RubyGems - dependabot-maven - Versions diffs - 0.215.0 → 0.216.0 - Mend

dependabot-maven 0.215.0 → 0.216.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/dependabot/maven/file_fetcher.rb +33 -13
data/lib/dependabot/maven/file_parser/property_value_finder.rb +2 -2
data/lib/dependabot/maven/file_parser.rb +5 -3
data/lib/dependabot/maven/file_updater/declaration_finder.rb +2 -1
data/lib/dependabot/maven/file_updater.rb +2 -2
data/lib/dependabot/maven/metadata_finder.rb +1 -1
data/lib/dependabot/maven/update_checker/version_finder.rb +1 -1
data/lib/dependabot/maven/update_checker.rb +1 -2
data/lib/dependabot/maven/version.rb +2 -2
metadata +35 -32

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 565c1abcfc97b2e7785967f04d732dbfa8136d668e843320df5ec7e8e1ddbdbf
-  data.tar.gz: 4042ef798a199b012305616a8a085e28c69ec24173449992333ac9541bdf00db
+  metadata.gz: 898d484d74c6be04f0a0f1287361309f9a3d7ef5f894b584025af9e22bd6f3e0
+  data.tar.gz: cf629e5c3da134a26e9db1cb12f89fa227d59f4876ac1210c01ecbd82adcfc34
 SHA512:
-  metadata.gz: 34dfd8dbe543e4a1521942cdc8a403d7dc0938cd1b0863c82a756e5cdcf810a700e4ac83b11f56de06fbf0874d347fba52533d186e11c951816b712fafa05b4a
-  data.tar.gz: f99a58593d3b2854380d88b82c7959611498a2cb55570b3635a28b5d33a7ffa854430e5fe91cb2fb3e0dcb63f67bcd9913d3ac8a277c976f7f992d3a61410cd9
+  metadata.gz: f0b15ce696fd8b01de8ef4d328d0d64872f3db4d7e0b785bd73276c23a83a1b68623e9450b9b85407173db0959050e93adff0b63b16c3d15e09ec7ba9a203ce9
+  data.tar.gz: 7064c5b7c0b887d9b4098b659e7671ca634aa3002403f4605a292bd64e53f7397004a016943c45f118c7afa5516ac2a9b8879ed88c94a3c2ecbff54691f21195

data/lib/dependabot/maven/file_fetcher.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Dependabot
                         "profile > modules > module"
       def self.required_files_in?(filenames)
-        (%w(pom.xml) - filenames).empty?
+        filenames.include?("pom.xml")
       end
       def self.required_files_message
@@ -58,7 +58,7 @@ module Dependabot
       end
       def recursively_fetch_child_poms(pom, fetched_filenames:)
-        base_path = pom.name.gsub(/pom\.xml$/, "")
+        base_path = File.dirname(pom.name)
         doc = Nokogiri::XML(pom.content)
         doc.css(MODULE_SELECTOR).flat_map do |module_node|
@@ -66,7 +66,7 @@ module Dependabot
           name_parts = [
             base_path,
             relative_path,
-            relative_path.end_with?("pom.xml") ? nil : "pom.xml"
+            relative_path.end_with?(".xml") ? nil : "pom.xml"
           ].compact.reject(&:empty?)
           path = Pathname.new(File.join(*name_parts)).cleanpath.to_path
@@ -92,22 +92,18 @@ module Dependabot
       def recursively_fetch_relative_path_parents(pom, fetched_filenames:)
         path = parent_path_for_pom(pom)
-        if fetched_filenames.include?(path) ||
-           fetched_filenames.include?(path.gsub("pom.xml", "pom_parent.xml"))
-          return []
-        end
+        return [] if path.nil? || fetched_filenames.include?(path)
         full_path_parts =
           [directory.gsub(%r{^/}, ""), path].reject(&:empty?).compact
-        full_path = Pathname.new(File.join(*full_path_parts)).
-                    cleanpath.to_path
+        full_path = Pathname.new(File.join(*full_path_parts)).cleanpath.to_path
         return [] if full_path.start_with?("..")
         parent_pom = fetch_file_from_host(path)
-        parent_pom.support_file = true
-        parent_pom.name = parent_pom.name.gsub("pom.xml", "pom_parent.xml")
+        return [] unless fetched_pom_is_parent(pom, parent_pom)
         [
           parent_pom,
@@ -124,17 +120,41 @@ module Dependabot
         doc = Nokogiri::XML(pom.content)
         doc.remove_namespaces!
+        return unless doc.at_xpath("/project/parent")
         relative_parent_path =
           doc.at_xpath("/project/parent/relativePath")&.content&.strip || ".."
         name_parts = [
-          pom.name.gsub(/pom\.xml$/, "").gsub(/pom_parent\.xml$/, ""),
+          File.dirname(pom.name),
           relative_parent_path,
-          relative_parent_path.end_with?("pom.xml") ? nil : "pom.xml"
+          relative_parent_path.end_with?(".xml") ? nil : "pom.xml"
         ].compact.reject(&:empty?)
         Pathname.new(File.join(*name_parts)).cleanpath.to_path
       end
+      def fetched_pom_is_parent(pom, parent_pom)
+        pom_doc = Nokogiri::XML(pom.content).remove_namespaces!
+        pom_artifact_id, pom_group_id, pom_version = fetch_pom_unique_ids(pom_doc, true)
+        parent_doc = Nokogiri::XML(parent_pom.content).remove_namespaces!
+        parent_artifact_id, parent_group_id, parent_version = fetch_pom_unique_ids(parent_doc, false)
+        if parent_group_id.nil?
+          [parent_artifact_id, parent_version] == [pom_artifact_id, pom_version]
+        else
+          [parent_group_id, parent_artifact_id, parent_version] == [pom_group_id, pom_artifact_id, pom_version]
+        end
+      end
+      def fetch_pom_unique_ids(doc, check_parent_node)
+        parent = check_parent_node ? "/parent" : ""
+        group_id = doc.at_xpath("/project#{parent}/groupId")&.content&.strip
+        artifact_id = doc.at_xpath("/project#{parent}/artifactId")&.content&.strip
+        version = doc.at_xpath("/project#{parent}/version")&.content&.strip
+        [artifact_id, group_id, version]
+      end
     end
   end
 end

data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED Viewed

@@ -36,8 +36,8 @@ module Dependabot
             loop do
               candidate_node =
                 doc.at_xpath("/project/#{nm}") ||
-                doc.at_xpath("/project/properties/#{nm}") ||
-                doc.at_xpath("/project/profiles/profile/properties/#{nm}")
+                doc.at_xpath("/project/properties/#{property_name}") ||
+                doc.at_xpath("/project/profiles/profile/properties/#{property_name}")
               break candidate_node if candidate_node
               break unless nm.match?(DOT_SEPARATOR_REGEX)

data/lib/dependabot/maven/file_parser.rb CHANGED Viewed

@@ -23,7 +23,8 @@ module Dependabot
       # - Any extensions
       DEPENDENCY_SELECTOR = "project > parent, " \
                             "dependencies > dependency, " \
-                            "extensions > extension"
+                            "extensions > extension, " \
+                            "annotationProcessorPaths > path"
       PLUGIN_SELECTOR     = "plugins > plugin"
       EXTENSION_SELECTOR  = "extensions > extension"
@@ -271,9 +272,10 @@ module Dependabot
       end
       def pomfiles
-        # NOTE: this (correctly) excludes any parent POMs that were downloaded
         @pomfiles ||=
-          dependency_files.select { |f| f.name.end_with?("pom.xml") }
+          dependency_files.select do |f|
+            f.name.end_with?(".xml") && !f.name.end_with?("extensions.xml")
+          end
       end
       def extensionfiles

data/lib/dependabot/maven/file_updater/declaration_finder.rb CHANGED Viewed

@@ -11,7 +11,8 @@ module Dependabot
       class DeclarationFinder
         DECLARATION_REGEX =
           %r{<parent>.*?</parent>|<dependency>.*?</dependency>|
-             <plugin>.*?(?:<plugin>.*?</plugin>.*)?</plugin>|<extension>.*?</extension>}mx
+             <plugin>.*?(?:<plugin>.*?</plugin>.*)?</plugin>|<extension>.*?</extension>|
+             <path>.*?</path>}mx
         attr_reader :dependency, :declaring_requirement, :dependency_files

data/lib/dependabot/maven/file_updater.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Dependabot
       def self.updated_files_regex
         [
           /^pom\.xml$/, %r{/pom\.xml$},
+          /.*\.xml$/, %r{/.*\.xml$},
           /^extensions.\.xml$/, %r{/extensions\.xml$}
         ]
       end
@@ -31,11 +32,10 @@ module Dependabot
           )
         end
-        updated_files.select! { |f| f.name.end_with?("pom.xml", "extensions.xml") }
+        updated_files.select! { |f| f.name.end_with?(".xml") }
         updated_files.reject! { |f| dependency_files.include?(f) }
         raise "No files changed!" if updated_files.none?
-        raise "Updated a supporting POM!" if updated_files.any? { |f| f.name.end_with?("pom_parent.xml") }
         updated_files
       end

data/lib/dependabot/maven/metadata_finder.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Dependabot
           any? { |f| dependency_artifact_id.end_with?(f.name) }
       rescue Dependabot::BranchNotFound
         # If we are attempting to find a branch, we should fail over to the default branch and retry once only
-        if tmp_source.branch.present?
+        unless tmp_source.branch.to_s.empty?
           tmp_source.branch = nil
           retry
         end

data/lib/dependabot/maven/update_checker/version_finder.rb CHANGED Viewed

@@ -58,7 +58,7 @@ module Dependabot
             repositories.map do |repository_details|
               url = repository_details.fetch("url")
               xml = dependency_metadata(repository_details)
-              next [] if xml.blank?
+              next [] if xml.nil?
               break xml.css("versions > version").
                 select { |node| version_class.correct?(node.content) }.

data/lib/dependabot/maven/update_checker.rb CHANGED Viewed

@@ -68,8 +68,7 @@ module Dependabot
             property_details(property_name: prop_name, callsite_pom: pom)&.
             fetch(:file)
-          declaration_pom_name == "remote_pom.xml" ||
-            declaration_pom_name&.end_with?("pom_parent.xml")
+          declaration_pom_name == "remote_pom.xml"
         end
       end

data/lib/dependabot/maven/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
+require "dependabot/version"
 require "dependabot/utils"
-require "rubygems_version_patch"
 # Java versions use dots and dashes when tokenising their versions.
 # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
@@ -10,7 +10,7 @@ require "rubygems_version_patch"
 module Dependabot
   module Maven
-    class Version < Gem::Version
+    class Version < Dependabot::Version
       NULL_VALUES = %w(0 final ga).freeze
       PREFIXED_TOKEN_HIERARCHY = {
         "." => { qualifier: 1, number: 4 },

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.215.0
+  version: 0.216.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-07 00:00:00.000000000 Z
+date: 2023-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.215.0
+        version: 0.216.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.215.0
+        version: 0.216.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.7.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: gpgme
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 4.0.0
+        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -86,70 +86,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.12'
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.48.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.39.0
+        version: 1.48.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: 1.17.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: 1.17.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.21.0
+        version: 0.22.0
 - !ruby/object:Gem::Dependency
   name: simplecov-console
   requirement: !ruby/object:Gem::Requirement
@@ -182,33 +182,34 @@ dependencies:
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '3.18'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
-description: Automated dependency management for Ruby, JavaScript, Python, PHP, Elixir,
-  Rust, Java, .NET, Elm and Go
-email: support@dependabot.com
+        version: '3.18'
+description: Dependabot-Maven provides support for bumping Maven packages via Dependabot.
+  If you want support for multiple package managers, you probably want the meta-gem
+  dependabot-omnibus.
+email: opensource@github.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -233,7 +234,9 @@ files:
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - Nonstandard
-metadata: {}
+metadata:
+  issue_tracker_uri: https://github.com/dependabot/dependabot-core/issues
+  changelog_uri: https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -249,8 +252,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 3.1.0
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
-summary: Maven support for dependabot
+summary: Provides Dependabot support for Maven
 test_files: []