dependabot-maven 0.230.0 → 0.231.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_fetcher.rb +1 -0
- data/lib/dependabot/maven/file_parser/pom_fetcher.rb +6 -5
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +1 -0
- data/lib/dependabot/maven/file_parser/repositories_finder.rb +14 -13
- data/lib/dependabot/maven/file_parser.rb +14 -13
- data/lib/dependabot/maven/file_updater/declaration_finder.rb +13 -12
- data/lib/dependabot/maven/file_updater/property_value_updater.rb +3 -2
- data/lib/dependabot/maven/file_updater.rb +9 -8
- data/lib/dependabot/maven/metadata_finder.rb +8 -7
- data/lib/dependabot/maven/requirement.rb +3 -2
- data/lib/dependabot/maven/update_checker/property_updater.rb +9 -8
- data/lib/dependabot/maven/update_checker/requirements_updater.rb +3 -2
- data/lib/dependabot/maven/update_checker/version_finder.rb +30 -29
- data/lib/dependabot/maven/update_checker.rb +12 -11
- data/lib/dependabot/maven/utils/auth_headers_finder.rb +5 -4
- data/lib/dependabot/maven/version.rb +1 -0
- data/lib/dependabot/maven.rb +7 -6
- metadata +19 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 461d3d84af0d571ef562c2699cb3bc3deafaded45d5589dde9ae9a75ba09c14d
|
4
|
+
data.tar.gz: 382ccf2373619ff38b1725d31af0eaf58d2d108f85453f326eab45b8f9875fb0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 51beb5fe0201567cca5c805292ef3618110793a63a3266467d85ec0192ead214ec282cb12d21cc7b9bf8e1135d0c599d1dc08d2539168fc657476239559d835a
|
7
|
+
data.tar.gz: fdaaf4fe3e6bf641e21f7cf5cc72e0970ec8d2ea5e36dd81fb62b86b8cece8041c9db7ca2cc399418101c25407b34f66ae114ae8f1190bef1f507e01ae93bf90
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -96,11 +97,11 @@ module Dependabot
|
|
96
97
|
response = fetch(url)
|
97
98
|
return nil unless response.status == 200
|
98
99
|
|
99
|
-
snapshot = Nokogiri::XML(response.body)
|
100
|
-
|
101
|
-
|
102
|
-
at_css("value")
|
103
|
-
content
|
100
|
+
snapshot = Nokogiri::XML(response.body)
|
101
|
+
.css("snapshotVersion")
|
102
|
+
.find { |node| node.at_css("extension").content == "pom" }
|
103
|
+
&.at_css("value")
|
104
|
+
&.content
|
104
105
|
return nil unless snapshot
|
105
106
|
|
106
107
|
remote_pom_snapshot_url(group_id, artifact_id, version, snapshot, base_url)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -70,12 +71,12 @@ module Dependabot
|
|
70
71
|
|
71
72
|
def gather_repository_urls(pom:, exclude_inherited: false)
|
72
73
|
repos_in_pom =
|
73
|
-
Nokogiri::XML(pom.content)
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
74
|
+
Nokogiri::XML(pom.content)
|
75
|
+
.css(REPOSITORY_SELECTOR)
|
76
|
+
.map { |node| { url: node.at_css("url").content.strip, id: node.at_css("id").content.strip } }
|
77
|
+
.reject { |entry| contains_property?(entry[:url]) && !evaluate_properties? }
|
78
|
+
.select { |entry| entry[:url].start_with?("http") }
|
79
|
+
.map { |entry| { url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""), id: entry[:id] } }
|
79
80
|
|
80
81
|
return repos_in_pom if exclude_inherited
|
81
82
|
|
@@ -114,9 +115,9 @@ module Dependabot
|
|
114
115
|
# rubocop:enable Metrics/PerceivedComplexity
|
115
116
|
|
116
117
|
def urls_from_credentials
|
117
|
-
@credentials
|
118
|
-
select { |cred| cred["type"] == "maven_repository" }
|
119
|
-
filter_map { |cred| cred["url"]&.strip&.gsub(%r{/$}, "") }
|
118
|
+
@credentials
|
119
|
+
.select { |cred| cred["type"] == "maven_repository" }
|
120
|
+
.filter_map { |cred| cred["url"]&.strip&.gsub(%r{/$}, "") }
|
120
121
|
end
|
121
122
|
|
122
123
|
def contains_property?(value)
|
@@ -126,8 +127,8 @@ module Dependabot
|
|
126
127
|
def evaluated_value(value, pom)
|
127
128
|
return value unless contains_property?(value)
|
128
129
|
|
129
|
-
property_name = value.match(property_regex)
|
130
|
-
|
130
|
+
property_name = value.match(property_regex)
|
131
|
+
.named_captures.fetch("property")
|
131
132
|
property_value = value_for_property(property_name, pom)
|
132
133
|
|
133
134
|
value.gsub(property_regex, property_value)
|
@@ -135,8 +136,8 @@ module Dependabot
|
|
135
136
|
|
136
137
|
def value_for_property(property_name, pom)
|
137
138
|
value =
|
138
|
-
property_value_finder
|
139
|
-
property_details(
|
139
|
+
property_value_finder
|
140
|
+
.property_details(
|
140
141
|
property_name: property_name,
|
141
142
|
callsite_pom: pom
|
142
143
|
)&.fetch(:value)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -207,8 +208,8 @@ module Dependabot
|
|
207
208
|
return "pom" if dependency_node.node_name == "parent"
|
208
209
|
return "jar" unless dependency_node.at_xpath("./type")
|
209
210
|
|
210
|
-
packaging_type_content = dependency_node.at_xpath("./type")
|
211
|
-
|
211
|
+
packaging_type_content = dependency_node.at_xpath("./type")
|
212
|
+
.content.strip
|
212
213
|
|
213
214
|
evaluated_value(packaging_type_content, pom)
|
214
215
|
end
|
@@ -219,16 +220,16 @@ module Dependabot
|
|
219
220
|
version_content = dependency_node.at_xpath("./version").content.strip
|
220
221
|
return unless version_content.match?(PROPERTY_REGEX)
|
221
222
|
|
222
|
-
version_content
|
223
|
-
match(PROPERTY_REGEX)
|
224
|
-
named_captures.fetch("property")
|
223
|
+
version_content
|
224
|
+
.match(PROPERTY_REGEX)
|
225
|
+
.named_captures.fetch("property")
|
225
226
|
end
|
226
227
|
|
227
228
|
def evaluated_value(value, pom)
|
228
229
|
return value unless value.match?(PROPERTY_REGEX)
|
229
230
|
|
230
|
-
property_name = value.match(PROPERTY_REGEX)
|
231
|
-
|
231
|
+
property_name = value.match(PROPERTY_REGEX)
|
232
|
+
.named_captures.fetch("property")
|
232
233
|
property_value = value_for_property(property_name, pom)
|
233
234
|
|
234
235
|
new_value = value.gsub(value.match(PROPERTY_REGEX).to_s, property_value)
|
@@ -240,9 +241,9 @@ module Dependabot
|
|
240
241
|
return unless property_name
|
241
242
|
|
242
243
|
declaring_pom =
|
243
|
-
property_value_finder
|
244
|
-
property_details(property_name: property_name, callsite_pom: pom)
|
245
|
-
fetch(:file)
|
244
|
+
property_value_finder
|
245
|
+
.property_details(property_name: property_name, callsite_pom: pom)
|
246
|
+
&.fetch(:file)
|
246
247
|
|
247
248
|
return declaring_pom if declaring_pom
|
248
249
|
|
@@ -252,9 +253,9 @@ module Dependabot
|
|
252
253
|
|
253
254
|
def value_for_property(property_name, pom)
|
254
255
|
value =
|
255
|
-
property_value_finder
|
256
|
-
property_details(property_name: property_name, callsite_pom: pom)
|
257
|
-
fetch(:value)
|
256
|
+
property_value_finder
|
257
|
+
.property_details(property_name: property_name, callsite_pom: pom)
|
258
|
+
&.fetch(:value)
|
258
259
|
|
259
260
|
return value if value
|
260
261
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -92,10 +93,10 @@ module Dependabot
|
|
92
93
|
return false unless node_requirement
|
93
94
|
|
94
95
|
property_name =
|
95
|
-
node_requirement
|
96
|
-
match(Maven::FileParser::PROPERTY_REGEX)
|
97
|
-
named_captures
|
98
|
-
fetch("property")
|
96
|
+
node_requirement
|
97
|
+
.match(Maven::FileParser::PROPERTY_REGEX)
|
98
|
+
&.named_captures
|
99
|
+
&.fetch("property")
|
99
100
|
|
100
101
|
property_name == declaring_requirement[:metadata][:property_name]
|
101
102
|
else
|
@@ -119,8 +120,8 @@ module Dependabot
|
|
119
120
|
return "pom" if dependency_node.child.node_name == "parent"
|
120
121
|
return "jar" unless dependency_node.at_xpath("./*/type")
|
121
122
|
|
122
|
-
packaging_type_content = dependency_node.at_xpath("./*/type")
|
123
|
-
|
123
|
+
packaging_type_content = dependency_node.at_xpath("./*/type")
|
124
|
+
.content.strip
|
124
125
|
|
125
126
|
evaluated_value(packaging_type_content)
|
126
127
|
end
|
@@ -138,12 +139,12 @@ module Dependabot
|
|
138
139
|
return value unless value.match?(Maven::FileParser::PROPERTY_REGEX)
|
139
140
|
|
140
141
|
property_name =
|
141
|
-
value.match(Maven::FileParser::PROPERTY_REGEX)
|
142
|
-
|
142
|
+
value.match(Maven::FileParser::PROPERTY_REGEX)
|
143
|
+
.named_captures.fetch("property")
|
143
144
|
|
144
145
|
property_value =
|
145
|
-
property_value_finder
|
146
|
-
property_details(
|
146
|
+
property_value_finder
|
147
|
+
.property_details(
|
147
148
|
property_name: property_name,
|
148
149
|
callsite_pom: declaring_pom
|
149
150
|
)&.fetch(:value)
|
@@ -158,8 +159,8 @@ module Dependabot
|
|
158
159
|
|
159
160
|
def property_value_finder
|
160
161
|
@property_value_finder ||=
|
161
|
-
Maven::FileParser::PropertyValueFinder
|
162
|
-
new(dependency_files: dependency_files)
|
162
|
+
Maven::FileParser::PropertyValueFinder
|
163
|
+
.new(dependency_files: dependency_files)
|
163
164
|
end
|
164
165
|
end
|
165
166
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -54,8 +55,8 @@ module Dependabot
|
|
54
55
|
|
55
56
|
def property_value_finder
|
56
57
|
@property_value_finder ||=
|
57
|
-
Maven::FileParser::PropertyValueFinder
|
58
|
-
new(dependency_files: dependency_files)
|
58
|
+
Maven::FileParser::PropertyValueFinder
|
59
|
+
.new(dependency_files: dependency_files)
|
59
60
|
end
|
60
61
|
|
61
62
|
def update_file(file:, content:)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -51,8 +52,8 @@ module Dependabot
|
|
51
52
|
|
52
53
|
# The UpdateChecker ensures the order of requirements is preserved
|
53
54
|
# when updating, so we can zip them together in new/old pairs.
|
54
|
-
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
55
|
-
|
55
|
+
reqs = dependency.requirements.zip(dependency.previous_requirements)
|
56
|
+
.reject { |new_req, old_req| new_req == old_req }
|
56
57
|
|
57
58
|
# Loop through each changed requirement and update the files
|
58
59
|
reqs.each do |new_req, old_req|
|
@@ -77,12 +78,12 @@ module Dependabot
|
|
77
78
|
def update_pomfiles_for_property_change(pomfiles, req)
|
78
79
|
property_name = req.fetch(:metadata).fetch(:property_name)
|
79
80
|
|
80
|
-
PropertyValueUpdater.new(dependency_files: pomfiles)
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
81
|
+
PropertyValueUpdater.new(dependency_files: pomfiles)
|
82
|
+
.update_pomfiles_for_property_change(
|
83
|
+
property_name: property_name,
|
84
|
+
callsite_pom: pomfiles.find { |f| f.name == req.fetch(:file) },
|
85
|
+
updated_value: req.fetch(:requirement)
|
86
|
+
)
|
86
87
|
end
|
87
88
|
|
88
89
|
def update_version_in_file(dependency, file, previous_req, requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -38,9 +39,9 @@ module Dependabot
|
|
38
39
|
FileFetchers::Base.new(source: tmp_source, credentials: credentials)
|
39
40
|
|
40
41
|
@repo_has_subdir_for_dep[tmp_source] =
|
41
|
-
fetcher.send(:repo_contents, raise_errors: false)
|
42
|
-
|
43
|
-
|
42
|
+
fetcher.send(:repo_contents, raise_errors: false)
|
43
|
+
.select { |f| f.type == "dir" }
|
44
|
+
.any? { |f| dependency_artifact_id.end_with?(f.name) }
|
44
45
|
rescue Dependabot::BranchNotFound
|
45
46
|
# If we are attempting to find a branch, we should fail over to the default branch and retry once only
|
46
47
|
unless tmp_source.branch.to_s.empty?
|
@@ -145,8 +146,8 @@ module Dependabot
|
|
145
146
|
end
|
146
147
|
|
147
148
|
def maven_repo_url
|
148
|
-
source = dependency.requirements
|
149
|
-
|
149
|
+
source = dependency.requirements
|
150
|
+
.find { |r| r&.fetch(:source) }&.fetch(:source)
|
150
151
|
|
151
152
|
source&.fetch(:url, nil) ||
|
152
153
|
source&.fetch("url") ||
|
@@ -166,5 +167,5 @@ module Dependabot
|
|
166
167
|
end
|
167
168
|
end
|
168
169
|
|
169
|
-
Dependabot::MetadataFinders
|
170
|
-
register("maven", Dependabot::Maven::MetadataFinder)
|
170
|
+
Dependabot::MetadataFinders
|
171
|
+
.register("maven", Dependabot::Maven::MetadataFinder)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/utils"
|
@@ -114,5 +115,5 @@ module Dependabot
|
|
114
115
|
end
|
115
116
|
end
|
116
117
|
|
117
|
-
Dependabot::Utils
|
118
|
-
register_requirement_class("maven", Dependabot::Maven::Requirement)
|
118
|
+
Dependabot::Utils
|
119
|
+
.register_requirement_class("maven", Dependabot::Maven::Requirement)
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/maven/file_parser"
|
@@ -77,9 +78,9 @@ module Dependabot
|
|
77
78
|
end
|
78
79
|
|
79
80
|
def property_name
|
80
|
-
@property_name ||= dependency.requirements
|
81
|
-
|
82
|
-
dig(:metadata, :property_name)
|
81
|
+
@property_name ||= dependency.requirements
|
82
|
+
.find { |r| r.dig(:metadata, :property_name) }
|
83
|
+
&.dig(:metadata, :property_name)
|
83
84
|
|
84
85
|
raise "No requirement with a property name!" unless @property_name
|
85
86
|
|
@@ -88,9 +89,9 @@ module Dependabot
|
|
88
89
|
|
89
90
|
def property_source
|
90
91
|
@property_source ||=
|
91
|
-
dependency.requirements
|
92
|
-
|
93
|
-
dig(:metadata, :property_source)
|
92
|
+
dependency.requirements
|
93
|
+
.find { |r| r.dig(:metadata, :property_name) == property_name }
|
94
|
+
&.dig(:metadata, :property_source)
|
94
95
|
end
|
95
96
|
|
96
97
|
def includes_property_reference?(string)
|
@@ -99,8 +100,8 @@ module Dependabot
|
|
99
100
|
|
100
101
|
def version_string(dep)
|
101
102
|
declaring_requirement =
|
102
|
-
dep.requirements
|
103
|
-
|
103
|
+
dep.requirements
|
104
|
+
.find { |r| r.dig(:metadata, :property_name) == property_name }
|
104
105
|
|
105
106
|
Maven::FileUpdater::DeclarationFinder.new(
|
106
107
|
dependency: dep,
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
#######################################################
|
@@ -56,8 +57,8 @@ module Dependabot
|
|
56
57
|
end
|
57
58
|
|
58
59
|
def update_exact_requirement(req_string)
|
59
|
-
old_version = requirement_class.new(req_string)
|
60
|
-
|
60
|
+
old_version = requirement_class.new(req_string)
|
61
|
+
.requirements.first.last
|
61
62
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
62
63
|
end
|
63
64
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "nokogiri"
|
@@ -60,10 +61,10 @@ module Dependabot
|
|
60
61
|
xml = dependency_metadata(repository_details)
|
61
62
|
next [] if xml.nil?
|
62
63
|
|
63
|
-
break xml.css("versions > version")
|
64
|
-
|
65
|
-
|
66
|
-
|
64
|
+
break xml.css("versions > version")
|
65
|
+
.select { |node| version_class.correct?(node.content) }
|
66
|
+
.map { |node| version_class.new(node.content) }
|
67
|
+
.map { |version| { version: version, source_url: url } }
|
67
68
|
end.flatten
|
68
69
|
|
69
70
|
raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?
|
@@ -85,13 +86,13 @@ module Dependabot
|
|
85
86
|
def filter_date_based_versions(possible_versions)
|
86
87
|
return possible_versions if wants_date_based_version?
|
87
88
|
|
88
|
-
possible_versions
|
89
|
-
reject { |v| v.fetch(:version) > version_class.new(1900) }
|
89
|
+
possible_versions
|
90
|
+
.reject { |v| v.fetch(:version) > version_class.new(1900) }
|
90
91
|
end
|
91
92
|
|
92
93
|
def filter_version_types(possible_versions)
|
93
|
-
possible_versions
|
94
|
-
select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
94
|
+
possible_versions
|
95
|
+
.select { |v| matches_dependency_version_type?(v.fetch(:version)) }
|
95
96
|
end
|
96
97
|
|
97
98
|
def filter_ignored_versions(possible_versions)
|
@@ -100,8 +101,8 @@ module Dependabot
|
|
100
101
|
ignored_versions.each do |req|
|
101
102
|
ignore_requirements = Maven::Requirement.requirements_array(req)
|
102
103
|
filtered =
|
103
|
-
filtered
|
104
|
-
reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
104
|
+
filtered
|
105
|
+
.reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
|
105
106
|
end
|
106
107
|
|
107
108
|
if @raise_on_ignored && filter_lower_versions(filtered).empty? &&
|
@@ -207,17 +208,17 @@ module Dependabot
|
|
207
208
|
|
208
209
|
def pom_repository_details
|
209
210
|
@pom_repository_details ||=
|
210
|
-
repository_finder
|
211
|
-
repository_urls(pom: pom)
|
212
|
-
map do |url|
|
211
|
+
repository_finder
|
212
|
+
.repository_urls(pom: pom)
|
213
|
+
.map do |url|
|
213
214
|
{ "url" => url, "auth_headers" => {} }
|
214
215
|
end
|
215
216
|
end
|
216
217
|
|
217
218
|
def credentials_repository_details
|
218
|
-
credentials
|
219
|
-
select { |cred| cred["type"] == "maven_repository" }
|
220
|
-
map do |cred|
|
219
|
+
credentials
|
220
|
+
.select { |cred| cred["type"] == "maven_repository" }
|
221
|
+
.map do |cred|
|
221
222
|
{
|
222
223
|
"url" => cred.fetch("url").gsub(%r{/+$}, ""),
|
223
224
|
"auth_headers" => auth_headers(cred.fetch("url").gsub(%r{/+$}, ""))
|
@@ -228,19 +229,19 @@ module Dependabot
|
|
228
229
|
def matches_dependency_version_type?(comparison_version)
|
229
230
|
return true unless dependency.version
|
230
231
|
|
231
|
-
current_type = dependency.version
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
version_type = comparison_version.to_s
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
232
|
+
current_type = dependency.version
|
233
|
+
.gsub("native-mt", "native_mt")
|
234
|
+
.split(/[.\-]/)
|
235
|
+
.find do |type|
|
236
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
237
|
+
end
|
238
|
+
|
239
|
+
version_type = comparison_version.to_s
|
240
|
+
.gsub("native-mt", "native_mt")
|
241
|
+
.split(/[.\-]/)
|
242
|
+
.find do |type|
|
243
|
+
TYPE_SUFFICES.find { |s| type.include?(s) }
|
244
|
+
end
|
244
245
|
|
245
246
|
current_type == version_type
|
246
247
|
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
require "dependabot/update_checkers"
|
@@ -47,8 +48,8 @@ module Dependabot
|
|
47
48
|
|
48
49
|
def updated_requirements
|
49
50
|
property_names =
|
50
|
-
declarations_using_a_property
|
51
|
-
map { |req| req.dig(:metadata, :property_name) }
|
51
|
+
declarations_using_a_property
|
52
|
+
.map { |req| req.dig(:metadata, :property_name) }
|
52
53
|
|
53
54
|
RequirementsUpdater.new(
|
54
55
|
requirements: dependency.requirements,
|
@@ -64,9 +65,9 @@ module Dependabot
|
|
64
65
|
pom = dependency_files.find { |f| f.name == requirement[:file] }
|
65
66
|
|
66
67
|
declaration_pom_name =
|
67
|
-
property_value_finder
|
68
|
-
property_details(property_name: prop_name, callsite_pom: pom)
|
69
|
-
fetch(:file)
|
68
|
+
property_value_finder
|
69
|
+
.property_details(property_name: prop_name, callsite_pom: pom)
|
70
|
+
&.fetch(:file)
|
70
71
|
|
71
72
|
declaration_pom_name == "remote_pom.xml"
|
72
73
|
end
|
@@ -136,15 +137,15 @@ module Dependabot
|
|
136
137
|
|
137
138
|
def property_value_finder
|
138
139
|
@property_value_finder ||=
|
139
|
-
Maven::FileParser::PropertyValueFinder
|
140
|
-
new(dependency_files: dependency_files, credentials: credentials)
|
140
|
+
Maven::FileParser::PropertyValueFinder
|
141
|
+
.new(dependency_files: dependency_files, credentials: credentials)
|
141
142
|
end
|
142
143
|
|
143
144
|
def version_comes_from_multi_dependency_property?
|
144
145
|
declarations_using_a_property.any? do |requirement|
|
145
146
|
property_name = requirement.fetch(:metadata).fetch(:property_name)
|
146
|
-
property_source = requirement.fetch(:metadata)
|
147
|
-
|
147
|
+
property_source = requirement.fetch(:metadata)
|
148
|
+
.fetch(:property_source)
|
148
149
|
|
149
150
|
all_property_based_dependencies.any? do |dep|
|
150
151
|
next false if dep.name == dependency.name
|
@@ -160,8 +161,8 @@ module Dependabot
|
|
160
161
|
|
161
162
|
def declarations_using_a_property
|
162
163
|
@declarations_using_a_property ||=
|
163
|
-
dependency.requirements
|
164
|
-
|
164
|
+
dependency.requirements
|
165
|
+
.select { |req| req.dig(:metadata, :property_name) }
|
165
166
|
end
|
166
167
|
|
167
168
|
def all_property_based_dependencies
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
module Dependabot
|
@@ -10,8 +11,8 @@ module Dependabot
|
|
10
11
|
|
11
12
|
def auth_headers(maven_repo_url)
|
12
13
|
cred =
|
13
|
-
credentials.select { |c| c["type"] == "maven_repository" }
|
14
|
-
|
14
|
+
credentials.select { |c| c["type"] == "maven_repository" }
|
15
|
+
.find do |c|
|
15
16
|
cred_url = c.fetch("url").gsub(%r{/+$}, "")
|
16
17
|
next false unless cred_url == maven_repo_url
|
17
18
|
|
@@ -33,8 +34,8 @@ module Dependabot
|
|
33
34
|
return {} unless gitlab_maven_repo?(URI(maven_repo_url).path)
|
34
35
|
|
35
36
|
cred =
|
36
|
-
credentials.select { |c| c["type"] == "git_source" }
|
37
|
-
|
37
|
+
credentials.select { |c| c["type"] == "git_source" }
|
38
|
+
.find do |c|
|
38
39
|
cred_host = c.fetch("host").gsub(%r{/+$}, "")
|
39
40
|
next false unless URI(maven_repo_url).host == cred_host
|
40
41
|
|
data/lib/dependabot/maven.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# typed: false
|
1
2
|
# frozen_string_literal: true
|
2
3
|
|
3
4
|
# These all need to be required so the various classes can be registered in a
|
@@ -11,15 +12,15 @@ require "dependabot/maven/requirement"
|
|
11
12
|
require "dependabot/maven/version"
|
12
13
|
|
13
14
|
require "dependabot/pull_request_creator/labeler"
|
14
|
-
Dependabot::PullRequestCreator::Labeler
|
15
|
-
register_label_details("maven", name: "java", colour: "ffa221")
|
15
|
+
Dependabot::PullRequestCreator::Labeler
|
16
|
+
.register_label_details("maven", name: "java", colour: "ffa221")
|
16
17
|
|
17
18
|
require "dependabot/dependency"
|
18
|
-
Dependabot::Dependency
|
19
|
-
register_production_check("maven", ->(groups) { groups != ["test"] })
|
19
|
+
Dependabot::Dependency
|
20
|
+
.register_production_check("maven", ->(groups) { groups != ["test"] })
|
20
21
|
|
21
|
-
Dependabot::Dependency
|
22
|
-
register_display_name_builder(
|
22
|
+
Dependabot::Dependency
|
23
|
+
.register_display_name_builder(
|
23
24
|
"maven",
|
24
25
|
lambda { |name|
|
25
26
|
_group_id, artifact_id = name.split(":")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.231.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-09-
|
11
|
+
date: 2023-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.231.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.231.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -136,6 +136,20 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: 1.19.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rubocop-sorbet
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: 0.7.3
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 0.7.3
|
139
153
|
- !ruby/object:Gem::Dependency
|
140
154
|
name: stackprof
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -208,7 +222,7 @@ licenses:
|
|
208
222
|
- Nonstandard
|
209
223
|
metadata:
|
210
224
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
211
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
225
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.231.0
|
212
226
|
post_install_message:
|
213
227
|
rdoc_options: []
|
214
228
|
require_paths:
|