dependabot-maven 0.166.1 → 0.169.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 33ac616f5a89a57889089cce6b6781d33528962c0f21195c9fd5af03093249b4
4
- data.tar.gz: 18667d33739dc5bb56c34ce502399fe5826781640499c8327bf74488b55561ad
3
+ metadata.gz: 747795890a4afacefe4035c1f9c31eb83dc2e6398825b5d1eccaa552de1a18a7
4
+ data.tar.gz: f6340478a1806d35539d496a4afaa42450b5992cf652001253e302d9396b31f1
5
5
  SHA512:
6
- metadata.gz: 8d1b2ff41906d25d06eae66c9b815b3be3feab9fee3a4688b0a5512edc07dfe2d7eefa56326889c3e1e6b737e3be2b85b397f519b467e8763ab3be257b66c903
7
- data.tar.gz: 2b4ec4ec71b7f99b0fd581d55fb51b4ff9c1f039ca9be25cb9fbf60b2a0bbd0ee7ed577902e7546bae01da6824a77dd158ba68711da46ec894c02ee85ebba662
6
+ metadata.gz: 10eb808bcd827421dcdf99423a0a2706f4942323539cff271b9b48f16b7269f333e4c679d207e7d02775a8234653fd8eed3e7b60fe07223694372d34f85ed3fa
7
+ data.tar.gz: 3caf29892e964ea34729f377b177aaf6f4683b708d6d3e862e6e294399a72338546e46719fa5e54fbd6193edbf98650ac22d2d403cd253f32107a5963eb69c30
@@ -9,9 +9,7 @@ module Dependabot
9
9
  module Maven
10
10
  class FileUpdater
11
11
  class DeclarationFinder
12
- DECLARATION_REGEX =
13
- %r{<parent>.*?</parent>|<dependency>.*?</dependency>|
14
- <plugin>.*?</plugin>|<extension>.*?</extension>}mx.freeze
12
+ DECLARATION_TYPES = %w(parent dependency plugin extension).freeze
15
13
 
16
14
  attr_reader :dependency, :declaring_requirement, :dependency_files
17
15
 
@@ -78,9 +76,14 @@ module Dependabot
78
76
  end
79
77
 
80
78
  def deep_find_declarations(string)
81
- string.scan(DECLARATION_REGEX).flat_map do |matching_node|
82
- [matching_node, *deep_find_declarations(matching_node[1..-1])]
79
+ pom = Nokogiri::XML(string)
80
+ nodes = []
81
+ pom.traverse do |node|
82
+ next unless DECLARATION_TYPES.include?(node.node_name)
83
+
84
+ nodes << node.to_s
83
85
  end
86
+ nodes
84
87
  end
85
88
 
86
89
  def declaring_requirement_matches?(node)
@@ -105,7 +105,7 @@ module Dependabot
105
105
  dependency: dep,
106
106
  declaring_requirement: declaring_requirement,
107
107
  dependency_files: dependency_files
108
- ).declaration_nodes.first.at_css("version")&.content
108
+ ).declaration_nodes.first.at_xpath("./*/version")&.content
109
109
  end
110
110
 
111
111
  def pom
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.166.1
4
+ version: 0.169.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-14 00:00:00.000000000 Z
11
+ date: 2021-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.166.1
19
+ version: 0.169.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.166.1
26
+ version: 0.169.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement