dependabot-gradle 0.259.0 → 0.261.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb +10 -6
- data/lib/dependabot/gradle/file_fetcher.rb +8 -6
- data/lib/dependabot/gradle/file_parser/property_value_finder.rb +15 -11
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +11 -7
- data/lib/dependabot/gradle/file_parser.rb +10 -7
- data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb +1 -1
- data/lib/dependabot/gradle/file_updater.rb +6 -2
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 57b5251fc125465f162e62156269e89fedac11a6f1638b370fb966baa655bfbd
|
4
|
+
data.tar.gz: f44e4843e3b4907a0ad41731704af0fbea47112721bd9e8a1ea9fa23708732a5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b0051586076a8c3e66487f740eec446a5284ba122e5a42000e66dc45b7d9a49dfac5e98de2d35fcba66dfd069b8ff1ecc492a90642e6fac100181d24265ebcef
|
7
|
+
data.tar.gz: da364819c848465abd2322ed735a625e659d91dcb725f62665dc949351b4d1d8dcbb11451381549a4947765b6cf0a4b80e3e66047babe401b2b863fe311335ed
|
@@ -1,12 +1,16 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/gradle/file_fetcher"
|
5
7
|
|
6
8
|
module Dependabot
|
7
9
|
module Gradle
|
8
10
|
class FileFetcher
|
9
11
|
class SettingsFileParser
|
12
|
+
extend T::Sig
|
13
|
+
|
10
14
|
def initialize(settings_file:)
|
11
15
|
@settings_file = settings_file
|
12
16
|
end
|
@@ -14,18 +18,18 @@ module Dependabot
|
|
14
18
|
def included_build_paths
|
15
19
|
paths = []
|
16
20
|
comment_free_content.scan(function_regex("includeBuild")) do
|
17
|
-
arg = Regexp.last_match.named_captures.fetch("args")
|
18
|
-
paths << arg.gsub(/["']/, "").strip
|
21
|
+
arg = T.must(Regexp.last_match).named_captures.fetch("args")
|
22
|
+
paths << T.must(arg).gsub(/["']/, "").strip
|
19
23
|
end
|
20
24
|
paths.uniq
|
21
25
|
end
|
22
26
|
|
23
27
|
def subproject_paths
|
24
|
-
subprojects = []
|
28
|
+
subprojects = T.let([], T::Array[String])
|
25
29
|
|
26
30
|
comment_free_content.scan(function_regex("include")) do
|
27
|
-
args = Regexp.last_match.named_captures.fetch("args")
|
28
|
-
args = args.split(",")
|
31
|
+
args = T.must(Regexp.last_match).named_captures.fetch("args")
|
32
|
+
args = T.must(args).split(",")
|
29
33
|
args = args.filter_map { |p| p.gsub(/["']/, "").strip }
|
30
34
|
subprojects += args
|
31
35
|
end
|
@@ -1,7 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "sorbet-runtime"
|
5
|
+
|
5
6
|
require "dependabot/file_fetchers"
|
6
7
|
require "dependabot/file_fetchers/base"
|
7
8
|
|
@@ -55,20 +56,21 @@ module Dependabot
|
|
55
56
|
# buildSrc is implicit: included but not declared in settings.gradle
|
56
57
|
buildsrc = repo_contents(dir: root_dir, raise_errors: false)
|
57
58
|
.find { |item| item.type == "dir" && item.name == "buildSrc" }
|
58
|
-
builds << clean_join(root_dir, "buildSrc") if buildsrc
|
59
|
+
builds << clean_join([root_dir, "buildSrc"]) if buildsrc
|
59
60
|
|
60
61
|
return builds unless settings_file(root_dir)
|
61
62
|
|
62
63
|
builds += SettingsFileParser
|
63
64
|
.new(settings_file: settings_file(root_dir))
|
64
65
|
.included_build_paths
|
65
|
-
.map { |p| clean_join(root_dir, p) }
|
66
|
+
.map { |p| clean_join([root_dir, p]) }
|
66
67
|
|
67
68
|
builds.uniq
|
68
69
|
end
|
69
70
|
|
70
|
-
|
71
|
-
|
71
|
+
sig { params(parts: T::Array[String]).returns(String) }
|
72
|
+
def clean_join(parts)
|
73
|
+
Pathname.new(File.join(parts)).cleanpath.to_path
|
72
74
|
end
|
73
75
|
|
74
76
|
def subproject_buildfiles(root_dir)
|
@@ -144,7 +146,7 @@ module Dependabot
|
|
144
146
|
|
145
147
|
def find_first(dir, supported_names)
|
146
148
|
paths = supported_names
|
147
|
-
.map { |name| clean_join(dir, name) }
|
149
|
+
.map { |name| clean_join([dir, name]) }
|
148
150
|
.each do |path|
|
149
151
|
return cached_files[path] || next
|
150
152
|
end
|
@@ -1,12 +1,16 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/gradle/file_parser"
|
5
7
|
|
6
8
|
module Dependabot
|
7
9
|
module Gradle
|
8
10
|
class FileParser
|
9
11
|
class PropertyValueFinder
|
12
|
+
extend T::Sig
|
13
|
+
|
10
14
|
# rubocop:disable Layout/LineLength
|
11
15
|
SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
|
12
16
|
|
@@ -129,8 +133,8 @@ module Dependabot
|
|
129
133
|
|
130
134
|
prepared_content(buildfile).scan(SINGLE_PROPERTY_DECLARATION_REGEX) do
|
131
135
|
declaration_string = Regexp.last_match.to_s.strip
|
132
|
-
captures = Regexp.last_match.named_captures
|
133
|
-
name = captures.fetch("name").sub(/^ext\./, "")
|
136
|
+
captures = T.must(Regexp.last_match).named_captures
|
137
|
+
name = T.must(captures.fetch("name")).sub(/^ext\./, "")
|
134
138
|
|
135
139
|
unless properties.key?(name)
|
136
140
|
properties[name] = {
|
@@ -149,13 +153,13 @@ module Dependabot
|
|
149
153
|
|
150
154
|
prepared_content(buildfile)
|
151
155
|
.scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
|
152
|
-
captures = Regexp.last_match.named_captures
|
156
|
+
captures = T.must(Regexp.last_match).named_captures
|
153
157
|
namespace = captures.fetch("namespace")
|
154
158
|
|
155
|
-
captures.fetch("values")
|
156
|
-
|
159
|
+
T.must(captures.fetch("values"))
|
160
|
+
.scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
|
157
161
|
declaration_string = Regexp.last_match.to_s.strip
|
158
|
-
sub_captures = Regexp.last_match.named_captures
|
162
|
+
sub_captures = T.must(Regexp.last_match).named_captures
|
159
163
|
name = sub_captures.fetch("name")
|
160
164
|
full_name = if namespace == "extra"
|
161
165
|
name
|
@@ -178,12 +182,12 @@ module Dependabot
|
|
178
182
|
properties = {}
|
179
183
|
|
180
184
|
prepared_content(buildfile).scan(MULTI_PROPERTY_DECLARATION_REGEX) do
|
181
|
-
captures = Regexp.last_match.named_captures
|
182
|
-
namespace = captures.fetch("namespace").sub(/^ext\./, "")
|
185
|
+
captures = T.must(Regexp.last_match).named_captures
|
186
|
+
namespace = T.must(captures.fetch("namespace")).sub(/^ext\./, "")
|
183
187
|
|
184
|
-
captures.fetch("values").scan(NAMESPACED_DECLARATION_REGEX) do
|
188
|
+
T.must(captures.fetch("values")).scan(NAMESPACED_DECLARATION_REGEX) do
|
185
189
|
declaration_string = Regexp.last_match.to_s.strip
|
186
|
-
sub_captures = Regexp.last_match.named_captures
|
190
|
+
sub_captures = T.must(Regexp.last_match).named_captures
|
187
191
|
name = sub_captures.fetch("name")
|
188
192
|
full_name = [namespace, name].join(".")
|
189
193
|
|
@@ -1,12 +1,16 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/gradle/file_parser"
|
5
7
|
|
6
8
|
module Dependabot
|
7
9
|
module Gradle
|
8
10
|
class FileParser
|
9
11
|
class RepositoriesFinder
|
12
|
+
extend T::Sig
|
13
|
+
|
10
14
|
SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
|
11
15
|
SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
|
12
16
|
|
@@ -58,14 +62,14 @@ module Dependabot
|
|
58
62
|
subproject_blocks = []
|
59
63
|
|
60
64
|
buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
|
61
|
-
mtch = Regexp.last_match
|
65
|
+
mtch = T.must(Regexp.last_match)
|
62
66
|
subproject_blocks <<
|
63
67
|
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
64
68
|
end
|
65
69
|
|
66
70
|
if top_level_buildfile != target_dependency_file
|
67
71
|
buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
|
68
|
-
mtch = Regexp.last_match
|
72
|
+
mtch = T.must(Regexp.last_match)
|
69
73
|
subproject_blocks <<
|
70
74
|
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
71
75
|
end
|
@@ -82,7 +86,7 @@ module Dependabot
|
|
82
86
|
own_buildfile_urls = []
|
83
87
|
|
84
88
|
subproject_buildfile_content = buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
|
85
|
-
mtch = Regexp.last_match
|
89
|
+
mtch = T.must(Regexp.last_match)
|
86
90
|
buildfile_content.gsub(
|
87
91
|
mtch.post_match[0..closing_bracket_index(mtch.post_match)],
|
88
92
|
""
|
@@ -101,7 +105,7 @@ module Dependabot
|
|
101
105
|
dependency_resolution_management_repositories = []
|
102
106
|
|
103
107
|
settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
|
104
|
-
mtch = Regexp.last_match
|
108
|
+
mtch = T.must(Regexp.last_match)
|
105
109
|
dependency_resolution_management_repositories <<
|
106
110
|
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
107
111
|
end
|
@@ -114,7 +118,7 @@ module Dependabot
|
|
114
118
|
|
115
119
|
repository_blocks = []
|
116
120
|
buildfile_content.scan(REPOSITORIES_BLOCK_START) do
|
117
|
-
mtch = Regexp.last_match
|
121
|
+
mtch = T.must(Regexp.last_match)
|
118
122
|
repository_blocks <<
|
119
123
|
mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
120
124
|
end
|
@@ -129,7 +133,7 @@ module Dependabot
|
|
129
133
|
repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
|
130
134
|
|
131
135
|
block.scan(MAVEN_REPO_REGEX) do
|
132
|
-
repository_urls << Regexp.last_match.named_captures.fetch("url")
|
136
|
+
repository_urls << T.must(Regexp.last_match).named_captures.fetch("url")
|
133
137
|
end
|
134
138
|
end
|
135
139
|
|
@@ -1,6 +1,7 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "toml-rb"
|
5
6
|
|
6
7
|
require "dependabot/dependency"
|
@@ -18,6 +19,8 @@ require "dependabot/gradle/version"
|
|
18
19
|
module Dependabot
|
19
20
|
module Gradle
|
20
21
|
class FileParser < Dependabot::FileParsers::Base
|
22
|
+
extend T::Sig
|
23
|
+
|
21
24
|
require "dependabot/file_parsers/base/dependency_set"
|
22
25
|
require_relative "file_parser/property_value_finder"
|
23
26
|
|
@@ -148,10 +151,10 @@ module Dependabot
|
|
148
151
|
dependency_set = DependencySet.new
|
149
152
|
|
150
153
|
prepared_content(buildfile).scan(DEPENDENCY_DECLARATION_REGEX) do
|
151
|
-
declaration = Regexp.last_match.named_captures.fetch("declaration")
|
154
|
+
declaration = T.must(Regexp.last_match).named_captures.fetch("declaration")
|
152
155
|
|
153
|
-
group, name, version = declaration.split(":")
|
154
|
-
version, _packaging_type = version.split("@")
|
156
|
+
group, name, version = T.must(declaration).split(":")
|
157
|
+
version, _packaging_type = T.must(version).split("@")
|
155
158
|
details = { group: group, name: name, version: version }
|
156
159
|
|
157
160
|
dep = dependency_from(details_hash: details, buildfile: buildfile)
|
@@ -185,7 +188,7 @@ module Dependabot
|
|
185
188
|
dependency_set_blocks = []
|
186
189
|
|
187
190
|
prepared_content(buildfile).scan(DEPENDENCY_SET_DECLARATION_REGEX) do
|
188
|
-
mch = Regexp.last_match
|
191
|
+
mch = T.must(Regexp.last_match)
|
189
192
|
dependency_set_blocks <<
|
190
193
|
{
|
191
194
|
arguments: mch.named_captures.fetch("arguments"),
|
@@ -218,7 +221,7 @@ module Dependabot
|
|
218
221
|
plugin_blocks = []
|
219
222
|
|
220
223
|
prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
|
221
|
-
mch = Regexp.last_match
|
224
|
+
mch = T.must(Regexp.last_match)
|
222
225
|
plugin_blocks <<
|
223
226
|
mch.post_match[0..closing_bracket_index(mch.post_match)]
|
224
227
|
end
|
@@ -355,7 +358,7 @@ module Dependabot
|
|
355
358
|
# Remove the dependencyVerification section added by Gradle Witness
|
356
359
|
# (TODO: Support updating this in the FileUpdater)
|
357
360
|
prepared_content.dup.scan(/dependencyVerification\s*{/) do
|
358
|
-
mtch = Regexp.last_match
|
361
|
+
mtch = T.must(Regexp.last_match)
|
359
362
|
block = mtch.post_match[0..closing_bracket_index(mtch.post_match)]
|
360
363
|
prepared_content.gsub!(block, "")
|
361
364
|
end
|
@@ -1,6 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
5
|
+
|
4
6
|
require "dependabot/file_updaters"
|
5
7
|
require "dependabot/file_updaters/base"
|
6
8
|
require "dependabot/gradle/file_parser"
|
@@ -8,6 +10,8 @@ require "dependabot/gradle/file_parser"
|
|
8
10
|
module Dependabot
|
9
11
|
module Gradle
|
10
12
|
class FileUpdater < Dependabot::FileUpdaters::Base
|
13
|
+
extend T::Sig
|
14
|
+
|
11
15
|
require_relative "file_updater/dependency_set_updater"
|
12
16
|
require_relative "file_updater/property_value_updater"
|
13
17
|
|
@@ -159,7 +163,7 @@ module Dependabot
|
|
159
163
|
result = string.dup
|
160
164
|
|
161
165
|
string.scan(Gradle::FileParser::PROPERTY_REGEX) do
|
162
|
-
prop_name = Regexp.last_match.named_captures.fetch("property_name")
|
166
|
+
prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
|
163
167
|
property_value = property_value_finder.property_value(
|
164
168
|
property_name: prop_name,
|
165
169
|
callsite_buildfile: buildfile
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-gradle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.261.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.261.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.261.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: dependabot-maven
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.
|
33
|
+
version: 0.261.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.
|
40
|
+
version: 0.261.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: debug
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -277,7 +277,7 @@ licenses:
|
|
277
277
|
- MIT
|
278
278
|
metadata:
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
|
281
281
|
post_install_message:
|
282
282
|
rdoc_options: []
|
283
283
|
require_paths:
|