dependabot-maven 0.118.7 → 0.118.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/update_checker/version_finder.rb +9 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6f6faec3fcfa89189a62ab833d48e9d3f41910f80d973992de45886992e5f5d0
|
4
|
+
data.tar.gz: c3ac903e8befdb282eb57a7002754633bc11ad57587518c618bd0ac0c4d25638
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 84bed592396b9c0412c02c6b00bfb754c50e64ba372825b2841cb9949a8cd6cc460df4d5fed5909539ef5293c809ebb518095abf763df509f5f2b23c7e7f5bf9
|
7
|
+
data.tar.gz: 34dbbb17827cd184930675aeeae2b970802fcfa4b47e545dda68b358a0fcb4ee8637e2af957f07085643ad7946ecf6d7f12e6d10076254e5f944fb55268e5e66
|
@@ -13,6 +13,8 @@ module Dependabot
|
|
13
13
|
class VersionFinder
|
14
14
|
TYPE_SUFFICES = %w(jre android java).freeze
|
15
15
|
|
16
|
+
MAVEN_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
|
17
|
+
|
16
18
|
def initialize(dependency:, dependency_files:, credentials:,
|
17
19
|
ignored_versions:, security_advisories:,
|
18
20
|
raise_on_ignored: false)
|
@@ -94,7 +96,7 @@ module Dependabot
|
|
94
96
|
filtered = possible_versions
|
95
97
|
|
96
98
|
ignored_versions.each do |req|
|
97
|
-
ignore_req = Maven::Requirement.new(req
|
99
|
+
ignore_req = Maven::Requirement.new(parse_requirement_string(req))
|
98
100
|
filtered =
|
99
101
|
filtered.
|
100
102
|
reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
|
@@ -107,6 +109,12 @@ module Dependabot
|
|
107
109
|
filtered
|
108
110
|
end
|
109
111
|
|
112
|
+
def parse_requirement_string(string)
|
113
|
+
return string if string.match?(MAVEN_RANGE_REGEX)
|
114
|
+
|
115
|
+
string.split(",").map(&:strip)
|
116
|
+
end
|
117
|
+
|
110
118
|
def filter_vulnerable_versions(possible_versions)
|
111
119
|
versions_array = possible_versions
|
112
120
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.118.
|
4
|
+
version: 0.118.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-07-
|
11
|
+
date: 2020-07-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.118.
|
19
|
+
version: 0.118.8
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.118.
|
26
|
+
version: 0.118.8
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 0.
|
117
|
+
version: 0.88.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 0.
|
124
|
+
version: 0.88.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: vcr
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|