dependabot-maven 0.237.0 → 0.238.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_parser/property_value_finder.rb +2 -1
  3. data/lib/dependabot/maven/file_parser/repositories_finder.rb +26 -4
  4. data/lib/dependabot/maven/metadata_finder.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7edac94e52e42ac0557bf77616a30a33dc20bd0d2d14817a74acdbc4082c155f
4
- data.tar.gz: ada3140145eaab44180812c4fd0f8255d8350a8e3341eb1d5b93be9c7d1238c5
3
+ metadata.gz: c129341dcfa0cc4b30dbdc362f0112e79b1e0609d05f598683afa1872755c1d9
4
+ data.tar.gz: ac4222bc51ef3cc93c35b288f0a21beeb5eba70f5eca078fa18be2e15f799ec2
5
5
  SHA512:
6
- metadata.gz: 38ec5482781048d76cf0e2e5565f1667fee52ba8a88821290a6f773cf785974bf6b1e2f43e59de89263616f1847e4af0a9af157f60139adbb189707862325306
7
- data.tar.gz: 3cdb003135571004f1e14a198d4cf15af379cee0d6fe253ebca47cffa56748735a68ebeb6913fb2596eec37fa83e71cc98a0941d2483d2b99b99113256b5e2d0
6
+ metadata.gz: 640576ba6d9272e82ea389e744e2bf7c49dc96931c78a1c64083a691fbfc6194dba62d1887d5da9adad9b832a9bd04c6ca20085293f9467b047a12b74c40ded7
7
+ data.tar.gz: b347c0d29775ade3853165190f275620a499feb04ebeb07b0909480226b0b13a43ac37a5982e7c0ffaad1b2911741d7ceb2d16a6be0272d218f2046d6488e66f
data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED
@@ -91,7 +91,8 @@ module Dependabot
91
91
  def parent_repository_urls(pom)
92
92
  repositories_finder.repository_urls(
93
93
  pom: pom,
94
- exclude_inherited: true
94
+ exclude_inherited: true,
95
+ exclude_snapshots: false
95
96
  )
96
97
  end
97
98
 
data/lib/dependabot/maven/file_parser/repositories_finder.rb CHANGED
@@ -43,7 +43,7 @@ module Dependabot
43
43
  end
44
44
 
45
45
  # Collect all repository URLs from this POM and its parents
46
- def repository_urls(pom:, exclude_inherited: false)
46
+ def repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true)
47
47
  entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited)
48
48
  ids = Set.new
49
49
  @known_urls += entries.map do |entry|
@@ -54,7 +54,8 @@ module Dependabot
54
54
  end
55
55
  @known_urls = @known_urls.uniq.compact
56
56
 
57
- urls = urls_from_credentials + @known_urls.map { |entry| entry[:url] }
57
+ urls = urls_from_credentials + @known_urls.reject { |entry| exclude_snapshots && entry[:snapshots] }
58
+ .map { |entry| entry[:url] }
58
59
  urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] }
59
60
  urls.uniq
60
61
  end
@@ -69,14 +70,35 @@ module Dependabot
69
70
  { url: central_repo_url, id: "central" }
70
71
  end
71
72
 
73
+ def serialize_mvn_repo(entry)
74
+ {
75
+ url: entry.at_css("url").content.strip,
76
+ id: entry.at_css("id").content.strip,
77
+ snapshots: entry.at_css("snapshots > enabled")&.content&.strip,
78
+ releases: entry.at_css("releases > enabled")&.content&.strip
79
+ }
80
+ end
81
+
82
+ def snapshot_repo(entry)
83
+ entry[:releases] == "false" && (entry[:snapshots].nil? || entry[:snapshots] == "true")
84
+ end
85
+
86
+ def serialize_urls(entry, pom)
87
+ {
88
+ url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""),
89
+ id: entry[:id],
90
+ snapshots: snapshot_repo(entry)
91
+ }
92
+ end
93
+
72
94
  def gather_repository_urls(pom:, exclude_inherited: false)
73
95
  repos_in_pom =
74
96
  Nokogiri::XML(pom.content)
75
97
  .css(REPOSITORY_SELECTOR)
76
- .map { |node| { url: node.at_css("url").content.strip, id: node.at_css("id").content.strip } }
98
+ .map { |node| serialize_mvn_repo(node) }
77
99
  .reject { |entry| contains_property?(entry[:url]) && !evaluate_properties? }
78
100
  .select { |entry| entry[:url].start_with?("http") }
79
- .map { |entry| { url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""), id: entry[:id] } }
101
+ .map { |entry| serialize_urls(entry, pom) }
80
102
 
81
103
  return repos_in_pom if exclude_inherited
82
104
 
data/lib/dependabot/maven/metadata_finder.rb CHANGED
@@ -4,7 +4,7 @@
4
4
  require "nokogiri"
5
5
  require "dependabot/metadata_finders"
6
6
  require "dependabot/metadata_finders/base"
7
- require "dependabot/file_fetchers/base"
7
+ require "dependabot/maven/file_fetcher"
8
8
  require "dependabot/maven/file_parser"
9
9
  require "dependabot/maven/file_parser/repositories_finder"
10
10
  require "dependabot/maven/utils/auth_headers_finder"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.237.0
4
+ version: 0.238.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-11-21 00:00:00.000000000 Z
11
+ date: 2023-12-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.237.0
19
+ version: 0.238.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.237.0
26
+ version: 0.238.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -236,7 +236,7 @@ licenses:
236
236
  - Nonstandard
237
237
  metadata:
238
238
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
239
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.237.0
239
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
240
240
  post_install_message:
241
241
  rdoc_options: []
242
242
  require_paths: