dependabot-maven 0.156.3 → 0.156.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_fetcher.rb +12 -0
- data/lib/dependabot/maven/file_parser.rb +26 -0
- data/lib/dependabot/maven/file_updater.rb +26 -23
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: feeb88c8b9bfbd7462b12cdbb345bd379641fb3bdc38d445e75a5e422fe60e22
|
|
4
|
+
data.tar.gz: 899a394d853ad6f889bc3539acb5d64f39511b3d8d1a329d190995f583ef2ae1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 04ba6f3d8a32f6dc78cd030d6fbb60b7944285b8bc54681afe03ee8c0050f80ccac9a4517587e78d10e1f1fdbfcefa8b1924aeb49383594ae36ba324591ab096
|
|
7
|
+
data.tar.gz: 3bb78982430ffe9d0f24d4c32bc121fb4b06fd451bf5fa1fc7a209b9d008578d89fc0b7a79375818b23826ba2a55949ac830ace0097e2ea210863a02d7ff3cfa
|
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
|
25
25
|
fetched_files << pom
|
|
26
26
|
fetched_files += child_poms
|
|
27
27
|
fetched_files += relative_path_parents(fetched_files)
|
|
28
|
+
fetched_files << extensions if extensions
|
|
28
29
|
fetched_files.uniq
|
|
29
30
|
end
|
|
30
31
|
|
|
@@ -32,6 +33,17 @@ module Dependabot
|
|
|
32
33
|
@pom ||= fetch_file_from_host("pom.xml")
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
def extensions
|
|
37
|
+
return @extensions if defined?(@extensions)
|
|
38
|
+
return @extensions if defined?(@extensions)
|
|
39
|
+
|
|
40
|
+
begin
|
|
41
|
+
fetch_file_if_present(".mvn/extensions.xml")
|
|
42
|
+
rescue Dependabot::DependencyFileNotFound
|
|
43
|
+
nil
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
35
47
|
def child_poms
|
|
36
48
|
recursively_fetch_child_poms(pom, fetched_filenames: ["pom.xml"])
|
|
37
49
|
end
|
|
@@ -25,6 +25,7 @@ module Dependabot
|
|
|
25
25
|
"dependencies > dependency, "\
|
|
26
26
|
"extensions > extension"
|
|
27
27
|
PLUGIN_SELECTOR = "plugins > plugin"
|
|
28
|
+
EXTENSION_SELECTOR = "extensions > extension"
|
|
28
29
|
|
|
29
30
|
# Regex to get the property name from a declaration that uses a property
|
|
30
31
|
PROPERTY_REGEX = /\$\{(?<property>.*?)\}/.freeze
|
|
@@ -32,6 +33,7 @@ module Dependabot
|
|
|
32
33
|
def parse
|
|
33
34
|
dependency_set = DependencySet.new
|
|
34
35
|
pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
|
|
36
|
+
extensionfiles.each { |extension| dependency_set += extensionfile_dependencies(extension) }
|
|
35
37
|
dependency_set.dependencies
|
|
36
38
|
end
|
|
37
39
|
|
|
@@ -63,6 +65,25 @@ module Dependabot
|
|
|
63
65
|
dependency_set
|
|
64
66
|
end
|
|
65
67
|
|
|
68
|
+
def extensionfile_dependencies(extension)
|
|
69
|
+
dependency_set = DependencySet.new
|
|
70
|
+
|
|
71
|
+
errors = []
|
|
72
|
+
doc = Nokogiri::XML(extension.content)
|
|
73
|
+
doc.remove_namespaces!
|
|
74
|
+
|
|
75
|
+
doc.css(EXTENSION_SELECTOR).each do |dependency_node|
|
|
76
|
+
dep = dependency_from_dependency_node(extension, dependency_node)
|
|
77
|
+
dependency_set << dep if dep
|
|
78
|
+
rescue DependencyFileNotEvaluatable => e
|
|
79
|
+
errors << e
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
raise errors.first if errors.any? && dependency_set.dependencies.none?
|
|
83
|
+
|
|
84
|
+
dependency_set
|
|
85
|
+
end
|
|
86
|
+
|
|
66
87
|
def dependency_from_dependency_node(pom, dependency_node)
|
|
67
88
|
return unless (name = dependency_name(dependency_node, pom))
|
|
68
89
|
return if internal_dependency_names.include?(name)
|
|
@@ -252,6 +273,11 @@ module Dependabot
|
|
|
252
273
|
dependency_files.select { |f| f.name.end_with?("pom.xml") }
|
|
253
274
|
end
|
|
254
275
|
|
|
276
|
+
def extensionfiles
|
|
277
|
+
@extensionfiles ||=
|
|
278
|
+
dependency_files.select { |f| f.name.end_with?("extensions.xml") }
|
|
279
|
+
end
|
|
280
|
+
|
|
255
281
|
def internal_dependency_names
|
|
256
282
|
@internal_dependency_names ||=
|
|
257
283
|
dependency_files.map do |pom|
|
|
@@ -11,25 +11,28 @@ module Dependabot
|
|
|
11
11
|
require_relative "file_updater/property_value_updater"
|
|
12
12
|
|
|
13
13
|
def self.updated_files_regex
|
|
14
|
-
[
|
|
14
|
+
[
|
|
15
|
+
/^pom\.xml$/, %r{/pom\.xml$},
|
|
16
|
+
/^extensions.\.xml$/, %r{/extensions\.xml$}
|
|
17
|
+
]
|
|
15
18
|
end
|
|
16
19
|
|
|
17
20
|
def updated_dependency_files
|
|
18
21
|
updated_files = dependency_files.dup
|
|
19
22
|
|
|
20
23
|
# Loop through each of the changed requirements, applying changes to
|
|
21
|
-
# all
|
|
22
|
-
# to other
|
|
23
|
-
# files
|
|
24
|
+
# all pom and extensions files for that change. Note that the logic
|
|
25
|
+
# is different here to other package managers because Maven has property
|
|
26
|
+
# inheritance across files
|
|
24
27
|
dependencies.each do |dependency|
|
|
25
|
-
updated_files =
|
|
26
|
-
|
|
28
|
+
updated_files = update_files_for_dependency(
|
|
29
|
+
original_files: updated_files,
|
|
27
30
|
dependency: dependency
|
|
28
31
|
)
|
|
29
32
|
end
|
|
30
33
|
|
|
31
|
-
updated_files.select! { |f| f.name.end_with?("pom.xml") }
|
|
32
|
-
updated_files.reject! { |f|
|
|
34
|
+
updated_files.select! { |f| f.name.end_with?("pom.xml") || f.name.end_with?("extensions.xml") }
|
|
35
|
+
updated_files.reject! { |f| dependency_files.include?(f) }
|
|
33
36
|
|
|
34
37
|
raise "No files changed!" if updated_files.none?
|
|
35
38
|
raise "Updated a supporting POM!" if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
|
|
@@ -43,15 +46,15 @@ module Dependabot
|
|
|
43
46
|
raise "No pom.xml!" unless get_original_file("pom.xml")
|
|
44
47
|
end
|
|
45
48
|
|
|
46
|
-
def
|
|
47
|
-
files =
|
|
49
|
+
def update_files_for_dependency(original_files:, dependency:)
|
|
50
|
+
files = original_files.dup
|
|
48
51
|
|
|
49
52
|
# The UpdateChecker ensures the order of requirements is preserved
|
|
50
53
|
# when updating, so we can zip them together in new/old pairs.
|
|
51
54
|
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
|
52
55
|
reject { |new_req, old_req| new_req == old_req }
|
|
53
56
|
|
|
54
|
-
# Loop through each changed requirement and update the
|
|
57
|
+
# Loop through each changed requirement and update the files
|
|
55
58
|
reqs.each do |new_req, old_req|
|
|
56
59
|
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
|
57
60
|
next if new_req[:requirement] == old_req[:requirement]
|
|
@@ -62,9 +65,9 @@ module Dependabot
|
|
|
62
65
|
files[files.index(pom)] =
|
|
63
66
|
remove_property_suffix_in_pom(dependency, pom, old_req)
|
|
64
67
|
else
|
|
65
|
-
|
|
66
|
-
files[files.index(
|
|
67
|
-
|
|
68
|
+
file = files.find { |f| f.name == new_req.fetch(:file) }
|
|
69
|
+
files[files.index(file)] =
|
|
70
|
+
update_version_in_file(dependency, file, old_req, new_req)
|
|
68
71
|
end
|
|
69
72
|
end
|
|
70
73
|
|
|
@@ -82,25 +85,25 @@ module Dependabot
|
|
|
82
85
|
)
|
|
83
86
|
end
|
|
84
87
|
|
|
85
|
-
def
|
|
86
|
-
updated_content =
|
|
88
|
+
def update_version_in_file(dependency, file, previous_req, requirement)
|
|
89
|
+
updated_content = file.content
|
|
87
90
|
|
|
88
|
-
|
|
91
|
+
original_file_declarations(dependency, previous_req).each do |old_dec|
|
|
89
92
|
updated_content = updated_content.gsub(
|
|
90
93
|
old_dec,
|
|
91
|
-
|
|
94
|
+
updated_file_declaration(old_dec, previous_req, requirement)
|
|
92
95
|
)
|
|
93
96
|
end
|
|
94
97
|
|
|
95
|
-
raise "Expected content to change!" if updated_content ==
|
|
98
|
+
raise "Expected content to change!" if updated_content == file.content
|
|
96
99
|
|
|
97
|
-
updated_file(file:
|
|
100
|
+
updated_file(file: file, content: updated_content)
|
|
98
101
|
end
|
|
99
102
|
|
|
100
103
|
def remove_property_suffix_in_pom(dep, pom, req)
|
|
101
104
|
updated_content = pom.content
|
|
102
105
|
|
|
103
|
-
|
|
106
|
+
original_file_declarations(dep, req).each do |old_declaration|
|
|
104
107
|
updated_content = updated_content.gsub(old_declaration) do |old_dec|
|
|
105
108
|
version_string =
|
|
106
109
|
old_dec.match(%r{(?<=\<version\>).*(?=\</version\>)})
|
|
@@ -116,7 +119,7 @@ module Dependabot
|
|
|
116
119
|
updated_file(file: pom, content: updated_content)
|
|
117
120
|
end
|
|
118
121
|
|
|
119
|
-
def
|
|
122
|
+
def original_file_declarations(dependency, requirement)
|
|
120
123
|
declaration_finder(dependency, requirement).declaration_strings
|
|
121
124
|
end
|
|
122
125
|
|
|
@@ -132,7 +135,7 @@ module Dependabot
|
|
|
132
135
|
)
|
|
133
136
|
end
|
|
134
137
|
|
|
135
|
-
def
|
|
138
|
+
def updated_file_declaration(old_declaration, previous_req, requirement)
|
|
136
139
|
original_req_string = previous_req.fetch(:requirement)
|
|
137
140
|
|
|
138
141
|
old_declaration.gsub(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.156.
|
|
4
|
+
version: 0.156.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-06-
|
|
11
|
+
date: 2021-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.156.
|
|
19
|
+
version: 0.156.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.156.
|
|
26
|
+
version: 0.156.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.18.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.18.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|