dependabot-maven 0.328.0 → 0.330.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/native_helpers.rb +10 -3
  3. data/lib/dependabot/maven/pom.xml +23 -0
  4. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c6182bd25657339d403c713e4896f59a73d0f111fdedf7e79934cbead40f820
4
- data.tar.gz: 96e911204b3bae8d541313c292603b88f6181763b5d8d39642090325b8c05529
3
+ metadata.gz: 8813ff002ea7558e021499430fb8004e0a7c8aa8cf0852805a3973dc7ba64dcd
4
+ data.tar.gz: 3148a65b45305b9d46d84bd86930068b0437a9456bb09d940602e276bd746f96
5
5
  SHA512:
6
- metadata.gz: 88e88581252a244a01a73fb8b337ad1f77adf89774ce72dacbcbee2d26f30aa3eaac01ca94f21fcdca61cc9107931cbb732f2478609bc106f90fcdbcc470ef8c
7
- data.tar.gz: 97699133b2fec0b1b0e637abca80d51a9b9a6b86ce327ef368ccd90f124bf2c77e5dc83e6a63cfe2ef4a0edd0cf340168ef76699d1186b3d0404f491280afdd8
6
+ metadata.gz: 69642b15c206b61b73f60975cba8480bb2bcbc951c51c3dcffa3afe963f0a0b38cdbd956ba0a76ebbab5250d2d16b10883baea4c3b2f46d66c0608324d15a8b4
7
+ data.tar.gz: 2be79feff0006c89ac977b17feba71f1a794624e515227c530fdd6f5dfd2571db8d12064dde1d878049fd960ccddacec95db25b8b69900f13b2698af5aefcb83
data/lib/dependabot/maven/native_helpers.rb CHANGED
@@ -1,15 +1,22 @@
1
- # typed: strong
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "shellwords"
5
5
  require "sorbet-runtime"
6
+ require "nokogiri"
6
7
 
7
8
  module Dependabot
8
9
  module Maven
9
10
  module NativeHelpers
10
11
  extend T::Sig
11
- # Latest version of the plugin can be found here - https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-dependency-plugin
12
- DEPENDENCY_PLUGIN_VERSION = "3.8.1"
12
+ pom_path = File.join(__dir__, "pom.xml")
13
+
14
+ version = File.open(pom_path) do |f|
15
+ doc = Nokogiri::XML(f)
16
+ doc.at_xpath("//project/properties/maven-dependency-plugin.version")&.text
17
+ end
18
+
19
+ DEPENDENCY_PLUGIN_VERSION = T.let(version, T.nilable(String))
13
20
 
14
21
  sig do
15
22
  params(file_name: String).void
data/lib/dependabot/maven/pom.xml ADDED
@@ -0,0 +1,23 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <project>
3
+
4
+ <!--
5
+ This build is not used directly within the native helper.
6
+ The goal is to help automate the maintenance overhead of keeping the version of maven-dependency-plugin up to date.
7
+
8
+ 1. We read the maven-dependency-plugin.version version dynamically from the native_helper
9
+ 2. We use Dependabot keep the version up to date
10
+ -->
11
+
12
+ <properties>
13
+ <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
14
+ </properties>
15
+
16
+ <dependencies>
17
+ <dependency>
18
+ <groupId>org.apache.maven.plugins</groupId>
19
+ <artifactId>maven-dependency-plugin</artifactId>
20
+ <version>${maven-dependency-plugin.version}</version>
21
+ </dependency>
22
+ </dependencies>
23
+ </project>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.328.0
4
+ version: 0.330.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.328.0
18
+ version: 0.330.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.328.0
25
+ version: 0.330.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -256,6 +256,7 @@ files:
256
256
  - lib/dependabot/maven/native_helpers.rb
257
257
  - lib/dependabot/maven/package/package_details_fetcher.rb
258
258
  - lib/dependabot/maven/package_manager.rb
259
+ - lib/dependabot/maven/pom.xml
259
260
  - lib/dependabot/maven/requirement.rb
260
261
  - lib/dependabot/maven/token_bucket.rb
261
262
  - lib/dependabot/maven/update_checker.rb
@@ -270,7 +271,7 @@ licenses:
270
271
  - MIT
271
272
  metadata:
272
273
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
273
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.328.0
274
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.330.0
274
275
  rdoc_options: []
275
276
  require_paths:
276
277
  - lib