dependabot-maven 0.186.1 → 0.187.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_parser/repositories_finder.rb +5 -0
  3. data/lib/dependabot/maven/update_checker/property_updater.rb +2 -1
  4. data/lib/dependabot/maven/update_checker/version_finder.rb +22 -18
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e1a2783c11d5d8604b71ca5b61ae195a9301643612473feba9f36c088d791b1
4
- data.tar.gz: 81b870922031db076a242e4f12b51985c4ecc2357cf87fa7c63ab1ae8635acea
3
+ metadata.gz: 3e4a577221aad5a220aac8de3764283bec0f886a6b815a927152747f26cc4c5b
4
+ data.tar.gz: f620d6868318bf81a7ca22457f156188b7d3e9e8aca5ac920114bcd0f6741db0
5
5
  SHA512:
6
- metadata.gz: c9312ba524cde77bab1d5993857371d10cbd4f1fb3a92eee035577655b70e6bcf496ea5f19003ff87e5e4983c418ec880c9a58bfeefaac2aa55ae97e3efb9102
7
- data.tar.gz: 51fbad4d09cfd030c51e31bac82788c4d1126e7ff0988a6093b6de1378bdd68ec85884c478fe0a7c72228a2bc1d61495966a4597ecdcebb003cd1dff1a874676
6
+ metadata.gz: 92c8af63d0d1977d0cb91dcc8c49d962c36d03af91a32961f9bb6106998d24e6e6208d6cd5479156e1e295edcc061754f6defe07aa31a322590cb8f9e99069ac
7
+ data.tar.gz: 3f186435480485bf3bddb03881b0929f00e35a61224bd4f3fde2e0937d989295e3f8cee0a02c8dd7cd3255d233c4829986b0a3e6cdf44f23bc4d6f31fc2810c6
data/lib/dependabot/maven/file_parser/repositories_finder.rb CHANGED
@@ -113,6 +113,11 @@ module Dependabot
113
113
  @maven_responses[url] ||= Excon.get(
114
114
  url,
115
115
  idempotent: true,
116
+ # We attempt to find dependencies in private repos before failing over to the CENTRAL_REPO_URL,
117
+ # but this can burn a lot of a job's time against slow servers due to our `read_timeout` being 20 seconds.
118
+ #
119
+ # In order to avoid the overall job timing out, we only make one retry attempt
120
+ retry_limit: 1,
116
121
  **SharedHelpers.excon_defaults
117
122
  )
118
123
  next unless @maven_responses[url].status == 200
data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED
@@ -23,8 +23,9 @@ module Dependabot
23
23
 
24
24
  def update_possible?
25
25
  return false unless target_version
26
+ return @update_possible if defined?(@update_possible)
26
27
 
27
- @update_possible ||=
28
+ @update_possible =
28
29
  dependencies_using_property.all? do |dep|
29
30
  next false if includes_property_reference?(updated_version(dep))
30
31
 
data/lib/dependabot/maven/update_checker/version_finder.rb CHANGED
@@ -25,6 +25,7 @@ module Dependabot
25
25
  @raise_on_ignored = raise_on_ignored
26
26
  @security_advisories = security_advisories
27
27
  @forbidden_urls = []
28
+ @dependency_metadata = {}
28
29
  end
29
30
 
30
31
  def latest_version_details
@@ -154,25 +155,28 @@ module Dependabot
154
155
  end
155
156
 
156
157
  def dependency_metadata(repository_details)
157
- @dependency_metadata ||= {}
158
- @dependency_metadata[repository_details.hash] ||=
159
- begin
160
- response = Excon.get(
161
- dependency_metadata_url(repository_details.fetch("url")),
162
- idempotent: true,
163
- **Dependabot::SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
164
- )
165
- check_response(response, repository_details.fetch("url"))
158
+ repository_key = repository_details.hash
159
+ return @dependency_metadata[repository_key] if @dependency_metadata.key?(repository_key)
166
160
 
167
- Nokogiri::XML(response.body)
168
- rescue URI::InvalidURIError
169
- Nokogiri::XML("")
170
- rescue Excon::Error::Socket, Excon::Error::Timeout,
171
- Excon::Error::TooManyRedirects
172
- raise if central_repo_urls.include?(repository_details["url"])
161
+ @dependency_metadata[repository_key] = fetch_dependency_metadata(repository_details)
162
+ end
173
163
 
174
- Nokogiri::XML("")
175
- end
164
+ def fetch_dependency_metadata(repository_details)
165
+ response = Excon.get(
166
+ dependency_metadata_url(repository_details.fetch("url")),
167
+ idempotent: true,
168
+ **Dependabot::SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
169
+ )
170
+ check_response(response, repository_details.fetch("url"))
171
+
172
+ Nokogiri::XML(response.body)
173
+ rescue URI::InvalidURIError
174
+ Nokogiri::XML("")
175
+ rescue Excon::Error::Socket, Excon::Error::Timeout,
176
+ Excon::Error::TooManyRedirects
177
+ raise if central_repo_urls.include?(repository_details["url"])
178
+
179
+ Nokogiri::XML("")
176
180
  end
177
181
 
178
182
  def check_response(response, repository_url)
@@ -184,7 +188,7 @@ module Dependabot
184
188
  end
185
189
 
186
190
  def repositories
187
- return @repositories if @repositories
191
+ return @repositories if defined?(@repositories)
188
192
 
189
193
  details = pom_repository_details + credentials_repository_details
190
194
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.186.1
4
+ version: 0.187.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-10 00:00:00.000000000 Z
11
+ date: 2022-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.186.1
19
+ version: 0.187.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.186.1
26
+ version: 0.187.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debase
29
29
  requirement: !ruby/object:Gem::Requirement