dependabot-gradle 0.141.0 → 0.143.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/requirement.rb +12 -4
  3. data/lib/dependabot/gradle/update_checker/version_finder.rb +2 -10
  4. data/lib/dependabot/gradle/version.rb +1 -1
  5. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: da976f8ac4fd5e690b405b158bee0d073f1b507c135dbebffe6b3755fc1d79a1
4
- data.tar.gz: cd77e3f2adcd6376660a15e3387aa045e0686deff707088995bfca0273985ecf
3
+ metadata.gz: 8c0d2e25163c6308d5e9d0a87fb293243cfde92477e559a0823b1a6f573e9487
4
+ data.tar.gz: a86c4c15ea8f0faf615517ea648e2fc5490dbfeb9e90d9cac4774bb9715bc377
5
5
  SHA512:
6
- metadata.gz: 354e8cd70cdb2631bafa09f7e6b5814bc3561ebedef3706faa7d002458540bb3c20ee9cad37999b2813127eed4dc2a570ce89f0c470dfa1e5625afa34de364e5
7
- data.tar.gz: fb6765cec6ea53e3c8b1e0447c37c81d4abc4dcda0254f7d3c295bb6d1bd966027548e0865dece9f4d64dc885c12012116d0c29f8fa44c665fad8f1147ece1d3
6
+ metadata.gz: 782d5847ca17b05fef3a81e609b158809bfb7ada423c378cb8f3a218e30374949e5cb14bd44db99ce1c95c20319eed20ccc048bba5d968c369c68e4b57068b3b
7
+ data.tar.gz: e66afad1146dbe0c8b9108125fcbdb1b987d3fdddd56c8e629ae5b72a77db214984fb2aea9c83b20989fa6da141d75d76c9bafaa4479f8213df64569aa437897
data/lib/dependabot/gradle/requirement.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "dependabot/utils"
4
+ require "dependabot/maven/requirement"
4
5
  require "dependabot/gradle/version"
5
6
 
6
7
  module Dependabot
@@ -46,7 +47,9 @@ module Dependabot
46
47
  private
47
48
 
48
49
  def self.split_java_requirement(req_string)
49
- req_string.split(/(?<=\]|\)),/).flat_map do |str|
50
+ return [req_string] unless req_string.match?(Maven::Requirement::OR_SYNTAX)
51
+
52
+ req_string.split(Maven::Requirement::OR_SYNTAX).flat_map do |str|
50
53
  next str if str.start_with?("(", "[")
51
54
 
52
55
  exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
62
65
  raise "Can't convert multiple Java reqs to a single Ruby one"
63
66
  end
64
67
 
65
- return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
66
-
67
- convert_java_equals_req_to_ruby(req_string)
68
+ # NOTE: Support ruby-style version requirements that are created from
69
+ # PR ignore conditions
70
+ version_reqs = req_string.split(",").map(&:strip)
71
+ if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
72
+ convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
73
+ else
74
+ version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
75
+ end
68
76
  end
69
77
 
70
78
  def convert_java_range_to_ruby_range(req_string)
data/lib/dependabot/gradle/update_checker/version_finder.rb CHANGED
@@ -17,8 +17,6 @@ module Dependabot
17
17
  KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
18
18
  TYPE_SUFFICES = %w(jre android java).freeze
19
19
 
20
- GRADLE_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
21
-
22
20
  def initialize(dependency:, dependency_files:, credentials:,
23
21
  ignored_versions:, raise_on_ignored: false,
24
22
  security_advisories:)
@@ -99,10 +97,10 @@ module Dependabot
99
97
  filtered = possible_versions
100
98
 
101
99
  ignored_versions.each do |req|
102
- ignore_req = Gradle::Requirement.new(parse_requirement_string(req))
100
+ ignore_requirements = Gradle::Requirement.requirements_array(req)
103
101
  filtered =
104
102
  filtered.
105
- reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
103
+ reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
106
104
  end
107
105
 
108
106
  raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -128,12 +126,6 @@ module Dependabot
128
126
  end
129
127
  end
130
128
 
131
- def parse_requirement_string(string)
132
- return string if string.match?(GRADLE_RANGE_REGEX)
133
-
134
- string.split(",").map(&:strip)
135
- end
136
-
137
129
  def wants_prerelease?
138
130
  return false unless dependency.version
139
131
  return false unless version_class.correct?(dependency.version)
data/lib/dependabot/gradle/version.rb CHANGED
@@ -28,7 +28,7 @@ module Dependabot
28
28
  VERSION_PATTERN =
29
29
  "[0-9a-zA-Z]+"\
30
30
  '(?>\.[0-9a-zA-Z]*)*'\
31
- '([_-][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
31
+ '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
32
32
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
33
33
 
34
34
  def self.correct?(version)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.141.0
4
+ version: 0.143.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-12 00:00:00.000000000 Z
11
+ date: 2021-04-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.141.0
19
+ version: 0.143.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.141.0
26
+ version: 0.143.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.141.0
33
+ version: 0.143.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.141.0
40
+ version: 0.143.1
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: byebug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.12.0
117
+ version: 1.13.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.12.0
124
+ version: 1.13.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
234
234
  - !ruby/object:Gem::Version
235
235
  version: 2.5.0
236
236
  requirements: []
237
- rubygems_version: 3.2.3
237
+ rubygems_version: 3.2.15
238
238
  signing_key:
239
239
  specification_version: 4
240
240
  summary: Gradle support for dependabot