dependabot-gradle 0.229.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb +6 -5
- data/lib/dependabot/gradle/file_fetcher.rb +22 -21
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +29 -28
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +8 -7
- data/lib/dependabot/gradle/file_parser.rb +20 -19
- data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb +1 -0
- data/lib/dependabot/gradle/file_updater/property_value_updater.rb +3 -2
- data/lib/dependabot/gradle/file_updater.rb +19 -18
- data/lib/dependabot/gradle/metadata_finder.rb +8 -7
- data/lib/dependabot/gradle/requirement.rb +3 -2
- data/lib/dependabot/gradle/update_checker/multi_dependency_updater.rb +10 -9
- data/lib/dependabot/gradle/update_checker/requirements_updater.rb +5 -4
- data/lib/dependabot/gradle/update_checker/version_finder.rb +41 -40
- data/lib/dependabot/gradle/update_checker.rb +5 -4
- data/lib/dependabot/gradle/version.rb +5 -0
- data/lib/dependabot/gradle.rb +5 -4
- metadata +21 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 47665c602abc02d8d5acba44ae67cd12fff529cb3704feabf5e2f397e05ceeac
|
4
|
+
data.tar.gz: 6a2e3df82e2418f3ea6e44141d406c3a40c84ff43e028d82e58bd595a496f1bd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1e847fb00397f323673e5fa3fff4afb5c94864ae42acb5dc0bbc2c683faa5f4f37d045e009d0467463236eba15c567fbdd69aa180de4b46ab88f36bd33a8727c
|
7
|
+
data.tar.gz: 6e5024177b1582b4913560fb38de0d0aac5a02f30cfb3d46be3de255f092d1251da6aa45b766a0d0b817c4d2de0f3ca00aae52804160bd4d9ce8d0f26635f6af
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/gradle/file_fetcher"
|
@@ -33,8 +34,8 @@ module Dependabot
|
|
33
34
|
|
34
35
|
subproject_dirs = subprojects.map do |proj|
|
35
36
|
if comment_free_content.match?(project_dir_regex(proj))
|
36
|
-
comment_free_content.match(project_dir_regex(proj))
|
37
|
-
|
37
|
+
comment_free_content.match(project_dir_regex(proj))
|
38
|
+
.named_captures.fetch("path").sub(%r{^/}, "")
|
38
39
|
else
|
39
40
|
proj.tr(":", "/").sub(%r{^/}, "")
|
40
41
|
end
|
@@ -48,9 +49,9 @@ module Dependabot
|
|
48
49
|
attr_reader :settings_file
|
49
50
|
|
50
51
|
def comment_free_content
|
51
|
-
settings_file.content
|
52
|
-
|
53
|
-
|
52
|
+
settings_file.content
|
53
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
54
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
54
55
|
end
|
55
56
|
|
56
57
|
def function_regex(function_name)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/file_fetchers"
|
@@ -41,24 +42,24 @@ module Dependabot
|
|
41
42
|
files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
|
42
43
|
files += subproject_buildfiles(root_dir)
|
43
44
|
files += dependency_script_plugins(root_dir)
|
44
|
-
files + included_builds(root_dir)
|
45
|
-
flat_map { |dir| all_buildfiles_in_build(dir) }
|
45
|
+
files + included_builds(root_dir)
|
46
|
+
.flat_map { |dir| all_buildfiles_in_build(dir) }
|
46
47
|
end
|
47
48
|
|
48
49
|
def included_builds(root_dir)
|
49
50
|
builds = []
|
50
51
|
|
51
52
|
# buildSrc is implicit: included but not declared in settings.gradle
|
52
|
-
buildsrc = repo_contents(dir: root_dir, raise_errors: false)
|
53
|
-
find { |item| item.type == "dir" && item.name == "buildSrc" }
|
53
|
+
buildsrc = repo_contents(dir: root_dir, raise_errors: false)
|
54
|
+
.find { |item| item.type == "dir" && item.name == "buildSrc" }
|
54
55
|
builds << clean_join(root_dir, "buildSrc") if buildsrc
|
55
56
|
|
56
57
|
return builds unless settings_file(root_dir)
|
57
58
|
|
58
|
-
builds += SettingsFileParser
|
59
|
-
new(settings_file: settings_file(root_dir))
|
60
|
-
included_build_paths
|
61
|
-
map { |p| clean_join(root_dir, p) }
|
59
|
+
builds += SettingsFileParser
|
60
|
+
.new(settings_file: settings_file(root_dir))
|
61
|
+
.included_build_paths
|
62
|
+
.map { |p| clean_join(root_dir, p) }
|
62
63
|
|
63
64
|
builds.uniq
|
64
65
|
end
|
@@ -71,9 +72,9 @@ module Dependabot
|
|
71
72
|
return [] unless settings_file(root_dir)
|
72
73
|
|
73
74
|
subproject_paths =
|
74
|
-
SettingsFileParser
|
75
|
-
new(settings_file: settings_file(root_dir))
|
76
|
-
subproject_paths
|
75
|
+
SettingsFileParser
|
76
|
+
.new(settings_file: settings_file(root_dir))
|
77
|
+
.subproject_paths
|
77
78
|
|
78
79
|
subproject_paths.filter_map do |path|
|
79
80
|
if @buildfile_name
|
@@ -98,13 +99,13 @@ module Dependabot
|
|
98
99
|
return [] unless buildfile(root_dir)
|
99
100
|
|
100
101
|
dependency_plugin_paths =
|
101
|
-
FileParser.find_include_names(buildfile(root_dir))
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
102
|
+
FileParser.find_include_names(buildfile(root_dir))
|
103
|
+
.reject { |path| path.include?("://") }
|
104
|
+
.reject { |path| !path.include?("/") && path.split(".").count > 2 }
|
105
|
+
.select { |filename| filename.include?("dependencies") }
|
106
|
+
.map { |path| path.gsub("$rootDir", ".") }
|
107
|
+
.map { |path| File.join(root_dir, path) }
|
108
|
+
.uniq
|
108
109
|
|
109
110
|
dependency_plugin_paths.filter_map do |path|
|
110
111
|
fetch_file_from_host(path)
|
@@ -147,9 +148,9 @@ module Dependabot
|
|
147
148
|
end
|
148
149
|
|
149
150
|
def find_first(dir, supported_names)
|
150
|
-
paths = supported_names
|
151
|
-
map { |name| clean_join(dir, name) }
|
152
|
-
each do |path|
|
151
|
+
paths = supported_names
|
152
|
+
.map { |name| clean_join(dir, name) }
|
153
|
+
.each do |path|
|
153
154
|
return cached_files[path] || next
|
154
155
|
end
|
155
156
|
fetch_first_if_present(paths)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
@@ -111,14 +112,14 @@ module Dependabot
|
|
111
112
|
|
112
113
|
@properties[buildfile.name] = {}
|
113
114
|
|
114
|
-
@properties[buildfile.name]
|
115
|
-
merge!(fetch_single_property_declarations(buildfile))
|
115
|
+
@properties[buildfile.name]
|
116
|
+
.merge!(fetch_single_property_declarations(buildfile))
|
116
117
|
|
117
|
-
@properties[buildfile.name]
|
118
|
-
merge!(fetch_kotlin_block_property_declarations(buildfile))
|
118
|
+
@properties[buildfile.name]
|
119
|
+
.merge!(fetch_kotlin_block_property_declarations(buildfile))
|
119
120
|
|
120
|
-
@properties[buildfile.name]
|
121
|
-
merge!(fetch_multi_property_declarations(buildfile))
|
121
|
+
@properties[buildfile.name]
|
122
|
+
.merge!(fetch_multi_property_declarations(buildfile))
|
122
123
|
|
123
124
|
@properties[buildfile.name]
|
124
125
|
end
|
@@ -146,28 +147,28 @@ module Dependabot
|
|
146
147
|
def fetch_kotlin_block_property_declarations(buildfile)
|
147
148
|
properties = {}
|
148
149
|
|
149
|
-
prepared_content(buildfile)
|
150
|
-
scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
|
150
|
+
prepared_content(buildfile)
|
151
|
+
.scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
|
151
152
|
captures = Regexp.last_match.named_captures
|
152
153
|
namespace = captures.fetch("namespace")
|
153
154
|
|
154
|
-
captures.fetch("values")
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
155
|
+
captures.fetch("values")
|
156
|
+
.scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
|
157
|
+
declaration_string = Regexp.last_match.to_s.strip
|
158
|
+
sub_captures = Regexp.last_match.named_captures
|
159
|
+
name = sub_captures.fetch("name")
|
160
|
+
full_name = if namespace == "extra"
|
161
|
+
name
|
162
|
+
else
|
163
|
+
[namespace, name].join(".")
|
164
|
+
end
|
165
|
+
|
166
|
+
properties[full_name] = {
|
167
|
+
value: sub_captures.fetch("value"),
|
168
|
+
declaration_string: declaration_string,
|
169
|
+
file: buildfile.name
|
170
|
+
}
|
171
|
+
end
|
171
172
|
end
|
172
173
|
|
173
174
|
properties
|
@@ -199,9 +200,9 @@ module Dependabot
|
|
199
200
|
|
200
201
|
def prepared_content(buildfile)
|
201
202
|
# Remove any comments
|
202
|
-
buildfile.content
|
203
|
-
|
204
|
-
|
203
|
+
buildfile.content
|
204
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
205
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
205
206
|
end
|
206
207
|
|
207
208
|
def top_level_buildfile
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
@@ -108,10 +109,10 @@ module Dependabot
|
|
108
109
|
end
|
109
110
|
end
|
110
111
|
|
111
|
-
repository_urls
|
112
|
-
map { |url| url.strip.gsub(%r{/$}, "") }
|
113
|
-
select { |url| valid_url?(url) }
|
114
|
-
uniq
|
112
|
+
repository_urls
|
113
|
+
.map { |url| url.strip.gsub(%r{/$}, "") }
|
114
|
+
.select { |url| valid_url?(url) }
|
115
|
+
.uniq
|
115
116
|
end
|
116
117
|
|
117
118
|
def closing_bracket_index(string)
|
@@ -137,9 +138,9 @@ module Dependabot
|
|
137
138
|
end
|
138
139
|
|
139
140
|
def comment_free_content(buildfile)
|
140
|
-
buildfile.content
|
141
|
-
|
142
|
-
|
141
|
+
buildfile.content
|
142
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
143
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
143
144
|
end
|
144
145
|
|
145
146
|
def top_level_buildfile
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "toml-rb"
|
@@ -57,14 +58,14 @@ module Dependabot
|
|
57
58
|
def self.find_include_names(buildfile)
|
58
59
|
return [] unless buildfile
|
59
60
|
|
60
|
-
buildfile.content
|
61
|
-
|
62
|
-
|
61
|
+
buildfile.content
|
62
|
+
.scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/)
|
63
|
+
.map { |match| match[2] }
|
63
64
|
end
|
64
65
|
|
65
66
|
def self.find_includes(buildfile, dependency_files)
|
66
|
-
FileParser.find_include_names(buildfile)
|
67
|
-
|
67
|
+
FileParser.find_include_names(buildfile)
|
68
|
+
.filter_map { |f| dependency_files.find { |bf| bf.name == f } }
|
68
69
|
end
|
69
70
|
|
70
71
|
private
|
@@ -248,10 +249,10 @@ module Dependabot
|
|
248
249
|
end
|
249
250
|
|
250
251
|
def argument_from_string(string, arg_name)
|
251
|
-
string
|
252
|
-
match(map_value_regex(arg_name))
|
253
|
-
named_captures
|
254
|
-
fetch("value")
|
252
|
+
string
|
253
|
+
.match(map_value_regex(arg_name))
|
254
|
+
&.named_captures
|
255
|
+
&.fetch("value")
|
255
256
|
end
|
256
257
|
|
257
258
|
def dependency_from(details_hash:, buildfile:, in_dependency_set: false)
|
@@ -307,9 +308,9 @@ module Dependabot
|
|
307
308
|
|
308
309
|
def dependency_metadata(details_hash, in_dependency_set)
|
309
310
|
version_property_name =
|
310
|
-
details_hash[:version]
|
311
|
-
match(PROPERTY_REGEX)
|
312
|
-
named_captures&.fetch("property_name")
|
311
|
+
details_hash[:version]
|
312
|
+
.match(PROPERTY_REGEX)
|
313
|
+
&.named_captures&.fetch("property_name")
|
313
314
|
|
314
315
|
return unless version_property_name || in_dependency_set
|
315
316
|
|
@@ -327,8 +328,8 @@ module Dependabot
|
|
327
328
|
def evaluated_value(value, buildfile)
|
328
329
|
return value unless value.scan(PROPERTY_REGEX).count == 1
|
329
330
|
|
330
|
-
property_name = value.match(PROPERTY_REGEX)
|
331
|
-
|
331
|
+
property_name = value.match(PROPERTY_REGEX)
|
332
|
+
.named_captures.fetch("property_name")
|
332
333
|
property_value = property_value_finder.property_value(
|
333
334
|
property_name: property_name,
|
334
335
|
callsite_buildfile: buildfile
|
@@ -347,9 +348,9 @@ module Dependabot
|
|
347
348
|
def prepared_content(buildfile)
|
348
349
|
# Remove any comments
|
349
350
|
prepared_content =
|
350
|
-
buildfile.content
|
351
|
-
|
352
|
-
|
351
|
+
buildfile.content
|
352
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
353
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
353
354
|
|
354
355
|
# Remove the dependencyVerification section added by Gradle Witness
|
355
356
|
# (TODO: Support updating this in the FileUpdater)
|
@@ -390,8 +391,8 @@ module Dependabot
|
|
390
391
|
@script_plugin_files ||=
|
391
392
|
buildfiles.flat_map do |buildfile|
|
392
393
|
FileParser.find_includes(buildfile, dependency_files)
|
393
|
-
end
|
394
|
-
|
394
|
+
end
|
395
|
+
.uniq
|
395
396
|
end
|
396
397
|
|
397
398
|
def check_required_files
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/gradle/file_updater"
|
@@ -44,8 +45,8 @@ module Dependabot
|
|
44
45
|
|
45
46
|
def property_value_finder
|
46
47
|
@property_value_finder ||=
|
47
|
-
Gradle::FileParser::PropertyValueFinder
|
48
|
-
new(dependency_files: dependency_files)
|
48
|
+
Gradle::FileParser::PropertyValueFinder
|
49
|
+
.new(dependency_files: dependency_files)
|
49
50
|
end
|
50
51
|
|
51
52
|
def update_file(file:, content:)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/file_updaters"
|
@@ -54,8 +55,8 @@ module Dependabot
|
|
54
55
|
|
55
56
|
# The UpdateChecker ensures the order of requirements is preserved
|
56
57
|
# when updating, so we can zip them together in new/old pairs.
|
57
|
-
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
58
|
-
|
58
|
+
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
59
|
+
.reject { |new_req, old_req| new_req == old_req }
|
59
60
|
|
60
61
|
# Loop through each changed requirement and update the buildfiles
|
61
62
|
reqs.each do |new_req, old_req|
|
@@ -87,13 +88,13 @@ module Dependabot
|
|
87
88
|
property_name = new_req.fetch(:metadata).fetch(:property_name)
|
88
89
|
buildfile = files.find { |f| f.name == new_req.fetch(:file) }
|
89
90
|
|
90
|
-
PropertyValueUpdater.new(dependency_files: files)
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
91
|
+
PropertyValueUpdater.new(dependency_files: files)
|
92
|
+
.update_files_for_property_change(
|
93
|
+
property_name: property_name,
|
94
|
+
callsite_buildfile: buildfile,
|
95
|
+
previous_value: old_req.fetch(:requirement),
|
96
|
+
updated_value: new_req.fetch(:requirement)
|
97
|
+
)
|
97
98
|
end
|
98
99
|
|
99
100
|
def update_files_for_dep_set_change(buildfiles, old_req, new_req)
|
@@ -101,13 +102,13 @@ module Dependabot
|
|
101
102
|
dependency_set = new_req.fetch(:metadata).fetch(:dependency_set)
|
102
103
|
buildfile = files.find { |f| f.name == new_req.fetch(:file) }
|
103
104
|
|
104
|
-
DependencySetUpdater.new(dependency_files: files)
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
105
|
+
DependencySetUpdater.new(dependency_files: files)
|
106
|
+
.update_files_for_dep_set_change(
|
107
|
+
dependency_set: dependency_set,
|
108
|
+
buildfile: buildfile,
|
109
|
+
previous_requirement: old_req.fetch(:requirement),
|
110
|
+
updated_requirement: new_req.fetch(:requirement)
|
111
|
+
)
|
111
112
|
end
|
112
113
|
|
113
114
|
def update_version_in_buildfile(dependency, buildfile, previous_req,
|
@@ -173,8 +174,8 @@ module Dependabot
|
|
173
174
|
|
174
175
|
def property_value_finder
|
175
176
|
@property_value_finder ||=
|
176
|
-
Gradle::FileParser::PropertyValueFinder
|
177
|
-
new(dependency_files: dependency_files)
|
177
|
+
Gradle::FileParser::PropertyValueFinder
|
178
|
+
.new(dependency_files: dependency_files)
|
178
179
|
end
|
179
180
|
|
180
181
|
def updated_buildfile_declaration(original_buildfile_declaration, previous_req, requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -41,9 +42,9 @@ module Dependabot
|
|
41
42
|
FileFetchers::Base.new(source: tmp_source, credentials: credentials)
|
42
43
|
|
43
44
|
@repo_has_subdir_for_dep[tmp_source] =
|
44
|
-
fetcher.send(:repo_contents, raise_errors: false)
|
45
|
-
|
46
|
-
|
45
|
+
fetcher.send(:repo_contents, raise_errors: false)
|
46
|
+
.select { |f| f.type == "dir" }
|
47
|
+
.any? { |f| artifact.end_with?(f.name) }
|
47
48
|
rescue Dependabot::BranchNotFound
|
48
49
|
tmp_source.branch = nil
|
49
50
|
retry
|
@@ -140,8 +141,8 @@ module Dependabot
|
|
140
141
|
end
|
141
142
|
|
142
143
|
def maven_repo_url
|
143
|
-
source = dependency.requirements
|
144
|
-
|
144
|
+
source = dependency.requirements
|
145
|
+
.find { |r| r&.fetch(:source) }&.fetch(:source)
|
145
146
|
|
146
147
|
source&.fetch(:url, nil) ||
|
147
148
|
source&.fetch("url") ||
|
@@ -176,5 +177,5 @@ module Dependabot
|
|
176
177
|
end
|
177
178
|
end
|
178
179
|
|
179
|
-
Dependabot::MetadataFinders
|
180
|
-
register("gradle", Dependabot::Gradle::MetadataFinder)
|
180
|
+
Dependabot::MetadataFinders
|
181
|
+
.register("gradle", Dependabot::Gradle::MetadataFinder)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/utils"
|
@@ -114,5 +115,5 @@ module Dependabot
|
|
114
115
|
end
|
115
116
|
end
|
116
117
|
|
117
|
-
Dependabot::Utils
|
118
|
-
register_requirement_class("gradle", Dependabot::Gradle::Requirement)
|
118
|
+
Dependabot::Utils
|
119
|
+
.register_requirement_class("gradle", Dependabot::Gradle::Requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
@@ -34,9 +35,9 @@ module Dependabot
|
|
34
35
|
ignored_versions: ignored_versions,
|
35
36
|
raise_on_ignored: @raise_on_ignored,
|
36
37
|
security_advisories: []
|
37
|
-
).versions
|
38
|
-
|
39
|
-
|
38
|
+
).versions
|
39
|
+
.map { |v| v.fetch(:version) }
|
40
|
+
.include?(target_version)
|
40
41
|
end
|
41
42
|
end
|
42
43
|
|
@@ -78,15 +79,15 @@ module Dependabot
|
|
78
79
|
end
|
79
80
|
|
80
81
|
def property_name
|
81
|
-
@property_name ||= dependency.requirements
|
82
|
-
|
83
|
-
dig(:metadata, :property_name)
|
82
|
+
@property_name ||= dependency.requirements
|
83
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
84
|
+
&.dig(:metadata, :property_name)
|
84
85
|
end
|
85
86
|
|
86
87
|
def dependency_set
|
87
|
-
@dependency_set ||= dependency.requirements
|
88
|
-
|
89
|
-
dig(:metadata, :dependency_set)
|
88
|
+
@dependency_set ||= dependency.requirements
|
89
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
90
|
+
&.dig(:metadata, :dependency_set)
|
90
91
|
end
|
91
92
|
|
92
93
|
def updated_requirements(dep)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
#######################################################
|
@@ -56,16 +57,16 @@ module Dependabot
|
|
56
57
|
end
|
57
58
|
|
58
59
|
def update_exact_requirement(req_string)
|
59
|
-
old_version = requirement_class.new(req_string)
|
60
|
-
|
60
|
+
old_version = requirement_class.new(req_string)
|
61
|
+
.requirements.first.last
|
61
62
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
62
63
|
end
|
63
64
|
|
64
65
|
def update_dynamic_requirement(req_string)
|
65
66
|
version = req_string.split(/\.?\+/).first || "+"
|
66
67
|
|
67
|
-
precision = version.split(".")
|
68
|
-
|
68
|
+
precision = version.split(".")
|
69
|
+
.take_while { |s| !s.include?("+") }.count
|
69
70
|
|
70
71
|
version_parts = latest_version.segments.first(precision)
|
71
72
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -59,10 +60,10 @@ module Dependabot
|
|
59
60
|
url = repository_details.fetch("url")
|
60
61
|
next google_version_details if url == Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
|
61
62
|
|
62
|
-
dependency_metadata(repository_details).css("versions > version")
|
63
|
-
|
64
|
-
|
65
|
-
|
63
|
+
dependency_metadata(repository_details).css("versions > version")
|
64
|
+
.select { |node| version_class.correct?(node.content) }
|
65
|
+
.map { |node| version_class.new(node.content) }
|
66
|
+
.map { |version| { version: version, source_url: url } }
|
66
67
|
end.flatten.compact
|
67
68
|
|
68
69
|
raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?
|
@@ -84,13 +85,13 @@ module Dependabot
|
|
84
85
|
def filter_date_based_versions(possible_versions)
|
85
86
|
return possible_versions if wants_date_based_version?
|
86
87
|
|
87
|
-
possible_versions
|
88
|
-
reject { |v| v.fetch(:version) > version_class.new(1900) }
|
88
|
+
possible_versions
|
89
|
+
.reject { |v| v.fetch(:version) > version_class.new(1900) }
|
89
90
|
end
|
90
91
|
|
91
92
|
def filter_version_types(possible_versions)
|
92
|
-
possible_versions
|
93
|
-
select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
93
|
+
possible_versions
|
94
|
+
.select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
94
95
|
end
|
95
96
|
|
96
97
|
def filter_ignored_versions(possible_versions)
|
@@ -99,8 +100,8 @@ module Dependabot
|
|
99
100
|
ignored_versions.each do |req|
|
100
101
|
ignore_requirements = Gradle::Requirement.requirements_array(req)
|
101
102
|
filtered =
|
102
|
-
filtered
|
103
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
103
|
+
filtered
|
104
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
104
105
|
end
|
105
106
|
|
106
107
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? &&
|
@@ -148,12 +149,12 @@ module Dependabot
|
|
148
149
|
xpath = "/#{group_id}/#{artifact_id}"
|
149
150
|
return unless @google_version_details.at_xpath(xpath)
|
150
151
|
|
151
|
-
@google_version_details.at_xpath(xpath)
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
152
|
+
@google_version_details.at_xpath(xpath)
|
153
|
+
.attributes.fetch("versions")
|
154
|
+
.value.split(",")
|
155
|
+
.select { |v| version_class.correct?(v) }
|
156
|
+
.map { |v| version_class.new(v) }
|
157
|
+
.map { |version| { version: version, source_url: url } }
|
157
158
|
rescue Nokogiri::XML::XPath::SyntaxError
|
158
159
|
nil
|
159
160
|
end
|
@@ -211,9 +212,9 @@ module Dependabot
|
|
211
212
|
end
|
212
213
|
|
213
214
|
def credentials_repository_details
|
214
|
-
credentials
|
215
|
-
select { |cred| cred["type"] == "maven_repository" }
|
216
|
-
map do |cred|
|
215
|
+
credentials
|
216
|
+
.select { |cred| cred["type"] == "maven_repository" }
|
217
|
+
.map do |cred|
|
217
218
|
{
|
218
219
|
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
|
219
220
|
"auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
|
@@ -223,19 +224,19 @@ module Dependabot
|
|
223
224
|
|
224
225
|
def dependency_repository_details
|
225
226
|
requirement_files =
|
226
|
-
dependency.requirements
|
227
|
-
|
228
|
-
|
227
|
+
dependency.requirements
|
228
|
+
.map { |r| r.fetch(:file) }
|
229
|
+
.map { |nm| dependency_files.find { |f| f.name == nm } }
|
229
230
|
|
230
231
|
@dependency_repository_details ||=
|
231
232
|
requirement_files.flat_map do |target_file|
|
232
233
|
Gradle::FileParser::RepositoriesFinder.new(
|
233
234
|
dependency_files: dependency_files,
|
234
235
|
target_dependency_file: target_file
|
235
|
-
).repository_urls
|
236
|
-
|
237
|
-
|
238
|
-
|
236
|
+
).repository_urls
|
237
|
+
.map do |url|
|
238
|
+
{ "url" => url, "auth_headers" => {} }
|
239
|
+
end
|
239
240
|
end.uniq
|
240
241
|
end
|
241
242
|
|
@@ -249,19 +250,19 @@ module Dependabot
|
|
249
250
|
def matches_dependency_version_type?(comparison_version)
|
250
251
|
return true unless dependency.version
|
251
252
|
|
252
|
-
current_type = dependency.version
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
253
|
+
current_type = dependency.version
|
254
|
+
.gsub("native-mt", "native_mt")
|
255
|
+
.split(/[.\-]/)
|
256
|
+
.find do |type|
|
257
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
258
|
+
end
|
258
259
|
|
259
|
-
version_type = comparison_version.to_s
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
|
260
|
+
version_type = comparison_version.to_s
|
261
|
+
.gsub("native-mt", "native_mt")
|
262
|
+
.split(/[.\-]/)
|
263
|
+
.find do |type|
|
264
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
265
|
+
end
|
265
266
|
|
266
267
|
current_type == version_type
|
267
268
|
end
|
@@ -301,8 +302,8 @@ module Dependabot
|
|
301
302
|
|
302
303
|
def central_repo_urls
|
303
304
|
central_url_without_protocol =
|
304
|
-
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
305
|
-
gsub(%r{^.*://}, "")
|
305
|
+
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
306
|
+
.gsub(%r{^.*://}, "")
|
306
307
|
|
307
308
|
%w(http:// https://).map { |p| p + central_url_without_protocol }
|
308
309
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/update_checkers"
|
@@ -55,8 +56,8 @@ module Dependabot
|
|
55
56
|
|
56
57
|
def updated_requirements
|
57
58
|
property_names =
|
58
|
-
declarations_using_a_property
|
59
|
-
map { |req| req.dig(:metadata, :property_name) }
|
59
|
+
declarations_using_a_property
|
60
|
+
.map { |req| req.dig(:metadata, :property_name) }
|
60
61
|
|
61
62
|
RequirementsUpdater.new(
|
62
63
|
requirements: dependency.requirements,
|
@@ -172,8 +173,8 @@ module Dependabot
|
|
172
173
|
|
173
174
|
def declarations_using_a_property
|
174
175
|
@declarations_using_a_property ||=
|
175
|
-
dependency.requirements
|
176
|
-
|
176
|
+
dependency.requirements
|
177
|
+
.select { |req| req.dig(:metadata, :property_name) }
|
177
178
|
end
|
178
179
|
|
179
180
|
def all_property_based_dependencies
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/version"
|
@@ -153,6 +154,10 @@ module Dependabot
|
|
153
154
|
end
|
154
155
|
|
155
156
|
def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
|
157
|
+
return 1 if token == "+" && other_token != "+"
|
158
|
+
return -1 if other_token == "+" && token != "+"
|
159
|
+
return 0 if token == "+" && other_token == "+"
|
160
|
+
|
156
161
|
token_type = token.match?(/^\d+$/) ? :number : :qualifier
|
157
162
|
other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
|
158
163
|
|
data/lib/dependabot/gradle.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
@@ -11,14 +12,14 @@ require "dependabot/gradle/requirement"
|
|
11
12
|
require "dependabot/gradle/version"
|
12
13
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
15
|
-
register_label_details("gradle", name: "java", colour: "ffa221")
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
16
|
+
.register_label_details("gradle", name: "java", colour: "ffa221")
|
16
17
|
|
17
18
|
require "dependabot/dependency"
|
18
19
|
Dependabot::Dependency.register_production_check("gradle", ->(_) { true })
|
19
20
|
|
20
|
-
Dependabot::Dependency
|
21
|
-
register_display_name_builder(
|
21
|
+
Dependabot::Dependency
|
22
|
+
.register_display_name_builder(
|
22
23
|
"gradle",
|
23
24
|
lambda { |name|
|
24
25
|
artifact_id = name.split(":").last
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-gradle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.231.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.231.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.231.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: dependabot-maven
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.
|
33
|
+
version: 0.231.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.
|
40
|
+
version: 0.231.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: debug
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -150,6 +150,20 @@ dependencies:
|
|
150
150
|
- - "~>"
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: 1.19.0
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rubocop-sorbet
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 0.7.3
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: 0.7.3
|
153
167
|
- !ruby/object:Gem::Dependency
|
154
168
|
name: stackprof
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -221,7 +235,7 @@ licenses:
|
|
221
235
|
- Nonstandard
|
222
236
|
metadata:
|
223
237
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
224
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
238
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
|
225
239
|
post_install_message:
|
226
240
|
rdoc_options: []
|
227
241
|
require_paths:
|