dependabot-gradle 0.113.11 → 0.113.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_parser.rb +18 -1
- data/lib/dependabot/gradle/update_checker.rb +16 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0e54dd4f3f02afae8e029e2ff40cc6977d7a3b15ef9075f51c1b7fe747e5073d
|
|
4
|
+
data.tar.gz: 1e4c12fc18d67fde3294aa9f40e52933410bc0ff35e314f1c9115c8bd940221b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 28bd859ad91dad9d74d26f118416c1f2bd699908318104db5b472d201343285bd6813182f7958de04284d3d680a0f0dcf88bab545afb9da6dfdcff046354e5d2
|
|
7
|
+
data.tar.gz: fd6bbc5ee0710d54dc0af836b83ee56ba01ca49c587a3bbc000f3276287ac4fcf0646778e46049cb92143e0d0b8779f0f9361569f962fbccf6259cbb4719f39f
|
|
@@ -168,6 +168,7 @@ module Dependabot
|
|
|
168
168
|
fetch("value")
|
|
169
169
|
end
|
|
170
170
|
|
|
171
|
+
# rubocop:disable Metrics/MethodLength
|
|
171
172
|
def dependency_from(details_hash:, buildfile:, in_dependency_set: false)
|
|
172
173
|
group = evaluated_value(details_hash[:group], buildfile)
|
|
173
174
|
name = evaluated_value(details_hash[:name], buildfile)
|
|
@@ -181,6 +182,8 @@ module Dependabot
|
|
|
181
182
|
if group == "plugins" then ["plugins"]
|
|
182
183
|
else []
|
|
183
184
|
end
|
|
185
|
+
source =
|
|
186
|
+
source_from(group, name, version)
|
|
184
187
|
|
|
185
188
|
# If we can't evaluate a property they we won't be able to
|
|
186
189
|
# update this dependency
|
|
@@ -193,13 +196,27 @@ module Dependabot
|
|
|
193
196
|
requirements: [{
|
|
194
197
|
requirement: version,
|
|
195
198
|
file: buildfile.name,
|
|
196
|
-
source:
|
|
199
|
+
source: source,
|
|
197
200
|
groups: groups,
|
|
198
201
|
metadata: dependency_metadata(details_hash, in_dependency_set)
|
|
199
202
|
}],
|
|
200
203
|
package_manager: "gradle"
|
|
201
204
|
)
|
|
202
205
|
end
|
|
206
|
+
# rubocop:enable Metrics/MethodLength
|
|
207
|
+
|
|
208
|
+
def source_from(group, name, version)
|
|
209
|
+
return nil unless group&.start_with?("com.github")
|
|
210
|
+
|
|
211
|
+
account = group.sub("com.github.", "")
|
|
212
|
+
|
|
213
|
+
{
|
|
214
|
+
type: "git",
|
|
215
|
+
url: "https://github.com/#{account}/#{name}",
|
|
216
|
+
branch: nil,
|
|
217
|
+
ref: version
|
|
218
|
+
}
|
|
219
|
+
end
|
|
203
220
|
|
|
204
221
|
def dependency_metadata(details_hash, in_dependency_set)
|
|
205
222
|
version_property_name =
|
|
@@ -12,6 +12,8 @@ module Dependabot
|
|
|
12
12
|
require_relative "update_checker/multi_dependency_updater"
|
|
13
13
|
|
|
14
14
|
def latest_version
|
|
15
|
+
return if git_dependency?
|
|
16
|
+
|
|
15
17
|
latest_version_details&.fetch(:version)
|
|
16
18
|
end
|
|
17
19
|
|
|
@@ -21,6 +23,7 @@ module Dependabot
|
|
|
21
23
|
#
|
|
22
24
|
# The above is hard. Currently we just return the latest version and
|
|
23
25
|
# hope (hence this package manager is in beta!)
|
|
26
|
+
return if git_dependency?
|
|
24
27
|
return nil if version_comes_from_multi_dependency_property?
|
|
25
28
|
return nil if version_comes_from_dependency_set?
|
|
26
29
|
|
|
@@ -28,6 +31,7 @@ module Dependabot
|
|
|
28
31
|
end
|
|
29
32
|
|
|
30
33
|
def lowest_resolvable_security_fix_version
|
|
34
|
+
return if git_dependency?
|
|
31
35
|
return nil if version_comes_from_multi_dependency_property?
|
|
32
36
|
return nil if version_comes_from_dependency_set?
|
|
33
37
|
|
|
@@ -126,6 +130,18 @@ module Dependabot
|
|
|
126
130
|
)
|
|
127
131
|
end
|
|
128
132
|
|
|
133
|
+
def git_dependency?
|
|
134
|
+
git_commit_checker.git_dependency?
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def git_commit_checker
|
|
138
|
+
@git_commit_checker ||=
|
|
139
|
+
GitCommitChecker.new(
|
|
140
|
+
dependency: dependency,
|
|
141
|
+
credentials: credentials
|
|
142
|
+
)
|
|
143
|
+
end
|
|
144
|
+
|
|
129
145
|
def version_comes_from_multi_dependency_property?
|
|
130
146
|
declarations_using_a_property.any? do |requirement|
|
|
131
147
|
property_name = requirement.fetch(:metadata).fetch(:property_name)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.113.
|
|
4
|
+
version: 0.113.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-10-
|
|
11
|
+
date: 2019-10-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.113.
|
|
19
|
+
version: 0.113.16
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.113.
|
|
26
|
+
version: 0.113.16
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|