dependabot-gradle 0.358.0 → 0.359.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_updater/wrapper_updater.rb +15 -12
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53581bbcb12f37896f77216a05d65f0cc77d06f743af92fbcff4cae4c8dcebc9
|
|
4
|
+
data.tar.gz: 87f54434460054f754c71a16b45d2f322239992c73900969fbd0084c13a69175
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a0ecf08bc4c7aaf853b184404673b4816a6a8f5d57de7f1dba500f8fc071b4ba19255b06b002723262a1087bfa74e79ad0be9a07d230727e8fdbd0da0e4b64c
|
|
7
|
+
data.tar.gz: b747b17a13d08c8900a62d5d30b2757b79db6e66b626921d8304519a20f3713d4b1e98f3cbac223e46552b1ccea0a03fb0193f73be348dd4cfaf2819b28f6d25
|
|
@@ -118,12 +118,21 @@ module Dependabot
|
|
|
118
118
|
distribution_url = T.let(requirements[0]&.[](:source), T::Hash[Symbol, String])[:url]
|
|
119
119
|
distribution_type = distribution_url&.match(/\b(bin|all)\b/)&.captures&.first
|
|
120
120
|
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
#
|
|
124
|
-
#
|
|
125
|
-
#
|
|
126
|
-
|
|
121
|
+
args = %W(wrapper --gradle-version #{version})
|
|
122
|
+
|
|
123
|
+
# Executing the wrapper task with `validateDistributionUrl=true`,
|
|
124
|
+
# issues a HEAD request to ensure that the file exists and is reachable.
|
|
125
|
+
# Example: HEAD https://services.gradle.org/distributions/gradle-9.3.0-bin.zip
|
|
126
|
+
# Unfortunately, Dependabot's proxy does not seem to support something about this request
|
|
127
|
+
# This causes the validation to fail and the wrapper task to error out
|
|
128
|
+
# To work around this, we pass `--no-validate-url` to skip the url validation step,
|
|
129
|
+
# Note: this temporarily sets `validateDistributionUrl=false` in `gradle-wrapper.properties`.
|
|
130
|
+
# After the wrapper task completes, we restore the original value, since `--no-validate-url` would otherwise
|
|
131
|
+
# persist the change in the properties file, which is not the behavior we want for users.
|
|
132
|
+
# TODO: Investigate and fix the root cause of the proxy issue and remove this workaround
|
|
133
|
+
# See https://github.com/dependabot/dependabot-core/issues/14036
|
|
134
|
+
args += %w(--no-validate-url)
|
|
135
|
+
|
|
127
136
|
args += %W(--distribution-type #{distribution_type}) if distribution_type
|
|
128
137
|
args += %W(--gradle-distribution-sha256-sum #{checksum}) if checksum
|
|
129
138
|
args
|
|
@@ -174,12 +183,6 @@ module Dependabot
|
|
|
174
183
|
end
|
|
175
184
|
end
|
|
176
185
|
|
|
177
|
-
# This is a consequence of the lack of proper proxy support in Gradle Wrapper
|
|
178
|
-
# During the update process, Gradle Wrapper logic will try to validate the distribution URL
|
|
179
|
-
# by performing an HTTP request. If the environment requires a proxy, this validation will fail
|
|
180
|
-
# We need to add the `--no-validate-url` the commandline args to disable this validation
|
|
181
|
-
# However, this change is persistent in the `gradle-wrapper.properties` file
|
|
182
|
-
# To avoid side effects, we read the existing value before the update and restore it afterward
|
|
183
186
|
sig { params(properties_file: T.any(Pathname, String)).returns(T.nilable(String)) }
|
|
184
187
|
def get_validate_distribution_url_option(properties_file)
|
|
185
188
|
return nil unless File.exist?(properties_file)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.359.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.359.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.359.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-maven
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.359.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.359.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -285,7 +285,7 @@ licenses:
|
|
|
285
285
|
- MIT
|
|
286
286
|
metadata:
|
|
287
287
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
288
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
288
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.359.0
|
|
289
289
|
rdoc_options: []
|
|
290
290
|
require_paths:
|
|
291
291
|
- lib
|