dependabot-gradle 0.265.0 → 0.267.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_updater.rb +7 -4
  3. data/lib/dependabot/gradle/version.rb +1 -1
  4. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d0fc61d351f3a8383749a79c08ee71678d78442ff7edb3538ccfd2ad15ca414b
4
- data.tar.gz: ff7f1194ffbf904f20529dcc0498536bc0dd848a3fd21c1e3c04996ff8780f82
3
+ metadata.gz: 1346290099592256e39b2cd611ff649d841ab10f04d5bf88576591f7f7f4bab2
4
+ data.tar.gz: e7ad97b5780c7541240916df2bb08fbf14f2b569f3ee628d0fd6231da196ff8b
5
5
  SHA512:
6
- metadata.gz: f2206ad2b7353fb69259091341093c06139ba98f760ad90356d128ffabe06ebde7dbd35c9d303305df91ce737563585045423efb34d84f060cc0303cbec530df
7
- data.tar.gz: e97691808b349179c8a3ff8f39c574904ee39f24cbed749cf5f5f064b26fccf76c1ba667d23a2a6fd9a1a21bd5b892b277a6ebab66b57bc273878cf9f18faff0
6
+ metadata.gz: 32634209817fda63e8a8b7f39addf4878146a5bc1ec0536ade28156f797b307ad4d0aacd6ac5a92e4c9614116c6beaea6d983dbb73b354c4a60917810bd945b8
7
+ data.tar.gz: a93fe84388d96ef9947892098de97cfc55a77af55bcf9391d1ac580b348370b29ce97e7e3ea28273f0dd8c38668a5c58a04f7aec384858d85de428e17483afd3
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -56,6 +56,7 @@ module Dependabot
56
56
 
57
57
  def update_buildfiles_for_dependency(buildfiles:, dependency:)
58
58
  files = buildfiles.dup
59
+
59
60
  # The UpdateChecker ensures the order of requirements is preserved
60
61
  # when updating, so we can zip them together in new/old pairs.
61
62
  reqs = dependency.requirements.zip(dependency.previous_requirements)
@@ -68,10 +69,12 @@ module Dependabot
68
69
 
69
70
  buildfile = files.find { |f| f.name == new_req.fetch(:file) }
70
71
 
71
- # Exception raised to handle issue that arises when buildfiles function (see this file)
72
- # removes the build file that contains the dependency itself. So no build file exists to
73
- # update dependency, This behaviour is evident for extremely small number of users
74
- # that have added separate repos as sub-modules in parent projects
72
+ # Currently, Dependabot assumes that Gradle projects using Gradle submodules are all in a single
73
+ # repo. However, some projects are actually using git submodule references for the Gradle submodules.
74
+ # When this happens, Dependabot's FileFetcher thinks the Gradle submodules are eligible for update,
75
+ # but then the FileUpdater filters out the git submodule reference from the build file. So we end up
76
+ # with no relevant build file, leaving us with no way to update that dependency.
77
+ # TODO: Figure out a way to actually navigate this rather than throwing an exception.
75
78
 
76
79
  raise DependencyFileNotResolvable, "No build file found to update the dependency" if buildfile.nil?
77
80
 
data/lib/dependabot/gradle/version.rb CHANGED
@@ -22,7 +22,7 @@ module Dependabot
22
22
  "a" => 1, "alpha" => 1,
23
23
  "b" => 2, "beta" => 2,
24
24
  "m" => 3, "milestone" => 3,
25
- "rc" => 4, "cr" => 4, "pr" => 4,
25
+ "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
26
26
  "snapshot" => 5, "dev" => 5,
27
27
  "ga" => 6, "" => 6, "final" => 6,
28
28
  "sp" => 7
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.265.0
4
+ version: 0.267.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-11 00:00:00.000000000 Z
11
+ date: 2024-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.265.0
19
+ version: 0.267.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.265.0
26
+ version: 0.267.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.265.0
33
+ version: 0.267.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.265.0
40
+ version: 0.267.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.63.2
131
+ version: 1.65.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.63.2
138
+ version: 1.65.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rubocop-performance
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
281
281
  post_install_message:
282
282
  rdoc_options: []
283
283
  require_paths: