dependabot-gradle 0.113.11 → 0.113.12
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_parser.rb +18 -1
- data/lib/dependabot/gradle/update_checker.rb +16 -0
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b26a170f0a2743c89dc896cf9ce1e77e766383a536db342ed7b4a1a0e66f3a2d
|
|
4
|
+
data.tar.gz: 05c47a59ac27626efb4576ebb72782e9d2ab525211f712f7bbe621d4ae28bfd9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46b491e2c767721b03c9fe57bae24583d652a2a51d99da318db4ce8d3a5adfd801c6fd60566d26db60a27c5709c82b5a7ae0db4c9b9d03b7442e1b4b058bf6cc
|
|
7
|
+
data.tar.gz: 9f56effdf5d02c715e42d9b9180ab0b3d3539fc44c0cdf51f5e84ba573d6ea39422cd9ef92072054d9384ae3c89156cf866193753e055c841dfcef86109132d7
|
|
@@ -168,6 +168,7 @@ module Dependabot
|
|
|
168
168
|
fetch("value")
|
|
169
169
|
end
|
|
170
170
|
|
|
171
|
+
# rubocop:disable Metrics/MethodLength
|
|
171
172
|
def dependency_from(details_hash:, buildfile:, in_dependency_set: false)
|
|
172
173
|
group = evaluated_value(details_hash[:group], buildfile)
|
|
173
174
|
name = evaluated_value(details_hash[:name], buildfile)
|
|
@@ -181,6 +182,8 @@ module Dependabot
|
|
|
181
182
|
if group == "plugins" then ["plugins"]
|
|
182
183
|
else []
|
|
183
184
|
end
|
|
185
|
+
source =
|
|
186
|
+
source_from(group, name, version)
|
|
184
187
|
|
|
185
188
|
# If we can't evaluate a property they we won't be able to
|
|
186
189
|
# update this dependency
|
|
@@ -193,13 +196,27 @@ module Dependabot
|
|
|
193
196
|
requirements: [{
|
|
194
197
|
requirement: version,
|
|
195
198
|
file: buildfile.name,
|
|
196
|
-
source:
|
|
199
|
+
source: source,
|
|
197
200
|
groups: groups,
|
|
198
201
|
metadata: dependency_metadata(details_hash, in_dependency_set)
|
|
199
202
|
}],
|
|
200
203
|
package_manager: "gradle"
|
|
201
204
|
)
|
|
202
205
|
end
|
|
206
|
+
# rubocop:enable Metrics/MethodLength
|
|
207
|
+
|
|
208
|
+
def source_from(group, name, version)
|
|
209
|
+
return nil unless group&.start_with?("com.github")
|
|
210
|
+
|
|
211
|
+
account = group.sub("com.github.", "")
|
|
212
|
+
|
|
213
|
+
{
|
|
214
|
+
type: "git",
|
|
215
|
+
url: "https://github.com/#{account}/#{name}",
|
|
216
|
+
branch: nil,
|
|
217
|
+
ref: version
|
|
218
|
+
}
|
|
219
|
+
end
|
|
203
220
|
|
|
204
221
|
def dependency_metadata(details_hash, in_dependency_set)
|
|
205
222
|
version_property_name =
|
|
@@ -12,6 +12,8 @@ module Dependabot
|
|
|
12
12
|
require_relative "update_checker/multi_dependency_updater"
|
|
13
13
|
|
|
14
14
|
def latest_version
|
|
15
|
+
return if git_dependency?
|
|
16
|
+
|
|
15
17
|
latest_version_details&.fetch(:version)
|
|
16
18
|
end
|
|
17
19
|
|
|
@@ -21,6 +23,7 @@ module Dependabot
|
|
|
21
23
|
#
|
|
22
24
|
# The above is hard. Currently we just return the latest version and
|
|
23
25
|
# hope (hence this package manager is in beta!)
|
|
26
|
+
return if git_dependency?
|
|
24
27
|
return nil if version_comes_from_multi_dependency_property?
|
|
25
28
|
return nil if version_comes_from_dependency_set?
|
|
26
29
|
|
|
@@ -28,6 +31,7 @@ module Dependabot
|
|
|
28
31
|
end
|
|
29
32
|
|
|
30
33
|
def lowest_resolvable_security_fix_version
|
|
34
|
+
return if git_dependency?
|
|
31
35
|
return nil if version_comes_from_multi_dependency_property?
|
|
32
36
|
return nil if version_comes_from_dependency_set?
|
|
33
37
|
|
|
@@ -126,6 +130,18 @@ module Dependabot
|
|
|
126
130
|
)
|
|
127
131
|
end
|
|
128
132
|
|
|
133
|
+
def git_dependency?
|
|
134
|
+
git_commit_checker.git_dependency?
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def git_commit_checker
|
|
138
|
+
@git_commit_checker ||=
|
|
139
|
+
GitCommitChecker.new(
|
|
140
|
+
dependency: dependency,
|
|
141
|
+
credentials: credentials
|
|
142
|
+
)
|
|
143
|
+
end
|
|
144
|
+
|
|
129
145
|
def version_comes_from_multi_dependency_property?
|
|
130
146
|
declarations_using_a_property.any? do |requirement|
|
|
131
147
|
property_name = requirement.fetch(:metadata).fetch(:property_name)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.113.
|
|
4
|
+
version: 0.113.12
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-10-
|
|
11
|
+
date: 2019-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.113.
|
|
19
|
+
version: 0.113.12
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.113.
|
|
26
|
+
version: 0.113.12
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|