dependabot-maven 0.118.4 → 0.118.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven.rb +1 -1
  3. data/lib/dependabot/maven/file_parser.rb +10 -2
  4. data/lib/dependabot/maven/file_updater/declaration_finder.rb +5 -0
  5. data/lib/dependabot/maven/metadata_finder.rb +10 -7
  6. data/lib/dependabot/maven/update_checker/version_finder.rb +5 -3
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c0088a0eec99945aa2daf48a12086a6e9e3fbe80962a76723e1138eaa501a8c7
4
- data.tar.gz: abbf5ae6535360383b8bc72bb50c09d90ff01b2904ca63a647524f41f6c8d79f
3
+ metadata.gz: a8eec585634e8400b0c7e52435131f9bb4088e6dd5882e373a910f1e5d676cc1
4
+ data.tar.gz: a561b5b8e476ce5ed3ac553f919f39a21da9536453a45d0b461b757c7c2f0518
5
5
  SHA512:
6
- metadata.gz: 79c3f3eb6e170677d135ecb857b2940d569238216923b09eeaa7bb9f7447da95f1c535a97eeb825e70f326c34c3780fb41bbd43b978248fa848ff510e5c9d086
7
- data.tar.gz: 14914d79cc71be63be4fefbc51fa6150e7d433b4b17658d0b060a3c7c470123ee9031c171cb667940b8408f28c45046bb30692396aa046ca369e5424c3286c35
6
+ metadata.gz: c63c4533b7cb12731ad1d7c410f310e80bbcabfbb2a95a7cfcdbef5619af75a3f03c3978f086e5877ba72c837b4d6f192f7e89982af0d888c6c210d79457d5f4
7
+ data.tar.gz: d3cfdbfbb85d5d846d39531b0e6c6b54cdf8d641ee6b7a34ac9ae3d13e0be8dc2d15dd9b0bb8890b10d4701884d580d702aeaf9a96fce5acc06fb48c2bf567ca
data/lib/dependabot/maven.rb CHANGED
@@ -22,7 +22,7 @@ Dependabot::Dependency.
22
22
  register_display_name_builder(
23
23
  "maven",
24
24
  lambda { |name|
25
- artifact_id = name.split(":").last
25
+ _group_id, artifact_id, _classifier = name.split(":")
26
26
  %w(bom library).include?(artifact_id) ? name : artifact_id
27
27
  }
28
28
  )
data/lib/dependabot/maven/file_parser.rb CHANGED
@@ -104,7 +104,7 @@ module Dependabot
104
104
  return unless dependency_node.at_xpath("./groupId")
105
105
  return unless dependency_node.at_xpath("./artifactId")
106
106
 
107
- [
107
+ name = [
108
108
  evaluated_value(
109
109
  dependency_node.at_xpath("./groupId").content.strip,
110
110
  pom
@@ -114,6 +114,15 @@ module Dependabot
114
114
  pom
115
115
  )
116
116
  ].join(":")
117
+
118
+ if dependency_node.at_xpath("./classifier")
119
+ name += ":#{evaluated_value(
120
+ dependency_node.at_xpath('./classifier').content.strip,
121
+ pom
122
+ )}"
123
+ end
124
+
125
+ name
117
126
  end
118
127
 
119
128
  def plugin_name(dependency_node, pom)
@@ -185,7 +194,6 @@ module Dependabot
185
194
  return unless dependency_node.at_xpath("./version")
186
195
 
187
196
  version_content = dependency_node.at_xpath("./version").content.strip
188
-
189
197
  return unless version_content.match?(PROPERTY_REGEX)
190
198
 
191
199
  version_content.
data/lib/dependabot/maven/file_updater/declaration_finder.rb CHANGED
@@ -57,6 +57,11 @@ module Dependabot
57
57
  evaluated_value(node.at_xpath("./*/artifactId").content.strip)
58
58
  ].compact.join(":")
59
59
 
60
+ if node.at_xpath("./*/classifier")
61
+ node_name += ":#{evaluated_value(node.at_xpath('./*/classifier').
62
+ content.strip)}"
63
+ end
64
+
60
65
  next false unless node_name == dependency_name
61
66
  next false unless packaging_type_matches?(node)
62
67
  next false unless scope_matches?(node)
data/lib/dependabot/maven/metadata_finder.rb CHANGED
@@ -23,8 +23,7 @@ module Dependabot
23
23
  tmp_source = look_up_source_in_pom(parent)
24
24
  return unless tmp_source
25
25
 
26
- artifact = dependency.name.split(":").last
27
- return tmp_source if tmp_source.repo.end_with?(artifact)
26
+ return tmp_source if tmp_source.repo.end_with?(dependency_artifact_id)
28
27
  return tmp_source if repo_has_subdir_for_dep?(tmp_source)
29
28
  end
30
29
 
@@ -34,14 +33,13 @@ module Dependabot
34
33
  return @repo_has_subdir_for_dep[tmp_source]
35
34
  end
36
35
 
37
- artifact = dependency.name.split(":").last
38
36
  fetcher =
39
37
  FileFetchers::Base.new(source: tmp_source, credentials: credentials)
40
38
 
41
39
  @repo_has_subdir_for_dep[tmp_source] =
42
40
  fetcher.send(:repo_contents, raise_errors: false).
43
41
  select { |f| f.type == "dir" }.
44
- any? { |f| artifact.end_with?(f.name) }
42
+ any? { |f| dependency_artifact_id.end_with?(f.name) }
45
43
  rescue Dependabot::BranchNotFound
46
44
  tmp_source.branch = nil
47
45
  retry
@@ -96,18 +94,17 @@ module Dependabot
96
94
 
97
95
  github_urls.find do |url|
98
96
  repo = Source.from_url(url).repo
99
- repo.end_with?(dependency.name.split(":").last)
97
+ repo.end_with?(dependency_artifact_id)
100
98
  end
101
99
  end
102
100
 
103
101
  def dependency_pom_file
104
102
  return @dependency_pom_file unless @dependency_pom_file.nil?
105
103
 
106
- artifact_id = dependency.name.split(":").last
107
104
  response = Excon.get(
108
105
  "#{maven_repo_dependency_url}/"\
109
106
  "#{dependency.version}/"\
110
- "#{artifact_id}-#{dependency.version}.pom",
107
+ "#{dependency_artifact_id}-#{dependency.version}.pom",
111
108
  headers: auth_details,
112
109
  idempotent: true,
113
110
  **SharedHelpers.excon_defaults
@@ -118,6 +115,12 @@ module Dependabot
118
115
  @dependency_pom_file = Nokogiri::XML("")
119
116
  end
120
117
 
118
+ def dependency_artifact_id
119
+ _group_id, artifact_id, _classifier = dependency.name.split(":")
120
+
121
+ artifact_id
122
+ end
123
+
121
124
  def parent_pom_file(pom)
122
125
  doc = pom.dup
123
126
  doc.remove_namespaces!
data/lib/dependabot/maven/update_checker/version_finder.rb CHANGED
@@ -173,6 +173,7 @@ module Dependabot
173
173
  **Dependabot::SharedHelpers.excon_defaults
174
174
  )
175
175
  check_response(response, repository_details.fetch("url"))
176
+
176
177
  Nokogiri::XML(response.body)
177
178
  rescue URI::InvalidURIError
178
179
  Nokogiri::XML("")
@@ -248,7 +249,7 @@ module Dependabot
248
249
  end
249
250
 
250
251
  def dependency_metadata_url(repository_url)
251
- group_id, artifact_id = dependency.name.split(":")
252
+ group_id, artifact_id, _classifier = dependency.name.split(":")
252
253
 
253
254
  "#{repository_url}/"\
254
255
  "#{group_id.tr('.', '/')}/"\
@@ -257,15 +258,16 @@ module Dependabot
257
258
  end
258
259
 
259
260
  def dependency_files_url(repository_url, version)
260
- group_id, artifact_id = dependency.name.split(":")
261
+ group_id, artifact_id, classifier = dependency.name.split(":")
261
262
  type = dependency.requirements.first.
262
263
  dig(:metadata, :packaging_type)
263
264
 
265
+ actual_classifier = classifier.nil? ? "" : "-#{classifier}"
264
266
  "#{repository_url}/"\
265
267
  "#{group_id.tr('.', '/')}/"\
266
268
  "#{artifact_id}/"\
267
269
  "#{version}/"\
268
- "#{artifact_id}-#{version}.#{type}"
270
+ "#{artifact_id}-#{version}#{actual_classifier}.#{type}"
269
271
  end
270
272
 
271
273
  def version_class
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.118.4
4
+ version: 0.118.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-19 00:00:00.000000000 Z
11
+ date: 2020-06-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.118.4
19
+ version: 0.118.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.118.4
26
+ version: 0.118.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement