dependabot-maven 0.118.4 → 0.118.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/maven.rb +1 -1
- data/lib/dependabot/maven/file_parser.rb +10 -2
- data/lib/dependabot/maven/file_updater/declaration_finder.rb +5 -0
- data/lib/dependabot/maven/metadata_finder.rb +10 -7
- data/lib/dependabot/maven/update_checker/version_finder.rb +5 -3
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a8eec585634e8400b0c7e52435131f9bb4088e6dd5882e373a910f1e5d676cc1
|
|
4
|
+
data.tar.gz: a561b5b8e476ce5ed3ac553f919f39a21da9536453a45d0b461b757c7c2f0518
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c63c4533b7cb12731ad1d7c410f310e80bbcabfbb2a95a7cfcdbef5619af75a3f03c3978f086e5877ba72c837b4d6f192f7e89982af0d888c6c210d79457d5f4
|
|
7
|
+
data.tar.gz: d3cfdbfbb85d5d846d39531b0e6c6b54cdf8d641ee6b7a34ac9ae3d13e0be8dc2d15dd9b0bb8890b10d4701884d580d702aeaf9a96fce5acc06fb48c2bf567ca
|
data/lib/dependabot/maven.rb
CHANGED
|
@@ -104,7 +104,7 @@ module Dependabot
|
|
|
104
104
|
return unless dependency_node.at_xpath("./groupId")
|
|
105
105
|
return unless dependency_node.at_xpath("./artifactId")
|
|
106
106
|
|
|
107
|
-
[
|
|
107
|
+
name = [
|
|
108
108
|
evaluated_value(
|
|
109
109
|
dependency_node.at_xpath("./groupId").content.strip,
|
|
110
110
|
pom
|
|
@@ -114,6 +114,15 @@ module Dependabot
|
|
|
114
114
|
pom
|
|
115
115
|
)
|
|
116
116
|
].join(":")
|
|
117
|
+
|
|
118
|
+
if dependency_node.at_xpath("./classifier")
|
|
119
|
+
name += ":#{evaluated_value(
|
|
120
|
+
dependency_node.at_xpath('./classifier').content.strip,
|
|
121
|
+
pom
|
|
122
|
+
)}"
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
name
|
|
117
126
|
end
|
|
118
127
|
|
|
119
128
|
def plugin_name(dependency_node, pom)
|
|
@@ -185,7 +194,6 @@ module Dependabot
|
|
|
185
194
|
return unless dependency_node.at_xpath("./version")
|
|
186
195
|
|
|
187
196
|
version_content = dependency_node.at_xpath("./version").content.strip
|
|
188
|
-
|
|
189
197
|
return unless version_content.match?(PROPERTY_REGEX)
|
|
190
198
|
|
|
191
199
|
version_content.
|
|
@@ -57,6 +57,11 @@ module Dependabot
|
|
|
57
57
|
evaluated_value(node.at_xpath("./*/artifactId").content.strip)
|
|
58
58
|
].compact.join(":")
|
|
59
59
|
|
|
60
|
+
if node.at_xpath("./*/classifier")
|
|
61
|
+
node_name += ":#{evaluated_value(node.at_xpath('./*/classifier').
|
|
62
|
+
content.strip)}"
|
|
63
|
+
end
|
|
64
|
+
|
|
60
65
|
next false unless node_name == dependency_name
|
|
61
66
|
next false unless packaging_type_matches?(node)
|
|
62
67
|
next false unless scope_matches?(node)
|
|
@@ -23,8 +23,7 @@ module Dependabot
|
|
|
23
23
|
tmp_source = look_up_source_in_pom(parent)
|
|
24
24
|
return unless tmp_source
|
|
25
25
|
|
|
26
|
-
|
|
27
|
-
return tmp_source if tmp_source.repo.end_with?(artifact)
|
|
26
|
+
return tmp_source if tmp_source.repo.end_with?(dependency_artifact_id)
|
|
28
27
|
return tmp_source if repo_has_subdir_for_dep?(tmp_source)
|
|
29
28
|
end
|
|
30
29
|
|
|
@@ -34,14 +33,13 @@ module Dependabot
|
|
|
34
33
|
return @repo_has_subdir_for_dep[tmp_source]
|
|
35
34
|
end
|
|
36
35
|
|
|
37
|
-
artifact = dependency.name.split(":").last
|
|
38
36
|
fetcher =
|
|
39
37
|
FileFetchers::Base.new(source: tmp_source, credentials: credentials)
|
|
40
38
|
|
|
41
39
|
@repo_has_subdir_for_dep[tmp_source] =
|
|
42
40
|
fetcher.send(:repo_contents, raise_errors: false).
|
|
43
41
|
select { |f| f.type == "dir" }.
|
|
44
|
-
any? { |f|
|
|
42
|
+
any? { |f| dependency_artifact_id.end_with?(f.name) }
|
|
45
43
|
rescue Dependabot::BranchNotFound
|
|
46
44
|
tmp_source.branch = nil
|
|
47
45
|
retry
|
|
@@ -96,18 +94,17 @@ module Dependabot
|
|
|
96
94
|
|
|
97
95
|
github_urls.find do |url|
|
|
98
96
|
repo = Source.from_url(url).repo
|
|
99
|
-
repo.end_with?(
|
|
97
|
+
repo.end_with?(dependency_artifact_id)
|
|
100
98
|
end
|
|
101
99
|
end
|
|
102
100
|
|
|
103
101
|
def dependency_pom_file
|
|
104
102
|
return @dependency_pom_file unless @dependency_pom_file.nil?
|
|
105
103
|
|
|
106
|
-
artifact_id = dependency.name.split(":").last
|
|
107
104
|
response = Excon.get(
|
|
108
105
|
"#{maven_repo_dependency_url}/"\
|
|
109
106
|
"#{dependency.version}/"\
|
|
110
|
-
"#{
|
|
107
|
+
"#{dependency_artifact_id}-#{dependency.version}.pom",
|
|
111
108
|
headers: auth_details,
|
|
112
109
|
idempotent: true,
|
|
113
110
|
**SharedHelpers.excon_defaults
|
|
@@ -118,6 +115,12 @@ module Dependabot
|
|
|
118
115
|
@dependency_pom_file = Nokogiri::XML("")
|
|
119
116
|
end
|
|
120
117
|
|
|
118
|
+
def dependency_artifact_id
|
|
119
|
+
_group_id, artifact_id, _classifier = dependency.name.split(":")
|
|
120
|
+
|
|
121
|
+
artifact_id
|
|
122
|
+
end
|
|
123
|
+
|
|
121
124
|
def parent_pom_file(pom)
|
|
122
125
|
doc = pom.dup
|
|
123
126
|
doc.remove_namespaces!
|
|
@@ -173,6 +173,7 @@ module Dependabot
|
|
|
173
173
|
**Dependabot::SharedHelpers.excon_defaults
|
|
174
174
|
)
|
|
175
175
|
check_response(response, repository_details.fetch("url"))
|
|
176
|
+
|
|
176
177
|
Nokogiri::XML(response.body)
|
|
177
178
|
rescue URI::InvalidURIError
|
|
178
179
|
Nokogiri::XML("")
|
|
@@ -248,7 +249,7 @@ module Dependabot
|
|
|
248
249
|
end
|
|
249
250
|
|
|
250
251
|
def dependency_metadata_url(repository_url)
|
|
251
|
-
group_id, artifact_id = dependency.name.split(":")
|
|
252
|
+
group_id, artifact_id, _classifier = dependency.name.split(":")
|
|
252
253
|
|
|
253
254
|
"#{repository_url}/"\
|
|
254
255
|
"#{group_id.tr('.', '/')}/"\
|
|
@@ -257,15 +258,16 @@ module Dependabot
|
|
|
257
258
|
end
|
|
258
259
|
|
|
259
260
|
def dependency_files_url(repository_url, version)
|
|
260
|
-
group_id, artifact_id = dependency.name.split(":")
|
|
261
|
+
group_id, artifact_id, classifier = dependency.name.split(":")
|
|
261
262
|
type = dependency.requirements.first.
|
|
262
263
|
dig(:metadata, :packaging_type)
|
|
263
264
|
|
|
265
|
+
actual_classifier = classifier.nil? ? "" : "-#{classifier}"
|
|
264
266
|
"#{repository_url}/"\
|
|
265
267
|
"#{group_id.tr('.', '/')}/"\
|
|
266
268
|
"#{artifact_id}/"\
|
|
267
269
|
"#{version}/"\
|
|
268
|
-
"#{artifact_id}-#{version}.#{type}"
|
|
270
|
+
"#{artifact_id}-#{version}#{actual_classifier}.#{type}"
|
|
269
271
|
end
|
|
270
272
|
|
|
271
273
|
def version_class
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.118.
|
|
4
|
+
version: 0.118.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-06-
|
|
11
|
+
date: 2020-06-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.118.
|
|
19
|
+
version: 0.118.5
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.118.
|
|
26
|
+
version: 0.118.5
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|