dependabot-maven 0.156.2 → 0.156.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_fetcher.rb +12 -0
- data/lib/dependabot/maven/file_parser.rb +26 -0
- data/lib/dependabot/maven/file_updater.rb +26 -23
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 88e3be2ac7690410113f5e6c59b2f0e62d33ef5f38bf2402ae988f772088f528
|
4
|
+
data.tar.gz: 46f62ecb11d3cbee0b2f4542600568dd7cf0db8f42b45f331c70dd0fb4be65c6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d4b254db6c5279b7d0cd3f57c7bfb660519ef99f4c3bb9467a9dadd5db07248a5d5249dcb2e54dd73d9fe6019faf7aa962127cf1b7f46e59a0f1020e113be08
|
7
|
+
data.tar.gz: e58247f73ac453da815c339996bc48202596c752b557664821cb0626cc93139d52bdb1b85b9b840de8addf75a6d0a0160c91ba1ee62bf4b0afffaa256a10df9c
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
25
25
|
fetched_files << pom
|
26
26
|
fetched_files += child_poms
|
27
27
|
fetched_files += relative_path_parents(fetched_files)
|
28
|
+
fetched_files << extensions if extensions
|
28
29
|
fetched_files.uniq
|
29
30
|
end
|
30
31
|
|
@@ -32,6 +33,17 @@ module Dependabot
|
|
32
33
|
@pom ||= fetch_file_from_host("pom.xml")
|
33
34
|
end
|
34
35
|
|
36
|
+
def extensions
|
37
|
+
return @extensions if defined?(@extensions)
|
38
|
+
return @extensions if defined?(@extensions)
|
39
|
+
|
40
|
+
begin
|
41
|
+
fetch_file_if_present(".mvn/extensions.xml")
|
42
|
+
rescue Dependabot::DependencyFileNotFound
|
43
|
+
nil
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
35
47
|
def child_poms
|
36
48
|
recursively_fetch_child_poms(pom, fetched_filenames: ["pom.xml"])
|
37
49
|
end
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
25
25
|
"dependencies > dependency, "\
|
26
26
|
"extensions > extension"
|
27
27
|
PLUGIN_SELECTOR = "plugins > plugin"
|
28
|
+
EXTENSION_SELECTOR = "extensions > extension"
|
28
29
|
|
29
30
|
# Regex to get the property name from a declaration that uses a property
|
30
31
|
PROPERTY_REGEX = /\$\{(?<property>.*?)\}/.freeze
|
@@ -32,6 +33,7 @@ module Dependabot
|
|
32
33
|
def parse
|
33
34
|
dependency_set = DependencySet.new
|
34
35
|
pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
|
36
|
+
extensionfiles.each { |extension| dependency_set += extensionfile_dependencies(extension) }
|
35
37
|
dependency_set.dependencies
|
36
38
|
end
|
37
39
|
|
@@ -63,6 +65,25 @@ module Dependabot
|
|
63
65
|
dependency_set
|
64
66
|
end
|
65
67
|
|
68
|
+
def extensionfile_dependencies(extension)
|
69
|
+
dependency_set = DependencySet.new
|
70
|
+
|
71
|
+
errors = []
|
72
|
+
doc = Nokogiri::XML(extension.content)
|
73
|
+
doc.remove_namespaces!
|
74
|
+
|
75
|
+
doc.css(EXTENSION_SELECTOR).each do |dependency_node|
|
76
|
+
dep = dependency_from_dependency_node(extension, dependency_node)
|
77
|
+
dependency_set << dep if dep
|
78
|
+
rescue DependencyFileNotEvaluatable => e
|
79
|
+
errors << e
|
80
|
+
end
|
81
|
+
|
82
|
+
raise errors.first if errors.any? && dependency_set.dependencies.none?
|
83
|
+
|
84
|
+
dependency_set
|
85
|
+
end
|
86
|
+
|
66
87
|
def dependency_from_dependency_node(pom, dependency_node)
|
67
88
|
return unless (name = dependency_name(dependency_node, pom))
|
68
89
|
return if internal_dependency_names.include?(name)
|
@@ -252,6 +273,11 @@ module Dependabot
|
|
252
273
|
dependency_files.select { |f| f.name.end_with?("pom.xml") }
|
253
274
|
end
|
254
275
|
|
276
|
+
def extensionfiles
|
277
|
+
@extensionfiles ||=
|
278
|
+
dependency_files.select { |f| f.name.end_with?("extensions.xml") }
|
279
|
+
end
|
280
|
+
|
255
281
|
def internal_dependency_names
|
256
282
|
@internal_dependency_names ||=
|
257
283
|
dependency_files.map do |pom|
|
@@ -11,25 +11,28 @@ module Dependabot
|
|
11
11
|
require_relative "file_updater/property_value_updater"
|
12
12
|
|
13
13
|
def self.updated_files_regex
|
14
|
-
[
|
14
|
+
[
|
15
|
+
/^pom\.xml$/, %r{/pom\.xml$},
|
16
|
+
/^extensions.\.xml$/, %r{/extensions\.xml$}
|
17
|
+
]
|
15
18
|
end
|
16
19
|
|
17
20
|
def updated_dependency_files
|
18
21
|
updated_files = dependency_files.dup
|
19
22
|
|
20
23
|
# Loop through each of the changed requirements, applying changes to
|
21
|
-
# all
|
22
|
-
# to other
|
23
|
-
# files
|
24
|
+
# all pom and extensions files for that change. Note that the logic
|
25
|
+
# is different here to other package managers because Maven has property
|
26
|
+
# inheritance across files
|
24
27
|
dependencies.each do |dependency|
|
25
|
-
updated_files =
|
26
|
-
|
28
|
+
updated_files = update_files_for_dependency(
|
29
|
+
original_files: updated_files,
|
27
30
|
dependency: dependency
|
28
31
|
)
|
29
32
|
end
|
30
33
|
|
31
|
-
updated_files.select! { |f| f.name.end_with?("pom.xml") }
|
32
|
-
updated_files.reject! { |f|
|
34
|
+
updated_files.select! { |f| f.name.end_with?("pom.xml") || f.name.end_with?("extensions.xml") }
|
35
|
+
updated_files.reject! { |f| dependency_files.include?(f) }
|
33
36
|
|
34
37
|
raise "No files changed!" if updated_files.none?
|
35
38
|
raise "Updated a supporting POM!" if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
|
@@ -43,15 +46,15 @@ module Dependabot
|
|
43
46
|
raise "No pom.xml!" unless get_original_file("pom.xml")
|
44
47
|
end
|
45
48
|
|
46
|
-
def
|
47
|
-
files =
|
49
|
+
def update_files_for_dependency(original_files:, dependency:)
|
50
|
+
files = original_files.dup
|
48
51
|
|
49
52
|
# The UpdateChecker ensures the order of requirements is preserved
|
50
53
|
# when updating, so we can zip them together in new/old pairs.
|
51
54
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
52
55
|
reject { |new_req, old_req| new_req == old_req }
|
53
56
|
|
54
|
-
# Loop through each changed requirement and update the
|
57
|
+
# Loop through each changed requirement and update the files
|
55
58
|
reqs.each do |new_req, old_req|
|
56
59
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
57
60
|
next if new_req[:requirement] == old_req[:requirement]
|
@@ -62,9 +65,9 @@ module Dependabot
|
|
62
65
|
files[files.index(pom)] =
|
63
66
|
remove_property_suffix_in_pom(dependency, pom, old_req)
|
64
67
|
else
|
65
|
-
|
66
|
-
files[files.index(
|
67
|
-
|
68
|
+
file = files.find { |f| f.name == new_req.fetch(:file) }
|
69
|
+
files[files.index(file)] =
|
70
|
+
update_version_in_file(dependency, file, old_req, new_req)
|
68
71
|
end
|
69
72
|
end
|
70
73
|
|
@@ -82,25 +85,25 @@ module Dependabot
|
|
82
85
|
)
|
83
86
|
end
|
84
87
|
|
85
|
-
def
|
86
|
-
updated_content =
|
88
|
+
def update_version_in_file(dependency, file, previous_req, requirement)
|
89
|
+
updated_content = file.content
|
87
90
|
|
88
|
-
|
91
|
+
original_file_declarations(dependency, previous_req).each do |old_dec|
|
89
92
|
updated_content = updated_content.gsub(
|
90
93
|
old_dec,
|
91
|
-
|
94
|
+
updated_file_declaration(old_dec, previous_req, requirement)
|
92
95
|
)
|
93
96
|
end
|
94
97
|
|
95
|
-
raise "Expected content to change!" if updated_content ==
|
98
|
+
raise "Expected content to change!" if updated_content == file.content
|
96
99
|
|
97
|
-
updated_file(file:
|
100
|
+
updated_file(file: file, content: updated_content)
|
98
101
|
end
|
99
102
|
|
100
103
|
def remove_property_suffix_in_pom(dep, pom, req)
|
101
104
|
updated_content = pom.content
|
102
105
|
|
103
|
-
|
106
|
+
original_file_declarations(dep, req).each do |old_declaration|
|
104
107
|
updated_content = updated_content.gsub(old_declaration) do |old_dec|
|
105
108
|
version_string =
|
106
109
|
old_dec.match(%r{(?<=\<version\>).*(?=\</version\>)})
|
@@ -116,7 +119,7 @@ module Dependabot
|
|
116
119
|
updated_file(file: pom, content: updated_content)
|
117
120
|
end
|
118
121
|
|
119
|
-
def
|
122
|
+
def original_file_declarations(dependency, requirement)
|
120
123
|
declaration_finder(dependency, requirement).declaration_strings
|
121
124
|
end
|
122
125
|
|
@@ -132,7 +135,7 @@ module Dependabot
|
|
132
135
|
)
|
133
136
|
end
|
134
137
|
|
135
|
-
def
|
138
|
+
def updated_file_declaration(old_declaration, previous_req, requirement)
|
136
139
|
original_req_string = previous_req.fetch(:requirement)
|
137
140
|
|
138
141
|
old_declaration.gsub(
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.156.
|
4
|
+
version: 0.156.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.156.
|
19
|
+
version: 0.156.6
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.156.
|
26
|
+
version: 0.156.6
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
103
|
+
version: 1.18.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
110
|
+
version: 1.18.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: simplecov
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|