dependabot-maven 0.237.0 → 0.238.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c129341dcfa0cc4b30dbdc362f0112e79b1e0609d05f598683afa1872755c1d9
|
4
|
+
data.tar.gz: ac4222bc51ef3cc93c35b288f0a21beeb5eba70f5eca078fa18be2e15f799ec2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 640576ba6d9272e82ea389e744e2bf7c49dc96931c78a1c64083a691fbfc6194dba62d1887d5da9adad9b832a9bd04c6ca20085293f9467b047a12b74c40ded7
|
7
|
+
data.tar.gz: b347c0d29775ade3853165190f275620a499feb04ebeb07b0909480226b0b13a43ac37a5982e7c0ffaad1b2911741d7ceb2d16a6be0272d218f2046d6488e66f
|
@@ -43,7 +43,7 @@ module Dependabot
|
|
43
43
|
end
|
44
44
|
|
45
45
|
# Collect all repository URLs from this POM and its parents
|
46
|
-
def repository_urls(pom:, exclude_inherited: false)
|
46
|
+
def repository_urls(pom:, exclude_inherited: false, exclude_snapshots: true)
|
47
47
|
entries = gather_repository_urls(pom: pom, exclude_inherited: exclude_inherited)
|
48
48
|
ids = Set.new
|
49
49
|
@known_urls += entries.map do |entry|
|
@@ -54,7 +54,8 @@ module Dependabot
|
|
54
54
|
end
|
55
55
|
@known_urls = @known_urls.uniq.compact
|
56
56
|
|
57
|
-
urls = urls_from_credentials + @known_urls.
|
57
|
+
urls = urls_from_credentials + @known_urls.reject { |entry| exclude_snapshots && entry[:snapshots] }
|
58
|
+
.map { |entry| entry[:url] }
|
58
59
|
urls += [central_repo_url] unless @known_urls.any? { |entry| entry[:id] == super_pom[:id] }
|
59
60
|
urls.uniq
|
60
61
|
end
|
@@ -69,14 +70,35 @@ module Dependabot
|
|
69
70
|
{ url: central_repo_url, id: "central" }
|
70
71
|
end
|
71
72
|
|
73
|
+
def serialize_mvn_repo(entry)
|
74
|
+
{
|
75
|
+
url: entry.at_css("url").content.strip,
|
76
|
+
id: entry.at_css("id").content.strip,
|
77
|
+
snapshots: entry.at_css("snapshots > enabled")&.content&.strip,
|
78
|
+
releases: entry.at_css("releases > enabled")&.content&.strip
|
79
|
+
}
|
80
|
+
end
|
81
|
+
|
82
|
+
def snapshot_repo(entry)
|
83
|
+
entry[:releases] == "false" && (entry[:snapshots].nil? || entry[:snapshots] == "true")
|
84
|
+
end
|
85
|
+
|
86
|
+
def serialize_urls(entry, pom)
|
87
|
+
{
|
88
|
+
url: evaluated_value(entry[:url], pom).gsub(%r{/$}, ""),
|
89
|
+
id: entry[:id],
|
90
|
+
snapshots: snapshot_repo(entry)
|
91
|
+
}
|
92
|
+
end
|
93
|
+
|
72
94
|
def gather_repository_urls(pom:, exclude_inherited: false)
|
73
95
|
repos_in_pom =
|
74
96
|
Nokogiri::XML(pom.content)
|
75
97
|
.css(REPOSITORY_SELECTOR)
|
76
|
-
.map { |node|
|
98
|
+
.map { |node| serialize_mvn_repo(node) }
|
77
99
|
.reject { |entry| contains_property?(entry[:url]) && !evaluate_properties? }
|
78
100
|
.select { |entry| entry[:url].start_with?("http") }
|
79
|
-
.map { |entry|
|
101
|
+
.map { |entry| serialize_urls(entry, pom) }
|
80
102
|
|
81
103
|
return repos_in_pom if exclude_inherited
|
82
104
|
|
@@ -4,7 +4,7 @@
|
|
4
4
|
require "nokogiri"
|
5
5
|
require "dependabot/metadata_finders"
|
6
6
|
require "dependabot/metadata_finders/base"
|
7
|
-
require "dependabot/
|
7
|
+
require "dependabot/maven/file_fetcher"
|
8
8
|
require "dependabot/maven/file_parser"
|
9
9
|
require "dependabot/maven/file_parser/repositories_finder"
|
10
10
|
require "dependabot/maven/utils/auth_headers_finder"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.238.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-12-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.238.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.238.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -236,7 +236,7 @@ licenses:
|
|
236
236
|
- Nonstandard
|
237
237
|
metadata:
|
238
238
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
239
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
239
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
|
240
240
|
post_install_message:
|
241
241
|
rdoc_options: []
|
242
242
|
require_paths:
|