dependabot-maven 0.196.3 → 0.196.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +2 -1
- data/lib/dependabot/maven/file_parser/repositories_finder.rb +2 -1
- data/lib/dependabot/maven/metadata_finder.rb +3 -2
- data/lib/dependabot/maven/update_checker/version_finder.rb +3 -2
- data/lib/dependabot/maven.rb +0 -1
- metadata +4 -5
- data/lib/dependabot/maven/registry_client.rb +0 -57
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f943486183cfc1341852eff617b0c57f24b0e72709b42fd6bcaeceea7d15a10
|
|
4
|
+
data.tar.gz: e99f8aaa6210d38802d1edddaf8965cdf66762bb246d11a1dabb39a3df6d8d01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e81de9f967930d5690d8f1eb6e5aaf7e815592f0688ef572958dd8a4f6c4c1b251e202c792bbc43c7dc1d60caf318274aa2b8d3029aaaa4a87004720ae6f2bb4
|
|
7
|
+
data.tar.gz: e8fc60ffd7d55731ed5ece553d8f0073740db3ac89929171ce3d968680e0a9ecb6a24adfac7b6d5e9c79f873a97c41b8f84f57733a5cb82fec2aedf587cabdb5
|
|
@@ -4,6 +4,7 @@ require "nokogiri"
|
|
|
4
4
|
|
|
5
5
|
require "dependabot/dependency_file"
|
|
6
6
|
require "dependabot/maven/file_parser"
|
|
7
|
+
require "dependabot/registry_client"
|
|
7
8
|
|
|
8
9
|
# For documentation, see:
|
|
9
10
|
# - http://maven.apache.org/guides/introduction/introduction-to-the-pom.html
|
|
@@ -127,7 +128,7 @@ module Dependabot
|
|
|
127
128
|
url = remote_pom_url(group_id, artifact_id, version, base_url)
|
|
128
129
|
|
|
129
130
|
@maven_responses ||= {}
|
|
130
|
-
@maven_responses[url] ||= RegistryClient.get(url: url)
|
|
131
|
+
@maven_responses[url] ||= Dependabot::RegistryClient.get(url: url)
|
|
131
132
|
next unless @maven_responses[url].status == 200
|
|
132
133
|
next unless pom?(@maven_responses[url].body)
|
|
133
134
|
|
|
@@ -4,6 +4,7 @@ require "nokogiri"
|
|
|
4
4
|
|
|
5
5
|
require "dependabot/dependency_file"
|
|
6
6
|
require "dependabot/maven/file_parser"
|
|
7
|
+
require "dependabot/registry_client"
|
|
7
8
|
require "dependabot/errors"
|
|
8
9
|
|
|
9
10
|
# For documentation, see:
|
|
@@ -109,7 +110,7 @@ module Dependabot
|
|
|
109
110
|
url = remote_pom_url(group_id, artifact_id, version, base_url)
|
|
110
111
|
|
|
111
112
|
@maven_responses ||= {}
|
|
112
|
-
@maven_responses[url] ||= RegistryClient.get(
|
|
113
|
+
@maven_responses[url] ||= Dependabot::RegistryClient.get(
|
|
113
114
|
url: url,
|
|
114
115
|
# We attempt to find dependencies in private repos before failing over to the CENTRAL_REPO_URL,
|
|
115
116
|
# but this can burn a lot of a job's time against slow servers due to our `read_timeout` being 20 seconds.
|
|
@@ -7,6 +7,7 @@ require "dependabot/file_fetchers/base"
|
|
|
7
7
|
require "dependabot/maven/file_parser"
|
|
8
8
|
require "dependabot/maven/file_parser/repositories_finder"
|
|
9
9
|
require "dependabot/maven/utils/auth_headers_finder"
|
|
10
|
+
require "dependabot/registry_client"
|
|
10
11
|
|
|
11
12
|
module Dependabot
|
|
12
13
|
module Maven
|
|
@@ -104,7 +105,7 @@ module Dependabot
|
|
|
104
105
|
def dependency_pom_file
|
|
105
106
|
return @dependency_pom_file unless @dependency_pom_file.nil?
|
|
106
107
|
|
|
107
|
-
response = RegistryClient.get(
|
|
108
|
+
response = Dependabot::RegistryClient.get(
|
|
108
109
|
url: "#{maven_repo_dependency_url}/#{dependency.version}/#{dependency_artifact_id}-#{dependency.version}.pom",
|
|
109
110
|
headers: auth_headers
|
|
110
111
|
)
|
|
@@ -134,7 +135,7 @@ module Dependabot
|
|
|
134
135
|
"#{version}/"\
|
|
135
136
|
"#{artifact_id}-#{version}.pom"
|
|
136
137
|
|
|
137
|
-
response = RegistryClient.get(
|
|
138
|
+
response = Dependabot::RegistryClient.get(
|
|
138
139
|
url: substitute_properties_in_source_url(url, pom),
|
|
139
140
|
headers: auth_headers
|
|
140
141
|
)
|
|
@@ -7,6 +7,7 @@ require "dependabot/maven/update_checker"
|
|
|
7
7
|
require "dependabot/maven/version"
|
|
8
8
|
require "dependabot/maven/requirement"
|
|
9
9
|
require "dependabot/maven/utils/auth_headers_finder"
|
|
10
|
+
require "dependabot/registry_client"
|
|
10
11
|
|
|
11
12
|
module Dependabot
|
|
12
13
|
module Maven
|
|
@@ -138,7 +139,7 @@ module Dependabot
|
|
|
138
139
|
@released_check[version] =
|
|
139
140
|
repositories.any? do |repository_details|
|
|
140
141
|
url = repository_details.fetch("url")
|
|
141
|
-
response = RegistryClient.head(
|
|
142
|
+
response = Dependabot::RegistryClient.head(
|
|
142
143
|
url: dependency_files_url(url, version),
|
|
143
144
|
headers: repository_details.fetch("auth_headers")
|
|
144
145
|
)
|
|
@@ -160,7 +161,7 @@ module Dependabot
|
|
|
160
161
|
end
|
|
161
162
|
|
|
162
163
|
def fetch_dependency_metadata(repository_details)
|
|
163
|
-
response = RegistryClient.get(
|
|
164
|
+
response = Dependabot::RegistryClient.get(
|
|
164
165
|
url: dependency_metadata_url(repository_details.fetch("url")),
|
|
165
166
|
headers: repository_details.fetch("auth_headers")
|
|
166
167
|
)
|
data/lib/dependabot/maven.rb
CHANGED
|
@@ -9,7 +9,6 @@ require "dependabot/maven/file_updater"
|
|
|
9
9
|
require "dependabot/maven/metadata_finder"
|
|
10
10
|
require "dependabot/maven/requirement"
|
|
11
11
|
require "dependabot/maven/version"
|
|
12
|
-
require "dependabot/maven/registry_client"
|
|
13
12
|
|
|
14
13
|
require "dependabot/pull_request_creator/labeler"
|
|
15
14
|
Dependabot::PullRequestCreator::Labeler.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.196.
|
|
4
|
+
version: 0.196.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-07-
|
|
11
|
+
date: 2022-07-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.196.
|
|
19
|
+
version: 0.196.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.196.
|
|
26
|
+
version: 0.196.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -236,7 +236,6 @@ files:
|
|
|
236
236
|
- lib/dependabot/maven/file_updater/declaration_finder.rb
|
|
237
237
|
- lib/dependabot/maven/file_updater/property_value_updater.rb
|
|
238
238
|
- lib/dependabot/maven/metadata_finder.rb
|
|
239
|
-
- lib/dependabot/maven/registry_client.rb
|
|
240
239
|
- lib/dependabot/maven/requirement.rb
|
|
241
240
|
- lib/dependabot/maven/update_checker.rb
|
|
242
241
|
- lib/dependabot/maven/update_checker/property_updater.rb
|
|
@@ -1,57 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "dependabot/shared_helpers"
|
|
4
|
-
|
|
5
|
-
# This class provides a thin wrapper around our normal usage of Excon as a simple HTTP client in order to
|
|
6
|
-
# provide some minor caching functionality.
|
|
7
|
-
#
|
|
8
|
-
# This is not used to support full response caching currently, we just use it to ensure we detect unreachable
|
|
9
|
-
# hosts and fast-fail on any subsequent requests to them to avoid excessive use of retries and connect- or
|
|
10
|
-
# read-timeouts as Maven jobs tend to be sensitive to exceeding our overall 45 minute timeout.
|
|
11
|
-
module Dependabot
|
|
12
|
-
module Maven
|
|
13
|
-
class RegistryClient
|
|
14
|
-
@cached_errors = {}
|
|
15
|
-
|
|
16
|
-
def self.get(url:, headers: {}, options: {})
|
|
17
|
-
raise cached_error_for(url) if cached_error_for(url)
|
|
18
|
-
|
|
19
|
-
Excon.get(
|
|
20
|
-
url,
|
|
21
|
-
idempotent: true,
|
|
22
|
-
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
|
23
|
-
)
|
|
24
|
-
rescue Excon::Error::Timeout => e
|
|
25
|
-
cache_error(url, e)
|
|
26
|
-
raise e
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def self.head(url:, headers: {}, options: {})
|
|
30
|
-
raise cached_error_for(url) if cached_error_for(url)
|
|
31
|
-
|
|
32
|
-
Excon.head(
|
|
33
|
-
url,
|
|
34
|
-
idempotent: true,
|
|
35
|
-
**SharedHelpers.excon_defaults({ headers: headers }.merge(options))
|
|
36
|
-
)
|
|
37
|
-
rescue Excon::Error::Timeout => e
|
|
38
|
-
cache_error(url, e)
|
|
39
|
-
raise e
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def self.clear_cache!
|
|
43
|
-
@cached_errors = {}
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
private_class_method def self.cache_error(url, error)
|
|
47
|
-
host = URI(url).host
|
|
48
|
-
@cached_errors[host] = error
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
private_class_method def self.cached_error_for(url)
|
|
52
|
-
host = URI(url).host
|
|
53
|
-
@cached_errors.fetch(host, nil)
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
end
|