dependabot-maven 0.356.0 → 0.357.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 88f4ec6abad6b9329da21a5d9d1b8a1ac73a541d0fb0437149def4a1cfad73e4
|
|
4
|
+
data.tar.gz: 99280b25245177eae98b618cba2ca285bf4db099dbe3396c481db91328a4997b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 010f3bbe4754d3e0128516561cb4f19b290d2d8d3edc1289f9ad89504638662ca922fa30c4cc1859080b4dbcbe33b8161523216a074319c41af0cd2739e87bdd
|
|
7
|
+
data.tar.gz: 4073e5d61854ad4ac1be44c72f2baef543e5f1f81e90f0c27e6816e03ed9f10de33edf645e4e3b8e1c5115ca8215a9b384634d06ffcbee343d97c641225a9e54
|
|
@@ -122,14 +122,16 @@ module Dependabot
|
|
|
122
122
|
doc = Nokogiri::XML(pom.content)
|
|
123
123
|
doc.remove_namespaces!
|
|
124
124
|
|
|
125
|
+
plugin_names = collect_plugin_names(pom, doc)
|
|
126
|
+
|
|
125
127
|
doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
|
|
126
|
-
dep = dependency_from_dependency_node(pom, dependency_node)
|
|
128
|
+
dep = dependency_from_dependency_node(pom, dependency_node, plugin_names)
|
|
127
129
|
dependency_set << dep if dep
|
|
128
130
|
rescue DependencyFileNotEvaluatable => e
|
|
129
131
|
errors << e
|
|
130
132
|
end
|
|
131
133
|
|
|
132
|
-
doc
|
|
134
|
+
plugin_nodes(doc).each do |dependency_node|
|
|
133
135
|
dep = dependency_from_plugin_node(pom, dependency_node)
|
|
134
136
|
dependency_set << dep if dep
|
|
135
137
|
rescue DependencyFileNotEvaluatable => e
|
|
@@ -141,6 +143,18 @@ module Dependabot
|
|
|
141
143
|
dependency_set
|
|
142
144
|
end
|
|
143
145
|
|
|
146
|
+
sig { params(pom: Dependabot::DependencyFile, doc: Nokogiri::XML::Document).returns(T::Set[String]) }
|
|
147
|
+
def collect_plugin_names(pom, doc)
|
|
148
|
+
plugin_names = Set.new
|
|
149
|
+
|
|
150
|
+
plugin_nodes(doc).each do |plugin_node|
|
|
151
|
+
name = plugin_name(plugin_node, pom)
|
|
152
|
+
plugin_names << name if name
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
plugin_names
|
|
156
|
+
end
|
|
157
|
+
|
|
144
158
|
sig { params(extension: Dependabot::DependencyFile).returns(DependencySet) }
|
|
145
159
|
def extensionfile_dependencies(extension)
|
|
146
160
|
dependency_set = DependencySet.new
|
|
@@ -149,8 +163,10 @@ module Dependabot
|
|
|
149
163
|
doc = Nokogiri::XML(extension.content)
|
|
150
164
|
doc.remove_namespaces!
|
|
151
165
|
|
|
166
|
+
plugin_names = collect_plugin_names(extension, doc)
|
|
167
|
+
|
|
152
168
|
doc.css(EXTENSION_SELECTOR).each do |dependency_node|
|
|
153
|
-
dep = dependency_from_dependency_node(extension, dependency_node)
|
|
169
|
+
dep = dependency_from_dependency_node(extension, dependency_node, plugin_names)
|
|
154
170
|
dependency_set << dep if dep
|
|
155
171
|
rescue DependencyFileNotEvaluatable => e
|
|
156
172
|
errors << e
|
|
@@ -169,8 +185,10 @@ module Dependabot
|
|
|
169
185
|
doc = Nokogiri::XML(target.content)
|
|
170
186
|
doc.remove_namespaces!
|
|
171
187
|
|
|
188
|
+
plugin_names = collect_plugin_names(target, doc)
|
|
189
|
+
|
|
172
190
|
doc.css(TARGET_SELECTOR).each do |dependency_node|
|
|
173
|
-
dep = dependency_from_dependency_node(target, dependency_node)
|
|
191
|
+
dep = dependency_from_dependency_node(target, dependency_node, plugin_names)
|
|
174
192
|
dependency_set << dep if dep
|
|
175
193
|
rescue DependencyFileNotEvaluatable => e
|
|
176
194
|
errors << e
|
|
@@ -184,14 +202,16 @@ module Dependabot
|
|
|
184
202
|
sig do
|
|
185
203
|
params(
|
|
186
204
|
pom: Dependabot::DependencyFile,
|
|
187
|
-
dependency_node: Nokogiri::XML::Element
|
|
205
|
+
dependency_node: Nokogiri::XML::Element,
|
|
206
|
+
plugin_names: T::Set[String]
|
|
188
207
|
).returns(T.nilable(Dependabot::Dependency))
|
|
189
208
|
end
|
|
190
|
-
def dependency_from_dependency_node(pom, dependency_node)
|
|
209
|
+
def dependency_from_dependency_node(pom, dependency_node, plugin_names)
|
|
191
210
|
return unless (name = dependency_name(dependency_node, pom))
|
|
192
211
|
return if internal_dependency_names.include?(name)
|
|
193
212
|
|
|
194
|
-
|
|
213
|
+
is_plugin = plugin_names.include?(name)
|
|
214
|
+
build_dependency(pom, dependency_node, name, is_plugin: is_plugin)
|
|
195
215
|
end
|
|
196
216
|
|
|
197
217
|
sig do
|
|
@@ -204,17 +224,18 @@ module Dependabot
|
|
|
204
224
|
return unless (name = plugin_name(dependency_node, pom))
|
|
205
225
|
return if internal_dependency_names.include?(name)
|
|
206
226
|
|
|
207
|
-
build_dependency(pom, dependency_node, name)
|
|
227
|
+
build_dependency(pom, dependency_node, name, is_plugin: true)
|
|
208
228
|
end
|
|
209
229
|
|
|
210
230
|
sig do
|
|
211
231
|
params(
|
|
212
232
|
pom: Dependabot::DependencyFile,
|
|
213
233
|
dependency_node: Nokogiri::XML::Element,
|
|
214
|
-
name: String
|
|
234
|
+
name: String,
|
|
235
|
+
is_plugin: T::Boolean
|
|
215
236
|
).returns(T.nilable(Dependabot::Dependency))
|
|
216
237
|
end
|
|
217
|
-
def build_dependency(pom, dependency_node, name)
|
|
238
|
+
def build_dependency(pom, dependency_node, name, is_plugin:)
|
|
218
239
|
property_details =
|
|
219
240
|
{
|
|
220
241
|
property_name: version_property_name(dependency_node),
|
|
@@ -228,7 +249,7 @@ module Dependabot
|
|
|
228
249
|
requirements: [{
|
|
229
250
|
requirement: dependency_requirement(pom, dependency_node),
|
|
230
251
|
file: pom.name,
|
|
231
|
-
groups: dependency_groups(pom, dependency_node),
|
|
252
|
+
groups: dependency_groups(pom, dependency_node, is_plugin: is_plugin),
|
|
232
253
|
source: nil,
|
|
233
254
|
metadata: {
|
|
234
255
|
packaging_type: packaging_type(pom, dependency_node),
|
|
@@ -324,8 +345,16 @@ module Dependabot
|
|
|
324
345
|
version_content.empty? ? nil : version_content
|
|
325
346
|
end
|
|
326
347
|
|
|
327
|
-
sig
|
|
328
|
-
|
|
348
|
+
sig do
|
|
349
|
+
params(
|
|
350
|
+
pom: Dependabot::DependencyFile,
|
|
351
|
+
dependency_node: Nokogiri::XML::Element,
|
|
352
|
+
is_plugin: T::Boolean
|
|
353
|
+
).returns(T::Array[String])
|
|
354
|
+
end
|
|
355
|
+
def dependency_groups(pom, dependency_node, is_plugin:)
|
|
356
|
+
return ["plugin"] if is_plugin
|
|
357
|
+
|
|
329
358
|
dependency_scope(pom, dependency_node) == "test" ? ["test"] : []
|
|
330
359
|
end
|
|
331
360
|
|
|
@@ -531,6 +560,11 @@ module Dependabot
|
|
|
531
560
|
end
|
|
532
561
|
end
|
|
533
562
|
end
|
|
563
|
+
|
|
564
|
+
sig { params(doc: Nokogiri::XML::Document).returns(Nokogiri::XML::NodeSet) }
|
|
565
|
+
def plugin_nodes(doc)
|
|
566
|
+
doc.css(PLUGIN_SELECTOR, PLUGIN_ARTIFACT_ITEMS_SELECTOR)
|
|
567
|
+
end
|
|
534
568
|
end
|
|
535
569
|
# rubocop:enable Metrics/ClassLength
|
|
536
570
|
end
|
|
@@ -86,15 +86,10 @@ module Dependabot
|
|
|
86
86
|
evaluated_value(node.at_xpath("./*/artifactId").content.strip)
|
|
87
87
|
].compact.join(":")
|
|
88
88
|
|
|
89
|
-
|
|
90
|
-
classifier = evaluated_value(node.at_xpath("./*/classifier").content.strip)
|
|
91
|
-
dep_classifier = dependency.requirements.first&.dig(:metadata, :classifier)
|
|
92
|
-
next false if classifier != dep_classifier
|
|
93
|
-
end
|
|
94
|
-
|
|
89
|
+
next false unless classifier_matches?(node)
|
|
95
90
|
next false unless node_name == dependency_name
|
|
96
91
|
next false unless packaging_type_matches?(node)
|
|
97
|
-
next false unless scope_matches?(node)
|
|
92
|
+
next false unless declaring_requirement.fetch(:groups) == ["plugin"] || scope_matches?(node)
|
|
98
93
|
|
|
99
94
|
declaring_requirement_matches?(node)
|
|
100
95
|
end
|
|
@@ -140,9 +135,19 @@ module Dependabot
|
|
|
140
135
|
type == packaging_type(node)
|
|
141
136
|
end
|
|
142
137
|
|
|
138
|
+
sig { params(node: Nokogiri::XML::Document).returns(T::Boolean) }
|
|
139
|
+
def classifier_matches?(node)
|
|
140
|
+
return true unless node.at_xpath("./*/classifier")
|
|
141
|
+
|
|
142
|
+
classifier = evaluated_value(node.at_xpath("./*/classifier").content.strip)
|
|
143
|
+
dep_classifier = dependency.requirements.first&.dig(:metadata, :classifier)
|
|
144
|
+
classifier == dep_classifier
|
|
145
|
+
end
|
|
146
|
+
|
|
143
147
|
sig { params(node: Nokogiri::XML::Document).returns(T::Boolean) }
|
|
144
148
|
def scope_matches?(node)
|
|
145
149
|
dependency_type = declaring_requirement.fetch(:groups)
|
|
150
|
+
|
|
146
151
|
node_type = dependency_scope(node) == "test" ? ["test"] : []
|
|
147
152
|
|
|
148
153
|
dependency_type == node_type
|
data/lib/dependabot/maven.rb
CHANGED
|
@@ -17,7 +17,7 @@ Dependabot::PullRequestCreator::Labeler
|
|
|
17
17
|
|
|
18
18
|
require "dependabot/dependency"
|
|
19
19
|
Dependabot::Dependency
|
|
20
|
-
.register_production_check("maven", ->(groups) { groups != ["test"] })
|
|
20
|
+
.register_production_check("maven", ->(groups) { groups != ["test"] && groups != ["plugin"] })
|
|
21
21
|
|
|
22
22
|
Dependabot::Dependency
|
|
23
23
|
.register_display_name_builder(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.357.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.357.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.357.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: rexml
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -286,7 +286,7 @@ licenses:
|
|
|
286
286
|
- MIT
|
|
287
287
|
metadata:
|
|
288
288
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
289
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
289
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.357.0
|
|
290
290
|
rdoc_options: []
|
|
291
291
|
require_paths:
|
|
292
292
|
- lib
|
|
@@ -301,7 +301,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
301
301
|
- !ruby/object:Gem::Version
|
|
302
302
|
version: 3.3.0
|
|
303
303
|
requirements: []
|
|
304
|
-
rubygems_version: 3.
|
|
304
|
+
rubygems_version: 3.7.2
|
|
305
305
|
specification_version: 4
|
|
306
306
|
summary: Provides Dependabot support for Maven
|
|
307
307
|
test_files: []
|