dependabot-gradle 0.162.0 → 0.164.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e0660c9981bbf8014904fbb2bde509d142cb8851d4eb45194aa8472d3acb3c6
-  data.tar.gz: 04ddb5f13f795d8057e984a149f433921bfb17343491f6808cf34a2f4b60b78a
+  metadata.gz: 5b7e103d33b9dbdae9a5d6731b4b530dc35bdc7bd951ec12ebc770aa82cb3f97
+  data.tar.gz: 58c43452809caefea7d79ab909953a32d2c2e650d937f453f99d7fa7f5abea9b
 SHA512:
-  metadata.gz: 5c577400eb083e3813f21241cf2972eff3ebd06bcf3eaca357764c6a3f63842e0b254f74e1c5673550a97bfae8d728591ea835dcbf0edf010f0ba9acfc7d0287
-  data.tar.gz: 3bf33441eac7025c20417e0a7ab87d8631887254ed0a36aca88283eab275ebb9e4b330eb91adf18e8b1868305a88bfbb036c2d8c4d694882399ab4bcbc712502
+  metadata.gz: 554a254accc568cd46b613cc97a57a1452553eb799b0776f0b77d45331b1930d964dc2d56220c7a5d5a94c7701111e51c3615fb6a05532db320b43d11313ff96
+  data.tar.gz: 631315b31d790b68bfaec9c9aa252151653a40f0b1d0e468318b99e3343b8b3ed33c4156b2f7fed7ab910d9d7a79fb9b447efa5c1be258bf4eda0524efd1e4de

data/lib/dependabot/gradle/file_fetcher.rb

@@ -28,7 +28,7 @@ module Dependabot
 
       def fetch_files
         fetched_files = []
-        fetched_files << buildfile
+        fetched_files << buildfile if buildfile
         fetched_files += subproject_buildfiles
         fetched_files += dependency_script_plugins
         check_required_files_present
@@ -46,17 +46,23 @@ module Dependabot
       def subproject_buildfiles
         return [] unless settings_file
 
-        subproject_paths =
-          SettingsFileParser.
-          new(settings_file: settings_file).
-          subproject_paths
-
-        subproject_paths.map do |path|
-          fetch_file_from_host(File.join(path, @buildfile_name))
-        rescue Dependabot::DependencyFileNotFound
-          # Gradle itself doesn't worry about missing subprojects, so we don't
-          nil
-        end.compact
+        @subproject_buildfiles ||= begin
+          subproject_paths =
+            SettingsFileParser.
+            new(settings_file: settings_file).
+            subproject_paths
+
+          subproject_paths.map do |path|
+            if @buildfile_name
+              fetch_file_from_host(File.join(path, @buildfile_name))
+            else
+              supported_file(SUPPORTED_BUILD_FILE_NAMES.map { |f| File.join(path, f) })
+            end
+          rescue Dependabot::DependencyFileNotFound
+            # Gradle itself doesn't worry about missing subprojects, so we don't
+            nil
+          end.compact
+        end
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
@@ -64,8 +70,7 @@ module Dependabot
         return [] unless buildfile
 
         dependency_plugin_paths =
-          buildfile.content.
-          scan(/apply from:\s+['"]([^'"]+)['"]/).flatten.
+          FileParser.find_include_names(buildfile).
           reject { |path| path.include?("://") }.
           reject { |path| !path.include?("/") && path.split(".").count > 2 }.
           select { |filename| filename.include?("dependencies") }.
@@ -84,7 +89,7 @@ module Dependabot
       # rubocop:enable Metrics/PerceivedComplexity
 
       def check_required_files_present
-        return if buildfile
+        return if buildfile || (subproject_buildfiles && !subproject_buildfiles.empty?)
 
         path = Pathname.new(File.join(directory, "build.gradle")).cleanpath.to_path
         path += "(.kts)?"

data/lib/dependabot/gradle/file_parser/property_value_finder.rb

@@ -96,11 +96,15 @@ module Dependabot
 
           # Look for a property in the callsite buildfile. If that fails, look
           # for the property in the top-level buildfile
-          if properties(callsite_buildfile).fetch(property_name, nil)
-            return properties(callsite_buildfile).fetch(property_name)
+          all_files = [callsite_buildfile, top_level_buildfile].concat(
+            FileParser.find_includes(callsite_buildfile, dependency_files),
+            FileParser.find_includes(top_level_buildfile, dependency_files)
+          )
+          all_files.each do |file|
+            details = properties(file).fetch(property_name, nil)
+            return details if details
           end
-
-          properties(top_level_buildfile).fetch(property_name, nil)
+          nil
         end
 
         def property_value(property_name:, callsite_buildfile:)

data/lib/dependabot/gradle/file_parser/repositories_finder.rb

@@ -12,6 +12,8 @@ module Dependabot
         # we're confident we're selecting repos correctly it's wise to include
         # it as a default.
         CENTRAL_REPO_URL = "https://repo.maven.apache.org/maven2"
+        GOOGLE_MAVEN_REPO = "https://maven.google.com"
+        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
 
         REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/.freeze
 
@@ -32,7 +34,10 @@ module Dependabot
 
         def repository_urls
           repository_urls = []
-          repository_urls += inherited_repository_urls
+          repository_urls += inherited_repository_urls(top_level_buildfile)
+          FileParser.find_includes(top_level_buildfile, dependency_files).each do |dependency_file|
+            repository_urls += inherited_repository_urls(dependency_file)
+          end
           repository_urls += own_buildfile_repository_urls
           repository_urls = repository_urls.uniq
 
@@ -45,10 +50,10 @@ module Dependabot
 
         attr_reader :dependency_files, :target_dependency_file
 
-        def inherited_repository_urls
-          return [] unless top_level_buildfile
+        def inherited_repository_urls(dependency_file)
+          return [] unless dependency_file
 
-          buildfile_content = comment_free_content(top_level_buildfile)
+          buildfile_content = comment_free_content(dependency_file)
           subproject_blocks = []
 
           buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
@@ -93,12 +98,14 @@ module Dependabot
           end
 
           repository_blocks.each do |block|
-            repository_urls << "https://maven.google.com/" if block.match?(/\sgoogle\(/)
+            repository_urls << GOOGLE_MAVEN_REPO if block.match?(/\sgoogle\(/)
 
-            repository_urls << "https://repo.maven.apache.org/maven2/" if block.match?(/\smavenCentral\(/)
+            repository_urls << CENTRAL_REPO_URL if block.match?(/\smavenCentral\(/)
 
             repository_urls << "https://jcenter.bintray.com/" if block.match?(/\sjcenter\(/)
 
+            repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
+
             block.scan(MAVEN_REPO_REGEX) do
               repository_urls << Regexp.last_match.named_captures.fetch("url")
             end

data/lib/dependabot/gradle/file_parser.rb

@@ -49,6 +49,20 @@ module Dependabot
         dependency_set.dependencies
       end
 
+      def self.find_include_names(buildfile)
+        return [] unless buildfile
+
+        buildfile.content.
+          scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/).
+          map { |match| match[2] }
+      end
+
+      def self.find_includes(buildfile, dependency_files)
+        FileParser.find_include_names(buildfile).
+          map { |f| dependency_files.find { |bf| bf.name == f } }.
+          compact
+      end
+
       private
 
       def map_value_regex(key)
@@ -301,16 +315,13 @@ module Dependabot
       def script_plugin_files
         @script_plugin_files ||=
           buildfiles.flat_map do |buildfile|
-            buildfile.content.
-              scan(/apply from(\s+=|:)\s+['"]([^'"]+)['"]/).flatten.
-              map { |f| dependency_files.find { |bf| bf.name == f } }.
-              compact
+            FileParser.find_includes(buildfile, dependency_files)
           end.
           uniq
       end
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/file_updater.rb

@@ -40,7 +40,7 @@ module Dependabot
       private
 
       def check_required_files
-        raise "No build.gradle or build.gradle.kts!" unless original_file
+        raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
       def original_file

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -13,8 +13,6 @@ module Dependabot
   module Gradle
     class UpdateChecker
       class VersionFinder
-        GOOGLE_MAVEN_REPO = "https://maven.google.com"
-        GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
         KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
         TYPE_SUFFICES = %w(jre android java native_mt agp).freeze
 
@@ -59,7 +57,7 @@ module Dependabot
           version_details =
             repositories.map do |repository_details|
               url = repository_details.fetch("url")
-              next google_version_details if url == GOOGLE_MAVEN_REPO
+              next google_version_details if url == Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
 
               dependency_metadata(repository_details).css("versions > version").
                 select { |node| version_class.correct?(node.content) }.
@@ -136,10 +134,10 @@ module Dependabot
         end
 
         def google_version_details
-          url = GOOGLE_MAVEN_REPO
+          url = Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
           group_id, artifact_id = group_and_artifact_ids
 
-          dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
+          dependency_metadata_url = "#{Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO}/"\
                                     "#{group_id.tr('.', '/')}/"\
                                     "group-index.xml"
 
@@ -250,7 +248,7 @@ module Dependabot
 
         def plugin_repository_details
           [{
-            "url" => GRADLE_PLUGINS_REPO,
+            "url" => Gradle::FileParser::RepositoriesFinder::GRADLE_PLUGINS_REPO,
             "auth_headers" => {}
           }] + dependency_repository_details
         end

data/lib/dependabot/gradle/version.rb

@@ -14,7 +14,8 @@ module Dependabot
       NULL_VALUES = %w(0 final ga).freeze
       PREFIXED_TOKEN_HIERARCHY = {
         "." => { qualifier: 1, number: 4 },
-        "-" => { qualifier: 2, number: 3 }
+        "-" => { qualifier: 2, number: 3 },
+        "_" => { qualifier: 2, number: 3 }
       }.freeze
       NAMED_QUALIFIERS_HIERARCHY = {
         "a" => 1, "alpha"     => 1,
@@ -132,7 +133,7 @@ module Dependabot
       end
 
       def split_into_prefixed_tokens(version)
-        ".#{version}".split(/(?=[\-\.])/)
+        ".#{version}".split(/(?=[_\-\.])/)
       end
 
       def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.162.0
+  version: 0.164.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-07 00:00:00.000000000 Z
+date: 2021-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.0
+        version: 0.164.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.0
+        version: 0.164.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.0
+        version: 0.164.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.162.0
+        version: 0.164.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement