dependabot-gradle 0.381.0 → 0.382.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47a95a22f6928d61384fbdcad6a0f380e947cde49bb5e2b441fc30e9f878ea30
-  data.tar.gz: c2fbefa823a3cac3888e0a3976d0d17ae79a23501f124db73f344c73788ab42e
+  metadata.gz: 3a3b9947c1607a8ada6ef1d74f34deb403f2cf76196658ba15b0390976f96c23
+  data.tar.gz: f1471d46f94ed018c4ddfa41c90ab67333fc5a562f3db9e1d9b1a7145964c3bf
 SHA512:
-  metadata.gz: 92d0bfb78cfaf20469a27f89908bf0e1552d84f04b9a88dfe417529518be7773ed60e44851697885fb92f728d21055d21b95653d754161c8df607e4b516fe0e5
-  data.tar.gz: b046a8c623cf05a6375db35f3a6bbb983b4fb94ae764cddd925bf0a66a32df5af0546128bae318496dbbd3654027bd571f219e5d77fc08de9077cfd57860ee34
+  metadata.gz: 7d3a0d1e02c8fda4cb95d43834bce4d09e7eb591c8b2690e6e7e8ec2d40cb0c2128917fe129ee7d9c3683a4a5e6a5498351540430074b948bad4b9fd6c0a0fc1
+  data.tar.gz: d166b1faeacb7545f0c5327d68209fbbc980fce1a94ad9e6233dd227590ad8a0c8f1fae90380259ba60991850ba274cf6b468470bed59eeebe44085841921619

data/lib/dependabot/gradle/file_parser/distributions_finder.rb

@@ -26,30 +26,34 @@ module Dependabot
           version = match.fetch("version")
 
           requirements = T.let(
-            [{
-              requirement: version,
-              file: properties_file.name,
-              source: {
-                type: Distributions::DISTRIBUTION_DEPENDENCY_TYPE,
-                url: distribution_url,
-                property: "distributionUrl"
-              },
-              groups: []
-            }],
-            T::Array[T::Hash[Symbol, T.untyped]]
+            [DependencyRequirement.create(
+              {
+                requirement: version,
+                file: properties_file.name,
+                source: {
+                  type: Distributions::DISTRIBUTION_DEPENDENCY_TYPE,
+                  url: distribution_url,
+                  property: "distributionUrl"
+                },
+                groups: []
+              }
+            )],
+            T::Array[Dependabot::DependencyRequirement]
           )
 
           if checksum
-            requirements << {
-              requirement: checksum,
-              file: properties_file.name,
-              source: {
-                type: Distributions::DISTRIBUTION_DEPENDENCY_TYPE,
-                url: "#{distribution_url}.sha256",
-                property: "distributionSha256Sum"
-              },
-              groups: []
-            }
+            requirements << DependencyRequirement.create(
+              {
+                requirement: checksum,
+                file: properties_file.name,
+                source: {
+                  type: Distributions::DISTRIBUTION_DEPENDENCY_TYPE,
+                  url: "#{distribution_url}.sha256",
+                  property: "distributionSha256Sum"
+                },
+                groups: []
+              }
+            )
           end
 
           Dependency.new(

data/lib/dependabot/gradle/file_updater/wrapper_updater.rb

@@ -2,7 +2,9 @@
 # frozen_string_literal: true
 
 require "sorbet-runtime"
+require "base64"
 require "shellwords"
+require "pathname"
 
 require "dependabot/gradle/distributions"
 
@@ -39,15 +41,12 @@ module Dependabot
 
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/MethodLength
-        # rubocop:disable Metrics/PerceivedComplexity
         sig { params(build_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
         def update_files(build_file)
           # We only run this updater if it's a distribution dependency
           return [] unless Distributions.distribution_requirements?(dependency.requirements)
 
-          local_files = dependency_files.select do |file|
-            file.directory == build_file.directory && target_file?(file)
-          end
+          local_files = local_wrapper_files(build_file)
 
           # If we don't have any files in the build files don't generate one
           return [] unless local_files.any?
@@ -107,7 +106,6 @@ module Dependabot
         end
         # rubocop:enable Metrics/AbcSize
         # rubocop:enable Metrics/MethodLength
-        # rubocop:enable Metrics/PerceivedComplexity
 
         private
 
@@ -116,8 +114,48 @@ module Dependabot
           @target_files.any? { |r| "/#{file.name}".end_with?(r) }
         end
 
+        sig { params(build_file: Dependabot::DependencyFile).returns(T::Array[Dependabot::DependencyFile]) }
+        def local_wrapper_files(build_file)
+          wrapper_root = wrapper_root_for(build_file)
+
+          dependency_files.select do |file|
+            file.directory == build_file.directory && target_file_for_wrapper_root?(file, wrapper_root)
+          end
+        end
+
+        sig { params(file: Dependabot::DependencyFile, wrapper_root: String).returns(T::Boolean) }
+        def target_file_for_wrapper_root?(file, wrapper_root)
+          @target_files.any? do |target_file|
+            target_path = target_file.delete_prefix("/")
+            expected_path = wrapper_root.empty? ? target_path : File.join(wrapper_root, target_path)
+            file_path(file) == Pathname.new(expected_path).cleanpath.to_path
+          end
+        end
+
+        sig { params(build_file: Dependabot::DependencyFile).returns(String) }
+        def wrapper_root_for(build_file)
+          path = file_path(build_file)
+          root = if target_file?(build_file)
+                   File.dirname(path, 3)
+                 else
+                   File.dirname(path)
+                 end
+
+          root == "." ? "" : root
+        end
+
+        sig { params(file: Dependabot::DependencyFile).returns(String) }
+        def file_path(file)
+          Pathname.new(file.name).cleanpath.to_path
+        end
+
         # rubocop:disable Metrics/PerceivedComplexity
-        sig { params(requirements: T::Array[T::Hash[Symbol, T.untyped]], network_timeout: T.nilable(String)).returns(T::Array[String]) }
+        sig do
+          params(
+            requirements: T::Array[Dependabot::DependencyRequirement],
+            network_timeout: T.nilable(String)
+          ).returns(T::Array[String])
+        end
         def command_args(requirements, network_timeout)
           version = T.let(requirements[0]&.[](:requirement), String)
           checksum = T.let(requirements[1]&.[](:requirement), T.nilable(String)) if requirements.size > 1
@@ -191,7 +229,11 @@ module Dependabot
         end
         def update_files_content(temp_dir, local_files, updated_files)
           local_files.each do |file|
-            f_content = File.read(File.join(temp_dir, file.directory, file.name))
+            f_content = if file.binary?
+                          File.binread(File.join(temp_dir, file.directory, file.name))
+                        else
+                          File.read(File.join(temp_dir, file.directory, file.name))
+                        end
             tmp_file = file.dup
             tmp_file.content = tmp_file.binary? ? Base64.encode64(f_content) : f_content
             updated_files[T.must(updated_files.index(file))] = tmp_file
@@ -203,7 +245,7 @@ module Dependabot
           files_to_populate.each do |file|
             in_path_name = File.join(temp_dir, file.directory, file.name)
             FileUtils.mkdir_p(File.dirname(in_path_name))
-            File.write(in_path_name, file.content)
+            File.binwrite(in_path_name, file.decoded_content)
           end
         end
 

data/lib/dependabot/gradle/update_checker.rb

@@ -62,18 +62,20 @@ module Dependabot
         nil
       end
 
-      sig { override.returns(T::Array[T::Hash[Symbol, T.untyped]]) }
+      sig { override.returns(T::Array[Dependabot::DependencyRequirement]) }
       def updated_requirements
         property_names =
           declarations_using_a_property
           .map { |req| req.dig(:metadata, :property_name) }
 
-        RequirementsUpdater.new(
-          requirements: dependency.requirements,
-          latest_version: preferred_resolvable_version&.to_s,
-          source_url: preferred_version_details&.fetch(:source_url),
-          properties_to_update: property_names
-        ).updated_requirements
+        wrap_requirements(
+          RequirementsUpdater.new(
+            requirements: dependency.requirements,
+            latest_version: preferred_resolvable_version&.to_s,
+            source_url: preferred_version_details&.fetch(:source_url),
+            properties_to_update: property_names
+          ).updated_requirements
+        )
       end
 
       sig { override.returns(T::Boolean) }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.381.0
+  version: 0.382.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,28 +15,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.381.0
+        version: 0.382.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.381.0
+        version: 0.382.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.381.0
+        version: 0.382.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.381.0
+        version: 0.382.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -286,7 +286,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.381.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.382.0
 rdoc_options: []
 require_paths:
 - lib