dependabot-core 0.83.2 → 0.84.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/file_fetchers.rb +0 -2
  4. data/lib/dependabot/file_parsers.rb +0 -2
  5. data/lib/dependabot/file_updaters.rb +0 -2
  6. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
  7. data/lib/dependabot/metadata_finders.rb +0 -1
  8. data/lib/dependabot/metadata_finders/base/release_finder.rb +4 -0
  9. data/lib/dependabot/update_checkers.rb +0 -2
  10. data/lib/dependabot/utils.rb +0 -2
  11. data/lib/dependabot/version.rb +1 -1
  12. metadata +3 -13
  13. data/lib/dependabot/file_fetchers/java/gradle.rb +0 -56
  14. data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +0 -66
  15. data/lib/dependabot/file_parsers/java/gradle.rb +0 -236
  16. data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +0 -90
  17. data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +0 -145
  18. data/lib/dependabot/file_updaters/java/gradle.rb +0 -176
  19. data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +0 -66
  20. data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +0 -58
  21. data/lib/dependabot/update_checkers/java/gradle.rb +0 -148
  22. data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +0 -105
  23. data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +0 -183
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb DELETED
@@ -1,58 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_updaters/java/gradle"
4
- require "dependabot/file_parsers/java/gradle/property_value_finder"
5
-
6
- module Dependabot
7
- module FileUpdaters
8
- module Java
9
- class Gradle
10
- class PropertyValueUpdater
11
- def initialize(dependency_files:)
12
- @dependency_files = dependency_files
13
- end
14
-
15
- def update_files_for_property_change(property_name:,
16
- callsite_buildfile:,
17
- previous_value:,
18
- updated_value:)
19
- declaration_details = property_value_finder.property_details(
20
- property_name: property_name,
21
- callsite_buildfile: callsite_buildfile
22
- )
23
- declaration_string = declaration_details.fetch(:declaration_string)
24
- filename = declaration_details.fetch(:file)
25
-
26
- file_to_update = dependency_files.find { |f| f.name == filename }
27
- updated_content = file_to_update.content.sub(
28
- declaration_string,
29
- declaration_string.sub(previous_value, updated_value)
30
- )
31
-
32
- updated_files = dependency_files.dup
33
- updated_files[updated_files.index(file_to_update)] =
34
- update_file(file: file_to_update, content: updated_content)
35
-
36
- updated_files
37
- end
38
-
39
- private
40
-
41
- attr_reader :dependency_files
42
-
43
- def property_value_finder
44
- @property_value_finder ||=
45
- FileParsers::Java::Gradle::PropertyValueFinder.
46
- new(dependency_files: dependency_files)
47
- end
48
-
49
- def update_file(file:, content:)
50
- updated_file = file.dup
51
- updated_file.content = content
52
- updated_file
53
- end
54
- end
55
- end
56
- end
57
- end
58
- end
data/lib/dependabot/update_checkers/java/gradle.rb DELETED
@@ -1,148 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/update_checkers/base"
4
- require "dependabot/file_parsers/java/gradle"
5
-
6
- module Dependabot
7
- module UpdateCheckers
8
- module Java
9
- class Gradle < Dependabot::UpdateCheckers::Base
10
- require_relative "maven/requirements_updater"
11
- require_relative "gradle/version_finder"
12
- require_relative "gradle/multi_dependency_updater"
13
-
14
- def latest_version
15
- latest_version_details&.fetch(:version)
16
- end
17
-
18
- def latest_resolvable_version
19
- # TODO: Resolve the build.gradle to find the latest version we could
20
- # update to without updating any other dependencies at the same time.
21
- #
22
- # The above is hard. Currently we just return the latest version and
23
- # hope (hence this package manager is in beta!)
24
- return nil if version_comes_from_multi_dependency_property?
25
- return nil if version_comes_from_dependency_set?
26
-
27
- latest_version
28
- end
29
-
30
- def latest_resolvable_version_with_no_unlock
31
- # Irrelevant, since Gradle has a single dependency file.
32
- #
33
- # For completeness we ought to resolve the build.gradle and return the
34
- # latest version that satisfies the current constraint AND any
35
- # constraints placed on it by other dependencies. Seeing as we're
36
- # never going to take any action as a result, though, we just return
37
- # nil.
38
- nil
39
- end
40
-
41
- def updated_requirements
42
- property_names =
43
- declarations_using_a_property.
44
- map { |req| req.dig(:metadata, :property_name) }
45
-
46
- Maven::RequirementsUpdater.new(
47
- requirements: dependency.requirements,
48
- latest_version: latest_version&.to_s,
49
- source_url: latest_version_details&.fetch(:source_url),
50
- properties_to_update: property_names
51
- ).updated_requirements
52
- end
53
-
54
- def requirements_unlocked_or_can_be?
55
- # If the dependency version come from a property we couldn't
56
- # interpolate then there's nothing we can do.
57
- !dependency.version.include?("$")
58
- end
59
-
60
- private
61
-
62
- def latest_version_resolvable_with_full_unlock?
63
- unless version_comes_from_multi_dependency_property? ||
64
- version_comes_from_dependency_set?
65
- return false
66
- end
67
-
68
- multi_dependency_updater.update_possible?
69
- end
70
-
71
- def updated_dependencies_after_full_unlock
72
- multi_dependency_updater.updated_dependencies
73
- end
74
-
75
- def numeric_version_up_to_date?
76
- return false unless version_class.correct?(dependency.version)
77
-
78
- super
79
- end
80
-
81
- def numeric_version_can_update?(requirements_to_unlock:)
82
- return false unless version_class.correct?(dependency.version)
83
-
84
- super
85
- end
86
-
87
- def latest_version_details
88
- @latest_version_details ||= version_finder.latest_version_details
89
- end
90
-
91
- def version_finder
92
- @version_finder ||=
93
- VersionFinder.new(
94
- dependency: dependency,
95
- dependency_files: dependency_files,
96
- ignored_versions: ignored_versions
97
- )
98
- end
99
-
100
- def multi_dependency_updater
101
- @multi_dependency_updater ||=
102
- MultiDependencyUpdater.new(
103
- dependency: dependency,
104
- dependency_files: dependency_files,
105
- target_version_details: latest_version_details,
106
- ignored_versions: ignored_versions
107
- )
108
- end
109
-
110
- def version_comes_from_multi_dependency_property?
111
- declarations_using_a_property.any? do |requirement|
112
- property_name = requirement.fetch(:metadata).fetch(:property_name)
113
-
114
- all_property_based_dependencies.any? do |dep|
115
- next false if dep.name == dependency.name
116
-
117
- dep.requirements.any? do |req|
118
- req.dig(:metadata, :property_name) == property_name
119
- end
120
- end
121
- end
122
- end
123
-
124
- def version_comes_from_dependency_set?
125
- dependency.requirements.any? do |req|
126
- req.dig(:metadata, :dependency_set)
127
- end
128
- end
129
-
130
- def declarations_using_a_property
131
- @declarations_using_a_property ||=
132
- dependency.requirements.
133
- select { |req| req.dig(:metadata, :property_name) }
134
- end
135
-
136
- def all_property_based_dependencies
137
- @all_property_based_dependencies ||=
138
- FileParsers::Java::Gradle.new(
139
- dependency_files: dependency_files,
140
- source: nil
141
- ).parse.select do |dep|
142
- dep.requirements.any? { |req| req.dig(:metadata, :property_name) }
143
- end
144
- end
145
- end
146
- end
147
- end
148
- end
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb DELETED
@@ -1,105 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_parsers/java/gradle"
4
- require "dependabot/update_checkers/java/gradle"
5
- require "dependabot/update_checkers/java/maven/requirements_updater"
6
-
7
- module Dependabot
8
- module UpdateCheckers
9
- module Java
10
- class Gradle
11
- class MultiDependencyUpdater
12
- require_relative "version_finder"
13
-
14
- def initialize(dependency:, dependency_files:,
15
- target_version_details:, ignored_versions:)
16
- @dependency = dependency
17
- @dependency_files = dependency_files
18
- @target_version = target_version_details&.fetch(:version)
19
- @source_url = target_version_details&.fetch(:source_url)
20
- @ignored_versions = ignored_versions
21
- end
22
-
23
- def update_possible?
24
- return false unless target_version
25
-
26
- @update_possible ||=
27
- dependencies_to_update.all? do |dep|
28
- VersionFinder.new(
29
- dependency: dep,
30
- dependency_files: dependency_files,
31
- ignored_versions: ignored_versions
32
- ).versions.
33
- map { |v| v.fetch(:version) }.
34
- include?(target_version)
35
- end
36
- end
37
-
38
- def updated_dependencies
39
- raise "Update not possible!" unless update_possible?
40
-
41
- @updated_dependencies ||=
42
- dependencies_to_update.map do |dep|
43
- Dependency.new(
44
- name: dep.name,
45
- version: target_version.to_s,
46
- requirements: updated_requirements(dep),
47
- previous_version: dep.version,
48
- previous_requirements: dep.requirements,
49
- package_manager: dep.package_manager
50
- )
51
- end
52
- end
53
-
54
- private
55
-
56
- attr_reader :dependency, :dependency_files, :target_version,
57
- :source_url, :ignored_versions
58
-
59
- def dependencies_to_update
60
- @dependencies_to_update ||=
61
- FileParsers::Java::Gradle.new(
62
- dependency_files: dependency_files,
63
- source: nil
64
- ).parse.select do |dep|
65
- dep.requirements.any? do |r|
66
- tmp_p_name = r.dig(:metadata, :property_name)
67
- tmp_dep_set = r.dig(:metadata, :dependency_set)
68
- next true if property_name && tmp_p_name == property_name
69
-
70
- dependency_set && tmp_dep_set == dependency_set
71
- end
72
- end
73
- end
74
-
75
- def property_name
76
- @property_name ||= dependency.requirements.
77
- find { |r| r.dig(:metadata, :property_name) }&.
78
- dig(:metadata, :property_name)
79
- end
80
-
81
- def dependency_set
82
- @dependency_set ||= dependency.requirements.
83
- find { |r| r.dig(:metadata, :dependency_set) }&.
84
- dig(:metadata, :dependency_set)
85
- end
86
-
87
- def pom
88
- dependency_files.find { |f| f.name == "pom.xml" }
89
- end
90
-
91
- def updated_requirements(dep)
92
- @updated_requirements ||= {}
93
- @updated_requirements[dep.name] ||=
94
- Maven::RequirementsUpdater.new(
95
- requirements: dep.requirements,
96
- latest_version: target_version.to_s,
97
- source_url: source_url,
98
- properties_to_update: [property_name].compact
99
- ).updated_requirements
100
- end
101
- end
102
- end
103
- end
104
- end
105
- end
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb DELETED
@@ -1,183 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
- require "dependabot/shared_helpers"
5
- require "dependabot/file_parsers/java/gradle/repositories_finder"
6
- require "dependabot/update_checkers/java/gradle"
7
- require "dependabot/utils/java/version"
8
- require "dependabot/utils/java/requirement"
9
-
10
- module Dependabot
11
- module UpdateCheckers
12
- module Java
13
- class Gradle
14
- class VersionFinder
15
- GOOGLE_MAVEN_REPO = "https://maven.google.com"
16
- TYPE_SUFFICES = %w(jre android java).freeze
17
-
18
- def initialize(dependency:, dependency_files:, ignored_versions:)
19
- @dependency = dependency
20
- @dependency_files = dependency_files
21
- @ignored_versions = ignored_versions
22
- end
23
-
24
- def latest_version_details
25
- possible_versions = versions
26
-
27
- unless wants_prerelease?
28
- possible_versions =
29
- possible_versions.
30
- reject { |v| v.fetch(:version).prerelease? }
31
- end
32
-
33
- unless wants_date_based_version?
34
- possible_versions =
35
- possible_versions.
36
- reject { |v| v.fetch(:version) > version_class.new(1900) }
37
- end
38
-
39
- possible_versions =
40
- possible_versions.
41
- select { |v| matches_dependency_version_type?(v.fetch(:version)) }
42
-
43
- ignored_versions.each do |req|
44
- ignore_req = Utils::Java::Requirement.new(req.split(","))
45
- possible_versions =
46
- possible_versions.
47
- reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
48
- end
49
-
50
- possible_versions.last
51
- end
52
-
53
- def versions
54
- version_details =
55
- repository_urls.map do |url|
56
- next google_version_details if url == GOOGLE_MAVEN_REPO
57
-
58
- dependency_metadata(url).css("versions > version").
59
- select { |node| version_class.correct?(node.content) }.
60
- map { |node| version_class.new(node.content) }.
61
- map { |version| { version: version, source_url: url } }
62
- end.flatten.compact
63
-
64
- version_details.sort_by { |details| details.fetch(:version) }
65
- end
66
-
67
- private
68
-
69
- attr_reader :dependency, :dependency_files, :ignored_versions
70
-
71
- def wants_prerelease?
72
- return false unless dependency.version
73
- return false unless version_class.correct?(dependency.version)
74
-
75
- version_class.new(dependency.version).prerelease?
76
- end
77
-
78
- def wants_date_based_version?
79
- return false unless dependency.version
80
- return false unless version_class.correct?(dependency.version)
81
-
82
- version_class.new(dependency.version) >= version_class.new(100)
83
- end
84
-
85
- def google_version_details
86
- url = GOOGLE_MAVEN_REPO
87
- group_id, artifact_id = dependency.name.split(":")
88
-
89
- dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
90
- "#{group_id.tr('.', '/')}/"\
91
- "group-index.xml"
92
-
93
- @google_version_details ||=
94
- begin
95
- response = Excon.get(
96
- dependency_metadata_url,
97
- idempotent: true,
98
- **SharedHelpers.excon_defaults
99
- )
100
- Nokogiri::XML(response.body)
101
- end
102
-
103
- xpath = "/#{group_id}/#{artifact_id}"
104
- return unless @google_version_details.at_xpath(xpath)
105
-
106
- @google_version_details.at_xpath(xpath).
107
- attributes.fetch("versions").
108
- value.split(",").
109
- select { |v| version_class.correct?(v) }.
110
- map { |v| version_class.new(v) }.
111
- map { |version| { version: version, source_url: url } }
112
- end
113
-
114
- def dependency_metadata(repository_url)
115
- @dependency_metadata ||= {}
116
- @dependency_metadata[repository_url] ||=
117
- begin
118
- response = Excon.get(
119
- dependency_metadata_url(repository_url),
120
- idempotent: true,
121
- **SharedHelpers.excon_defaults
122
- )
123
- Nokogiri::XML(response.body)
124
- rescue Excon::Error::Socket, Excon::Error::Timeout
125
- namespace = FileParsers::Java::Gradle::RepositoriesFinder
126
- central = namespace::CENTRAL_REPO_URL
127
- raise if repository_url == central
128
-
129
- Nokogiri::XML("")
130
- end
131
- end
132
-
133
- def repository_urls
134
- requirement_files =
135
- dependency.requirements.
136
- map { |r| r.fetch(:file) }.
137
- map { |nm| dependency_files.find { |f| f.name == nm } }
138
-
139
- @repository_urls ||=
140
- requirement_files.flat_map do |target_file|
141
- FileParsers::Java::Gradle::RepositoriesFinder.new(
142
- dependency_files: dependency_files,
143
- target_dependency_file: target_file
144
- ).repository_urls
145
- end.uniq
146
- end
147
-
148
- def matches_dependency_version_type?(comparison_version)
149
- return true unless dependency.version
150
-
151
- current_type =
152
- TYPE_SUFFICES.
153
- find { |t| dependency.version.split(/[.\-]/).include?(t) }
154
-
155
- version_type =
156
- TYPE_SUFFICES.
157
- find { |t| comparison_version.to_s.split(/[.\-]/).include?(t) }
158
-
159
- current_type == version_type
160
- end
161
-
162
- def pom
163
- filename = dependency.requirements.first.fetch(:file)
164
- dependency_files.find { |f| f.name == filename }
165
- end
166
-
167
- def dependency_metadata_url(repository_url)
168
- group_id, artifact_id = dependency.name.split(":")
169
-
170
- "#{repository_url}/"\
171
- "#{group_id.tr('.', '/')}/"\
172
- "#{artifact_id}/"\
173
- "maven-metadata.xml"
174
- end
175
-
176
- def version_class
177
- Utils::Java::Version
178
- end
179
- end
180
- end
181
- end
182
- end
183
- end