dependabot-core 0.83.2 → 0.84.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (23) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/dependabot/file_fetchers.rb +0 -2
  4. data/lib/dependabot/file_parsers.rb +0 -2
  5. data/lib/dependabot/file_updaters.rb +0 -2
  6. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
  7. data/lib/dependabot/metadata_finders.rb +0 -1
  8. data/lib/dependabot/metadata_finders/base/release_finder.rb +4 -0
  9. data/lib/dependabot/update_checkers.rb +0 -2
  10. data/lib/dependabot/utils.rb +0 -2
  11. data/lib/dependabot/version.rb +1 -1
  12. metadata +3 -13
  13. data/lib/dependabot/file_fetchers/java/gradle.rb +0 -56
  14. data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +0 -66
  15. data/lib/dependabot/file_parsers/java/gradle.rb +0 -236
  16. data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +0 -90
  17. data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +0 -145
  18. data/lib/dependabot/file_updaters/java/gradle.rb +0 -176
  19. data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +0 -66
  20. data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +0 -58
  21. data/lib/dependabot/update_checkers/java/gradle.rb +0 -148
  22. data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +0 -105
  23. data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +0 -183
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb DELETED
@@ -1,58 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_updaters/java/gradle"
4
- require "dependabot/file_parsers/java/gradle/property_value_finder"
5
-
6
- module Dependabot
7
- module FileUpdaters
8
- module Java
9
- class Gradle
10
- class PropertyValueUpdater
11
- def initialize(dependency_files:)
12
- @dependency_files = dependency_files
13
- end
14
-
15
- def update_files_for_property_change(property_name:,
16
- callsite_buildfile:,
17
- previous_value:,
18
- updated_value:)
19
- declaration_details = property_value_finder.property_details(
20
- property_name: property_name,
21
- callsite_buildfile: callsite_buildfile
22
- )
23
- declaration_string = declaration_details.fetch(:declaration_string)
24
- filename = declaration_details.fetch(:file)
25
-
26
- file_to_update = dependency_files.find { |f| f.name == filename }
27
- updated_content = file_to_update.content.sub(
28
- declaration_string,
29
- declaration_string.sub(previous_value, updated_value)
30
- )
31
-
32
- updated_files = dependency_files.dup
33
- updated_files[updated_files.index(file_to_update)] =
34
- update_file(file: file_to_update, content: updated_content)
35
-
36
- updated_files
37
- end
38
-
39
- private
40
-
41
- attr_reader :dependency_files
42
-
43
- def property_value_finder
44
- @property_value_finder ||=
45
- FileParsers::Java::Gradle::PropertyValueFinder.
46
- new(dependency_files: dependency_files)
47
- end
48
-
49
- def update_file(file:, content:)
50
- updated_file = file.dup
51
- updated_file.content = content
52
- updated_file
53
- end
54
- end
55
- end
56
- end
57
- end
58
- end
data/lib/dependabot/update_checkers/java/gradle.rb DELETED
@@ -1,148 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/update_checkers/base"
4
- require "dependabot/file_parsers/java/gradle"
5
-
6
- module Dependabot
7
- module UpdateCheckers
8
- module Java
9
- class Gradle < Dependabot::UpdateCheckers::Base
10
- require_relative "maven/requirements_updater"
11
- require_relative "gradle/version_finder"
12
- require_relative "gradle/multi_dependency_updater"
13
-
14
- def latest_version
15
- latest_version_details&.fetch(:version)
16
- end
17
-
18
- def latest_resolvable_version
19
- # TODO: Resolve the build.gradle to find the latest version we could
20
- # update to without updating any other dependencies at the same time.
21
- #
22
- # The above is hard. Currently we just return the latest version and
23
- # hope (hence this package manager is in beta!)
24
- return nil if version_comes_from_multi_dependency_property?
25
- return nil if version_comes_from_dependency_set?
26
-
27
- latest_version
28
- end
29
-
30
- def latest_resolvable_version_with_no_unlock
31
- # Irrelevant, since Gradle has a single dependency file.
32
- #
33
- # For completeness we ought to resolve the build.gradle and return the
34
- # latest version that satisfies the current constraint AND any
35
- # constraints placed on it by other dependencies. Seeing as we're
36
- # never going to take any action as a result, though, we just return
37
- # nil.
38
- nil
39
- end
40
-
41
- def updated_requirements
42
- property_names =
43
- declarations_using_a_property.
44
- map { |req| req.dig(:metadata, :property_name) }
45
-
46
- Maven::RequirementsUpdater.new(
47
- requirements: dependency.requirements,
48
- latest_version: latest_version&.to_s,
49
- source_url: latest_version_details&.fetch(:source_url),
50
- properties_to_update: property_names
51
- ).updated_requirements
52
- end
53
-
54
- def requirements_unlocked_or_can_be?
55
- # If the dependency version come from a property we couldn't
56
- # interpolate then there's nothing we can do.
57
- !dependency.version.include?("$")
58
- end
59
-
60
- private
61
-
62
- def latest_version_resolvable_with_full_unlock?
63
- unless version_comes_from_multi_dependency_property? ||
64
- version_comes_from_dependency_set?
65
- return false
66
- end
67
-
68
- multi_dependency_updater.update_possible?
69
- end
70
-
71
- def updated_dependencies_after_full_unlock
72
- multi_dependency_updater.updated_dependencies
73
- end
74
-
75
- def numeric_version_up_to_date?
76
- return false unless version_class.correct?(dependency.version)
77
-
78
- super
79
- end
80
-
81
- def numeric_version_can_update?(requirements_to_unlock:)
82
- return false unless version_class.correct?(dependency.version)
83
-
84
- super
85
- end
86
-
87
- def latest_version_details
88
- @latest_version_details ||= version_finder.latest_version_details
89
- end
90
-
91
- def version_finder
92
- @version_finder ||=
93
- VersionFinder.new(
94
- dependency: dependency,
95
- dependency_files: dependency_files,
96
- ignored_versions: ignored_versions
97
- )
98
- end
99
-
100
- def multi_dependency_updater
101
- @multi_dependency_updater ||=
102
- MultiDependencyUpdater.new(
103
- dependency: dependency,
104
- dependency_files: dependency_files,
105
- target_version_details: latest_version_details,
106
- ignored_versions: ignored_versions
107
- )
108
- end
109
-
110
- def version_comes_from_multi_dependency_property?
111
- declarations_using_a_property.any? do |requirement|
112
- property_name = requirement.fetch(:metadata).fetch(:property_name)
113
-
114
- all_property_based_dependencies.any? do |dep|
115
- next false if dep.name == dependency.name
116
-
117
- dep.requirements.any? do |req|
118
- req.dig(:metadata, :property_name) == property_name
119
- end
120
- end
121
- end
122
- end
123
-
124
- def version_comes_from_dependency_set?
125
- dependency.requirements.any? do |req|
126
- req.dig(:metadata, :dependency_set)
127
- end
128
- end
129
-
130
- def declarations_using_a_property
131
- @declarations_using_a_property ||=
132
- dependency.requirements.
133
- select { |req| req.dig(:metadata, :property_name) }
134
- end
135
-
136
- def all_property_based_dependencies
137
- @all_property_based_dependencies ||=
138
- FileParsers::Java::Gradle.new(
139
- dependency_files: dependency_files,
140
- source: nil
141
- ).parse.select do |dep|
142
- dep.requirements.any? { |req| req.dig(:metadata, :property_name) }
143
- end
144
- end
145
- end
146
- end
147
- end
148
- end
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb DELETED
@@ -1,105 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_parsers/java/gradle"
4
- require "dependabot/update_checkers/java/gradle"
5
- require "dependabot/update_checkers/java/maven/requirements_updater"
6
-
7
- module Dependabot
8
- module UpdateCheckers
9
- module Java
10
- class Gradle
11
- class MultiDependencyUpdater
12
- require_relative "version_finder"
13
-
14
- def initialize(dependency:, dependency_files:,
15
- target_version_details:, ignored_versions:)
16
- @dependency = dependency
17
- @dependency_files = dependency_files
18
- @target_version = target_version_details&.fetch(:version)
19
- @source_url = target_version_details&.fetch(:source_url)
20
- @ignored_versions = ignored_versions
21
- end
22
-
23
- def update_possible?
24
- return false unless target_version
25
-
26
- @update_possible ||=
27
- dependencies_to_update.all? do |dep|
28
- VersionFinder.new(
29
- dependency: dep,
30
- dependency_files: dependency_files,
31
- ignored_versions: ignored_versions
32
- ).versions.
33
- map { |v| v.fetch(:version) }.
34
- include?(target_version)
35
- end
36
- end
37
-
38
- def updated_dependencies
39
- raise "Update not possible!" unless update_possible?
40
-
41
- @updated_dependencies ||=
42
- dependencies_to_update.map do |dep|
43
- Dependency.new(
44
- name: dep.name,
45
- version: target_version.to_s,
46
- requirements: updated_requirements(dep),
47
- previous_version: dep.version,
48
- previous_requirements: dep.requirements,
49
- package_manager: dep.package_manager
50
- )
51
- end
52
- end
53
-
54
- private
55
-
56
- attr_reader :dependency, :dependency_files, :target_version,
57
- :source_url, :ignored_versions
58
-
59
- def dependencies_to_update
60
- @dependencies_to_update ||=
61
- FileParsers::Java::Gradle.new(
62
- dependency_files: dependency_files,
63
- source: nil
64
- ).parse.select do |dep|
65
- dep.requirements.any? do |r|
66
- tmp_p_name = r.dig(:metadata, :property_name)
67
- tmp_dep_set = r.dig(:metadata, :dependency_set)
68
- next true if property_name && tmp_p_name == property_name
69
-
70
- dependency_set && tmp_dep_set == dependency_set
71
- end
72
- end
73
- end
74
-
75
- def property_name
76
- @property_name ||= dependency.requirements.
77
- find { |r| r.dig(:metadata, :property_name) }&.
78
- dig(:metadata, :property_name)
79
- end
80
-
81
- def dependency_set
82
- @dependency_set ||= dependency.requirements.
83
- find { |r| r.dig(:metadata, :dependency_set) }&.
84
- dig(:metadata, :dependency_set)
85
- end
86
-
87
- def pom
88
- dependency_files.find { |f| f.name == "pom.xml" }
89
- end
90
-
91
- def updated_requirements(dep)
92
- @updated_requirements ||= {}
93
- @updated_requirements[dep.name] ||=
94
- Maven::RequirementsUpdater.new(
95
- requirements: dep.requirements,
96
- latest_version: target_version.to_s,
97
- source_url: source_url,
98
- properties_to_update: [property_name].compact
99
- ).updated_requirements
100
- end
101
- end
102
- end
103
- end
104
- end
105
- end
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb DELETED
@@ -1,183 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
- require "dependabot/shared_helpers"
5
- require "dependabot/file_parsers/java/gradle/repositories_finder"
6
- require "dependabot/update_checkers/java/gradle"
7
- require "dependabot/utils/java/version"
8
- require "dependabot/utils/java/requirement"
9
-
10
- module Dependabot
11
- module UpdateCheckers
12
- module Java
13
- class Gradle
14
- class VersionFinder
15
- GOOGLE_MAVEN_REPO = "https://maven.google.com"
16
- TYPE_SUFFICES = %w(jre android java).freeze
17
-
18
- def initialize(dependency:, dependency_files:, ignored_versions:)
19
- @dependency = dependency
20
- @dependency_files = dependency_files
21
- @ignored_versions = ignored_versions
22
- end
23
-
24
- def latest_version_details
25
- possible_versions = versions
26
-
27
- unless wants_prerelease?
28
- possible_versions =
29
- possible_versions.
30
- reject { |v| v.fetch(:version).prerelease? }
31
- end
32
-
33
- unless wants_date_based_version?
34
- possible_versions =
35
- possible_versions.
36
- reject { |v| v.fetch(:version) > version_class.new(1900) }
37
- end
38
-
39
- possible_versions =
40
- possible_versions.
41
- select { |v| matches_dependency_version_type?(v.fetch(:version)) }
42
-
43
- ignored_versions.each do |req|
44
- ignore_req = Utils::Java::Requirement.new(req.split(","))
45
- possible_versions =
46
- possible_versions.
47
- reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
48
- end
49
-
50
- possible_versions.last
51
- end
52
-
53
- def versions
54
- version_details =
55
- repository_urls.map do |url|
56
- next google_version_details if url == GOOGLE_MAVEN_REPO
57
-
58
- dependency_metadata(url).css("versions > version").
59
- select { |node| version_class.correct?(node.content) }.
60
- map { |node| version_class.new(node.content) }.
61
- map { |version| { version: version, source_url: url } }
62
- end.flatten.compact
63
-
64
- version_details.sort_by { |details| details.fetch(:version) }
65
- end
66
-
67
- private
68
-
69
- attr_reader :dependency, :dependency_files, :ignored_versions
70
-
71
- def wants_prerelease?
72
- return false unless dependency.version
73
- return false unless version_class.correct?(dependency.version)
74
-
75
- version_class.new(dependency.version).prerelease?
76
- end
77
-
78
- def wants_date_based_version?
79
- return false unless dependency.version
80
- return false unless version_class.correct?(dependency.version)
81
-
82
- version_class.new(dependency.version) >= version_class.new(100)
83
- end
84
-
85
- def google_version_details
86
- url = GOOGLE_MAVEN_REPO
87
- group_id, artifact_id = dependency.name.split(":")
88
-
89
- dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
90
- "#{group_id.tr('.', '/')}/"\
91
- "group-index.xml"
92
-
93
- @google_version_details ||=
94
- begin
95
- response = Excon.get(
96
- dependency_metadata_url,
97
- idempotent: true,
98
- **SharedHelpers.excon_defaults
99
- )
100
- Nokogiri::XML(response.body)
101
- end
102
-
103
- xpath = "/#{group_id}/#{artifact_id}"
104
- return unless @google_version_details.at_xpath(xpath)
105
-
106
- @google_version_details.at_xpath(xpath).
107
- attributes.fetch("versions").
108
- value.split(",").
109
- select { |v| version_class.correct?(v) }.
110
- map { |v| version_class.new(v) }.
111
- map { |version| { version: version, source_url: url } }
112
- end
113
-
114
- def dependency_metadata(repository_url)
115
- @dependency_metadata ||= {}
116
- @dependency_metadata[repository_url] ||=
117
- begin
118
- response = Excon.get(
119
- dependency_metadata_url(repository_url),
120
- idempotent: true,
121
- **SharedHelpers.excon_defaults
122
- )
123
- Nokogiri::XML(response.body)
124
- rescue Excon::Error::Socket, Excon::Error::Timeout
125
- namespace = FileParsers::Java::Gradle::RepositoriesFinder
126
- central = namespace::CENTRAL_REPO_URL
127
- raise if repository_url == central
128
-
129
- Nokogiri::XML("")
130
- end
131
- end
132
-
133
- def repository_urls
134
- requirement_files =
135
- dependency.requirements.
136
- map { |r| r.fetch(:file) }.
137
- map { |nm| dependency_files.find { |f| f.name == nm } }
138
-
139
- @repository_urls ||=
140
- requirement_files.flat_map do |target_file|
141
- FileParsers::Java::Gradle::RepositoriesFinder.new(
142
- dependency_files: dependency_files,
143
- target_dependency_file: target_file
144
- ).repository_urls
145
- end.uniq
146
- end
147
-
148
- def matches_dependency_version_type?(comparison_version)
149
- return true unless dependency.version
150
-
151
- current_type =
152
- TYPE_SUFFICES.
153
- find { |t| dependency.version.split(/[.\-]/).include?(t) }
154
-
155
- version_type =
156
- TYPE_SUFFICES.
157
- find { |t| comparison_version.to_s.split(/[.\-]/).include?(t) }
158
-
159
- current_type == version_type
160
- end
161
-
162
- def pom
163
- filename = dependency.requirements.first.fetch(:file)
164
- dependency_files.find { |f| f.name == filename }
165
- end
166
-
167
- def dependency_metadata_url(repository_url)
168
- group_id, artifact_id = dependency.name.split(":")
169
-
170
- "#{repository_url}/"\
171
- "#{group_id.tr('.', '/')}/"\
172
- "#{artifact_id}/"\
173
- "maven-metadata.xml"
174
- end
175
-
176
- def version_class
177
- Utils::Java::Version
178
- end
179
- end
180
- end
181
- end
182
- end
183
- end