dependabot-gradle 0.244.0 → 0.246.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 38d521c65d4cb8c6d37a04476a379dadd8b820eb308427c7bd137218d3da5da1
|
4
|
+
data.tar.gz: fc5d3b1e024bba6c35e9cef39e0e3a15cddebb750844af34fb90bac7b7301703
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9d2fd0cd0ed768be83b8d18f523970a411b7c0964695943471665f6d9e0c3aa54176ab968f9f2af3c6bd78b62dc0bf3ccbd7c5cb70e83090c896c2fa75684aae
|
7
|
+
data.tar.gz: 601436250d27c91746df08fdb1b979cad7912092a4e5257f9c45ff59582efe035c8cfa6be06b9f8c0e8fa9d22ba30a54c04c24646b0521ff6cf1699186e2a13b
|
@@ -8,6 +8,7 @@ module Dependabot
|
|
8
8
|
class FileParser
|
9
9
|
class RepositoriesFinder
|
10
10
|
SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
|
11
|
+
SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
|
11
12
|
|
12
13
|
# The Central Repo doesn't have special status for Gradle, but until
|
13
14
|
# we're confident we're selecting repos correctly it's wise to include
|
@@ -37,6 +38,7 @@ module Dependabot
|
|
37
38
|
repository_urls += inherited_repository_urls(dependency_file)
|
38
39
|
end
|
39
40
|
repository_urls += own_buildfile_repository_urls
|
41
|
+
repository_urls += settings_file_repository_urls(top_level_settings_file)
|
40
42
|
repository_urls = repository_urls.uniq
|
41
43
|
|
42
44
|
return repository_urls unless repository_urls.empty?
|
@@ -91,6 +93,21 @@ module Dependabot
|
|
91
93
|
own_buildfile_urls
|
92
94
|
end
|
93
95
|
|
96
|
+
def settings_file_repository_urls(settings_file)
|
97
|
+
return [] unless settings_file
|
98
|
+
|
99
|
+
settings_file_content = comment_free_content(settings_file)
|
100
|
+
dependency_resolution_management_repositories = []
|
101
|
+
|
102
|
+
settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
|
103
|
+
mtch = Regexp.last_match
|
104
|
+
dependency_resolution_management_repositories <<
|
105
|
+
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
106
|
+
end
|
107
|
+
|
108
|
+
repository_urls_from(dependency_resolution_management_repositories.join("\n"))
|
109
|
+
end
|
110
|
+
|
94
111
|
def repository_urls_from(buildfile_content)
|
95
112
|
repository_urls = []
|
96
113
|
|
@@ -154,6 +171,12 @@ module Dependabot
|
|
154
171
|
SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
|
155
172
|
end
|
156
173
|
end
|
174
|
+
|
175
|
+
def top_level_settings_file
|
176
|
+
@top_level_settings_file ||= dependency_files.find do |f|
|
177
|
+
SUPPORTED_SETTINGS_FILE_NAMES.include?(f.name)
|
178
|
+
end
|
179
|
+
end
|
157
180
|
end
|
158
181
|
end
|
159
182
|
end
|
@@ -70,7 +70,7 @@ module Dependabot
|
|
70
70
|
def requirements_unlocked_or_can_be?
|
71
71
|
# If the dependency version come from a property we couldn't
|
72
72
|
# interpolate then there's nothing we can do.
|
73
|
-
!dependency.version
|
73
|
+
!dependency.version&.include?("$")
|
74
74
|
end
|
75
75
|
|
76
76
|
private
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-gradle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.246.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-03-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.246.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.246.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: dependabot-maven
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.
|
33
|
+
version: 0.246.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.
|
40
|
+
version: 0.246.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: debug
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -263,7 +263,7 @@ licenses:
|
|
263
263
|
- Nonstandard
|
264
264
|
metadata:
|
265
265
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
266
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
266
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
|
267
267
|
post_install_message:
|
268
268
|
rdoc_options: []
|
269
269
|
require_paths:
|