dependabot-gradle 0.317.0 → 0.318.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: acefd7f8494da6724543be0a5dbb4626ce68db9ced94cc52edf1c68afee82aef
-  data.tar.gz: d06d70680f12ece53e92c3734f9323147652e76aea7d9b069fd39e47a55153eb
+  metadata.gz: 4268f828f36a83767b3cef6b863677885bc0f75cedf46bed022dc6e2245f3156
+  data.tar.gz: 7334fea2720015456d756a60c58baf745092f818b4186a4cd605d9010f627910
 SHA512:
-  metadata.gz: c9bf3b966a9fd7d9ad65b7ad0feb5a43d6eae5bd0600a17c38f30ceaf6f67b308b6d073c5540cfbb90bb93d1cc954b6790cd81e49caa393aa8b2bcb86da4cc6b
-  data.tar.gz: 8fdd869384b907d818771a579b15a0930db1007ca9f9c967546603639ff3cad00af5781082ef7bd2852ff945d062b48ca03e71eaf8f52f58333948bc9d06d449
+  metadata.gz: 03d47d0033440eaf928d36dd13928a5daedea639034e4d9a07b8daa3d9a9da8a98b17925e2a8db02cee8edd826b6c3678b738c452a2ba173dee57a9d9c42ecbb
+  data.tar.gz: 6980420566a75d5dbc813d9026fecfd36ec238757e7264f002dbfc03c6a47fed05af8e4ab1f06ee388a9c1157afe8b740aea8a33590792214649aef271c60ca5

data/lib/dependabot/gradle/file_fetcher.rb

@@ -15,6 +15,8 @@ module Dependabot
       require_relative "file_parser"
       require_relative "file_fetcher/settings_file_parser"
 
+      SUPPORTED_LOCK_FILE_NAMES = T.let(%w(gradle.lockfile).freeze, T::Array[String])
+
       SUPPORTED_BUILD_FILE_NAMES =
         T.let(%w(build.gradle build.gradle.kts).freeze, T::Array[String])
 
@@ -38,6 +40,7 @@ module Dependabot
       def initialize(source:, credentials:, repo_contents_path: nil, options: {})
         super
 
+        @lockfile_name = T.let(T.must(SUPPORTED_LOCK_FILE_NAMES.first), String)
         @buildfile_name = T.let(nil, T.nilable(String))
       end
 
@@ -62,8 +65,10 @@ module Dependabot
 
       sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
       def all_buildfiles_in_build(root_dir)
-        files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir)].compact
+        files = [buildfile(root_dir), settings_file(root_dir), version_catalog_file(root_dir), lockfile(root_dir)]
+                .compact
         files += subproject_buildfiles(root_dir)
+        files += subproject_lockfiles(root_dir)
         files += dependency_script_plugins(root_dir)
         files + included_builds(root_dir)
                 .flat_map { |dir| all_buildfiles_in_build(dir) }
@@ -93,6 +98,24 @@ module Dependabot
         Pathname.new(File.join(parts)).cleanpath.to_path
       end
 
+      sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
+      def subproject_lockfiles(root_dir)
+        return [] unless settings_file(root_dir)
+
+        subproject_paths =
+          SettingsFileParser
+          .new(settings_file: T.must(settings_file(root_dir)))
+          .subproject_paths
+
+        subproject_paths.filter_map do |path|
+          lockfile_path = File.join(root_dir, path, @lockfile_name)
+          fetch_file_from_host(lockfile_path)
+        rescue Dependabot::DependencyFileNotFound
+          # Gradle itself doesn't worry about missing subprojects, so we don't
+          nil
+        end
+      end
+
       sig { params(root_dir: String).returns(T::Array[DependencyFile]) }
       def subproject_buildfiles(root_dir)
         return [] unless settings_file(root_dir)
@@ -155,6 +178,11 @@ module Dependabot
         false
       end
 
+      sig { params(dir: String).returns(T.nilable(DependencyFile)) }
+      def lockfile(dir)
+        fetch_file_if_present(File.join(dir, @lockfile_name))
+      end
+
       sig { params(dir: String).returns(T.nilable(DependencyFile)) }
       def buildfile(dir)
         file = find_first(dir, SUPPORTED_BUILD_FILE_NAMES) || return

data/lib/dependabot/gradle/file_updater/lockfile_updater.rb

@@ -0,0 +1,110 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "shellwords"
+
+require "dependabot/gradle/file_parser"
+require "dependabot/gradle/file_updater"
+
+module Dependabot
+  module Gradle
+    class FileUpdater
+      class LockfileUpdater
+        extend T::Sig
+
+        sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
+        def initialize(dependency_files:)
+          @dependency_files = dependency_files
+        end
+
+        sig { params(build_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
+        def update_lockfiles(build_file)
+          local_lockfiles = dependency_files.select do |file|
+            file.directory == build_file.directory && file.name.end_with?(".lockfile")
+          end
+
+          # If we don't have any lockfiles in the build files don't generate one
+          return dependency_files unless local_lockfiles.any?
+
+          updated_files = dependency_files.dup
+          SharedHelpers.in_a_temporary_directory do |temp_dir|
+            populate_temp_directory(temp_dir)
+            cwd = File.join(temp_dir, build_file.directory, build_file.name)
+            cwd = File.dirname(cwd)
+
+            # Create gradle.properties file with proxy settings
+            # Would prefer to use command line arguments, but they don't work.
+            properties_filename = File.join(temp_dir, build_file.directory, "gradle.properties")
+            write_properties_file(properties_filename)
+
+            command_parts = [
+              "gradle",
+              "dependencies",
+              "--no-daemon",
+              "--write-locks"
+            ]
+            command = Shellwords.join(command_parts)
+
+            Dir.chdir(cwd) do
+              SharedHelpers.run_shell_command(command, cwd: cwd)
+              update_lockfiles_content(temp_dir, local_lockfiles, updated_files)
+            rescue SharedHelpers::HelperSubprocessFailed => e
+              puts "Failed to update lockfiles: #{e.message}"
+              return updated_files
+            end
+          end
+          updated_files
+        end
+
+        sig do
+          params(
+            temp_dir: T.any(Pathname, String),
+            local_lockfiles: T::Array[Dependabot::DependencyFile],
+            updated_lockfiles: T::Array[Dependabot::DependencyFile]
+          ).void
+        end
+        def update_lockfiles_content(temp_dir, local_lockfiles, updated_lockfiles)
+          local_lockfiles.each do |file|
+            f_content = File.read(File.join(temp_dir, file.directory, file.name))
+            tmp_file = file.dup
+            tmp_file.content = f_content
+            updated_lockfiles[T.must(updated_lockfiles.index(file))] = tmp_file
+          end
+        end
+
+        sig { params(temp_dir: T.any(Pathname, String)).void }
+        def populate_temp_directory(temp_dir)
+          @dependency_files.each do |file|
+            in_path_name = File.join(temp_dir, file.directory, file.name)
+            FileUtils.mkdir_p(File.dirname(in_path_name))
+            File.write(in_path_name, file.content)
+          end
+        end
+
+        sig { params(file_name: String).void }
+        def write_properties_file(file_name) # rubocop:disable Metrics/PerceivedComplexity
+          http_proxy = ENV.fetch("HTTP_PROXY", nil)
+          https_proxy = ENV.fetch("HTTPS_PROXY", nil)
+          http_split = http_proxy&.split(":")
+          https_split = https_proxy&.split(":")
+          http_proxy_host = http_split&.fetch(1, nil)&.gsub("//", "") || "host.docker.internal"
+          https_proxy_host = https_split&.fetch(1, nil)&.gsub("//", "") || "host.docker.internal"
+          http_proxy_port = http_split&.fetch(2) || "1080"
+          https_proxy_port = https_split&.fetch(2) || "1080"
+          properties_content = "
+systemProp.http.proxyHost=#{http_proxy_host}
+systemProp.http.proxyPort=#{http_proxy_port}
+systemProp.https.proxyHost=#{https_proxy_host}
+systemProp.https.proxyPort=#{https_proxy_port}"
+          File.write(file_name, properties_content)
+        end
+
+        private
+
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
+        attr_reader :dependency_files
+      end
+    end
+  end
+end

data/lib/dependabot/gradle/file_updater/property_value_updater.rb

@@ -1,6 +1,8 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 require "dependabot/gradle/file_updater"
 require "dependabot/gradle/file_parser/property_value_finder"
 
@@ -8,23 +10,39 @@ module Dependabot
   module Gradle
     class FileUpdater
       class PropertyValueUpdater
+        extend T::Sig
+
+        sig { params(dependency_files: T::Array[DependencyFile]).void }
         def initialize(dependency_files:)
           @dependency_files = dependency_files
+          @property_value_finder = T.let(nil, T.nilable(Gradle::FileParser::PropertyValueFinder))
         end
 
+        sig do
+          params(
+            property_name: String,
+            callsite_buildfile: DependencyFile,
+            previous_value: String,
+            updated_value: String
+          )
+            .returns(T::Array[DependencyFile])
+        end
         def update_files_for_property_change(property_name:,
                                              callsite_buildfile:,
                                              previous_value:,
                                              updated_value:)
-          declaration_details = property_value_finder.property_details(
-            property_name: property_name,
-            callsite_buildfile: callsite_buildfile
+          declaration_details = T.let(
+            property_value_finder.property_details(
+              property_name: property_name,
+              callsite_buildfile: callsite_buildfile
+            ),
+            T::Hash[Symbol, String]
           )
           declaration_string = declaration_details.fetch(:declaration_string)
           filename = declaration_details.fetch(:file)
 
-          file_to_update = dependency_files.find { |f| f.name == filename }
-          updated_content = file_to_update.content.sub(
+          file_to_update = T.must(dependency_files.find { |f| f.name == filename })
+          updated_content = T.must(file_to_update.content).sub(
             declaration_string,
             declaration_string.sub(
               previous_value_regex(previous_value),
@@ -33,7 +51,7 @@ module Dependabot
           )
 
           updated_files = dependency_files.dup
-          updated_files[updated_files.index(file_to_update)] =
+          updated_files[T.must(updated_files.index(file_to_update))] =
             update_file(file: file_to_update, content: updated_content)
 
           updated_files
@@ -41,20 +59,24 @@ module Dependabot
 
         private
 
+        sig { returns(T::Array[DependencyFile]) }
         attr_reader :dependency_files
 
+        sig { returns(Gradle::FileParser::PropertyValueFinder) }
         def property_value_finder
           @property_value_finder ||=
             Gradle::FileParser::PropertyValueFinder
             .new(dependency_files: dependency_files)
         end
 
+        sig { params(file: DependencyFile, content: String).returns(DependencyFile) }
         def update_file(file:, content:)
           updated_file = file.dup
           updated_file.content = content
           updated_file
         end
 
+        sig { params(previous_value: String).returns(Regexp) }
         def previous_value_regex(previous_value)
           /(?<=['"])#{Regexp.quote(previous_value)}(?=['"])/
         end

data/lib/dependabot/gradle/file_updater.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 
 require "sorbet-runtime"
@@ -14,9 +14,11 @@ module Dependabot
 
       require_relative "file_updater/dependency_set_updater"
       require_relative "file_updater/property_value_updater"
+      require_relative "file_updater/lockfile_updater"
 
-      SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
+      SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts gradle.lockfile).freeze
 
+      sig { override.returns(T::Array[Regexp]) }
       def self.updated_files_regex
         [
           # Matches build.gradle or build.gradle.kts in root directory
@@ -26,10 +28,12 @@ module Dependabot
           # Matches settings.gradle or settings.gradle.kts in root or any subdirectory
           %r{(^|.*/)settings\.gradle(\.kts)?$},
           # Matches dependencies.gradle in root or any subdirectory
-          %r{(^|.*/)dependencies\.gradle$}
+          %r{(^|.*/)dependencies\.gradle$},
+          %r{(^|.*/)?gradle.lockfile$}
         ]
       end
 
+      sig { override.returns(T::Array[::Dependabot::DependencyFile]) }
       def updated_dependency_files
         updated_files = buildfiles.dup
 
@@ -53,30 +57,38 @@ module Dependabot
 
       private
 
+      sig { override.void }
       def check_required_files
         raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
+      sig { void }
       def original_file
         dependency_files.find do |f|
           SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
         end
       end
 
+      # rubocop:disable Metrics/AbcSize
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+      sig do
+        params(buildfiles: T::Array[Dependabot::DependencyFile], dependency: Dependabot::Dependency)
+          .returns(T::Array[Dependabot::DependencyFile])
+      end
       def update_buildfiles_for_dependency(buildfiles:, dependency:)
         files = buildfiles.dup
 
         # The UpdateChecker ensures the order of requirements is preserved
         # when updating, so we can zip them together in new/old pairs.
-        reqs = dependency.requirements.zip(dependency.previous_requirements)
+        reqs = dependency.requirements.zip(T.must(dependency.previous_requirements))
                          .reject { |new_req, old_req| new_req == old_req }
-
         # Loop through each changed requirement and update the buildfiles
         reqs.each do |new_req, old_req|
-          raise "Bad req match" unless new_req[:file] == old_req[:file]
-          next if new_req[:requirement] == old_req[:requirement]
+          raise "Bad req match" if old_req.nil? || T.let(new_req[:file], String) != T.let(old_req[:file], String)
+          next if T.let(new_req[:requirement], String) == T.let(old_req[:requirement], String)
 
-          buildfile = files.find { |f| f.name == new_req.fetch(:file) }
+          buildfile = files.find { |f| f.name == T.let(new_req.fetch(:file), String) }
 
           # Currently, Dependabot assumes that Gradle projects using Gradle submodules are all in a single
           # repo. However, some projects are actually using git submodule references for the Gradle submodules.
@@ -87,65 +99,100 @@ module Dependabot
 
           raise DependencyFileNotResolvable, "No build file found to update the dependency" if buildfile.nil?
 
-          if new_req.dig(:metadata, :property_name)
+          metadata = T.let(new_req[:metadata], T.nilable(T::Hash[Symbol, T.untyped]))
+          if T.let(metadata&.[](:property_name), T.nilable(String))
             files = update_files_for_property_change(files, old_req, new_req)
-          elsif new_req.dig(:metadata, :dependency_set)
+          elsif T.let(metadata&.[](:dependency_set), T.nilable(T::Hash[Symbol, String]))
             files = update_files_for_dep_set_change(files, old_req, new_req)
           else
-            files[files.index(buildfile)] =
-              update_version_in_buildfile(
-                dependency,
-                buildfile,
-                old_req,
-                new_req
-              )
+            files[T.must(files.index(buildfile))] = update_version_in_buildfile(dependency, buildfile, old_req, new_req)
+          end
+
+          next unless Dependabot::Experiments.enabled?(:gradle_lockfile_updater)
+
+          lockfile_updater = LockfileUpdater.new(dependency_files: files)
+          lockfiles = lockfile_updater.update_lockfiles(buildfile)
+          lockfiles.each do |lockfile|
+            existing_file = files.find { |f| f.name == lockfile.name && f.directory == lockfile.directory }
+            if existing_file.nil?
+              files << lockfile
+            else
+              files[T.must(files.index(existing_file))] = lockfile
+            end
           end
         end
 
         files
       end
-
+      # rubocop:enable Metrics/PerceivedComplexity
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/AbcSize
+
+      sig do
+        params(
+          buildfiles: T::Array[Dependabot::DependencyFile],
+          old_req: T::Hash[Symbol, T.untyped],
+          new_req: T::Hash[Symbol, T.untyped]
+        )
+          .returns(T::Array[Dependabot::DependencyFile])
+      end
       def update_files_for_property_change(buildfiles, old_req, new_req)
         files = buildfiles.dup
-        property_name = new_req.fetch(:metadata).fetch(:property_name)
-        buildfile = files.find { |f| f.name == new_req.fetch(:file) }
+        metadata = T.let(new_req.fetch(:metadata), T::Hash[Symbol, T.untyped])
+        property_name = T.let(metadata.fetch(:property_name), String)
+        file = T.let(new_req.fetch(:file), String)
+        buildfile = T.must(files.find { |f| f.name == file })
 
         PropertyValueUpdater.new(dependency_files: files)
                             .update_files_for_property_change(
                               property_name: property_name,
                               callsite_buildfile: buildfile,
-                              previous_value: old_req.fetch(:requirement),
-                              updated_value: new_req.fetch(:requirement)
+                              previous_value: T.let(old_req.fetch(:requirement), String),
+                              updated_value: T.let(new_req.fetch(:requirement), String)
                             )
       end
 
+      sig do
+        params(
+          buildfiles: T::Array[Dependabot::DependencyFile],
+          old_req: T::Hash[Symbol, T.untyped],
+          new_req: T::Hash[Symbol, T.untyped]
+        )
+          .returns(T::Array[Dependabot::DependencyFile])
+      end
       def update_files_for_dep_set_change(buildfiles, old_req, new_req)
         files = buildfiles.dup
-        dependency_set = new_req.fetch(:metadata).fetch(:dependency_set)
-        buildfile = files.find { |f| f.name == new_req.fetch(:file) }
+        metadata = T.let(new_req.fetch(:metadata), T::Hash[Symbol, T.untyped])
+        dependency_set = T.let(metadata.fetch(:dependency_set), T::Hash[Symbol, String])
+        buildfile = T.must(files.find { |f| f.name == T.let(new_req.fetch(:file), String) })
 
         DependencySetUpdater.new(dependency_files: files)
                             .update_files_for_dep_set_change(
                               dependency_set: dependency_set,
                               buildfile: buildfile,
-                              previous_requirement: old_req.fetch(:requirement),
-                              updated_requirement: new_req.fetch(:requirement)
+                              previous_requirement: T.let(old_req.fetch(:requirement), String),
+                              updated_requirement: T.let(new_req.fetch(:requirement), String)
                             )
       end
 
+      sig do
+        params(
+          dependency: Dependabot::Dependency,
+          buildfile: Dependabot::DependencyFile,
+          previous_req: T::Hash[Symbol, T.untyped],
+          requirement: T::Hash[Symbol, T.untyped]
+        )
+          .returns(Dependabot::DependencyFile)
+      end
       def update_version_in_buildfile(dependency, buildfile, previous_req,
                                       requirement)
-        original_content = buildfile.content.dup
+        original_content = T.must(buildfile.content.dup)
 
         updated_content =
           original_buildfile_declarations(dependency, previous_req).reduce(original_content) do |content, declaration|
             content.gsub(
               declaration,
-              updated_buildfile_declaration(
-                declaration,
-                previous_req,
-                requirement
-              )
+              updated_buildfile_declaration(declaration, previous_req, requirement)
             )
           end
 
@@ -154,18 +201,26 @@ module Dependabot
         updated_file(file: buildfile, content: updated_content)
       end
 
+      # rubocop:disable Metrics/AbcSize
+      sig do
+        params(
+          dependency: Dependabot::Dependency,
+          requirement: T::Hash[Symbol, T.untyped]
+        ).returns(T::Array[String])
+      end
       def original_buildfile_declarations(dependency, requirement)
         # This implementation is limited to declarations that appear on a
         # single line.
-        buildfile = buildfiles.find { |f| f.name == requirement.fetch(:file) }
-        buildfile.content.lines.select do |line|
+        buildfile = T.must(buildfiles.find { |f| f.name == T.let(requirement.fetch(:file), String) })
+
+        T.must(buildfile.content).lines.select do |line|
           line = evaluate_properties(line, buildfile)
           line = line.gsub(%r{(?<=^|\s)//.*$}, "")
 
           if dependency.name.include?(":")
-            next false unless line.include?(dependency.name.split(":").first)
-            next false unless line.include?(dependency.name.split(":").last)
-          elsif requirement.fetch(:file).end_with?(".toml")
+            dep_parts = dependency.name.split(":")
+            next false unless line.include?(T.must(dep_parts.first)) || line.include?(T.must(dep_parts.last))
+          elsif T.let(requirement.fetch(:file), String).end_with?(".toml")
             next false unless line.include?(dependency.name)
           else
             name_regex_value = /['"]#{Regexp.quote(dependency.name)}['"]/
@@ -173,18 +228,20 @@ module Dependabot
             next false unless line.match?(name_regex)
           end
 
-          line.include?(requirement.fetch(:requirement))
+          line.include?(T.let(requirement.fetch(:requirement), String))
         end
       end
+      # rubocop:enable Metrics/AbcSize
 
+      sig { params(string: String, buildfile: Dependabot::DependencyFile).returns(String) }
       def evaluate_properties(string, buildfile)
         result = string.dup
 
         string.scan(Gradle::FileParser::PROPERTY_REGEX) do
           prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
-          property_value = property_value_finder.property_value(
-            property_name: prop_name,
-            callsite_buildfile: buildfile
+          property_value = T.let(
+            property_value_finder.property_value(property_name: prop_name, callsite_buildfile: buildfile),
+            T.nilable(String)
           )
           next unless property_value
 
@@ -194,23 +251,31 @@ module Dependabot
         result
       end
 
+      sig { returns(Gradle::FileParser::PropertyValueFinder) }
       def property_value_finder
-        @property_value_finder ||=
-          Gradle::FileParser::PropertyValueFinder
-          .new(dependency_files: dependency_files)
+        @property_value_finder ||= T.let(
+          Gradle::FileParser::PropertyValueFinder.new(dependency_files: dependency_files),
+          T.nilable(Gradle::FileParser::PropertyValueFinder)
+        )
       end
 
+      sig do
+        params(
+          original_buildfile_declaration: String,
+          previous_req: T::Hash[Symbol, T.untyped],
+          requirement: T::Hash[Symbol, T.untyped]
+        ).returns(String)
+      end
       def updated_buildfile_declaration(original_buildfile_declaration, previous_req, requirement)
-        original_req_string = previous_req.fetch(:requirement)
+        original_req_string = T.let(previous_req.fetch(:requirement), String)
+        new_req_string = T.let(requirement.fetch(:requirement), String)
 
-        original_buildfile_declaration.gsub(
-          original_req_string,
-          requirement.fetch(:requirement)
-        )
+        original_buildfile_declaration.gsub(original_req_string, new_req_string)
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def buildfiles
-        @buildfiles ||= dependency_files.reject(&:support_file?)
+        @buildfiles ||= T.let(dependency_files.reject(&:support_file?), T.nilable(T::Array[Dependabot::DependencyFile]))
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.317.0
+  version: 0.318.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -263,6 +263,7 @@ files:
 - lib/dependabot/gradle/file_parser/repositories_finder.rb
 - lib/dependabot/gradle/file_updater.rb
 - lib/dependabot/gradle/file_updater/dependency_set_updater.rb
+- lib/dependabot/gradle/file_updater/lockfile_updater.rb
 - lib/dependabot/gradle/file_updater/property_value_updater.rb
 - lib/dependabot/gradle/language.rb
 - lib/dependabot/gradle/metadata_finder.rb
@@ -279,7 +280,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.317.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.318.0
 rdoc_options: []
 require_paths:
 - lib