dependabot-gradle 0.265.0 → 0.267.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_updater.rb +7 -4
  3. data/lib/dependabot/gradle/version.rb +1 -1
  4. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d0fc61d351f3a8383749a79c08ee71678d78442ff7edb3538ccfd2ad15ca414b
4
- data.tar.gz: ff7f1194ffbf904f20529dcc0498536bc0dd848a3fd21c1e3c04996ff8780f82
3
+ metadata.gz: 1346290099592256e39b2cd611ff649d841ab10f04d5bf88576591f7f7f4bab2
4
+ data.tar.gz: e7ad97b5780c7541240916df2bb08fbf14f2b569f3ee628d0fd6231da196ff8b
5
5
  SHA512:
6
- metadata.gz: f2206ad2b7353fb69259091341093c06139ba98f760ad90356d128ffabe06ebde7dbd35c9d303305df91ce737563585045423efb34d84f060cc0303cbec530df
7
- data.tar.gz: e97691808b349179c8a3ff8f39c574904ee39f24cbed749cf5f5f064b26fccf76c1ba667d23a2a6fd9a1a21bd5b892b277a6ebab66b57bc273878cf9f18faff0
6
+ metadata.gz: 32634209817fda63e8a8b7f39addf4878146a5bc1ec0536ade28156f797b307ad4d0aacd6ac5a92e4c9614116c6beaea6d983dbb73b354c4a60917810bd945b8
7
+ data.tar.gz: a93fe84388d96ef9947892098de97cfc55a77af55bcf9391d1ac580b348370b29ce97e7e3ea28273f0dd8c38668a5c58a04f7aec384858d85de428e17483afd3
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -56,6 +56,7 @@ module Dependabot
56
56
 
57
57
  def update_buildfiles_for_dependency(buildfiles:, dependency:)
58
58
  files = buildfiles.dup
59
+
59
60
  # The UpdateChecker ensures the order of requirements is preserved
60
61
  # when updating, so we can zip them together in new/old pairs.
61
62
  reqs = dependency.requirements.zip(dependency.previous_requirements)
@@ -68,10 +69,12 @@ module Dependabot
68
69
 
69
70
  buildfile = files.find { |f| f.name == new_req.fetch(:file) }
70
71
 
71
- # Exception raised to handle issue that arises when buildfiles function (see this file)
72
- # removes the build file that contains the dependency itself. So no build file exists to
73
- # update dependency, This behaviour is evident for extremely small number of users
74
- # that have added separate repos as sub-modules in parent projects
72
+ # Currently, Dependabot assumes that Gradle projects using Gradle submodules are all in a single
73
+ # repo. However, some projects are actually using git submodule references for the Gradle submodules.
74
+ # When this happens, Dependabot's FileFetcher thinks the Gradle submodules are eligible for update,
75
+ # but then the FileUpdater filters out the git submodule reference from the build file. So we end up
76
+ # with no relevant build file, leaving us with no way to update that dependency.
77
+ # TODO: Figure out a way to actually navigate this rather than throwing an exception.
75
78
 
76
79
  raise DependencyFileNotResolvable, "No build file found to update the dependency" if buildfile.nil?
77
80
 
data/lib/dependabot/gradle/version.rb CHANGED
@@ -22,7 +22,7 @@ module Dependabot
22
22
  "a" => 1, "alpha" => 1,
23
23
  "b" => 2, "beta" => 2,
24
24
  "m" => 3, "milestone" => 3,
25
- "rc" => 4, "cr" => 4, "pr" => 4,
25
+ "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
26
26
  "snapshot" => 5, "dev" => 5,
27
27
  "ga" => 6, "" => 6, "final" => 6,
28
28
  "sp" => 7
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.265.0
4
+ version: 0.267.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-11 00:00:00.000000000 Z
11
+ date: 2024-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.265.0
19
+ version: 0.267.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.265.0
26
+ version: 0.267.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.265.0
33
+ version: 0.267.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.265.0
40
+ version: 0.267.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.63.2
131
+ version: 1.65.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.63.2
138
+ version: 1.65.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rubocop-performance
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.265.0
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
281
281
  post_install_message:
282
282
  rdoc_options: []
283
283
  require_paths: