dependabot-maven 0.262.0 → 0.264.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_parser/pom_fetcher.rb +31 -6
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +29 -7
- data/lib/dependabot/maven/file_parser.rb +67 -12
- data/lib/dependabot/maven/file_updater/property_value_updater.rb +31 -12
- data/lib/dependabot/maven/update_checker.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 51df7f3dc716cc7674949df83e48d90d04921493c750524def54b0cbe24dc920
|
4
|
+
data.tar.gz: b2cd29d713898236089bd0049b12b05098f5cd9f7e8e3393a711955fc1dbea66
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76f561eb9ab1cef94fe2cf02455ba8b63ed98296c8aa17b12a8e7e19297e883b03380fc4feb0644f9b3ff296e59a42bb40563cc905106ff2343195281ae88e95
|
7
|
+
data.tar.gz: 134b49a299b44872d274fad695741584eaced44b3528a78a6d3178334f1f1582c440b9260295f758af5f0310456ac71fa123dc0a062aed73788bdc4aec306098
|
@@ -1,6 +1,7 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "nokogiri"
|
5
6
|
|
6
7
|
require "dependabot/dependency_file"
|
@@ -11,15 +12,19 @@ module Dependabot
|
|
11
12
|
module Maven
|
12
13
|
class FileParser
|
13
14
|
class PomFetcher
|
15
|
+
extend T::Sig
|
16
|
+
|
17
|
+
sig { params(dependency_files: T::Array[DependencyFile]).void }
|
14
18
|
def initialize(dependency_files:)
|
15
19
|
@dependency_files = dependency_files
|
16
|
-
@poms = {}
|
20
|
+
@poms = T.let({}, T::Hash[String, DependencyFile])
|
17
21
|
end
|
18
22
|
|
23
|
+
sig { returns(T::Hash[String, DependencyFile]) }
|
19
24
|
def internal_dependency_poms
|
20
25
|
return @internal_dependency_poms if @internal_dependency_poms
|
21
26
|
|
22
|
-
@internal_dependency_poms = {}
|
27
|
+
@internal_dependency_poms = T.let({}, T.nilable(T::Hash[String, DependencyFile]))
|
23
28
|
dependency_files.each do |pom|
|
24
29
|
doc = Nokogiri::XML(pom.content)
|
25
30
|
group_id = doc.at_css("project > groupId") ||
|
@@ -33,12 +38,20 @@ module Dependabot
|
|
33
38
|
artifact_id.content.strip
|
34
39
|
].join(":")
|
35
40
|
|
36
|
-
@internal_dependency_poms[dependency_name] = pom
|
41
|
+
T.must(@internal_dependency_poms)[dependency_name] = pom
|
37
42
|
end
|
38
43
|
|
39
|
-
@internal_dependency_poms
|
44
|
+
T.must(@internal_dependency_poms)
|
40
45
|
end
|
41
46
|
|
47
|
+
sig do
|
48
|
+
params(
|
49
|
+
group_id: String,
|
50
|
+
artifact_id: String,
|
51
|
+
version: String,
|
52
|
+
urls_to_try: T::Array[String]
|
53
|
+
).returns(T.nilable(DependencyFile)) # Fix: Added closing parenthesis
|
54
|
+
end
|
42
55
|
def fetch_remote_parent_pom(group_id, artifact_id, version, urls_to_try)
|
43
56
|
pom_id = "#{group_id}:#{artifact_id}:#{version}"
|
44
57
|
return @poms[pom_id] if @poms.key?(pom_id)
|
@@ -74,24 +87,33 @@ module Dependabot
|
|
74
87
|
|
75
88
|
private
|
76
89
|
|
90
|
+
sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
|
77
91
|
def remote_pom_url(group_id, artifact_id, version, base_repo_url)
|
78
92
|
"#{base_repo_url}/" \
|
79
93
|
"#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
|
80
94
|
"#{artifact_id}-#{version}.pom"
|
81
95
|
end
|
82
96
|
|
97
|
+
sig do
|
98
|
+
params(group_id: String, artifact_id: String, version: String, snapshot_version: String,
|
99
|
+
base_repo_url: String).returns(String)
|
100
|
+
end
|
83
101
|
def remote_pom_snapshot_url(group_id, artifact_id, version, snapshot_version, base_repo_url)
|
84
102
|
"#{base_repo_url}/" \
|
85
103
|
"#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
|
86
104
|
"#{artifact_id}-#{snapshot_version}.pom"
|
87
105
|
end
|
88
106
|
|
107
|
+
sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
|
89
108
|
def remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_repo_url)
|
90
109
|
"#{base_repo_url}/" \
|
91
110
|
"#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
|
92
111
|
"maven-metadata.xml"
|
93
112
|
end
|
94
113
|
|
114
|
+
sig do
|
115
|
+
params(group_id: String, artifact_id: String, version: String, base_url: String).returns(T.nilable(String))
|
116
|
+
end
|
95
117
|
def fetch_snapshot_pom_url(group_id, artifact_id, version, base_url)
|
96
118
|
url = remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_url)
|
97
119
|
response = fetch(url)
|
@@ -107,15 +129,18 @@ module Dependabot
|
|
107
129
|
remote_pom_snapshot_url(group_id, artifact_id, version, snapshot, base_url)
|
108
130
|
end
|
109
131
|
|
132
|
+
sig { params(url: String).returns(Excon::Response) }
|
110
133
|
def fetch(url)
|
111
|
-
@maven_responses ||= {}
|
134
|
+
@maven_responses ||= T.let({}, T.nilable(T::Hash[String, Excon::Response]))
|
112
135
|
@maven_responses[url] ||= Dependabot::RegistryClient.get(url: url, options: { retry_limit: 1 })
|
113
136
|
end
|
114
137
|
|
138
|
+
sig { params(content: String).returns(T::Boolean) }
|
115
139
|
def pom?(content)
|
116
140
|
!Nokogiri::XML(content).at_css("project > artifactId").nil?
|
117
141
|
end
|
118
142
|
|
143
|
+
sig { returns(T::Array[DependencyFile]) }
|
119
144
|
attr_reader :dependency_files
|
120
145
|
end
|
121
146
|
end
|
@@ -1,8 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "nokogiri"
|
5
|
-
|
5
|
+
require "sorbet-runtime"
|
6
6
|
require "dependabot/dependency_file"
|
7
7
|
require "dependabot/maven/file_parser"
|
8
8
|
require "dependabot/registry_client"
|
@@ -14,17 +14,24 @@ module Dependabot
|
|
14
14
|
module Maven
|
15
15
|
class FileParser
|
16
16
|
class PropertyValueFinder
|
17
|
+
extend T::Sig
|
18
|
+
|
17
19
|
require_relative "repositories_finder"
|
18
20
|
require_relative "pom_fetcher"
|
19
21
|
|
20
22
|
DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
|
21
23
|
|
24
|
+
sig { params(dependency_files: T::Array[DependencyFile], credentials: T::Array[String]).void }
|
22
25
|
def initialize(dependency_files:, credentials: [])
|
23
26
|
@dependency_files = dependency_files
|
24
27
|
@credentials = credentials
|
25
|
-
@pom_fetcher = PomFetcher.new(dependency_files: dependency_files)
|
28
|
+
@pom_fetcher = T.let(PomFetcher.new(dependency_files: dependency_files),
|
29
|
+
Dependabot::Maven::FileParser::PomFetcher)
|
26
30
|
end
|
27
31
|
|
32
|
+
sig do
|
33
|
+
params(property_name: String, callsite_pom: DependencyFile).returns(T.nilable(T::Hash[Symbol, T.untyped]))
|
34
|
+
end
|
28
35
|
def property_details(property_name:, callsite_pom:)
|
29
36
|
pom = callsite_pom
|
30
37
|
doc = Nokogiri::XML(pom.content)
|
@@ -71,8 +78,17 @@ module Dependabot
|
|
71
78
|
|
72
79
|
private
|
73
80
|
|
81
|
+
sig { returns(T::Array[DependencyFile]) }
|
74
82
|
attr_reader :dependency_files
|
75
83
|
|
84
|
+
sig do
|
85
|
+
params(
|
86
|
+
expression: String,
|
87
|
+
property_name: String,
|
88
|
+
callsite_pom: DependencyFile
|
89
|
+
)
|
90
|
+
.returns(T.nilable(T::Hash[Symbol, String]))
|
91
|
+
end
|
76
92
|
def extract_value_from_expression(expression:, property_name:, callsite_pom:)
|
77
93
|
# and the expression is pointing to self then raise the error
|
78
94
|
if expression.eql?("${#{property_name}}")
|
@@ -83,14 +99,16 @@ module Dependabot
|
|
83
99
|
end
|
84
100
|
|
85
101
|
# and the expression is pointing to another tag, then get the value of that tag
|
86
|
-
property_details(property_name: expression.slice(2..-2), callsite_pom: callsite_pom)
|
102
|
+
property_details(property_name: T.must(expression.slice(2..-2)), callsite_pom: callsite_pom)
|
87
103
|
end
|
88
104
|
|
105
|
+
sig { params(property_name: String).returns(String) }
|
89
106
|
def sanitize_property_name(property_name)
|
90
107
|
property_name.sub(/^pom\./, "").sub(/^project\./, "")
|
91
108
|
end
|
92
109
|
|
93
110
|
# rubocop:disable Metrics/PerceivedComplexity
|
111
|
+
sig { params(pom: DependencyFile).returns(T.nilable(DependencyFile)) }
|
94
112
|
def parent_pom(pom)
|
95
113
|
doc = Nokogiri::XML(pom.content)
|
96
114
|
doc.remove_namespaces!
|
@@ -111,6 +129,7 @@ module Dependabot
|
|
111
129
|
end
|
112
130
|
# rubocop:enable Metrics/PerceivedComplexity
|
113
131
|
|
132
|
+
sig { params(pom: DependencyFile).returns(T::Array[String]) }
|
114
133
|
def parent_repository_urls(pom)
|
115
134
|
repositories_finder.repository_urls(
|
116
135
|
pom: pom,
|
@@ -119,14 +138,17 @@ module Dependabot
|
|
119
138
|
)
|
120
139
|
end
|
121
140
|
|
141
|
+
sig { returns(RepositoriesFinder) }
|
122
142
|
def repositories_finder
|
123
|
-
@repositories_finder ||=
|
124
|
-
RepositoriesFinder.new(
|
143
|
+
@repositories_finder ||= T.let(
|
144
|
+
Dependabot::Maven::FileParser::RepositoriesFinder.new(
|
125
145
|
pom_fetcher: @pom_fetcher,
|
126
146
|
dependency_files: dependency_files,
|
127
147
|
credentials: @credentials,
|
128
148
|
evaluate_properties: false
|
129
|
-
)
|
149
|
+
),
|
150
|
+
T.nilable(Dependabot::Maven::FileParser::RepositoriesFinder)
|
151
|
+
)
|
130
152
|
end
|
131
153
|
end
|
132
154
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "nokogiri"
|
@@ -15,6 +15,7 @@ require "dependabot/errors"
|
|
15
15
|
module Dependabot
|
16
16
|
module Maven
|
17
17
|
class FileParser < Dependabot::FileParsers::Base
|
18
|
+
extend T::Sig
|
18
19
|
require "dependabot/file_parsers/base/dependency_set"
|
19
20
|
require_relative "file_parser/property_value_finder"
|
20
21
|
|
@@ -35,6 +36,7 @@ module Dependabot
|
|
35
36
|
# Regex to get the property name from a declaration that uses a property
|
36
37
|
PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
|
37
38
|
|
39
|
+
sig { override.returns(T::Array[Dependabot::Dependency]) }
|
38
40
|
def parse
|
39
41
|
dependency_set = DependencySet.new
|
40
42
|
pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
|
@@ -44,6 +46,7 @@ module Dependabot
|
|
44
46
|
|
45
47
|
private
|
46
48
|
|
49
|
+
sig { params(pom: Dependabot::DependencyFile).returns(DependencySet) }
|
47
50
|
def pomfile_dependencies(pom)
|
48
51
|
dependency_set = DependencySet.new
|
49
52
|
|
@@ -70,6 +73,7 @@ module Dependabot
|
|
70
73
|
dependency_set
|
71
74
|
end
|
72
75
|
|
76
|
+
sig { params(extension: Dependabot::DependencyFile).returns(DependencySet) }
|
73
77
|
def extensionfile_dependencies(extension)
|
74
78
|
dependency_set = DependencySet.new
|
75
79
|
|
@@ -89,6 +93,10 @@ module Dependabot
|
|
89
93
|
dependency_set
|
90
94
|
end
|
91
95
|
|
96
|
+
sig do
|
97
|
+
params(pom: Dependabot::DependencyFile,
|
98
|
+
dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
|
99
|
+
end
|
92
100
|
def dependency_from_dependency_node(pom, dependency_node)
|
93
101
|
return unless (name = dependency_name(dependency_node, pom))
|
94
102
|
return if internal_dependency_names.include?(name)
|
@@ -96,6 +104,10 @@ module Dependabot
|
|
96
104
|
build_dependency(pom, dependency_node, name)
|
97
105
|
end
|
98
106
|
|
107
|
+
sig do
|
108
|
+
params(pom: Dependabot::DependencyFile,
|
109
|
+
dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
|
110
|
+
end
|
99
111
|
def dependency_from_plugin_node(pom, dependency_node)
|
100
112
|
return unless (name = plugin_name(dependency_node, pom))
|
101
113
|
return if internal_dependency_names.include?(name)
|
@@ -103,6 +115,10 @@ module Dependabot
|
|
103
115
|
build_dependency(pom, dependency_node, name)
|
104
116
|
end
|
105
117
|
|
118
|
+
sig do
|
119
|
+
params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element,
|
120
|
+
name: String).returns(T.nilable(Dependabot::Dependency))
|
121
|
+
end
|
106
122
|
def build_dependency(pom, dependency_node, name)
|
107
123
|
property_details =
|
108
124
|
{
|
@@ -127,6 +143,10 @@ module Dependabot
|
|
127
143
|
)
|
128
144
|
end
|
129
145
|
|
146
|
+
sig do
|
147
|
+
params(dependency_node: Nokogiri::XML::Element,
|
148
|
+
pom: Dependabot::DependencyFile).returns(T.nilable(String))
|
149
|
+
end
|
130
150
|
def dependency_name(dependency_node, pom)
|
131
151
|
return unless dependency_node.at_xpath("./groupId")
|
132
152
|
return unless dependency_node.at_xpath("./artifactId")
|
@@ -143,6 +163,9 @@ module Dependabot
|
|
143
163
|
].join(":")
|
144
164
|
end
|
145
165
|
|
166
|
+
sig do
|
167
|
+
params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
|
168
|
+
end
|
146
169
|
def dependency_classifier(dependency_node, pom)
|
147
170
|
return unless dependency_node.at_xpath("./classifier")
|
148
171
|
|
@@ -152,6 +175,9 @@ module Dependabot
|
|
152
175
|
)
|
153
176
|
end
|
154
177
|
|
178
|
+
sig do
|
179
|
+
params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
|
180
|
+
end
|
155
181
|
def plugin_name(dependency_node, pom)
|
156
182
|
return unless plugin_group_id(pom, dependency_node)
|
157
183
|
return unless dependency_node.at_xpath("./artifactId")
|
@@ -165,6 +191,7 @@ module Dependabot
|
|
165
191
|
].join(":")
|
166
192
|
end
|
167
193
|
|
194
|
+
sig { params(pom: Dependabot::DependencyFile, node: Nokogiri::XML::Element).returns(T.nilable(String)) }
|
168
195
|
def plugin_group_id(pom, node)
|
169
196
|
return "org.apache.maven.plugins" unless node.at_xpath("./groupId")
|
170
197
|
|
@@ -174,6 +201,9 @@ module Dependabot
|
|
174
201
|
)
|
175
202
|
end
|
176
203
|
|
204
|
+
sig do
|
205
|
+
params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
|
206
|
+
end
|
177
207
|
def dependency_version(pom, dependency_node)
|
178
208
|
requirement = dependency_requirement(pom, dependency_node)
|
179
209
|
return nil unless requirement
|
@@ -185,6 +215,9 @@ module Dependabot
|
|
185
215
|
requirement.gsub(/[\(\)\[\]]/, "").strip
|
186
216
|
end
|
187
217
|
|
218
|
+
sig do
|
219
|
+
params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
|
220
|
+
end
|
188
221
|
def dependency_requirement(pom, dependency_node)
|
189
222
|
return unless dependency_node.at_xpath("./version")
|
190
223
|
|
@@ -194,10 +227,12 @@ module Dependabot
|
|
194
227
|
version_content.empty? ? nil : version_content
|
195
228
|
end
|
196
229
|
|
230
|
+
sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T::Array[String]) }
|
197
231
|
def dependency_groups(pom, dependency_node)
|
198
232
|
dependency_scope(pom, dependency_node) == "test" ? ["test"] : []
|
199
233
|
end
|
200
234
|
|
235
|
+
sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
|
201
236
|
def dependency_scope(pom, dependency_node)
|
202
237
|
return "compile" unless dependency_node.at_xpath("./scope")
|
203
238
|
|
@@ -207,6 +242,7 @@ module Dependabot
|
|
207
242
|
scope_content.empty? ? "compile" : scope_content
|
208
243
|
end
|
209
244
|
|
245
|
+
sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
|
210
246
|
def packaging_type(pom, dependency_node)
|
211
247
|
return "pom" if dependency_node.node_name == "parent"
|
212
248
|
return "jar" unless dependency_node.at_xpath("./type")
|
@@ -217,6 +253,7 @@ module Dependabot
|
|
217
253
|
evaluated_value(packaging_type_content, pom)
|
218
254
|
end
|
219
255
|
|
256
|
+
sig { params(dependency_node: Nokogiri::XML::Element).returns(T.nilable(String)) }
|
220
257
|
def version_property_name(dependency_node)
|
221
258
|
return unless dependency_node.at_xpath("./version")
|
222
259
|
|
@@ -228,17 +265,21 @@ module Dependabot
|
|
228
265
|
.named_captures.fetch("property")
|
229
266
|
end
|
230
267
|
|
268
|
+
sig { params(value: String, pom: Dependabot::DependencyFile).returns(String) }
|
231
269
|
def evaluated_value(value, pom)
|
232
270
|
return value unless value.match?(PROPERTY_REGEX)
|
233
271
|
|
234
|
-
property_name = value.match(PROPERTY_REGEX)
|
235
|
-
|
236
|
-
property_value = value_for_property(property_name, pom)
|
272
|
+
property_name = T.must(value.match(PROPERTY_REGEX))
|
273
|
+
.named_captures.fetch("property")
|
274
|
+
property_value = value_for_property(T.must(property_name), pom)
|
237
275
|
|
238
276
|
new_value = value.gsub(value.match(PROPERTY_REGEX).to_s, property_value)
|
239
277
|
evaluated_value(new_value, pom)
|
240
278
|
end
|
241
279
|
|
280
|
+
sig do
|
281
|
+
params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
|
282
|
+
end
|
242
283
|
def property_source(dependency_node, pom)
|
243
284
|
property_name = version_property_name(dependency_node)
|
244
285
|
return unless property_name
|
@@ -254,6 +295,7 @@ module Dependabot
|
|
254
295
|
raise DependencyFileNotEvaluatable, msg
|
255
296
|
end
|
256
297
|
|
298
|
+
sig { params(property_name: String, pom: Dependabot::DependencyFile).returns(String) }
|
257
299
|
def value_for_property(property_name, pom)
|
258
300
|
value =
|
259
301
|
property_value_finder
|
@@ -268,25 +310,35 @@ module Dependabot
|
|
268
310
|
|
269
311
|
# Cached, since this can makes calls to the registry (to get property
|
270
312
|
# values from parent POMs)
|
313
|
+
sig { returns(Dependabot::Maven::FileParser::PropertyValueFinder) }
|
271
314
|
def property_value_finder
|
272
|
-
@property_value_finder ||=
|
273
|
-
PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials)
|
315
|
+
@property_value_finder ||= T.let(
|
316
|
+
PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials.map(&:to_s)),
|
317
|
+
T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
|
318
|
+
)
|
274
319
|
end
|
275
320
|
|
321
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
276
322
|
def pomfiles
|
277
|
-
@pomfiles ||=
|
323
|
+
@pomfiles ||= T.let(
|
278
324
|
dependency_files.select do |f|
|
279
325
|
f.name.end_with?(".xml") && !f.name.end_with?("extensions.xml")
|
280
|
-
end
|
326
|
+
end,
|
327
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
328
|
+
)
|
281
329
|
end
|
282
330
|
|
331
|
+
sig { returns(T::Array[Dependabot::DependencyFile]) }
|
283
332
|
def extensionfiles
|
284
|
-
@extensionfiles ||=
|
285
|
-
dependency_files.select { |f| f.name.end_with?("extensions.xml") }
|
333
|
+
@extensionfiles ||= T.let(
|
334
|
+
dependency_files.select { |f| f.name.end_with?("extensions.xml") },
|
335
|
+
T.nilable(T::Array[Dependabot::DependencyFile])
|
336
|
+
)
|
286
337
|
end
|
287
338
|
|
339
|
+
sig { returns(T::Array[String]) }
|
288
340
|
def internal_dependency_names
|
289
|
-
@internal_dependency_names ||=
|
341
|
+
@internal_dependency_names ||= T.let(
|
290
342
|
dependency_files.filter_map do |pom|
|
291
343
|
doc = Nokogiri::XML(pom.content)
|
292
344
|
group_id = doc.at_css("project > groupId") ||
|
@@ -296,9 +348,12 @@ module Dependabot
|
|
296
348
|
next unless group_id && artifact_id
|
297
349
|
|
298
350
|
[group_id.content.strip, artifact_id.content.strip].join(":")
|
299
|
-
end
|
351
|
+
end,
|
352
|
+
T.nilable(T::Array[String])
|
353
|
+
)
|
300
354
|
end
|
301
355
|
|
356
|
+
sig { override.void }
|
302
357
|
def check_required_files
|
303
358
|
raise "No pom.xml!" unless get_original_file("pom.xml")
|
304
359
|
end
|
@@ -1,6 +1,7 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "sorbet-runtime"
|
4
5
|
require "nokogiri"
|
5
6
|
|
6
7
|
require "dependabot/dependency_file"
|
@@ -11,54 +12,72 @@ module Dependabot
|
|
11
12
|
module Maven
|
12
13
|
class FileUpdater
|
13
14
|
class PropertyValueUpdater
|
15
|
+
extend T::Sig
|
16
|
+
|
17
|
+
sig { params(dependency_files: T::Array[DependencyFile]).void }
|
14
18
|
def initialize(dependency_files:)
|
15
19
|
@dependency_files = dependency_files
|
16
20
|
end
|
17
21
|
|
22
|
+
# rubocop:disable Metrics/AbcSize
|
23
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
24
|
+
sig do
|
25
|
+
params(
|
26
|
+
property_name: String,
|
27
|
+
callsite_pom: DependencyFile,
|
28
|
+
updated_value: String
|
29
|
+
).returns(T::Array[DependencyFile])
|
30
|
+
end
|
18
31
|
def update_pomfiles_for_property_change(property_name:, callsite_pom:,
|
19
32
|
updated_value:)
|
20
33
|
declaration_details = property_value_finder.property_details(
|
21
34
|
property_name: property_name,
|
22
35
|
callsite_pom: callsite_pom
|
23
36
|
)
|
24
|
-
node = declaration_details
|
25
|
-
filename = declaration_details
|
37
|
+
node = declaration_details&.fetch(:node)
|
38
|
+
filename = declaration_details&.fetch(:file)
|
26
39
|
|
27
40
|
pom_to_update = dependency_files.find { |f| f.name == filename }
|
28
41
|
property_re = %r{<#{Regexp.quote(node.name)}>
|
29
42
|
\s*#{Regexp.quote(node.content)}\s*
|
30
43
|
</#{Regexp.quote(node.name)}>}xm
|
31
44
|
property_text = node.to_s
|
32
|
-
if pom_to_update
|
33
|
-
updated_content = pom_to_update
|
45
|
+
if pom_to_update&.content&.match?(property_re)
|
46
|
+
updated_content = pom_to_update&.content&.sub(
|
34
47
|
property_re,
|
35
48
|
"<#{node.name}>#{updated_value}</#{node.name}>"
|
36
49
|
)
|
37
|
-
elsif pom_to_update
|
50
|
+
elsif pom_to_update&.content&.include? property_text
|
38
51
|
node.content = updated_value
|
39
|
-
updated_content = pom_to_update
|
52
|
+
updated_content = pom_to_update&.content&.sub(
|
40
53
|
property_text,
|
41
54
|
node.to_s
|
42
55
|
)
|
43
56
|
end
|
44
57
|
|
45
58
|
updated_pomfiles = dependency_files.dup
|
46
|
-
updated_pomfiles[updated_pomfiles.index(pom_to_update)] =
|
47
|
-
update_file(file: pom_to_update, content: updated_content)
|
59
|
+
updated_pomfiles[T.must(updated_pomfiles.index(pom_to_update))] =
|
60
|
+
update_file(file: T.must(pom_to_update), content: T.must(updated_content))
|
48
61
|
|
49
62
|
updated_pomfiles
|
50
63
|
end
|
64
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
65
|
+
# rubocop:enable Metrics/AbcSize
|
51
66
|
|
52
67
|
private
|
53
68
|
|
69
|
+
sig { returns T::Array[Dependabot::DependencyFile] }
|
54
70
|
attr_reader :dependency_files
|
55
71
|
|
72
|
+
sig { returns Maven::FileParser::PropertyValueFinder }
|
56
73
|
def property_value_finder
|
57
|
-
@property_value_finder ||=
|
58
|
-
Maven::FileParser::PropertyValueFinder
|
59
|
-
.
|
74
|
+
@property_value_finder ||= T.let(
|
75
|
+
Maven::FileParser::PropertyValueFinder.new(dependency_files: dependency_files),
|
76
|
+
T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
|
77
|
+
)
|
60
78
|
end
|
61
79
|
|
80
|
+
sig { params(file: DependencyFile, content: String).returns(DependencyFile) }
|
62
81
|
def update_file(file:, content:)
|
63
82
|
updated_file = file.dup
|
64
83
|
updated_file.content = content
|
@@ -138,7 +138,7 @@ module Dependabot
|
|
138
138
|
def property_value_finder
|
139
139
|
@property_value_finder ||=
|
140
140
|
Maven::FileParser::PropertyValueFinder
|
141
|
-
.new(dependency_files: dependency_files, credentials: credentials)
|
141
|
+
.new(dependency_files: dependency_files, credentials: credentials.map(&:to_s))
|
142
142
|
end
|
143
143
|
|
144
144
|
def version_comes_from_multi_dependency_property?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.264.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.264.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.264.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -264,7 +264,7 @@ licenses:
|
|
264
264
|
- MIT
|
265
265
|
metadata:
|
266
266
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
267
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
267
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
|
268
268
|
post_install_message:
|
269
269
|
rdoc_options: []
|
270
270
|
require_paths:
|