dependabot-gradle 0.248.0 → 0.249.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/gradle/file_parser/repositories_finder.rb +2 -1
- data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb +29 -7
- data/lib/dependabot/gradle/metadata_finder.rb +29 -12
- data/lib/dependabot/gradle/requirement.rb +18 -10
- data/lib/dependabot/gradle/update_checker/multi_dependency_updater.rb +6 -2
- data/lib/dependabot/gradle/update_checker/requirements_updater.rb +41 -5
- data/lib/dependabot/gradle/update_checker/version_finder.rb +6 -2
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b6b88c185132e0757e166517d91f8eec67bb81700556092db7575ff8315872f6
|
|
4
|
+
data.tar.gz: 4ffa864fecdbb4cbd35f4e852db4149fe305c51ea26c943436ee3f5f18b74a07
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4b664778ef30123ac9f08028d7154e9e1fd6c546d6144a574a5bf412fa6300bba16ef8e3fe47511bec1c74ec929f1ee1eef473ddbd6bff424070826197d9d040
|
|
7
|
+
data.tar.gz: 2e255ff81474cd16e17f5381204b37372720ce41d7ba3b87c66b90b8771c543811de5d8c654872453c1b7974f32370a8b653f2700d8284e66a8af1baf7a6fc3f
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
4
6
|
require "dependabot/gradle/file_parser"
|
|
5
7
|
require "dependabot/gradle/file_updater"
|
|
6
8
|
|
|
@@ -8,10 +10,21 @@ module Dependabot
|
|
|
8
10
|
module Gradle
|
|
9
11
|
class FileUpdater
|
|
10
12
|
class DependencySetUpdater
|
|
13
|
+
extend T::Sig
|
|
14
|
+
|
|
15
|
+
sig { params(dependency_files: T::Array[Dependabot::DependencyFile]).void }
|
|
11
16
|
def initialize(dependency_files:)
|
|
12
17
|
@dependency_files = dependency_files
|
|
13
18
|
end
|
|
14
19
|
|
|
20
|
+
sig do
|
|
21
|
+
params(
|
|
22
|
+
dependency_set: T::Hash[Symbol, String],
|
|
23
|
+
buildfile: Dependabot::DependencyFile,
|
|
24
|
+
previous_requirement: String,
|
|
25
|
+
updated_requirement: String
|
|
26
|
+
).returns(T::Array[Dependabot::DependencyFile])
|
|
27
|
+
end
|
|
15
28
|
def update_files_for_dep_set_change(dependency_set:,
|
|
16
29
|
buildfile:,
|
|
17
30
|
previous_requirement:,
|
|
@@ -21,7 +34,7 @@ module Dependabot
|
|
|
21
34
|
|
|
22
35
|
return dependency_files unless declaration_string
|
|
23
36
|
|
|
24
|
-
updated_content = buildfile.content.sub(
|
|
37
|
+
updated_content = T.must(buildfile.content).sub(
|
|
25
38
|
declaration_string,
|
|
26
39
|
declaration_string.sub(
|
|
27
40
|
previous_requirement,
|
|
@@ -30,7 +43,7 @@ module Dependabot
|
|
|
30
43
|
)
|
|
31
44
|
|
|
32
45
|
updated_files = dependency_files.dup
|
|
33
|
-
updated_files[updated_files.index(buildfile)] =
|
|
46
|
+
updated_files[T.must(updated_files.index(buildfile))] =
|
|
34
47
|
update_file(file: buildfile, content: updated_content)
|
|
35
48
|
|
|
36
49
|
updated_files
|
|
@@ -38,22 +51,31 @@ module Dependabot
|
|
|
38
51
|
|
|
39
52
|
private
|
|
40
53
|
|
|
54
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
|
41
55
|
attr_reader :dependency_files
|
|
42
56
|
|
|
57
|
+
sig do
|
|
58
|
+
params(
|
|
59
|
+
dependency_set: T::Hash[Symbol, String],
|
|
60
|
+
buildfile: Dependabot::DependencyFile
|
|
61
|
+
)
|
|
62
|
+
.returns(T.nilable(String))
|
|
63
|
+
end
|
|
43
64
|
def original_declaration_string(dependency_set, buildfile)
|
|
44
65
|
regex = Gradle::FileParser::DEPENDENCY_SET_DECLARATION_REGEX
|
|
45
|
-
dependency_sets = []
|
|
46
|
-
buildfile.content.scan(regex) do
|
|
66
|
+
dependency_sets = T.let([], T::Array[String])
|
|
67
|
+
T.must(buildfile.content).scan(regex) do
|
|
47
68
|
dependency_sets << Regexp.last_match.to_s
|
|
48
69
|
end
|
|
49
70
|
|
|
50
71
|
dependency_sets.find do |mtch|
|
|
51
|
-
next unless mtch.include?(dependency_set[:group])
|
|
72
|
+
next unless mtch.include?(T.must(dependency_set[:group]))
|
|
52
73
|
|
|
53
|
-
mtch.include?(dependency_set[:version])
|
|
74
|
+
mtch.include?(T.must(dependency_set[:version]))
|
|
54
75
|
end
|
|
55
76
|
end
|
|
56
77
|
|
|
78
|
+
sig { params(file: Dependabot::DependencyFile, content: String).returns(Dependabot::DependencyFile) }
|
|
57
79
|
def update_file(file:, content:)
|
|
58
80
|
updated_file = file.dup
|
|
59
81
|
updated_file.content = content
|
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "nokogiri"
|
|
5
5
|
require "sorbet-runtime"
|
|
6
|
-
|
|
7
|
-
require "dependabot/metadata_finders/base"
|
|
6
|
+
|
|
8
7
|
require "dependabot/file_fetchers/base"
|
|
8
|
+
require "dependabot/gradle/file_fetcher"
|
|
9
9
|
require "dependabot/gradle/file_parser/repositories_finder"
|
|
10
10
|
require "dependabot/maven/utils/auth_headers_finder"
|
|
11
|
+
require "dependabot/metadata_finders"
|
|
12
|
+
require "dependabot/metadata_finders/base"
|
|
11
13
|
require "dependabot/registry_client"
|
|
12
14
|
|
|
13
15
|
module Dependabot
|
|
@@ -21,6 +23,7 @@ module Dependabot
|
|
|
21
23
|
|
|
22
24
|
private
|
|
23
25
|
|
|
26
|
+
sig { override.returns(T.nilable(Dependabot::Source)) }
|
|
24
27
|
def look_up_source
|
|
25
28
|
tmp_source = look_up_source_in_pom(dependency_pom_file)
|
|
26
29
|
return tmp_source if tmp_source
|
|
@@ -31,14 +34,15 @@ module Dependabot
|
|
|
31
34
|
return unless tmp_source
|
|
32
35
|
|
|
33
36
|
artifact = dependency.name.split(":").last
|
|
34
|
-
return tmp_source if tmp_source.repo.end_with?(artifact)
|
|
37
|
+
return tmp_source if tmp_source.repo.end_with?(T.must(artifact))
|
|
35
38
|
|
|
36
39
|
tmp_source if repo_has_subdir_for_dep?(tmp_source)
|
|
37
40
|
end
|
|
38
41
|
|
|
42
|
+
sig { params(tmp_source: Dependabot::Source).returns(T::Boolean) }
|
|
39
43
|
def repo_has_subdir_for_dep?(tmp_source)
|
|
40
|
-
@repo_has_subdir_for_dep ||= {}
|
|
41
|
-
return @repo_has_subdir_for_dep[tmp_source] if @repo_has_subdir_for_dep.key?(tmp_source)
|
|
44
|
+
@repo_has_subdir_for_dep ||= T.let({}, T.nilable(T::Hash[Dependabot::Source, T::Boolean]))
|
|
45
|
+
return T.must(@repo_has_subdir_for_dep[tmp_source]) if @repo_has_subdir_for_dep.key?(tmp_source)
|
|
42
46
|
|
|
43
47
|
artifact = dependency.name.split(":").last
|
|
44
48
|
fetcher =
|
|
@@ -52,9 +56,10 @@ module Dependabot
|
|
|
52
56
|
tmp_source.branch = nil
|
|
53
57
|
retry
|
|
54
58
|
rescue Dependabot::RepoNotFound
|
|
55
|
-
@repo_has_subdir_for_dep[tmp_source] = false
|
|
59
|
+
T.must(@repo_has_subdir_for_dep)[tmp_source] = false
|
|
56
60
|
end
|
|
57
61
|
|
|
62
|
+
sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Dependabot::Source)) }
|
|
58
63
|
def look_up_source_in_pom(pom)
|
|
59
64
|
potential_source_urls = [
|
|
60
65
|
pom.at_css("project > url")&.content,
|
|
@@ -69,15 +74,16 @@ module Dependabot
|
|
|
69
74
|
Source.from_url(source_url)
|
|
70
75
|
end
|
|
71
76
|
|
|
77
|
+
sig { params(source_url: T.nilable(String), pom: Nokogiri::XML::Document).returns(T.nilable(String)) }
|
|
72
78
|
def substitute_property_in_source_url(source_url, pom)
|
|
73
79
|
return unless source_url
|
|
74
80
|
return source_url unless source_url.include?("${")
|
|
75
81
|
|
|
76
82
|
regex = PROPERTY_REGEX
|
|
77
|
-
property_name = source_url.match(regex).named_captures["property"]
|
|
83
|
+
property_name = T.must(source_url.match(regex)).named_captures["property"]
|
|
78
84
|
doc = pom.dup
|
|
79
85
|
doc.remove_namespaces!
|
|
80
|
-
nm = property_name.sub(/^pom\./, "").sub(/^project\./, "")
|
|
86
|
+
nm = T.must(property_name).sub(/^pom\./, "").sub(/^project\./, "")
|
|
81
87
|
property_value =
|
|
82
88
|
loop do
|
|
83
89
|
candidate_node =
|
|
@@ -93,6 +99,7 @@ module Dependabot
|
|
|
93
99
|
source_url.gsub("${#{property_name}}", property_value)
|
|
94
100
|
end
|
|
95
101
|
|
|
102
|
+
sig { params(pom: T.any(String, Nokogiri::XML::Document)).returns(T.nilable(String)) }
|
|
96
103
|
def source_from_anywhere_in_pom(pom)
|
|
97
104
|
github_urls = []
|
|
98
105
|
pom.to_s.scan(Source::SOURCE_REGEX) do
|
|
@@ -105,6 +112,7 @@ module Dependabot
|
|
|
105
112
|
end
|
|
106
113
|
end
|
|
107
114
|
|
|
115
|
+
sig { returns(Nokogiri::XML::Document) }
|
|
108
116
|
def dependency_pom_file
|
|
109
117
|
return @dependency_pom_file unless @dependency_pom_file.nil?
|
|
110
118
|
|
|
@@ -120,11 +128,12 @@ module Dependabot
|
|
|
120
128
|
headers: auth_headers
|
|
121
129
|
)
|
|
122
130
|
|
|
123
|
-
@dependency_pom_file = Nokogiri::XML(response.body)
|
|
131
|
+
@dependency_pom_file = T.let(Nokogiri::XML(response.body), T.nilable(Nokogiri::XML::Document))
|
|
124
132
|
rescue Excon::Error::Timeout
|
|
125
|
-
@dependency_pom_file
|
|
133
|
+
@dependency_pom_file ||= T.let(Nokogiri::XML(""), T.nilable(Nokogiri::XML::Document))
|
|
126
134
|
end
|
|
127
135
|
|
|
136
|
+
sig { params(pom: Nokogiri::XML::Document).returns(T.nilable(Nokogiri::XML::Document)) }
|
|
128
137
|
def parent_pom_file(pom)
|
|
129
138
|
doc = pom.dup
|
|
130
139
|
doc.remove_namespaces!
|
|
@@ -143,6 +152,7 @@ module Dependabot
|
|
|
143
152
|
Nokogiri::XML(response.body)
|
|
144
153
|
end
|
|
145
154
|
|
|
155
|
+
sig { returns(String) }
|
|
146
156
|
def maven_repo_url
|
|
147
157
|
source = dependency.requirements
|
|
148
158
|
.find { |r| r.fetch(:source) }&.fetch(:source)
|
|
@@ -152,6 +162,7 @@ module Dependabot
|
|
|
152
162
|
Gradle::FileParser::RepositoriesFinder::CENTRAL_REPO_URL
|
|
153
163
|
end
|
|
154
164
|
|
|
165
|
+
sig { returns(String) }
|
|
155
166
|
def maven_repo_dependency_url
|
|
156
167
|
group_id, artifact_id =
|
|
157
168
|
if kotlin_plugin?
|
|
@@ -165,16 +176,22 @@ module Dependabot
|
|
|
165
176
|
"#{maven_repo_url}/#{group_id&.tr('.', '/')}/#{artifact_id}"
|
|
166
177
|
end
|
|
167
178
|
|
|
179
|
+
sig { returns(T::Boolean) }
|
|
168
180
|
def plugin?
|
|
169
181
|
dependency.requirements.any? { |r| r.fetch(:groups).include? "plugins" }
|
|
170
182
|
end
|
|
171
183
|
|
|
184
|
+
sig { returns(T::Boolean) }
|
|
172
185
|
def kotlin_plugin?
|
|
173
186
|
plugin? && dependency.requirements.any? { |r| r.fetch(:groups).include? "kotlin" }
|
|
174
187
|
end
|
|
175
188
|
|
|
189
|
+
sig { returns(T::Hash[String, String]) }
|
|
176
190
|
def auth_headers
|
|
177
|
-
@auth_headers ||=
|
|
191
|
+
@auth_headers ||= T.let(
|
|
192
|
+
Dependabot::Maven::Utils::AuthHeadersFinder.new(credentials).auth_headers(maven_repo_url),
|
|
193
|
+
T.nilable(T::Hash[String, String])
|
|
194
|
+
)
|
|
178
195
|
end
|
|
179
196
|
end
|
|
180
197
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "sorbet-runtime"
|
|
@@ -14,9 +14,10 @@ module Dependabot
|
|
|
14
14
|
extend T::Sig
|
|
15
15
|
|
|
16
16
|
quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
|
|
17
|
-
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gradle::Version::VERSION_PATTERN})\\s*".freeze
|
|
17
|
+
PATTERN_RAW = T.let("\\s*(#{quoted})?\\s*(#{Gradle::Version::VERSION_PATTERN})\\s*".freeze, String)
|
|
18
18
|
PATTERN = /\A#{PATTERN_RAW}\z/
|
|
19
19
|
|
|
20
|
+
sig { override.params(obj: T.any(Gem::Version, String)).returns([String, Gem::Version]) }
|
|
20
21
|
def self.parse(obj)
|
|
21
22
|
return ["=", Gradle::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
22
23
|
|
|
@@ -37,6 +38,7 @@ module Dependabot
|
|
|
37
38
|
end
|
|
38
39
|
end
|
|
39
40
|
|
|
41
|
+
sig { params(requirements: T.any(T.nilable(String), T::Array[T.nilable(String)])).void }
|
|
40
42
|
def initialize(*requirements)
|
|
41
43
|
requirements = requirements.flatten.flat_map do |req_string|
|
|
42
44
|
convert_java_constraint_to_ruby_constraint(req_string)
|
|
@@ -45,6 +47,7 @@ module Dependabot
|
|
|
45
47
|
super(requirements)
|
|
46
48
|
end
|
|
47
49
|
|
|
50
|
+
sig { override.params(version: Gem::Version).returns(T::Boolean) }
|
|
48
51
|
def satisfied_by?(version)
|
|
49
52
|
version = Gradle::Version.new(version.to_s)
|
|
50
53
|
super
|
|
@@ -52,18 +55,20 @@ module Dependabot
|
|
|
52
55
|
|
|
53
56
|
private
|
|
54
57
|
|
|
58
|
+
sig { params(req_string: T.nilable(String)).returns(T::Array[T.nilable(String)]) }
|
|
55
59
|
def self.split_java_requirement(req_string)
|
|
56
|
-
return [req_string] unless req_string
|
|
60
|
+
return [req_string] unless req_string&.match?(Maven::Requirement::OR_SYNTAX)
|
|
57
61
|
|
|
58
62
|
req_string.split(Maven::Requirement::OR_SYNTAX).flat_map do |str|
|
|
59
63
|
next str if str.start_with?("(", "[")
|
|
60
64
|
|
|
61
65
|
exacts, *rest = str.split(/,(?=\[|\()/)
|
|
62
|
-
[*exacts.split(","), *rest]
|
|
66
|
+
[*T.must(exacts).split(","), *rest]
|
|
63
67
|
end
|
|
64
68
|
end
|
|
65
69
|
private_class_method :split_java_requirement
|
|
66
70
|
|
|
71
|
+
sig { params(req_string: T.nilable(String)).returns(T.nilable(T::Array[String])) }
|
|
67
72
|
def convert_java_constraint_to_ruby_constraint(req_string)
|
|
68
73
|
return unless req_string
|
|
69
74
|
|
|
@@ -81,35 +86,38 @@ module Dependabot
|
|
|
81
86
|
end
|
|
82
87
|
end
|
|
83
88
|
|
|
89
|
+
sig { params(req_string: String).returns(T::Array[String]) }
|
|
84
90
|
def convert_java_range_to_ruby_range(req_string)
|
|
85
91
|
lower_b, upper_b = req_string.split(",").map(&:strip)
|
|
86
92
|
|
|
87
93
|
lower_b =
|
|
88
94
|
if ["(", "["].include?(lower_b) then nil
|
|
89
|
-
elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
|
|
95
|
+
elsif T.must(lower_b).start_with?("(") then "> #{T.must(lower_b).sub(/\(\s*/, '')}"
|
|
90
96
|
else
|
|
91
|
-
">= #{lower_b.sub(/\[\s*/, '').strip}"
|
|
97
|
+
">= #{T.must(lower_b).sub(/\[\s*/, '').strip}"
|
|
92
98
|
end
|
|
93
99
|
|
|
94
100
|
upper_b =
|
|
95
101
|
if [")", "]"].include?(upper_b) then nil
|
|
96
|
-
elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
|
|
102
|
+
elsif T.must(upper_b).end_with?(")") then "< #{T.must(upper_b).sub(/\s*\)/, '')}"
|
|
97
103
|
else
|
|
98
|
-
"<= #{upper_b.sub(/\s*\]/, '').strip}"
|
|
104
|
+
"<= #{T.must(upper_b).sub(/\s*\]/, '').strip}"
|
|
99
105
|
end
|
|
100
106
|
|
|
101
107
|
[lower_b, upper_b].compact
|
|
102
108
|
end
|
|
103
109
|
|
|
110
|
+
sig { params(req_string: String).returns(String) }
|
|
104
111
|
def convert_java_equals_req_to_ruby(req_string)
|
|
105
|
-
return convert_wildcard_req(req_string) if req_string
|
|
112
|
+
return convert_wildcard_req(req_string) if req_string.include?("+")
|
|
106
113
|
|
|
107
114
|
# If a soft requirement is being used, treat it as an equality matcher
|
|
108
|
-
return req_string unless req_string
|
|
115
|
+
return req_string unless req_string.start_with?("[")
|
|
109
116
|
|
|
110
117
|
req_string.gsub(/[\[\]\(\)]/, "")
|
|
111
118
|
end
|
|
112
119
|
|
|
120
|
+
sig { params(req_string: String).returns(String) }
|
|
113
121
|
def convert_wildcard_req(req_string)
|
|
114
122
|
version = req_string.split("+").first
|
|
115
123
|
return ">= 0" if version.nil? || version.empty?
|
|
@@ -59,8 +59,12 @@ module Dependabot
|
|
|
59
59
|
|
|
60
60
|
private
|
|
61
61
|
|
|
62
|
-
attr_reader :dependency
|
|
63
|
-
|
|
62
|
+
attr_reader :dependency
|
|
63
|
+
attr_reader :dependency_files
|
|
64
|
+
attr_reader :credentials
|
|
65
|
+
attr_reader :target_version
|
|
66
|
+
attr_reader :source_url
|
|
67
|
+
attr_reader :ignored_versions
|
|
64
68
|
|
|
65
69
|
def dependencies_to_update
|
|
66
70
|
@dependencies_to_update ||=
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: strict
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
#######################################################
|
|
@@ -6,6 +6,9 @@
|
|
|
6
6
|
# https://maven.apache.org/pom.html#Dependencies #
|
|
7
7
|
#######################################################
|
|
8
8
|
|
|
9
|
+
require "sorbet-runtime"
|
|
10
|
+
|
|
11
|
+
require "dependabot/requirements_updater/base"
|
|
9
12
|
require "dependabot/gradle/update_checker"
|
|
10
13
|
require "dependabot/gradle/version"
|
|
11
14
|
require "dependabot/gradle/requirement"
|
|
@@ -14,6 +17,23 @@ module Dependabot
|
|
|
14
17
|
module Gradle
|
|
15
18
|
class UpdateChecker
|
|
16
19
|
class RequirementsUpdater
|
|
20
|
+
extend T::Sig
|
|
21
|
+
extend T::Generic
|
|
22
|
+
|
|
23
|
+
Version = type_member { { fixed: Dependabot::Gradle::Version } }
|
|
24
|
+
Requirement = type_member { { fixed: Dependabot::Gradle::Requirement } }
|
|
25
|
+
|
|
26
|
+
include Dependabot::RequirementsUpdater::Base
|
|
27
|
+
|
|
28
|
+
sig do
|
|
29
|
+
params(
|
|
30
|
+
requirements: T::Array[T::Hash[Symbol, T.untyped]],
|
|
31
|
+
latest_version: T.nilable(T.any(Version, String)),
|
|
32
|
+
source_url: String,
|
|
33
|
+
properties_to_update: T::Array[String]
|
|
34
|
+
)
|
|
35
|
+
.void
|
|
36
|
+
end
|
|
17
37
|
def initialize(requirements:, latest_version:, source_url:,
|
|
18
38
|
properties_to_update:)
|
|
19
39
|
@requirements = requirements
|
|
@@ -21,9 +41,10 @@ module Dependabot
|
|
|
21
41
|
@properties_to_update = properties_to_update
|
|
22
42
|
return unless latest_version
|
|
23
43
|
|
|
24
|
-
@latest_version = version_class.new(latest_version)
|
|
44
|
+
@latest_version = T.let(version_class.new(latest_version), Version)
|
|
25
45
|
end
|
|
26
46
|
|
|
47
|
+
sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
27
48
|
def updated_requirements
|
|
28
49
|
return requirements unless latest_version
|
|
29
50
|
|
|
@@ -44,9 +65,19 @@ module Dependabot
|
|
|
44
65
|
|
|
45
66
|
private
|
|
46
67
|
|
|
47
|
-
|
|
48
|
-
|
|
68
|
+
sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
|
|
69
|
+
attr_reader :requirements
|
|
70
|
+
|
|
71
|
+
sig { returns(T.nilable(Version)) }
|
|
72
|
+
attr_reader :latest_version
|
|
73
|
+
|
|
74
|
+
sig { returns(String) }
|
|
75
|
+
attr_reader :source_url
|
|
76
|
+
|
|
77
|
+
sig { returns(T::Array[String]) }
|
|
78
|
+
attr_reader :properties_to_update
|
|
49
79
|
|
|
80
|
+
sig { params(req_string: String).returns(String) }
|
|
50
81
|
def update_requirement(req_string)
|
|
51
82
|
if req_string.include?("+")
|
|
52
83
|
update_dynamic_requirement(req_string)
|
|
@@ -56,19 +87,21 @@ module Dependabot
|
|
|
56
87
|
end
|
|
57
88
|
end
|
|
58
89
|
|
|
90
|
+
sig { params(req_string: String).returns(String) }
|
|
59
91
|
def update_exact_requirement(req_string)
|
|
60
92
|
old_version = requirement_class.new(req_string)
|
|
61
93
|
.requirements.first.last
|
|
62
94
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
|
63
95
|
end
|
|
64
96
|
|
|
97
|
+
sig { params(req_string: String).returns(String) }
|
|
65
98
|
def update_dynamic_requirement(req_string)
|
|
66
99
|
version = req_string.split(/\.?\+/).first || "+"
|
|
67
100
|
|
|
68
101
|
precision = version.split(".")
|
|
69
102
|
.take_while { |s| !s.include?("+") }.count
|
|
70
103
|
|
|
71
|
-
version_parts = latest_version.segments.first(precision)
|
|
104
|
+
version_parts = T.must(latest_version).segments.first(precision)
|
|
72
105
|
|
|
73
106
|
if req_string.end_with?(".+")
|
|
74
107
|
version_parts.join(".") + ".+"
|
|
@@ -77,14 +110,17 @@ module Dependabot
|
|
|
77
110
|
end
|
|
78
111
|
end
|
|
79
112
|
|
|
113
|
+
sig { override.returns(T::Class[Version]) }
|
|
80
114
|
def version_class
|
|
81
115
|
Gradle::Version
|
|
82
116
|
end
|
|
83
117
|
|
|
118
|
+
sig { override.returns(T::Class[Requirement]) }
|
|
84
119
|
def requirement_class
|
|
85
120
|
Gradle::Requirement
|
|
86
121
|
end
|
|
87
122
|
|
|
123
|
+
sig { returns(T::Hash[Symbol, String]) }
|
|
88
124
|
def updated_source
|
|
89
125
|
{ type: "maven_repo", url: source_url }
|
|
90
126
|
end
|
|
@@ -76,8 +76,12 @@ module Dependabot
|
|
|
76
76
|
|
|
77
77
|
private
|
|
78
78
|
|
|
79
|
-
attr_reader :dependency
|
|
80
|
-
|
|
79
|
+
attr_reader :dependency
|
|
80
|
+
attr_reader :dependency_files
|
|
81
|
+
attr_reader :credentials
|
|
82
|
+
attr_reader :ignored_versions
|
|
83
|
+
attr_reader :forbidden_urls
|
|
84
|
+
attr_reader :security_advisories
|
|
81
85
|
|
|
82
86
|
sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
|
83
87
|
def filter_prereleases(possible_versions)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-gradle
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.249.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.249.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.249.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: dependabot-maven
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.249.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - '='
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.249.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: debug
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -277,7 +277,7 @@ licenses:
|
|
|
277
277
|
- Nonstandard
|
|
278
278
|
metadata:
|
|
279
279
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
280
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
280
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.249.0
|
|
281
281
|
post_install_message:
|
|
282
282
|
rdoc_options: []
|
|
283
283
|
require_paths:
|