dependabot-maven 0.169.2 → 0.169.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_updater/declaration_finder.rb +5 -8
  3. data/lib/dependabot/maven/requirement.rb +4 -2
  4. data/lib/dependabot/maven/update_checker/property_updater.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 878957d3984caf32baee71acb741b8906fa9b76865748451a6d322edda16c87e
4
- data.tar.gz: 3e293cbb27f65e7913a0febe5e65fbb77b74913a2d98f95f8ddfde5ac817cb11
3
+ metadata.gz: 24f8f6f5611f64c5554887bf3ec68a3b076b076494647ec85607aa061ef22efe
4
+ data.tar.gz: 68cecec315fa36e2b82de87a29d8f45a7187bce32ceece59781bafe97eceb572
5
5
  SHA512:
6
- metadata.gz: b69fb5dce8e2f32b75207f6f9c782509c07b2229f3449efbd8d139ae6d931a62e3f0521c2e6dd8f0558d2be66f767c333e7bac5c79c5469969a34b86c824a40d
7
- data.tar.gz: 0b998b553ac0c40902464e0b15bb5ce49b62af93d9b162a196e046e32f0ea4ad9daff2913fbb92b1248c19e83a28786eecb998ebb5f843bc7919c881b5af6505
6
+ metadata.gz: 950f5fce01a25c856b674b95ff5e08f9bc894f4362b8a5189e7dccab29309a62067a9727eeb3ad83a9a2084e5428b13eb6fa35c6ec171556d8a2f829c0aa2715
7
+ data.tar.gz: 36330be8d5867e9e8b024af46c29795c19b84a8c2d384d4f6880926f5d0e0ce6ef1b50eb6dc9ea817c2755f741bcf6352d7e6a73e608e5d6b042a11aace11210
data/lib/dependabot/maven/file_updater/declaration_finder.rb CHANGED
@@ -9,7 +9,9 @@ module Dependabot
9
9
  module Maven
10
10
  class FileUpdater
11
11
  class DeclarationFinder
12
- DECLARATION_TYPES = %w(parent dependency plugin extension).freeze
12
+ DECLARATION_REGEX =
13
+ %r{<parent>.*?</parent>|<dependency>.*?</dependency>|
14
+ <plugin>.*?(?:<plugin>.*?</plugin>.*)?</plugin>|<extension>.*?</extension>}mx.freeze
13
15
 
14
16
  attr_reader :dependency, :declaring_requirement, :dependency_files
15
17
 
@@ -76,14 +78,9 @@ module Dependabot
76
78
  end
77
79
 
78
80
  def deep_find_declarations(string)
79
- pom = Nokogiri::XML(string)
80
- nodes = []
81
- pom.traverse do |node|
82
- next unless DECLARATION_TYPES.include?(node.node_name)
83
-
84
- nodes << node.to_s
81
+ string.scan(DECLARATION_REGEX).flat_map do |matching_node|
82
+ [matching_node, *deep_find_declarations(matching_node[1..-1])]
85
83
  end
86
- nodes
87
84
  end
88
85
 
89
86
  def declaring_requirement_matches?(node)
data/lib/dependabot/maven/requirement.rb CHANGED
@@ -81,13 +81,15 @@ module Dependabot
81
81
  lower_b =
82
82
  if ["(", "["].include?(lower_b) then nil
83
83
  elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
84
- else ">= #{lower_b.sub(/\[\s*/, '').strip}"
84
+ else
85
+ ">= #{lower_b.sub(/\[\s*/, '').strip}"
85
86
  end
86
87
 
87
88
  upper_b =
88
89
  if [")", "]"].include?(upper_b) then nil
89
90
  elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
90
- else "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
+ else
92
+ "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
93
  end
92
94
 
93
95
  [lower_b, upper_b].compact
data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED
@@ -105,7 +105,7 @@ module Dependabot
105
105
  dependency: dep,
106
106
  declaring_requirement: declaring_requirement,
107
107
  dependency_files: dependency_files
108
- ).declaration_nodes.first.at_xpath("./*/version")&.content
108
+ ).declaration_nodes.first.at_css("version")&.content
109
109
  end
110
110
 
111
111
  def pom
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.2
4
+ version: 0.169.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-30 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.2
19
+ version: 0.169.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.2
26
+ version: 0.169.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
220
220
  - !ruby/object:Gem::Version
221
221
  version: 2.5.0
222
222
  requirements: []
223
- rubygems_version: 3.2.22
223
+ rubygems_version: 3.2.32
224
224
  signing_key:
225
225
  specification_version: 4
226
226
  summary: Maven support for dependabot