dependabot-gradle 0.263.0 → 0.265.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_fetcher.rb +39 -8
  3. data/lib/dependabot/gradle/file_updater.rb +7 -1
  4. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 24cb48fee1554bb80686222457a3ac875711f7aa66d301fe5df8cbac7dd391b2
4
- data.tar.gz: 6ca760eaefb642e424de330300dc9df7822d5c582c114807e5c14b0497acb60e
3
+ metadata.gz: d0fc61d351f3a8383749a79c08ee71678d78442ff7edb3538ccfd2ad15ca414b
4
+ data.tar.gz: ff7f1194ffbf904f20529dcc0498536bc0dd848a3fd21c1e3c04996ff8780f82
5
5
  SHA512:
6
- metadata.gz: 9f461e1de8da682cdf99c4750e8f04022486d70a54eca1526ee3ef70e2a95939e7099fca0ffba60e533148345dd1a0277c6ea54566fc05bfaff73d75f238a4f5
7
- data.tar.gz: a92c58501204b577f31be4570170a4fc078495abb9c779b792c9d36529fecbf2e8067b9c49956a6de9071e1235bf69d85723568ee06a7169487083d9a821772e
6
+ metadata.gz: f2206ad2b7353fb69259091341093c06139ba98f760ad90356d128ffabe06ebde7dbd35c9d303305df91ce737563585045423efb34d84f060cc0303cbec530df
7
+ data.tar.gz: e97691808b349179c8a3ff8f39c574904ee39f24cbed749cf5f5f064b26fccf76c1ba667d23a2a6fd9a1a21bd5b892b277a6ebab66b57bc273878cf9f18faff0
data/lib/dependabot/gradle/file_fetcher.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -16,21 +16,39 @@ module Dependabot
16
16
  require_relative "file_fetcher/settings_file_parser"
17
17
 
18
18
  SUPPORTED_BUILD_FILE_NAMES =
19
- %w(build.gradle build.gradle.kts).freeze
19
+ T.let(%w(build.gradle build.gradle.kts).freeze, T::Array[String])
20
20
 
21
21
  SUPPORTED_SETTINGS_FILE_NAMES =
22
- %w(settings.gradle settings.gradle.kts).freeze
22
+ T.let(%w(settings.gradle settings.gradle.kts).freeze, T::Array[String])
23
23
 
24
24
  # For now Gradle only supports library .toml files in the main gradle folder
25
25
  SUPPORTED_VERSION_CATALOG_FILE_PATH =
26
- %w(/gradle/libs.versions.toml).freeze
26
+ T.let(%w(/gradle/libs.versions.toml).freeze, T::Array[String])
27
27
 
28
+ sig do
29
+ override
30
+ .params(
31
+ source: Dependabot::Source,
32
+ credentials: T::Array[Dependabot::Credential],
33
+ repo_contents_path: T.nilable(String),
34
+ options: T::Hash[String, String]
35
+ )
36
+ .void
37
+ end
38
+ def initialize(source:, credentials:, repo_contents_path: nil, options: {})
39
+ super
40
+
41
+ @buildfile_name = T.let(nil, T.nilable(String))
42
+ end
43
+
44
+ sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
28
45
  def self.required_files_in?(filenames)
29
46
  filenames.any? do |filename|
30
47
  SUPPORTED_BUILD_FILE_NAMES.any? { |supported| filename.end_with?(supported) }
31
48
  end
32
49
  end
33
50
 
51
+ sig { override.returns(String) }
34
52
  def self.required_files_message
35
53
  "Repo must contain a build.gradle / build.gradle.kts file."
36
54
  end
@@ -42,6 +60,7 @@ module Dependabot
42
60
 
43
61
  private
44
62
 
63
+ sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
45
64
  def all_buildfiles_in_build(root_dir)
46
65
  files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
47
66
  files += subproject_buildfiles(root_dir)
@@ -50,6 +69,7 @@ module Dependabot
50
69
  .flat_map { |dir| all_buildfiles_in_build(dir) }
51
70
  end
52
71
 
72
+ sig { params(root_dir: String).returns(T::Array[String]) }
53
73
  def included_builds(root_dir)
54
74
  builds = []
55
75
 
@@ -61,7 +81,7 @@ module Dependabot
61
81
  return builds unless settings_file(root_dir)
62
82
 
63
83
  builds += SettingsFileParser
64
- .new(settings_file: settings_file(root_dir))
84
+ .new(settings_file: T.must(settings_file(root_dir)))
65
85
  .included_build_paths
66
86
  .map { |p| clean_join([root_dir, p]) }
67
87
 
@@ -73,17 +93,19 @@ module Dependabot
73
93
  Pathname.new(File.join(parts)).cleanpath.to_path
74
94
  end
75
95
 
96
+ sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
76
97
  def subproject_buildfiles(root_dir)
77
98
  return [] unless settings_file(root_dir)
78
99
 
79
100
  subproject_paths =
80
101
  SettingsFileParser
81
- .new(settings_file: settings_file(root_dir))
102
+ .new(settings_file: T.must(settings_file(root_dir)))
82
103
  .subproject_paths
83
104
 
84
105
  subproject_paths.filter_map do |path|
85
106
  if @buildfile_name
86
- fetch_file_from_host(File.join(root_dir, path, @buildfile_name))
107
+ buildfile_path = File.join(root_dir, path, @buildfile_name)
108
+ fetch_file_from_host(buildfile_path)
87
109
  else
88
110
  buildfile(File.join(root_dir, path))
89
111
  end
@@ -93,6 +115,7 @@ module Dependabot
93
115
  end
94
116
  end
95
117
 
118
+ sig { params(root_dir: String).returns(T.nilable(DependencyFile)) }
96
119
  def version_catalog_file(root_dir)
97
120
  return nil unless root_dir == "."
98
121
 
@@ -100,6 +123,7 @@ module Dependabot
100
123
  end
101
124
 
102
125
  # rubocop:disable Metrics/PerceivedComplexity
126
+ sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
103
127
  def dependency_script_plugins(root_dir)
104
128
  return [] unless buildfile(root_dir)
105
129
 
@@ -123,6 +147,7 @@ module Dependabot
123
147
  end
124
148
  # rubocop:enable Metrics/PerceivedComplexity
125
149
 
150
+ sig { params(path: T.any(Pathname, String)).returns(T::Boolean) }
126
151
  def file_exists_in_submodule?(path)
127
152
  fetch_file_from_host(path, fetch_submodules: true)
128
153
  true
@@ -130,20 +155,24 @@ module Dependabot
130
155
  false
131
156
  end
132
157
 
158
+ sig { params(dir: String).returns(T.nilable(DependencyFile)) }
133
159
  def buildfile(dir)
134
160
  file = find_first(dir, SUPPORTED_BUILD_FILE_NAMES) || return
135
161
  @buildfile_name ||= File.basename(file.name)
136
162
  file
137
163
  end
138
164
 
165
+ sig { params(dir: String).returns(T.nilable(DependencyFile)) }
139
166
  def gradle_toml_file(dir)
140
167
  find_first(dir, SUPPORTED_VERSION_CATALOG_FILE_PATH)
141
168
  end
142
169
 
170
+ sig { params(dir: String).returns(T.nilable(DependencyFile)) }
143
171
  def settings_file(dir)
144
172
  find_first(dir, SUPPORTED_SETTINGS_FILE_NAMES)
145
173
  end
146
174
 
175
+ sig { params(dir: String, supported_names: T::Array[String]).returns(T.nilable(DependencyFile)) }
147
176
  def find_first(dir, supported_names)
148
177
  paths = supported_names
149
178
  .map { |name| clean_join([dir, name]) }
@@ -153,10 +182,12 @@ module Dependabot
153
182
  fetch_first_if_present(paths)
154
183
  end
155
184
 
185
+ sig { returns(T::Hash[String, DependencyFile]) }
156
186
  def cached_files
157
- @cached_files ||= {}
187
+ @cached_files ||= T.let({}, T.nilable(T::Hash[String, DependencyFile]))
158
188
  end
159
189
 
190
+ sig { params(paths: T::Array[String]).returns(T.nilable(DependencyFile)) }
160
191
  def fetch_first_if_present(paths)
161
192
  paths.each do |path|
162
193
  file = fetch_file_if_present(path) || next
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -56,7 +56,6 @@ module Dependabot
56
56
 
57
57
  def update_buildfiles_for_dependency(buildfiles:, dependency:)
58
58
  files = buildfiles.dup
59
-
60
59
  # The UpdateChecker ensures the order of requirements is preserved
61
60
  # when updating, so we can zip them together in new/old pairs.
62
61
  reqs = dependency.requirements.zip(dependency.previous_requirements)
@@ -69,6 +68,13 @@ module Dependabot
69
68
 
70
69
  buildfile = files.find { |f| f.name == new_req.fetch(:file) }
71
70
 
71
+ # Exception raised to handle issue that arises when buildfiles function (see this file)
72
+ # removes the build file that contains the dependency itself. So no build file exists to
73
+ # update dependency, This behaviour is evident for extremely small number of users
74
+ # that have added separate repos as sub-modules in parent projects
75
+
76
+ raise DependencyFileNotResolvable, "No build file found to update the dependency" if buildfile.nil?
77
+
72
78
  if new_req.dig(:metadata, :property_name)
73
79
  files = update_files_for_property_change(files, old_req, new_req)
74
80
  elsif new_req.dig(:metadata, :dependency_set)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.263.0
4
+ version: 0.265.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-27 00:00:00.000000000 Z
11
+ date: 2024-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.263.0
19
+ version: 0.265.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.263.0
26
+ version: 0.265.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.263.0
33
+ version: 0.265.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.263.0
40
+ version: 0.265.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.263.0
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
281
281
  post_install_message:
282
282
  rdoc_options: []
283
283
  require_paths: