dependabot-gradle 0.160.1 → 0.162.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_fetcher.rb +1 -2
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +8 -4
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +7 -4
- data/lib/dependabot/gradle/file_parser.rb +15 -4
- data/lib/dependabot/gradle/version.rb +3 -2
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee0abc801d0d0c61a8d55e4ce75f0eb0c20f14af92766fd7097fe351a45aaaf8
|
|
4
|
+
data.tar.gz: 0e92668e917ff0b8bb7740a641f6d205e65251537c42f25084c2664e889f36cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4b06b98fc488a40fca9ff8b23316c01423004d916d2c919a1623976110c79a8d83ce032b84b962814c7489e7e2341c24f448202f88b4ea72ab8b6f83b6d7720b
|
|
7
|
+
data.tar.gz: 421477c81cb6ffc4ca5c2f26e3eee4683dd26d4780361232f828b8751ad8df50cfa167ca4ba1fe273690e4df468660c938abf3c8410f12313f183382f6ff3321
|
|
@@ -64,8 +64,7 @@ module Dependabot
|
|
|
64
64
|
return [] unless buildfile
|
|
65
65
|
|
|
66
66
|
dependency_plugin_paths =
|
|
67
|
-
buildfile.
|
|
68
|
-
scan(/apply from:\s+['"]([^'"]+)['"]/).flatten.
|
|
67
|
+
FileParser.find_include_names(buildfile).
|
|
69
68
|
reject { |path| path.include?("://") }.
|
|
70
69
|
reject { |path| !path.include?("/") && path.split(".").count > 2 }.
|
|
71
70
|
select { |filename| filename.include?("dependencies") }.
|
|
@@ -96,11 +96,15 @@ module Dependabot
|
|
|
96
96
|
|
|
97
97
|
# Look for a property in the callsite buildfile. If that fails, look
|
|
98
98
|
# for the property in the top-level buildfile
|
|
99
|
-
|
|
100
|
-
|
|
99
|
+
all_files = [callsite_buildfile, top_level_buildfile].concat(
|
|
100
|
+
FileParser.find_includes(callsite_buildfile, dependency_files),
|
|
101
|
+
FileParser.find_includes(top_level_buildfile, dependency_files)
|
|
102
|
+
)
|
|
103
|
+
all_files.each do |file|
|
|
104
|
+
details = properties(file).fetch(property_name, nil)
|
|
105
|
+
return details if details
|
|
101
106
|
end
|
|
102
|
-
|
|
103
|
-
properties(top_level_buildfile).fetch(property_name, nil)
|
|
107
|
+
nil
|
|
104
108
|
end
|
|
105
109
|
|
|
106
110
|
def property_value(property_name:, callsite_buildfile:)
|
|
@@ -32,7 +32,10 @@ module Dependabot
|
|
|
32
32
|
|
|
33
33
|
def repository_urls
|
|
34
34
|
repository_urls = []
|
|
35
|
-
repository_urls += inherited_repository_urls
|
|
35
|
+
repository_urls += inherited_repository_urls(top_level_buildfile)
|
|
36
|
+
FileParser.find_includes(top_level_buildfile, dependency_files).each do |dependency_file|
|
|
37
|
+
repository_urls += inherited_repository_urls(dependency_file)
|
|
38
|
+
end
|
|
36
39
|
repository_urls += own_buildfile_repository_urls
|
|
37
40
|
repository_urls = repository_urls.uniq
|
|
38
41
|
|
|
@@ -45,10 +48,10 @@ module Dependabot
|
|
|
45
48
|
|
|
46
49
|
attr_reader :dependency_files, :target_dependency_file
|
|
47
50
|
|
|
48
|
-
def inherited_repository_urls
|
|
49
|
-
return [] unless
|
|
51
|
+
def inherited_repository_urls(dependency_file)
|
|
52
|
+
return [] unless dependency_file
|
|
50
53
|
|
|
51
|
-
buildfile_content = comment_free_content(
|
|
54
|
+
buildfile_content = comment_free_content(dependency_file)
|
|
52
55
|
subproject_blocks = []
|
|
53
56
|
|
|
54
57
|
buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
|
|
@@ -49,6 +49,20 @@ module Dependabot
|
|
|
49
49
|
dependency_set.dependencies
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
+
def self.find_include_names(buildfile)
|
|
53
|
+
return [] unless buildfile
|
|
54
|
+
|
|
55
|
+
buildfile.content.
|
|
56
|
+
scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/).
|
|
57
|
+
map { |match| match[2] }
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def self.find_includes(buildfile, dependency_files)
|
|
61
|
+
FileParser.find_include_names(buildfile).
|
|
62
|
+
map { |f| dependency_files.find { |bf| bf.name == f } }.
|
|
63
|
+
compact
|
|
64
|
+
end
|
|
65
|
+
|
|
52
66
|
private
|
|
53
67
|
|
|
54
68
|
def map_value_regex(key)
|
|
@@ -301,10 +315,7 @@ module Dependabot
|
|
|
301
315
|
def script_plugin_files
|
|
302
316
|
@script_plugin_files ||=
|
|
303
317
|
buildfiles.flat_map do |buildfile|
|
|
304
|
-
buildfile
|
|
305
|
-
scan(/apply from(\s+=|:)\s+['"]([^'"]+)['"]/).flatten.
|
|
306
|
-
map { |f| dependency_files.find { |bf| bf.name == f } }.
|
|
307
|
-
compact
|
|
318
|
+
FileParser.find_includes(buildfile, dependency_files)
|
|
308
319
|
end.
|
|
309
320
|
uniq
|
|
310
321
|
end
|
|
@@ -14,7 +14,8 @@ module Dependabot
|
|
|
14
14
|
NULL_VALUES = %w(0 final ga).freeze
|
|
15
15
|
PREFIXED_TOKEN_HIERARCHY = {
|
|
16
16
|
"." => { qualifier: 1, number: 4 },
|
|
17
|
-
"-" => { qualifier: 2, number: 3 }
|
|
17
|
+
"-" => { qualifier: 2, number: 3 },
|
|
18
|
+
"_" => { qualifier: 2, number: 3 }
|
|
18
19
|
}.freeze
|
|
19
20
|
NAMED_QUALIFIERS_HIERARCHY = {
|
|
20
21
|
"a" => 1, "alpha" => 1,
|
|
@@ -132,7 +133,7 @@ module Dependabot
|
|
|
132
133
|
end
|
|
133
134
|
|
|
134
135
|
def split_into_prefixed_tokens(version)
|
|
135
|
-
".#{version}".split(/(?=[\-\.])/)
|
|
136
|
+
".#{version}".split(/(?=[_\-\.])/)
|
|
136
137
|
end
|
|
137
138
|
|
|
138
139
|
def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.162.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.162.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.162.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: dependabot-maven
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.162.2
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.162.2
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: byebug
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|