gradle: Support multiple version catalogs

[dimitripantelli]

What are you trying to accomplish?

Currently dependabot-core only supports a single Gradle version catalog located at the default path gradle/libs.versions.toml. However Gradle supports defining multiple catalogs and locating them in arbitrary paths via settings.gradle¹. This change affords Dependabot the ability to update dependencies for catalogs defined beyond the canonical location.

This PR updates the SettingsFileParser to discover additional version catalogs declared in settings.gradle. The parser extracts catalog paths by identifying from(files(...)) declarations within versionCatalogs blocks in the dependencyResolutionManagement section, supporting both Groovy and Kotlin DSL syntax.

The work continues to include the standard gradle/libs.versions.toml by default (even if not explicitly declared).

Resolves

• Support non-standard Gradle library catalog locations #8079
• And two issues marked as stale due to inactivity
  * Support custom version catalogs configured through settings.gradle[.kts] #6831
  * Support custom non-toml version catalogs configured through settings.gradle[.kts] #6838

This supersedes #12996.

Anything you want to highlight for special attention from reviewers?

The current parser uses Regex to capture paths. A more complete approach would be using the Gradle Tooling API (#1164) when that work is in place.

This is my first contribution to the project (in fact, any open-source project) so please let me know if there's anything to adjust and I'll endeavour to do so. If this PR is accepted, I'll follow up with a PR to github/docs to reflect the change.

How will you know you've accomplished your goal?

Updated specs to include test cases for

• Extracting catalog paths from settings.gradle
• Fetching multiple .toml files
• Parsing dependencies across multiple catalog files

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

Footnotes

1. https://docs.gradle.org/current/userguide/version_catalogs.html#sec:multiple-catalogs ↩