dependabot-gradle 0.211.0 → 0.213.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb +10 -1
- data/lib/dependabot/gradle/file_fetcher.rb +79 -51
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +21 -34
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +4 -7
- data/lib/dependabot/gradle/file_parser.rb +19 -19
- data/lib/dependabot/gradle/metadata_finder.rb +2 -2
- data/lib/dependabot/gradle/requirement.rb +2 -3
- data/lib/dependabot/gradle/update_checker/version_finder.rb +7 -7
- data/lib/dependabot/gradle/version.rb +5 -5
- metadata +16 -44
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0fca8a86a99ff839c2a950ce045feffc4deb167ea7d45afb649d9c29c381b349
|
|
4
|
+
data.tar.gz: 99d3c12427a0dc2a89956f5dc27499e6176dc76c9b734b47a6e9fc7799616b2a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7aa6c8213da114c8ae5bfe35918f4cb045f18d0b5981617b38cf660bbc544b1767958dceb737c6fe51926327a474a6605092cb02f0ac32e41877d28947dac22d
|
|
7
|
+
data.tar.gz: e97bed5144eee699defa0a2c35138529a6cd829c837ea479ac69355a87a7d2602f9e0367799dcd54bf565a1099df6d922865e2e0149268fce9fa720a7743528d
|
|
@@ -10,13 +10,22 @@ module Dependabot
|
|
|
10
10
|
@settings_file = settings_file
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
+
def included_build_paths
|
|
14
|
+
paths = []
|
|
15
|
+
comment_free_content.scan(function_regex("includeBuild")) do
|
|
16
|
+
arg = Regexp.last_match.named_captures.fetch("args")
|
|
17
|
+
paths << arg.gsub(/["']/, "").strip
|
|
18
|
+
end
|
|
19
|
+
paths.uniq
|
|
20
|
+
end
|
|
21
|
+
|
|
13
22
|
def subproject_paths
|
|
14
23
|
subprojects = []
|
|
15
24
|
|
|
16
25
|
comment_free_content.scan(function_regex("include")) do
|
|
17
26
|
args = Regexp.last_match.named_captures.fetch("args")
|
|
18
27
|
args = args.split(",")
|
|
19
|
-
args = args.
|
|
28
|
+
args = args.filter_map { |p| p.gsub(/["']/, "").strip }
|
|
20
29
|
subprojects += args
|
|
21
30
|
end
|
|
22
31
|
|
|
@@ -27,72 +27,89 @@ module Dependabot
|
|
|
27
27
|
private
|
|
28
28
|
|
|
29
29
|
def fetch_files
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
fetched_files += subproject_buildfiles
|
|
34
|
-
fetched_files += dependency_script_plugins
|
|
35
|
-
check_required_files_present
|
|
36
|
-
fetched_files
|
|
30
|
+
files = all_buildfiles_in_build(".")
|
|
31
|
+
check_required_files_present(files)
|
|
32
|
+
files
|
|
37
33
|
end
|
|
38
34
|
|
|
39
|
-
def
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
35
|
+
def all_buildfiles_in_build(root_dir)
|
|
36
|
+
files = [buildfile(root_dir), settings_file(root_dir)].compact
|
|
37
|
+
files += subproject_buildfiles(root_dir)
|
|
38
|
+
files += dependency_script_plugins(root_dir)
|
|
39
|
+
files + included_builds(root_dir).
|
|
40
|
+
flat_map { |dir| all_buildfiles_in_build(dir) }
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def included_builds(root_dir)
|
|
44
|
+
builds = []
|
|
45
|
+
|
|
46
|
+
# buildSrc is implicit: included but not declared in settings.gradle
|
|
47
|
+
buildsrc = repo_contents(dir: root_dir, raise_errors: false).
|
|
48
|
+
find { |item| item.type == "dir" && item.name == "buildSrc" }
|
|
49
|
+
builds << clean_join(root_dir, "buildSrc") if buildsrc
|
|
50
|
+
|
|
51
|
+
return builds unless settings_file(root_dir)
|
|
52
|
+
|
|
53
|
+
builds += SettingsFileParser.
|
|
54
|
+
new(settings_file: settings_file(root_dir)).
|
|
55
|
+
included_build_paths.
|
|
56
|
+
map { |p| clean_join(root_dir, p) }
|
|
57
|
+
|
|
58
|
+
builds.uniq
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def clean_join(*parts)
|
|
62
|
+
Pathname.new(File.join(*parts)).cleanpath.to_path
|
|
45
63
|
end
|
|
46
64
|
|
|
47
|
-
def subproject_buildfiles
|
|
48
|
-
return [] unless settings_file
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
nil
|
|
65
|
-
end.compact
|
|
65
|
+
def subproject_buildfiles(root_dir)
|
|
66
|
+
return [] unless settings_file(root_dir)
|
|
67
|
+
|
|
68
|
+
subproject_paths =
|
|
69
|
+
SettingsFileParser.
|
|
70
|
+
new(settings_file: settings_file(root_dir)).
|
|
71
|
+
subproject_paths
|
|
72
|
+
|
|
73
|
+
subproject_paths.filter_map do |path|
|
|
74
|
+
if @buildfile_name
|
|
75
|
+
fetch_file_from_host(File.join(root_dir, path, @buildfile_name))
|
|
76
|
+
else
|
|
77
|
+
buildfile(File.join(root_dir, path))
|
|
78
|
+
end
|
|
79
|
+
rescue Dependabot::DependencyFileNotFound
|
|
80
|
+
# Gradle itself doesn't worry about missing subprojects, so we don't
|
|
81
|
+
nil
|
|
66
82
|
end
|
|
67
83
|
end
|
|
68
84
|
|
|
69
85
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
70
|
-
def dependency_script_plugins
|
|
71
|
-
return [] unless buildfile
|
|
86
|
+
def dependency_script_plugins(root_dir)
|
|
87
|
+
return [] unless buildfile(root_dir)
|
|
72
88
|
|
|
73
89
|
dependency_plugin_paths =
|
|
74
|
-
FileParser.find_include_names(buildfile).
|
|
90
|
+
FileParser.find_include_names(buildfile(root_dir)).
|
|
75
91
|
reject { |path| path.include?("://") }.
|
|
76
92
|
reject { |path| !path.include?("/") && path.split(".").count > 2 }.
|
|
77
93
|
select { |filename| filename.include?("dependencies") }.
|
|
78
94
|
map { |path| path.gsub("$rootDir", ".") }.
|
|
95
|
+
map { |path| File.join(root_dir, path) }.
|
|
79
96
|
uniq
|
|
80
97
|
|
|
81
|
-
dependency_plugin_paths.
|
|
98
|
+
dependency_plugin_paths.filter_map do |path|
|
|
82
99
|
fetch_file_from_host(path)
|
|
83
100
|
rescue Dependabot::DependencyFileNotFound
|
|
84
101
|
next nil if file_exists_in_submodule?(path)
|
|
85
102
|
next nil if path.include?("${")
|
|
86
103
|
|
|
87
104
|
raise
|
|
88
|
-
end
|
|
105
|
+
end
|
|
89
106
|
end
|
|
90
107
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
91
108
|
|
|
92
|
-
def check_required_files_present
|
|
93
|
-
return if
|
|
109
|
+
def check_required_files_present(files)
|
|
110
|
+
return if files.any?
|
|
94
111
|
|
|
95
|
-
path =
|
|
112
|
+
path = clean_join(directory, "build.gradle")
|
|
96
113
|
path += "(.kts)?"
|
|
97
114
|
raise Dependabot::DependencyFileNotFound, path
|
|
98
115
|
end
|
|
@@ -104,24 +121,35 @@ module Dependabot
|
|
|
104
121
|
false
|
|
105
122
|
end
|
|
106
123
|
|
|
107
|
-
def
|
|
108
|
-
|
|
124
|
+
def buildfile(dir)
|
|
125
|
+
file = find_first(dir, SUPPORTED_BUILD_FILE_NAMES) || return
|
|
126
|
+
@buildfile_name ||= File.basename(file.name)
|
|
127
|
+
file
|
|
109
128
|
end
|
|
110
129
|
|
|
111
|
-
def
|
|
112
|
-
|
|
130
|
+
def settings_file(dir)
|
|
131
|
+
find_first(dir, SUPPORTED_SETTINGS_FILE_NAMES)
|
|
113
132
|
end
|
|
114
133
|
|
|
115
|
-
def
|
|
116
|
-
|
|
134
|
+
def find_first(dir, supported_names)
|
|
135
|
+
paths = supported_names.
|
|
136
|
+
map { |name| clean_join(dir, name) }.
|
|
137
|
+
each do |path|
|
|
138
|
+
return cached_files[path] || next
|
|
139
|
+
end
|
|
140
|
+
fetch_first_if_present(paths)
|
|
117
141
|
end
|
|
118
142
|
|
|
119
|
-
def
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
return file if file
|
|
123
|
-
end
|
|
143
|
+
def cached_files
|
|
144
|
+
@cached_files ||= {}
|
|
145
|
+
end
|
|
124
146
|
|
|
147
|
+
def fetch_first_if_present(paths)
|
|
148
|
+
paths.each do |path|
|
|
149
|
+
file = fetch_file_if_present(path) || next
|
|
150
|
+
cached_files[path] = file
|
|
151
|
+
return file
|
|
152
|
+
end
|
|
125
153
|
nil
|
|
126
154
|
end
|
|
127
155
|
end
|
|
@@ -9,71 +9,58 @@ module Dependabot
|
|
|
9
9
|
# rubocop:disable Layout/LineLength
|
|
10
10
|
SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
|
|
11
11
|
|
|
12
|
-
QUOTED_VALUE_REGEX =
|
|
13
|
-
/\s*['"][^\s]+['"]\s*/.freeze
|
|
12
|
+
QUOTED_VALUE_REGEX = /\s*['"][^\s]+['"]\s*/
|
|
14
13
|
|
|
15
14
|
# project.findProperty('property') ?:
|
|
16
|
-
FIND_PROPERTY_REGEX =
|
|
17
|
-
/\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/.freeze
|
|
15
|
+
FIND_PROPERTY_REGEX = /\s*project\.findProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?:/
|
|
18
16
|
|
|
19
17
|
# project.hasProperty('property') ? project.getProperty('property') :
|
|
20
18
|
GROOVY_HAS_PROPERTY_REGEX =
|
|
21
|
-
/\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s
|
|
19
|
+
/\s*project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\s*\?\s*project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s*:/
|
|
22
20
|
|
|
23
21
|
# if(project.hasProperty("property")) project.getProperty("property") else
|
|
24
22
|
KOTLIN_HAS_PROPERTY_REGEX =
|
|
25
|
-
/\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s
|
|
23
|
+
/\s*if\s*\(project\.hasProperty\(#{QUOTED_VALUE_REGEX}\)\)\s+project\.getProperty\(#{QUOTED_VALUE_REGEX}\)\s+else\s+/
|
|
26
24
|
|
|
27
|
-
GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
|
|
28
|
-
/(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/.freeze
|
|
25
|
+
GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = /(?:#{FIND_PROPERTY_REGEX}|#{GROOVY_HAS_PROPERTY_REGEX})?/
|
|
29
26
|
|
|
30
|
-
KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
|
|
31
|
-
/(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/.freeze
|
|
27
|
+
KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX = /(?:#{FIND_PROPERTY_REGEX}|#{KOTLIN_HAS_PROPERTY_REGEX})?/
|
|
32
28
|
|
|
33
29
|
PROPERTY_DECLARATION_AS_DEFAULTS_REGEX =
|
|
34
|
-
/(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})
|
|
30
|
+
/(#{GROOVY_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}|#{KOTLIN_PROPERTY_DECLARATION_AS_DEFAULTS_REGEX})?/
|
|
35
31
|
|
|
36
|
-
VALUE_REGEX =
|
|
37
|
-
/#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/.freeze
|
|
32
|
+
VALUE_REGEX = /#{PROPERTY_DECLARATION_AS_DEFAULTS_REGEX}\s*['"](?<value>[^\s]+)['"]/
|
|
38
33
|
|
|
39
|
-
GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX =
|
|
40
|
-
/(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{VALUE_REGEX}/.freeze
|
|
34
|
+
GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX = /(?:^|\s+|ext.)(?<name>[^\s=]+)\s*=#{VALUE_REGEX}/
|
|
41
35
|
|
|
42
|
-
KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX =
|
|
43
|
-
/\s*extra\[['"](?<name>[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/.freeze
|
|
36
|
+
KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX = /\s*extra\[['"](?<name>[^\s=]+)['"]\]\s*=#{VALUE_REGEX}/
|
|
44
37
|
|
|
45
|
-
KOTLIN_SINGLE_PROPERTY_SET_REGEX =
|
|
46
|
-
/\s*set\(['"](?<name>[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/.freeze
|
|
38
|
+
KOTLIN_SINGLE_PROPERTY_SET_REGEX = /\s*set\(['"](?<name>[^\s=]+)['"]\s*,#{VALUE_REGEX}\)/
|
|
47
39
|
|
|
48
|
-
KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX =
|
|
49
|
-
/\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/.freeze
|
|
40
|
+
KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX = /\s*extra\.#{KOTLIN_SINGLE_PROPERTY_SET_REGEX}/
|
|
50
41
|
|
|
51
42
|
KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX =
|
|
52
|
-
/(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})
|
|
43
|
+
/(#{KOTLIN_SINGLE_PROPERTY_INDEX_DECLARATION_REGEX}|#{KOTLIN_SINGLE_PROPERTY_SET_DECLARATION_REGEX})/
|
|
53
44
|
|
|
54
45
|
SINGLE_PROPERTY_DECLARATION_REGEX =
|
|
55
|
-
/(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})
|
|
46
|
+
/(#{KOTLIN_SINGLE_PROPERTY_DECLARATION_REGEX}|#{GROOVY_SINGLE_PROPERTY_DECLARATION_REGEX})/
|
|
56
47
|
|
|
57
|
-
GROOVY_MULTI_PROPERTY_DECLARATION_REGEX =
|
|
58
|
-
/(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m.freeze
|
|
48
|
+
GROOVY_MULTI_PROPERTY_DECLARATION_REGEX = /(?:^|\s+|ext.)(?<namespace>[^\s=]+)\s*=\s*\[(?<values>[^\]]+)\]/m
|
|
59
49
|
|
|
60
|
-
KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX =
|
|
61
|
-
/\s*(?<namespace>[^\s=]+)\.apply\s*{(?<values>[^\]]+)}/m.freeze
|
|
50
|
+
KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX = /\s*(?<namespace>[^\s=]+)\.apply\s*{(?<values>[^\]]+)}/m
|
|
62
51
|
|
|
63
52
|
KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX =
|
|
64
|
-
/\s*extra\[['"](?<namespace>[^\s=]+)['"]\]\s*=\s*mapOf\((?<values>[^\]]+)\)/m
|
|
53
|
+
/\s*extra\[['"](?<namespace>[^\s=]+)['"]\]\s*=\s*mapOf\((?<values>[^\]]+)\)/m
|
|
65
54
|
|
|
66
55
|
MULTI_PROPERTY_DECLARATION_REGEX =
|
|
67
|
-
/(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})
|
|
56
|
+
/(#{KOTLIN_MULTI_PROPERTY_DECLARATION_REGEX}|#{GROOVY_MULTI_PROPERTY_DECLARATION_REGEX})/
|
|
68
57
|
|
|
69
|
-
KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX =
|
|
70
|
-
/(?:^|\s+)['"](?<name>[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/.freeze
|
|
58
|
+
KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX = /(?:^|\s+)['"](?<name>[^\s:]+)['"]\s*to#{VALUE_REGEX}\s*/
|
|
71
59
|
|
|
72
|
-
REGULAR_NAMESPACED_DECLARATION_REGEX =
|
|
73
|
-
/(?:^|\s+)(?<name>[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/.freeze
|
|
60
|
+
REGULAR_NAMESPACED_DECLARATION_REGEX = /(?:^|\s+)(?<name>[^\s:]+)\s*[:=]#{VALUE_REGEX}\s*/
|
|
74
61
|
|
|
75
62
|
NAMESPACED_DECLARATION_REGEX =
|
|
76
|
-
/(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})
|
|
63
|
+
/(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/
|
|
77
64
|
# rubocop:enable Layout/LineLength
|
|
78
65
|
|
|
79
66
|
def initialize(dependency_files:)
|
|
@@ -15,16 +15,13 @@ module Dependabot
|
|
|
15
15
|
GOOGLE_MAVEN_REPO = "https://maven.google.com"
|
|
16
16
|
GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
|
|
17
17
|
|
|
18
|
-
REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{
|
|
18
|
+
REPOSITORIES_BLOCK_START = /(?:^|\s)repositories\s*\{/
|
|
19
19
|
|
|
20
|
-
GROOVY_MAVEN_REPO_REGEX =
|
|
21
|
-
/maven\s*\{[^\}]*\surl[\s\(]=?[^'"]*['"](?<url>[^'"]+)['"]/.freeze
|
|
20
|
+
GROOVY_MAVEN_REPO_REGEX = /maven\s*\{[^\}]*\surl[\s\(]=?[^'"]*['"](?<url>[^'"]+)['"]/
|
|
22
21
|
|
|
23
|
-
KOTLIN_MAVEN_REPO_REGEX =
|
|
24
|
-
/maven\((url\s?\=\s?)?["](?<url>[^"]+)["]\)/.freeze
|
|
22
|
+
KOTLIN_MAVEN_REPO_REGEX = /maven\((url\s?\=\s?)?["](?<url>[^"]+)["]\)/
|
|
25
23
|
|
|
26
|
-
MAVEN_REPO_REGEX =
|
|
27
|
-
/(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/.freeze
|
|
24
|
+
MAVEN_REPO_REGEX = /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/
|
|
28
25
|
|
|
29
26
|
def initialize(dependency_files:, target_dependency_file:)
|
|
30
27
|
@dependency_files = dependency_files
|
|
@@ -25,18 +25,16 @@ module Dependabot
|
|
|
25
25
|
(?:\$\{property\((?<property_name>[^:\s]*?)\)\})|
|
|
26
26
|
(?:\$\{(?<property_name>[^:\s]*?)\})|
|
|
27
27
|
(?:\$(?<property_name>[^:\s"']*))
|
|
28
|
-
/x
|
|
29
|
-
|
|
30
|
-
PART = %r{[^\s,@'":/\\]+}
|
|
31
|
-
VSN_PART = %r{[^\s,'":/\\]+}
|
|
32
|
-
DEPENDENCY_DECLARATION_REGEX =
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
|
|
39
|
-
PLUGIN_ID_REGEX = /['"](?<id>#{PART})['"]/.freeze
|
|
28
|
+
/x
|
|
29
|
+
|
|
30
|
+
PART = %r{[^\s,@'":/\\]+}
|
|
31
|
+
VSN_PART = %r{[^\s,'":/\\]+}
|
|
32
|
+
DEPENDENCY_DECLARATION_REGEX = /(?:\(|\s)\s*['"](?<declaration>#{PART}:#{PART}:#{VSN_PART})['"]/
|
|
33
|
+
|
|
34
|
+
DEPENDENCY_SET_DECLARATION_REGEX = /(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/
|
|
35
|
+
DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?<name>#{PART})['"]/
|
|
36
|
+
PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/
|
|
37
|
+
PLUGIN_ID_REGEX = /['"](?<id>#{PART})['"]/
|
|
40
38
|
|
|
41
39
|
def parse
|
|
42
40
|
dependency_set = DependencySet.new
|
|
@@ -59,8 +57,7 @@ module Dependabot
|
|
|
59
57
|
|
|
60
58
|
def self.find_includes(buildfile, dependency_files)
|
|
61
59
|
FileParser.find_include_names(buildfile).
|
|
62
|
-
|
|
63
|
-
compact
|
|
60
|
+
filter_map { |f| dependency_files.find { |bf| bf.name == f } }
|
|
64
61
|
end
|
|
65
62
|
|
|
66
63
|
private
|
|
@@ -161,11 +158,10 @@ module Dependabot
|
|
|
161
158
|
|
|
162
159
|
plugin_blocks.each do |blk|
|
|
163
160
|
blk.lines.each do |line|
|
|
164
|
-
name_regex = /(id|kotlin)(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/
|
|
161
|
+
name_regex = /(id|kotlin)(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/o
|
|
165
162
|
name = line.match(name_regex)&.named_captures&.fetch("id")
|
|
166
|
-
version_regex = /version\s+['"](?<version>#{VSN_PART})['"]
|
|
167
|
-
version = line.match(version_regex)&.named_captures&.
|
|
168
|
-
fetch("version")
|
|
163
|
+
version_regex = /version\s+['"]?(?<version>#{VSN_PART})['"]?/o
|
|
164
|
+
version = format_plugin_version(line.match(version_regex)&.named_captures&.fetch("version"))
|
|
169
165
|
next unless name && version
|
|
170
166
|
|
|
171
167
|
details = { name: name, group: "plugins", extra_groups: extra_groups(line), version: version }
|
|
@@ -177,8 +173,12 @@ module Dependabot
|
|
|
177
173
|
dependency_set
|
|
178
174
|
end
|
|
179
175
|
|
|
176
|
+
def format_plugin_version(version)
|
|
177
|
+
version&.match?(/^\w+$/) ? "$#{version}" : version
|
|
178
|
+
end
|
|
179
|
+
|
|
180
180
|
def extra_groups(line)
|
|
181
|
-
line.match(/kotlin(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/) ? ["kotlin"] : []
|
|
181
|
+
line.match?(/kotlin(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/o) ? ["kotlin"] : []
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
def argument_from_string(string, arg_name)
|
|
@@ -11,8 +11,8 @@ require "dependabot/registry_client"
|
|
|
11
11
|
module Dependabot
|
|
12
12
|
module Gradle
|
|
13
13
|
class MetadataFinder < Dependabot::MetadataFinders::Base
|
|
14
|
-
DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
|
|
15
|
-
PROPERTY_REGEX = /\$\{(?<property>.*?)\}
|
|
14
|
+
DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
|
|
15
|
+
PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
|
|
16
16
|
KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
|
|
17
17
|
|
|
18
18
|
private
|
|
@@ -8,9 +8,8 @@ module Dependabot
|
|
|
8
8
|
module Gradle
|
|
9
9
|
class Requirement < Gem::Requirement
|
|
10
10
|
quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
|
|
11
|
-
PATTERN_RAW =
|
|
12
|
-
|
|
13
|
-
PATTERN = /\A#{PATTERN_RAW}\z/.freeze
|
|
11
|
+
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gradle::Version::VERSION_PATTERN})\\s*"
|
|
12
|
+
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
14
13
|
|
|
15
14
|
def self.parse(obj)
|
|
16
15
|
return ["=", Gradle::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
@@ -137,8 +137,8 @@ module Dependabot
|
|
|
137
137
|
url = Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
|
|
138
138
|
group_id, artifact_id = group_and_artifact_ids
|
|
139
139
|
|
|
140
|
-
dependency_metadata_url = "#{Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO}/"\
|
|
141
|
-
"#{group_id.tr('.', '/')}/"\
|
|
140
|
+
dependency_metadata_url = "#{Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO}/" \
|
|
141
|
+
"#{group_id.tr('.', '/')}/" \
|
|
142
142
|
"group-index.xml"
|
|
143
143
|
|
|
144
144
|
@google_version_details ||=
|
|
@@ -185,7 +185,7 @@ module Dependabot
|
|
|
185
185
|
end
|
|
186
186
|
|
|
187
187
|
def check_response(response, repository_url)
|
|
188
|
-
return unless
|
|
188
|
+
return unless response.status == 401 || response.status == 403
|
|
189
189
|
return if @forbidden_urls.include?(repository_url)
|
|
190
190
|
return if central_repo_urls.include?(repository_url)
|
|
191
191
|
|
|
@@ -277,10 +277,10 @@ module Dependabot
|
|
|
277
277
|
group_id, artifact_id = group_and_artifact_ids
|
|
278
278
|
group_id = "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{group_id}" if kotlin_plugin?
|
|
279
279
|
|
|
280
|
-
"#{repository_url}/"\
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
280
|
+
"#{repository_url}/" \
|
|
281
|
+
"#{group_id.tr('.', '/')}/" \
|
|
282
|
+
"#{artifact_id}/" \
|
|
283
|
+
"maven-metadata.xml"
|
|
284
284
|
end
|
|
285
285
|
|
|
286
286
|
def group_and_artifact_ids
|
|
@@ -27,10 +27,10 @@ module Dependabot
|
|
|
27
27
|
"sp" => 7
|
|
28
28
|
}.freeze
|
|
29
29
|
VERSION_PATTERN =
|
|
30
|
-
"[0-9a-zA-Z]+"\
|
|
31
|
-
'(?>\.[0-9a-zA-Z]*)*'\
|
|
30
|
+
"[0-9a-zA-Z]+" \
|
|
31
|
+
'(?>\.[0-9a-zA-Z]*)*' \
|
|
32
32
|
'([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
|
|
33
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z
|
|
33
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
|
34
34
|
|
|
35
35
|
def self.correct?(version)
|
|
36
36
|
return false if version.nil?
|
|
@@ -117,11 +117,11 @@ module Dependabot
|
|
|
117
117
|
end
|
|
118
118
|
|
|
119
119
|
def trim_version(version)
|
|
120
|
-
version.split("-").
|
|
120
|
+
version.split("-").filter_map do |v|
|
|
121
121
|
parts = v.split(".")
|
|
122
122
|
parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
|
|
123
123
|
parts&.join(".")
|
|
124
|
-
end.
|
|
124
|
+
end.reject(&:empty?).join("-")
|
|
125
125
|
end
|
|
126
126
|
|
|
127
127
|
def convert_dates(version, other_version)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.213.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,56 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.213.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.213.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: dependabot-maven
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.213.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: debase
|
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
|
44
|
-
requirements:
|
|
45
|
-
- - '='
|
|
46
|
-
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.2.3
|
|
48
|
-
type: :development
|
|
49
|
-
prerelease: false
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - '='
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.2.3
|
|
55
|
-
- !ruby/object:Gem::Dependency
|
|
56
|
-
name: debase-ruby_core_source
|
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
|
58
|
-
requirements:
|
|
59
|
-
- - '='
|
|
60
|
-
- !ruby/object:Gem::Version
|
|
61
|
-
version: 0.10.16
|
|
62
|
-
type: :development
|
|
63
|
-
prerelease: false
|
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
-
requirements:
|
|
66
|
-
- - '='
|
|
67
|
-
- !ruby/object:Gem::Version
|
|
68
|
-
version: 0.10.16
|
|
40
|
+
version: 0.213.0
|
|
69
41
|
- !ruby/object:Gem::Dependency
|
|
70
42
|
name: debug
|
|
71
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +72,14 @@ dependencies:
|
|
|
100
72
|
requirements:
|
|
101
73
|
- - "~>"
|
|
102
74
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 3.
|
|
75
|
+
version: 3.13.0
|
|
104
76
|
type: :development
|
|
105
77
|
prerelease: false
|
|
106
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
79
|
requirements:
|
|
108
80
|
- - "~>"
|
|
109
81
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 3.
|
|
82
|
+
version: 3.13.0
|
|
111
83
|
- !ruby/object:Gem::Dependency
|
|
112
84
|
name: rake
|
|
113
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -156,28 +128,28 @@ dependencies:
|
|
|
156
128
|
requirements:
|
|
157
129
|
- - "~>"
|
|
158
130
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: 1.
|
|
131
|
+
version: 1.37.1
|
|
160
132
|
type: :development
|
|
161
133
|
prerelease: false
|
|
162
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
135
|
requirements:
|
|
164
136
|
- - "~>"
|
|
165
137
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: 1.
|
|
138
|
+
version: 1.37.1
|
|
167
139
|
- !ruby/object:Gem::Dependency
|
|
168
|
-
name:
|
|
140
|
+
name: rubocop-performance
|
|
169
141
|
requirement: !ruby/object:Gem::Requirement
|
|
170
142
|
requirements:
|
|
171
143
|
- - "~>"
|
|
172
144
|
- !ruby/object:Gem::Version
|
|
173
|
-
version:
|
|
145
|
+
version: 1.15.0
|
|
174
146
|
type: :development
|
|
175
147
|
prerelease: false
|
|
176
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
149
|
requirements:
|
|
178
150
|
- - "~>"
|
|
179
151
|
- !ruby/object:Gem::Version
|
|
180
|
-
version:
|
|
152
|
+
version: 1.15.0
|
|
181
153
|
- !ruby/object:Gem::Dependency
|
|
182
154
|
name: simplecov
|
|
183
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -283,14 +255,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
283
255
|
requirements:
|
|
284
256
|
- - ">="
|
|
285
257
|
- !ruby/object:Gem::Version
|
|
286
|
-
version:
|
|
258
|
+
version: 3.1.0
|
|
287
259
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
288
260
|
requirements:
|
|
289
261
|
- - ">="
|
|
290
262
|
- !ruby/object:Gem::Version
|
|
291
|
-
version:
|
|
263
|
+
version: 3.1.0
|
|
292
264
|
requirements: []
|
|
293
|
-
rubygems_version: 3.
|
|
265
|
+
rubygems_version: 3.3.7
|
|
294
266
|
signing_key:
|
|
295
267
|
specification_version: 4
|
|
296
268
|
summary: Gradle support for dependabot
|