RubyGems - dependabot-maven - Versions diffs - 0.328.0 → 0.331.0 - Mend

dependabot-maven 0.328.0 → 0.331.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/dependabot/maven/file_parser/maven_dependency_parser.rb +2 -1
data/lib/dependabot/maven/file_parser.rb +4 -2
data/lib/dependabot/maven/native_helpers.rb +10 -3
data/lib/dependabot/maven/pom.xml +23 -0
data/lib/dependabot/maven/update_checker/property_updater.rb +2 -1
data/lib/dependabot/maven/update_checker.rb +3 -1
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c6182bd25657339d403c713e4896f59a73d0f111fdedf7e79934cbead40f820
-  data.tar.gz: 96e911204b3bae8d541313c292603b88f6181763b5d8d39642090325b8c05529
+  metadata.gz: e00d238569bb0ad7d467a45509cb7b9354a684d39b28adab35f946cad74e8e28
+  data.tar.gz: a0703ad92903c434a453e686a681d03e8591a59110ad51c7badc13f95414d116
 SHA512:
-  metadata.gz: 88e88581252a244a01a73fb8b337ad1f77adf89774ce72dacbcbee2d26f30aa3eaac01ca94f21fcdca61cc9107931cbb732f2478609bc106f90fcdbcc470ef8c
-  data.tar.gz: 97699133b2fec0b1b0e637abca80d51a9b9a6b86ce327ef368ccd90f124bf2c77e5dc83e6a63cfe2ef4a0edd0cf340168ef76699d1186b3d0404f491280afdd8
+  metadata.gz: df9a0951c7a91832b2007f606e4cacde7cec53a0a6f16a467505c7a57fbdc84b69986131a0868c2672578c0c45e9e0a26e37698c7c448e6662a7caa3b4ced6de
+  data.tar.gz: 3c30a5fdcaddf3a2e0b315294909b7aa2de49f5ef9eb5920cdb0473c64da73ed6003d7a241e3efb706d665b37a91ef999ba881d01398b0172cd99be8b1842a7a

data/lib/dependabot/maven/file_parser/maven_dependency_parser.rb CHANGED Viewed

@@ -92,7 +92,8 @@ module Dependabot
                   classifier: classifier,
                   pom_file: pom.name
                 }
-              }]
+              }],
+              origin_files: [pom.name]
             )
             node["children"]&.each(&traverse_tree)

data/lib/dependabot/maven/file_parser.rb CHANGED Viewed

@@ -58,7 +58,8 @@ module Dependabot
               name: dep.name,
               version: dep.version,
               package_manager: "maven",
-              requirements: requirements
+              requirements: requirements,
+              origin_files: dep.origin_files
             )
           end
         else
@@ -192,7 +193,8 @@ module Dependabot
               packaging_type: packaging_type(pom, dependency_node),
               classifier: dependency_classifier(dependency_node, pom)
             }.merge(property_details).compact
-          }]
+          }],
+          origin_files: [pom.name]
         )
       end

data/lib/dependabot/maven/native_helpers.rb CHANGED Viewed

@@ -1,15 +1,22 @@
-# typed: strong
+# typed: strict
 # frozen_string_literal: true
 require "shellwords"
 require "sorbet-runtime"
+require "nokogiri"
 module Dependabot
   module Maven
     module NativeHelpers
       extend T::Sig
-      # Latest version of the plugin can be found here - https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-dependency-plugin
-      DEPENDENCY_PLUGIN_VERSION = "3.8.1"
+      pom_path = File.join(__dir__, "pom.xml")
+      version = File.open(pom_path) do |f|
+        doc = Nokogiri::XML(f)
+        doc.at_xpath("//project/properties/maven-dependency-plugin.version")&.text
+      end
+      DEPENDENCY_PLUGIN_VERSION = T.let(version, T.nilable(String))
       sig do
         params(file_name: String).void

data/lib/dependabot/maven/pom.xml ADDED Viewed

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project>
+  <!--
+  This build is not used directly within the native helper.
+  The goal is to help automate the maintenance overhead of keeping the version of maven-dependency-plugin up to date.
+    1. We read the maven-dependency-plugin.version version dynamically from the native_helper
+    2. We use Dependabot keep the version up to date
+  -->
+  <properties>
+    <maven-dependency-plugin.version>3.8.1</maven-dependency-plugin.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.maven.plugins</groupId>
+      <artifactId>maven-dependency-plugin</artifactId>
+      <version>${maven-dependency-plugin.version}</version>
+    </dependency>
+  </dependencies>
+</project>

data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED Viewed

@@ -77,7 +77,8 @@ module Dependabot
                 requirements: updated_requirements(dep),
                 previous_version: dep.version,
                 previous_requirements: dep.requirements,
-                package_manager: dep.package_manager
+                package_manager: dep.package_manager,
+                origin_files: dep.origin_files
               )
             end,
             T.nilable(T::Array[Dependabot::Dependency])

data/lib/dependabot/maven/update_checker.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Dependabot
           requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
           dependency_group: T.nilable(Dependabot::DependencyGroup),
           update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
+          exclude_paths: T.nilable(T::Array[String]),
           options: T::Hash[Symbol, T.untyped]
         )
           .void
@@ -32,7 +33,8 @@ module Dependabot
                      repo_contents_path: nil, ignored_versions: [],
                      raise_on_ignored: false, security_advisories: [],
                      requirements_update_strategy: nil, dependency_group: nil,
-                     update_cooldown: nil, options: {})
+                     update_cooldown: nil, exclude_paths: [],
+                     options: {})
         super
         @version_finder = T.let(nil, T.nilable(VersionFinder))

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.328.0
+  version: 0.331.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.328.0
+        version: 0.331.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.328.0
+        version: 0.331.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -256,6 +256,7 @@ files:
 - lib/dependabot/maven/native_helpers.rb
 - lib/dependabot/maven/package/package_details_fetcher.rb
 - lib/dependabot/maven/package_manager.rb
+- lib/dependabot/maven/pom.xml
 - lib/dependabot/maven/requirement.rb
 - lib/dependabot/maven/token_bucket.rb
 - lib/dependabot/maven/update_checker.rb
@@ -270,7 +271,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.328.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.331.0
 rdoc_options: []
 require_paths:
 - lib