dependabot-maven 0.331.0 → 0.333.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e00d238569bb0ad7d467a45509cb7b9354a684d39b28adab35f946cad74e8e28
-  data.tar.gz: a0703ad92903c434a453e686a681d03e8591a59110ad51c7badc13f95414d116
+  metadata.gz: f422af1c5f273a3076d3ae3980a0961f54b25a6250ccc80569917dfd863732fe
+  data.tar.gz: fd7bca083ca599e5569bfab2a20ef6dcf83809238b07232779bfc616bd9c1022
 SHA512:
-  metadata.gz: df9a0951c7a91832b2007f606e4cacde7cec53a0a6f16a467505c7a57fbdc84b69986131a0868c2672578c0c45e9e0a26e37698c7c448e6662a7caa3b4ced6de
-  data.tar.gz: 3c30a5fdcaddf3a2e0b315294909b7aa2de49f5ef9eb5920cdb0473c64da73ed6003d7a241e3efb706d665b37a91ef999ba881d01398b0172cd99be8b1842a7a
+  metadata.gz: bdf1209d69ca4ff14f73b78702fd6904c9adbc88ff1b440dfbd344d3514b2399ce27fbe656fe9b243c01341401757dc689c3be8af16f0aafec7a4d673fa83e60
+  data.tar.gz: c3a8ae5ff7a8ec424d56d4750c6ce6f98b7fbef17f00ec58cadd37c63128b46d38b80c1abfe981b41286c318dd4063b12597c196f015026be723725787bcc574

data/lib/dependabot/maven/file_fetcher.rb

@@ -6,6 +6,7 @@ require "sorbet-runtime"
 
 require "dependabot/file_fetchers"
 require "dependabot/file_fetchers/base"
+require "dependabot/file_filtering"
 
 module Dependabot
   module Maven
@@ -33,7 +34,13 @@ module Dependabot
         fetched_files += child_poms
         fetched_files += relative_path_parents(fetched_files)
         fetched_files << extensions if extensions
-        fetched_files.uniq
+
+        # Filter excluded files from final collection
+        filtered_files = fetched_files.uniq.reject do |file|
+          Dependabot::FileFiltering.should_exclude_path?(file.name, "file from final collection", @exclude_paths)
+        end
+
+        filtered_files
       end
 
       private
@@ -82,6 +89,8 @@ module Dependabot
 
           next [] if fetched_filenames.include?(path)
 
+          next [] if Dependabot::FileFiltering.should_exclude_path?(path, "file from final collection", @exclude_paths)
+
           child_pom = fetch_file_from_host(path)
           fetched_files = [
             child_pom,

data/lib/dependabot/maven/file_parser/maven_dependency_parser.rb

@@ -11,6 +11,7 @@ module Dependabot
     class FileParser
       class MavenDependencyParser
         extend T::Sig
+
         require "dependabot/file_parsers/base/dependency_set"
 
         DEPENDENCY_OUTPUT_FILE = "dependency-tree-output.json"
@@ -92,8 +93,7 @@ module Dependabot
                   classifier: classifier,
                   pom_file: pom.name
                 }
-              }],
-              origin_files: [pom.name]
+              }]
             )
 
             node["children"]&.each(&traverse_tree)

data/lib/dependabot/maven/file_parser.rb

@@ -20,6 +20,7 @@ module Dependabot
     # rubocop:disable Metrics/ClassLength
     class FileParser < Dependabot::FileParsers::Base
       extend T::Sig
+
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/maven_dependency_parser"
       require_relative "file_parser/property_value_finder"
@@ -58,8 +59,7 @@ module Dependabot
               name: dep.name,
               version: dep.version,
               package_manager: "maven",
-              requirements: requirements,
-              origin_files: dep.origin_files
+              requirements: requirements
             )
           end
         else
@@ -193,8 +193,7 @@ module Dependabot
               packaging_type: packaging_type(pom, dependency_node),
               classifier: dependency_classifier(dependency_node, pom)
             }.merge(property_details).compact
-          }],
-          origin_files: [pom.name]
+          }]
         )
       end
 

data/lib/dependabot/maven/metadata_finder.rb

@@ -15,6 +15,7 @@ module Dependabot
   module Maven
     class MetadataFinder < Dependabot::MetadataFinders::Base
       extend T::Sig
+
       DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
 
       private

data/lib/dependabot/maven/native_helpers.rb

@@ -9,6 +9,7 @@ module Dependabot
   module Maven
     module NativeHelpers
       extend T::Sig
+
       pom_path = File.join(__dir__, "pom.xml")
 
       version = File.open(pom_path) do |f|
@@ -39,7 +40,7 @@ module Dependabot
       def self.handle_tool_error(output)
         if (match = output.match(
           %r{Could not transfer artifact (?<artifact>[^ ]+) from/to (?<repository_name>[^ ]+) \((?<repository_url>[^ ]+)\): status code: (?<status_code>[0-9]+)} # rubocop:disable Layout/LineLength
-        )) && (match[:status_code] == ("403") || match[:status_code] == ("401"))
+        )) && (match[:status_code] == "403" || match[:status_code] == "401")
           raise Dependabot::PrivateSourceAuthenticationFailure, match[:repository_url]
         end
 

data/lib/dependabot/maven/update_checker/property_updater.rb

@@ -12,6 +12,7 @@ module Dependabot
     class UpdateChecker
       class PropertyUpdater
         extend T::Sig
+
         require_relative "requirements_updater"
         require_relative "version_finder"
 
@@ -77,8 +78,7 @@ module Dependabot
                 requirements: updated_requirements(dep),
                 previous_version: dep.version,
                 previous_requirements: dep.requirements,
-                package_manager: dep.package_manager,
-                origin_files: dep.origin_files
+                package_manager: dep.package_manager
               )
             end,
             T.nilable(T::Array[Dependabot::Dependency])

data/lib/dependabot/maven/update_checker.rb

@@ -24,7 +24,6 @@ module Dependabot
           requirements_update_strategy: T.nilable(Dependabot::RequirementsUpdateStrategy),
           dependency_group: T.nilable(Dependabot::DependencyGroup),
           update_cooldown: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
-          exclude_paths: T.nilable(T::Array[String]),
           options: T::Hash[Symbol, T.untyped]
         )
           .void
@@ -33,7 +32,7 @@ module Dependabot
                      repo_contents_path: nil, ignored_versions: [],
                      raise_on_ignored: false, security_advisories: [],
                      requirements_update_strategy: nil, dependency_group: nil,
-                     update_cooldown: nil, exclude_paths: [],
+                     update_cooldown: nil,
                      options: {})
         super
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.331.0
+  version: 0.333.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.331.0
+        version: 0.333.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -211,14 +211,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.25'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.25'
 - !ruby/object:Gem::Dependency
   name: webrick
   requirement: !ruby/object:Gem::Requirement
@@ -271,7 +271,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.331.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.333.0
 rdoc_options: []
 require_paths:
 - lib