dependabot-gradle 0.320.0 → 0.320.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_parser/property_value_finder.rb +28 -19
  3. data/lib/dependabot/gradle/file_parser/repositories_finder.rb +62 -34
  4. data/lib/dependabot/gradle/file_parser.rb +197 -65
  5. data/lib/dependabot/gradle/file_updater/property_value_updater.rb +4 -7
  6. data/lib/dependabot/gradle/file_updater.rb +1 -1
  7. data/lib/dependabot/gradle/package/package_details_fetcher.rb +11 -13
  8. data/lib/dependabot/gradle/update_checker/requirements_updater.rb +2 -2
  9. data/lib/dependabot/gradle/update_checker/version_finder.rb +1 -1
  10. data/lib/dependabot/gradle/update_checker.rb +54 -14
  11. data/lib/dependabot/gradle/version.rb +56 -27
  12. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae374cdbd3063f10d8e5bff56047b4ce71a93ba34e38fe65aece2d5a0976d58a
4
- data.tar.gz: 7334fea2720015456d756a60c58baf745092f818b4186a4cd605d9010f627910
3
+ metadata.gz: 31067c56f37f35e9c1bcf8783e119cb0e84e497afd66f5ae519feddddaabd1ec
4
+ data.tar.gz: 61c257a69fa157d23ba11254a83d18cb27e29a0439fe0d3c20562d6f65423259
5
5
  SHA512:
6
- metadata.gz: 3d0576c61f8881dab4d89e382d689124c3ea6634cb582bf789c63193b7148acdbea576d381412c352f27c93edf49933684a8a9ecdd360814abc474761cea25e0
7
- data.tar.gz: 6980420566a75d5dbc813d9026fecfd36ec238757e7264f002dbfc03c6a47fed05af8e4ab1f06ee388a9c1157afe8b740aea8a33590792214649aef271c60ca5
6
+ metadata.gz: 5ed3ef4e13f13f6de42a7b2a929dc8ef9af2fcc0cd65f2e661c4aa918cf18e2805d134bb92ae1fbb83b49231490d3f37ff3462335f1435e16a21c054871edd43
7
+ data.tar.gz: b7c9591526fa54fbede3cbb0161a3951ef3fe199aeff3cebb293684026b1b9ac1a94183c4d87d81c10b78be5632a17a966fc461eeaee07a8d94cc1c2e63f123c
data/lib/dependabot/gradle/file_parser/property_value_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strong
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -68,16 +68,23 @@ module Dependabot
68
68
  /(#{REGULAR_NAMESPACED_DECLARATION_REGEX}|#{KOTLIN_MAP_NAMESPACED_DECLARATION_REGEX})/
69
69
  # rubocop:enable Layout/LineLength
70
70
 
71
+ sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
71
72
  def initialize(dependency_files:)
72
- @dependency_files = dependency_files
73
+ @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
74
+ @properties = T.let({}, T::Hash[String, T::Hash[String, T::Hash[Symbol, String]]])
75
+ @top_level_buildfile = T.let(nil, T.nilable(Dependabot::DependencyFile))
73
76
  end
74
77
 
78
+ sig do
79
+ params(property_name: String, callsite_buildfile: Dependabot::DependencyFile)
80
+ .returns(T.nilable(T::Hash[Symbol, String]))
81
+ end
75
82
  def property_details(property_name:, callsite_buildfile:)
76
83
  # If the root project was specified, just look in the top-level
77
84
  # buildfile
78
85
  if property_name.start_with?("rootProject.")
79
86
  property_name = property_name.sub("rootProject.", "")
80
- return properties(top_level_buildfile).fetch(property_name, nil)
87
+ return properties(T.must(top_level_buildfile)).fetch(property_name, nil)
81
88
  end
82
89
 
83
90
  # If this project was specified strip the specifier
@@ -90,7 +97,7 @@ module Dependabot
90
97
  # for the property in the top-level buildfile
91
98
  all_files = [callsite_buildfile, top_level_buildfile].concat(
92
99
  FileParser.find_includes(callsite_buildfile, dependency_files),
93
- FileParser.find_includes(top_level_buildfile, dependency_files)
100
+ top_level_buildfile ? FileParser.find_includes(T.must(top_level_buildfile), dependency_files) : []
94
101
  ).compact
95
102
  all_files.each do |file|
96
103
  details = properties(file).fetch(property_name, nil)
@@ -99,6 +106,7 @@ module Dependabot
99
106
  nil
100
107
  end
101
108
 
109
+ sig { params(property_name: String, callsite_buildfile: Dependabot::DependencyFile).returns(T.nilable(String)) }
102
110
  def property_value(property_name:, callsite_buildfile:)
103
111
  property_details(
104
112
  property_name: property_name,
@@ -108,26 +116,23 @@ module Dependabot
108
116
 
109
117
  private
110
118
 
119
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
111
120
  attr_reader :dependency_files
112
121
 
122
+ sig { params(buildfile: Dependabot::DependencyFile).returns(T::Hash[String, T::Hash[Symbol, String]]) }
113
123
  def properties(buildfile)
114
- @properties ||= {}
115
- return @properties[buildfile.name] if @properties[buildfile.name]
116
-
117
- @properties[buildfile.name] = {}
118
-
119
- @properties[buildfile.name]
120
- .merge!(fetch_single_property_declarations(buildfile))
124
+ @properties[buildfile.name] ||= {}
125
+ buildfile_props = T.must(@properties[buildfile.name])
126
+ buildfile_props.merge!(fetch_single_property_declarations(buildfile))
121
127
 
122
- @properties[buildfile.name]
123
- .merge!(fetch_kotlin_block_property_declarations(buildfile))
128
+ buildfile_props.merge!(fetch_kotlin_block_property_declarations(buildfile))
124
129
 
125
- @properties[buildfile.name]
126
- .merge!(fetch_multi_property_declarations(buildfile))
130
+ buildfile_props.merge!(fetch_multi_property_declarations(buildfile))
127
131
 
128
- @properties[buildfile.name]
132
+ buildfile_props
129
133
  end
130
134
 
135
+ sig { params(buildfile: Dependabot::DependencyFile).returns(T::Hash[String, T::Hash[Symbol, String]]) }
131
136
  def fetch_single_property_declarations(buildfile)
132
137
  properties = {}
133
138
 
@@ -148,6 +153,7 @@ module Dependabot
148
153
  properties
149
154
  end
150
155
 
156
+ sig { params(buildfile: Dependabot::DependencyFile).returns(T::Hash[String, T::Hash[Symbol, String]]) }
151
157
  def fetch_kotlin_block_property_declarations(buildfile)
152
158
  properties = {}
153
159
 
@@ -178,6 +184,7 @@ module Dependabot
178
184
  properties
179
185
  end
180
186
 
187
+ sig { params(buildfile: Dependabot::DependencyFile).returns(T::Hash[String, T::Hash[Symbol, String]]) }
181
188
  def fetch_multi_property_declarations(buildfile)
182
189
  properties = {}
183
190
 
@@ -202,13 +209,15 @@ module Dependabot
202
209
  properties
203
210
  end
204
211
 
212
+ sig { params(buildfile: Dependabot::DependencyFile).returns(String) }
205
213
  def prepared_content(buildfile)
206
214
  # Remove any comments
207
- buildfile.content
208
- .gsub(%r{(?<=^|\s)//.*$}, "\n")
209
- .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
215
+ T.must(buildfile.content)
216
+ .gsub(%r{(?<=^|\s)//.*$}, "\n")
217
+ .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
210
218
  end
211
219
 
220
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
212
221
  def top_level_buildfile
213
222
  @top_level_buildfile ||= dependency_files.find do |f|
214
223
  SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
data/lib/dependabot/gradle/file_parser/repositories_finder.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "sorbet-runtime"
@@ -11,8 +11,8 @@ module Dependabot
11
11
  class RepositoriesFinder
12
12
  extend T::Sig
13
13
 
14
- SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
15
- SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
14
+ SUPPORTED_BUILD_FILE_NAMES = T.let(%w(build.gradle build.gradle.kts).freeze, T::Array[String])
15
+ SUPPORTED_SETTINGS_FILE_NAMES = T.let(%w(settings.gradle settings.gradle.kts).freeze, T::Array[String])
16
16
 
17
17
  # The Central Repo doesn't have special status for Gradle, but until
18
18
  # we're confident we're selecting repos correctly it's wise to include
@@ -29,17 +29,27 @@ module Dependabot
29
29
 
30
30
  MAVEN_REPO_REGEX = /(#{KOTLIN_MAVEN_REPO_REGEX}|#{GROOVY_MAVEN_REPO_REGEX})/
31
31
 
32
+ sig do
33
+ params(
34
+ dependency_files: T::Array[Dependabot::DependencyFile],
35
+ target_dependency_file: T.nilable(Dependabot::DependencyFile)
36
+ ).void
37
+ end
32
38
  def initialize(dependency_files:, target_dependency_file:)
33
- @dependency_files = dependency_files
34
- @target_dependency_file = target_dependency_file
39
+ @dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
35
40
  raise "No target file!" unless target_dependency_file
41
+
42
+ @target_dependency_file = T.let(target_dependency_file, Dependabot::DependencyFile)
36
43
  end
37
44
 
45
+ sig { returns(T::Array[String]) }
38
46
  def repository_urls
39
- repository_urls = []
47
+ repository_urls = T.let([], T::Array[String])
40
48
  repository_urls += inherited_repository_urls(top_level_buildfile)
41
- FileParser.find_includes(top_level_buildfile, dependency_files).each do |dependency_file|
42
- repository_urls += inherited_repository_urls(dependency_file)
49
+ if top_level_buildfile
50
+ FileParser.find_includes(T.must(top_level_buildfile), dependency_files).each do |dependency_file|
51
+ repository_urls += inherited_repository_urls(dependency_file)
52
+ end
43
53
  end
44
54
  repository_urls += own_buildfile_repository_urls
45
55
  repository_urls += settings_file_repository_urls(top_level_settings_file)
@@ -52,45 +62,50 @@ module Dependabot
52
62
 
53
63
  private
54
64
 
65
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
55
66
  attr_reader :dependency_files
67
+
68
+ sig { returns(Dependabot::DependencyFile) }
56
69
  attr_reader :target_dependency_file
57
70
 
71
+ sig { params(dependency_file: T.nilable(Dependabot::DependencyFile)).returns(T::Array[String]) }
58
72
  def inherited_repository_urls(dependency_file)
59
73
  return [] unless dependency_file
60
74
 
61
75
  buildfile_content = comment_free_content(dependency_file)
62
- subproject_blocks = []
76
+ subproject_blocks = T.let([], T::Array[String])
63
77
 
64
78
  buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
65
79
  mtch = T.must(Regexp.last_match)
66
80
  subproject_blocks <<
67
- mtch.post_match[0..closing_bracket_index(mtch.post_match)]
81
+ T.must(mtch.post_match[0..closing_bracket_index(mtch.post_match)])
68
82
  end
69
83
 
70
84
  if top_level_buildfile != target_dependency_file
71
85
  buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
72
86
  mtch = T.must(Regexp.last_match)
73
87
  subproject_blocks <<
74
- mtch.post_match[0..closing_bracket_index(mtch.post_match)]
88
+ T.must(mtch.post_match[0..closing_bracket_index(mtch.post_match)])
75
89
  end
76
90
  end
77
91
 
78
92
  repository_urls_from(subproject_blocks.join("\n"))
79
93
  end
80
94
 
95
+ sig { returns(T::Array[String]) }
81
96
  def own_buildfile_repository_urls
82
97
  return [] unless top_level_buildfile
83
98
 
84
- buildfile_content = comment_free_content(top_level_buildfile)
99
+ buildfile_content = comment_free_content(T.must(top_level_buildfile))
85
100
 
86
- own_buildfile_urls = []
101
+ own_buildfile_urls = T.let([], T::Array[String])
87
102
 
88
- subproject_buildfile_content = buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
103
+ subproject_buildfile_content = buildfile_content.dup
104
+ buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
89
105
  mtch = T.must(Regexp.last_match)
90
- buildfile_content.gsub(
91
- mtch.post_match[0..closing_bracket_index(mtch.post_match)],
92
- ""
93
- )
106
+ post_match = mtch.post_match
107
+ section_to_remove = post_match[0..closing_bracket_index(post_match)]
108
+ subproject_buildfile_content = subproject_buildfile_content.gsub(section_to_remove, "") if section_to_remove
94
109
  end
95
110
 
96
111
  own_buildfile_urls += repository_urls_from(buildfile_content)
@@ -98,29 +113,31 @@ module Dependabot
98
113
  own_buildfile_urls
99
114
  end
100
115
 
116
+ sig { params(settings_file: T.nilable(Dependabot::DependencyFile)).returns(T::Array[String]) }
101
117
  def settings_file_repository_urls(settings_file)
102
118
  return [] unless settings_file
103
119
 
104
120
  settings_file_content = comment_free_content(settings_file)
105
- dependency_resolution_management_repositories = []
121
+ dependency_resolution_management_repositories = T.let([], T::Array[String])
106
122
 
107
123
  settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
108
124
  mtch = T.must(Regexp.last_match)
109
125
  dependency_resolution_management_repositories <<
110
- mtch.post_match[0..closing_bracket_index(mtch.post_match)]
126
+ T.must(mtch.post_match[0..closing_bracket_index(mtch.post_match)])
111
127
  end
112
128
 
113
129
  repository_urls_from(dependency_resolution_management_repositories.join("\n"))
114
130
  end
115
131
 
116
- def repository_urls_from(buildfile_content)
117
- repository_urls = []
132
+ sig { params(buildfile_content: String).returns(T::Array[String]) }
133
+ def repository_urls_from(buildfile_content) # rubocop:disable Metrics/AbcSize
134
+ repository_urls = T.let([], T::Array[String])
118
135
 
119
- repository_blocks = []
136
+ repository_blocks = T.let([], T::Array[String])
120
137
  buildfile_content.scan(REPOSITORIES_BLOCK_START) do
121
138
  mtch = T.must(Regexp.last_match)
122
139
  repository_blocks <<
123
- mtch.post_match[0..closing_bracket_index(mtch.post_match)]
140
+ T.must(mtch.post_match[0..closing_bracket_index(mtch.post_match)])
124
141
  end
125
142
 
126
143
  repository_blocks.each do |block|
@@ -133,7 +150,7 @@ module Dependabot
133
150
  repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
134
151
 
135
152
  block.scan(MAVEN_REPO_REGEX) do
136
- repository_urls << T.must(Regexp.last_match).named_captures.fetch("url")
153
+ repository_urls << T.must(T.must(Regexp.last_match).named_captures.fetch("url"))
137
154
  end
138
155
  end
139
156
 
@@ -143,6 +160,7 @@ module Dependabot
143
160
  .uniq
144
161
  end
145
162
 
163
+ sig { params(string: String).returns(Integer) }
146
164
  def closing_bracket_index(string)
147
165
  closes_required = 1
148
166
 
@@ -155,6 +173,7 @@ module Dependabot
155
173
  0
156
174
  end
157
175
 
176
+ sig { params(url: String).returns(T::Boolean) }
158
177
  def valid_url?(url)
159
178
  # Reject non-http URLs because they're probably parsing mistakes
160
179
  return false unless url.start_with?("http")
@@ -165,22 +184,31 @@ module Dependabot
165
184
  false
166
185
  end
167
186
 
187
+ sig { params(buildfile: Dependabot::DependencyFile).returns(String) }
168
188
  def comment_free_content(buildfile)
169
- buildfile.content
170
- .gsub(%r{(?<=^|\s)//.*$}, "\n")
171
- .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
189
+ T.must(buildfile.content)
190
+ .gsub(%r{(?<=^|\s)//.*$}, "\n")
191
+ .gsub(%r{(?<=^|\s)/\*.*?\*/}m, "")
172
192
  end
173
193
 
194
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
174
195
  def top_level_buildfile
175
- @top_level_buildfile ||= dependency_files.find do |f|
176
- SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
177
- end
196
+ @top_level_buildfile = T.let(
197
+ @top_level_buildfile || dependency_files.find do |f|
198
+ SUPPORTED_BUILD_FILE_NAMES.include?(f.name)
199
+ end,
200
+ T.nilable(Dependabot::DependencyFile)
201
+ )
178
202
  end
179
203
 
204
+ sig { returns(T.nilable(Dependabot::DependencyFile)) }
180
205
  def top_level_settings_file
181
- @top_level_settings_file ||= dependency_files.find do |f|
182
- SUPPORTED_SETTINGS_FILE_NAMES.include?(f.name)
183
- end
206
+ @top_level_settings_file = T.let(
207
+ @top_level_settings_file || dependency_files.find do |f|
208
+ SUPPORTED_SETTINGS_FILE_NAMES.include?(f.name)
209
+ end,
210
+ T.nilable(Dependabot::DependencyFile)
211
+ )
184
212
  end
185
213
  end
186
214
  end