From ad7c1522679ba7eb2e07f48517d8fb76f1f6bfe3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CThavachelvam?= <“thavaahariharangit@git.com”>
Date: Fri, 28 Feb 2025 15:40:29 +0000
Subject: [PATCH] Handle php version mismatch error.

---
 common/lib/dependabot/errors.rb               | 25 ++++++++++++++++---
 .../update_checker/version_resolver.rb        |  6 +++++
 .../update_checker/version_resolver_spec.rb   | 17 +++++++++++++
 .../fixtures/projects/conflicts/composer.json |  5 ++++
 .../composer.json                             |  5 ++++
 .../composer.json                             |  7 ++++++
 .../composer.json                             |  5 ++++
 .../replaced_dependency/composer.json         |  5 +++-
 .../unaddable_platform_req/composer.json      |  5 ++++
 .../version_conflict_library/composer.json    |  5 ++++
 .../composer.json                             |  5 ++++
 11 files changed, 85 insertions(+), 5 deletions(-)
 create mode 100644 composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile_handle_error/composer.json

diff --git a/common/lib/dependabot/errors.rb b/common/lib/dependabot/errors.rb
index cdd65428559..0f3710ecc23 100644
--- a/common/lib/dependabot/errors.rb
+++ b/common/lib/dependabot/errors.rb
@@ -114,9 +114,12 @@ def self.fetcher_error_details(error)
         "error-type": "illformed_requirement",
         "error-detail": { message: error.message }
       }
+    when Dependabot::PhpVersionMismatchError
+      {
+        "error-type": "php_version_mismatch_error",
+        "error-detail": { message: error.message }
+      }
     when *Octokit::RATE_LIMITED_ERRORS
-      # If we get a rate-limited error we let dependabot-api handle the
-      # retry by re-enqueing the update job after the reset
       {
         "error-type": "octokit_rate_limited",
         "error-detail": {
@@ -202,6 +205,11 @@ def self.parser_error_details(error)
       # and responsibility for fixing it is on them, not us. As a result we
       # quietly log these as errors
       { "error-type": "server_error" }
+    when Dependabot::PhpVersionMismatchError
+      {
+        "error-type": "php_version_mismatch_error",
+        "error-detail": { message: error.message }
+      }
     end
   end
 
@@ -362,9 +370,12 @@ def self.updater_error_details(error)
         "error-type": "git_token_auth_error",
         "error-detail": { message: error.message }
       }
+    when Dependabot::PhpVersionMismatchError
+      {
+        "error-type": "php_version_mismatch_error",
+        "error-detail": { message: error.message }
+      }
     when *Octokit::RATE_LIMITED_ERRORS
-      # If we get a rate-limited error we let dependabot-api handle the
-      # retry by re-enqueing the update job after the reset
       {
         "error-type": "octokit_rate_limited",
         "error-detail": {
@@ -889,5 +900,11 @@ def initialize(message = nil)
       super("network_unsafe_http", message)
     end
   end
+
+  class PhpVersionMismatchError < DependabotError
+    def initialize(message)
+      super("PHP version mismatch: #{message}")
+    end
+  end
 end
 # rubocop:enable Metrics/ModuleLength
diff --git a/composer/lib/dependabot/composer/update_checker/version_resolver.rb b/composer/lib/dependabot/composer/update_checker/version_resolver.rb
index 34fa10e9d13..d78356b5d20 100644
--- a/composer/lib/dependabot/composer/update_checker/version_resolver.rb
+++ b/composer/lib/dependabot/composer/update_checker/version_resolver.rb
@@ -259,6 +259,12 @@ def handle_composer_errors(error)
             raise PrivateSourceAuthenticationFailure, "nova.laravel.com"
           end
 
+          # To handle the case where the PHP version (configured in composer.json) is not supported
+          # Your requirements could not be resolved to an installable set of packages.
+          #   Problem 1
+          #     - Root composer.json requires league/csv >= 9.7, == 9.22.0 -> satisfiable by league/csv[9.22.0].
+          raise PhpVersionMismatchError, error.message if error.message.include?("your php version")
+
           dependency_url = Helpers.dependency_url_from_git_clone_error(error.message)
           if dependency_url
             raise Dependabot::GitDependenciesNotReachable, dependency_url
diff --git a/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb b/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb
index ef480351280..29cf4f5991f 100644
--- a/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb
+++ b/composer/spec/dependabot/composer/update_checker/version_resolver_spec.rb
@@ -150,6 +150,23 @@
       end
     end
 
+    context "with an application using a ^ PHP constraint and encountering a PhpVersionMismatchError" do
+      context "when the minimum version is invalid" do
+        let(:project_name) { "php_specified_min_invalid_without_lockfile_handle_error" }
+        let(:dependency_name) { "phpdocumentor/reflection-docblock" }
+        let(:dependency_version) { "2.0.4" }
+        let(:string_req) { "2.0.4" }
+        let(:latest_allowable_version) { Gem::Version.new("3.2.2") }
+
+        it "raises a Dependabot::PhpVersionMismatchError error" do
+          expect { resolver.latest_resolvable_version }
+            .to raise_error(Dependabot::PhpVersionMismatchError) do |error|
+            expect(error.message).to include("PHP version mismatch: Your requirements could not be resolved")
+          end
+        end
+      end
+    end
+
     context "when updating a subdependency that's not required anymore" do
       let(:project_name) { "subdependency_no_longer_required" }
       let(:requirements) { [] }
diff --git a/composer/spec/fixtures/projects/conflicts/composer.json b/composer/spec/fixtures/projects/conflicts/composer.json
index 365a0e4e3b3..496c72131ba 100644
--- a/composer/spec/fixtures/projects/conflicts/composer.json
+++ b/composer/spec/fixtures/projects/conflicts/composer.json
@@ -27,5 +27,10 @@
         "psr-4": {
             "Tests\\Tsufeki\\KayoJsonMapper\\": "tests/Tsufeki/KayoJsonMapper/"
         }
+    },
+    "config": {
+      "platform": {
+        "php": "7.1.3"
+      }
     }
 }
diff --git a/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile/composer.json b/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile/composer.json
index 4b48ccfd388..54747ebba2a 100644
--- a/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile/composer.json
+++ b/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile/composer.json
@@ -3,5 +3,10 @@
       "php": "^5.2.0",
       "phpdocumentor/reflection-docblock": "2.0.4",
       "illuminate/support": "^5.2.0"
+  },
+  "config": {
+    "platform": {
+      "php": "5.8.36"
+    }
   }
 }
diff --git a/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile_handle_error/composer.json b/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile_handle_error/composer.json
new file mode 100644
index 00000000000..4b48ccfd388
--- /dev/null
+++ b/composer/spec/fixtures/projects/php_specified_min_invalid_without_lockfile_handle_error/composer.json
@@ -0,0 +1,7 @@
+{
+  "require": {
+      "php": "^5.2.0",
+      "phpdocumentor/reflection-docblock": "2.0.4",
+      "illuminate/support": "^5.2.0"
+  }
+}
diff --git a/composer/spec/fixtures/projects/php_specified_without_lockfile/composer.json b/composer/spec/fixtures/projects/php_specified_without_lockfile/composer.json
index 3d56bae1a2b..58342b08e89 100644
--- a/composer/spec/fixtures/projects/php_specified_without_lockfile/composer.json
+++ b/composer/spec/fixtures/projects/php_specified_without_lockfile/composer.json
@@ -3,5 +3,10 @@
         "php": ">=5.6.0",
         "phpdocumentor/reflection-docblock": "2.0.4",
         "illuminate/support": "^5.2.0"
+    },
+    "config": {
+      "platform": {
+        "php": "5.8.36"
+      }
     }
 }
diff --git a/composer/spec/fixtures/projects/replaced_dependency/composer.json b/composer/spec/fixtures/projects/replaced_dependency/composer.json
index 3bcc18aefc0..2040af7984e 100644
--- a/composer/spec/fixtures/projects/replaced_dependency/composer.json
+++ b/composer/spec/fixtures/projects/replaced_dependency/composer.json
@@ -39,7 +39,10 @@
         "test": "vendor/bin/phpunit"
     },
     "config": {
-        "sort-packages": true
+        "sort-packages": true,
+        "platform": {
+          "php": "7.1.3"
+        }
     },
     "extra": {
         "laravel": {
diff --git a/composer/spec/fixtures/projects/unaddable_platform_req/composer.json b/composer/spec/fixtures/projects/unaddable_platform_req/composer.json
index 4cf51973ad6..fefa8fd5a3c 100644
--- a/composer/spec/fixtures/projects/unaddable_platform_req/composer.json
+++ b/composer/spec/fixtures/projects/unaddable_platform_req/composer.json
@@ -7,5 +7,10 @@
   },
   "require-dev": {
     "phpunit/phpunit": "^4.0 || ^8.0"
+  },
+  "config": {
+    "platform": {
+      "php": "5.8.36"
+    }
   }
 }
diff --git a/composer/spec/fixtures/projects/version_conflict_library/composer.json b/composer/spec/fixtures/projects/version_conflict_library/composer.json
index 51053f282af..6c3d9a5cf1d 100644
--- a/composer/spec/fixtures/projects/version_conflict_library/composer.json
+++ b/composer/spec/fixtures/projects/version_conflict_library/composer.json
@@ -5,5 +5,10 @@
         "phalcon/devtools": "~3.2",
         "longman/telegram-bot": "*",
         "james-heinrich/getid3": "^1.9"
+    },
+    "config": {
+      "platform": {
+        "php": "8.2.27"
+      }
     }
 }
diff --git a/composer/spec/fixtures/projects/version_conflict_on_update_without_lockfile/composer.json b/composer/spec/fixtures/projects/version_conflict_on_update_without_lockfile/composer.json
index 63d9f14dd46..40b41fb979d 100644
--- a/composer/spec/fixtures/projects/version_conflict_on_update_without_lockfile/composer.json
+++ b/composer/spec/fixtures/projects/version_conflict_on_update_without_lockfile/composer.json
@@ -3,5 +3,10 @@
         "phalcon/devtools": "~3.2",
         "longman/telegram-bot": "*",
         "james-heinrich/getid3": "^1.9"
+    },
+    "config": {
+      "platform": {
+        "php": "8.2.27"
+      }
     }
 }