dependabot-gradle 0.214.0 → 0.216.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_fetcher.rb +18 -1
  3. data/lib/dependabot/gradle/file_parser/property_value_finder.rb +1 -1
  4. data/lib/dependabot/gradle/file_parser.rb +80 -2
  5. data/lib/dependabot/gradle/file_updater.rb +17 -11
  6. data/lib/dependabot/gradle/version.rb +2 -2
  7. data/lib/dependabot/gradle.rb +1 -1
  8. metadata +37 -34
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 067723364da38d915607092ad9a9a86581d85306685bfed8e756e9d8fcd506f9
4
- data.tar.gz: cc6e084732f901cce928dbed0646cec4fd1ff64a90297fa4f0a81a76c28e7e99
3
+ metadata.gz: 15d69183c3efac8e94b2f1da8927480a3c3fe849e0952b3145471d10bf50df2d
4
+ data.tar.gz: 4ccfb7b917c356a52959f8ca40bb49be9a90795fe12f2df6789712fe3d98be79
5
5
  SHA512:
6
- metadata.gz: 11697e0a955fe7702e5c9f752be87bf89e96d817a57b9cee82ff76c731eb9aa1bb76be00e8776ba0544074b76307f1a6946ec3f19fa075133a42b48da46438bd
7
- data.tar.gz: 7df0dd1f3841e7dff6c83dfe3931283a979cc79d95caeea5affe0b5517015e5c52f33776b7efaab55d0cd29b633f50756adcdc4b00d8e3073c8f6637e5d414b6
6
+ metadata.gz: bf0c9325acd520da93ad213e4a82cf857bcd64b9f01657ea56537d8567ae3063873f3420dcf35f3f51199040a9402f9d3f27454b65a4978d214f17df58aec8d2
7
+ data.tar.gz: 5506d1927f6bd50914bd26aff8c02ed53c9080131166c32ce53bf45eb808492f2f02f7fc32ee5c1f8d9df86371e07314cd827211e9363a3c1718fc60adae6444
data/lib/dependabot/gradle/file_fetcher.rb CHANGED
@@ -14,6 +14,10 @@ module Dependabot
14
14
  SUPPORTED_SETTINGS_FILE_NAMES =
15
15
  %w(settings.gradle settings.gradle.kts).freeze
16
16
 
17
+ # For now Gradle only supports libray .toml files in the main gradle folder
18
+ SUPPORTED_VERSION_CATALOG_FILE_PATH =
19
+ %w(/gradle/libs.versions.toml).freeze
20
+
17
21
  def self.required_files_in?(filenames)
18
22
  filenames.any? do |filename|
19
23
  SUPPORTED_BUILD_FILE_NAMES.include?(filename)
@@ -33,7 +37,7 @@ module Dependabot
33
37
  end
34
38
 
35
39
  def all_buildfiles_in_build(root_dir)
36
- files = [buildfile(root_dir), settings_file(root_dir)].compact
40
+ files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
37
41
  files += subproject_buildfiles(root_dir)
38
42
  files += dependency_script_plugins(root_dir)
39
43
  files + included_builds(root_dir).
@@ -82,6 +86,15 @@ module Dependabot
82
86
  end
83
87
  end
84
88
 
89
+ def version_catalog_file(root_dir)
90
+ return nil unless root_dir == "."
91
+
92
+ gradle_toml_file(root_dir)
93
+ rescue Dependabot::DependencyFileNotFound
94
+ # Catalog file is optional for Gradle
95
+ nil
96
+ end
97
+
85
98
  # rubocop:disable Metrics/PerceivedComplexity
86
99
  def dependency_script_plugins(root_dir)
87
100
  return [] unless buildfile(root_dir)
@@ -127,6 +140,10 @@ module Dependabot
127
140
  file
128
141
  end
129
142
 
143
+ def gradle_toml_file(dir)
144
+ find_first(dir, SUPPORTED_VERSION_CATALOG_FILE_PATH)
145
+ end
146
+
130
147
  def settings_file(dir)
131
148
  find_first(dir, SUPPORTED_SETTINGS_FILE_NAMES)
132
149
  end
data/lib/dependabot/gradle/file_parser/property_value_finder.rb CHANGED
@@ -86,7 +86,7 @@ module Dependabot
86
86
  all_files = [callsite_buildfile, top_level_buildfile].concat(
87
87
  FileParser.find_includes(callsite_buildfile, dependency_files),
88
88
  FileParser.find_includes(top_level_buildfile, dependency_files)
89
- )
89
+ ).compact
90
90
  all_files.each do |file|
91
91
  details = properties(file).fetch(property_name, nil)
92
92
  return details if details
data/lib/dependabot/gradle/file_parser.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "toml-rb"
4
+
3
5
  require "dependabot/dependency"
4
6
  require "dependabot/file_parsers"
5
7
  require "dependabot/file_parsers/base"
@@ -44,6 +46,9 @@ module Dependabot
44
46
  script_plugin_files.each do |plugin_file|
45
47
  dependency_set += buildfile_dependencies(plugin_file)
46
48
  end
49
+ version_catalog_file.each do |toml_file|
50
+ dependency_set += version_catalog_dependencies(toml_file)
51
+ end
47
52
  dependency_set.dependencies
48
53
  end
49
54
 
@@ -62,6 +67,65 @@ module Dependabot
62
67
 
63
68
  private
64
69
 
70
+ def version_catalog_dependencies(toml_file)
71
+ dependency_set = DependencySet.new
72
+ parsed_toml_file = parsed_toml_file(toml_file)
73
+ dependency_set += version_catalog_library_dependencies(parsed_toml_file, toml_file)
74
+ dependency_set += version_catalog_plugin_dependencies(parsed_toml_file, toml_file)
75
+ dependency_set
76
+ end
77
+
78
+ def version_catalog_library_dependencies(parsed_toml_file, toml_file)
79
+ dependencies_for_declarations(parsed_toml_file["libraries"], toml_file, :details_for_library_dependency)
80
+ end
81
+
82
+ def version_catalog_plugin_dependencies(parsed_toml_file, toml_file)
83
+ dependencies_for_declarations(parsed_toml_file["plugins"], toml_file, :details_for_plugin_dependency)
84
+ end
85
+
86
+ def dependencies_for_declarations(declarations, toml_file, details_getter)
87
+ dependency_set = DependencySet.new
88
+ return dependency_set unless declarations
89
+
90
+ declarations.each do |_mod, declaration|
91
+ group, name, version = send(details_getter, declaration)
92
+
93
+ # Only support basic version and reference formats for now,
94
+ # refrain from updating anything else as it's likely to be a very deliberate choice.
95
+ next unless Gradle::Version.correct?(version) || (version.is_a?(Hash) && version.key?("ref"))
96
+
97
+ version_details = Gradle::Version.correct?(version) ? version : "$" + version["ref"]
98
+ details = { group: group, name: name, version: version_details }
99
+ dependency = dependency_from(details_hash: details, buildfile: toml_file)
100
+ next unless dependency
101
+
102
+ dependency_set << dependency
103
+ end
104
+ dependency_set
105
+ end
106
+
107
+ def details_for_library_dependency(declaration)
108
+ return declaration.split(":") if declaration.is_a?(String)
109
+
110
+ if declaration["module"]
111
+ [*declaration["module"].split(":"), declaration["version"]]
112
+ else
113
+ [declaration["group"], declaration["name"], declaration["version"]]
114
+ end
115
+ end
116
+
117
+ def details_for_plugin_dependency(declaration)
118
+ return ["plugins", *declaration.split(":")] if declaration.is_a?(String)
119
+
120
+ ["plugins", declaration["id"], declaration["version"]]
121
+ end
122
+
123
+ def parsed_toml_file(file)
124
+ TomlRB.parse(file.content)
125
+ rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
126
+ raise Dependabot::DependencyFileNotParseable, file.path
127
+ end
128
+
65
129
  def map_value_regex(key)
66
130
  /(?:^|\s|,|\()#{Regexp.quote(key)}(\s*=|:)\s*['"](?<value>[^'"]+)['"]/
67
131
  end
@@ -160,7 +224,7 @@ module Dependabot
160
224
  blk.lines.each do |line|
161
225
  name_regex = /(id|kotlin)(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/o
162
226
  name = line.match(name_regex)&.named_captures&.fetch("id")
163
- version_regex = /version\s+['"]?(?<version>#{VSN_PART})['"]?/o
227
+ version_regex = /version\s+(?<version>['"]?#{VSN_PART}['"]?)/o
164
228
  version = format_plugin_version(line.match(version_regex)&.named_captures&.fetch("version"))
165
229
  next unless name && version
166
230
 
@@ -174,7 +238,7 @@ module Dependabot
174
238
  end
175
239
 
176
240
  def format_plugin_version(version)
177
- version&.match?(/^\w+$/) ? "$#{version}" : version
241
+ quoted?(version) ? unquote(version) : "$#{version}"
178
242
  end
179
243
 
180
244
  def extra_groups(line)
@@ -314,6 +378,12 @@ module Dependabot
314
378
  end
315
379
  end
316
380
 
381
+ def version_catalog_file
382
+ @version_catalog_file ||= dependency_files.select do |f|
383
+ f.name.end_with?("libs.versions.toml")
384
+ end
385
+ end
386
+
317
387
  def script_plugin_files
318
388
  @script_plugin_files ||=
319
389
  buildfiles.flat_map do |buildfile|
@@ -331,6 +401,14 @@ module Dependabot
331
401
  SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
332
402
  end
333
403
  end
404
+
405
+ def quoted?(string)
406
+ string&.match?(/^['"].*['"]$/)
407
+ end
408
+
409
+ def unquote(string)
410
+ string[1..-2]
411
+ end
334
412
  end
335
413
  end
336
414
  end
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -112,32 +112,38 @@ module Dependabot
112
112
 
113
113
  def update_version_in_buildfile(dependency, buildfile, previous_req,
114
114
  requirement)
115
+ original_content = buildfile.content.dup
116
+
115
117
  updated_content =
116
- buildfile.content.gsub(
117
- original_buildfile_declaration(dependency, previous_req),
118
- updated_buildfile_declaration(
119
- dependency,
120
- previous_req,
121
- requirement
118
+ original_buildfile_declarations(dependency, previous_req).reduce(original_content) do |content, declaration|
119
+ content.gsub(
120
+ declaration,
121
+ updated_buildfile_declaration(
122
+ declaration,
123
+ previous_req,
124
+ requirement
125
+ )
122
126
  )
123
- )
127
+ end
124
128
 
125
129
  raise "Expected content to change!" if updated_content == buildfile.content
126
130
 
127
131
  updated_file(file: buildfile, content: updated_content)
128
132
  end
129
133
 
130
- def original_buildfile_declaration(dependency, requirement)
134
+ def original_buildfile_declarations(dependency, requirement)
131
135
  # This implementation is limited to declarations that appear on a
132
136
  # single line.
133
137
  buildfile = buildfiles.find { |f| f.name == requirement.fetch(:file) }
134
- buildfile.content.lines.find do |line|
138
+ buildfile.content.lines.select do |line|
135
139
  line = evaluate_properties(line, buildfile)
136
140
  line = line.gsub(%r{(?<=^|\s)//.*$}, "")
137
141
 
138
142
  if dependency.name.include?(":")
139
143
  next false unless line.include?(dependency.name.split(":").first)
140
144
  next false unless line.include?(dependency.name.split(":").last)
145
+ elsif requirement.fetch(:file).end_with?(".toml")
146
+ next false unless line.include?(dependency.name)
141
147
  else
142
148
  name_regex_value = /['"]#{Regexp.quote(dependency.name)}['"]/
143
149
  name_regex = /(id|kotlin)(\s+#{name_regex_value}|\(#{name_regex_value}\))/
@@ -171,10 +177,10 @@ module Dependabot
171
177
  new(dependency_files: dependency_files)
172
178
  end
173
179
 
174
- def updated_buildfile_declaration(dependency, previous_req, requirement)
180
+ def updated_buildfile_declaration(original_buildfile_declaration, previous_req, requirement)
175
181
  original_req_string = previous_req.fetch(:requirement)
176
182
 
177
- original_buildfile_declaration(dependency, previous_req).gsub(
183
+ original_buildfile_declaration.gsub(
178
184
  original_req_string,
179
185
  requirement.fetch(:requirement)
180
186
  )
data/lib/dependabot/gradle/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "dependabot/version"
3
4
  require "dependabot/utils"
4
- require "rubygems_version_patch"
5
5
 
6
6
  # Java versions use dots and dashes when tokenising their versions.
7
7
  # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
@@ -10,7 +10,7 @@ require "rubygems_version_patch"
10
10
 
11
11
  module Dependabot
12
12
  module Gradle
13
- class Version < Gem::Version
13
+ class Version < Dependabot::Version
14
14
  NULL_VALUES = %w(0 final ga).freeze
15
15
  PREFIXED_TOKEN_HIERARCHY = {
16
16
  "." => { qualifier: 1, number: 4 },
data/lib/dependabot/gradle.rb CHANGED
@@ -22,6 +22,6 @@ Dependabot::Dependency.
22
22
  "gradle",
23
23
  lambda { |name|
24
24
  artifact_id = name.split(":").last
25
- %w(bom library).include?(artifact_id) ? name : artifact_id
25
+ name.length <= 100 ? name : artifact_id
26
26
  }
27
27
  )
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.214.0
4
+ version: 0.216.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-01 00:00:00.000000000 Z
11
+ date: 2023-04-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,42 +16,42 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.214.0
19
+ version: 0.216.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.214.0
26
+ version: 0.216.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.214.0
33
+ version: 0.216.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.214.0
40
+ version: 0.216.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 1.0.0
47
+ version: 1.7.1
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 1.0.0
54
+ version: 1.7.1
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: gpgme
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 4.0.0
75
+ version: 4.2.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 4.0.0
82
+ version: 4.2.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rake
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -100,70 +100,70 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '3.8'
103
+ version: '3.12'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '3.8'
110
+ version: '3.12'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rspec-its
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: '1.2'
117
+ version: '1.3'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: '1.2'
124
+ version: '1.3'
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.39.0
131
+ version: 1.48.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.39.0
138
+ version: 1.48.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rubocop-performance
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
143
  - - "~>"
144
144
  - !ruby/object:Gem::Version
145
- version: 1.15.0
145
+ version: 1.17.1
146
146
  type: :development
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
- version: 1.15.0
152
+ version: 1.17.1
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: simplecov
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.21.0
159
+ version: 0.22.0
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.21.0
166
+ version: 0.22.0
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: simplecov-console
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -196,33 +196,34 @@ dependencies:
196
196
  name: vcr
197
197
  requirement: !ruby/object:Gem::Requirement
198
198
  requirements:
199
- - - '='
199
+ - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: 6.1.0
201
+ version: '6.1'
202
202
  type: :development
203
203
  prerelease: false
204
204
  version_requirements: !ruby/object:Gem::Requirement
205
205
  requirements:
206
- - - '='
206
+ - - "~>"
207
207
  - !ruby/object:Gem::Version
208
- version: 6.1.0
208
+ version: '6.1'
209
209
  - !ruby/object:Gem::Dependency
210
210
  name: webmock
211
211
  requirement: !ruby/object:Gem::Requirement
212
212
  requirements:
213
213
  - - "~>"
214
214
  - !ruby/object:Gem::Version
215
- version: '3.4'
215
+ version: '3.18'
216
216
  type: :development
217
217
  prerelease: false
218
218
  version_requirements: !ruby/object:Gem::Requirement
219
219
  requirements:
220
220
  - - "~>"
221
221
  - !ruby/object:Gem::Version
222
- version: '3.4'
223
- description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
224
- Rust, Java, .NET, Elm and Go
225
- email: support@dependabot.com
222
+ version: '3.18'
223
+ description: Dependabot-Gradle provides support for bumping Gradle packages via Dependabot.
224
+ If you want support for multiple package managers, you probably want the meta-gem
225
+ dependabot-omnibus.
226
+ email: opensource@github.com
226
227
  executables: []
227
228
  extensions: []
228
229
  extra_rdoc_files: []
@@ -246,7 +247,9 @@ files:
246
247
  homepage: https://github.com/dependabot/dependabot-core
247
248
  licenses:
248
249
  - Nonstandard
249
- metadata: {}
250
+ metadata:
251
+ issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
252
+ changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
250
253
  post_install_message:
251
254
  rdoc_options: []
252
255
  require_paths:
@@ -262,8 +265,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
262
265
  - !ruby/object:Gem::Version
263
266
  version: 3.1.0
264
267
  requirements: []
265
- rubygems_version: 3.3.7
268
+ rubygems_version: 3.3.26
266
269
  signing_key:
267
270
  specification_version: 4
268
- summary: Gradle support for dependabot
271
+ summary: Provides Dependabot support for Gradle
269
272
  test_files: []