dependabot-gradle 0.230.0 → 0.232.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb +6 -5
- data/lib/dependabot/gradle/file_fetcher.rb +22 -21
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +29 -28
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +8 -7
- data/lib/dependabot/gradle/file_parser.rb +20 -19
- data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb +1 -0
- data/lib/dependabot/gradle/file_updater/property_value_updater.rb +3 -2
- data/lib/dependabot/gradle/file_updater.rb +19 -18
- data/lib/dependabot/gradle/metadata_finder.rb +8 -7
- data/lib/dependabot/gradle/requirement.rb +3 -2
- data/lib/dependabot/gradle/update_checker/multi_dependency_updater.rb +10 -9
- data/lib/dependabot/gradle/update_checker/requirements_updater.rb +5 -4
- data/lib/dependabot/gradle/update_checker/version_finder.rb +41 -40
- data/lib/dependabot/gradle/update_checker.rb +5 -4
- data/lib/dependabot/gradle/version.rb +1 -0
- data/lib/dependabot/gradle.rb +5 -4
- metadata +21 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a9d0d43267d40379adcb176cddeca3faaf940807df0ef0cfee48b1164fbc832e
|
|
4
|
+
data.tar.gz: 58898750c691e825307e8d430b1ebf7295cba884638711cd0b4bf767751e34e3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8524892e2b13729bf387d0f581bd65283719f230fa0ffe913471bbbf1e74e604bd393981da23ffbd254a02c6b74f9306d758f0b74373e22bc1159a86cdb3cb14
|
|
7
|
+
data.tar.gz: d7d179f136789e74af7409af4fc6590bf988ee8bb0763ea489a5a27befc438d0f1a8b84133b947694cc59703da46c455e54f9e685340df76bdcfd460ac1dbb7b
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/gradle/file_fetcher"
|
|
@@ -33,8 +34,8 @@ module Dependabot
|
|
|
33
34
|
|
|
34
35
|
subproject_dirs = subprojects.map do |proj|
|
|
35
36
|
if comment_free_content.match?(project_dir_regex(proj))
|
|
36
|
-
comment_free_content.match(project_dir_regex(proj))
|
|
37
|
-
|
|
37
|
+
comment_free_content.match(project_dir_regex(proj))
|
|
38
|
+
.named_captures.fetch("path").sub(%r{^/}, "")
|
|
38
39
|
else
|
|
39
40
|
proj.tr(":", "/").sub(%r{^/}, "")
|
|
40
41
|
end
|
|
@@ -48,9 +49,9 @@ module Dependabot
|
|
|
48
49
|
attr_reader :settings_file
|
|
49
50
|
|
|
50
51
|
def comment_free_content
|
|
51
|
-
settings_file.content
|
|
52
|
-
|
|
53
|
-
|
|
52
|
+
settings_file.content
|
|
53
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
|
54
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
|
54
55
|
end
|
|
55
56
|
|
|
56
57
|
def function_regex(function_name)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/file_fetchers"
|
|
@@ -41,24 +42,24 @@ module Dependabot
|
|
|
41
42
|
files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
|
|
42
43
|
files += subproject_buildfiles(root_dir)
|
|
43
44
|
files += dependency_script_plugins(root_dir)
|
|
44
|
-
files + included_builds(root_dir)
|
|
45
|
-
flat_map { |dir| all_buildfiles_in_build(dir) }
|
|
45
|
+
files + included_builds(root_dir)
|
|
46
|
+
.flat_map { |dir| all_buildfiles_in_build(dir) }
|
|
46
47
|
end
|
|
47
48
|
|
|
48
49
|
def included_builds(root_dir)
|
|
49
50
|
builds = []
|
|
50
51
|
|
|
51
52
|
# buildSrc is implicit: included but not declared in settings.gradle
|
|
52
|
-
buildsrc = repo_contents(dir: root_dir, raise_errors: false)
|
|
53
|
-
find { |item| item.type == "dir" && item.name == "buildSrc" }
|
|
53
|
+
buildsrc = repo_contents(dir: root_dir, raise_errors: false)
|
|
54
|
+
.find { |item| item.type == "dir" && item.name == "buildSrc" }
|
|
54
55
|
builds << clean_join(root_dir, "buildSrc") if buildsrc
|
|
55
56
|
|
|
56
57
|
return builds unless settings_file(root_dir)
|
|
57
58
|
|
|
58
|
-
builds += SettingsFileParser
|
|
59
|
-
new(settings_file: settings_file(root_dir))
|
|
60
|
-
included_build_paths
|
|
61
|
-
map { |p| clean_join(root_dir, p) }
|
|
59
|
+
builds += SettingsFileParser
|
|
60
|
+
.new(settings_file: settings_file(root_dir))
|
|
61
|
+
.included_build_paths
|
|
62
|
+
.map { |p| clean_join(root_dir, p) }
|
|
62
63
|
|
|
63
64
|
builds.uniq
|
|
64
65
|
end
|
|
@@ -71,9 +72,9 @@ module Dependabot
|
|
|
71
72
|
return [] unless settings_file(root_dir)
|
|
72
73
|
|
|
73
74
|
subproject_paths =
|
|
74
|
-
SettingsFileParser
|
|
75
|
-
new(settings_file: settings_file(root_dir))
|
|
76
|
-
subproject_paths
|
|
75
|
+
SettingsFileParser
|
|
76
|
+
.new(settings_file: settings_file(root_dir))
|
|
77
|
+
.subproject_paths
|
|
77
78
|
|
|
78
79
|
subproject_paths.filter_map do |path|
|
|
79
80
|
if @buildfile_name
|
|
@@ -98,13 +99,13 @@ module Dependabot
|
|
|
98
99
|
return [] unless buildfile(root_dir)
|
|
99
100
|
|
|
100
101
|
dependency_plugin_paths =
|
|
101
|
-
FileParser.find_include_names(buildfile(root_dir))
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
102
|
+
FileParser.find_include_names(buildfile(root_dir))
|
|
103
|
+
.reject { |path| path.include?("://") }
|
|
104
|
+
.reject { |path| !path.include?("/") && path.split(".").count > 2 }
|
|
105
|
+
.select { |filename| filename.include?("dependencies") }
|
|
106
|
+
.map { |path| path.gsub("$rootDir", ".") }
|
|
107
|
+
.map { |path| File.join(root_dir, path) }
|
|
108
|
+
.uniq
|
|
108
109
|
|
|
109
110
|
dependency_plugin_paths.filter_map do |path|
|
|
110
111
|
fetch_file_from_host(path)
|
|
@@ -147,9 +148,9 @@ module Dependabot
|
|
|
147
148
|
end
|
|
148
149
|
|
|
149
150
|
def find_first(dir, supported_names)
|
|
150
|
-
paths = supported_names
|
|
151
|
-
map { |name| clean_join(dir, name) }
|
|
152
|
-
each do |path|
|
|
151
|
+
paths = supported_names
|
|
152
|
+
.map { |name| clean_join(dir, name) }
|
|
153
|
+
.each do |path|
|
|
153
154
|
return cached_files[path] || next
|
|
154
155
|
end
|
|
155
156
|
fetch_first_if_present(paths)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
|
@@ -111,14 +112,14 @@ module Dependabot
|
|
|
111
112
|
|
|
112
113
|
@properties[buildfile.name] = {}
|
|
113
114
|
|
|
114
|
-
@properties[buildfile.name]
|
|
115
|
-
merge!(fetch_single_property_declarations(buildfile))
|
|
115
|
+
@properties[buildfile.name]
|
|
116
|
+
.merge!(fetch_single_property_declarations(buildfile))
|
|
116
117
|
|
|
117
|
-
@properties[buildfile.name]
|
|
118
|
-
merge!(fetch_kotlin_block_property_declarations(buildfile))
|
|
118
|
+
@properties[buildfile.name]
|
|
119
|
+
.merge!(fetch_kotlin_block_property_declarations(buildfile))
|
|
119
120
|
|
|
120
|
-
@properties[buildfile.name]
|
|
121
|
-
merge!(fetch_multi_property_declarations(buildfile))
|
|
121
|
+
@properties[buildfile.name]
|
|
122
|
+
.merge!(fetch_multi_property_declarations(buildfile))
|
|
122
123
|
|
|
123
124
|
@properties[buildfile.name]
|
|
124
125
|
end
|
|
@@ -146,28 +147,28 @@ module Dependabot
|
|
|
146
147
|
def fetch_kotlin_block_property_declarations(buildfile)
|
|
147
148
|
properties = {}
|
|
148
149
|
|
|
149
|
-
prepared_content(buildfile)
|
|
150
|
-
scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
|
|
150
|
+
prepared_content(buildfile)
|
|
151
|
+
.scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
|
|
151
152
|
captures = Regexp.last_match.named_captures
|
|
152
153
|
namespace = captures.fetch("namespace")
|
|
153
154
|
|
|
154
|
-
captures.fetch("values")
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
155
|
+
captures.fetch("values")
|
|
156
|
+
.scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
|
|
157
|
+
declaration_string = Regexp.last_match.to_s.strip
|
|
158
|
+
sub_captures = Regexp.last_match.named_captures
|
|
159
|
+
name = sub_captures.fetch("name")
|
|
160
|
+
full_name = if namespace == "extra"
|
|
161
|
+
name
|
|
162
|
+
else
|
|
163
|
+
[namespace, name].join(".")
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
properties[full_name] = {
|
|
167
|
+
value: sub_captures.fetch("value"),
|
|
168
|
+
declaration_string: declaration_string,
|
|
169
|
+
file: buildfile.name
|
|
170
|
+
}
|
|
171
|
+
end
|
|
171
172
|
end
|
|
172
173
|
|
|
173
174
|
properties
|
|
@@ -199,9 +200,9 @@ module Dependabot
|
|
|
199
200
|
|
|
200
201
|
def prepared_content(buildfile)
|
|
201
202
|
# Remove any comments
|
|
202
|
-
buildfile.content
|
|
203
|
-
|
|
204
|
-
|
|
203
|
+
buildfile.content
|
|
204
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
|
205
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
|
205
206
|
end
|
|
206
207
|
|
|
207
208
|
def top_level_buildfile
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
|
@@ -108,10 +109,10 @@ module Dependabot
|
|
|
108
109
|
end
|
|
109
110
|
end
|
|
110
111
|
|
|
111
|
-
repository_urls
|
|
112
|
-
map { |url| url.strip.gsub(%r{/$}, "") }
|
|
113
|
-
select { |url| valid_url?(url) }
|
|
114
|
-
uniq
|
|
112
|
+
repository_urls
|
|
113
|
+
.map { |url| url.strip.gsub(%r{/$}, "") }
|
|
114
|
+
.select { |url| valid_url?(url) }
|
|
115
|
+
.uniq
|
|
115
116
|
end
|
|
116
117
|
|
|
117
118
|
def closing_bracket_index(string)
|
|
@@ -137,9 +138,9 @@ module Dependabot
|
|
|
137
138
|
end
|
|
138
139
|
|
|
139
140
|
def comment_free_content(buildfile)
|
|
140
|
-
buildfile.content
|
|
141
|
-
|
|
142
|
-
|
|
141
|
+
buildfile.content
|
|
142
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
|
143
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
|
143
144
|
end
|
|
144
145
|
|
|
145
146
|
def top_level_buildfile
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "toml-rb"
|
|
@@ -57,14 +58,14 @@ module Dependabot
|
|
|
57
58
|
def self.find_include_names(buildfile)
|
|
58
59
|
return [] unless buildfile
|
|
59
60
|
|
|
60
|
-
buildfile.content
|
|
61
|
-
|
|
62
|
-
|
|
61
|
+
buildfile.content
|
|
62
|
+
.scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/)
|
|
63
|
+
.map { |match| match[2] }
|
|
63
64
|
end
|
|
64
65
|
|
|
65
66
|
def self.find_includes(buildfile, dependency_files)
|
|
66
|
-
FileParser.find_include_names(buildfile)
|
|
67
|
-
|
|
67
|
+
FileParser.find_include_names(buildfile)
|
|
68
|
+
.filter_map { |f| dependency_files.find { |bf| bf.name == f } }
|
|
68
69
|
end
|
|
69
70
|
|
|
70
71
|
private
|
|
@@ -248,10 +249,10 @@ module Dependabot
|
|
|
248
249
|
end
|
|
249
250
|
|
|
250
251
|
def argument_from_string(string, arg_name)
|
|
251
|
-
string
|
|
252
|
-
match(map_value_regex(arg_name))
|
|
253
|
-
named_captures
|
|
254
|
-
fetch("value")
|
|
252
|
+
string
|
|
253
|
+
.match(map_value_regex(arg_name))
|
|
254
|
+
&.named_captures
|
|
255
|
+
&.fetch("value")
|
|
255
256
|
end
|
|
256
257
|
|
|
257
258
|
def dependency_from(details_hash:, buildfile:, in_dependency_set: false)
|
|
@@ -307,9 +308,9 @@ module Dependabot
|
|
|
307
308
|
|
|
308
309
|
def dependency_metadata(details_hash, in_dependency_set)
|
|
309
310
|
version_property_name =
|
|
310
|
-
details_hash[:version]
|
|
311
|
-
match(PROPERTY_REGEX)
|
|
312
|
-
named_captures&.fetch("property_name")
|
|
311
|
+
details_hash[:version]
|
|
312
|
+
.match(PROPERTY_REGEX)
|
|
313
|
+
&.named_captures&.fetch("property_name")
|
|
313
314
|
|
|
314
315
|
return unless version_property_name || in_dependency_set
|
|
315
316
|
|
|
@@ -327,8 +328,8 @@ module Dependabot
|
|
|
327
328
|
def evaluated_value(value, buildfile)
|
|
328
329
|
return value unless value.scan(PROPERTY_REGEX).count == 1
|
|
329
330
|
|
|
330
|
-
property_name = value.match(PROPERTY_REGEX)
|
|
331
|
-
|
|
331
|
+
property_name = value.match(PROPERTY_REGEX)
|
|
332
|
+
.named_captures.fetch("property_name")
|
|
332
333
|
property_value = property_value_finder.property_value(
|
|
333
334
|
property_name: property_name,
|
|
334
335
|
callsite_buildfile: buildfile
|
|
@@ -347,9 +348,9 @@ module Dependabot
|
|
|
347
348
|
def prepared_content(buildfile)
|
|
348
349
|
# Remove any comments
|
|
349
350
|
prepared_content =
|
|
350
|
-
buildfile.content
|
|
351
|
-
|
|
352
|
-
|
|
351
|
+
buildfile.content
|
|
352
|
+
.gsub(%r{(?<=^|\s)//.*$}, "\n")
|
|
353
|
+
.gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
|
|
353
354
|
|
|
354
355
|
# Remove the dependencyVerification section added by Gradle Witness
|
|
355
356
|
# (TODO: Support updating this in the FileUpdater)
|
|
@@ -390,8 +391,8 @@ module Dependabot
|
|
|
390
391
|
@script_plugin_files ||=
|
|
391
392
|
buildfiles.flat_map do |buildfile|
|
|
392
393
|
FileParser.find_includes(buildfile, dependency_files)
|
|
393
|
-
end
|
|
394
|
-
|
|
394
|
+
end
|
|
395
|
+
.uniq
|
|
395
396
|
end
|
|
396
397
|
|
|
397
398
|
def check_required_files
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/gradle/file_updater"
|
|
@@ -44,8 +45,8 @@ module Dependabot
|
|
|
44
45
|
|
|
45
46
|
def property_value_finder
|
|
46
47
|
@property_value_finder ||=
|
|
47
|
-
Gradle::FileParser::PropertyValueFinder
|
|
48
|
-
new(dependency_files: dependency_files)
|
|
48
|
+
Gradle::FileParser::PropertyValueFinder
|
|
49
|
+
.new(dependency_files: dependency_files)
|
|
49
50
|
end
|
|
50
51
|
|
|
51
52
|
def update_file(file:, content:)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: false
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/file_updaters"
|
|
@@ -54,8 +55,8 @@ module Dependabot
|
|
|
54
55
|
|
|
55
56
|
# The UpdateChecker ensures the order of requirements is preserved
|
|
56
57
|
# when updating, so we can zip them together in new/old pairs.
|
|
57
|
-
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
|
58
|
-
|
|
58
|
+
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
|
59
|
+
.reject { |new_req, old_req| new_req == old_req }
|
|
59
60
|
|
|
60
61
|
# Loop through each changed requirement and update the buildfiles
|
|
61
62
|
reqs.each do |new_req, old_req|
|
|
@@ -87,13 +88,13 @@ module Dependabot
|
|
|
87
88
|
property_name = new_req.fetch(:metadata).fetch(:property_name)
|
|
88
89
|
buildfile = files.find { |f| f.name == new_req.fetch(:file) }
|
|
89
90
|
|
|
90
|
-
PropertyValueUpdater.new(dependency_files: files)
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
91
|
+
PropertyValueUpdater.new(dependency_files: files)
|
|
92
|
+
.update_files_for_property_change(
|
|
93
|
+
property_name: property_name,
|
|
94
|
+
callsite_buildfile: buildfile,
|
|
95
|
+
previous_value: old_req.fetch(:requirement),
|
|
96
|
+
updated_value: new_req.fetch(:requirement)
|
|
97
|
+
)
|
|
97
98
|
end
|
|
98
99
|
|
|
99
100
|
def update_files_for_dep_set_change(buildfiles, old_req, new_req)
|
|
@@ -101,13 +102,13 @@ module Dependabot
|
|
|
101
102
|
dependency_set = new_req.fetch(:metadata).fetch(:dependency_set)
|
|
102
103
|
buildfile = files.find { |f| f.name == new_req.fetch(:file) }
|
|
103
104
|
|
|
104
|
-
DependencySetUpdater.new(dependency_files: files)
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
105
|
+
DependencySetUpdater.new(dependency_files: files)
|
|
106
|
+
.update_files_for_dep_set_change(
|
|
107
|
+
dependency_set: dependency_set,
|
|
108
|
+
buildfile: buildfile,
|
|
109
|
+
previous_requirement: old_req.fetch(:requirement),
|
|
110
|
+
updated_requirement: new_req.fetch(:requirement)
|
|
111
|
+
)
|
|
111
112
|
end
|
|
112
113
|
|
|
113
114
|
def update_version_in_buildfile(dependency, buildfile, previous_req,
|
|
@@ -173,8 +174,8 @@ module Dependabot
|
|
|
173
174
|
|
|
174
175
|
def property_value_finder
|
|
175
176
|
@property_value_finder ||=
|
|
176
|
-
Gradle::FileParser::PropertyValueFinder
|
|
177
|
-
new(dependency_files: dependency_files)
|
|
177
|
+
Gradle::FileParser::PropertyValueFinder
|
|
178
|
+
.new(dependency_files: dependency_files)
|
|
178
179
|
end
|
|
179
180
|
|
|
180
181
|
def updated_buildfile_declaration(original_buildfile_declaration, previous_req, requirement)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "nokogiri"
|
|
@@ -41,9 +42,9 @@ module Dependabot
|
|
|
41
42
|
FileFetchers::Base.new(source: tmp_source, credentials: credentials)
|
|
42
43
|
|
|
43
44
|
@repo_has_subdir_for_dep[tmp_source] =
|
|
44
|
-
fetcher.send(:repo_contents, raise_errors: false)
|
|
45
|
-
|
|
46
|
-
|
|
45
|
+
fetcher.send(:repo_contents, raise_errors: false)
|
|
46
|
+
.select { |f| f.type == "dir" }
|
|
47
|
+
.any? { |f| artifact.end_with?(f.name) }
|
|
47
48
|
rescue Dependabot::BranchNotFound
|
|
48
49
|
tmp_source.branch = nil
|
|
49
50
|
retry
|
|
@@ -140,8 +141,8 @@ module Dependabot
|
|
|
140
141
|
end
|
|
141
142
|
|
|
142
143
|
def maven_repo_url
|
|
143
|
-
source = dependency.requirements
|
|
144
|
-
|
|
144
|
+
source = dependency.requirements
|
|
145
|
+
.find { |r| r&.fetch(:source) }&.fetch(:source)
|
|
145
146
|
|
|
146
147
|
source&.fetch(:url, nil) ||
|
|
147
148
|
source&.fetch("url") ||
|
|
@@ -176,5 +177,5 @@ module Dependabot
|
|
|
176
177
|
end
|
|
177
178
|
end
|
|
178
179
|
|
|
179
|
-
Dependabot::MetadataFinders
|
|
180
|
-
register("gradle", Dependabot::Gradle::MetadataFinder)
|
|
180
|
+
Dependabot::MetadataFinders
|
|
181
|
+
.register("gradle", Dependabot::Gradle::MetadataFinder)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/utils"
|
|
@@ -114,5 +115,5 @@ module Dependabot
|
|
|
114
115
|
end
|
|
115
116
|
end
|
|
116
117
|
|
|
117
|
-
Dependabot::Utils
|
|
118
|
-
register_requirement_class("gradle", Dependabot::Gradle::Requirement)
|
|
118
|
+
Dependabot::Utils
|
|
119
|
+
.register_requirement_class("gradle", Dependabot::Gradle::Requirement)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/gradle/file_parser"
|
|
@@ -34,9 +35,9 @@ module Dependabot
|
|
|
34
35
|
ignored_versions: ignored_versions,
|
|
35
36
|
raise_on_ignored: @raise_on_ignored,
|
|
36
37
|
security_advisories: []
|
|
37
|
-
).versions
|
|
38
|
-
|
|
39
|
-
|
|
38
|
+
).versions
|
|
39
|
+
.map { |v| v.fetch(:version) }
|
|
40
|
+
.include?(target_version)
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
|
|
@@ -78,15 +79,15 @@ module Dependabot
|
|
|
78
79
|
end
|
|
79
80
|
|
|
80
81
|
def property_name
|
|
81
|
-
@property_name ||= dependency.requirements
|
|
82
|
-
|
|
83
|
-
dig(:metadata, :property_name)
|
|
82
|
+
@property_name ||= dependency.requirements
|
|
83
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
|
84
|
+
&.dig(:metadata, :property_name)
|
|
84
85
|
end
|
|
85
86
|
|
|
86
87
|
def dependency_set
|
|
87
|
-
@dependency_set ||= dependency.requirements
|
|
88
|
-
|
|
89
|
-
dig(:metadata, :dependency_set)
|
|
88
|
+
@dependency_set ||= dependency.requirements
|
|
89
|
+
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
90
|
+
&.dig(:metadata, :dependency_set)
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def updated_requirements(dep)
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
#######################################################
|
|
@@ -56,16 +57,16 @@ module Dependabot
|
|
|
56
57
|
end
|
|
57
58
|
|
|
58
59
|
def update_exact_requirement(req_string)
|
|
59
|
-
old_version = requirement_class.new(req_string)
|
|
60
|
-
|
|
60
|
+
old_version = requirement_class.new(req_string)
|
|
61
|
+
.requirements.first.last
|
|
61
62
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
|
62
63
|
end
|
|
63
64
|
|
|
64
65
|
def update_dynamic_requirement(req_string)
|
|
65
66
|
version = req_string.split(/\.?\+/).first || "+"
|
|
66
67
|
|
|
67
|
-
precision = version.split(".")
|
|
68
|
-
|
|
68
|
+
precision = version.split(".")
|
|
69
|
+
.take_while { |s| !s.include?("+") }.count
|
|
69
70
|
|
|
70
71
|
version_parts = latest_version.segments.first(precision)
|
|
71
72
|
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "nokogiri"
|
|
@@ -59,10 +60,10 @@ module Dependabot
|
|
|
59
60
|
url = repository_details.fetch("url")
|
|
60
61
|
next google_version_details if url == Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
|
|
61
62
|
|
|
62
|
-
dependency_metadata(repository_details).css("versions > version")
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
63
|
+
dependency_metadata(repository_details).css("versions > version")
|
|
64
|
+
.select { |node| version_class.correct?(node.content) }
|
|
65
|
+
.map { |node| version_class.new(node.content) }
|
|
66
|
+
.map { |version| { version: version, source_url: url } }
|
|
66
67
|
end.flatten.compact
|
|
67
68
|
|
|
68
69
|
raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?
|
|
@@ -84,13 +85,13 @@ module Dependabot
|
|
|
84
85
|
def filter_date_based_versions(possible_versions)
|
|
85
86
|
return possible_versions if wants_date_based_version?
|
|
86
87
|
|
|
87
|
-
possible_versions
|
|
88
|
-
reject { |v| v.fetch(:version) > version_class.new(1900) }
|
|
88
|
+
possible_versions
|
|
89
|
+
.reject { |v| v.fetch(:version) > version_class.new(1900) }
|
|
89
90
|
end
|
|
90
91
|
|
|
91
92
|
def filter_version_types(possible_versions)
|
|
92
|
-
possible_versions
|
|
93
|
-
select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
|
93
|
+
possible_versions
|
|
94
|
+
.select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
|
94
95
|
end
|
|
95
96
|
|
|
96
97
|
def filter_ignored_versions(possible_versions)
|
|
@@ -99,8 +100,8 @@ module Dependabot
|
|
|
99
100
|
ignored_versions.each do |req|
|
|
100
101
|
ignore_requirements = Gradle::Requirement.requirements_array(req)
|
|
101
102
|
filtered =
|
|
102
|
-
filtered
|
|
103
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
|
103
|
+
filtered
|
|
104
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
|
104
105
|
end
|
|
105
106
|
|
|
106
107
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? &&
|
|
@@ -148,12 +149,12 @@ module Dependabot
|
|
|
148
149
|
xpath = "/#{group_id}/#{artifact_id}"
|
|
149
150
|
return unless @google_version_details.at_xpath(xpath)
|
|
150
151
|
|
|
151
|
-
@google_version_details.at_xpath(xpath)
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
152
|
+
@google_version_details.at_xpath(xpath)
|
|
153
|
+
.attributes.fetch("versions")
|
|
154
|
+
.value.split(",")
|
|
155
|
+
.select { |v| version_class.correct?(v) }
|
|
156
|
+
.map { |v| version_class.new(v) }
|
|
157
|
+
.map { |version| { version: version, source_url: url } }
|
|
157
158
|
rescue Nokogiri::XML::XPath::SyntaxError
|
|
158
159
|
nil
|
|
159
160
|
end
|
|
@@ -211,9 +212,9 @@ module Dependabot
|
|
|
211
212
|
end
|
|
212
213
|
|
|
213
214
|
def credentials_repository_details
|
|
214
|
-
credentials
|
|
215
|
-
select { |cred| cred["type"] == "maven_repository" }
|
|
216
|
-
map do |cred|
|
|
215
|
+
credentials
|
|
216
|
+
.select { |cred| cred["type"] == "maven_repository" }
|
|
217
|
+
.map do |cred|
|
|
217
218
|
{
|
|
218
219
|
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
|
|
219
220
|
"auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
|
|
@@ -223,19 +224,19 @@ module Dependabot
|
|
|
223
224
|
|
|
224
225
|
def dependency_repository_details
|
|
225
226
|
requirement_files =
|
|
226
|
-
dependency.requirements
|
|
227
|
-
|
|
228
|
-
|
|
227
|
+
dependency.requirements
|
|
228
|
+
.map { |r| r.fetch(:file) }
|
|
229
|
+
.map { |nm| dependency_files.find { |f| f.name == nm } }
|
|
229
230
|
|
|
230
231
|
@dependency_repository_details ||=
|
|
231
232
|
requirement_files.flat_map do |target_file|
|
|
232
233
|
Gradle::FileParser::RepositoriesFinder.new(
|
|
233
234
|
dependency_files: dependency_files,
|
|
234
235
|
target_dependency_file: target_file
|
|
235
|
-
).repository_urls
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
236
|
+
).repository_urls
|
|
237
|
+
.map do |url|
|
|
238
|
+
{ "url" => url, "auth_headers" => {} }
|
|
239
|
+
end
|
|
239
240
|
end.uniq
|
|
240
241
|
end
|
|
241
242
|
|
|
@@ -249,19 +250,19 @@ module Dependabot
|
|
|
249
250
|
def matches_dependency_version_type?(comparison_version)
|
|
250
251
|
return true unless dependency.version
|
|
251
252
|
|
|
252
|
-
current_type = dependency.version
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
253
|
+
current_type = dependency.version
|
|
254
|
+
.gsub("native-mt", "native_mt")
|
|
255
|
+
.split(/[.\-]/)
|
|
256
|
+
.find do |type|
|
|
257
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
|
258
|
+
end
|
|
258
259
|
|
|
259
|
-
version_type = comparison_version.to_s
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
260
|
+
version_type = comparison_version.to_s
|
|
261
|
+
.gsub("native-mt", "native_mt")
|
|
262
|
+
.split(/[.\-]/)
|
|
263
|
+
.find do |type|
|
|
264
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
|
265
|
+
end
|
|
265
266
|
|
|
266
267
|
current_type == version_type
|
|
267
268
|
end
|
|
@@ -301,8 +302,8 @@ module Dependabot
|
|
|
301
302
|
|
|
302
303
|
def central_repo_urls
|
|
303
304
|
central_url_without_protocol =
|
|
304
|
-
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
|
305
|
-
gsub(%r{^.*://}, "")
|
|
305
|
+
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
|
306
|
+
.gsub(%r{^.*://}, "")
|
|
306
307
|
|
|
307
308
|
%w(http:// https://).map { |p| p + central_url_without_protocol }
|
|
308
309
|
end
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
require "dependabot/update_checkers"
|
|
@@ -55,8 +56,8 @@ module Dependabot
|
|
|
55
56
|
|
|
56
57
|
def updated_requirements
|
|
57
58
|
property_names =
|
|
58
|
-
declarations_using_a_property
|
|
59
|
-
map { |req| req.dig(:metadata, :property_name) }
|
|
59
|
+
declarations_using_a_property
|
|
60
|
+
.map { |req| req.dig(:metadata, :property_name) }
|
|
60
61
|
|
|
61
62
|
RequirementsUpdater.new(
|
|
62
63
|
requirements: dependency.requirements,
|
|
@@ -172,8 +173,8 @@ module Dependabot
|
|
|
172
173
|
|
|
173
174
|
def declarations_using_a_property
|
|
174
175
|
@declarations_using_a_property ||=
|
|
175
|
-
dependency.requirements
|
|
176
|
-
|
|
176
|
+
dependency.requirements
|
|
177
|
+
.select { |req| req.dig(:metadata, :property_name) }
|
|
177
178
|
end
|
|
178
179
|
|
|
179
180
|
def all_property_based_dependencies
|
data/lib/dependabot/gradle.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# typed: true
|
|
1
2
|
# frozen_string_literal: true
|
|
2
3
|
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
|
@@ -11,14 +12,14 @@ require "dependabot/gradle/requirement"
|
|
|
11
12
|
require "dependabot/gradle/version"
|
|
12
13
|
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
|
15
|
-
register_label_details("gradle", name: "java", colour: "ffa221")
|
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
|
16
|
+
.register_label_details("gradle", name: "java", colour: "ffa221")
|
|
16
17
|
|
|
17
18
|
require "dependabot/dependency"
|
|
18
19
|
Dependabot::Dependency.register_production_check("gradle", ->(_) { true })
|
|
19
20
|
|
|
20
|
-
Dependabot::Dependency
|
|
21
|
-
register_display_name_builder(
|
|
21
|
+
Dependabot::Dependency
|
|
22
|
+
.register_display_name_builder(
|
|
22
23
|
"gradle",
|
|
23
24
|
lambda { |name|
|
|
24
25
|
artifact_id = name.split(":").last
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.232.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-09-
|
|
11
|
+
date: 2023-09-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.232.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.232.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: dependabot-maven
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.232.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.232.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: debug
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -150,6 +150,20 @@ dependencies:
|
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: 1.19.0
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: rubocop-sorbet
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 0.7.3
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 0.7.3
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: stackprof
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -221,7 +235,7 @@ licenses:
|
|
|
221
235
|
- Nonstandard
|
|
222
236
|
metadata:
|
|
223
237
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
224
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
238
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.232.0
|
|
225
239
|
post_install_message:
|
|
226
240
|
rdoc_options: []
|
|
227
241
|
require_paths:
|