dependabot-gradle 0.259.0 → 0.261.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1be3d1c99a0694b4c91c8f64b7a050a41796f5b2b34cd1f4628561d7a157fdf6
4
- data.tar.gz: 15fbcc37c8945a48edd865aa0377a6ce8f025e5349f5733f0d0f1377f83adc1c
3
+ metadata.gz: 57b5251fc125465f162e62156269e89fedac11a6f1638b370fb966baa655bfbd
4
+ data.tar.gz: f44e4843e3b4907a0ad41731704af0fbea47112721bd9e8a1ea9fa23708732a5
5
5
  SHA512:
6
- metadata.gz: 0c2ecfe2027508fc3023541385beada2bfe0295eb5922e17fc4f4c01848d32cbc99c2ba55e14ba265ce4c2bde11935204776e2f5ad6cda7fb2a55ab5041b2ec7
7
- data.tar.gz: aef3e92a13898d30d003efafecdbcbc6a732cc4c5c6b5677e4717b82c2fa0beeb7302b68679217b13a9d9fc4ce8a6c53b0f73d8ec6988bf83c5e986a51e25ec4
6
+ metadata.gz: b0051586076a8c3e66487f740eec446a5284ba122e5a42000e66dc45b7d9a49dfac5e98de2d35fcba66dfd069b8ff1ecc492a90642e6fac100181d24265ebcef
7
+ data.tar.gz: da364819c848465abd2322ed735a625e659d91dcb725f62665dc949351b4d1d8dcbb11451381549a4947765b6cf0a4b80e3e66047babe401b2b863fe311335ed
@@ -1,12 +1,16 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/gradle/file_fetcher"
5
7
 
6
8
  module Dependabot
7
9
  module Gradle
8
10
  class FileFetcher
9
11
  class SettingsFileParser
12
+ extend T::Sig
13
+
10
14
  def initialize(settings_file:)
11
15
  @settings_file = settings_file
12
16
  end
@@ -14,18 +18,18 @@ module Dependabot
14
18
  def included_build_paths
15
19
  paths = []
16
20
  comment_free_content.scan(function_regex("includeBuild")) do
17
- arg = Regexp.last_match.named_captures.fetch("args")
18
- paths << arg.gsub(/["']/, "").strip
21
+ arg = T.must(Regexp.last_match).named_captures.fetch("args")
22
+ paths << T.must(arg).gsub(/["']/, "").strip
19
23
  end
20
24
  paths.uniq
21
25
  end
22
26
 
23
27
  def subproject_paths
24
- subprojects = []
28
+ subprojects = T.let([], T::Array[String])
25
29
 
26
30
  comment_free_content.scan(function_regex("include")) do
27
- args = Regexp.last_match.named_captures.fetch("args")
28
- args = args.split(",")
31
+ args = T.must(Regexp.last_match).named_captures.fetch("args")
32
+ args = T.must(args).split(",")
29
33
  args = args.filter_map { |p| p.gsub(/["']/, "").strip }
30
34
  subprojects += args
31
35
  end
@@ -1,7 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
5
+
5
6
  require "dependabot/file_fetchers"
6
7
  require "dependabot/file_fetchers/base"
7
8
 
@@ -55,20 +56,21 @@ module Dependabot
55
56
  # buildSrc is implicit: included but not declared in settings.gradle
56
57
  buildsrc = repo_contents(dir: root_dir, raise_errors: false)
57
58
  .find { |item| item.type == "dir" && item.name == "buildSrc" }
58
- builds << clean_join(root_dir, "buildSrc") if buildsrc
59
+ builds << clean_join([root_dir, "buildSrc"]) if buildsrc
59
60
 
60
61
  return builds unless settings_file(root_dir)
61
62
 
62
63
  builds += SettingsFileParser
63
64
  .new(settings_file: settings_file(root_dir))
64
65
  .included_build_paths
65
- .map { |p| clean_join(root_dir, p) }
66
+ .map { |p| clean_join([root_dir, p]) }
66
67
 
67
68
  builds.uniq
68
69
  end
69
70
 
70
- def clean_join(*parts)
71
- Pathname.new(File.join(*parts)).cleanpath.to_path
71
+ sig { params(parts: T::Array[String]).returns(String) }
72
+ def clean_join(parts)
73
+ Pathname.new(File.join(parts)).cleanpath.to_path
72
74
  end
73
75
 
74
76
  def subproject_buildfiles(root_dir)
@@ -144,7 +146,7 @@ module Dependabot
144
146
 
145
147
  def find_first(dir, supported_names)
146
148
  paths = supported_names
147
- .map { |name| clean_join(dir, name) }
149
+ .map { |name| clean_join([dir, name]) }
148
150
  .each do |path|
149
151
  return cached_files[path] || next
150
152
  end
@@ -1,12 +1,16 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/gradle/file_parser"
5
7
 
6
8
  module Dependabot
7
9
  module Gradle
8
10
  class FileParser
9
11
  class PropertyValueFinder
12
+ extend T::Sig
13
+
10
14
  # rubocop:disable Layout/LineLength
11
15
  SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
12
16
 
@@ -129,8 +133,8 @@ module Dependabot
129
133
 
130
134
  prepared_content(buildfile).scan(SINGLE_PROPERTY_DECLARATION_REGEX) do
131
135
  declaration_string = Regexp.last_match.to_s.strip
132
- captures = Regexp.last_match.named_captures
133
- name = captures.fetch("name").sub(/^ext\./, "")
136
+ captures = T.must(Regexp.last_match).named_captures
137
+ name = T.must(captures.fetch("name")).sub(/^ext\./, "")
134
138
 
135
139
  unless properties.key?(name)
136
140
  properties[name] = {
@@ -149,13 +153,13 @@ module Dependabot
149
153
 
150
154
  prepared_content(buildfile)
151
155
  .scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
152
- captures = Regexp.last_match.named_captures
156
+ captures = T.must(Regexp.last_match).named_captures
153
157
  namespace = captures.fetch("namespace")
154
158
 
155
- captures.fetch("values")
156
- .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
159
+ T.must(captures.fetch("values"))
160
+ .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
157
161
  declaration_string = Regexp.last_match.to_s.strip
158
- sub_captures = Regexp.last_match.named_captures
162
+ sub_captures = T.must(Regexp.last_match).named_captures
159
163
  name = sub_captures.fetch("name")
160
164
  full_name = if namespace == "extra"
161
165
  name
@@ -178,12 +182,12 @@ module Dependabot
178
182
  properties = {}
179
183
 
180
184
  prepared_content(buildfile).scan(MULTI_PROPERTY_DECLARATION_REGEX) do
181
- captures = Regexp.last_match.named_captures
182
- namespace = captures.fetch("namespace").sub(/^ext\./, "")
185
+ captures = T.must(Regexp.last_match).named_captures
186
+ namespace = T.must(captures.fetch("namespace")).sub(/^ext\./, "")
183
187
 
184
- captures.fetch("values").scan(NAMESPACED_DECLARATION_REGEX) do
188
+ T.must(captures.fetch("values")).scan(NAMESPACED_DECLARATION_REGEX) do
185
189
  declaration_string = Regexp.last_match.to_s.strip
186
- sub_captures = Regexp.last_match.named_captures
190
+ sub_captures = T.must(Regexp.last_match).named_captures
187
191
  name = sub_captures.fetch("name")
188
192
  full_name = [namespace, name].join(".")
189
193
 
@@ -1,12 +1,16 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/gradle/file_parser"
5
7
 
6
8
  module Dependabot
7
9
  module Gradle
8
10
  class FileParser
9
11
  class RepositoriesFinder
12
+ extend T::Sig
13
+
10
14
  SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
11
15
  SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
12
16
 
@@ -58,14 +62,14 @@ module Dependabot
58
62
  subproject_blocks = []
59
63
 
60
64
  buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
61
- mtch = Regexp.last_match
65
+ mtch = T.must(Regexp.last_match)
62
66
  subproject_blocks <<
63
67
  mtch.post_match[0..closing_bracket_index(mtch.post_match)]
64
68
  end
65
69
 
66
70
  if top_level_buildfile != target_dependency_file
67
71
  buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
68
- mtch = Regexp.last_match
72
+ mtch = T.must(Regexp.last_match)
69
73
  subproject_blocks <<
70
74
  mtch.post_match[0..closing_bracket_index(mtch.post_match)]
71
75
  end
@@ -82,7 +86,7 @@ module Dependabot
82
86
  own_buildfile_urls = []
83
87
 
84
88
  subproject_buildfile_content = buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
85
- mtch = Regexp.last_match
89
+ mtch = T.must(Regexp.last_match)
86
90
  buildfile_content.gsub(
87
91
  mtch.post_match[0..closing_bracket_index(mtch.post_match)],
88
92
  ""
@@ -101,7 +105,7 @@ module Dependabot
101
105
  dependency_resolution_management_repositories = []
102
106
 
103
107
  settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
104
- mtch = Regexp.last_match
108
+ mtch = T.must(Regexp.last_match)
105
109
  dependency_resolution_management_repositories <<
106
110
  mtch.post_match[0..closing_bracket_index(mtch.post_match)]
107
111
  end
@@ -114,7 +118,7 @@ module Dependabot
114
118
 
115
119
  repository_blocks = []
116
120
  buildfile_content.scan(REPOSITORIES_BLOCK_START) do
117
- mtch = Regexp.last_match
121
+ mtch = T.must(Regexp.last_match)
118
122
  repository_blocks <<
119
123
  mtch.post_match[0..closing_bracket_index(mtch.post_match)]
120
124
  end
@@ -129,7 +133,7 @@ module Dependabot
129
133
  repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
130
134
 
131
135
  block.scan(MAVEN_REPO_REGEX) do
132
- repository_urls << Regexp.last_match.named_captures.fetch("url")
136
+ repository_urls << T.must(Regexp.last_match).named_captures.fetch("url")
133
137
  end
134
138
  end
135
139
 
@@ -1,6 +1,7 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "toml-rb"
5
6
 
6
7
  require "dependabot/dependency"
@@ -18,6 +19,8 @@ require "dependabot/gradle/version"
18
19
  module Dependabot
19
20
  module Gradle
20
21
  class FileParser < Dependabot::FileParsers::Base
22
+ extend T::Sig
23
+
21
24
  require "dependabot/file_parsers/base/dependency_set"
22
25
  require_relative "file_parser/property_value_finder"
23
26
 
@@ -148,10 +151,10 @@ module Dependabot
148
151
  dependency_set = DependencySet.new
149
152
 
150
153
  prepared_content(buildfile).scan(DEPENDENCY_DECLARATION_REGEX) do
151
- declaration = Regexp.last_match.named_captures.fetch("declaration")
154
+ declaration = T.must(Regexp.last_match).named_captures.fetch("declaration")
152
155
 
153
- group, name, version = declaration.split(":")
154
- version, _packaging_type = version.split("@")
156
+ group, name, version = T.must(declaration).split(":")
157
+ version, _packaging_type = T.must(version).split("@")
155
158
  details = { group: group, name: name, version: version }
156
159
 
157
160
  dep = dependency_from(details_hash: details, buildfile: buildfile)
@@ -185,7 +188,7 @@ module Dependabot
185
188
  dependency_set_blocks = []
186
189
 
187
190
  prepared_content(buildfile).scan(DEPENDENCY_SET_DECLARATION_REGEX) do
188
- mch = Regexp.last_match
191
+ mch = T.must(Regexp.last_match)
189
192
  dependency_set_blocks <<
190
193
  {
191
194
  arguments: mch.named_captures.fetch("arguments"),
@@ -218,7 +221,7 @@ module Dependabot
218
221
  plugin_blocks = []
219
222
 
220
223
  prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
221
- mch = Regexp.last_match
224
+ mch = T.must(Regexp.last_match)
222
225
  plugin_blocks <<
223
226
  mch.post_match[0..closing_bracket_index(mch.post_match)]
224
227
  end
@@ -355,7 +358,7 @@ module Dependabot
355
358
  # Remove the dependencyVerification section added by Gradle Witness
356
359
  # (TODO: Support updating this in the FileUpdater)
357
360
  prepared_content.dup.scan(/dependencyVerification\s*{/) do
358
- mtch = Regexp.last_match
361
+ mtch = T.must(Regexp.last_match)
359
362
  block = mtch.post_match[0..closing_bracket_index(mtch.post_match)]
360
363
  prepared_content.gsub!(block, "")
361
364
  end
@@ -1,4 +1,4 @@
1
- # typed: strict
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -1,6 +1,8 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
4
6
  require "dependabot/file_updaters"
5
7
  require "dependabot/file_updaters/base"
6
8
  require "dependabot/gradle/file_parser"
@@ -8,6 +10,8 @@ require "dependabot/gradle/file_parser"
8
10
  module Dependabot
9
11
  module Gradle
10
12
  class FileUpdater < Dependabot::FileUpdaters::Base
13
+ extend T::Sig
14
+
11
15
  require_relative "file_updater/dependency_set_updater"
12
16
  require_relative "file_updater/property_value_updater"
13
17
 
@@ -159,7 +163,7 @@ module Dependabot
159
163
  result = string.dup
160
164
 
161
165
  string.scan(Gradle::FileParser::PROPERTY_REGEX) do
162
- prop_name = Regexp.last_match.named_captures.fetch("property_name")
166
+ prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
163
167
  property_value = property_value_finder.property_value(
164
168
  property_name: prop_name,
165
169
  callsite_buildfile: buildfile
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.259.0
4
+ version: 0.261.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-05-30 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.259.0
19
+ version: 0.261.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.259.0
26
+ version: 0.261.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.259.0
33
+ version: 0.261.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.259.0
40
+ version: 0.261.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
281
281
  post_install_message:
282
282
  rdoc_options: []
283
283
  require_paths: