dependabot-gradle 0.142.0 → 0.143.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: beb342b640afaeffca92563f48a6200bb7348c7657e31b024045fca2cac1bae6
-  data.tar.gz: 8d7519767a02a6704b89039cd8d6f153297716c9a89f184cf7e42a01e75a7170
+  metadata.gz: 4db986dd87653799a9a5f1c1f8372453578b67b283d06b09341ecf8bebe7c78f
+  data.tar.gz: 0fb15316e6f42d7007894a678c5b5c3db0324a947c8d7c7d620e2bb22ee72c1b
 SHA512:
-  metadata.gz: cf6ac97429d03ae4db2db514ca10df4957ee17569a25a439fc9b2628edd485f31a2c2dec27defca86187985fe61e5203ca29000d096266ccc85bd3bdcc910cea
-  data.tar.gz: 9f0d28a88910409b1c0751985019bf29ac1a6c3cc57d35cbb22784003d2af8088dd515ebb67589fc939f4b8115c0edd3135ecf7fcfce0fd53de72cc0009fbe4c
+  metadata.gz: 4e20eff2d8c390f9b7b0f7153547d36c4af0846e8e65b25461ca1231ba61e4a8fc8f4f517dffdcf439ef5b16a4035f17c567751d70ed1db9caadc4bc8bf0e272
+  data.tar.gz: 930688a600b197c138c3603de1ecaaf312877f3237faf246bd3742161b2a4cc63da06e5b1a332a0de9f7c21c36e8cf9e26c562c3f4f81a4eaa347aebf5c496fc

data/lib/dependabot/gradle/requirement.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "dependabot/utils"
+require "dependabot/maven/requirement"
 require "dependabot/gradle/version"
 
 module Dependabot
@@ -46,7 +47,9 @@ module Dependabot
       private
 
       def self.split_java_requirement(req_string)
-        req_string.split(/(?<=\]|\)),/).flat_map do |str|
+        return [req_string] unless req_string.match?(Maven::Requirement::OR_SYNTAX)
+
+        req_string.split(Maven::Requirement::OR_SYNTAX).flat_map do |str|
           next str if str.start_with?("(", "[")
 
           exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
           raise "Can't convert multiple Java reqs to a single Ruby one"
         end
 
-        return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
-
-        convert_java_equals_req_to_ruby(req_string)
+        # NOTE: Support ruby-style version requirements that are created from
+        # PR ignore conditions
+        version_reqs = req_string.split(",").map(&:strip)
+        if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
+          convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
+        else
+          version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
+        end
       end
 
       def convert_java_range_to_ruby_range(req_string)

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -17,8 +17,6 @@ module Dependabot
         KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
         TYPE_SUFFICES = %w(jre android java).freeze
 
-        GRADLE_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
-
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, raise_on_ignored: false,
                        security_advisories:)
@@ -99,10 +97,10 @@ module Dependabot
           filtered = possible_versions
 
           ignored_versions.each do |req|
-            ignore_req = Gradle::Requirement.new(parse_requirement_string(req))
+            ignore_requirements = Gradle::Requirement.requirements_array(req)
             filtered =
               filtered.
-              reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+              reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
           end
 
           raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -128,12 +126,6 @@ module Dependabot
           end
         end
 
-        def parse_requirement_string(string)
-          return string if string.match?(GRADLE_RANGE_REGEX)
-
-          string.split(",").map(&:strip)
-        end
-
         def wants_prerelease?
           return false unless dependency.version
           return false unless version_class.correct?(dependency.version)

data/lib/dependabot/gradle/version.rb

@@ -28,7 +28,7 @@ module Dependabot
       VERSION_PATTERN =
         "[0-9a-zA-Z]+"\
         '(?>\.[0-9a-zA-Z]*)*'\
-        '([_-][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
+        '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
 
       def self.correct?(version)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.142.0
+  version: 0.143.3
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-15 00:00:00.000000000 Z
+date: 2021-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.0
+        version: 0.143.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.0
+        version: 0.143.3
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.0
+        version: 0.143.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.0
+        version: 0.143.3
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement