dependabot-maven 0.188.0 → 0.189.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +1 -6
- data/lib/dependabot/maven/file_parser/repositories_finder.rb +3 -6
- data/lib/dependabot/maven/metadata_finder.rb +6 -10
- data/lib/dependabot/maven/registry_client.rb +57 -0
- data/lib/dependabot/maven/update_checker/version_finder.rb +6 -9
- data/lib/dependabot/maven.rb +1 -0
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb809a76fc89757535851f229a3da24216246e51202de85b11bf2adf468de0c9
|
|
4
|
+
data.tar.gz: 187f16b34d5207f8c3f47cb99f5e37a2fe9f10ad93574a78f772d2b3cf48043b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94ae994c766edc2b666da5b85bb0e6a91103a36b7682b42c7a0215d3afe0727737a8a6aefe57f9da866f4f25feb4657929ad86ea71760df2372a7fe86b36ce36
|
|
7
|
+
data.tar.gz: dbf67e08c040fe66d7f8adb2f8216347aa4f4c940c9fe81647b5c70d1f84991b08c23066161484b7fe107d01296b56d6474ac534e533d099181bf1ebc04c936a
|
|
@@ -4,7 +4,6 @@ require "nokogiri"
|
|
|
4
4
|
|
|
5
5
|
require "dependabot/dependency_file"
|
|
6
6
|
require "dependabot/maven/file_parser"
|
|
7
|
-
require "dependabot/shared_helpers"
|
|
8
7
|
|
|
9
8
|
# For documentation, see:
|
|
10
9
|
# - http://maven.apache.org/guides/introduction/introduction-to-the-pom.html
|
|
@@ -128,11 +127,7 @@ module Dependabot
|
|
|
128
127
|
url = remote_pom_url(group_id, artifact_id, version, base_url)
|
|
129
128
|
|
|
130
129
|
@maven_responses ||= {}
|
|
131
|
-
@maven_responses[url] ||=
|
|
132
|
-
url,
|
|
133
|
-
idempotent: true,
|
|
134
|
-
**SharedHelpers.excon_defaults
|
|
135
|
-
)
|
|
130
|
+
@maven_responses[url] ||= RegistryClient.get(url: url)
|
|
136
131
|
next unless @maven_responses[url].status == 200
|
|
137
132
|
next unless pom?(@maven_responses[url].body)
|
|
138
133
|
|
|
@@ -4,7 +4,6 @@ require "nokogiri"
|
|
|
4
4
|
|
|
5
5
|
require "dependabot/dependency_file"
|
|
6
6
|
require "dependabot/maven/file_parser"
|
|
7
|
-
require "dependabot/shared_helpers"
|
|
8
7
|
require "dependabot/errors"
|
|
9
8
|
|
|
10
9
|
# For documentation, see:
|
|
@@ -110,15 +109,13 @@ module Dependabot
|
|
|
110
109
|
url = remote_pom_url(group_id, artifact_id, version, base_url)
|
|
111
110
|
|
|
112
111
|
@maven_responses ||= {}
|
|
113
|
-
@maven_responses[url] ||=
|
|
114
|
-
url,
|
|
115
|
-
idempotent: true,
|
|
112
|
+
@maven_responses[url] ||= RegistryClient.get(
|
|
113
|
+
url: url,
|
|
116
114
|
# We attempt to find dependencies in private repos before failing over to the CENTRAL_REPO_URL,
|
|
117
115
|
# but this can burn a lot of a job's time against slow servers due to our `read_timeout` being 20 seconds.
|
|
118
116
|
#
|
|
119
117
|
# In order to avoid the overall job timing out, we only make one retry attempt
|
|
120
|
-
retry_limit: 1
|
|
121
|
-
**SharedHelpers.excon_defaults
|
|
118
|
+
options: { retry_limit: 1 }
|
|
122
119
|
)
|
|
123
120
|
next unless @maven_responses[url].status == 200
|
|
124
121
|
next unless pom?(@maven_responses[url].body)
|
|
@@ -104,12 +104,9 @@ module Dependabot
|
|
|
104
104
|
def dependency_pom_file
|
|
105
105
|
return @dependency_pom_file unless @dependency_pom_file.nil?
|
|
106
106
|
|
|
107
|
-
response =
|
|
108
|
-
"#{maven_repo_dependency_url}
|
|
109
|
-
|
|
110
|
-
"#{dependency_artifact_id}-#{dependency.version}.pom",
|
|
111
|
-
idempotent: true,
|
|
112
|
-
**SharedHelpers.excon_defaults(headers: auth_headers)
|
|
107
|
+
response = RegistryClient.get(
|
|
108
|
+
url: "#{maven_repo_dependency_url}/#{dependency.version}/#{dependency_artifact_id}-#{dependency.version}.pom",
|
|
109
|
+
headers: auth_headers
|
|
113
110
|
)
|
|
114
111
|
|
|
115
112
|
@dependency_pom_file = Nokogiri::XML(response.body)
|
|
@@ -137,10 +134,9 @@ module Dependabot
|
|
|
137
134
|
"#{version}/"\
|
|
138
135
|
"#{artifact_id}-#{version}.pom"
|
|
139
136
|
|
|
140
|
-
response =
|
|
141
|
-
substitute_properties_in_source_url(url, pom),
|
|
142
|
-
|
|
143
|
-
**SharedHelpers.excon_defaults(headers: auth_headers)
|
|
137
|
+
response = RegistryClient.get(
|
|
138
|
+
url: substitute_properties_in_source_url(url, pom),
|
|
139
|
+
headers: auth_headers
|
|
144
140
|
)
|
|
145
141
|
|
|
146
142
|
Nokogiri::XML(response.body)
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "dependabot/shared_helpers"
|
|
4
|
+
|
|
5
|
+
# This class provides a thin wrapper around our normal usage of Excon as a simple HTTP client in order to
|
|
6
|
+
# provide some minor caching functionality.
|
|
7
|
+
#
|
|
8
|
+
# This is not used to support full response caching currently, we just use it to ensure we detect unreachable
|
|
9
|
+
# hosts and fast-fail on any subsequent requests to them to avoid excessive use of retries and connect- or
|
|
10
|
+
# read-timeouts as Maven jobs tend to be sensitive to exceeding our overall 45 minute timeout.
|
|
11
|
+
module Dependabot
|
|
12
|
+
module Maven
|
|
13
|
+
class RegistryClient
|
|
14
|
+
@cached_errors = {}
|
|
15
|
+
|
|
16
|
+
def self.get(url:, headers: {}, options: {})
|
|
17
|
+
raise cached_error_for(url) if cached_error_for(url)
|
|
18
|
+
|
|
19
|
+
Excon.get(
|
|
20
|
+
url,
|
|
21
|
+
idempotent: true,
|
|
22
|
+
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
|
23
|
+
)
|
|
24
|
+
rescue Excon::Error::Timeout => e
|
|
25
|
+
cache_error(url, e)
|
|
26
|
+
raise e
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def self.head(url:, headers: {}, options: {})
|
|
30
|
+
raise cached_error_for(url) if cached_error_for(url)
|
|
31
|
+
|
|
32
|
+
Excon.head(
|
|
33
|
+
url,
|
|
34
|
+
idempotent: true,
|
|
35
|
+
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
|
36
|
+
)
|
|
37
|
+
rescue Excon::Error::Timeout => e
|
|
38
|
+
cache_error(url, e)
|
|
39
|
+
raise e
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def self.clear_cache!
|
|
43
|
+
@cached_errors = {}
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private_class_method def self.cache_error(url, error)
|
|
47
|
+
host = URI(url).host
|
|
48
|
+
@cached_errors[host] = error
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
private_class_method def self.cached_error_for(url)
|
|
52
|
+
host = URI(url).host
|
|
53
|
+
@cached_errors.fetch(host, nil)
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "nokogiri"
|
|
4
|
-
require "dependabot/shared_helpers"
|
|
5
4
|
require "dependabot/update_checkers/version_filters"
|
|
6
5
|
require "dependabot/maven/file_parser/repositories_finder"
|
|
7
6
|
require "dependabot/maven/update_checker"
|
|
@@ -139,10 +138,9 @@ module Dependabot
|
|
|
139
138
|
@released_check[version] =
|
|
140
139
|
repositories.any? do |repository_details|
|
|
141
140
|
url = repository_details.fetch("url")
|
|
142
|
-
response =
|
|
143
|
-
dependency_files_url(url, version),
|
|
144
|
-
|
|
145
|
-
**SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
|
|
141
|
+
response = RegistryClient.head(
|
|
142
|
+
url: dependency_files_url(url, version),
|
|
143
|
+
headers: repository_details.fetch("auth_headers")
|
|
146
144
|
)
|
|
147
145
|
|
|
148
146
|
response.status < 400
|
|
@@ -162,10 +160,9 @@ module Dependabot
|
|
|
162
160
|
end
|
|
163
161
|
|
|
164
162
|
def fetch_dependency_metadata(repository_details)
|
|
165
|
-
response =
|
|
166
|
-
dependency_metadata_url(repository_details.fetch("url")),
|
|
167
|
-
|
|
168
|
-
**Dependabot::SharedHelpers.excon_defaults(headers: repository_details.fetch("auth_headers"))
|
|
163
|
+
response = RegistryClient.get(
|
|
164
|
+
url: dependency_metadata_url(repository_details.fetch("url")),
|
|
165
|
+
headers: repository_details.fetch("auth_headers")
|
|
169
166
|
)
|
|
170
167
|
check_response(response, repository_details.fetch("url"))
|
|
171
168
|
|
data/lib/dependabot/maven.rb
CHANGED
|
@@ -9,6 +9,7 @@ require "dependabot/maven/file_updater"
|
|
|
9
9
|
require "dependabot/maven/metadata_finder"
|
|
10
10
|
require "dependabot/maven/requirement"
|
|
11
11
|
require "dependabot/maven/version"
|
|
12
|
+
require "dependabot/maven/registry_client"
|
|
12
13
|
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
|
14
15
|
Dependabot::PullRequestCreator::Labeler.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.189.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.189.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.189.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -236,6 +236,7 @@ files:
|
|
|
236
236
|
- lib/dependabot/maven/file_updater/declaration_finder.rb
|
|
237
237
|
- lib/dependabot/maven/file_updater/property_value_updater.rb
|
|
238
238
|
- lib/dependabot/maven/metadata_finder.rb
|
|
239
|
+
- lib/dependabot/maven/registry_client.rb
|
|
239
240
|
- lib/dependabot/maven/requirement.rb
|
|
240
241
|
- lib/dependabot/maven/update_checker.rb
|
|
241
242
|
- lib/dependabot/maven/update_checker/property_updater.rb
|