dependabot-gradle 0.376.0 → 0.377.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/metadata_finder.rb +25 -144
  3. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 927977ff944f07aab10b9338ca71c9540520dc07a97f3db8cf2aa9b27d325d9f
4
- data.tar.gz: b618b2c6aaeb01de38041a829a0b1f650604df9791889323fe8066388b3e3aeb
3
+ metadata.gz: fc9ccb07b414741f2b8839cd0fb9515a004b20df4dfb5b008347af097a93128a
4
+ data.tar.gz: d974e7d7f85518016c86c19366421127781be99f2d014b16891d6483d9196e76
5
5
  SHA512:
6
- metadata.gz: 648c6a0d23f8ae1f8026a10d19e66766a14c29be9e4fe3b46cc6386b0b24e82328e357b9504b40b61612322cddff3ab4ad786beca3a1d5d70dc9e42b321aebaf
7
- data.tar.gz: 289b073da8a00a76bf0f2b636e8429d76a4472eba85057e4d4630b981b30554a674cbdd23879f3446a78f2a874903089ac00dfdd1f4de44072393245c7ec82e1
6
+ metadata.gz: b9c4b0b21c8b0dd3625b464491a723e63bfb5d12c6524e503f0edae004a65cfa7194c86638c2a8eb609652b79e3625dbbfdebbbe41f620ce889679a1e2aacddf
7
+ data.tar.gz: 20b4d157bf6a305cafe771152a638ef3f4290d935cb7b2d221c62338c33e8b18de2bb6b55586d0808118993b34f37d7b62392eb02c9324f0f010a465fa4eed8c
data/lib/dependabot/gradle/metadata_finder.rb CHANGED
@@ -1,25 +1,19 @@
1
1
  # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
- require "nokogiri"
5
4
  require "sorbet-runtime"
6
5
 
7
- require "dependabot/file_fetchers/base"
8
6
  require "dependabot/gradle/distributions"
9
7
  require "dependabot/gradle/file_fetcher"
10
8
  require "dependabot/gradle/file_parser/repositories_finder"
11
- require "dependabot/maven/utils/auth_headers_finder"
9
+ require "dependabot/maven/shared/shared_metadata_finder"
12
10
  require "dependabot/metadata_finders"
13
- require "dependabot/metadata_finders/base"
14
- require "dependabot/registry_client"
15
11
 
16
12
  module Dependabot
17
13
  module Gradle
18
- class MetadataFinder < Dependabot::MetadataFinders::Base
14
+ class MetadataFinder < Dependabot::Maven::Shared::SharedMetadataFinder
19
15
  extend T::Sig
20
16
 
21
- DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
22
- PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
23
17
  KOTLIN_PLUGIN_REPO_PREFIX = "org.jetbrains.kotlin"
24
18
 
25
19
  private
@@ -28,18 +22,7 @@ module Dependabot
28
22
  def look_up_source
29
23
  return distributions_source if Distributions.distribution_requirements?(dependency.requirements)
30
24
 
31
- tmp_source = look_up_source_in_pom(dependency_pom_file)
32
- return tmp_source if tmp_source
33
-
34
- return unless (parent = parent_pom_file(dependency_pom_file))
35
-
36
- tmp_source = look_up_source_in_pom(parent)
37
- return unless tmp_source
38
-
39
- artifact = dependency.name.split(":").last
40
- return tmp_source if tmp_source.repo.end_with?(T.must(artifact))
41
-
42
- tmp_source if repo_has_subdir_for_dep?(tmp_source)
25
+ super
43
26
  end
44
27
 
45
28
  # The Gradle Wrapper does not have its own release notes.
@@ -53,120 +36,35 @@ module Dependabot
53
36
  )
54
37
  end
55
38
 
56
- sig { params(tmp_source: Dependabot::Source).returns(T::Boolean) }
57
- def repo_has_subdir_for_dep?(tmp_source)
58
- @repo_has_subdir_for_dep ||= T.let({}, T.nilable(T::Hash[Dependabot::Source, T::Boolean]))
59
- return T.must(@repo_has_subdir_for_dep[tmp_source]) if @repo_has_subdir_for_dep.key?(tmp_source)
60
-
61
- artifact = dependency.name.split(":").last
62
- fetcher =
63
- Dependabot::Gradle::FileFetcher.new(source: tmp_source, credentials: credentials)
64
-
65
- @repo_has_subdir_for_dep[tmp_source] =
66
- fetcher.send(:repo_contents, raise_errors: false)
67
- .select { |f| f.type == "dir" }
68
- .any? { |f| artifact&.end_with?(f.name) }
69
- rescue Dependabot::BranchNotFound
70
- tmp_source.branch = nil
71
- retry
72
- rescue Dependabot::RepoNotFound
73
- T.must(@repo_has_subdir_for_dep)[tmp_source] = false
74
- end
75
-
76
- sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Dependabot::Source)) }
77
- def look_up_source_in_pom(pom)
78
- potential_source_urls = [
79
- pom.at_css("project > url")&.content,
80
- pom.at_css("project > scm > url")&.content,
81
- pom.at_css("project > issueManagement > url")&.content
82
- ].compact
83
-
84
- source_url = potential_source_urls.find { |url| Source.from_url(url) }
85
- source_url ||= source_from_anywhere_in_pom(pom)
86
- source_url = substitute_property_in_source_url(source_url, pom)
87
-
88
- Source.from_url(source_url)
89
- end
90
-
91
- sig { params(source_url: T.nilable(String), pom: Nokogiri::XML::Document).returns(T.nilable(String)) }
92
- def substitute_property_in_source_url(source_url, pom)
93
- return unless source_url
94
- return source_url unless source_url.include?("${")
95
-
96
- regex = PROPERTY_REGEX
97
- property_name = T.must(source_url.match(regex)).named_captures["property"]
98
- doc = pom.dup
99
- doc.remove_namespaces!
100
- nm = T.must(property_name).sub(/^pom\./, "").sub(/^project\./, "")
101
- property_value =
102
- loop do
103
- candidate_node =
104
- doc.at_xpath("/project/#{nm}") ||
105
- doc.at_xpath("/project/properties/#{nm}") ||
106
- doc.at_xpath("/project/profiles/profile/properties/#{nm}")
107
- break(candidate_node.content) if candidate_node
108
- break unless nm.match?(DOT_SEPARATOR_REGEX)
109
-
110
- nm = nm.sub(DOT_SEPARATOR_REGEX, "/")
111
- end
112
-
113
- source_url.gsub("${#{property_name}}", property_value)
39
+ sig { override.returns(T.class_of(Dependabot::FileFetchers::Base)) }
40
+ def file_fetcher_class
41
+ Dependabot::Gradle::FileFetcher
114
42
  end
115
43
 
116
- sig { params(pom: T.any(String, Nokogiri::XML::Document)).returns(T.nilable(String)) }
117
- def source_from_anywhere_in_pom(pom)
118
- github_urls = []
119
- pom.to_s.scan(Source::SOURCE_REGEX) do
120
- github_urls << Regexp.last_match.to_s
121
- end
122
-
123
- github_urls.find do |url|
124
- repo = T.must(Source.from_url(url)).repo
125
- repo.end_with?(T.must(dependency.name.split(":").last))
44
+ sig { override.returns(T.nilable(String)) }
45
+ def dependency_artifact_id
46
+ if kotlin_plugin? then "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"
47
+ elsif plugin? then "#{dependency.name}.gradle.plugin"
48
+ else
49
+ dependency.name.split(":").last
126
50
  end
127
51
  end
128
52
 
129
- sig { returns(Nokogiri::XML::Document) }
130
- def dependency_pom_file
131
- return @dependency_pom_file unless @dependency_pom_file.nil?
132
-
133
- artifact_id =
134
- if kotlin_plugin? then "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"
135
- elsif plugin? then "#{dependency.name}.gradle.plugin"
53
+ sig { override.returns(String) }
54
+ def maven_repo_dependency_url
55
+ group_id, artifact_id =
56
+ if kotlin_plugin?
57
+ ["#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}",
58
+ "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"]
59
+ elsif plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
136
60
  else
137
- dependency.name.split(":").last
61
+ dependency.name.split(":")
138
62
  end
139
63
 
140
- response = Dependabot::RegistryClient.get(
141
- url: "#{maven_repo_dependency_url}/#{dependency.version}/#{artifact_id}-#{dependency.version}.pom",
142
- headers: auth_headers
143
- )
144
-
145
- @dependency_pom_file = T.let(Nokogiri::XML(response.body), T.nilable(Nokogiri::XML::Document))
146
- rescue Excon::Error::Timeout
147
- @dependency_pom_file ||= T.let(Nokogiri::XML(""), T.nilable(Nokogiri::XML::Document))
148
- end
149
-
150
- sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Nokogiri::XML::Document)) }
151
- def parent_pom_file(pom)
152
- doc = pom.dup
153
- doc.remove_namespaces!
154
- group_id = doc.at_xpath("/project/parent/groupId")&.content&.strip
155
- artifact_id =
156
- doc.at_xpath("/project/parent/artifactId")&.content&.strip
157
- version = doc.at_xpath("/project/parent/version")&.content&.strip
158
-
159
- return unless artifact_id && group_id && version
160
-
161
- response = Dependabot::RegistryClient.get(
162
- url: "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/#{artifact_id}-#{version}.pom",
163
- headers: auth_headers
164
- )
165
-
166
- Nokogiri::XML(response.body)
64
+ "#{maven_repo_url}/#{group_id&.tr('.', '/')}/#{artifact_id}"
167
65
  end
168
66
 
169
- sig { returns(String) }
67
+ sig { override.returns(String) }
170
68
  def maven_repo_url
171
69
  source = dependency.requirements
172
70
  .find { |r| r.fetch(:source) }&.fetch(:source)
@@ -176,18 +74,9 @@ module Dependabot
176
74
  Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
177
75
  end
178
76
 
179
- sig { returns(String) }
180
- def maven_repo_dependency_url
181
- group_id, artifact_id =
182
- if kotlin_plugin?
183
- ["#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}",
184
- "#{KOTLIN_PLUGIN_REPO_PREFIX}.#{dependency.name}.gradle.plugin"]
185
- elsif plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
186
- else
187
- dependency.name.split(":")
188
- end
189
-
190
- "#{maven_repo_url}/#{group_id&.tr('.', '/')}/#{artifact_id}"
77
+ sig { override.returns(String) }
78
+ def central_repo_url
79
+ Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
191
80
  end
192
81
 
193
82
  sig { returns(T::Boolean) }
@@ -199,14 +88,6 @@ module Dependabot
199
88
  def kotlin_plugin?
200
89
  plugin? && dependency.requirements.any? { |r| r.fetch(:groups).include? "kotlin" }
201
90
  end
202
-
203
- sig { returns(T::Hash[String, String]) }
204
- def auth_headers
205
- @auth_headers ||= T.let(
206
- Dependabot::Maven::Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url),
207
- T.nilable(T::Hash[String, String])
208
- )
209
- end
210
91
  end
211
92
  end
212
93
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.376.0
4
+ version: 0.377.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,28 +15,28 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.376.0
18
+ version: 0.377.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.376.0
25
+ version: 0.377.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: dependabot-maven
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - '='
31
31
  - !ruby/object:Gem::Version
32
- version: 0.376.0
32
+ version: 0.377.0
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - '='
38
38
  - !ruby/object:Gem::Version
39
- version: 0.376.0
39
+ version: 0.377.0
40
40
  - !ruby/object:Gem::Dependency
41
41
  name: debug
42
42
  requirement: !ruby/object:Gem::Requirement
@@ -285,7 +285,7 @@ licenses:
285
285
  - MIT
286
286
  metadata:
287
287
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
288
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.376.0
288
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.377.0
289
289
  rdoc_options: []
290
290
  require_paths:
291
291
  - lib