dependabot-gradle 0.106.25 → 0.106.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_parser.rb +44 -2
  3. data/lib/dependabot/gradle/file_updater.rb +8 -2
  4. data/lib/dependabot/gradle/metadata_finder.rb +13 -2
  5. data/lib/dependabot/gradle/update_checker/version_finder.rb +20 -2
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 671f6bb68662b1c15a2d2671db49fa0853ae1f58cbf0b94d098362fcc73d2ba3
4
- data.tar.gz: 71841bb8d4a68544dc650bda42991a59513fa2b3883db73452fb9bdd2999c422
3
+ metadata.gz: f74231dc9851ed070e4894bce3287deb5c2e14d5f000e8aa409f6f64ac3bfeda
4
+ data.tar.gz: 1854ade31354c0a66f760b08f59130a95ff88315d0ecb7596b618e5e18f4a2ce
5
5
  SHA512:
6
- metadata.gz: 78184073e2334564499a4efa3da4639f20a08c6f7a1b1d3cb83bfba8021e4b139c87ccdbe07610c72a6795184d93a2b764c8b1721cdb3d7b79405f2ed85b0e24
7
- data.tar.gz: aef8bd63a1d0c9ab36f5727216a920f72890844677296463e2b1c351501870723316f61f791d44802df9f9e80d9acffdc6a24a43478a95dcb63fc2542b48ed0a
6
+ metadata.gz: a526f34ee922989f179f65be71488d081ec01ea5be50da7f3f16c62a079e5d7f4763bebe278e8bcae5de7eba3a6af076c2689a6a29e14f4246bca8010cbf20a1
7
+ data.tar.gz: 20dec11595a1344c112ac180886ac91edbe55cfc42e6013026965735277f8139dc307d6d951f9c9c1cf4f17167a11e420b7183f84d3c7e21ee272a4cf85f0a41
data/lib/dependabot/gradle/file_parser.rb CHANGED
@@ -8,6 +8,9 @@ require "dependabot/shared_helpers"
8
8
  # The best Gradle documentation is at:
9
9
  # - https://docs.gradle.org/current/dsl/org.gradle.api.artifacts.dsl.
10
10
  # DependencyHandler.html
11
+ #
12
+ # In addition, documentation on plugins is at:
13
+ # - https://docs.gradle.org/current/userguide/plugins.html
11
14
  module Dependabot
12
15
  module Gradle
13
16
  class FileParser < Dependabot::FileParsers::Base
@@ -29,6 +32,9 @@ module Dependabot
29
32
  DEPENDENCY_SET_DECLARATION_REGEX =
30
33
  /(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/.freeze
31
34
  DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?<name>#{PART})['"]/.freeze
35
+ PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
36
+ PLUGIN_BLOCK_ENTRY_REGEX =
37
+ /id\s+"(?<id>#{PART})"\s+version\s+"(?<version>#{VSN_PART})"/.freeze
32
38
 
33
39
  def parse
34
40
  dependency_set = DependencySet.new
@@ -53,6 +59,7 @@ module Dependabot
53
59
  dependency_set += shortform_buildfile_dependencies(buildfile)
54
60
  dependency_set += keyword_arg_buildfile_dependencies(buildfile)
55
61
  dependency_set += dependency_set_dependencies(buildfile)
62
+ dependency_set += plugin_dependencies(buildfile)
56
63
 
57
64
  dependency_set
58
65
  end
@@ -125,6 +132,34 @@ module Dependabot
125
132
  dependency_set
126
133
  end
127
134
 
135
+ def plugin_dependencies(buildfile)
136
+ dependency_set = DependencySet.new
137
+
138
+ plugin_blocks = []
139
+
140
+ prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
141
+ mch = Regexp.last_match
142
+ plugin_blocks <<
143
+ mch.post_match[0..closing_bracket_index(mch.post_match)]
144
+ end
145
+
146
+ plugin_blocks.each do |blk|
147
+ blk.lines.each do |line|
148
+ name = line.match(/id\s+['"](?<id>#{PART})['"]/)&.
149
+ named_captures&.fetch("id")
150
+ version = line.match(/version\s+['"](?<version>#{VSN_PART})['"]/)&.
151
+ named_captures&.fetch("version")
152
+ next unless name && version
153
+
154
+ details = { name: name, group: "plugins", version: version }
155
+ dep = dependency_from(details_hash: details, buildfile: buildfile)
156
+ dependency_set << dep if dep
157
+ end
158
+ end
159
+
160
+ dependency_set
161
+ end
162
+
128
163
  def argument_from_string(string, arg_name)
129
164
  string.
130
165
  match(map_value_regex(arg_name))&.
@@ -137,7 +172,14 @@ module Dependabot
137
172
  name = evaluated_value(details_hash[:name], buildfile)
138
173
  version = evaluated_value(details_hash[:version], buildfile)
139
174
 
140
- dependency_name = "#{group}:#{name}"
175
+ dependency_name =
176
+ if group == "plugins" then name
177
+ else "#{group}:#{name}"
178
+ end
179
+ groups =
180
+ if group == "plugins" then ["plugins"]
181
+ else []
182
+ end
141
183
 
142
184
  # If we can't evaluate a property they we won't be able to
143
185
  # update this dependency
@@ -150,7 +192,7 @@ module Dependabot
150
192
  requirement: version,
151
193
  file: buildfile.name,
152
194
  source: nil,
153
- groups: [],
195
+ groups: groups,
154
196
  metadata: dependency_metadata(details_hash, in_dependency_set)
155
197
  }],
156
198
  package_manager: "gradle"
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -128,8 +128,14 @@ module Dependabot
128
128
  buildfile.content.lines.find do |line|
129
129
  line = evaluate_properties(line, buildfile)
130
130
  line = line.gsub(%r{(?<=^|\s)//.*$}, "")
131
- next false unless line.include?(dependency.name.split(":").first)
132
- next false unless line.include?(dependency.name.split(":").last)
131
+
132
+ if dependency.name.include?(":")
133
+ next false unless line.include?(dependency.name.split(":").first)
134
+ next false unless line.include?(dependency.name.split(":").last)
135
+ else
136
+ name_regex = /id\s+['"]#{Regexp.quote(dependency.name)}['"]/
137
+ next false unless line.match?(name_regex)
138
+ end
133
139
 
134
140
  line.include?(requirement.fetch(:requirement))
135
141
  end
data/lib/dependabot/gradle/metadata_finder.rb CHANGED
@@ -99,7 +99,11 @@ module Dependabot
99
99
  def dependency_pom_file
100
100
  return @dependency_pom_file unless @dependency_pom_file.nil?
101
101
 
102
- artifact_id = dependency.name.split(":").last
102
+ artifact_id =
103
+ if plugin? then "#{dependency.name}.gradle.plugin"
104
+ else dependency.name.split(":").last
105
+ end
106
+
103
107
  response = Excon.get(
104
108
  "#{maven_repo_dependency_url}/"\
105
109
  "#{dependency.version}/"\
@@ -146,11 +150,18 @@ module Dependabot
146
150
  end
147
151
 
148
152
  def maven_repo_dependency_url
149
- group_id, artifact_id = dependency.name.split(":")
153
+ group_id, artifact_id =
154
+ if plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
155
+ else dependency.name.split(":")
156
+ end
150
157
 
151
158
  "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}"
152
159
  end
153
160
 
161
+ def plugin?
162
+ dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
163
+ end
164
+
154
165
  def auth_details
155
166
  cred =
156
167
  credentials.select { |c| c["type"] == "maven_repository" }.
data/lib/dependabot/gradle/update_checker/version_finder.rb CHANGED
@@ -12,6 +12,7 @@ module Dependabot
12
12
  class UpdateChecker
13
13
  class VersionFinder
14
14
  GOOGLE_MAVEN_REPO = "https://maven.google.com"
15
+ GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
15
16
  TYPE_SUFFICES = %w(jre android java).freeze
16
17
 
17
18
  def initialize(dependency:, dependency_files:, ignored_versions:,
@@ -177,12 +178,16 @@ module Dependabot
177
178
  end
178
179
 
179
180
  def repository_urls
181
+ plugin? ? plugin_repository_urls : dependency_repository_urls
182
+ end
183
+
184
+ def dependency_repository_urls
180
185
  requirement_files =
181
186
  dependency.requirements.
182
187
  map { |r| r.fetch(:file) }.
183
188
  map { |nm| dependency_files.find { |f| f.name == nm } }
184
189
 
185
- @repository_urls ||=
190
+ @dependency_repository_urls ||=
186
191
  requirement_files.flat_map do |target_file|
187
192
  Gradle::FileParser::RepositoriesFinder.new(
188
193
  dependency_files: dependency_files,
@@ -191,6 +196,10 @@ module Dependabot
191
196
  end.uniq
192
197
  end
193
198
 
199
+ def plugin_repository_urls
200
+ [GRADLE_PLUGINS_REPO] + dependency_repository_urls
201
+ end
202
+
194
203
  def matches_dependency_version_type?(comparison_version)
195
204
  return true unless dependency.version
196
205
 
@@ -211,7 +220,12 @@ module Dependabot
211
220
  end
212
221
 
213
222
  def dependency_metadata_url(repository_url)
214
- group_id, artifact_id = dependency.name.split(":")
223
+ group_id, artifact_id =
224
+ if plugin?
225
+ [dependency.name, "#{dependency.name}.gradle.plugin"]
226
+ else
227
+ dependency.name.split(":")
228
+ end
215
229
 
216
230
  "#{repository_url}/"\
217
231
  "#{group_id.tr('.', '/')}/"\
@@ -219,6 +233,10 @@ module Dependabot
219
233
  "maven-metadata.xml"
220
234
  end
221
235
 
236
+ def plugin?
237
+ dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
238
+ end
239
+
222
240
  def version_class
223
241
  Gradle::Version
224
242
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.106.25
4
+ version: 0.106.26
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.106.25
19
+ version: 0.106.26
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.106.25
26
+ version: 0.106.26
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement