dependabot-gradle 0.116.4 → 0.117.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: af14030f83982d915389ba18f0a00f6b5f125927939098e1dc327de40c9b0d8d
|
|
4
|
+
data.tar.gz: 93dc930271b9aaa0ef6c1e8bc314569f86635c4c79956737f07edf31cce8a036
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a141590f583b0caf370fc3fefad5494f892f2bd88cd13854408be0d7bbb45105476ddb6498b091887048bd8982b375124d85673c8605ddd04325ffdb77e0f935
|
|
7
|
+
data.tar.gz: dc3ca9f1afe6b1f583275305d34d52e673a0365d30cf19eabc4c02eda8b45f8c1dc786d4ed9d3a89d96e8fb77a47db22e3ed535aa5f3790a17364e8b29038dc7
|
|
@@ -115,6 +115,7 @@ module Dependabot
|
|
|
115
115
|
VersionFinder.new(
|
|
116
116
|
dependency: dependency,
|
|
117
117
|
dependency_files: dependency_files,
|
|
118
|
+
credentials: credentials,
|
|
118
119
|
ignored_versions: ignored_versions,
|
|
119
120
|
security_advisories: security_advisories
|
|
120
121
|
)
|
|
@@ -125,6 +126,7 @@ module Dependabot
|
|
|
125
126
|
MultiDependencyUpdater.new(
|
|
126
127
|
dependency: dependency,
|
|
127
128
|
dependency_files: dependency_files,
|
|
129
|
+
credentials: credentials,
|
|
128
130
|
target_version_details: latest_version_details,
|
|
129
131
|
ignored_versions: ignored_versions
|
|
130
132
|
)
|
|
@@ -10,10 +10,11 @@ module Dependabot
|
|
|
10
10
|
require_relative "version_finder"
|
|
11
11
|
require_relative "requirements_updater"
|
|
12
12
|
|
|
13
|
-
def initialize(dependency:, dependency_files:,
|
|
13
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
|
14
14
|
target_version_details:, ignored_versions:)
|
|
15
15
|
@dependency = dependency
|
|
16
16
|
@dependency_files = dependency_files
|
|
17
|
+
@credentials = credentials
|
|
17
18
|
@target_version = target_version_details&.fetch(:version)
|
|
18
19
|
@source_url = target_version_details&.fetch(:source_url)
|
|
19
20
|
@ignored_versions = ignored_versions
|
|
@@ -27,6 +28,7 @@ module Dependabot
|
|
|
27
28
|
VersionFinder.new(
|
|
28
29
|
dependency: dep,
|
|
29
30
|
dependency_files: dependency_files,
|
|
31
|
+
credentials: credentials,
|
|
30
32
|
ignored_versions: ignored_versions,
|
|
31
33
|
security_advisories: []
|
|
32
34
|
).versions.
|
|
@@ -53,8 +55,8 @@ module Dependabot
|
|
|
53
55
|
|
|
54
56
|
private
|
|
55
57
|
|
|
56
|
-
attr_reader :dependency, :dependency_files, :
|
|
57
|
-
:source_url, :ignored_versions
|
|
58
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
|
59
|
+
:target_version, :source_url, :ignored_versions
|
|
58
60
|
|
|
59
61
|
def dependencies_to_update
|
|
60
62
|
@dependencies_to_update ||=
|
|
@@ -15,12 +15,14 @@ module Dependabot
|
|
|
15
15
|
GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
|
|
16
16
|
TYPE_SUFFICES = %w(jre android java).freeze
|
|
17
17
|
|
|
18
|
-
def initialize(dependency:, dependency_files:,
|
|
19
|
-
security_advisories:)
|
|
18
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
|
19
|
+
ignored_versions:, security_advisories:)
|
|
20
20
|
@dependency = dependency
|
|
21
21
|
@dependency_files = dependency_files
|
|
22
|
+
@credentials = credentials
|
|
22
23
|
@ignored_versions = ignored_versions
|
|
23
24
|
@security_advisories = security_advisories
|
|
25
|
+
@forbidden_urls = []
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
def latest_version_details
|
|
@@ -49,22 +51,27 @@ module Dependabot
|
|
|
49
51
|
|
|
50
52
|
def versions
|
|
51
53
|
version_details =
|
|
52
|
-
|
|
54
|
+
repositories.map do |repository_details|
|
|
55
|
+
url = repository_details.fetch("url")
|
|
53
56
|
next google_version_details if url == GOOGLE_MAVEN_REPO
|
|
54
57
|
|
|
55
|
-
dependency_metadata(
|
|
58
|
+
dependency_metadata(repository_details).css("versions > version").
|
|
56
59
|
select { |node| version_class.correct?(node.content) }.
|
|
57
60
|
map { |node| version_class.new(node.content) }.
|
|
58
61
|
map { |version| { version: version, source_url: url } }
|
|
59
62
|
end.flatten.compact
|
|
60
63
|
|
|
64
|
+
if version_details.none? && forbidden_urls.any?
|
|
65
|
+
raise PrivateSourceAuthenticationFailure, forbidden_urls.first
|
|
66
|
+
end
|
|
67
|
+
|
|
61
68
|
version_details.sort_by { |details| details.fetch(:version) }
|
|
62
69
|
end
|
|
63
70
|
|
|
64
71
|
private
|
|
65
72
|
|
|
66
|
-
attr_reader :dependency, :dependency_files, :
|
|
67
|
-
:security_advisories
|
|
73
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
|
74
|
+
:ignored_versions, :forbidden_urls, :security_advisories
|
|
68
75
|
|
|
69
76
|
def filter_prereleases(possible_versions)
|
|
70
77
|
return possible_versions if wants_prerelease?
|
|
@@ -160,47 +167,97 @@ module Dependabot
|
|
|
160
167
|
nil
|
|
161
168
|
end
|
|
162
169
|
|
|
163
|
-
def dependency_metadata(
|
|
170
|
+
def dependency_metadata(repository_details)
|
|
164
171
|
@dependency_metadata ||= {}
|
|
165
|
-
@dependency_metadata[
|
|
172
|
+
@dependency_metadata[repository_details.hash] ||=
|
|
166
173
|
begin
|
|
167
174
|
response = Excon.get(
|
|
168
|
-
dependency_metadata_url(
|
|
175
|
+
dependency_metadata_url(repository_details.fetch("url")),
|
|
176
|
+
user: repository_details.fetch("username"),
|
|
177
|
+
password: repository_details.fetch("password"),
|
|
169
178
|
idempotent: true,
|
|
170
179
|
**SharedHelpers.excon_defaults
|
|
171
180
|
)
|
|
181
|
+
check_response(response, repository_details.fetch("url"))
|
|
172
182
|
Nokogiri::XML(response.body)
|
|
183
|
+
rescue URI::InvalidURIError
|
|
184
|
+
Nokogiri::XML("")
|
|
173
185
|
rescue Excon::Error::Socket, Excon::Error::Timeout,
|
|
174
186
|
Excon::Error::TooManyRedirects
|
|
175
|
-
|
|
176
|
-
central = namespace::CENTRAL_REPO_URL
|
|
177
|
-
raise if repository_url == central
|
|
187
|
+
raise if central_repo_urls.include?(repository_details["url"])
|
|
178
188
|
|
|
179
189
|
Nokogiri::XML("")
|
|
180
190
|
end
|
|
181
191
|
end
|
|
182
192
|
|
|
183
193
|
def repository_urls
|
|
184
|
-
plugin? ?
|
|
194
|
+
plugin? ? plugin_repository_details : dependency_repository_details
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
def check_response(response, repository_url)
|
|
198
|
+
return unless [401, 403].include?(response.status)
|
|
199
|
+
return if @forbidden_urls.include?(repository_url)
|
|
200
|
+
return if central_repo_urls.include?(repository_url)
|
|
201
|
+
|
|
202
|
+
@forbidden_urls << repository_url
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
def repositories
|
|
206
|
+
return @repositories if @repositories
|
|
207
|
+
|
|
208
|
+
details = if plugin?
|
|
209
|
+
plugin_repository_details +
|
|
210
|
+
credentials_repository_details
|
|
211
|
+
else
|
|
212
|
+
dependency_repository_details +
|
|
213
|
+
credentials_repository_details
|
|
214
|
+
end
|
|
215
|
+
|
|
216
|
+
@repositories =
|
|
217
|
+
details.reject do |repo|
|
|
218
|
+
next if repo["password"]
|
|
219
|
+
|
|
220
|
+
# Reject this entry if an identical one with a password exists
|
|
221
|
+
details.any? { |r| r["url"] == repo["url"] && r["password"] }
|
|
222
|
+
end
|
|
185
223
|
end
|
|
186
224
|
|
|
187
|
-
def
|
|
225
|
+
def credentials_repository_details
|
|
226
|
+
credentials.
|
|
227
|
+
select { |cred| cred["type"] == "maven_repository" }.
|
|
228
|
+
map do |cred|
|
|
229
|
+
{
|
|
230
|
+
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
|
|
231
|
+
"username" => cred.fetch("username", nil),
|
|
232
|
+
"password" => cred.fetch("password", nil)
|
|
233
|
+
}
|
|
234
|
+
end
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
def dependency_repository_details
|
|
188
238
|
requirement_files =
|
|
189
239
|
dependency.requirements.
|
|
190
240
|
map { |r| r.fetch(:file) }.
|
|
191
241
|
map { |nm| dependency_files.find { |f| f.name == nm } }
|
|
192
242
|
|
|
193
|
-
@
|
|
243
|
+
@dependency_repository_details ||=
|
|
194
244
|
requirement_files.flat_map do |target_file|
|
|
195
245
|
Gradle::FileParser::RepositoriesFinder.new(
|
|
196
246
|
dependency_files: dependency_files,
|
|
197
247
|
target_dependency_file: target_file
|
|
198
|
-
).repository_urls
|
|
248
|
+
).repository_urls.
|
|
249
|
+
map do |url|
|
|
250
|
+
{ "url" => url, "username" => nil, "password" => nil }
|
|
251
|
+
end
|
|
199
252
|
end.uniq
|
|
200
253
|
end
|
|
201
254
|
|
|
202
|
-
def
|
|
203
|
-
[
|
|
255
|
+
def plugin_repository_details
|
|
256
|
+
[{
|
|
257
|
+
"url" => GRADLE_PLUGINS_REPO,
|
|
258
|
+
"username" => nil,
|
|
259
|
+
"password" => nil
|
|
260
|
+
}] + dependency_repository_details
|
|
204
261
|
end
|
|
205
262
|
|
|
206
263
|
def matches_dependency_version_type?(comparison_version)
|
|
@@ -243,6 +300,14 @@ module Dependabot
|
|
|
243
300
|
dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
|
|
244
301
|
end
|
|
245
302
|
|
|
303
|
+
def central_repo_urls
|
|
304
|
+
central_url_without_protocol =
|
|
305
|
+
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL.
|
|
306
|
+
gsub(%r{^.*://}, "")
|
|
307
|
+
|
|
308
|
+
%w(http:// https://).map { |p| p + central_url_without_protocol }
|
|
309
|
+
end
|
|
310
|
+
|
|
246
311
|
def version_class
|
|
247
312
|
Gradle::Version
|
|
248
313
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.117.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-03-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.117.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.117.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,26 +114,26 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.80.1
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.80.1
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
|
-
- -
|
|
129
|
+
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
131
|
version: '5.0'
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
|
-
- -
|
|
136
|
+
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: '5.0'
|
|
139
139
|
- !ruby/object:Gem::Dependency
|