dependabot-gradle 0.161.0 → 0.163.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad4f7d7eabf850675988783e111c8e964d2c7dfc926b018102bb17359d4f4733
-  data.tar.gz: 97d101db9183217b38e1b55a47bd0e4acc9f447d6c51a54e3849cd4a50ac3116
+  metadata.gz: 76d45bc6fec79f1b60db932bf1722b2bdb9d68d64b98bf151d52da611e65b199
+  data.tar.gz: eb92541ef67df671173663fee977a33ef05ed672d90ccf515853c2434d92a2b0
 SHA512:
-  metadata.gz: 5861b74fea052fe25b30a457b3115dc04f02542c36ac8c1688fd14ffe7111f5452df862eb6c9e5616e32b16e01cfe7e996e03750d470564a5495673ea588942b
-  data.tar.gz: b73e7d53faf4b8bf150b5f3d04df968bc8d79ab18bb06f98fc313ee26567ae9c2914aa4c08c8e5e90a6b77d1ab84f8eba2ebfb6cb94557ba542da554600702cf
+  metadata.gz: b6b4fdeae1f3d956aae3be817e00c40177d49f520a00b8bc7a435b214182ee399f47b52a4193119f690216d8d2c32fee2b7e735b1df6d7d7b3db00f1e485f03b
+  data.tar.gz: 693632ea107b7b0790b7061e33ce7f3478d2990bfc893105a78aa186a20eecb1b78ff09c7648eb31ee6aa3d3403cae959370638698d2221519986c07afce0fde

data/lib/dependabot/gradle/file_fetcher.rb

@@ -28,7 +28,7 @@ module Dependabot
 
       def fetch_files
         fetched_files = []
-        fetched_files << buildfile
+        fetched_files << buildfile if buildfile
         fetched_files += subproject_buildfiles
         fetched_files += dependency_script_plugins
         check_required_files_present
@@ -46,17 +46,23 @@ module Dependabot
       def subproject_buildfiles
         return [] unless settings_file
 
-        subproject_paths =
-          SettingsFileParser.
-          new(settings_file: settings_file).
-          subproject_paths
-
-        subproject_paths.map do |path|
-          fetch_file_from_host(File.join(path, @buildfile_name))
-        rescue Dependabot::DependencyFileNotFound
-          # Gradle itself doesn't worry about missing subprojects, so we don't
-          nil
-        end.compact
+        @subproject_buildfiles ||= begin
+          subproject_paths =
+            SettingsFileParser.
+            new(settings_file: settings_file).
+            subproject_paths
+
+          subproject_paths.map do |path|
+            if @buildfile_name
+              fetch_file_from_host(File.join(path, @buildfile_name))
+            else
+              supported_file(SUPPORTED_BUILD_FILE_NAMES.map { |f| File.join(path, f) })
+            end
+          rescue Dependabot::DependencyFileNotFound
+            # Gradle itself doesn't worry about missing subprojects, so we don't
+            nil
+          end.compact
+        end
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
@@ -64,8 +70,7 @@ module Dependabot
         return [] unless buildfile
 
         dependency_plugin_paths =
-          buildfile.content.
-          scan(/apply from:\s+['"]([^'"]+)['"]/).flatten.
+          FileParser.find_include_names(buildfile).
           reject { |path| path.include?("://") }.
           reject { |path| !path.include?("/") && path.split(".").count > 2 }.
           select { |filename| filename.include?("dependencies") }.
@@ -84,7 +89,7 @@ module Dependabot
       # rubocop:enable Metrics/PerceivedComplexity
 
       def check_required_files_present
-        return if buildfile
+        return if buildfile || (subproject_buildfiles && !subproject_buildfiles.empty?)
 
         path = Pathname.new(File.join(directory, "build.gradle")).cleanpath.to_path
         path += "(.kts)?"

data/lib/dependabot/gradle/file_parser/property_value_finder.rb

@@ -96,11 +96,15 @@ module Dependabot
 
           # Look for a property in the callsite buildfile. If that fails, look
           # for the property in the top-level buildfile
-          if properties(callsite_buildfile).fetch(property_name, nil)
-            return properties(callsite_buildfile).fetch(property_name)
+          all_files = [callsite_buildfile, top_level_buildfile].concat(
+            FileParser.find_includes(callsite_buildfile, dependency_files),
+            FileParser.find_includes(top_level_buildfile, dependency_files)
+          )
+          all_files.each do |file|
+            details = properties(file).fetch(property_name, nil)
+            return details if details
           end
-
-          properties(top_level_buildfile).fetch(property_name, nil)
+          nil
         end
 
         def property_value(property_name:, callsite_buildfile:)

data/lib/dependabot/gradle/file_parser/repositories_finder.rb

@@ -12,6 +12,8 @@ module Dependabot
         # we're confident we're selecting repos correctly it's wise to include
         # it as a default.
         CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
+        GOOGLE_MAVEN_REPO = "https://maven.google.com"
+        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
 
         REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
 
@@ -32,7 +34,10 @@ module Dependabot
 
         def repository_urls
           repository_urls = []
-          repository_urls += inherited_repository_urls
+          repository_urls += inherited_repository_urls(top_level_buildfile)
+          FileParser.find_includes(top_level_buildfile, dependency_files).each do |dependency_file|
+            repository_urls += inherited_repository_urls(dependency_file)
+          end
           repository_urls += own_buildfile_repository_urls
           repository_urls = repository_urls.uniq
 
@@ -45,10 +50,10 @@ module Dependabot
 
         attr_reader :dependency_files, :target_dependency_file
 
-        def inherited_repository_urls
-          return [] unless top_level_buildfile
+        def inherited_repository_urls(dependency_file)
+          return [] unless dependency_file
 
-          buildfile_content = comment_free_content(top_level_buildfile)
+          buildfile_content = comment_free_content(dependency_file)
           subproject_blocks = []
 
           buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
@@ -93,12 +98,14 @@ module Dependabot
           end
 
           repository_blocks.each do |block|
-            repository_urls << "https://maven.google.com/" if block.match?(/\sgoogle\(/)
+            repository_urls << GOOGLE_MAVEN_REPO if block.match?(/\sgoogle\(/)
 
-            repository_urls << "https://repo.maven.apache.org/maven2/" if block.match?(/\smavenCentral\(/)
+            repository_urls << CENTRAL_REPO_URL if block.match?(/\smavenCentral\(/)
 
             repository_urls << "https://jcenter.bintray.com/" if block.match?(/\sjcenter\(/)
 
+            repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
+
             block.scan(MAVEN_REPO_REGEX) do
               repository_urls << Regexp.last_match.named_captures.fetch("url")
             end

data/lib/dependabot/gradle/file_parser.rb

@@ -49,6 +49,20 @@ module Dependabot
         dependency_set.dependencies
       end
 
+      def self.find_include_names(buildfile)
+        return [] unless buildfile
+
+        buildfile.content.
+          scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/).
+          map { |match| match[2] }
+      end
+
+      def self.find_includes(buildfile, dependency_files)
+        FileParser.find_include_names(buildfile).
+          map { |f| dependency_files.find { |bf| bf.name == f } }.
+          compact
+      end
+
       private
 
       def map_value_regex(key)
@@ -301,16 +315,13 @@ module Dependabot
       def script_plugin_files
         @script_plugin_files ||=
           buildfiles.flat_map do |buildfile|
-            buildfile.content.
-              scan(/apply from(\s+=|:)\s+['"]([^'"]+)['"]/).flatten.
-              map { |f| dependency_files.find { |bf| bf.name == f } }.
-              compact
+            FileParser.find_includes(buildfile, dependency_files)
           end.
           uniq
       end
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/file_updater.rb

@@ -40,7 +40,7 @@ module Dependabot
       private
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -13,8 +13,6 @@ module Dependabot
   module Gradle
     class UpdateChecker
       class VersionFinder
-        GOOGLE_MAVEN_REPO = "https://maven.google.com"
-        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
         KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
         TYPE_SUFFICES = %w(jre android java native_mt agp).freeze
 
@@ -59,7 +57,7 @@ module Dependabot
           version_details =
             repositories.map do |repository_details|
               url = repository_details.fetch("url")
-              next google_version_details if url == GOOGLE_MAVEN_REPO
+              next google_version_details if url == Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
 
               dependency_metadata(repository_details).css("versions > version").
                 select { |node| version_class.correct?(node.content) }.
@@ -136,10 +134,10 @@ module Dependabot
         end
 
         def google_version_details
-          url = GOOGLE_MAVEN_REPO
+          url = Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
           group_id, artifact_id = group_and_artifact_ids
 
-          dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
+          dependency_metadata_url = "#{Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO}/"\
                                     "#{group_id.tr('.', '/')}/"\
                                     "group-index.xml"
 
@@ -250,7 +248,7 @@ module Dependabot
 
         def plugin_repository_details
           [{
-            "url" => GRADLE_PLUGINS_REPO,
+            "url" => Gradle::FileParser::RepositoriesFinder::GRADLE_PLUGINS_REPO,
             "auth_headers" => {}
           }] + dependency_repository_details
         end

data/lib/dependabot/gradle/version.rb

@@ -14,7 +14,8 @@ module Dependabot
       NULL_VALUES = %w(0 final ga).freeze
       PREFIXED_TOKEN_HIERARCHY = {
         "." => { qualifier: 1, number: 4 },
-        "-" => { qualifier: 2, number: 3 }
+        "-" => { qualifier: 2, number: 3 },
+        "_" => { qualifier: 2, number: 3 }
       }.freeze
       NAMED_QUALIFIERS_HIERARCHY = {
         "a" => 1, "alpha"     => 1,
@@ -132,7 +133,7 @@ module Dependabot
       end
 
       def split_into_prefixed_tokens(version)
-        ".#{version}".split(/(?=[\-\.])/)
+        ".#{version}".split(/(?=[_\-\.])/)
       end
 
       def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.161.0
+  version: 0.163.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.163.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.163.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.163.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.161.0
+        version: 0.163.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement