RubyGems - dependabot-gradle - Versions diffs - 0.260.0 → 0.261.0 - Mend

dependabot-gradle 0.260.0 → 0.261.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb +10 -6
data/lib/dependabot/gradle/file_fetcher.rb +8 -6
data/lib/dependabot/gradle/file_parser/property_value_finder.rb +15 -11
data/lib/dependabot/gradle/file_parser/repositories_finder.rb +11 -7
data/lib/dependabot/gradle/file_parser.rb +10 -7
data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb +1 -1
data/lib/dependabot/gradle/file_updater.rb +6 -2
metadata +7 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1d06e275b2914f81902c579e3be9813cd0e25e41a4aa54f5ca5ddd8340bdab7
-  data.tar.gz: bcf85d46e164d8f0fd3e71eca7ac21588c093f7e767446adac73ec9082027adf
+  metadata.gz: 57b5251fc125465f162e62156269e89fedac11a6f1638b370fb966baa655bfbd
+  data.tar.gz: f44e4843e3b4907a0ad41731704af0fbea47112721bd9e8a1ea9fa23708732a5
 SHA512:
-  metadata.gz: 7c6007c83c51ed0de37bb65d5194d3bb43ad2f43a0b38a03beb910580c07291e0519623b020e157b5c5600a85ea95962ea47c4441b1880ebd8adbfed05408491
-  data.tar.gz: 7abb9fc65243534b542072569586a0bdb57bd0f462b052990c11deb3ee31007fb0f776a53c331af34a2fd2d5daae70b7d48e0904152ba6a5ab5d7f25fea366ab
+  metadata.gz: b0051586076a8c3e66487f740eec446a5284ba122e5a42000e66dc45b7d9a49dfac5e98de2d35fcba66dfd069b8ff1ecc492a90642e6fac100181d24265ebcef
+  data.tar.gz: da364819c848465abd2322ed735a625e659d91dcb725f62665dc949351b4d1d8dcbb11451381549a4947765b6cf0a4b80e3e66047babe401b2b863fe311335ed

data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb CHANGED Viewed

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/gradle/file_fetcher"
 module Dependabot
   module Gradle
     class FileFetcher
       class SettingsFileParser
+        extend T::Sig
         def initialize(settings_file:)
           @settings_file = settings_file
         end
@@ -14,18 +18,18 @@ module Dependabot
         def included_build_paths
           paths = []
           comment_free_content.scan(function_regex("includeBuild")) do
-            arg = Regexp.last_match.named_captures.fetch("args")
-            paths << arg.gsub(/["']/, "").strip
+            arg = T.must(Regexp.last_match).named_captures.fetch("args")
+            paths << T.must(arg).gsub(/["']/, "").strip
           end
           paths.uniq
         end
         def subproject_paths
-          subprojects = []
+          subprojects = T.let([], T::Array[String])
           comment_free_content.scan(function_regex("include")) do
-            args = Regexp.last_match.named_captures.fetch("args")
-            args = args.split(",")
+            args = T.must(Regexp.last_match).named_captures.fetch("args")
+            args = T.must(args).split(",")
             args = args.filter_map { |p| p.gsub(/["']/, "").strip }
             subprojects += args
           end

data/lib/dependabot/gradle/file_fetcher.rb CHANGED Viewed

@@ -1,7 +1,8 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "sorbet-runtime"
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
@@ -55,20 +56,21 @@ module Dependabot
         # buildSrc is implicit: included but not declared in settings.gradle
         buildsrc = repo_contents(dir: root_dir, raise_errors: false)
                    .find { |item| item.type == "dir" && item.name == "buildSrc" }
-        builds << clean_join(root_dir, "buildSrc") if buildsrc
+        builds << clean_join([root_dir, "buildSrc"]) if buildsrc
         return builds unless settings_file(root_dir)
         builds += SettingsFileParser
                   .new(settings_file: settings_file(root_dir))
                   .included_build_paths
-                  .map { |p| clean_join(root_dir, p) }
+                  .map { |p| clean_join([root_dir, p]) }
         builds.uniq
       end
-      def clean_join(*parts)
-        Pathname.new(File.join(*parts)).cleanpath.to_path
+      sig { params(parts: T::Array[String]).returns(String) }
+      def clean_join(parts)
+        Pathname.new(File.join(parts)).cleanpath.to_path
       end
       def subproject_buildfiles(root_dir)
@@ -144,7 +146,7 @@ module Dependabot
       def find_first(dir, supported_names)
         paths = supported_names
-                .map { |name| clean_join(dir, name) }
+                .map { |name| clean_join([dir, name]) }
                 .each do |path|
           return cached_files[path] || next
         end

data/lib/dependabot/gradle/file_parser/property_value_finder.rb CHANGED Viewed

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/gradle/file_parser"
 module Dependabot
   module Gradle
     class FileParser
       class PropertyValueFinder
+        extend T::Sig
         # rubocop:disable Layout/LineLength
         SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
@@ -129,8 +133,8 @@ module Dependabot
           prepared_content(buildfile).scan(SINGLE_PROPERTY_DECLARATION_REGEX) do
             declaration_string = Regexp.last_match.to_s.strip
-            captures = Regexp.last_match.named_captures
-            name = captures.fetch("name").sub(/^ext\./, "")
+            captures = T.must(Regexp.last_match).named_captures
+            name = T.must(captures.fetch("name")).sub(/^ext\./, "")
             unless properties.key?(name)
               properties[name] = {
@@ -149,13 +153,13 @@ module Dependabot
           prepared_content(buildfile)
             .scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
-              captures = Regexp.last_match.named_captures
+              captures = T.must(Regexp.last_match).named_captures
               namespace = captures.fetch("namespace")
-              captures.fetch("values")
-                      .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
+              T.must(captures.fetch("values"))
+               .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
                 declaration_string = Regexp.last_match.to_s.strip
-                sub_captures = Regexp.last_match.named_captures
+                sub_captures = T.must(Regexp.last_match).named_captures
                 name = sub_captures.fetch("name")
                 full_name = if namespace == "extra"
                               name
@@ -178,12 +182,12 @@ module Dependabot
           properties = {}
           prepared_content(buildfile).scan(MULTI_PROPERTY_DECLARATION_REGEX) do
-            captures = Regexp.last_match.named_captures
-            namespace = captures.fetch("namespace").sub(/^ext\./, "")
+            captures = T.must(Regexp.last_match).named_captures
+            namespace = T.must(captures.fetch("namespace")).sub(/^ext\./, "")
-            captures.fetch("values").scan(NAMESPACED_DECLARATION_REGEX) do
+            T.must(captures.fetch("values")).scan(NAMESPACED_DECLARATION_REGEX) do
               declaration_string = Regexp.last_match.to_s.strip
-              sub_captures = Regexp.last_match.named_captures
+              sub_captures = T.must(Regexp.last_match).named_captures
               name = sub_captures.fetch("name")
               full_name = [namespace, name].join(".")

data/lib/dependabot/gradle/file_parser/repositories_finder.rb CHANGED Viewed

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/gradle/file_parser"
 module Dependabot
   module Gradle
     class FileParser
       class RepositoriesFinder
+        extend T::Sig
         SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
         SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
@@ -58,14 +62,14 @@ module Dependabot
           subproject_blocks = []
           buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             subproject_blocks <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
           if top_level_buildfile != target_dependency_file
             buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
-              mtch = Regexp.last_match
+              mtch = T.must(Regexp.last_match)
               subproject_blocks <<
                 mtch.post_match[0..closing_bracket_index(mtch.post_match)]
             end
@@ -82,7 +86,7 @@ module Dependabot
           own_buildfile_urls = []
           subproject_buildfile_content = buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             buildfile_content.gsub(
               mtch.post_match[0..closing_bracket_index(mtch.post_match)],
               ""
@@ -101,7 +105,7 @@ module Dependabot
           dependency_resolution_management_repositories = []
           settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             dependency_resolution_management_repositories <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
@@ -114,7 +118,7 @@ module Dependabot
           repository_blocks = []
           buildfile_content.scan(REPOSITORIES_BLOCK_START) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             repository_blocks <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
@@ -129,7 +133,7 @@ module Dependabot
             repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
             block.scan(MAVEN_REPO_REGEX) do
-              repository_urls << Regexp.last_match.named_captures.fetch("url")
+              repository_urls << T.must(Regexp.last_match).named_captures.fetch("url")
             end
           end

data/lib/dependabot/gradle/file_parser.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "toml-rb"
 require "dependabot/dependency"
@@ -18,6 +19,8 @@ require "dependabot/gradle/version"
 module Dependabot
   module Gradle
     class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/property_value_finder"
@@ -148,10 +151,10 @@ module Dependabot
         dependency_set = DependencySet.new
         prepared_content(buildfile).scan(DEPENDENCY_DECLARATION_REGEX) do
-          declaration = Regexp.last_match.named_captures.fetch("declaration")
+          declaration = T.must(Regexp.last_match).named_captures.fetch("declaration")
-          group, name, version = declaration.split(":")
-          version, _packaging_type = version.split("@")
+          group, name, version = T.must(declaration).split(":")
+          version, _packaging_type = T.must(version).split("@")
           details = { group: group, name: name, version: version }
           dep = dependency_from(details_hash: details, buildfile: buildfile)
@@ -185,7 +188,7 @@ module Dependabot
         dependency_set_blocks = []
         prepared_content(buildfile).scan(DEPENDENCY_SET_DECLARATION_REGEX) do
-          mch = Regexp.last_match
+          mch = T.must(Regexp.last_match)
           dependency_set_blocks <<
             {
               arguments: mch.named_captures.fetch("arguments"),
@@ -218,7 +221,7 @@ module Dependabot
         plugin_blocks = []
         prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
-          mch = Regexp.last_match
+          mch = T.must(Regexp.last_match)
           plugin_blocks <<
             mch.post_match[0..closing_bracket_index(mch.post_match)]
         end
@@ -355,7 +358,7 @@ module Dependabot
         # Remove the dependencyVerification section added by Gradle Witness
         # (TODO: Support updating this in the FileUpdater)
         prepared_content.dup.scan(/dependencyVerification\s*{/) do
-          mtch = Regexp.last_match
+          mtch = T.must(Regexp.last_match)
           block = mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           prepared_content.gsub!(block, "")
         end

data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 require "sorbet-runtime"

data/lib/dependabot/gradle/file_updater.rb CHANGED Viewed

@@ -1,6 +1,8 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
+require "sorbet-runtime"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
 require "dependabot/gradle/file_parser"
@@ -8,6 +10,8 @@ require "dependabot/gradle/file_parser"
 module Dependabot
   module Gradle
     class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
       require_relative "file_updater/dependency_set_updater"
       require_relative "file_updater/property_value_updater"
@@ -159,7 +163,7 @@ module Dependabot
         result = string.dup
         string.scan(Gradle::FileParser::PROPERTY_REGEX) do
-          prop_name = Regexp.last_match.named_captures.fetch("property_name")
+          prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
           property_value = property_value_finder.property_value(
             property_name: prop_name,
             callsite_buildfile: buildfile

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.260.0
+  version: 0.261.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-06 00:00:00.000000000 Z
+date: 2024-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
 post_install_message:
 rdoc_options: []
 require_paths: