dependabot-gradle 0.260.0 → 0.261.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1d06e275b2914f81902c579e3be9813cd0e25e41a4aa54f5ca5ddd8340bdab7
-  data.tar.gz: bcf85d46e164d8f0fd3e71eca7ac21588c093f7e767446adac73ec9082027adf
+  metadata.gz: 57b5251fc125465f162e62156269e89fedac11a6f1638b370fb966baa655bfbd
+  data.tar.gz: f44e4843e3b4907a0ad41731704af0fbea47112721bd9e8a1ea9fa23708732a5
 SHA512:
-  metadata.gz: 7c6007c83c51ed0de37bb65d5194d3bb43ad2f43a0b38a03beb910580c07291e0519623b020e157b5c5600a85ea95962ea47c4441b1880ebd8adbfed05408491
-  data.tar.gz: 7abb9fc65243534b542072569586a0bdb57bd0f462b052990c11deb3ee31007fb0f776a53c331af34a2fd2d5daae70b7d48e0904152ba6a5ab5d7f25fea366ab
+  metadata.gz: b0051586076a8c3e66487f740eec446a5284ba122e5a42000e66dc45b7d9a49dfac5e98de2d35fcba66dfd069b8ff1ecc492a90642e6fac100181d24265ebcef
+  data.tar.gz: da364819c848465abd2322ed735a625e659d91dcb725f62665dc949351b4d1d8dcbb11451381549a4947765b6cf0a4b80e3e66047babe401b2b863fe311335ed

data/lib/dependabot/gradle/file_fetcher/settings_file_parser.rb

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 require "dependabot/gradle/file_fetcher"
 
 module Dependabot
   module Gradle
     class FileFetcher
       class SettingsFileParser
+        extend T::Sig
+
         def initialize(settings_file:)
           @settings_file = settings_file
         end
@@ -14,18 +18,18 @@ module Dependabot
         def included_build_paths
           paths = []
           comment_free_content.scan(function_regex("includeBuild")) do
-            arg = Regexp.last_match.named_captures.fetch("args")
-            paths << arg.gsub(/["']/, "").strip
+            arg = T.must(Regexp.last_match).named_captures.fetch("args")
+            paths << T.must(arg).gsub(/["']/, "").strip
           end
           paths.uniq
         end
 
         def subproject_paths
-          subprojects = []
+          subprojects = T.let([], T::Array[String])
 
           comment_free_content.scan(function_regex("include")) do
-            args = Regexp.last_match.named_captures.fetch("args")
-            args = args.split(",")
+            args = T.must(Regexp.last_match).named_captures.fetch("args")
+            args = T.must(args).split(",")
             args = args.filter_map { |p| p.gsub(/["']/, "").strip }
             subprojects += args
           end

data/lib/dependabot/gradle/file_fetcher.rb

@@ -1,7 +1,8 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
 
@@ -55,20 +56,21 @@ module Dependabot
         # buildSrc is implicit: included but not declared in settings.gradle
         buildsrc = repo_contents(dir: root_dir, raise_errors: false)
                    .find { |item| item.type == "dir" && item.name == "buildSrc" }
-        builds << clean_join(root_dir, "buildSrc") if buildsrc
+        builds << clean_join([root_dir, "buildSrc"]) if buildsrc
 
         return builds unless settings_file(root_dir)
 
         builds += SettingsFileParser
                   .new(settings_file: settings_file(root_dir))
                   .included_build_paths
-                  .map { |p| clean_join(root_dir, p) }
+                  .map { |p| clean_join([root_dir, p]) }
 
         builds.uniq
       end
 
-      def clean_join(*parts)
-        Pathname.new(File.join(*parts)).cleanpath.to_path
+      sig { params(parts: T::Array[String]).returns(String) }
+      def clean_join(parts)
+        Pathname.new(File.join(parts)).cleanpath.to_path
       end
 
       def subproject_buildfiles(root_dir)
@@ -144,7 +146,7 @@ module Dependabot
 
       def find_first(dir, supported_names)
         paths = supported_names
-                .map { |name| clean_join(dir, name) }
+                .map { |name| clean_join([dir, name]) }
                 .each do |path|
           return cached_files[path] || next
         end

data/lib/dependabot/gradle/file_parser/property_value_finder.rb

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 require "dependabot/gradle/file_parser"
 
 module Dependabot
   module Gradle
     class FileParser
       class PropertyValueFinder
+        extend T::Sig
+
         # rubocop:disable Layout/LineLength
         SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
 
@@ -129,8 +133,8 @@ module Dependabot
 
           prepared_content(buildfile).scan(SINGLE_PROPERTY_DECLARATION_REGEX) do
             declaration_string = Regexp.last_match.to_s.strip
-            captures = Regexp.last_match.named_captures
-            name = captures.fetch("name").sub(/^ext\./, "")
+            captures = T.must(Regexp.last_match).named_captures
+            name = T.must(captures.fetch("name")).sub(/^ext\./, "")
 
             unless properties.key?(name)
               properties[name] = {
@@ -149,13 +153,13 @@ module Dependabot
 
           prepared_content(buildfile)
             .scan(KOTLIN_BLOCK_PROPERTY_DECLARATION_REGEX) do
-              captures = Regexp.last_match.named_captures
+              captures = T.must(Regexp.last_match).named_captures
               namespace = captures.fetch("namespace")
 
-              captures.fetch("values")
-                      .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
+              T.must(captures.fetch("values"))
+               .scan(KOTLIN_SINGLE_PROPERTY_SET_REGEX) do
                 declaration_string = Regexp.last_match.to_s.strip
-                sub_captures = Regexp.last_match.named_captures
+                sub_captures = T.must(Regexp.last_match).named_captures
                 name = sub_captures.fetch("name")
                 full_name = if namespace == "extra"
                               name
@@ -178,12 +182,12 @@ module Dependabot
           properties = {}
 
           prepared_content(buildfile).scan(MULTI_PROPERTY_DECLARATION_REGEX) do
-            captures = Regexp.last_match.named_captures
-            namespace = captures.fetch("namespace").sub(/^ext\./, "")
+            captures = T.must(Regexp.last_match).named_captures
+            namespace = T.must(captures.fetch("namespace")).sub(/^ext\./, "")
 
-            captures.fetch("values").scan(NAMESPACED_DECLARATION_REGEX) do
+            T.must(captures.fetch("values")).scan(NAMESPACED_DECLARATION_REGEX) do
               declaration_string = Regexp.last_match.to_s.strip
-              sub_captures = Regexp.last_match.named_captures
+              sub_captures = T.must(Regexp.last_match).named_captures
               name = sub_captures.fetch("name")
               full_name = [namespace, name].join(".")
 

data/lib/dependabot/gradle/file_parser/repositories_finder.rb

@@ -1,12 +1,16 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 require "dependabot/gradle/file_parser"
 
 module Dependabot
   module Gradle
     class FileParser
       class RepositoriesFinder
+        extend T::Sig
+
         SUPPORTED_BUILD_FILE_NAMES = %w(build.gradle build.gradle.kts).freeze
         SUPPORTED_SETTINGS_FILE_NAMES = %w(settings.gradle settings.gradle.kts).freeze
 
@@ -58,14 +62,14 @@ module Dependabot
           subproject_blocks = []
 
           buildfile_content.scan(/(?:^|\s)allprojects\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             subproject_blocks <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
 
           if top_level_buildfile != target_dependency_file
             buildfile_content.scan(/(?:^|\s)subprojects\s*\{/) do
-              mtch = Regexp.last_match
+              mtch = T.must(Regexp.last_match)
               subproject_blocks <<
                 mtch.post_match[0..closing_bracket_index(mtch.post_match)]
             end
@@ -82,7 +86,7 @@ module Dependabot
           own_buildfile_urls = []
 
           subproject_buildfile_content = buildfile_content.dup.scan(/(?:^|\s)subprojects\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             buildfile_content.gsub(
               mtch.post_match[0..closing_bracket_index(mtch.post_match)],
               ""
@@ -101,7 +105,7 @@ module Dependabot
           dependency_resolution_management_repositories = []
 
           settings_file_content.scan(/(?:^|\s)dependencyResolutionManagement\s*\{/) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             dependency_resolution_management_repositories <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
@@ -114,7 +118,7 @@ module Dependabot
 
           repository_blocks = []
           buildfile_content.scan(REPOSITORIES_BLOCK_START) do
-            mtch = Regexp.last_match
+            mtch = T.must(Regexp.last_match)
             repository_blocks <<
               mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           end
@@ -129,7 +133,7 @@ module Dependabot
             repository_urls << GRADLE_PLUGINS_REPO if block.match?(/\sgradlePluginPortal\(/)
 
             block.scan(MAVEN_REPO_REGEX) do
-              repository_urls << Regexp.last_match.named_captures.fetch("url")
+              repository_urls << T.must(Regexp.last_match).named_captures.fetch("url")
             end
           end
 

data/lib/dependabot/gradle/file_parser.rb

@@ -1,6 +1,7 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
 require "toml-rb"
 
 require "dependabot/dependency"
@@ -18,6 +19,8 @@ require "dependabot/gradle/version"
 module Dependabot
   module Gradle
     class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/property_value_finder"
 
@@ -148,10 +151,10 @@ module Dependabot
         dependency_set = DependencySet.new
 
         prepared_content(buildfile).scan(DEPENDENCY_DECLARATION_REGEX) do
-          declaration = Regexp.last_match.named_captures.fetch("declaration")
+          declaration = T.must(Regexp.last_match).named_captures.fetch("declaration")
 
-          group, name, version = declaration.split(":")
-          version, _packaging_type = version.split("@")
+          group, name, version = T.must(declaration).split(":")
+          version, _packaging_type = T.must(version).split("@")
           details = { group: group, name: name, version: version }
 
           dep = dependency_from(details_hash: details, buildfile: buildfile)
@@ -185,7 +188,7 @@ module Dependabot
         dependency_set_blocks = []
 
         prepared_content(buildfile).scan(DEPENDENCY_SET_DECLARATION_REGEX) do
-          mch = Regexp.last_match
+          mch = T.must(Regexp.last_match)
           dependency_set_blocks <<
             {
               arguments: mch.named_captures.fetch("arguments"),
@@ -218,7 +221,7 @@ module Dependabot
         plugin_blocks = []
 
         prepared_content(buildfile).scan(PLUGIN_BLOCK_DECLARATION_REGEX) do
-          mch = Regexp.last_match
+          mch = T.must(Regexp.last_match)
           plugin_blocks <<
             mch.post_match[0..closing_bracket_index(mch.post_match)]
         end
@@ -355,7 +358,7 @@ module Dependabot
         # Remove the dependencyVerification section added by Gradle Witness
         # (TODO: Support updating this in the FileUpdater)
         prepared_content.dup.scan(/dependencyVerification\s*{/) do
-          mtch = Regexp.last_match
+          mtch = T.must(Regexp.last_match)
           block = mtch.post_match[0..closing_bracket_index(mtch.post_match)]
           prepared_content.gsub!(block, "")
         end

data/lib/dependabot/gradle/file_updater/dependency_set_updater.rb

@@ -1,4 +1,4 @@
-# typed: strict
+# typed: strong
 # frozen_string_literal: true
 
 require "sorbet-runtime"

data/lib/dependabot/gradle/file_updater.rb

@@ -1,6 +1,8 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 
+require "sorbet-runtime"
+
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
 require "dependabot/gradle/file_parser"
@@ -8,6 +10,8 @@ require "dependabot/gradle/file_parser"
 module Dependabot
   module Gradle
     class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
       require_relative "file_updater/dependency_set_updater"
       require_relative "file_updater/property_value_updater"
 
@@ -159,7 +163,7 @@ module Dependabot
         result = string.dup
 
         string.scan(Gradle::FileParser::PROPERTY_REGEX) do
-          prop_name = Regexp.last_match.named_captures.fetch("property_name")
+          prop_name = T.must(Regexp.last_match).named_captures.fetch("property_name")
           property_value = property_value_finder.property_value(
             property_name: prop_name,
             callsite_buildfile: buildfile

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.260.0
+  version: 0.261.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-06-06 00:00:00.000000000 Z
+date: 2024-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.260.0
+        version: 0.261.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.260.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.261.0
 post_install_message: 
 rdoc_options: []
 require_paths: