dependabot-maven 0.124.8 → 0.125.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +2 -6
- data/lib/dependabot/maven/file_parser/repositories_finder.rb +1 -3
- data/lib/dependabot/maven/file_updater.rb +1 -3
- data/lib/dependabot/maven/file_updater/declaration_finder.rb +1 -3
- data/lib/dependabot/maven/metadata_finder.rb +1 -3
- data/lib/dependabot/maven/requirement.rb +1 -3
- data/lib/dependabot/maven/update_checker/requirements_updater.rb +1 -3
- data/lib/dependabot/maven/update_checker/version_finder.rb +2 -6
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e228fb81485821fcdacacd33365a67486d9ca6e79aeef0c01a603a5804a00f0b
|
|
4
|
+
data.tar.gz: c1fd31025d1f3259c897d70a0b420648ef00cf78098f9fbeece1c6de968a8218
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e2f7b01aa016554113375c5b54de144964c8560fff704f049408ffa1eafe9389f4d154a34d0c91bb5fb1cd0c5826a680c1d350cf3a71a5dc191ff7d4b50d5c68
|
|
7
|
+
data.tar.gz: 76e24e9da4f1944c8b837b2e865f74d791cdfc4a204bcd71d1c1c8efbe18327da2bbdcbf6207a55b04b8398a98ba9ea3f957f3ffefeb0872f723b768bf0751c8
|
|
@@ -42,9 +42,7 @@ module Dependabot
|
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
# If we found a property, return it
|
|
45
|
-
if node
|
|
46
|
-
return { file: pom.name, node: node, value: node.content.strip }
|
|
47
|
-
end
|
|
45
|
+
return { file: pom.name, node: node, value: node.content.strip } if node
|
|
48
46
|
|
|
49
47
|
# Otherwise, look for a value in this pom's parent
|
|
50
48
|
return unless (parent = parent_pom(pom))
|
|
@@ -99,9 +97,7 @@ module Dependabot
|
|
|
99
97
|
|
|
100
98
|
name = [group_id, artifact_id].join(":")
|
|
101
99
|
|
|
102
|
-
if internal_dependency_poms[name]
|
|
103
|
-
return internal_dependency_poms[name]
|
|
104
|
-
end
|
|
100
|
+
return internal_dependency_poms[name] if internal_dependency_poms[name]
|
|
105
101
|
|
|
106
102
|
return unless version && !version.include?(",")
|
|
107
103
|
|
|
@@ -74,9 +74,7 @@ module Dependabot
|
|
|
74
74
|
|
|
75
75
|
name = [group_id, artifact_id].join(":")
|
|
76
76
|
|
|
77
|
-
if internal_dependency_poms[name]
|
|
78
|
-
return internal_dependency_poms[name]
|
|
79
|
-
end
|
|
77
|
+
return internal_dependency_poms[name] if internal_dependency_poms[name]
|
|
80
78
|
|
|
81
79
|
return unless version && !version.include?(",")
|
|
82
80
|
|
|
@@ -32,9 +32,7 @@ module Dependabot
|
|
|
32
32
|
updated_files.reject! { |f| original_pomfiles.include?(f) }
|
|
33
33
|
|
|
34
34
|
raise "No files changed!" if updated_files.none?
|
|
35
|
-
if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
|
|
36
|
-
raise "Updated a supporting POM!"
|
|
37
|
-
end
|
|
35
|
+
raise "Updated a supporting POM!" if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
|
|
38
36
|
|
|
39
37
|
updated_files
|
|
40
38
|
end
|
|
@@ -71,9 +71,7 @@ module Dependabot
|
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
def node_group_id(node)
|
|
74
|
-
unless node.at_xpath("./*/groupId") || node.at_xpath("./plugin")
|
|
75
|
-
return
|
|
76
|
-
end
|
|
74
|
+
return unless node.at_xpath("./*/groupId") || node.at_xpath("./plugin")
|
|
77
75
|
return "org.apache.maven.plugins" unless node.at_xpath("./*/groupId")
|
|
78
76
|
|
|
79
77
|
evaluated_value(node.at_xpath("./*/groupId").content.strip)
|
|
@@ -29,9 +29,7 @@ module Dependabot
|
|
|
29
29
|
|
|
30
30
|
def repo_has_subdir_for_dep?(tmp_source)
|
|
31
31
|
@repo_has_subdir_for_dep ||= {}
|
|
32
|
-
if @repo_has_subdir_for_dep.key?(tmp_source)
|
|
33
|
-
return @repo_has_subdir_for_dep[tmp_source]
|
|
34
|
-
end
|
|
32
|
+
return @repo_has_subdir_for_dep[tmp_source] if @repo_has_subdir_for_dep.key?(tmp_source)
|
|
35
33
|
|
|
36
34
|
fetcher =
|
|
37
35
|
FileFetchers::Base.new(source: tmp_source, credentials: credentials)
|
|
@@ -62,9 +62,7 @@ module Dependabot
|
|
|
62
62
|
raise "Can't convert multiple Java reqs to a single Ruby one"
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
if req_string&.include?(",")
|
|
66
|
-
return convert_java_range_to_ruby_range(req_string)
|
|
67
|
-
end
|
|
65
|
+
return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
|
|
68
66
|
|
|
69
67
|
convert_java_equals_req_to_ruby(req_string)
|
|
70
68
|
end
|
|
@@ -34,9 +34,7 @@ module Dependabot
|
|
|
34
34
|
next req if req.fetch(:requirement).include?(",")
|
|
35
35
|
|
|
36
36
|
property_name = req.dig(:metadata, :property_name)
|
|
37
|
-
if property_name && !properties_to_update.include?(property_name)
|
|
38
|
-
next req
|
|
39
|
-
end
|
|
37
|
+
next req if property_name && !properties_to_update.include?(property_name)
|
|
40
38
|
|
|
41
39
|
new_req = update_requirement(req[:requirement])
|
|
42
40
|
req.merge(requirement: new_req, source: updated_source)
|
|
@@ -62,9 +62,7 @@ module Dependabot
|
|
|
62
62
|
map { |version| { version: version, source_url: url } }
|
|
63
63
|
end.flatten
|
|
64
64
|
|
|
65
|
-
if version_details.none? && forbidden_urls.any?
|
|
66
|
-
raise PrivateSourceAuthenticationFailure, forbidden_urls.first
|
|
67
|
-
end
|
|
65
|
+
raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?
|
|
68
66
|
|
|
69
67
|
version_details.sort_by { |details| details.fetch(:version) }
|
|
70
68
|
end
|
|
@@ -102,9 +100,7 @@ module Dependabot
|
|
|
102
100
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
|
103
101
|
end
|
|
104
102
|
|
|
105
|
-
if @raise_on_ignored && filtered.empty? && possible_versions.any?
|
|
106
|
-
raise AllVersionsIgnored
|
|
107
|
-
end
|
|
103
|
+
raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
|
|
108
104
|
|
|
109
105
|
filtered
|
|
110
106
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.125.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-11-
|
|
11
|
+
date: 2020-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.125.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.125.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -128,14 +128,14 @@ dependencies:
|
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.8.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.8.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: vcr
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|