dependabot-maven 0.118.5 → 0.118.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/update_checker/version_finder.rb +9 -1
- metadata +7 -21
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbf9089bd0a80a506df04e845be4f4e1e1464e45c49ea14d7cfc5544bb0fe496
|
|
4
|
+
data.tar.gz: c55c2f69f8f7162b83f9bc1cc1ba68123e32bc393a46254001bb6a266b3081f3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 548bff0e8288edcf00a578b0b173ecb8a8b969a5032718aaebc4c32e25c739e5ae9a29714548627855094bf5a9d7e830fde57571af72ee301f9ddbe48c16ebdb
|
|
7
|
+
data.tar.gz: 66a861cba806d5909da5d50d59a866b021354697bc1b859b56502d52414c40b438117bbd3d066ec27aa922efbacde55bbda6af85eeb744dff38f8492b0e68b86
|
|
@@ -13,6 +13,8 @@ module Dependabot
|
|
|
13
13
|
class VersionFinder
|
|
14
14
|
TYPE_SUFFICES = %w(jre android java).freeze
|
|
15
15
|
|
|
16
|
+
MAVEN_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
|
|
17
|
+
|
|
16
18
|
def initialize(dependency:, dependency_files:, credentials:,
|
|
17
19
|
ignored_versions:, security_advisories:,
|
|
18
20
|
raise_on_ignored: false)
|
|
@@ -94,7 +96,7 @@ module Dependabot
|
|
|
94
96
|
filtered = possible_versions
|
|
95
97
|
|
|
96
98
|
ignored_versions.each do |req|
|
|
97
|
-
ignore_req = Maven::Requirement.new(req
|
|
99
|
+
ignore_req = Maven::Requirement.new(parse_requirement_string(req))
|
|
98
100
|
filtered =
|
|
99
101
|
filtered.
|
|
100
102
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
|
@@ -107,6 +109,12 @@ module Dependabot
|
|
|
107
109
|
filtered
|
|
108
110
|
end
|
|
109
111
|
|
|
112
|
+
def parse_requirement_string(string)
|
|
113
|
+
return string if string.match?(MAVEN_RANGE_REGEX)
|
|
114
|
+
|
|
115
|
+
string.split(",").map(&:strip)
|
|
116
|
+
end
|
|
117
|
+
|
|
110
118
|
def filter_vulnerable_versions(possible_versions)
|
|
111
119
|
versions_array = possible_versions
|
|
112
120
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.118.
|
|
4
|
+
version: 0.118.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-06
|
|
11
|
+
date: 2020-08-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.118.
|
|
19
|
+
version: 0.118.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.118.
|
|
26
|
+
version: 0.118.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -94,34 +94,20 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.2'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rspec_junit_formatter
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - "~>"
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: '0.4'
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - "~>"
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: '0.4'
|
|
111
97
|
- !ruby/object:Gem::Dependency
|
|
112
98
|
name: rubocop
|
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
|
114
100
|
requirements:
|
|
115
101
|
- - "~>"
|
|
116
102
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 0.
|
|
103
|
+
version: 0.88.0
|
|
118
104
|
type: :development
|
|
119
105
|
prerelease: false
|
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
107
|
requirements:
|
|
122
108
|
- - "~>"
|
|
123
109
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 0.
|
|
110
|
+
version: 0.88.0
|
|
125
111
|
- !ruby/object:Gem::Dependency
|
|
126
112
|
name: vcr
|
|
127
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -191,7 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
191
177
|
- !ruby/object:Gem::Version
|
|
192
178
|
version: 2.5.0
|
|
193
179
|
requirements: []
|
|
194
|
-
rubygems_version: 3.
|
|
180
|
+
rubygems_version: 3.1.2
|
|
195
181
|
signing_key:
|
|
196
182
|
specification_version: 4
|
|
197
183
|
summary: Maven support for dependabot
|