dependabot-maven 0.156.0 → 0.156.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 397834bcc624f32fe3e64b6aadb46733fbcf1724ffcc04ab93839ead558b255b
4
- data.tar.gz: 83934569c012d656cdc3ae1bf59ea78a2b0860fec169bf98c8c321f5c92ff7fe
3
+ metadata.gz: 4ebd4d764cc21d516057f2eea2ed3a3c9c9cf60e021f23727dcea71953eef008
4
+ data.tar.gz: ce9d80af606b661c484058443747fbd8562d0115e8bb8e79d3cd2979770a9f35
5
5
  SHA512:
6
- metadata.gz: 37a7542e15ff370bed475342257915842761642bcc9432d4faef47613facf23dde43575079d11170a2b4c630bf840757b740f618f3c2042d0607fe6c552bdc62
7
- data.tar.gz: a7be6d8eb7eb028fd02536cb7e7e3c405caa41623e1f7f489915fda63ae647be0b9552e0b99680f440b72c0f5c217fbb72cdd565b9b68ac87dcb8d764c5e00e0
6
+ metadata.gz: aa1a507f661c4262c15cd671a5cccdd0144dd8faaefa0cdd92ee576991181927b9dbc152e2b29d577f2c7f1f8b6e5f4985bed767a3860f9d4720e943afe721e0
7
+ data.tar.gz: 34d69b0917399a322c95730fb896b1aeba6594214aaab03cbfb0137990bf594de330b63d1a9249c941b539f9edffcb83c99b6e8247c55e102b0a404b98ef58c8
@@ -25,6 +25,7 @@ module Dependabot
25
25
  fetched_files << pom
26
26
  fetched_files += child_poms
27
27
  fetched_files += relative_path_parents(fetched_files)
28
+ fetched_files << extensions if extensions
28
29
  fetched_files.uniq
29
30
  end
30
31
 
@@ -32,6 +33,17 @@ module Dependabot
32
33
  @pom ||= fetch_file_from_host("pom.xml")
33
34
  end
34
35
 
36
+ def extensions
37
+ return @extensions if defined?(@extensions)
38
+ return @extensions if defined?(@extensions)
39
+
40
+ begin
41
+ fetch_file_if_present(".mvn/extensions.xml")
42
+ rescue Dependabot::DependencyFileNotFound
43
+ nil
44
+ end
45
+ end
46
+
35
47
  def child_poms
36
48
  recursively_fetch_child_poms(pom, fetched_filenames: ["pom.xml"])
37
49
  end
@@ -25,6 +25,7 @@ module Dependabot
25
25
  "dependencies > dependency, "\
26
26
  "extensions > extension"
27
27
  PLUGIN_SELECTOR = "plugins > plugin"
28
+ EXTENSION_SELECTOR = "extensions > extension"
28
29
 
29
30
  # Regex to get the property name from a declaration that uses a property
30
31
  PROPERTY_REGEX = /\$\{(?<property>.*?)\}/.freeze
@@ -32,6 +33,7 @@ module Dependabot
32
33
  def parse
33
34
  dependency_set = DependencySet.new
34
35
  pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
36
+ extensionfiles.each { |extension| dependency_set += extensionfile_dependencies(extension) }
35
37
  dependency_set.dependencies
36
38
  end
37
39
 
@@ -63,6 +65,25 @@ module Dependabot
63
65
  dependency_set
64
66
  end
65
67
 
68
+ def extensionfile_dependencies(extension)
69
+ dependency_set = DependencySet.new
70
+
71
+ errors = []
72
+ doc = Nokogiri::XML(extension.content)
73
+ doc.remove_namespaces!
74
+
75
+ doc.css(EXTENSION_SELECTOR).each do |dependency_node|
76
+ dep = dependency_from_dependency_node(extension, dependency_node)
77
+ dependency_set << dep if dep
78
+ rescue DependencyFileNotEvaluatable => e
79
+ errors << e
80
+ end
81
+
82
+ raise errors.first if errors.any? && dependency_set.dependencies.none?
83
+
84
+ dependency_set
85
+ end
86
+
66
87
  def dependency_from_dependency_node(pom, dependency_node)
67
88
  return unless (name = dependency_name(dependency_node, pom))
68
89
  return if internal_dependency_names.include?(name)
@@ -252,6 +273,11 @@ module Dependabot
252
273
  dependency_files.select { |f| f.name.end_with?("pom.xml") }
253
274
  end
254
275
 
276
+ def extensionfiles
277
+ @extensionfiles ||=
278
+ dependency_files.select { |f| f.name.end_with?("extensions.xml") }
279
+ end
280
+
255
281
  def internal_dependency_names
256
282
  @internal_dependency_names ||=
257
283
  dependency_files.map do |pom|
@@ -11,25 +11,28 @@ module Dependabot
11
11
  require_relative "file_updater/property_value_updater"
12
12
 
13
13
  def self.updated_files_regex
14
- [/^pom\.xml$/, %r{/pom\.xml$}]
14
+ [
15
+ /^pom\.xml$/, %r{/pom\.xml$},
16
+ /^extensions.\.xml$/, %r{/extensions\.xml$}
17
+ ]
15
18
  end
16
19
 
17
20
  def updated_dependency_files
18
21
  updated_files = dependency_files.dup
19
22
 
20
23
  # Loop through each of the changed requirements, applying changes to
21
- # all pomfiles for that change. Note that the logic is different here
22
- # to other languages because Java has property inheritance across
23
- # files
24
+ # all pom and extensions files for that change. Note that the logic
25
+ # is different here to other package managers because Maven has property
26
+ # inheritance across files
24
27
  dependencies.each do |dependency|
25
- updated_files = update_pomfiles_for_dependency(
26
- pomfiles: updated_files,
28
+ updated_files = update_files_for_dependency(
29
+ original_files: updated_files,
27
30
  dependency: dependency
28
31
  )
29
32
  end
30
33
 
31
- updated_files.select! { |f| f.name.end_with?("pom.xml") }
32
- updated_files.reject! { |f| original_pomfiles.include?(f) }
34
+ updated_files.select! { |f| f.name.end_with?("pom.xml") || f.name.end_with?("extensions.xml") }
35
+ updated_files.reject! { |f| dependency_files.include?(f) }
33
36
 
34
37
  raise "No files changed!" if updated_files.none?
35
38
  raise "Updated a supporting POM!" if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
@@ -43,15 +46,15 @@ module Dependabot
43
46
  raise "No pom.xml!" unless get_original_file("pom.xml")
44
47
  end
45
48
 
46
- def update_pomfiles_for_dependency(pomfiles:, dependency:)
47
- files = pomfiles.dup
49
+ def update_files_for_dependency(original_files:, dependency:)
50
+ files = original_files.dup
48
51
 
49
52
  # The UpdateChecker ensures the order of requirements is preserved
50
53
  # when updating, so we can zip them together in new/old pairs.
51
54
  reqs = dependency.requirements.zip(dependency.previous_requirements).
52
55
  reject { |new_req, old_req| new_req == old_req }
53
56
 
54
- # Loop through each changed requirement and update the pomfiles
57
+ # Loop through each changed requirement and update the files
55
58
  reqs.each do |new_req, old_req|
56
59
  raise "Bad req match" unless new_req[:file] == old_req[:file]
57
60
  next if new_req[:requirement] == old_req[:requirement]
@@ -62,9 +65,9 @@ module Dependabot
62
65
  files[files.index(pom)] =
63
66
  remove_property_suffix_in_pom(dependency, pom, old_req)
64
67
  else
65
- pom = files.find { |f| f.name == new_req.fetch(:file) }
66
- files[files.index(pom)] =
67
- update_version_in_pom(dependency, pom, old_req, new_req)
68
+ file = files.find { |f| f.name == new_req.fetch(:file) }
69
+ files[files.index(file)] =
70
+ update_version_in_file(dependency, file, old_req, new_req)
68
71
  end
69
72
  end
70
73
 
@@ -82,25 +85,25 @@ module Dependabot
82
85
  )
83
86
  end
84
87
 
85
- def update_version_in_pom(dependency, pom, previous_req, requirement)
86
- updated_content = pom.content
88
+ def update_version_in_file(dependency, file, previous_req, requirement)
89
+ updated_content = file.content
87
90
 
88
- original_pom_declarations(dependency, previous_req).each do |old_dec|
91
+ original_file_declarations(dependency, previous_req).each do |old_dec|
89
92
  updated_content = updated_content.gsub(
90
93
  old_dec,
91
- updated_pom_declaration(old_dec, previous_req, requirement)
94
+ updated_file_declaration(old_dec, previous_req, requirement)
92
95
  )
93
96
  end
94
97
 
95
- raise "Expected content to change!" if updated_content == pom.content
98
+ raise "Expected content to change!" if updated_content == file.content
96
99
 
97
- updated_file(file: pom, content: updated_content)
100
+ updated_file(file: file, content: updated_content)
98
101
  end
99
102
 
100
103
  def remove_property_suffix_in_pom(dep, pom, req)
101
104
  updated_content = pom.content
102
105
 
103
- original_pom_declarations(dep, req).each do |old_declaration|
106
+ original_file_declarations(dep, req).each do |old_declaration|
104
107
  updated_content = updated_content.gsub(old_declaration) do |old_dec|
105
108
  version_string =
106
109
  old_dec.match(%r{(?<=\<version\>).*(?=\</version\>)})
@@ -116,7 +119,7 @@ module Dependabot
116
119
  updated_file(file: pom, content: updated_content)
117
120
  end
118
121
 
119
- def original_pom_declarations(dependency, requirement)
122
+ def original_file_declarations(dependency, requirement)
120
123
  declaration_finder(dependency, requirement).declaration_strings
121
124
  end
122
125
 
@@ -132,7 +135,7 @@ module Dependabot
132
135
  )
133
136
  end
134
137
 
135
- def updated_pom_declaration(old_declaration, previous_req, requirement)
138
+ def updated_file_declaration(old_declaration, previous_req, requirement)
136
139
  original_req_string = previous_req.fetch(:requirement)
137
140
 
138
141
  old_declaration.gsub(
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.156.0
4
+ version: 0.156.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-23 00:00:00.000000000 Z
11
+ date: 2021-07-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.156.0
19
+ version: 0.156.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.156.0
26
+ version: 0.156.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.16.0
103
+ version: 1.18.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.16.0
110
+ version: 1.18.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement