Handle development dependencies for PHP projects

As well as updating production dependencies in the "require" section of a `composer.json` file, we also want to ensure we're keeping development dependencies in the `require-dev`[1] section up to date (e.g., PHPUnit). We can safely attempt to update both sections because if a dependency exists in both require and require-dev, composer will complain about conflicts itself, so there shouldn't be any composer.json files in that state. [1]: See: https://getcomposer.org/doc/04-schema.md#require-dev
dependabot · Sep 9, 2017 · 3b18d37 · 3b18d37
1 parent e5b9b4b
commit 3b18d37
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 4 deletions.
diff --git a/helpers/php/src/Updater.php b/helpers/php/src/Updater.php
@@ -14,9 +14,19 @@ public static function update($args)
 
     $composerJson = json_decode(file_get_contents('composer.json'), true);
 
-    $existingDependencyVersion = $composerJson["require"][$dependencyName];
-    $newDependencyVersion = self::relaxVersionToUserPreference($existingDependencyVersion, $dependencyVersion);
-    $composerJson["require"][$dependencyName] = $newDependencyVersion;
+    $composerJson = self::updateComposerJsonSection(
+      $composerJson,
+      "require",
+      $dependencyName,
+      $dependencyVersion
+    );
+
+    $composerJson = self::updateComposerJsonSection(
+      $composerJson,
+      "require-dev",
+      $dependencyName,
+      $dependencyVersion
+    );
 
     // When encoding JSON in PHP, it'll escape forward slashes by default.
     // We're not expecting this transform from the original data, which means
@@ -88,4 +98,23 @@ public static function relaxVersionToUserPreference($existingDependencyVersion,
 
     return $newDependencyVersion;
   }
+
+  // Given a nested array representing a composer.json file, look for the given
+  // dependency in the provided section (i.e., require, require-dev) and update
+  // the composer data with the new version, before returning a composer
+  // representation with the updated version.
+  //
+  // If the dependency doesn't exist in the section, will return the provided
+  // composer JSON unaltered
+  //
+  // Note: Arrays are passed by value/copy, so this will leave the original composerJson untouched
+  public static function updateComposerJsonSection($composerJson, $section, $dependencyName, $dependencyVersion) {
+    if(isset($composerJson[$section][$dependencyName])) {
+      $existingDependencyVersion = $composerJson[$section][$dependencyName];
+      $newDependencyVersion = self::relaxVersionToUserPreference($existingDependencyVersion, $dependencyVersion);
+      $composerJson[$section][$dependencyName] = $newDependencyVersion;
+    }
+
+    return $composerJson;
+  }
 }
diff --git a/spec/dependabot/file_updaters/php/composer_spec.rb b/spec/dependabot/file_updaters/php/composer_spec.rb
@@ -94,7 +94,7 @@
           fixture("php", "composer_files", "development_dependencies")
         end
 
-        pending { is_expected.to include "\"monolog/monolog\":\"1.22.1\"" }
+        it { is_expected.to include "\"monolog/monolog\":\"1.22.1\"" }
       end
     end