dependabot-gradle 0.117.10 → 0.118.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +19 -5
- data/lib/dependabot/gradle/update_checker.rb +3 -1
- data/lib/dependabot/gradle/update_checker/multi_dependency_updater.rb +4 -1
- data/lib/dependabot/gradle/update_checker/version_finder.rb +12 -6
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 93f9b441da89234d29f176757424b30d435f5987cce29a81cdc5ed2dd8cc7a99
|
|
4
|
+
data.tar.gz: 44409d15f8b0653db8f24ccc4dd5009111c02e03ee5ae3b29b1419b9e9313390
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6dec748030cebe504ba0c5413a24ef73ef6d27299a2c07f8837ae72351c29f90d04a30ea349a1e5329b271235adc1bf621920e100f6173da8c9c400b3c67285a
|
|
7
|
+
data.tar.gz: b4f180fcbe7c11c99ff6511635513894f6ae8068e3a53d2b9fd13b7772e700a2865385d3aa4eac28be900c0e608d57948e07a730cd5e302e0c88a2ccf8877988
|
|
@@ -6,16 +6,30 @@ module Dependabot
|
|
|
6
6
|
module Gradle
|
|
7
7
|
class FileParser
|
|
8
8
|
class PropertyValueFinder
|
|
9
|
+
# rubocop:disable Layout/LineLength
|
|
10
|
+
QUOTED_VALUE_REGEX =
|
|
11
|
+
/\s*['"][^\s]+['"]\s*/.freeze
|
|
12
|
+
|
|
13
|
+
# project.findProperty('property') ?:
|
|
14
|
+
FIND_PROPERTY_REGEX =
|
|
15
|
+
/\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/.freeze
|
|
16
|
+
|
|
17
|
+
# project.hasProperty('property') ? project.getProperty('property') :
|
|
18
|
+
HAS_PROPERTY_REGEX =
|
|
19
|
+
/\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/.freeze
|
|
20
|
+
|
|
21
|
+
PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
|
|
22
|
+
/(?:#{FIND_PROPERTY_REGEX}|#{HAS_PROPERTY_REGEX})?/.freeze
|
|
23
|
+
|
|
9
24
|
SINGLE_PROPERTY_DECLARATION_REGEX =
|
|
10
|
-
/(?:^|\s+|ext.)(?<name>[^\s=]+)\s
|
|
11
|
-
freeze
|
|
25
|
+
/(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
|
|
12
26
|
|
|
13
27
|
MULTI_PROPERTY_DECLARATION_REGEX =
|
|
14
|
-
/(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m.
|
|
15
|
-
freeze
|
|
28
|
+
/(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m.freeze
|
|
16
29
|
|
|
17
30
|
NAMESPACED_DECLARATION_REGEX =
|
|
18
|
-
/(?:^|\s+)(?<name>[^\s:]+)\s
|
|
31
|
+
/(?:^|\s+)(?<name>[^\s:]+)\s*:#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]\s*/.freeze
|
|
32
|
+
# rubocop:enable Layout/LineLength
|
|
19
33
|
|
|
20
34
|
def initialize(dependency_files:)
|
|
21
35
|
@dependency_files = dependency_files
|
|
@@ -117,6 +117,7 @@ module Dependabot
|
|
|
117
117
|
dependency_files: dependency_files,
|
|
118
118
|
credentials: credentials,
|
|
119
119
|
ignored_versions: ignored_versions,
|
|
120
|
+
raise_on_ignored: raise_on_ignored,
|
|
120
121
|
security_advisories: security_advisories
|
|
121
122
|
)
|
|
122
123
|
end
|
|
@@ -128,7 +129,8 @@ module Dependabot
|
|
|
128
129
|
dependency_files: dependency_files,
|
|
129
130
|
credentials: credentials,
|
|
130
131
|
target_version_details: latest_version_details,
|
|
131
|
-
ignored_versions: ignored_versions
|
|
132
|
+
ignored_versions: ignored_versions,
|
|
133
|
+
raise_on_ignored: raise_on_ignored
|
|
132
134
|
)
|
|
133
135
|
end
|
|
134
136
|
|
|
@@ -11,13 +11,15 @@ module Dependabot
|
|
|
11
11
|
require_relative "requirements_updater"
|
|
12
12
|
|
|
13
13
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
14
|
-
target_version_details:, ignored_versions
|
|
14
|
+
target_version_details:, ignored_versions:,
|
|
15
|
+
raise_on_ignored: false)
|
|
15
16
|
@dependency = dependency
|
|
16
17
|
@dependency_files = dependency_files
|
|
17
18
|
@credentials = credentials
|
|
18
19
|
@target_version = target_version_details&.fetch(:version)
|
|
19
20
|
@source_url = target_version_details&.fetch(:source_url)
|
|
20
21
|
@ignored_versions = ignored_versions
|
|
22
|
+
@raise_on_ignored = raise_on_ignored
|
|
21
23
|
end
|
|
22
24
|
|
|
23
25
|
def update_possible?
|
|
@@ -30,6 +32,7 @@ module Dependabot
|
|
|
30
32
|
dependency_files: dependency_files,
|
|
31
33
|
credentials: credentials,
|
|
32
34
|
ignored_versions: ignored_versions,
|
|
35
|
+
raise_on_ignored: @raise_on_ignored,
|
|
33
36
|
security_advisories: []
|
|
34
37
|
).versions.
|
|
35
38
|
map { |v| v.fetch(:version) }.
|
|
@@ -16,11 +16,13 @@ module Dependabot
|
|
|
16
16
|
TYPE_SUFFICES = %w(jre android java).freeze
|
|
17
17
|
|
|
18
18
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
19
|
-
ignored_versions:,
|
|
19
|
+
ignored_versions:, raise_on_ignored: false,
|
|
20
|
+
security_advisories:)
|
|
20
21
|
@dependency = dependency
|
|
21
22
|
@dependency_files = dependency_files
|
|
22
23
|
@credentials = credentials
|
|
23
24
|
@ignored_versions = ignored_versions
|
|
25
|
+
@raise_on_ignored = raise_on_ignored
|
|
24
26
|
@security_advisories = security_advisories
|
|
25
27
|
@forbidden_urls = []
|
|
26
28
|
end
|
|
@@ -42,8 +44,8 @@ module Dependabot
|
|
|
42
44
|
possible_versions = filter_prereleases(possible_versions)
|
|
43
45
|
possible_versions = filter_date_based_versions(possible_versions)
|
|
44
46
|
possible_versions = filter_version_types(possible_versions)
|
|
45
|
-
possible_versions = filter_ignored_versions(possible_versions)
|
|
46
47
|
possible_versions = filter_vulnerable_versions(possible_versions)
|
|
48
|
+
possible_versions = filter_ignored_versions(possible_versions)
|
|
47
49
|
possible_versions = filter_lower_versions(possible_versions)
|
|
48
50
|
|
|
49
51
|
possible_versions.first
|
|
@@ -92,16 +94,20 @@ module Dependabot
|
|
|
92
94
|
end
|
|
93
95
|
|
|
94
96
|
def filter_ignored_versions(possible_versions)
|
|
95
|
-
|
|
97
|
+
filtered = possible_versions
|
|
96
98
|
|
|
97
99
|
ignored_versions.each do |req|
|
|
98
100
|
ignore_req = Gradle::Requirement.new(req.split(","))
|
|
99
|
-
|
|
100
|
-
|
|
101
|
+
filtered =
|
|
102
|
+
filtered.
|
|
101
103
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
|
102
104
|
end
|
|
103
105
|
|
|
104
|
-
|
|
106
|
+
if @raise_on_ignored && filtered.empty? && possible_versions.any?
|
|
107
|
+
raise AllVersionsIgnored
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
filtered
|
|
105
111
|
end
|
|
106
112
|
|
|
107
113
|
def filter_vulnerable_versions(possible_versions)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.118.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.118.3
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.118.3
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,28 +114,28 @@ dependencies:
|
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
117
|
+
version: 0.85.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
124
|
+
version: 0.85.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: vcr
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - '='
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
131
|
+
version: 6.0.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - '='
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: 6.0.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: webmock
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|