dependabot-maven 0.169.1 → 0.169.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_updater/declaration_finder.rb +5 -8
  3. data/lib/dependabot/maven/requirement.rb +4 -2
  4. data/lib/dependabot/maven/update_checker/property_updater.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 747795890a4afacefe4035c1f9c31eb83dc2e6398825b5d1eccaa552de1a18a7
4
- data.tar.gz: f6340478a1806d35539d496a4afaa42450b5992cf652001253e302d9396b31f1
3
+ metadata.gz: adf3e410435604d4b4f47c33eb6a84bcc4abc1ee29865dc29d4155aa3b0118a7
4
+ data.tar.gz: 1419e025e40f503acdb87deaabc0e03bd59fc8c41449dc39d66365373339af99
5
5
  SHA512:
6
- metadata.gz: 10eb808bcd827421dcdf99423a0a2706f4942323539cff271b9b48f16b7269f333e4c679d207e7d02775a8234653fd8eed3e7b60fe07223694372d34f85ed3fa
7
- data.tar.gz: 3caf29892e964ea34729f377b177aaf6f4683b708d6d3e862e6e294399a72338546e46719fa5e54fbd6193edbf98650ac22d2d403cd253f32107a5963eb69c30
6
+ metadata.gz: 9bf847737675fe8404f0c971b83ba2509cbc39053e713498298571e2dce934a1b4aee197f22cf086474526b520a1c96778f6b6f09df927d3a836432426a5422b
7
+ data.tar.gz: 377309f5ed632d3a9c461e93ebcb35c865d09e5c878663a8201dd00b42add51ba15d78fafe3d1c7174aacdaf3cca0622659fc1ee0d87ffaaddfef5e0bb1ccf3f
data/lib/dependabot/maven/file_updater/declaration_finder.rb CHANGED
@@ -9,7 +9,9 @@ module Dependabot
9
9
  module Maven
10
10
  class FileUpdater
11
11
  class DeclarationFinder
12
- DECLARATION_TYPES = %w(parent dependency plugin extension).freeze
12
+ DECLARATION_REGEX =
13
+ %r{<parent>.*?</parent>|<dependency>.*?</dependency>|
14
+ <plugin>.*?(?:<plugin>.*?</plugin>.*)?</plugin>|<extension>.*?</extension>}mx.freeze
13
15
 
14
16
  attr_reader :dependency, :declaring_requirement, :dependency_files
15
17
 
@@ -76,14 +78,9 @@ module Dependabot
76
78
  end
77
79
 
78
80
  def deep_find_declarations(string)
79
- pom = Nokogiri::XML(string)
80
- nodes = []
81
- pom.traverse do |node|
82
- next unless DECLARATION_TYPES.include?(node.node_name)
83
-
84
- nodes << node.to_s
81
+ string.scan(DECLARATION_REGEX).flat_map do |matching_node|
82
+ [matching_node, *deep_find_declarations(matching_node[1..-1])]
85
83
  end
86
- nodes
87
84
  end
88
85
 
89
86
  def declaring_requirement_matches?(node)
data/lib/dependabot/maven/requirement.rb CHANGED
@@ -81,13 +81,15 @@ module Dependabot
81
81
  lower_b =
82
82
  if ["(", "["].include?(lower_b) then nil
83
83
  elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
84
- else ">= #{lower_b.sub(/\[\s*/, '').strip}"
84
+ else
85
+ ">= #{lower_b.sub(/\[\s*/, '').strip}"
85
86
  end
86
87
 
87
88
  upper_b =
88
89
  if [")", "]"].include?(upper_b) then nil
89
90
  elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
90
- else "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
+ else
92
+ "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
93
  end
92
94
 
93
95
  [lower_b, upper_b].compact
data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED
@@ -105,7 +105,7 @@ module Dependabot
105
105
  dependency: dep,
106
106
  declaring_requirement: declaring_requirement,
107
107
  dependency_files: dependency_files
108
- ).declaration_nodes.first.at_xpath("./*/version")&.content
108
+ ).declaration_nodes.first.at_css("version")&.content
109
109
  end
110
110
 
111
111
  def pom
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.1
4
+ version: 0.169.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-29 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.1
19
+ version: 0.169.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.1
26
+ version: 0.169.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
220
220
  - !ruby/object:Gem::Version
221
221
  version: 2.5.0
222
222
  requirements: []
223
- rubygems_version: 3.2.22
223
+ rubygems_version: 3.2.32
224
224
  signing_key:
225
225
  specification_version: 4
226
226
  summary: Maven support for dependabot