dependabot-gradle 0.141.1 → 0.143.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/requirement.rb +12 -4
  3. data/lib/dependabot/gradle/update_checker/version_finder.rb +2 -10
  4. data/lib/dependabot/gradle/version.rb +1 -1
  5. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b3e9087c952024616b39e11e395e4a923296b0cbc94ede34cda99adcf0fc5a1
4
- data.tar.gz: d68d70e32d8a6c223584c486862b01fe418b434ebe9645bc4341198f27c07443
3
+ metadata.gz: d818e2e431ea573f1fe8c1fc3555a6f89212b3c4c685a8ae550850818ba74ab3
4
+ data.tar.gz: 5475806af86224ec05355ae5c4584244a438b80b6fac4281b963bbb1f74bcaa4
5
5
  SHA512:
6
- metadata.gz: 62989a5291d8a4d8a43ae81bfa29a7523742286b2ae459041cd5ec948de3269349feb86575dd2bdc4693008e2d054ccb4a88f4c21745d0798cee8ebd475e82dc
7
- data.tar.gz: bf0021b48256c7859417a86c19084b3a33a22c447dbfebfa8ed81a574d7a5c816c6ea650d1ad3c037f7bdea52f92b88bcff787f2e97ff850b5c30801e5aebbe1
6
+ metadata.gz: 7ddbfbea18a055cc1638b174c56456115c9759af3f8ca7f9d2f6a373d33aad0323f4d6895f9f49d6ea81f4f5407c5cb4d34c81b491b3e5e92137db867d07c4d6
7
+ data.tar.gz: 57a4f779efbd553a1656f432458e4216882748a3db9e79c30dfca66d9c0bc19d646287645f7ad7f850790956b1a0afd5c69efc52313adb10f0bfb1bfefc70320
data/lib/dependabot/gradle/requirement.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "dependabot/utils"
4
+ require "dependabot/maven/requirement"
4
5
  require "dependabot/gradle/version"
5
6
 
6
7
  module Dependabot
@@ -46,7 +47,9 @@ module Dependabot
46
47
  private
47
48
 
48
49
  def self.split_java_requirement(req_string)
49
- req_string.split(/(?<=\]|\)),/).flat_map do |str|
50
+ return [req_string] unless req_string.match?(Maven::Requirement::OR_SYNTAX)
51
+
52
+ req_string.split(Maven::Requirement::OR_SYNTAX).flat_map do |str|
50
53
  next str if str.start_with?("(", "[")
51
54
 
52
55
  exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
62
65
  raise "Can't convert multiple Java reqs to a single Ruby one"
63
66
  end
64
67
 
65
- return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
66
-
67
- convert_java_equals_req_to_ruby(req_string)
68
+ # NOTE: Support ruby-style version requirements that are created from
69
+ # PR ignore conditions
70
+ version_reqs = req_string.split(",").map(&:strip)
71
+ if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
72
+ convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
73
+ else
74
+ version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
75
+ end
68
76
  end
69
77
 
70
78
  def convert_java_range_to_ruby_range(req_string)
data/lib/dependabot/gradle/update_checker/version_finder.rb CHANGED
@@ -17,8 +17,6 @@ module Dependabot
17
17
  KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
18
18
  TYPE_SUFFICES = %w(jre android java).freeze
19
19
 
20
- GRADLE_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
21
-
22
20
  def initialize(dependency:, dependency_files:, credentials:,
23
21
  ignored_versions:, raise_on_ignored: false,
24
22
  security_advisories:)
@@ -99,10 +97,10 @@ module Dependabot
99
97
  filtered = possible_versions
100
98
 
101
99
  ignored_versions.each do |req|
102
- ignore_req = Gradle::Requirement.new(parse_requirement_string(req))
100
+ ignore_requirements = Gradle::Requirement.requirements_array(req)
103
101
  filtered =
104
102
  filtered.
105
- reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
103
+ reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
106
104
  end
107
105
 
108
106
  raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -128,12 +126,6 @@ module Dependabot
128
126
  end
129
127
  end
130
128
 
131
- def parse_requirement_string(string)
132
- return string if string.match?(GRADLE_RANGE_REGEX)
133
-
134
- string.split(",").map(&:strip)
135
- end
136
-
137
129
  def wants_prerelease?
138
130
  return false unless dependency.version
139
131
  return false unless version_class.correct?(dependency.version)
data/lib/dependabot/gradle/version.rb CHANGED
@@ -28,7 +28,7 @@ module Dependabot
28
28
  VERSION_PATTERN =
29
29
  "[0-9a-zA-Z]+"\
30
30
  '(?>\.[0-9a-zA-Z]*)*'\
31
- '([_-][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
31
+ '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
32
32
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
33
33
 
34
34
  def self.correct?(version)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.141.1
4
+ version: 0.143.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-13 00:00:00.000000000 Z
11
+ date: 2021-04-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.141.1
19
+ version: 0.143.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.141.1
26
+ version: 0.143.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.141.1
33
+ version: 0.143.2
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.141.1
40
+ version: 0.143.2
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: byebug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.12.0
117
+ version: 1.13.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.12.0
124
+ version: 1.13.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
234
234
  - !ruby/object:Gem::Version
235
235
  version: 2.5.0
236
236
  requirements: []
237
- rubygems_version: 3.2.3
237
+ rubygems_version: 3.2.15
238
238
  signing_key:
239
239
  specification_version: 4
240
240
  summary: Gradle support for dependabot