dependabot-gradle 0.142.1 → 0.143.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5b6fa770d8e9599a20a080b3e22415f6a0e209e24966ef047e6b9e6ed6c9ef4
-  data.tar.gz: b6c8a40691d1676ae740596ff973875345306e59650faeb222f8fe1671c466b7
+  metadata.gz: fe82135e1b9a5f057f19535714251cbd5990df27d1a6a90707fa1a73dc24a2e0
+  data.tar.gz: f2104c23e6638dc6eb24480bceefb9283e09c8a18420fdede81bfdcfdec1f655
 SHA512:
-  metadata.gz: e3b7a3d703fe107086bdf6277654cf13d2adfa1ea33414977d2f1a97d6eac5499b9982b5d0a9a5e2bf9b81644a09fb8f98ebd8c3543314eb0f3c4b580c7875b3
-  data.tar.gz: 94e957eb4160eb1a20f9faeef7ef5f58e4d1adb4d6d2982878a2662247ffb17747aaa73e307121a9af3c4acebea6a624d2c644161f483a797910a90bd0f9d601
+  metadata.gz: 9d28379fdef18fd4422cf5a7e84b505a33e8e75987cd502751273b8c0bac17da51765fa7b2449c62a30e3ae366b0f88aecd9ff9828cf439c7d0c8c8778b15904
+  data.tar.gz: 2c2687d3df7d0bd9bf576fd4c34c4b09b5fb4dcdf626e7c4efeadc2f4de1fc898a9d313d458c51b47eb6e89476b5e2b3705b048ef0d8f21d303e5f32d9fb648b

data/lib/dependabot/gradle/requirement.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "dependabot/utils"
+require "dependabot/maven/requirement"
 require "dependabot/gradle/version"
 
 module Dependabot
@@ -46,7 +47,9 @@ module Dependabot
       private
 
       def self.split_java_requirement(req_string)
-        req_string.split(/(?<=\]|\)),/).flat_map do |str|
+        return [req_string] unless req_string.match?(Maven::Requirement::OR_SYNTAX)
+
+        req_string.split(Maven::Requirement::OR_SYNTAX).flat_map do |str|
           next str if str.start_with?("(", "[")
 
           exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
           raise "Can't convert multiple Java reqs to a single Ruby one"
         end
 
-        return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
-
-        convert_java_equals_req_to_ruby(req_string)
+        # NOTE: Support ruby-style version requirements that are created from
+        # PR ignore conditions
+        version_reqs = req_string.split(",").map(&:strip)
+        if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
+          convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
+        else
+          version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
+        end
       end
 
       def convert_java_range_to_ruby_range(req_string)

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -17,8 +17,6 @@ module Dependabot
         KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
         TYPE_SUFFICES = %w(jre android java).freeze
 
-        GRADLE_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
-
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, raise_on_ignored: false,
                        security_advisories:)
@@ -99,10 +97,10 @@ module Dependabot
           filtered = possible_versions
 
           ignored_versions.each do |req|
-            ignore_req = Gradle::Requirement.new(parse_requirement_string(req))
+            ignore_requirements = Gradle::Requirement.requirements_array(req)
             filtered =
               filtered.
-              reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+              reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
           end
 
           raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -128,12 +126,6 @@ module Dependabot
           end
         end
 
-        def parse_requirement_string(string)
-          return string if string.match?(GRADLE_RANGE_REGEX)
-
-          string.split(",").map(&:strip)
-        end
-
         def wants_prerelease?
           return false unless dependency.version
           return false unless version_class.correct?(dependency.version)

data/lib/dependabot/gradle/version.rb

@@ -28,7 +28,7 @@ module Dependabot
       VERSION_PATTERN =
         "[0-9a-zA-Z]+"\
         '(?>\.[0-9a-zA-Z]*)*'\
-        '([_-][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
+        '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
 
       def self.correct?(version)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.142.1
+  version: 0.143.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-16 00:00:00.000000000 Z
+date: 2021-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.1
+        version: 0.143.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.1
+        version: 0.143.4
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.1
+        version: 0.143.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.142.1
+        version: 0.143.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement