dependabot-gradle 0.106.25 → 0.106.26
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f74231dc9851ed070e4894bce3287deb5c2e14d5f000e8aa409f6f64ac3bfeda
|
4
|
+
data.tar.gz: 1854ade31354c0a66f760b08f59130a95ff88315d0ecb7596b618e5e18f4a2ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a526f34ee922989f179f65be71488d081ec01ea5be50da7f3f16c62a079e5d7f4763bebe278e8bcae5de7eba3a6af076c2689a6a29e14f4246bca8010cbf20a1
|
7
|
+
data.tar.gz: 20dec11595a1344c112ac180886ac91edbe55cfc42e6013026965735277f8139dc307d6d951f9c9c1cf4f17167a11e420b7183f84d3c7e21ee272a4cf85f0a41
|
@@ -8,6 +8,9 @@ require "dependabot/shared_helpers"
|
|
8
8
|
# The best Gradle documentation is at:
|
9
9
|
# - https://docs.gradle.org/current/dsl/org.gradle.api.artifacts.dsl.
|
10
10
|
# DependencyHandler.html
|
11
|
+
#
|
12
|
+
# In addition, documentation on plugins is at:
|
13
|
+
# - https://docs.gradle.org/current/userguide/plugins.html
|
11
14
|
module Dependabot
|
12
15
|
module Gradle
|
13
16
|
class FileParser < Dependabot::FileParsers::Base
|
@@ -29,6 +32,9 @@ module Dependabot
|
|
29
32
|
DEPENDENCY_SET_DECLARATION_REGEX =
|
30
33
|
/(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/.freeze
|
31
34
|
DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?<name>#{PART})['"]/.freeze
|
35
|
+
PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
|
36
|
+
PLUGIN_BLOCK_ENTRY_REGEX =
|
37
|
+
/id\s+"(?<id>#{PART})"\s+version\s+"(?<version>#{VSN_PART})"/.freeze
|
32
38
|
|
33
39
|
def parse
|
34
40
|
dependency_set = DependencySet.new
|
@@ -53,6 +59,7 @@ module Dependabot
|
|
53
59
|
dependency_set += shortform_buildfile_dependencies(buildfile)
|
54
60
|
dependency_set += keyword_arg_buildfile_dependencies(buildfile)
|
55
61
|
dependency_set += dependency_set_dependencies(buildfile)
|
62
|
+
dependency_set += plugin_dependencies(buildfile)
|
56
63
|
|
57
64
|
dependency_set
|
58
65
|
end
|
@@ -125,6 +132,34 @@ module Dependabot
|
|
125
132
|
dependency_set
|
126
133
|
end
|
127
134
|
|
135
|
+
def plugin_dependencies(buildfile)
|
136
|
+
dependency_set = DependencySet.new
|
137
|
+
|
138
|
+
plugin_blocks = []
|
139
|
+
|
140
|
+
prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
|
141
|
+
mch = Regexp.last_match
|
142
|
+
plugin_blocks <<
|
143
|
+
mch.post_match[0..closing_bracket_index(mch.post_match)]
|
144
|
+
end
|
145
|
+
|
146
|
+
plugin_blocks.each do |blk|
|
147
|
+
blk.lines.each do |line|
|
148
|
+
name = line.match(/id\s+['"](?<id>#{PART})['"]/)&.
|
149
|
+
named_captures&.fetch("id")
|
150
|
+
version = line.match(/version\s+['"](?<version>#{VSN_PART})['"]/)&.
|
151
|
+
named_captures&.fetch("version")
|
152
|
+
next unless name && version
|
153
|
+
|
154
|
+
details = { name: name, group: "plugins", version: version }
|
155
|
+
dep = dependency_from(details_hash: details, buildfile: buildfile)
|
156
|
+
dependency_set << dep if dep
|
157
|
+
end
|
158
|
+
end
|
159
|
+
|
160
|
+
dependency_set
|
161
|
+
end
|
162
|
+
|
128
163
|
def argument_from_string(string, arg_name)
|
129
164
|
string.
|
130
165
|
match(map_value_regex(arg_name))&.
|
@@ -137,7 +172,14 @@ module Dependabot
|
|
137
172
|
name = evaluated_value(details_hash[:name], buildfile)
|
138
173
|
version = evaluated_value(details_hash[:version], buildfile)
|
139
174
|
|
140
|
-
dependency_name =
|
175
|
+
dependency_name =
|
176
|
+
if group == "plugins" then name
|
177
|
+
else "#{group}:#{name}"
|
178
|
+
end
|
179
|
+
groups =
|
180
|
+
if group == "plugins" then ["plugins"]
|
181
|
+
else []
|
182
|
+
end
|
141
183
|
|
142
184
|
# If we can't evaluate a property they we won't be able to
|
143
185
|
# update this dependency
|
@@ -150,7 +192,7 @@ module Dependabot
|
|
150
192
|
requirement: version,
|
151
193
|
file: buildfile.name,
|
152
194
|
source: nil,
|
153
|
-
groups:
|
195
|
+
groups: groups,
|
154
196
|
metadata: dependency_metadata(details_hash, in_dependency_set)
|
155
197
|
}],
|
156
198
|
package_manager: "gradle"
|
@@ -128,8 +128,14 @@ module Dependabot
|
|
128
128
|
buildfile.content.lines.find do |line|
|
129
129
|
line = evaluate_properties(line, buildfile)
|
130
130
|
line = line.gsub(%r{(?<=^|\s)//.*$}, "")
|
131
|
-
|
132
|
-
|
131
|
+
|
132
|
+
if dependency.name.include?(":")
|
133
|
+
next false unless line.include?(dependency.name.split(":").first)
|
134
|
+
next false unless line.include?(dependency.name.split(":").last)
|
135
|
+
else
|
136
|
+
name_regex = /id\s+['"]#{Regexp.quote(dependency.name)}['"]/
|
137
|
+
next false unless line.match?(name_regex)
|
138
|
+
end
|
133
139
|
|
134
140
|
line.include?(requirement.fetch(:requirement))
|
135
141
|
end
|
@@ -99,7 +99,11 @@ module Dependabot
|
|
99
99
|
def dependency_pom_file
|
100
100
|
return @dependency_pom_file unless @dependency_pom_file.nil?
|
101
101
|
|
102
|
-
artifact_id =
|
102
|
+
artifact_id =
|
103
|
+
if plugin? then "#{dependency.name}.gradle.plugin"
|
104
|
+
else dependency.name.split(":").last
|
105
|
+
end
|
106
|
+
|
103
107
|
response = Excon.get(
|
104
108
|
"#{maven_repo_dependency_url}/"\
|
105
109
|
"#{dependency.version}/"\
|
@@ -146,11 +150,18 @@ module Dependabot
|
|
146
150
|
end
|
147
151
|
|
148
152
|
def maven_repo_dependency_url
|
149
|
-
group_id, artifact_id =
|
153
|
+
group_id, artifact_id =
|
154
|
+
if plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
|
155
|
+
else dependency.name.split(":")
|
156
|
+
end
|
150
157
|
|
151
158
|
"#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}"
|
152
159
|
end
|
153
160
|
|
161
|
+
def plugin?
|
162
|
+
dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
|
163
|
+
end
|
164
|
+
|
154
165
|
def auth_details
|
155
166
|
cred =
|
156
167
|
credentials.select { |c| c["type"] == "maven_repository" }.
|
@@ -12,6 +12,7 @@ module Dependabot
|
|
12
12
|
class UpdateChecker
|
13
13
|
class VersionFinder
|
14
14
|
GOOGLE_MAVEN_REPO = "https://maven.google.com"
|
15
|
+
GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
|
15
16
|
TYPE_SUFFICES = %w(jre android java).freeze
|
16
17
|
|
17
18
|
def initialize(dependency:, dependency_files:, ignored_versions:,
|
@@ -177,12 +178,16 @@ module Dependabot
|
|
177
178
|
end
|
178
179
|
|
179
180
|
def repository_urls
|
181
|
+
plugin? ? plugin_repository_urls : dependency_repository_urls
|
182
|
+
end
|
183
|
+
|
184
|
+
def dependency_repository_urls
|
180
185
|
requirement_files =
|
181
186
|
dependency.requirements.
|
182
187
|
map { |r| r.fetch(:file) }.
|
183
188
|
map { |nm| dependency_files.find { |f| f.name == nm } }
|
184
189
|
|
185
|
-
@
|
190
|
+
@dependency_repository_urls ||=
|
186
191
|
requirement_files.flat_map do |target_file|
|
187
192
|
Gradle::FileParser::RepositoriesFinder.new(
|
188
193
|
dependency_files: dependency_files,
|
@@ -191,6 +196,10 @@ module Dependabot
|
|
191
196
|
end.uniq
|
192
197
|
end
|
193
198
|
|
199
|
+
def plugin_repository_urls
|
200
|
+
[GRADLE_PLUGINS_REPO] + dependency_repository_urls
|
201
|
+
end
|
202
|
+
|
194
203
|
def matches_dependency_version_type?(comparison_version)
|
195
204
|
return true unless dependency.version
|
196
205
|
|
@@ -211,7 +220,12 @@ module Dependabot
|
|
211
220
|
end
|
212
221
|
|
213
222
|
def dependency_metadata_url(repository_url)
|
214
|
-
group_id, artifact_id =
|
223
|
+
group_id, artifact_id =
|
224
|
+
if plugin?
|
225
|
+
[dependency.name, "#{dependency.name}.gradle.plugin"]
|
226
|
+
else
|
227
|
+
dependency.name.split(":")
|
228
|
+
end
|
215
229
|
|
216
230
|
"#{repository_url}/"\
|
217
231
|
"#{group_id.tr('.', '/')}/"\
|
@@ -219,6 +233,10 @@ module Dependabot
|
|
219
233
|
"maven-metadata.xml"
|
220
234
|
end
|
221
235
|
|
236
|
+
def plugin?
|
237
|
+
dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
|
238
|
+
end
|
239
|
+
|
222
240
|
def version_class
|
223
241
|
Gradle::Version
|
224
242
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-gradle
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.106.
|
4
|
+
version: 0.106.26
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.106.
|
19
|
+
version: 0.106.26
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.106.
|
26
|
+
version: 0.106.26
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|