dependabot-gradle 0.375.0 → 0.377.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fc9ccb07b414741f2b8839cd0fb9515a004b20df4dfb5b008347af097a93128a
|
|
4
|
+
data.tar.gz: d974e7d7f85518016c86c19366421127781be99f2d014b16891d6483d9196e76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b9c4b0b21c8b0dd3625b464491a723e63bfb5d12c6524e503f0edae004a65cfa7194c86638c2a8eb609652b79e3625dbbfdebbbe41f620ce889679a1e2aacddf
|
|
7
|
+
data.tar.gz: 20b4d157bf6a305cafe771152a638ef3f4290d935cb7b2d221c62338c33e8b18de2bb6b55586d0808118993b34f37d7b62392eb02c9324f0f010a465fa4eed8c
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# typed: strong
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require "
|
|
4
|
+
require "fileutils"
|
|
5
5
|
require "shellwords"
|
|
6
|
+
require "sorbet-runtime"
|
|
6
7
|
|
|
7
|
-
require "dependabot/gradle/file_parser"
|
|
8
8
|
require "dependabot/gradle/file_updater"
|
|
9
9
|
|
|
10
10
|
module Dependabot
|
|
@@ -13,6 +13,8 @@ module Dependabot
|
|
|
13
13
|
class LockfileUpdater
|
|
14
14
|
extend T::Sig
|
|
15
15
|
|
|
16
|
+
INIT_SCRIPT_TASK_NAME = T.let("dependabotResolveAll", String)
|
|
17
|
+
|
|
16
18
|
sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
|
|
17
19
|
def initialize(dependency_files:)
|
|
18
20
|
@dependency_files = dependency_files
|
|
@@ -20,67 +22,159 @@ module Dependabot
|
|
|
20
22
|
|
|
21
23
|
sig { params(build_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
|
|
22
24
|
def update_lockfiles(build_file)
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
end
|
|
25
|
+
root_dir = determine_root_dir(build_file: build_file)
|
|
26
|
+
lockfiles = lockfiles_for_root(root_dir)
|
|
26
27
|
|
|
27
|
-
|
|
28
|
-
return dependency_files unless local_lockfiles.any?
|
|
28
|
+
return dependency_files unless lockfiles.any?
|
|
29
29
|
|
|
30
30
|
updated_files = dependency_files.dup
|
|
31
|
+
|
|
31
32
|
SharedHelpers.in_a_temporary_directory do |temp_dir|
|
|
32
33
|
populate_temp_directory(temp_dir)
|
|
33
|
-
|
|
34
|
-
cwd =
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
# Would prefer to use command line arguments, but they don't work.
|
|
42
|
-
properties_filename = File.join(temp_dir, build_file.directory, "gradle.properties")
|
|
43
|
-
write_properties_file(properties_filename)
|
|
34
|
+
|
|
35
|
+
cwd = File.join(temp_dir, root_dir == "/" ? "" : root_dir.delete_prefix("/"))
|
|
36
|
+
FileUtils.mkdir_p(cwd)
|
|
37
|
+
|
|
38
|
+
write_properties_file(File.join(cwd, "gradle.properties"))
|
|
39
|
+
|
|
40
|
+
init_script_path = File.join(cwd, "dependabot-locking.init.gradle")
|
|
41
|
+
write_init_script(init_script_path)
|
|
44
42
|
|
|
45
43
|
command_parts = [
|
|
46
44
|
"gradle",
|
|
47
|
-
"
|
|
48
|
-
|
|
49
|
-
"--write-locks"
|
|
45
|
+
"--init-script", init_script_path,
|
|
46
|
+
INIT_SCRIPT_TASK_NAME,
|
|
47
|
+
"--write-locks",
|
|
48
|
+
"--no-daemon"
|
|
50
49
|
]
|
|
51
50
|
command = Shellwords.join(command_parts)
|
|
52
51
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
end
|
|
52
|
+
SharedHelpers.run_shell_command(command, cwd: cwd)
|
|
53
|
+
|
|
54
|
+
update_lockfiles_content(temp_dir, lockfiles, updated_files)
|
|
55
|
+
rescue SharedHelpers::HelperSubprocessFailed => e
|
|
56
|
+
Dependabot.logger.error("Failed to update lockfiles: #{e.message}")
|
|
57
|
+
return updated_files
|
|
60
58
|
end
|
|
59
|
+
|
|
61
60
|
updated_files
|
|
62
61
|
end
|
|
63
62
|
|
|
63
|
+
sig { params(build_file: Dependabot::DependencyFile).returns(String) }
|
|
64
|
+
def determine_root_dir(build_file:)
|
|
65
|
+
settings_file = find_settings_file(build_file)
|
|
66
|
+
return normalized_directory_path(settings_file) if settings_file
|
|
67
|
+
|
|
68
|
+
file_path = normalized_file_path(build_file)
|
|
69
|
+
return normalize_path(File.dirname(file_path, 2)) if file_path.end_with?("/gradle/libs.versions.toml")
|
|
70
|
+
|
|
71
|
+
normalized_directory_path(build_file)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
75
|
+
def normalized_directory_path(file)
|
|
76
|
+
file_path = normalized_file_path(file)
|
|
77
|
+
dir = File.dirname(file_path)
|
|
78
|
+
dir == "/" ? "/" : normalize_path(dir)
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
sig { params(root_dir: String).returns(T::Array[Dependabot::DependencyFile]) }
|
|
82
|
+
def lockfiles_for_root(root_dir)
|
|
83
|
+
sub_build_roots = sub_build_roots_for(root_dir)
|
|
84
|
+
|
|
85
|
+
dependency_files.select do |file|
|
|
86
|
+
next false unless file.name.end_with?(".lockfile")
|
|
87
|
+
|
|
88
|
+
file_path = normalized_file_path(file)
|
|
89
|
+
next false unless path_under_root?(file_path, root_dir)
|
|
90
|
+
|
|
91
|
+
sub_build_roots.none? { |sub_root| file_path.start_with?("#{sub_root}/") || file_path == sub_root }
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
64
95
|
sig do
|
|
65
96
|
params(
|
|
66
97
|
temp_dir: T.any(Pathname, String),
|
|
67
|
-
|
|
98
|
+
lockfiles: T::Array[Dependabot::DependencyFile],
|
|
68
99
|
updated_lockfiles: T::Array[Dependabot::DependencyFile]
|
|
69
100
|
).void
|
|
70
101
|
end
|
|
71
|
-
def update_lockfiles_content(temp_dir,
|
|
72
|
-
|
|
73
|
-
|
|
102
|
+
def update_lockfiles_content(temp_dir, lockfiles, updated_lockfiles)
|
|
103
|
+
lockfiles.each do |file|
|
|
104
|
+
# Handle "/" directory as root - File.join treats "/" as absolute path and ignores prior components
|
|
105
|
+
relative_dir = file.directory == "/" ? "" : file.directory
|
|
106
|
+
lockfile_path = File.join(temp_dir, relative_dir, file.name)
|
|
107
|
+
|
|
108
|
+
unless File.exist?(lockfile_path)
|
|
109
|
+
Dependabot.logger.warn(
|
|
110
|
+
"Lockfile #{file.name} was not regenerated by Gradle after a successful lockfile update run. " \
|
|
111
|
+
"Preserving existing lockfile."
|
|
112
|
+
)
|
|
113
|
+
next
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
content = File.read(lockfile_path)
|
|
117
|
+
next if content == file.content
|
|
118
|
+
|
|
74
119
|
tmp_file = file.dup
|
|
75
|
-
tmp_file.content =
|
|
76
|
-
|
|
120
|
+
tmp_file.content = content
|
|
121
|
+
|
|
122
|
+
index = updated_lockfiles.find_index { |f| f.name == file.name }
|
|
123
|
+
if index
|
|
124
|
+
updated_lockfiles[index] = tmp_file
|
|
125
|
+
else
|
|
126
|
+
updated_lockfiles << tmp_file
|
|
127
|
+
end
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
private
|
|
132
|
+
|
|
133
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
134
|
+
attr_reader :dependency_files
|
|
135
|
+
|
|
136
|
+
sig { params(file_path: String, root_dir: String).returns(T::Boolean) }
|
|
137
|
+
def path_under_root?(file_path, root_dir)
|
|
138
|
+
root_dir == "/" || file_path == root_dir || file_path.start_with?("#{root_dir}/")
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
# Find all sub-build roots (settings files deeper than root_dir) so we can
|
|
142
|
+
# exclude lockfiles that belong to an included/composite build.
|
|
143
|
+
sig { params(root_dir: String).returns(T::Array[String]) }
|
|
144
|
+
def sub_build_roots_for(root_dir)
|
|
145
|
+
dependency_files.filter_map do |f|
|
|
146
|
+
basename = File.basename(f.name)
|
|
147
|
+
next unless basename == "settings.gradle" || basename == "settings.gradle.kts"
|
|
148
|
+
|
|
149
|
+
dir = normalized_directory_path(f)
|
|
150
|
+
next if dir == root_dir
|
|
151
|
+
|
|
152
|
+
dir if path_under_root?(dir, root_dir)
|
|
77
153
|
end
|
|
78
154
|
end
|
|
79
155
|
|
|
156
|
+
sig { params(file: Dependabot::DependencyFile).returns(String) }
|
|
157
|
+
def normalized_file_path(file)
|
|
158
|
+
# Handle "/" directory as root - File.join treats "/" as absolute path and ignores prior components
|
|
159
|
+
relative_dir = file.directory == "/" ? "" : file.directory
|
|
160
|
+
path = relative_dir.empty? ? file.name : File.join(relative_dir, file.name)
|
|
161
|
+
normalize_path(path)
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
sig { params(path: String).returns(String) }
|
|
165
|
+
def normalize_path(path)
|
|
166
|
+
normalized = path.squeeze("/")
|
|
167
|
+
normalized = "/#{normalized}" unless normalized.start_with?("/")
|
|
168
|
+
normalized = normalized.sub(%r{/$}, "")
|
|
169
|
+
normalized.empty? ? "/" : normalized
|
|
170
|
+
end
|
|
171
|
+
|
|
80
172
|
sig { params(temp_dir: T.any(Pathname, String)).void }
|
|
81
173
|
def populate_temp_directory(temp_dir)
|
|
82
174
|
@dependency_files.each do |file|
|
|
83
|
-
|
|
175
|
+
# Handle "/" directory as root - File.join treats "/" as absolute path and ignores prior components
|
|
176
|
+
relative_dir = file.directory == "/" ? "" : file.directory
|
|
177
|
+
in_path_name = File.join(temp_dir, relative_dir, file.name)
|
|
84
178
|
FileUtils.mkdir_p(File.dirname(in_path_name))
|
|
85
179
|
File.write(in_path_name, file.content)
|
|
86
180
|
end
|
|
@@ -96,6 +190,7 @@ module Dependabot
|
|
|
96
190
|
https_proxy_host = https_split&.fetch(1, nil)&.gsub("//", "") || "host.docker.internal"
|
|
97
191
|
http_proxy_port = http_split&.fetch(2) || "1080"
|
|
98
192
|
https_proxy_port = https_split&.fetch(2) || "1080"
|
|
193
|
+
|
|
99
194
|
properties_content = "
|
|
100
195
|
systemProp.http.proxyHost=#{http_proxy_host}
|
|
101
196
|
systemProp.http.proxyPort=#{http_proxy_port}
|
|
@@ -104,10 +199,46 @@ systemProp.https.proxyPort=#{https_proxy_port}"
|
|
|
104
199
|
File.write(file_name, properties_content)
|
|
105
200
|
end
|
|
106
201
|
|
|
107
|
-
|
|
202
|
+
sig { params(file_name: String).void }
|
|
203
|
+
def write_init_script(file_name)
|
|
204
|
+
# Resolve all resolvable configurations across all loaded projects so
|
|
205
|
+
# Gradle rewrites every relevant lockfile in one invocation.
|
|
206
|
+
script_content = <<~GRADLE
|
|
207
|
+
allprojects {
|
|
208
|
+
if (tasks.findByName("#{INIT_SCRIPT_TASK_NAME}") == null) {
|
|
209
|
+
tasks.register("#{INIT_SCRIPT_TASK_NAME}") {
|
|
210
|
+
doLast {
|
|
211
|
+
configurations.findAll { it.canBeResolved }.each { it.resolve() }
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
GRADLE
|
|
217
|
+
File.write(file_name, script_content)
|
|
218
|
+
end
|
|
108
219
|
|
|
109
|
-
sig { returns(T
|
|
110
|
-
|
|
220
|
+
sig { params(build_file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile)) }
|
|
221
|
+
def find_settings_file(build_file)
|
|
222
|
+
settings_files = dependency_files.select do |f|
|
|
223
|
+
basename = File.basename(f.name)
|
|
224
|
+
basename == "settings.gradle" || basename == "settings.gradle.kts"
|
|
225
|
+
end
|
|
226
|
+
|
|
227
|
+
return nil if settings_files.empty?
|
|
228
|
+
|
|
229
|
+
build_dir = normalized_directory_path(build_file)
|
|
230
|
+
|
|
231
|
+
ancestor_settings = settings_files.select do |f|
|
|
232
|
+
settings_dir = normalized_directory_path(f)
|
|
233
|
+
path_under_root?(build_dir, settings_dir)
|
|
234
|
+
end
|
|
235
|
+
|
|
236
|
+
return nil if ancestor_settings.empty?
|
|
237
|
+
|
|
238
|
+
ancestor_settings.max_by do |f|
|
|
239
|
+
normalized_directory_path(f).split("/").count { |element| !element.empty? }
|
|
240
|
+
end
|
|
241
|
+
end
|
|
111
242
|
end
|
|
112
243
|
end
|
|
113
244
|
end
|
|
@@ -5,81 +5,22 @@ require "sorbet-runtime"
|
|
|
5
5
|
|
|
6
6
|
require "dependabot/gradle/file_updater"
|
|
7
7
|
require "dependabot/gradle/file_parser/property_value_finder"
|
|
8
|
+
require "dependabot/maven/shared/shared_property_value_updater"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Gradle
|
|
11
12
|
class FileUpdater
|
|
12
|
-
class PropertyValueUpdater
|
|
13
|
+
class PropertyValueUpdater < Dependabot::Maven::Shared::SharedPropertyValueUpdater
|
|
13
14
|
extend T::Sig
|
|
14
15
|
|
|
15
|
-
sig { params(dependency_files: T::Array[DependencyFile]).void }
|
|
16
|
-
def initialize(dependency_files:)
|
|
17
|
-
@dependency_files = dependency_files
|
|
18
|
-
@property_value_finder = T.let(nil, T.nilable(Gradle::FileParser::PropertyValueFinder))
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
sig do
|
|
22
|
-
params(
|
|
23
|
-
property_name: String,
|
|
24
|
-
callsite_buildfile: DependencyFile,
|
|
25
|
-
previous_value: String,
|
|
26
|
-
updated_value: String
|
|
27
|
-
)
|
|
28
|
-
.returns(T::Array[DependencyFile])
|
|
29
|
-
end
|
|
30
|
-
def update_files_for_property_change(
|
|
31
|
-
property_name:,
|
|
32
|
-
callsite_buildfile:,
|
|
33
|
-
previous_value:,
|
|
34
|
-
updated_value:
|
|
35
|
-
)
|
|
36
|
-
declaration_details = T.must(
|
|
37
|
-
property_value_finder.property_details(
|
|
38
|
-
property_name: property_name,
|
|
39
|
-
callsite_buildfile: callsite_buildfile
|
|
40
|
-
)
|
|
41
|
-
)
|
|
42
|
-
declaration_string = declaration_details.fetch(:declaration_string)
|
|
43
|
-
filename = declaration_details.fetch(:file)
|
|
44
|
-
|
|
45
|
-
file_to_update = T.must(dependency_files.find { |f| f.name == filename })
|
|
46
|
-
updated_content = T.must(file_to_update.content).sub(
|
|
47
|
-
declaration_string,
|
|
48
|
-
declaration_string.sub(
|
|
49
|
-
previous_value_regex(previous_value),
|
|
50
|
-
updated_value
|
|
51
|
-
)
|
|
52
|
-
)
|
|
53
|
-
|
|
54
|
-
updated_files = dependency_files.dup
|
|
55
|
-
updated_files[T.must(updated_files.index(file_to_update))] =
|
|
56
|
-
update_file(file: file_to_update, content: updated_content)
|
|
57
|
-
|
|
58
|
-
updated_files
|
|
59
|
-
end
|
|
60
|
-
|
|
61
16
|
private
|
|
62
17
|
|
|
63
|
-
sig { returns(
|
|
64
|
-
attr_reader :dependency_files
|
|
65
|
-
|
|
66
|
-
sig { returns(Gradle::FileParser::PropertyValueFinder) }
|
|
18
|
+
sig { override.returns(Gradle::FileParser::PropertyValueFinder) }
|
|
67
19
|
def property_value_finder
|
|
68
|
-
@property_value_finder ||=
|
|
69
|
-
Gradle::FileParser::PropertyValueFinder
|
|
70
|
-
.
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
sig { params(file: DependencyFile, content: String).returns(DependencyFile) }
|
|
74
|
-
def update_file(file:, content:)
|
|
75
|
-
updated_file = file.dup
|
|
76
|
-
updated_file.content = content
|
|
77
|
-
updated_file
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
sig { params(previous_value: String).returns(Regexp) }
|
|
81
|
-
def previous_value_regex(previous_value)
|
|
82
|
-
/(?<=['"])#{Regexp.quote(previous_value)}(?=['"])/
|
|
20
|
+
@property_value_finder ||= T.let(
|
|
21
|
+
Gradle::FileParser::PropertyValueFinder.new(dependency_files: dependency_files),
|
|
22
|
+
T.nilable(Gradle::FileParser::PropertyValueFinder)
|
|
23
|
+
)
|
|
83
24
|
end
|
|
84
25
|
end
|
|
85
26
|
end
|
|
@@ -107,17 +107,34 @@ module Dependabot
|
|
|
107
107
|
replace_updated_files(files, updated_files)
|
|
108
108
|
end
|
|
109
109
|
if Dependabot::Experiments.enabled?(:gradle_lockfile_updater)
|
|
110
|
-
buildfiles_processed
|
|
111
|
-
lockfile_updater = LockfileUpdater.new(dependency_files: files)
|
|
112
|
-
updated_files = lockfile_updater.update_lockfiles(buildfile)
|
|
113
|
-
replace_updated_files(files, updated_files)
|
|
114
|
-
end
|
|
110
|
+
update_lockfiles_for_buildfiles(files, buildfiles_processed)
|
|
115
111
|
end
|
|
116
112
|
|
|
117
113
|
files
|
|
118
114
|
end
|
|
119
115
|
# rubocop:enable Metrics/PerceivedComplexity
|
|
120
116
|
# rubocop:enable Metrics/AbcSize
|
|
117
|
+
|
|
118
|
+
sig do
|
|
119
|
+
params(
|
|
120
|
+
files: T::Array[Dependabot::DependencyFile],
|
|
121
|
+
buildfiles_processed: T::Hash[String, Dependabot::DependencyFile]
|
|
122
|
+
).void
|
|
123
|
+
end
|
|
124
|
+
def update_lockfiles_for_buildfiles(files, buildfiles_processed)
|
|
125
|
+
lockfile_roots_processed = T.let(Set.new, T::Set[String])
|
|
126
|
+
|
|
127
|
+
buildfiles_processed.each_value do |buildfile|
|
|
128
|
+
lockfile_updater = LockfileUpdater.new(dependency_files: files)
|
|
129
|
+
root_dir = lockfile_updater.determine_root_dir(build_file: buildfile)
|
|
130
|
+
next if lockfile_roots_processed.include?(root_dir)
|
|
131
|
+
|
|
132
|
+
lockfile_roots_processed.add(root_dir)
|
|
133
|
+
|
|
134
|
+
updated_files = lockfile_updater.update_lockfiles(buildfile)
|
|
135
|
+
replace_updated_files(files, updated_files)
|
|
136
|
+
end
|
|
137
|
+
end
|
|
121
138
|
sig do
|
|
122
139
|
params(
|
|
123
140
|
files: T::Array[Dependabot::DependencyFile],
|
|
@@ -1,25 +1,19 @@
|
|
|
1
1
|
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
-
require "nokogiri"
|
|
5
4
|
require "sorbet-runtime"
|
|
6
5
|
|
|
7
|
-
require "dependabot/file_fetchers/base"
|
|
8
6
|
require "dependabot/gradle/distributions"
|
|
9
7
|
require "dependabot/gradle/file_fetcher"
|
|
10
8
|
require "dependabot/gradle/file_parser/repositories_finder"
|
|
11
|
-
require "dependabot/maven/
|
|
9
|
+
require "dependabot/maven/shared/shared_metadata_finder"
|
|
12
10
|
require "dependabot/metadata_finders"
|
|
13
|
-
require "dependabot/metadata_finders/base"
|
|
14
|
-
require "dependabot/registry_client"
|
|
15
11
|
|
|
16
12
|
module Dependabot
|
|
17
13
|
module Gradle
|
|
18
|
-
class MetadataFinder < Dependabot::
|
|
14
|
+
class MetadataFinder < Dependabot::Maven::Shared::SharedMetadataFinder
|
|
19
15
|
extend T::Sig
|
|
20
16
|
|
|
21
|
-
DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
|
|
22
|
-
PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
|
|
23
17
|
KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
|
|
24
18
|
|
|
25
19
|
private
|
|
@@ -28,18 +22,7 @@ module Dependabot
|
|
|
28
22
|
def look_up_source
|
|
29
23
|
return distributions_source if Distributions.distribution_requirements?(dependency.requirements)
|
|
30
24
|
|
|
31
|
-
|
|
32
|
-
return tmp_source if tmp_source
|
|
33
|
-
|
|
34
|
-
return unless (parent = parent_pom_file(dependency_pom_file))
|
|
35
|
-
|
|
36
|
-
tmp_source = look_up_source_in_pom(parent)
|
|
37
|
-
return unless tmp_source
|
|
38
|
-
|
|
39
|
-
artifact = dependency.name.split(":").last
|
|
40
|
-
return tmp_source if tmp_source.repo.end_with?(T.must(artifact))
|
|
41
|
-
|
|
42
|
-
tmp_source if repo_has_subdir_for_dep?(tmp_source)
|
|
25
|
+
super
|
|
43
26
|
end
|
|
44
27
|
|
|
45
28
|
# The Gradle Wrapper does not have its own release notes.
|
|
@@ -53,120 +36,35 @@ module Dependabot
|
|
|
53
36
|
)
|
|
54
37
|
end
|
|
55
38
|
|
|
56
|
-
sig {
|
|
57
|
-
def
|
|
58
|
-
|
|
59
|
-
return T.must(@repo_has_subdir_for_dep[tmp_source]) if @repo_has_subdir_for_dep.key?(tmp_source)
|
|
60
|
-
|
|
61
|
-
artifact = dependency.name.split(":").last
|
|
62
|
-
fetcher =
|
|
63
|
-
Dependabot::Gradle::FileFetcher.new(source: tmp_source, credentials: credentials)
|
|
64
|
-
|
|
65
|
-
@repo_has_subdir_for_dep[tmp_source] =
|
|
66
|
-
fetcher.send(:repo_contents, raise_errors: false)
|
|
67
|
-
.select { |f| f.type == "dir" }
|
|
68
|
-
.any? { |f| artifact&.end_with?(f.name) }
|
|
69
|
-
rescue Dependabot::BranchNotFound
|
|
70
|
-
tmp_source.branch = nil
|
|
71
|
-
retry
|
|
72
|
-
rescue Dependabot::RepoNotFound
|
|
73
|
-
T.must(@repo_has_subdir_for_dep)[tmp_source] = false
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Dependabot::Source)) }
|
|
77
|
-
def look_up_source_in_pom(pom)
|
|
78
|
-
potential_source_urls = [
|
|
79
|
-
pom.at_css("project > url")&.content,
|
|
80
|
-
pom.at_css("project > scm > url")&.content,
|
|
81
|
-
pom.at_css("project > issueManagement > url")&.content
|
|
82
|
-
].compact
|
|
83
|
-
|
|
84
|
-
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
|
85
|
-
source_url ||= source_from_anywhere_in_pom(pom)
|
|
86
|
-
source_url = substitute_property_in_source_url(source_url, pom)
|
|
87
|
-
|
|
88
|
-
Source.from_url(source_url)
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
sig { params(source_url: T.nilable(String), pom: Nokogiri::XML::Document).returns(T.nilable(String)) }
|
|
92
|
-
def substitute_property_in_source_url(source_url, pom)
|
|
93
|
-
return unless source_url
|
|
94
|
-
return source_url unless source_url.include?("${")
|
|
95
|
-
|
|
96
|
-
regex = PROPERTY_REGEX
|
|
97
|
-
property_name = T.must(source_url.match(regex)).named_captures["property"]
|
|
98
|
-
doc = pom.dup
|
|
99
|
-
doc.remove_namespaces!
|
|
100
|
-
nm = T.must(property_name).sub(/^pom\./, "").sub(/^project\./, "")
|
|
101
|
-
property_value =
|
|
102
|
-
loop do
|
|
103
|
-
candidate_node =
|
|
104
|
-
doc.at_xpath("/project/#{nm}") ||
|
|
105
|
-
doc.at_xpath("/project/properties/#{nm}") ||
|
|
106
|
-
doc.at_xpath("/project/profiles/profile/properties/#{nm}")
|
|
107
|
-
break(candidate_node.content) if candidate_node
|
|
108
|
-
break unless nm.match?(DOT_SEPARATOR_REGEX)
|
|
109
|
-
|
|
110
|
-
nm = nm.sub(DOT_SEPARATOR_REGEX, "/")
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
source_url.gsub("${#{property_name}}", property_value)
|
|
39
|
+
sig { override.returns(T.class_of(Dependabot::FileFetchers::Base)) }
|
|
40
|
+
def file_fetcher_class
|
|
41
|
+
Dependabot::Gradle::FileFetcher
|
|
114
42
|
end
|
|
115
43
|
|
|
116
|
-
sig {
|
|
117
|
-
def
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
github_urls.find do |url|
|
|
124
|
-
repo = T.must(Source.from_url(url)).repo
|
|
125
|
-
repo.end_with?(T.must(dependency.name.split(":").last))
|
|
44
|
+
sig { override.returns(T.nilable(String)) }
|
|
45
|
+
def dependency_artifact_id
|
|
46
|
+
if kotlin_plugin? then "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"
|
|
47
|
+
elsif plugin? then "#{dependency.name}.gradle.plugin"
|
|
48
|
+
else
|
|
49
|
+
dependency.name.split(":").last
|
|
126
50
|
end
|
|
127
51
|
end
|
|
128
52
|
|
|
129
|
-
sig { returns(
|
|
130
|
-
def
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
elsif plugin? then "#{dependency.name}.gradle.plugin"
|
|
53
|
+
sig { override.returns(String) }
|
|
54
|
+
def maven_repo_dependency_url
|
|
55
|
+
group_id, artifact_id =
|
|
56
|
+
if kotlin_plugin?
|
|
57
|
+
["#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}",
|
|
58
|
+
"#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"]
|
|
59
|
+
elsif plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
|
|
136
60
|
else
|
|
137
|
-
dependency.name.split(":")
|
|
61
|
+
dependency.name.split(":")
|
|
138
62
|
end
|
|
139
63
|
|
|
140
|
-
|
|
141
|
-
url: "#{maven_repo_dependency_url}/#{dependency.version}/#{artifact_id}-#{dependency.version}.pom",
|
|
142
|
-
headers: auth_headers
|
|
143
|
-
)
|
|
144
|
-
|
|
145
|
-
@dependency_pom_file = T.let(Nokogiri::XML(response.body), T.nilable(Nokogiri::XML::Document))
|
|
146
|
-
rescue Excon::Error::Timeout
|
|
147
|
-
@dependency_pom_file ||= T.let(Nokogiri::XML(""), T.nilable(Nokogiri::XML::Document))
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Nokogiri::XML::Document)) }
|
|
151
|
-
def parent_pom_file(pom)
|
|
152
|
-
doc = pom.dup
|
|
153
|
-
doc.remove_namespaces!
|
|
154
|
-
group_id = doc.at_xpath("/project/parent/groupId")&.content&.strip
|
|
155
|
-
artifact_id =
|
|
156
|
-
doc.at_xpath("/project/parent/artifactId")&.content&.strip
|
|
157
|
-
version = doc.at_xpath("/project/parent/version")&.content&.strip
|
|
158
|
-
|
|
159
|
-
return unless artifact_id && group_id && version
|
|
160
|
-
|
|
161
|
-
response = Dependabot::RegistryClient.get(
|
|
162
|
-
url: "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/#{artifact_id}-#{version}.pom",
|
|
163
|
-
headers: auth_headers
|
|
164
|
-
)
|
|
165
|
-
|
|
166
|
-
Nokogiri::XML(response.body)
|
|
64
|
+
"#{maven_repo_url}/#{group_id&.tr('.', '/')}/#{artifact_id}"
|
|
167
65
|
end
|
|
168
66
|
|
|
169
|
-
sig { returns(String) }
|
|
67
|
+
sig { override.returns(String) }
|
|
170
68
|
def maven_repo_url
|
|
171
69
|
source = dependency.requirements
|
|
172
70
|
.find { |r| r.fetch(:source) }&.fetch(:source)
|
|
@@ -176,18 +74,9 @@ module Dependabot
|
|
|
176
74
|
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
|
177
75
|
end
|
|
178
76
|
|
|
179
|
-
sig { returns(String) }
|
|
180
|
-
def
|
|
181
|
-
|
|
182
|
-
if kotlin_plugin?
|
|
183
|
-
["#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}",
|
|
184
|
-
"#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"]
|
|
185
|
-
elsif plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
|
|
186
|
-
else
|
|
187
|
-
dependency.name.split(":")
|
|
188
|
-
end
|
|
189
|
-
|
|
190
|
-
"#{maven_repo_url}/#{group_id&.tr('.', '/')}/#{artifact_id}"
|
|
77
|
+
sig { override.returns(String) }
|
|
78
|
+
def central_repo_url
|
|
79
|
+
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
|
191
80
|
end
|
|
192
81
|
|
|
193
82
|
sig { returns(T::Boolean) }
|
|
@@ -199,14 +88,6 @@ module Dependabot
|
|
|
199
88
|
def kotlin_plugin?
|
|
200
89
|
plugin? && dependency.requirements.any? { |r| r.fetch(:groups).include? "kotlin" }
|
|
201
90
|
end
|
|
202
|
-
|
|
203
|
-
sig { returns(T::Hash[String, String]) }
|
|
204
|
-
def auth_headers
|
|
205
|
-
@auth_headers ||= T.let(
|
|
206
|
-
Dependabot::Maven::Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url),
|
|
207
|
-
T.nilable(T::Hash[String, String])
|
|
208
|
-
)
|
|
209
|
-
end
|
|
210
91
|
end
|
|
211
92
|
end
|
|
212
93
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.377.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,28 +15,28 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.377.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.377.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: dependabot-maven
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - '='
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.377.0
|
|
33
33
|
type: :runtime
|
|
34
34
|
prerelease: false
|
|
35
35
|
version_requirements: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - '='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 0.
|
|
39
|
+
version: 0.377.0
|
|
40
40
|
- !ruby/object:Gem::Dependency
|
|
41
41
|
name: debug
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -285,7 +285,7 @@ licenses:
|
|
|
285
285
|
- MIT
|
|
286
286
|
metadata:
|
|
287
287
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
288
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
288
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.377.0
|
|
289
289
|
rdoc_options: []
|
|
290
290
|
require_paths:
|
|
291
291
|
- lib
|