dependabot-gradle 0.266.0 → 0.267.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/gradle/file_updater.rb +7 -4
  3. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d17925a5734dff621ac18c9b0a9a76cb9aa531da318cb393e7e57bae8d8b2db
4
- data.tar.gz: 30081f3974d5d5d0f2d56cc8a6a59d528261b9fad82366f468fee4667d9a0631
3
+ metadata.gz: 1346290099592256e39b2cd611ff649d841ab10f04d5bf88576591f7f7f4bab2
4
+ data.tar.gz: e7ad97b5780c7541240916df2bb08fbf14f2b569f3ee628d0fd6231da196ff8b
5
5
  SHA512:
6
- metadata.gz: 9014c635864a682db778c62a7a10a317f6365ca974d6cbe8928714462b9aec0fbe8fff218cee9040cc34599897940996d1337f8e9e5b4f01f9865e6a187a931f
7
- data.tar.gz: dd183b373aba66c73571cf2f81fd26613faf1d12662d312f7dd2c7deeee2431ddc1c73175bbf6930f2233d821948c34fba21da6b98d4a61faf17a70609fa8665
6
+ metadata.gz: 32634209817fda63e8a8b7f39addf4878146a5bc1ec0536ade28156f797b307ad4d0aacd6ac5a92e4c9614116c6beaea6d983dbb73b354c4a60917810bd945b8
7
+ data.tar.gz: a93fe84388d96ef9947892098de97cfc55a77af55bcf9391d1ac580b348370b29ce97e7e3ea28273f0dd8c38668a5c58a04f7aec384858d85de428e17483afd3
data/lib/dependabot/gradle/file_updater.rb CHANGED
@@ -56,6 +56,7 @@ module Dependabot
56
56
 
57
57
  def update_buildfiles_for_dependency(buildfiles:, dependency:)
58
58
  files = buildfiles.dup
59
+
59
60
  # The UpdateChecker ensures the order of requirements is preserved
60
61
  # when updating, so we can zip them together in new/old pairs.
61
62
  reqs = dependency.requirements.zip(dependency.previous_requirements)
@@ -68,10 +69,12 @@ module Dependabot
68
69
 
69
70
  buildfile = files.find { |f| f.name == new_req.fetch(:file) }
70
71
 
71
- # Exception raised to handle issue that arises when buildfiles function (see this file)
72
- # removes the build file that contains the dependency itself. So no build file exists to
73
- # update dependency, This behaviour is evident for extremely small number of users
74
- # that have added separate repos as sub-modules in parent projects
72
+ # Currently, Dependabot assumes that Gradle projects using Gradle submodules are all in a single
73
+ # repo. However, some projects are actually using git submodule references for the Gradle submodules.
74
+ # When this happens, Dependabot's FileFetcher thinks the Gradle submodules are eligible for update,
75
+ # but then the FileUpdater filters out the git submodule reference from the build file. So we end up
76
+ # with no relevant build file, leaving us with no way to update that dependency.
77
+ # TODO: Figure out a way to actually navigate this rather than throwing an exception.
75
78
 
76
79
  raise DependencyFileNotResolvable, "No build file found to update the dependency" if buildfile.nil?
77
80
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-gradle
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.266.0
4
+ version: 0.267.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-18 00:00:00.000000000 Z
11
+ date: 2024-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.266.0
19
+ version: 0.267.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.266.0
26
+ version: 0.267.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: dependabot-maven
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 0.266.0
33
+ version: 0.267.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 0.266.0
40
+ version: 0.267.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: debug
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -277,7 +277,7 @@ licenses:
277
277
  - MIT
278
278
  metadata:
279
279
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
280
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.266.0
280
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
281
281
  post_install_message:
282
282
  rdoc_options: []
283
283
  require_paths: