dependabot-gradle 0.332.0 → 0.334.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ffdf7c068ec935c5bd554067e92ed7efaa498a1e8d097107495246c99437b627
|
|
4
|
+
data.tar.gz: 99736409d4304738f2f67193128abb7dda0ae7fc057b6adad23ca01cb30c2828
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 54fb4fe73c14100e872a1ba552c5ffd42189e6ed9fb4c347d04141171cd34dce9a0d2b1cc48abaed616df569a4c20d79cae1ce4b1ea152933b46712fa958cf0c
|
|
7
|
+
data.tar.gz: bafe43926c62b0e2331f916a1b7149d30d92b79f57c3a6fe3dceb7d6bdaa9da02a3533fa49bc589e6551a3d21e341f17b446512d35929a2906936627428cdad9
|
|
@@ -5,6 +5,7 @@ require "sorbet-runtime"
|
|
|
5
5
|
|
|
6
6
|
require "dependabot/file_fetchers"
|
|
7
7
|
require "dependabot/file_fetchers/base"
|
|
8
|
+
require "dependabot/file_filtering"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Gradle
|
|
@@ -59,7 +60,14 @@ module Dependabot
|
|
|
59
60
|
|
|
60
61
|
sig { override.returns(T::Array[DependencyFile]) }
|
|
61
62
|
def fetch_files
|
|
62
|
-
all_buildfiles_in_build(".")
|
|
63
|
+
fetched_files = all_buildfiles_in_build(".")
|
|
64
|
+
|
|
65
|
+
# Filter excluded files from final collection
|
|
66
|
+
filtered_files = fetched_files.reject do |file|
|
|
67
|
+
Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
filtered_files
|
|
63
71
|
end
|
|
64
72
|
|
|
65
73
|
private
|
|
@@ -110,6 +118,12 @@ module Dependabot
|
|
|
110
118
|
|
|
111
119
|
subproject_paths.filter_map do |path|
|
|
112
120
|
lockfile_path = File.join(root_dir, path, @lockfile_name)
|
|
121
|
+
|
|
122
|
+
# Skip excluded subproject lockfiles
|
|
123
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(lockfile_path,
|
|
124
|
+
"subproject lockfile in subproject '#{path}'",
|
|
125
|
+
@exclude_paths)
|
|
126
|
+
|
|
113
127
|
fetch_file_from_host(lockfile_path)
|
|
114
128
|
rescue Dependabot::DependencyFileNotFound
|
|
115
129
|
# Gradle itself doesn't worry about missing subprojects, so we don't
|
|
@@ -129,9 +143,22 @@ module Dependabot
|
|
|
129
143
|
subproject_paths.filter_map do |path|
|
|
130
144
|
if @buildfile_name
|
|
131
145
|
buildfile_path = File.join(root_dir, path, @buildfile_name)
|
|
146
|
+
|
|
147
|
+
# Skip excluded subproject buildfiles
|
|
148
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(buildfile_path,
|
|
149
|
+
"subproject buildfile in subproject '#{path}'",
|
|
150
|
+
@exclude_paths)
|
|
151
|
+
|
|
132
152
|
fetch_file_from_host(buildfile_path)
|
|
133
153
|
else
|
|
134
|
-
|
|
154
|
+
subproject_dir = File.join(root_dir, path)
|
|
155
|
+
|
|
156
|
+
# Skip excluded subproject directories
|
|
157
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(subproject_dir,
|
|
158
|
+
"subproject directory for subproject '#{path}'",
|
|
159
|
+
@exclude_paths)
|
|
160
|
+
|
|
161
|
+
buildfile(subproject_dir)
|
|
135
162
|
end
|
|
136
163
|
rescue Dependabot::DependencyFileNotFound
|
|
137
164
|
# Gradle itself doesn't worry about missing subprojects, so we don't
|
|
@@ -161,6 +188,11 @@ module Dependabot
|
|
|
161
188
|
.uniq
|
|
162
189
|
|
|
163
190
|
dependency_plugin_paths.filter_map do |path|
|
|
191
|
+
# Skip excluded dependency script plugins
|
|
192
|
+
next nil if Dependabot::FileFiltering.should_exclude_path?(path,
|
|
193
|
+
"dependency script plugin",
|
|
194
|
+
@exclude_paths)
|
|
195
|
+
|
|
164
196
|
fetch_file_from_host(path)
|
|
165
197
|
rescue Dependabot::DependencyFileNotFound
|
|
166
198
|
next nil if file_exists_in_submodule?(path)
|
|
@@ -470,7 +470,7 @@ module Dependabot
|
|
|
470
470
|
|
|
471
471
|
sig { params(value: T.nilable(String), buildfile: Dependabot::DependencyFile).returns(T.nilable(String)) }
|
|
472
472
|
def evaluated_value(value, buildfile)
|
|
473
|
-
return value unless value&.scan(PROPERTY_REGEX)&.
|
|
473
|
+
return value unless value&.scan(PROPERTY_REGEX)&.one?
|
|
474
474
|
|
|
475
475
|
property_name = T.must(T.must(value).match(PROPERTY_REGEX)
|
|
476
476
|
&.named_captures&.fetch("property_name"))
|
|
@@ -58,7 +58,7 @@ module Dependabot
|
|
|
58
58
|
returns(T::Array[T::Hash[String, T.untyped]])
|
|
59
59
|
end
|
|
60
60
|
def fetch_available_versions
|
|
61
|
-
|
|
61
|
+
T.let({}, T::Hash[String, T::Hash[Symbol, T.untyped]])
|
|
62
62
|
package_releases = T.let([], T::Array[T::Hash[String, T.untyped]])
|
|
63
63
|
|
|
64
64
|
version_details =
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
4
5
|
require "dependabot/gradle/file_parser"
|
|
5
6
|
require "dependabot/gradle/update_checker"
|
|
6
7
|
|
|
@@ -8,21 +9,48 @@ module Dependabot
|
|
|
8
9
|
module Gradle
|
|
9
10
|
class UpdateChecker
|
|
10
11
|
class MultiDependencyUpdater
|
|
12
|
+
extend T::Sig
|
|
13
|
+
|
|
11
14
|
require_relative "version_finder"
|
|
12
15
|
require_relative "requirements_updater"
|
|
13
16
|
|
|
17
|
+
# rubocop:disable Metrics/AbcSize
|
|
18
|
+
sig do
|
|
19
|
+
params(
|
|
20
|
+
dependency: Dependabot::Dependency,
|
|
21
|
+
dependency_files: T::Array[Dependabot::DependencyFile],
|
|
22
|
+
credentials: T::Array[Dependabot::Credential],
|
|
23
|
+
target_version_details: T.nilable(T::Hash[Symbol, Dependabot::Gradle::Version]),
|
|
24
|
+
ignored_versions: T::Array[String],
|
|
25
|
+
raise_on_ignored: T::Boolean
|
|
26
|
+
).void
|
|
27
|
+
end
|
|
14
28
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
15
29
|
target_version_details:, ignored_versions:,
|
|
16
30
|
raise_on_ignored: false)
|
|
17
|
-
@dependency
|
|
18
|
-
@dependency_files = dependency_files
|
|
19
|
-
@credentials
|
|
20
|
-
@target_version
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
31
|
+
@dependency = T.let(dependency, Dependabot::Dependency)
|
|
32
|
+
@dependency_files = T.let(dependency_files, T::Array[Dependabot::DependencyFile])
|
|
33
|
+
@credentials = T.let(credentials, T::Array[Dependabot::Credential])
|
|
34
|
+
@target_version = T.let(
|
|
35
|
+
target_version_details&.fetch(:version),
|
|
36
|
+
T.nilable(Dependabot::Gradle::Version)
|
|
37
|
+
)
|
|
38
|
+
@source_url = T.let(
|
|
39
|
+
T.cast(target_version_details&.fetch(:source_url), T.nilable(String)),
|
|
40
|
+
T.nilable(String)
|
|
41
|
+
)
|
|
42
|
+
@ignored_versions = T.let(ignored_versions, T::Array[String])
|
|
43
|
+
@raise_on_ignored = T.let(raise_on_ignored, T::Boolean)
|
|
44
|
+
@update_possible = T.let(nil, T.nilable(T::Boolean))
|
|
45
|
+
@updated_dependencies = T.let(nil, T.nilable(T::Array[Dependabot::Dependency]))
|
|
46
|
+
@dependencies_to_update = T.let(nil, T.nilable(T::Array[Dependabot::Dependency]))
|
|
47
|
+
@property_name = T.let(nil, T.nilable(String))
|
|
48
|
+
@dependency_set = T.let(nil, T.nilable(T::Hash[Symbol, String]))
|
|
49
|
+
@updated_requirements = T.let({}, T::Hash[String, T::Array[T::Hash[Symbol, T.untyped]]])
|
|
24
50
|
end
|
|
51
|
+
# rubocop:enable Metrics/AbcSize
|
|
25
52
|
|
|
53
|
+
sig { returns(T::Boolean) }
|
|
26
54
|
def update_possible?
|
|
27
55
|
return false unless target_version
|
|
28
56
|
|
|
@@ -41,6 +69,7 @@ module Dependabot
|
|
|
41
69
|
end
|
|
42
70
|
end
|
|
43
71
|
|
|
72
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
44
73
|
def updated_dependencies
|
|
45
74
|
raise "Update not possible!" unless update_possible?
|
|
46
75
|
|
|
@@ -59,13 +88,25 @@ module Dependabot
|
|
|
59
88
|
|
|
60
89
|
private
|
|
61
90
|
|
|
91
|
+
sig { returns(Dependabot::Dependency) }
|
|
62
92
|
attr_reader :dependency
|
|
93
|
+
|
|
94
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
63
95
|
attr_reader :dependency_files
|
|
96
|
+
|
|
97
|
+
sig { returns(T::Array[Dependabot::Credential]) }
|
|
64
98
|
attr_reader :credentials
|
|
99
|
+
|
|
100
|
+
sig { returns(T.nilable(Dependabot::Gradle::Version)) }
|
|
65
101
|
attr_reader :target_version
|
|
102
|
+
|
|
103
|
+
sig { returns(T.nilable(String)) }
|
|
66
104
|
attr_reader :source_url
|
|
105
|
+
|
|
106
|
+
sig { returns(T::Array[String]) }
|
|
67
107
|
attr_reader :ignored_versions
|
|
68
108
|
|
|
109
|
+
sig { returns(T::Array[Dependabot::Dependency]) }
|
|
69
110
|
def dependencies_to_update
|
|
70
111
|
@dependencies_to_update ||=
|
|
71
112
|
Gradle::FileParser.new(
|
|
@@ -82,20 +123,22 @@ module Dependabot
|
|
|
82
123
|
end
|
|
83
124
|
end
|
|
84
125
|
|
|
126
|
+
sig { returns(T.nilable(String)) }
|
|
85
127
|
def property_name
|
|
86
128
|
@property_name ||= dependency.requirements
|
|
87
129
|
.find { |r| r.dig(:metadata, :property_name) }
|
|
88
130
|
&.dig(:metadata, :property_name)
|
|
89
131
|
end
|
|
90
132
|
|
|
133
|
+
sig { returns(T.nilable(T::Hash[Symbol, String])) }
|
|
91
134
|
def dependency_set
|
|
92
135
|
@dependency_set ||= dependency.requirements
|
|
93
136
|
.find { |r| r.dig(:metadata, :dependency_set) }
|
|
94
137
|
&.dig(:metadata, :dependency_set)
|
|
95
138
|
end
|
|
96
139
|
|
|
140
|
+
sig { params(dep: Dependabot::Dependency).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
97
141
|
def updated_requirements(dep)
|
|
98
|
-
@updated_requirements ||= {}
|
|
99
142
|
@updated_requirements[dep.name] ||=
|
|
100
143
|
RequirementsUpdater.new(
|
|
101
144
|
requirements: dep.requirements,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.334.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.334.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.334.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-maven
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.334.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.334.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -225,14 +225,14 @@ dependencies:
|
|
|
225
225
|
requirements:
|
|
226
226
|
- - "~>"
|
|
227
227
|
- !ruby/object:Gem::Version
|
|
228
|
-
version: '3.
|
|
228
|
+
version: '3.25'
|
|
229
229
|
type: :development
|
|
230
230
|
prerelease: false
|
|
231
231
|
version_requirements: !ruby/object:Gem::Requirement
|
|
232
232
|
requirements:
|
|
233
233
|
- - "~>"
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
|
-
version: '3.
|
|
235
|
+
version: '3.25'
|
|
236
236
|
- !ruby/object:Gem::Dependency
|
|
237
237
|
name: webrick
|
|
238
238
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -280,7 +280,7 @@ licenses:
|
|
|
280
280
|
- MIT
|
|
281
281
|
metadata:
|
|
282
282
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
283
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
283
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
|
|
284
284
|
rdoc_options: []
|
|
285
285
|
require_paths:
|
|
286
286
|
- lib
|