dependabot-maven 0.169.2 → 0.169.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_updater/declaration_finder.rb +5 -8
  3. data/lib/dependabot/maven/requirement.rb +4 -2
  4. data/lib/dependabot/maven/update_checker/property_updater.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 878957d3984caf32baee71acb741b8906fa9b76865748451a6d322edda16c87e
4
- data.tar.gz: 3e293cbb27f65e7913a0febe5e65fbb77b74913a2d98f95f8ddfde5ac817cb11
3
+ metadata.gz: 24f8f6f5611f64c5554887bf3ec68a3b076b076494647ec85607aa061ef22efe
4
+ data.tar.gz: 68cecec315fa36e2b82de87a29d8f45a7187bce32ceece59781bafe97eceb572
5
5
  SHA512:
6
- metadata.gz: b69fb5dce8e2f32b75207f6f9c782509c07b2229f3449efbd8d139ae6d931a62e3f0521c2e6dd8f0558d2be66f767c333e7bac5c79c5469969a34b86c824a40d
7
- data.tar.gz: 0b998b553ac0c40902464e0b15bb5ce49b62af93d9b162a196e046e32f0ea4ad9daff2913fbb92b1248c19e83a28786eecb998ebb5f843bc7919c881b5af6505
6
+ metadata.gz: 950f5fce01a25c856b674b95ff5e08f9bc894f4362b8a5189e7dccab29309a62067a9727eeb3ad83a9a2084e5428b13eb6fa35c6ec171556d8a2f829c0aa2715
7
+ data.tar.gz: 36330be8d5867e9e8b024af46c29795c19b84a8c2d384d4f6880926f5d0e0ce6ef1b50eb6dc9ea817c2755f741bcf6352d7e6a73e608e5d6b042a11aace11210
data/lib/dependabot/maven/file_updater/declaration_finder.rb CHANGED
@@ -9,7 +9,9 @@ module Dependabot
9
9
  module Maven
10
10
  class FileUpdater
11
11
  class DeclarationFinder
12
- DECLARATION_TYPES = %w(parent dependency plugin extension).freeze
12
+ DECLARATION_REGEX =
13
+ %r{<parent>.*?</parent>|<dependency>.*?</dependency>|
14
+ <plugin>.*?(?:<plugin>.*?</plugin>.*)?</plugin>|<extension>.*?</extension>}mx.freeze
13
15
 
14
16
  attr_reader :dependency, :declaring_requirement, :dependency_files
15
17
 
@@ -76,14 +78,9 @@ module Dependabot
76
78
  end
77
79
 
78
80
  def deep_find_declarations(string)
79
- pom = Nokogiri::XML(string)
80
- nodes = []
81
- pom.traverse do |node|
82
- next unless DECLARATION_TYPES.include?(node.node_name)
83
-
84
- nodes << node.to_s
81
+ string.scan(DECLARATION_REGEX).flat_map do |matching_node|
82
+ [matching_node, *deep_find_declarations(matching_node[1..-1])]
85
83
  end
86
- nodes
87
84
  end
88
85
 
89
86
  def declaring_requirement_matches?(node)
data/lib/dependabot/maven/requirement.rb CHANGED
@@ -81,13 +81,15 @@ module Dependabot
81
81
  lower_b =
82
82
  if ["(", "["].include?(lower_b) then nil
83
83
  elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
84
- else ">= #{lower_b.sub(/\[\s*/, '').strip}"
84
+ else
85
+ ">= #{lower_b.sub(/\[\s*/, '').strip}"
85
86
  end
86
87
 
87
88
  upper_b =
88
89
  if [")", "]"].include?(upper_b) then nil
89
90
  elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
90
- else "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
+ else
92
+ "<= #{upper_b.sub(/\s*\]/, '').strip}"
91
93
  end
92
94
 
93
95
  [lower_b, upper_b].compact
data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED
@@ -105,7 +105,7 @@ module Dependabot
105
105
  dependency: dep,
106
106
  declaring_requirement: declaring_requirement,
107
107
  dependency_files: dependency_files
108
- ).declaration_nodes.first.at_xpath("./*/version")&.content
108
+ ).declaration_nodes.first.at_css("version")&.content
109
109
  end
110
110
 
111
111
  def pom
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.169.2
4
+ version: 0.169.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-30 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.169.2
19
+ version: 0.169.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.169.2
26
+ version: 0.169.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.18.0
103
+ version: 1.23.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.18.0
110
+ version: 1.23.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
220
220
  - !ruby/object:Gem::Version
221
221
  version: 2.5.0
222
222
  requirements: []
223
- rubygems_version: 3.2.22
223
+ rubygems_version: 3.2.32
224
224
  signing_key:
225
225
  specification_version: 4
226
226
  summary: Maven support for dependabot