dependabot-gradle 0.117.0 → 0.117.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b9734369adf8219da2f0a1d7322406c625de5c685cd8ddfddda2f49889341ac8
|
4
|
+
data.tar.gz: c57597740902be1e612a7674c04799ff7734bb606c235c0f181b0226638d40c2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6bbdb308737a9a91b4e4d1ebae70c343cfa9754acd619f44d3e74d3b1aef30ed3b2d3c395bd9f71a4046427b575b49a41312dc93e90dba9ae8375caffb574848
|
7
|
+
data.tar.gz: 120897fe73b023f1dcc760990ca65a858c665483a01086f4fd3ff48390a8225d13811c83801e1987705b8a8682e3f9163f3de338c26a9791caf945cbfe9ef062
|
@@ -115,6 +115,7 @@ module Dependabot
|
|
115
115
|
VersionFinder.new(
|
116
116
|
dependency: dependency,
|
117
117
|
dependency_files: dependency_files,
|
118
|
+
credentials: credentials,
|
118
119
|
ignored_versions: ignored_versions,
|
119
120
|
security_advisories: security_advisories
|
120
121
|
)
|
@@ -125,6 +126,7 @@ module Dependabot
|
|
125
126
|
MultiDependencyUpdater.new(
|
126
127
|
dependency: dependency,
|
127
128
|
dependency_files: dependency_files,
|
129
|
+
credentials: credentials,
|
128
130
|
target_version_details: latest_version_details,
|
129
131
|
ignored_versions: ignored_versions
|
130
132
|
)
|
@@ -10,10 +10,11 @@ module Dependabot
|
|
10
10
|
require_relative "version_finder"
|
11
11
|
require_relative "requirements_updater"
|
12
12
|
|
13
|
-
def initialize(dependency:, dependency_files:,
|
13
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
14
14
|
target_version_details:, ignored_versions:)
|
15
15
|
@dependency = dependency
|
16
16
|
@dependency_files = dependency_files
|
17
|
+
@credentials = credentials
|
17
18
|
@target_version = target_version_details&.fetch(:version)
|
18
19
|
@source_url = target_version_details&.fetch(:source_url)
|
19
20
|
@ignored_versions = ignored_versions
|
@@ -27,6 +28,7 @@ module Dependabot
|
|
27
28
|
VersionFinder.new(
|
28
29
|
dependency: dep,
|
29
30
|
dependency_files: dependency_files,
|
31
|
+
credentials: credentials,
|
30
32
|
ignored_versions: ignored_versions,
|
31
33
|
security_advisories: []
|
32
34
|
).versions.
|
@@ -53,8 +55,8 @@ module Dependabot
|
|
53
55
|
|
54
56
|
private
|
55
57
|
|
56
|
-
attr_reader :dependency, :dependency_files, :
|
57
|
-
:source_url, :ignored_versions
|
58
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
59
|
+
:target_version, :source_url, :ignored_versions
|
58
60
|
|
59
61
|
def dependencies_to_update
|
60
62
|
@dependencies_to_update ||=
|
@@ -15,12 +15,14 @@ module Dependabot
|
|
15
15
|
GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
|
16
16
|
TYPE_SUFFICES = %w(jre android java).freeze
|
17
17
|
|
18
|
-
def initialize(dependency:, dependency_files:,
|
19
|
-
security_advisories:)
|
18
|
+
def initialize(dependency:, dependency_files:, credentials:,
|
19
|
+
ignored_versions:, security_advisories:)
|
20
20
|
@dependency = dependency
|
21
21
|
@dependency_files = dependency_files
|
22
|
+
@credentials = credentials
|
22
23
|
@ignored_versions = ignored_versions
|
23
24
|
@security_advisories = security_advisories
|
25
|
+
@forbidden_urls = []
|
24
26
|
end
|
25
27
|
|
26
28
|
def latest_version_details
|
@@ -49,22 +51,27 @@ module Dependabot
|
|
49
51
|
|
50
52
|
def versions
|
51
53
|
version_details =
|
52
|
-
|
54
|
+
repositories.map do |repository_details|
|
55
|
+
url = repository_details.fetch("url")
|
53
56
|
next google_version_details if url == GOOGLE_MAVEN_REPO
|
54
57
|
|
55
|
-
dependency_metadata(
|
58
|
+
dependency_metadata(repository_details).css("versions > version").
|
56
59
|
select { |node| version_class.correct?(node.content) }.
|
57
60
|
map { |node| version_class.new(node.content) }.
|
58
61
|
map { |version| { version: version, source_url: url } }
|
59
62
|
end.flatten.compact
|
60
63
|
|
64
|
+
if version_details.none? && forbidden_urls.any?
|
65
|
+
raise PrivateSourceAuthenticationFailure, forbidden_urls.first
|
66
|
+
end
|
67
|
+
|
61
68
|
version_details.sort_by { |details| details.fetch(:version) }
|
62
69
|
end
|
63
70
|
|
64
71
|
private
|
65
72
|
|
66
|
-
attr_reader :dependency, :dependency_files, :
|
67
|
-
:security_advisories
|
73
|
+
attr_reader :dependency, :dependency_files, :credentials,
|
74
|
+
:ignored_versions, :forbidden_urls, :security_advisories
|
68
75
|
|
69
76
|
def filter_prereleases(possible_versions)
|
70
77
|
return possible_versions if wants_prerelease?
|
@@ -160,47 +167,97 @@ module Dependabot
|
|
160
167
|
nil
|
161
168
|
end
|
162
169
|
|
163
|
-
def dependency_metadata(
|
170
|
+
def dependency_metadata(repository_details)
|
164
171
|
@dependency_metadata ||= {}
|
165
|
-
@dependency_metadata[
|
172
|
+
@dependency_metadata[repository_details.hash] ||=
|
166
173
|
begin
|
167
174
|
response = Excon.get(
|
168
|
-
dependency_metadata_url(
|
175
|
+
dependency_metadata_url(repository_details.fetch("url")),
|
176
|
+
user: repository_details.fetch("username"),
|
177
|
+
password: repository_details.fetch("password"),
|
169
178
|
idempotent: true,
|
170
179
|
**SharedHelpers.excon_defaults
|
171
180
|
)
|
181
|
+
check_response(response, repository_details.fetch("url"))
|
172
182
|
Nokogiri::XML(response.body)
|
183
|
+
rescue URI::InvalidURIError
|
184
|
+
Nokogiri::XML("")
|
173
185
|
rescue Excon::Error::Socket, Excon::Error::Timeout,
|
174
186
|
Excon::Error::TooManyRedirects
|
175
|
-
|
176
|
-
central = namespace::CENTRAL_REPO_URL
|
177
|
-
raise if repository_url == central
|
187
|
+
raise if central_repo_urls.include?(repository_details["url"])
|
178
188
|
|
179
189
|
Nokogiri::XML("")
|
180
190
|
end
|
181
191
|
end
|
182
192
|
|
183
193
|
def repository_urls
|
184
|
-
plugin? ?
|
194
|
+
plugin? ? plugin_repository_details : dependency_repository_details
|
195
|
+
end
|
196
|
+
|
197
|
+
def check_response(response, repository_url)
|
198
|
+
return unless [401, 403].include?(response.status)
|
199
|
+
return if @forbidden_urls.include?(repository_url)
|
200
|
+
return if central_repo_urls.include?(repository_url)
|
201
|
+
|
202
|
+
@forbidden_urls << repository_url
|
203
|
+
end
|
204
|
+
|
205
|
+
def repositories
|
206
|
+
return @repositories if @repositories
|
207
|
+
|
208
|
+
details = if plugin?
|
209
|
+
plugin_repository_details +
|
210
|
+
credentials_repository_details
|
211
|
+
else
|
212
|
+
dependency_repository_details +
|
213
|
+
credentials_repository_details
|
214
|
+
end
|
215
|
+
|
216
|
+
@repositories =
|
217
|
+
details.reject do |repo|
|
218
|
+
next if repo["password"]
|
219
|
+
|
220
|
+
# Reject this entry if an identical one with a password exists
|
221
|
+
details.any? { |r| r["url"] == repo["url"] && r["password"] }
|
222
|
+
end
|
185
223
|
end
|
186
224
|
|
187
|
-
def
|
225
|
+
def credentials_repository_details
|
226
|
+
credentials.
|
227
|
+
select { |cred| cred["type"] == "maven_repository" }.
|
228
|
+
map do |cred|
|
229
|
+
{
|
230
|
+
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
|
231
|
+
"username" => cred.fetch("username", nil),
|
232
|
+
"password" => cred.fetch("password", nil)
|
233
|
+
}
|
234
|
+
end
|
235
|
+
end
|
236
|
+
|
237
|
+
def dependency_repository_details
|
188
238
|
requirement_files =
|
189
239
|
dependency.requirements.
|
190
240
|
map { |r| r.fetch(:file) }.
|
191
241
|
map { |nm| dependency_files.find { |f| f.name == nm } }
|
192
242
|
|
193
|
-
@
|
243
|
+
@dependency_repository_details ||=
|
194
244
|
requirement_files.flat_map do |target_file|
|
195
245
|
Gradle::FileParser::RepositoriesFinder.new(
|
196
246
|
dependency_files: dependency_files,
|
197
247
|
target_dependency_file: target_file
|
198
|
-
).repository_urls
|
248
|
+
).repository_urls.
|
249
|
+
map do |url|
|
250
|
+
{ "url" => url, "username" => nil, "password" => nil }
|
251
|
+
end
|
199
252
|
end.uniq
|
200
253
|
end
|
201
254
|
|
202
|
-
def
|
203
|
-
[
|
255
|
+
def plugin_repository_details
|
256
|
+
[{
|
257
|
+
"url" => GRADLE_PLUGINS_REPO,
|
258
|
+
"username" => nil,
|
259
|
+
"password" => nil
|
260
|
+
}] + dependency_repository_details
|
204
261
|
end
|
205
262
|
|
206
263
|
def matches_dependency_version_type?(comparison_version)
|
@@ -243,6 +300,14 @@ module Dependabot
|
|
243
300
|
dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
|
244
301
|
end
|
245
302
|
|
303
|
+
def central_repo_urls
|
304
|
+
central_url_without_protocol =
|
305
|
+
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL.
|
306
|
+
gsub(%r{^.*://}, "")
|
307
|
+
|
308
|
+
%w(http:// https://).map { |p| p + central_url_without_protocol }
|
309
|
+
end
|
310
|
+
|
246
311
|
def version_class
|
247
312
|
Gradle::Version
|
248
313
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-gradle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.117.
|
4
|
+
version: 0.117.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-03-
|
11
|
+
date: 2020-03-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.117.
|
19
|
+
version: 0.117.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.117.
|
26
|
+
version: 0.117.1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|