dependabot-gradle 0.106.25 → 0.106.26

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_parser.rb +44 -2
  3. data/lib/dependabot/gradle/file_updater.rb +8 -2
  4. data/lib/dependabot/gradle/metadata_finder.rb +13 -2
  5. data/lib/dependabot/gradle/update_checker/version_finder.rb +20 -2
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 671f6bb68662b1c15a2d2671db49fa0853ae1f58cbf0b94d098362fcc73d2ba3
4
- data.tar.gz: 71841bb8d4a68544dc650bda42991a59513fa2b3883db73452fb9bdd2999c422
3
+ metadata.gz: f74231dc9851ed070e4894bce3287deb5c2e14d5f000e8aa409f6f64ac3bfeda
4
+ data.tar.gz: 1854ade31354c0a66f760b08f59130a95ff88315d0ecb7596b618e5e18f4a2ce
5
5
  SHA512:
6
- metadata.gz: 78184073e2334564499a4efa3da4639f20a08c6f7a1b1d3cb83bfba8021e4b139c87ccdbe07610c72a6795184d93a2b764c8b1721cdb3d7b79405f2ed85b0e24
7
- data.tar.gz: aef8bd63a1d0c9ab36f5727216a920f72890844677296463e2b1c351501870723316f61f791d44802df9f9e80d9acffdc6a24a43478a95dcb63fc2542b48ed0a
6
+ metadata.gz: a526f34ee922989f179f65be71488d081ec01ea5be50da7f3f16c62a079e5d7f4763bebe278e8bcae5de7eba3a6af076c2689a6a29e14f4246bca8010cbf20a1
7
+ data.tar.gz: 20dec11595a1344c112ac180886ac91edbe55cfc42e6013026965735277f8139dc307d6d951f9c9c1cf4f17167a11e420b7183f84d3c7e21ee272a4cf85f0a41
data/lib/dependabot/gradle/file_parser.rb CHANGED
@@ -8,6 +8,9 @@ require "dependabot/shared_helpers"
8
8
  # The best Gradle documentation is at:
9
9
  # - https://docs.gradle.org/current/dsl/org.gradle.api.artifacts.dsl.
10
10
  # DependencyHandler.html
11
+ #
12
+ # In addition, documentation on plugins is at:
13
+ # - https://docs.gradle.org/current/userguide/plugins.html
11
14
  module Dependabot
12
15
  module Gradle
13
16
  class FileParser < Dependabot::FileParsers::Base
@@ -29,6 +32,9 @@ module Dependabot
29
32
  DEPENDENCY_SET_DECLARATION_REGEX =
30
33
  /(?:^|\s)dependencySet\((?<arguments>[^\)]+)\)\s*\{/.freeze
31
34
  DEPENDENCY_SET_ENTRY_REGEX = /entry\s+['"](?<name>#{PART})['"]/.freeze
35
+ PLUGIN_BLOCK_DECLARATION_REGEX = /(?:^|\s)plugins\s*\{/.freeze
36
+ PLUGIN_BLOCK_ENTRY_REGEX =
37
+ /id\s+"(?<id>#{PART})"\s+version\s+"(?<version>#{VSN_PART})"/.freeze
32
38
 
33
39
  def parse
34
40
  dependency_set = DependencySet.new
@@ -53,6 +59,7 @@ module Dependabot
53
59
  dependency_set += shortform_buildfile_dependencies(buildfile)
54
60
  dependency_set += keyword_arg_buildfile_dependencies(buildfile)
55
61
  dependency_set += dependency_set_dependencies(buildfile)
62
+ dependency_set += plugin_dependencies(buildfile)
56
63
 
57
64
  dependency_set
58
65
  end
@@ -125,6 +132,34 @@ module Dependabot
125
132
  dependency_set
126
133
  end
127
134
 
135
+ def plugin_dependencies(buildfile)
136
+ dependency_set = DependencySet.new
137
+
138
+ plugin_blocks = []
139
+
140
+ prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
141
+ mch = Regexp.last_match
142
+ plugin_blocks <<
143
+ mch.post_match[0..closing_bracket_index(mch.post_match)]
144
+ end
145
+
146
+ plugin_blocks.each do |blk|
147
+ blk.lines.each do |line|
148
+ name = line.match(/id\s+['"](?<id>#{PART})['"]/)&.
149
+ named_captures&.fetch("id")
150
+ version = line.match(/version\s+['"](?<version>#{VSN_PART})['"]/)&.
151
+ named_captures&.fetch("version")
152
+ next unless name && version
153
+
154
+ details = { name: name, group: "plugins", version: version }
155
+ dep = dependency_from(details_hash: details, buildfile: buildfile)
156
+ dependency_set << dep if dep
157
+ end
158
+ end
159
+
160
+ dependency_set
161
+ end
162
+
128
163
  def argument_from_string(string, arg_name)
129
164
  string.
130
165
  match(map_value_regex(arg_name))&.
@@ -137,7 +172,14 @@ module Dependabot
137
172
  name = evaluated_value(details_hash[:name], buildfile)
138
173
  version = evaluated_value(details_hash[:version], buildfile)
139
174
 
140
- dependency_name = "#{group}:#{name}"
175
+ dependency_name =
176
+ if group == "plugins" then name
177
+ else "#{group}:#{name}"
178
+ end
179
+ groups =
180
+ if group == "plugins" then ["plugins"]
181
+ else []
182
+ end
141
183
 
142
184
  # If we can't evaluate a property they we won't be able to
143
185
  # update this dependency
@@ -150,7 +192,7 @@ module Dependabot
150
192
  requirement: version,
151
193
  file: buildfile.name,
152
194
  source: nil,
153
- groups: [],
195
+ groups: groups,
154
196
  metadata: dependency_metadata(details_hash, in_dependency_set)
155
197
  }],
156
198
  package_manager: "gradle"
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -128,8 +128,14 @@ module Dependabot
128
128
  buildfile.content.lines.find do |line|
129
129
  line = evaluate_properties(line, buildfile)
130
130
  line = line.gsub(%r{(?<=^|\s)//.*$}, "")
131
- next false unless line.include?(dependency.name.split(":").first)
132
- next false unless line.include?(dependency.name.split(":").last)
131
+
132
+ if dependency.name.include?(":")
133
+ next false unless line.include?(dependency.name.split(":").first)
134
+ next false unless line.include?(dependency.name.split(":").last)
135
+ else
136
+ name_regex = /id\s+['"]#{Regexp.quote(dependency.name)}['"]/
137
+ next false unless line.match?(name_regex)
138
+ end
133
139
 
134
140
  line.include?(requirement.fetch(:requirement))
135
141
  end
data/lib/dependabot/gradle/metadata_finder.rb CHANGED
@@ -99,7 +99,11 @@ module Dependabot
99
99
  def dependency_pom_file
100
100
  return @dependency_pom_file unless @dependency_pom_file.nil?
101
101
 
102
- artifact_id = dependency.name.split(":").last
102
+ artifact_id =
103
+ if plugin? then "#{dependency.name}.gradle.plugin"
104
+ else dependency.name.split(":").last
105
+ end
106
+
103
107
  response = Excon.get(
104
108
  "#{maven_repo_dependency_url}/"\
105
109
  "#{dependency.version}/"\
@@ -146,11 +150,18 @@ module Dependabot
146
150
  end
147
151
 
148
152
  def maven_repo_dependency_url
149
- group_id, artifact_id = dependency.name.split(":")
153
+ group_id, artifact_id =
154
+ if plugin? then [dependency.name, "#{dependency.name}.gradle.plugin"]
155
+ else dependency.name.split(":")
156
+ end
150
157
 
151
158
  "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}"
152
159
  end
153
160
 
161
+ def plugin?
162
+ dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
163
+ end
164
+
154
165
  def auth_details
155
166
  cred =
156
167
  credentials.select { |c| c["type"] == "maven_repository" }.
data/lib/dependabot/gradle/update_checker/version_finder.rb CHANGED
@@ -12,6 +12,7 @@ module Dependabot
12
12
  class UpdateChecker
13
13
  class VersionFinder
14
14
  GOOGLE_MAVEN_REPO = "https://maven.google.com"
15
+ GRADLE_PLUGINS_REPO = "https://plugins.gradle.org/m2"
15
16
  TYPE_SUFFICES = %w(jre android java).freeze
16
17
 
17
18
  def initialize(dependency:, dependency_files:, ignored_versions:,
@@ -177,12 +178,16 @@ module Dependabot
177
178
  end
178
179
 
179
180
  def repository_urls
181
+ plugin? ? plugin_repository_urls : dependency_repository_urls
182
+ end
183
+
184
+ def dependency_repository_urls
180
185
  requirement_files =
181
186
  dependency.requirements.
182
187
  map { |r| r.fetch(:file) }.
183
188
  map { |nm| dependency_files.find { |f| f.name == nm } }
184
189
 
185
- @repository_urls ||=
190
+ @dependency_repository_urls ||=
186
191
  requirement_files.flat_map do |target_file|
187
192
  Gradle::FileParser::RepositoriesFinder.new(
188
193
  dependency_files: dependency_files,
@@ -191,6 +196,10 @@ module Dependabot
191
196
  end.uniq
192
197
  end
193
198
 
199
+ def plugin_repository_urls
200
+ [GRADLE_PLUGINS_REPO] + dependency_repository_urls
201
+ end
202
+
194
203
  def matches_dependency_version_type?(comparison_version)
195
204
  return true unless dependency.version
196
205
 
@@ -211,7 +220,12 @@ module Dependabot
211
220
  end
212
221
 
213
222
  def dependency_metadata_url(repository_url)
214
- group_id, artifact_id = dependency.name.split(":")
223
+ group_id, artifact_id =
224
+ if plugin?
225
+ [dependency.name, "#{dependency.name}.gradle.plugin"]
226
+ else
227
+ dependency.name.split(":")
228
+ end
215
229
 
216
230
  "#{repository_url}/"\
217
231
  "#{group_id.tr('.', '/')}/"\
@@ -219,6 +233,10 @@ module Dependabot
219
233
  "maven-metadata.xml"
220
234
  end
221
235
 
236
+ def plugin?
237
+ dependency.requirements.any? { |r| r.fetch(:groups) == ["plugins"] }
238
+ end
239
+
222
240
  def version_class
223
241
  Gradle::Version
224
242
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.106.25
4
+ version: 0.106.26
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.106.25
19
+ version: 0.106.26
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.106.25
26
+ version: 0.106.26
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement