 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -168,7 +168,7 @@ def lockfile_details(name:, type:) key = lockfile_key(type) parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } unless parsed_lockfile.fetch(key, []).empty? end - + def lockfile_key(type) case type when "runtime" then "packages" @@ -189,7 +189,6 @@ def check_required_files def parsed_lockfile return unless lockfile - @parsed_lockfile ||= JSON.parse(lockfile.content) rescue JSON::ParserError From 9a82d69e68a7f687df496040e8ddb2d0dc549011 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Fri, 3 May 2024 11:03:54 -0400 Subject: [PATCH 15/17] Issue #9643 created test and changed code to make sure NPE no longer happens --- .../lib/dependabot/composer/file_parser.rb | 5 +- .../dependabot/composer/file_parser_spec.rb | 10 + .../composer.json | 41 +++ .../composer.lock | 249 ++++++++++++++++++ 4 files changed, 304 insertions(+), 1 deletion(-) create mode 100644 composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.json create mode 100644 composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.lock diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 6b6e92f2ff9..72accb87f0c 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -166,7 +166,10 @@ def git_dependency_details(package_details, requirement) def lockfile_details(name:, type:) key = lockfile_key(type) - parsed_lockfile.fetch(key, []).find { |d| d["name"] == name } unless parsed_lockfile.fetch(key, []).empty? + + fetchresults = parsed_lockfile.fetch(key, []) unless parsed_lockfile.nil? + fetchresults.find { |d| d["name"] == name } unless fetchresults.nil? || fetchresults.empty? + end def lockfile_key(type) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index b266ccabb19..ebc6c5f0623 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -49,6 +49,16 @@ end end + context "null dependencies with lockfile" do + let(:project_name) { "null_dependencies_with_lockfile" } + let(:name) { "phpunit/phpunit" } + let(:type) { "development" } + describe "no dependencies" do + subject {dependencies } + its(:length) { is_expected.to be >= 0 } + end + end + context "with a version specified (composer v1)" do let(:project_name) { "v1/minor_version" } diff --git a/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.json b/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.json new file mode 100644 index 00000000000..acb4fabb0d3 --- /dev/null +++ b/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.json @@ -0,0 +1,41 @@ +{ + "name": "joshuaestes/server-tools", + "description": "Collection of command line tools to help with server management and maintenance", + "keywords": [], + "homepage": "https://github.com/JoshuaEstes/ServerTools", + "license": "MIT", + "authors": [ + { + "name": "Joshua Estes", + "homepage": "http://joshuaestes.me" + }, + { + "name": "Contributors", + "homepage": "https://github.com/JoshuaEstes/ServerTools/graphs/contributors" + } + ], + "minimum-stability": "dev", + "require": { + "php": ">=5.3.2", + "symfony/console": ">=2.1,<=2.3@dev", + "symfony/process": ">=2.1,<=2.3@dev", + "symfony/yaml": ">=2.1,<=2.3@dev", + "symfony/finder": ">=2.1,<=2.3@dev", + "symfony/filesystem": ">=2.1,<=2.3@dev" + }, + "replace": { + "JoshuaEstes/ServerTools": "self.version" + }, + "require-dev": { + "phpunit/phpunit": "*", + "mikey179/vfsStream": "*" + }, + "autoload": { + "psr-0": { "": "src/" } + }, + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + } + } +} diff --git a/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.lock b/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.lock new file mode 100644 index 00000000000..7074d4d2b21 --- /dev/null +++ b/composer/spec/fixtures/projects/null_dependencies_with_lockfile/composer.lock @@ -0,0 +1,249 @@ +{ + "hash": "e031c26dc793ba069af645833f61dd89", + "packages": [ + { + "name": "symfony/console", + "version": "dev-master", + "target-dir": "Symfony/Component/Console", + "source": { + "type": "git", + "url": "https://github.com/symfony/Console", + "reference": "fdb2d9320106926266a0f7a5a97aab7213e11ad6" + }, + "dist": { + "type": "zip", + "url": "https://github.com/symfony/Console/archive/fdb2d9320106926266a0f7a5a97aab7213e11ad6.zip", + "reference": "fdb2d9320106926266a0f7a5a97aab7213e11ad6", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "time": "2013-01-24 15:55:08", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.2-dev" + } + }, + "autoload": { + "psr-0": { + "Symfony\\Component\\Console\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "http://symfony.com/contributors" + } + ], + "description": "Symfony Console Component", + "homepage": "http://symfony.com" + }, + { + "name": "symfony/filesystem", + "version": "dev-master", + "target-dir": "Symfony/Component/Filesystem", + "source": { + "type": "git", + "url": "https://github.com/symfony/Filesystem", + "reference": "v2.2.0-BETA2" + }, + "dist": { + "type": "zip", + "url": "https://github.com/symfony/Filesystem/archive/v2.2.0-BETA2.zip", + "reference": "v2.2.0-BETA2", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "time": "2013-01-17 15:25:59", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.2-dev" + } + }, + "autoload": { + "psr-0": { + "Symfony\\Component\\Filesystem\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "http://symfony.com/contributors" + } + ], + "description": "Symfony Filesystem Component", + "homepage": "http://symfony.com" + }, + { + "name": "symfony/finder", + "version": "dev-master", + "target-dir": "Symfony/Component/Finder", + "source": { + "type": "git", + "url": "https://github.com/symfony/Finder", + "reference": "d33658c34672f48474a669227ca3639fa0b443e7" + }, + "dist": { + "type": "zip", + "url": "https://github.com/symfony/Finder/archive/d33658c34672f48474a669227ca3639fa0b443e7.zip", + "reference": "d33658c34672f48474a669227ca3639fa0b443e7", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "time": "2013-01-29 18:42:39", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.2-dev" + } + }, + "autoload": { + "psr-0": { + "Symfony\\Component\\Finder\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "http://symfony.com/contributors" + } + ], + "description": "Symfony Finder Component", + "homepage": "http://symfony.com" + }, + { + "name": "symfony/process", + "version": "dev-master", + "target-dir": "Symfony/Component/Process", + "source": { + "type": "git", + "url": "https://github.com/symfony/Process", + "reference": "v2.2.0-BETA2" + }, + "dist": { + "type": "zip", + "url": "https://github.com/symfony/Process/archive/v2.2.0-BETA2.zip", + "reference": "v2.2.0-BETA2", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "time": "2013-01-17 15:25:59", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.2-dev" + } + }, + "autoload": { + "psr-0": { + "Symfony\\Component\\Process\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "http://symfony.com/contributors" + } + ], + "description": "Symfony Process Component", + "homepage": "http://symfony.com" + }, + { + "name": "symfony/yaml", + "version": "dev-master", + "target-dir": "Symfony/Component/Yaml", + "source": { + "type": "git", + "url": "https://github.com/symfony/Yaml", + "reference": "b293027f4030998a752a1ac06e80ae9e6bf6a763" + }, + "dist": { + "type": "zip", + "url": "https://github.com/symfony/Yaml/archive/b293027f4030998a752a1ac06e80ae9e6bf6a763.zip", + "reference": "b293027f4030998a752a1ac06e80ae9e6bf6a763", + "shasum": "" + }, + "require": { + "php": ">=5.3.3" + }, + "time": "2013-01-27 16:49:19", + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.2-dev" + } + }, + "autoload": { + "psr-0": { + "Symfony\\Component\\Yaml\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "http://symfony.com/contributors" + } + ], + "description": "Symfony Yaml Component", + "homepage": "http://symfony.com" + } + ], + "packages-dev": null, + "aliases": [ + + ], + "minimum-stability": "dev", + "stability-flags": [ + + ] +} + From 707e10182245094d5669cf5128bac483995f8b9d Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Fri, 3 May 2024 11:13:51 -0400 Subject: [PATCH 16/17] Issue #9643 resolved lint issues --- composer/lib/dependabot/composer/file_parser.rb | 1 - composer/spec/dependabot/composer/file_parser_spec.rb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index 72accb87f0c..ed694909371 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -169,7 +169,6 @@ def lockfile_details(name:, type:) fetchresults = parsed_lockfile.fetch(key, []) unless parsed_lockfile.nil? fetchresults.find { |d| d["name"] == name } unless fetchresults.nil? || fetchresults.empty? - end def lockfile_key(type) diff --git a/composer/spec/dependabot/composer/file_parser_spec.rb b/composer/spec/dependabot/composer/file_parser_spec.rb index ebc6c5f0623..0802cba4971 100644 --- a/composer/spec/dependabot/composer/file_parser_spec.rb +++ b/composer/spec/dependabot/composer/file_parser_spec.rb @@ -54,7 +54,7 @@ let(:name) { "phpunit/phpunit" } let(:type) { "development" } describe "no dependencies" do - subject {dependencies } + subject { dependencies } its(:length) { is_expected.to be >= 0 } end end From 13f7f15ac05cebb98c4e2e99304edd7a92d028a8 Mon Sep 17 00:00:00 2001 From: Garry L Hurley Jr Date: Fri, 3 May 2024 13:46:43 -0400 Subject: [PATCH 17/17] Issue #5919 - code review feedback changes --- composer/lib/dependabot/composer/file_parser.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/composer/lib/dependabot/composer/file_parser.rb b/composer/lib/dependabot/composer/file_parser.rb index ed694909371..0d647ed888e 100644 --- a/composer/lib/dependabot/composer/file_parser.rb +++ b/composer/lib/dependabot/composer/file_parser.rb @@ -166,9 +166,7 @@ def git_dependency_details(package_details, requirement) def lockfile_details(name:, type:) key = lockfile_key(type) - - fetchresults = parsed_lockfile.fetch(key, []) unless parsed_lockfile.nil? - fetchresults.find { |d| d["name"] == name } unless fetchresults.nil? || fetchresults.empty? + parsed_lockfile.fetch(key, [])&.find { |d| d["name"] == name } end def lockfile_key(type)