dependabot-gradle 0.140.3 → 0.141.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e0707f978b7368a4b6ef86ee54be8615b8a3c09ab5fc7381965f8257f63c6ea6
4
- data.tar.gz: 80586d572a78a4f0966561c5c8cda816973f0a7b0ca211370fc9b52d9c058f44
3
+ metadata.gz: da976f8ac4fd5e690b405b158bee0d073f1b507c135dbebffe6b3755fc1d79a1
4
+ data.tar.gz: cd77e3f2adcd6376660a15e3387aa045e0686deff707088995bfca0273985ecf
5
5
  SHA512:
6
- metadata.gz: 0c470e94a9f37bf739eff87b8a50c3b3fdfbfb23d0d85bad6a40e1d82a29de68482818a7d05165955950a62e7c03cfe21d00da56003a7f4782c31f089aab3f7c
7
- data.tar.gz: 0154d1d87165e101ade7d54c19a4a1ba08107857cd3e3cc5b550f838e43f6aef7da4ed5e6d04ffb66e63e0f5113e04075c29ae0d4e45d8a3d6ce09fffe084a3e
6
+ metadata.gz: 354e8cd70cdb2631bafa09f7e6b5814bc3561ebedef3706faa7d002458540bb3c20ee9cad37999b2813127eed4dc2a570ce89f0c470dfa1e5625afa34de364e5
7
+ data.tar.gz: fb6765cec6ea53e3c8b1e0447c37c81d4abc4dcda0254f7d3c295bb6d1bd966027548e0865dece9f4d64dc885c12012116d0c29f8fa44c665fad8f1147ece1d3
@@ -5,6 +5,7 @@ require "dependabot/metadata_finders"
5
5
  require "dependabot/metadata_finders/base"
6
6
  require "dependabot/file_fetchers/base"
7
7
  require "dependabot/gradle/file_parser/repositories_finder"
8
+ require "dependabot/maven/utils/auth_headers_finder"
8
9
 
9
10
  module Dependabot
10
11
  module Gradle
@@ -112,7 +113,7 @@ module Dependabot
112
113
  "#{dependency.version}/"\
113
114
  "#{artifact_id}-#{dependency.version}.pom",
114
115
  idempotent: true,
115
- **SharedHelpers.excon_defaults(headers: auth_details)
116
+ **SharedHelpers.excon_defaults(headers: auth_headers)
116
117
  )
117
118
 
118
119
  @dependency_pom_file = Nokogiri::XML(response.body)
@@ -135,7 +136,7 @@ module Dependabot
135
136
  "#{version}/"\
136
137
  "#{artifact_id}-#{version}.pom",
137
138
  idempotent: true,
138
- **SharedHelpers.excon_defaults(headers: auth_details)
139
+ **SharedHelpers.excon_defaults(headers: auth_headers)
139
140
  )
140
141
 
141
142
  Nokogiri::XML(response.body)
@@ -170,21 +171,8 @@ module Dependabot
170
171
  plugin? && dependency.requirements.any? { |r| r.fetch(:groups).include? "kotlin" }
171
172
  end
172
173
 
173
- def auth_details
174
- cred =
175
- credentials.select { |c| c["type"] == "maven_repository" }.
176
- find do |c|
177
- cred_url = c.fetch("url").gsub(%r{/+$}, "")
178
- next false unless cred_url == maven_repo_url
179
-
180
- c.fetch("username", nil)
181
- end
182
-
183
- return {} unless cred
184
-
185
- token = cred.fetch("username") + ":" + cred.fetch("password")
186
- encoded_token = Base64.encode64(token).delete("\n")
187
- { "Authorization" => "Basic #{encoded_token}" }
174
+ def auth_headers
175
+ @auth_headers ||= Dependabot::Maven::Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url)
188
176
  end
189
177
  end
190
178
  end
@@ -6,6 +6,7 @@ require "dependabot/gradle/file_parser/repositories_finder"
6
6
  require "dependabot/gradle/update_checker"
7
7
  require "dependabot/gradle/version"
8
8
  require "dependabot/gradle/requirement"
9
+ require "dependabot/maven/utils/auth_headers_finder"
9
10
 
10
11
  module Dependabot
11
12
  module Gradle
@@ -184,10 +185,8 @@ module Dependabot
184
185
  begin
185
186
  response = Excon.get(
186
187
  dependency_metadata_url(repository_details.fetch("url")),
187
- user: repository_details.fetch("username"),
188
- password: repository_details.fetch("password"),
189
188
  idempotent: true,
190
- **SharedHelpers.excon_defaults
189
+ **Dependabot::SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
191
190
  )
192
191
  check_response(response, repository_details.fetch("url"))
193
192
  Nokogiri::XML(response.body)
@@ -226,10 +225,10 @@ module Dependabot
226
225
 
227
226
  @repositories =
228
227
  details.reject do |repo|
229
- next if repo["password"]
228
+ next if repo["auth_headers"]
230
229
 
231
- # Reject this entry if an identical one with a password exists
232
- details.any? { |r| r["url"] == repo["url"] && r["password"] }
230
+ # Reject this entry if an identical one with non-empty auth_headers exists
231
+ details.any? { |r| r["url"] == repo["url"] && r["auth_headers"] != {} }
233
232
  end
234
233
  end
235
234
 
@@ -239,8 +238,7 @@ module Dependabot
239
238
  map do |cred|
240
239
  {
241
240
  "url" => cred.fetch("url").gsub(%r{/+$}, ""),
242
- "username" => cred.fetch("username", nil),
243
- "password" => cred.fetch("password", nil)
241
+ "auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
244
242
  }
245
243
  end
246
244
  end
@@ -258,7 +256,7 @@ module Dependabot
258
256
  target_dependency_file: target_file
259
257
  ).repository_urls.
260
258
  map do |url|
261
- { "url" => url, "username" => nil, "password" => nil }
259
+ { "url" => url, "auth_headers" => {} }
262
260
  end
263
261
  end.uniq
264
262
  end
@@ -266,8 +264,7 @@ module Dependabot
266
264
  def plugin_repository_details
267
265
  [{
268
266
  "url" => GRADLE_PLUGINS_REPO,
269
- "username" => nil,
270
- "password" => nil
267
+ "auth_headers" => {}
271
268
  }] + dependency_repository_details
272
269
  end
273
270
 
@@ -333,6 +330,14 @@ module Dependabot
333
330
  def version_class
334
331
  Gradle::Version
335
332
  end
333
+
334
+ def auth_headers_finder
335
+ @auth_headers_finder ||= Dependabot::Maven::Utils::AuthHeadersFinder.new(credentials)
336
+ end
337
+
338
+ def auth_headers(maven_repo_url)
339
+ auth_headers_finder.auth_headers(maven_repo_url)
340
+ end
336
341
  end
337
342
  end
338
343
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.140.3
4
+ version: 0.141.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.140.3
19
+ version: 0.141.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.140.3
26
+ version: 0.141.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: dependabot-maven
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - '='
32
+ - !ruby/object:Gem::Version
33
+ version: 0.141.0
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '='
39
+ - !ruby/object:Gem::Version
40
+ version: 0.141.0
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: byebug
29
43
  requirement: !ruby/object:Gem::Requirement