dependabot-gradle 0.319.1 → 0.320.1

data/lib/dependabot/gradle/file_parser.rb

@@ -1,10 +1,11 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "sorbet-runtime"
 require "toml-rb"
 
 require "dependabot/dependency"
+require "dependabot/ecosystem"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
 require "dependabot/shared_helpers"
@@ -20,30 +21,34 @@ require "dependabot/gradle/package_manager"
 # - https://docs.gradle.org/current/userguide/plugins.html
 module Dependabot
   module Gradle
-    class FileParser < Dependabot::FileParsers::Base
+    class FileParser < Dependabot::FileParsers::Base # rubocop:disable Metrics/ClassLength
       extend T::Sig
 
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/property_value_finder"
 
-      SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts settings.gradle settings.gradle.kts).freeze
+      SUPPORTED_BUILD_FILE_NAMES = T.let(%w(build.gradle build.gradle.kts settings.gradle settings.gradle.kts).freeze,
+                                         T::Array[String])
 
-      PROPERTY_REGEX =
+      PROPERTY_REGEX = T.let(
         /
           (?:\$\{property\((?<property_name>[^:\s]*?)\)\})|
           (?:\$\{(?<property_name>[^:\s]*?)\})|
           (?:\$(?<property_name>[^:\s"']*))
-        /x
+        /x,
+        Regexp
+      )
 
-      PART = %r{[^\s,@'":/\\]+}
-      VSN_PART = %r{[^\s,'":/\\]+}
-      DEPENDENCY_DECLARATION_REGEX = /(?:\(|\s)\s*['"](?<declaration>#{PART}:#{PART}:#{VSN_PART})['"]/
+      PART = T.let(%r{[^\s,@'":/\\]+}, Regexp)
+      VSN_PART = T.let(%r{[^\s,'":/\\]+}, Regexp)
+      DEPENDENCY_DECLARATION_REGEX = T.let(/(?:\(|\s)\s*['"](?<declaration>#{PART}:#{PART}:#{VSN_PART})['"]/o, Regexp)
 
-      DEPENDENCY_SET_DECLARATION_REGEX = /(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/
-      DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?<name>#{PART})['"]/
-      PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/
-      PLUGIN_ID_REGEX = /['"](?<id>#{PART})['"]/
+      DEPENDENCY_SET_DECLARATION_REGEX = T.let(/(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/, Regexp)
+      DEPENDENCY_SET_ENTRY_REGEX = T.let(/entry\s+['"](?<name>#{PART})['"]/o, Regexp)
+      PLUGIN_BLOCK_DECLARATION_REGEX = T.let(/(?:^|\s)plugins\s*\{/, Regexp)
+      PLUGIN_ID_REGEX = T.let(/['"](?<id>#{PART})['"]/o, Regexp)
 
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         dependency_set = DependencySet.new
         buildfiles.each do |buildfile|
@@ -60,14 +65,21 @@ module Dependabot
         end
       end
 
+      sig { params(buildfile: T.nilable(Dependabot::DependencyFile)).returns(T::Array[String]) }
       def self.find_include_names(buildfile)
         return [] unless buildfile
 
-        buildfile.content
-                 .scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/)
-                 .map { |match| match[2] }
+        T.must(buildfile.content)
+         .scan(/apply(\(| )\s*from(\s+=|:)\s+['"]([^'"]+)['"]/)
+         .map { |match| T.must(match[2]) }
       end
 
+      sig do
+        params(
+          buildfile: Dependabot::DependencyFile,
+          dependency_files: T::Array[Dependabot::DependencyFile]
+        ).returns(T::Array[Dependabot::DependencyFile])
+      end
       def self.find_includes(buildfile, dependency_files)
         FileParser.find_include_names(buildfile)
                   .filter_map { |f| dependency_files.find { |bf| bf.name == f } }
@@ -102,6 +114,7 @@ module Dependabot
         end, T.nilable(Dependabot::Gradle::Language))
       end
 
+      sig { params(toml_file: Dependabot::DependencyFile).returns(DependencySet) }
       def version_catalog_dependencies(toml_file)
         dependency_set = DependencySet.new
         parsed_toml_file = parsed_toml_file(toml_file)
@@ -110,27 +123,67 @@ module Dependabot
         dependency_set
       end
 
+      sig do
+        params(
+          parsed_toml_file: T::Hash[String, T.untyped],
+          toml_file: Dependabot::DependencyFile
+        ).returns(DependencySet)
+      end
       def version_catalog_library_dependencies(parsed_toml_file, toml_file)
-        dependencies_for_declarations(parsed_toml_file["libraries"], toml_file, :details_for_library_dependency)
+        dependencies_for_declarations(
+          T.cast(parsed_toml_file["libraries"], T.nilable(T::Hash[String, T.any(String, T::Hash[String, String])])),
+          toml_file,
+          :details_for_library_dependency
+        )
       end
 
+      sig do
+        params(
+          parsed_toml_file: T::Hash[String, T.untyped],
+          toml_file: Dependabot::DependencyFile
+        ).returns(DependencySet)
+      end
       def version_catalog_plugin_dependencies(parsed_toml_file, toml_file)
-        dependencies_for_declarations(parsed_toml_file["plugins"], toml_file, :details_for_plugin_dependency)
+        dependencies_for_declarations(
+          T.cast(parsed_toml_file["plugins"], T.nilable(T::Hash[String, T.any(String, T::Hash[String, String])])),
+          toml_file,
+          :details_for_plugin_dependency
+        )
       end
 
+      # rubocop:disable Metrics/PerceivedComplexity
+      sig do
+        params(
+          declarations: T.nilable(T::Hash[String, T.any(String, T::Hash[String, String])]),
+          toml_file: Dependabot::DependencyFile,
+          details_getter: Symbol
+        ).returns(DependencySet)
+      end
       def dependencies_for_declarations(declarations, toml_file, details_getter)
         dependency_set = DependencySet.new
         return dependency_set unless declarations
 
         declarations.each do |_mod, declaration|
-          group, name, version = send(details_getter, declaration)
+          details = send(details_getter, declaration)
+          next unless details
+
+          group, name, version = T.cast(
+            details,
+            [String, String, T.any(String, T::Hash[String, String])]
+          )
 
           # Only support basic version and reference formats for now,
           # refrain from updating anything else as it's likely to be a very deliberate choice.
           next unless Gradle::Version.correct?(version) || (version.is_a?(Hash) && version.key?("ref"))
 
-          version_details = Gradle::Version.correct?(version) ? version : "$" + version["ref"]
-          details = { group: group, name: name, version: version_details }
+          if version.is_a?(Hash)
+            version_details = "$" + T.must(version["ref"])
+          elsif Gradle::Version.correct?(version)
+            version_details = version
+          else
+            raise ArgumentError, "Unexpected version format: #{version.inspect}"
+          end
+          details = T.let({ group: group, name: name, version: version_details }, T::Hash[Symbol, String])
           dependency = dependency_from(details_hash: details, buildfile: toml_file)
           next unless dependency
 
@@ -138,33 +191,58 @@ module Dependabot
         end
         dependency_set
       end
+      # rubocop:enable Metrics/PerceivedComplexity
 
+      sig do
+        params(
+          declaration: T.any(String, T::Hash[String, T.any(String, T::Hash[String, String])])
+        ).returns(T.nilable([String, String, T.any(String, T::Hash[String, String])]))
+      end
       def details_for_library_dependency(declaration)
-        return declaration.split(":") if declaration.is_a?(String)
+        return T.cast(declaration.split(":"), [String, String, String]) if declaration.is_a?(String)
 
-        if declaration["module"]
-          [*declaration["module"].split(":"), declaration["version"]]
+        hash = declaration
+        version = hash["version"]
+        return nil if version.nil?
+
+        if hash["module"]
+          parts = T.cast(hash["module"], String).split(":")
+          [T.must(parts[0]), T.must(parts[1]), version]
         else
-          [declaration["group"], declaration["name"], declaration["version"]]
+          [T.cast(hash["group"], String), T.cast(hash["name"], String), version]
         end
       end
 
+      sig do
+        params(declaration: T.any(String, T::Hash[String, String]))
+          .returns(T.nilable([String, String, T.any(String, T::Hash[String, String])]))
+      end
       def details_for_plugin_dependency(declaration)
-        return ["plugins", *declaration.split(":")] if declaration.is_a?(String)
+        if declaration.is_a?(String)
+          parts = declaration.split(":")
+          ["plugins", T.must(parts[0]), T.must(parts[1])]
+        else
+          decl_hash = declaration
+          version = decl_hash["version"]
+          return nil if version.nil?
 
-        ["plugins", declaration["id"], declaration["version"]]
+          ["plugins", T.must(decl_hash["id"]), version]
+        end
       end
 
+      sig { params(file: Dependabot::DependencyFile).returns(T::Hash[String, T.untyped]) }
       def parsed_toml_file(file)
-        TomlRB.parse(file.content)
+        T.cast(TomlRB.parse(file.content), T::Hash[String, T.untyped])
       rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
         raise Dependabot::DependencyFileNotParseable, file.path
       end
 
+      sig { params(key: String).returns(Regexp) }
       def map_value_regex(key)
         /(?:^|\s|,|\()#{Regexp.quote(key)}(\s*=|:)\s*['"](?<value>[^'"]+)['"]/
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(DependencySet) }
       def buildfile_dependencies(buildfile)
         dependency_set = DependencySet.new
 
@@ -176,6 +254,7 @@ module Dependabot
         dependency_set
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(DependencySet) }
       def shortform_buildfile_dependencies(buildfile)
         dependency_set = DependencySet.new
 
@@ -193,6 +272,7 @@ module Dependabot
         dependency_set
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(DependencySet) }
       def keyword_arg_buildfile_dependencies(buildfile)
         dependency_set = DependencySet.new
 
@@ -211,10 +291,11 @@ module Dependabot
         dependency_set
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(DependencySet) }
       def dependency_set_dependencies(buildfile)
         dependency_set = DependencySet.new
 
-        dependency_set_blocks = []
+        dependency_set_blocks = T.let([], T::Array[T::Hash[Symbol, String]])
 
         prepared_content(buildfile).scan(DEPENDENCY_SET_DECLARATION_REGEX) do
           mch = T.must(Regexp.last_match)
@@ -226,12 +307,13 @@ module Dependabot
         end
 
         dependency_set_blocks.each do |blk|
-          group   = argument_from_string(blk[:arguments], "group")
-          version = argument_from_string(blk[:arguments], "version")
+          arguments = T.must(blk[:arguments])
+          group   = argument_from_string(arguments, "group")
+          version = argument_from_string(arguments, "version")
 
           next unless group && version
 
-          blk[:block].scan(DEPENDENCY_SET_ENTRY_REGEX).flatten.each do |name|
+          T.must(blk[:block]).scan(DEPENDENCY_SET_ENTRY_REGEX).flatten.each do |name|
             dep = dependency_from(
               details_hash: { group: group, name: name, version: version },
               buildfile: buildfile,
@@ -244,15 +326,17 @@ module Dependabot
         dependency_set
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(DependencySet) }
       def plugin_dependencies(buildfile)
         dependency_set = DependencySet.new
 
-        plugin_blocks = []
+        plugin_blocks = T.let([], T::Array[String])
 
         prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
           mch = T.must(Regexp.last_match)
+          post_match_str = mch.post_match
           plugin_blocks <<
-            mch.post_match[0..closing_bracket_index(mch.post_match)]
+            T.must(post_match_str.slice(0..closing_bracket_index(mch.post_match)))
         end
 
         plugin_blocks.each do |blk|
@@ -272,14 +356,19 @@ module Dependabot
         dependency_set
       end
 
+      sig { params(version: T.nilable(String)).returns(T.nilable(String)) }
       def format_plugin_version(version)
+        return nil unless version
+
         quoted?(version) ? unquote(version) : "$#{version}"
       end
 
+      sig { params(line: String).returns(T::Array[String]) }
       def extra_groups(line)
         line.match?(/kotlin(\s+#{PLUGIN_ID_REGEX}|\(#{PLUGIN_ID_REGEX}\))/o) ? ["kotlin"] : []
       end
 
+      sig { params(string: String, arg_name: String).returns(T.nilable(String)) }
       def argument_from_string(string, arg_name)
         string
           .match(map_value_regex(arg_name))
@@ -287,11 +376,20 @@ module Dependabot
           &.fetch("value")
       end
 
-      def dependency_from(details_hash:, buildfile:, in_dependency_set: false)
-        group   = evaluated_value(details_hash[:group], buildfile)
-        name    = evaluated_value(details_hash[:name], buildfile)
-        version = evaluated_value(details_hash[:version], buildfile)
-        extra_groups = details_hash[:extra_groups] || []
+      sig do
+        params(
+          details_hash: T::Hash[Symbol, T.any(String, T::Array[String])],
+          buildfile: Dependabot::DependencyFile,
+          in_dependency_set: T::Boolean
+        ).returns(T.nilable(Dependabot::Dependency))
+      end
+      def dependency_from(details_hash:, buildfile:, in_dependency_set: false) # rubocop:disable Metrics/PerceivedComplexity
+        group   = evaluated_value(T.cast(details_hash[:group], T.nilable(String)), buildfile)
+        name    = evaluated_value(T.cast(details_hash[:name], T.nilable(String)), buildfile)
+        version = evaluated_value(T.cast(details_hash[:version], T.nilable(String)), buildfile)
+        extra_groups = T.cast(details_hash[:extra_groups], T.nilable(T::Array[String])) || []
+
+        return nil unless group && name && version
 
         dependency_name =
           if group == "plugins" then name
@@ -325,8 +423,15 @@ module Dependabot
         )
       end
 
+      sig do
+        params(
+          group: String,
+          name: String,
+          version: String
+        ).returns(T.nilable(T::Hash[Symbol, T.nilable(String)]))
+      end
       def source_from(group, name, version)
-        return nil unless group&.start_with?("com.github") && version.match?(/\A[0-9a-f]{40}\Z/)
+        return nil unless group.start_with?("com.github") && version.match?(/\A[0-9a-f]{40}\Z/)
 
         account = group.sub("com.github.", "")
 
@@ -338,30 +443,37 @@ module Dependabot
         }
       end
 
+      sig do
+        params(
+          details_hash: T::Hash[Symbol, T.any(String, T::Array[String])],
+          in_dependency_set: T::Boolean
+        ).returns(T.nilable(T::Hash[Symbol, T.any(String, T::Hash[Symbol, String])]))
+      end
       def dependency_metadata(details_hash, in_dependency_set)
         version_property_name =
-          details_hash[:version]
-          .match(PROPERTY_REGEX)
-          &.named_captures&.fetch("property_name")
+          T.cast(details_hash[:version], String)
+           .match(PROPERTY_REGEX)
+           &.named_captures&.fetch("property_name")
 
         return unless version_property_name || in_dependency_set
 
-        metadata = {}
+        metadata = T.let({}, T::Hash[Symbol, T.any(String, T::Hash[Symbol, String])])
         metadata[:property_name] = version_property_name if version_property_name
         if in_dependency_set
-          metadata[:dependency_set] = {
+          metadata[:dependency_set] = T.let({
             group: details_hash[:group],
             version: details_hash[:version]
-          }
+          }, T::Hash[Symbol, String])
         end
         metadata
       end
 
+      sig { params(value: T.nilable(String), buildfile: Dependabot::DependencyFile).returns(T.nilable(String)) }
       def evaluated_value(value, buildfile)
-        return value unless value.scan(PROPERTY_REGEX).count == 1
+        return value unless value&.scan(PROPERTY_REGEX)&.count == 1
 
-        property_name  = value.match(PROPERTY_REGEX)
-                              .named_captures.fetch("property_name")
+        property_name  = T.must(T.must(value).match(PROPERTY_REGEX)
+                          &.named_captures&.fetch("property_name"))
         property_value = property_value_finder.property_value(
           property_name: property_name,
           callsite_buildfile: buildfile
@@ -369,32 +481,37 @@ module Dependabot
 
         return value unless property_value
 
-        value.gsub(PROPERTY_REGEX, property_value)
+        T.must(value).gsub(PROPERTY_REGEX, property_value)
       end
 
+      sig { returns(PropertyValueFinder) }
       def property_value_finder
-        @property_value_finder ||=
-          PropertyValueFinder.new(dependency_files: dependency_files)
+        @property_value_finder ||= T.let(
+          PropertyValueFinder.new(dependency_files: dependency_files),
+          T.nilable(PropertyValueFinder)
+        )
       end
 
+      sig { params(buildfile: Dependabot::DependencyFile).returns(String) }
       def prepared_content(buildfile)
         # Remove any comments
         prepared_content =
-          buildfile.content
-                   .gsub(%r{(?<=^|\s)//.*$}, "\n")
-                   .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
+          T.must(buildfile.content)
+           .gsub(%r{(?<=^|\s)//.*$}, "\n")
+           .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
 
         # Remove the dependencyVerification section added by Gradle Witness
         # (TODO: Support updating this in the FileUpdater)
         prepared_content.dup.scan(/dependencyVerification\s*{/) do
           mtch = T.must(Regexp.last_match)
           block = mtch.post_match[0..closing_bracket_index(mtch.post_match)]
-          prepared_content.gsub!(block, "")
+          prepared_content.gsub!(T.must(block), "")
         end
 
         prepared_content
       end
 
+      sig { params(string: String).returns(Integer) }
       def closing_bracket_index(string)
         closes_required = 1
 
@@ -407,42 +524,57 @@ module Dependabot
         0
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def buildfiles
-        @buildfiles ||= dependency_files.select do |f|
-          f.name.end_with?(*SUPPORTED_BUILD_FILE_NAMES)
-        end
+        @buildfiles ||= T.let(
+          dependency_files.select do |f|
+            f.name.end_with?("build.gradle", "build.gradle.kts", "settings.gradle", "settings.gradle.kts")
+          end,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def version_catalog_file
-        @version_catalog_file ||= dependency_files.select do |f|
-          f.name.end_with?("libs.versions.toml")
-        end
+        @version_catalog_file ||= T.let(
+          dependency_files.select do |f|
+            f.name.end_with?("libs.versions.toml")
+          end,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def script_plugin_files
-        @script_plugin_files ||=
+        @script_plugin_files ||= T.let(
           buildfiles.flat_map do |buildfile|
             FileParser.find_includes(buildfile, dependency_files)
           end
-                    .uniq
+                    .uniq,
+          T.nilable(T::Array[Dependabot::DependencyFile])
+        )
       end
 
+      sig { override.void }
       def check_required_files
         raise "No build.gradle or build.gradle.kts!" if dependency_files.empty?
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def original_file
         dependency_files.find do |f|
           SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
         end
       end
 
+      sig { params(string: String).returns(T::Boolean) }
       def quoted?(string)
-        string&.match?(/^['"].*['"]$/)
+        string.match?(/^['"].*['"]$/) || false
       end
 
+      sig { params(string: String).returns(String) }
       def unquote(string)
-        string[1..-2]
+        T.must(string[1..-2])
       end
     end
   end

data/lib/dependabot/gradle/file_updater/property_value_updater.rb

@@ -31,13 +31,10 @@ module Dependabot
                                              callsite_buildfile:,
                                              previous_value:,
                                              updated_value:)
-          declaration_details = T.let(
-            property_value_finder.property_details(
-              property_name: property_name,
-              callsite_buildfile: callsite_buildfile
-            ),
-            T::Hash[Symbol, String]
-          )
+          declaration_details = T.must(property_value_finder.property_details(
+                                         property_name: property_name,
+                                         callsite_buildfile: callsite_buildfile
+                                       ))
           declaration_string = declaration_details.fetch(:declaration_string)
           filename = declaration_details.fetch(:file)
 

data/lib/dependabot/gradle/file_updater.rb

@@ -238,7 +238,7 @@ module Dependabot
         result = string.dup
 
         string.scan(Gradle::FileParser::PROPERTY_REGEX) do
-          prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
+          prop_name = T.must(T.must(Regexp.last_match).named_captures.fetch("property_name"))
           property_value = T.let(
             property_value_finder.property_value(property_name: prop_name, callsite_buildfile: buildfile),
             T.nilable(String)

data/lib/dependabot/gradle/package/package_details_fetcher.rb

@@ -44,10 +44,10 @@ module Dependabot
         sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
 
-        sig { returns(T::Array[T.untyped]) }
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
 
-        sig { returns(T::Array[T.untyped]) }
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
 
         sig { returns(T.nilable(T::Array[String])) }
@@ -137,11 +137,9 @@ module Dependabot
           return @repositories if @repositories
 
           details = if plugin?
-                      T.must(plugin_repository_details) +
-                        credentials_repository_details
+                      plugin_repository_details + credentials_repository_details
                     else
-                      dependency_repository_details +
-                        credentials_repository_details
+                      dependency_repository_details + credentials_repository_details
                     end
 
           @repositories =
@@ -153,7 +151,7 @@ module Dependabot
             end
         end
 
-        sig { returns(T.any(T::Array[T::Hash[String, T.untyped]], NilClass)) }
+        sig { returns(T.nilable(T::Array[T::Hash[String, T.untyped]])) }
         def google_version_details
           url = Gradle::FileParser::RepositoriesFinder::GOOGLE_MAVEN_REPO
           group_id, artifact_id = group_and_artifact_ids
@@ -205,7 +203,7 @@ module Dependabot
 
         sig { params(repository_details: T::Hash[T.untyped, T.untyped]).returns(T.untyped) }
         def release_info_metadata(repository_details)
-          @release_info_metadata ||= T.let({}, T.nilable(T::Hash[T.untyped, T.untyped]))
+          @release_info_metadata ||= T.let({}, T.nilable(T::Hash[Integer, T.untyped]))
           @release_info_metadata[repository_details.hash] ||=
             begin
               response = Dependabot::RegistryClient.get(
@@ -225,7 +223,7 @@ module Dependabot
             end
         end
 
-        sig { returns(T.untyped) }
+        sig { returns(T::Array[T::Hash[String, String]]) }
         def repository_urls
           plugin? ? plugin_repository_details : dependency_repository_details
         end
@@ -239,7 +237,7 @@ module Dependabot
           T.must(@forbidden_urls) << repository_url
         end
 
-        sig { returns(T::Array[T.untyped]) }
+        sig { returns(T::Array[T::Hash[String, String]]) }
         def credentials_repository_details
           credentials
             .select { |cred| cred["type"] == "maven_repository" }
@@ -251,7 +249,7 @@ module Dependabot
           end
         end
 
-        sig { returns(T::Array[T.untyped]) }
+        sig { returns(T::Array[T::Hash[String, String]]) }
         def dependency_repository_details
           requirement_files =
             dependency.requirements
@@ -270,7 +268,7 @@ module Dependabot
             end.uniq
         end
 
-        sig { returns(T.nilable(T::Array[T::Hash[String, T.untyped]])) }
+        sig { returns(T::Array[T::Hash[String, String]]) }
         def plugin_repository_details
           [{
             "url" => Gradle::FileParser::RepositoriesFinder::GRADLE_PLUGINS_REPO,
@@ -299,7 +297,7 @@ module Dependabot
           current_type == version_type
         end
 
-        sig { returns(T::Array[T.untyped]) }
+        sig { returns(T.nilable(Dependabot::DependencyFile)) }
         def pom
           filename = T.must(dependency.requirements.first).fetch(:file)
           dependency_files.find { |f| f.name == filename }

data/lib/dependabot/gradle/update_checker/requirements_updater.rb

@@ -29,7 +29,7 @@ module Dependabot
           params(
             requirements: T::Array[T::Hash[Symbol, T.untyped]],
             latest_version: T.nilable(T.any(Version, String)),
-            source_url: String,
+            source_url: T.nilable(String),
             properties_to_update: T::Array[String]
           )
             .void
@@ -71,7 +71,7 @@ module Dependabot
         sig { returns(T.nilable(Version)) }
         attr_reader :latest_version
 
-        sig { returns(String) }
+        sig { returns(T.nilable(String)) }
         attr_reader :source_url
 
         sig { returns(T::Array[String]) }

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -76,7 +76,7 @@ module Dependabot
 
         sig { override.returns(T::Boolean) }
         def cooldown_enabled?
-          Dependabot::Experiments.enabled?(:enable_cooldown_for_gradle)
+          true
         end
 
         sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }