dependabot-gradle 0.84.0

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+require "nokogiri"
+require "dependabot/shared_helpers"
+require "dependabot/gradle/file_parser/repositories_finder"
+require "dependabot/gradle/update_checker"
+require "dependabot/gradle/version"
+require "dependabot/gradle/requirement"
+
+module Dependabot
+  module Gradle
+    class UpdateChecker
+      class VersionFinder
+        GOOGLE_MAVEN_REPO = "https://maven.google.com"
+        TYPE_SUFFICES = %w(jre android java).freeze
+
+        def initialize(dependency:, dependency_files:, ignored_versions:)
+          @dependency = dependency
+          @dependency_files = dependency_files
+          @ignored_versions = ignored_versions
+        end
+
+        def latest_version_details
+          possible_versions = versions
+
+          unless wants_prerelease?
+            possible_versions =
+              possible_versions.
+              reject { |v| v.fetch(:version).prerelease? }
+          end
+
+          unless wants_date_based_version?
+            possible_versions =
+              possible_versions.
+              reject { |v| v.fetch(:version) > version_class.new(1900) }
+          end
+
+          possible_versions =
+            possible_versions.
+            select { |v| matches_dependency_version_type?(v.fetch(:version)) }
+
+          ignored_versions.each do |req|
+            ignore_req = Gradle::Requirement.new(req.split(","))
+            possible_versions =
+              possible_versions.
+              reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+          end
+
+          possible_versions.last
+        end
+
+        def versions
+          version_details =
+            repository_urls.map do |url|
+              next google_version_details if url == GOOGLE_MAVEN_REPO
+
+              dependency_metadata(url).css("versions > version").
+                select { |node| version_class.correct?(node.content) }.
+                map { |node| version_class.new(node.content) }.
+                map { |version| { version: version, source_url: url } }
+            end.flatten.compact
+
+          version_details.sort_by { |details| details.fetch(:version) }
+        end
+
+        private
+
+        attr_reader :dependency, :dependency_files, :ignored_versions
+
+        def wants_prerelease?
+          return false unless dependency.version
+          return false unless version_class.correct?(dependency.version)
+
+          version_class.new(dependency.version).prerelease?
+        end
+
+        def wants_date_based_version?
+          return false unless dependency.version
+          return false unless version_class.correct?(dependency.version)
+
+          version_class.new(dependency.version) >= version_class.new(100)
+        end
+
+        def google_version_details
+          url = GOOGLE_MAVEN_REPO
+          group_id, artifact_id = dependency.name.split(":")
+
+          dependency_metadata_url = "#{GOOGLE_MAVEN_REPO}/"\
+                                    "#{group_id.tr('.', '/')}/"\
+                                    "group-index.xml"
+
+          @google_version_details ||=
+            begin
+              response = Excon.get(
+                dependency_metadata_url,
+                idempotent: true,
+                **SharedHelpers.excon_defaults
+              )
+              Nokogiri::XML(response.body)
+            end
+
+          xpath = "/#{group_id}/#{artifact_id}"
+          return unless @google_version_details.at_xpath(xpath)
+
+          @google_version_details.at_xpath(xpath).
+            attributes.fetch("versions").
+            value.split(",").
+            select { |v| version_class.correct?(v) }.
+            map { |v| version_class.new(v) }.
+            map { |version| { version: version, source_url: url } }
+        end
+
+        def dependency_metadata(repository_url)
+          @dependency_metadata ||= {}
+          @dependency_metadata[repository_url] ||=
+            begin
+              response = Excon.get(
+                dependency_metadata_url(repository_url),
+                idempotent: true,
+                **SharedHelpers.excon_defaults
+              )
+              Nokogiri::XML(response.body)
+            rescue Excon::Error::Socket, Excon::Error::Timeout
+              namespace = Gradle::FileParser::RepositoriesFinder
+              central = namespace::CENTRAL_REPO_URL
+              raise if repository_url == central
+
+              Nokogiri::XML("")
+            end
+        end
+
+        def repository_urls
+          requirement_files =
+            dependency.requirements.
+            map { |r| r.fetch(:file) }.
+            map { |nm| dependency_files.find { |f| f.name == nm } }
+
+          @repository_urls ||=
+            requirement_files.flat_map do |target_file|
+              Gradle::FileParser::RepositoriesFinder.new(
+                dependency_files: dependency_files,
+                target_dependency_file: target_file
+              ).repository_urls
+            end.uniq
+        end
+
+        def matches_dependency_version_type?(comparison_version)
+          return true unless dependency.version
+
+          current_type =
+            TYPE_SUFFICES.
+            find { |t| dependency.version.split(/[.\-]/).include?(t) }
+
+          version_type =
+            TYPE_SUFFICES.
+            find { |t| comparison_version.to_s.split(/[.\-]/).include?(t) }
+
+          current_type == version_type
+        end
+
+        def pom
+          filename = dependency.requirements.first.fetch(:file)
+          dependency_files.find { |f| f.name == filename }
+        end
+
+        def dependency_metadata_url(repository_url)
+          group_id, artifact_id = dependency.name.split(":")
+
+          "#{repository_url}/"\
+          "#{group_id.tr('.', '/')}/"\
+          "#{artifact_id}/"\
+          "maven-metadata.xml"
+        end
+
+        def version_class
+          Gradle::Version
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/gradle/version.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+require "dependabot/utils"
+
+# Java versions use dots and dashes when tokenising their versions.
+# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
+#
+# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
+
+module Dependabot
+  module Gradle
+    class Version < Gem::Version
+      NULL_VALUES = %w(0 final ga).freeze
+      PREFIXED_TOKEN_HIERARCHY = {
+        "." => { qualifier: 1, number: 4 },
+        "-" => { qualifier: 2, number: 3 }
+      }.freeze
+      NAMED_QUALIFIERS_HIERARCHY = {
+        "a" => 1, "alpha"     => 1,
+        "b" => 2, "beta"      => 2,
+        "m" => 3, "milestone" => 3,
+        "rc" => 4, "cr" => 4,
+        "snapshot" => 5,
+        "ga" => 6, "" => 6, "final" => 6,
+        "sp" => 7
+      }.freeze
+      VERSION_PATTERN =
+        '[0-9a-zA-Z]+(?>\.[0-9a-zA-Z]*)*(-[0-9A-Za-z-]*(\.[0-9A-Za-z-]*)*)?'
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+
+      def self.correct?(version)
+        return false if version.nil?
+
+        version.to_s.match?(ANCHORED_VERSION_PATTERN)
+      end
+
+      def initialize(version)
+        @version_string = version.to_s
+        super(version.to_s.tr("_", "-"))
+      end
+
+      def to_s
+        @version_string
+      end
+
+      def prerelease?
+        tokens.any? do |token|
+          next false unless NAMED_QUALIFIERS_HIERARCHY[token]
+
+          NAMED_QUALIFIERS_HIERARCHY[token] < 6
+        end
+      end
+
+      private
+
+      def tokens
+        @tokens ||=
+          begin
+            version = @version_string.to_s.downcase
+            version = fill_tokens(version)
+            version = trim_version(version)
+            split_into_prefixed_tokens(version).map { |t| t[1..-1] }
+          end
+      end
+
+      def <=>(other)
+        version = stringify_version(@version_string)
+        version = fill_tokens(version)
+        version = trim_version(version)
+
+        other_version = stringify_version(other)
+        other_version = fill_tokens(other_version)
+        other_version = trim_version(other_version)
+
+        version, other_version = convert_dates(version, other_version)
+
+        prefixed_tokens = split_into_prefixed_tokens(version)
+        other_prefixed_tokens = split_into_prefixed_tokens(other_version)
+
+        prefixed_tokens, other_prefixed_tokens =
+          pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+
+        prefixed_tokens.count.times.each do |index|
+          comp = compare_prefixed_token(
+            prefix: prefixed_tokens[index][0],
+            token: prefixed_tokens[index][1..-1] || "",
+            other_prefix: other_prefixed_tokens[index][0],
+            other_token: other_prefixed_tokens[index][1..-1] || ""
+          )
+          return comp unless comp.zero?
+        end
+
+        0
+      end
+
+      def stringify_version(version)
+        version = version.to_s.downcase
+
+        # Not technically correct, but pragmatic
+        version.gsub(/^v(?=\d)/, "")
+      end
+
+      def fill_tokens(version)
+        # Add separators when transitioning from digits to characters
+        version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
+        version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
+
+        # Replace empty tokens with 0
+        version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
+        version = version.gsub(/^([\.\-])/, '0\1')
+        version.gsub(/([\.\-])$/, '\10')
+      end
+
+      def trim_version(version)
+        version.split("-").map do |v|
+          parts = v.split(".")
+          parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
+          parts&.join(".")
+        end.compact.reject(&:empty?).join("-")
+      end
+
+      def convert_dates(version, other_version)
+        default = [version, other_version]
+        return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+        return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+
+        [version.delete("-"), other_version.delete("-")]
+      end
+
+      def split_into_prefixed_tokens(version)
+        ".#{version}".split(/(?=[\-\.])/)
+      end
+
+      def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+        prefixed_tokens = prefixed_tokens.dup
+        other_prefixed_tokens = other_prefixed_tokens.dup
+
+        longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
+        shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
+
+        longest.count.times do |index|
+          next unless shortest[index].nil?
+
+          shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
+        end
+
+        [prefixed_tokens, other_prefixed_tokens]
+      end
+
+      def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
+        token_type = token.match?(/^\d+$/) ? :number : :qualifier
+        other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
+
+        hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
+        other_hierarchy =
+          PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
+
+        hierarchy_comparison = hierarchy <=> other_hierarchy
+        return hierarchy_comparison unless hierarchy_comparison.zero?
+
+        compare_token(token: token, other_token: other_token)
+      end
+
+      def compare_token(token:, other_token:)
+        if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
+          return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
+
+          return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
+        end
+
+        return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
+
+        token = token.to_i if token.match?(/^\d+$/)
+        other_token = other_token.to_i if other_token.match?(/^\d+$/)
+        token <=> other_token
+      end
+    end
+  end
+end
+
+Dependabot::Utils.register_version_class("gradle", Dependabot::Gradle::Version)

metadata

@@ -0,0 +1,186 @@
+--- !ruby/object:Gem::Specification
+name: dependabot-gradle
+version: !ruby/object:Gem::Version
+  version: 0.84.0
+platform: ruby
+authors:
+- Dependabot
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-12-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: dependabot-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.84.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.84.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.61'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
+  Rust, Java, .NET, Elm and Go
+email: support@dependabot.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dependabot/gradle.rb
+- lib/dependabot/gradle/file_fetcher.rb
+- lib/dependabot/gradle/file_fetcher/settings_file_parser.rb
+- lib/dependabot/gradle/file_parser.rb
+- lib/dependabot/gradle/file_parser/property_value_finder.rb
+- lib/dependabot/gradle/file_parser/repositories_finder.rb
+- lib/dependabot/gradle/file_updater.rb
+- lib/dependabot/gradle/file_updater/dependency_set_updater.rb
+- lib/dependabot/gradle/file_updater/property_value_updater.rb
+- lib/dependabot/gradle/metadata_finder.rb
+- lib/dependabot/gradle/requirement.rb
+- lib/dependabot/gradle/update_checker.rb
+- lib/dependabot/gradle/update_checker/multi_dependency_updater.rb
+- lib/dependabot/gradle/update_checker/requirements_updater.rb
+- lib/dependabot/gradle/update_checker/version_finder.rb
+- lib/dependabot/gradle/version.rb
+homepage: https://github.com/dependabot/dependabot-core
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Gradle support for dependabot-core
+test_files: []