dependabot-maven 0.237.0 → 0.238.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_parser/property_value_finder.rb +2 -1
  3. data/lib/dependabot/maven/file_parser/repositories_finder.rb +26 -4
  4. data/lib/dependabot/maven/metadata_finder.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7edac94e52e42ac0557bf77616a30a33dc20bd0d2d14817a74acdbc4082c155f
4
- data.tar.gz: ada3140145eaab44180812c4fd0f8255d8350a8e3341eb1d5b93be9c7d1238c5
3
+ metadata.gz: c129341dcfa0cc4b30dbdc362f0112e79b1e0609d05f598683afa1872755c1d9
4
+ data.tar.gz: ac4222bc51ef3cc93c35b288f0a21beeb5eba70f5eca078fa18be2e15f799ec2
5
5
  SHA512:
6
- metadata.gz: 38ec5482781048d76cf0e2e5565f1667fee52ba8a88821290a6f773cf785974bf6b1e2f43e59de89263616f1847e4af0a9af157f60139adbb189707862325306
7
- data.tar.gz: 3cdb003135571004f1e14a198d4cf15af379cee0d6fe253ebca47cffa56748735a68ebeb6913fb2596eec37fa83e71cc98a0941d2483d2b99b99113256b5e2d0
6
+ metadata.gz: 640576ba6d9272e82ea389e744e2bf7c49dc96931c78a1c64083a691fbfc6194dba62d1887d5da9adad9b832a9bd04c6ca20085293f9467b047a12b74c40ded7
7
+ data.tar.gz: b347c0d29775ade3853165190f275620a499feb04ebeb07b0909480226b0b13a43ac37a5982e7c0ffaad1b2911741d7ceb2d16a6be0272d218f2046d6488e66f
data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED
@@ -91,7 +91,8 @@ module Dependabot
91
91
  def parent_repository_urls(pom)
92
92
  repositories_finder.repository_urls(
93
93
  pom: pom,
94
- exclude_inherited: true
94
+ exclude_inherited: true,
95
+ exclude_snapshots: false
95
96
  )
96
97
  end
97
98
 
data/lib/dependabot/maven/file_parser/repositories_finder.rb CHANGED
@@ -43,7 +43,7 @@ module Dependabot
43
43
  end
44
44
 
45
45
  # Collect all repository URLs from this POM and its parents
46
- def repository_urls(pom:, exclude_inherited: false)
46
+ def repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true)
47
47
  entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited)
48
48
  ids = Set.new
49
49
  @known_urls += entries.map do |entry|
@@ -54,7 +54,8 @@ module Dependabot
54
54
  end
55
55
  @known_urls = @known_urls.uniq.compact
56
56
 
57
- urls = urls_from_credentials + @known_urls.map { |entry| entry[:url] }
57
+ urls = urls_from_credentials + @known_urls.reject { |entry| exclude_snapshots && entry[:snapshots] }
58
+ .map { |entry| entry[:url] }
58
59
  urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] }
59
60
  urls.uniq
60
61
  end
@@ -69,14 +70,35 @@ module Dependabot
69
70
  { url: central_repo_url, id: "central" }
70
71
  end
71
72
 
73
+ def serialize_mvn_repo(entry)
74
+ {
75
+ url: entry.at_css("url").content.strip,
76
+ id: entry.at_css("id").content.strip,
77
+ snapshots: entry.at_css("snapshots > enabled")&.content&.strip,
78
+ releases: entry.at_css("releases > enabled")&.content&.strip
79
+ }
80
+ end
81
+
82
+ def snapshot_repo(entry)
83
+ entry[:releases] == "false" && (entry[:snapshots].nil? || entry[:snapshots] == "true")
84
+ end
85
+
86
+ def serialize_urls(entry, pom)
87
+ {
88
+ url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""),
89
+ id: entry[:id],
90
+ snapshots: snapshot_repo(entry)
91
+ }
92
+ end
93
+
72
94
  def gather_repository_urls(pom:, exclude_inherited: false)
73
95
  repos_in_pom =
74
96
  Nokogiri::XML(pom.content)
75
97
  .css(REPOSITORY_SELECTOR)
76
- .map { |node| { url: node.at_css("url").content.strip, id: node.at_css("id").content.strip } }
98
+ .map { |node| serialize_mvn_repo(node) }
77
99
  .reject { |entry| contains_property?(entry[:url]) && !evaluate_properties? }
78
100
  .select { |entry| entry[:url].start_with?("http") }
79
- .map { |entry| { url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""), id: entry[:id] } }
101
+ .map { |entry| serialize_urls(entry, pom) }
80
102
 
81
103
  return repos_in_pom if exclude_inherited
82
104
 
data/lib/dependabot/maven/metadata_finder.rb CHANGED
@@ -4,7 +4,7 @@
4
4
  require "nokogiri"
5
5
  require "dependabot/metadata_finders"
6
6
  require "dependabot/metadata_finders/base"
7
- require "dependabot/file_fetchers/base"
7
+ require "dependabot/maven/file_fetcher"
8
8
  require "dependabot/maven/file_parser"
9
9
  require "dependabot/maven/file_parser/repositories_finder"
10
10
  require "dependabot/maven/utils/auth_headers_finder"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.237.0
4
+ version: 0.238.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-11-21 00:00:00.000000000 Z
11
+ date: 2023-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.237.0
19
+ version: 0.238.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.237.0
26
+ version: 0.238.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -236,7 +236,7 @@ licenses:
236
236
  - Nonstandard
237
237
  metadata:
238
238
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
239
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
239
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
240
240
  post_install_message:
241
241
  rdoc_options: []
242
242
  require_paths: