dependabot-maven 0.252.0 → 0.253.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/file_parser/property_value_finder.rb +26 -3
- metadata +5 -19
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dffeeb577c7b7a40d973acfd880896eff96c5b06bde35bf6bdf6904e0b587ab6
|
|
4
|
+
data.tar.gz: 5825f235221a9007c013b2294e99bba05aa0fe24956d4cc3eb8fd4e2b388e00e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 559d5b3d18e8c9d31896ea2e97eacbeedde63fa1526bdb8544c296f73ce42486b7fbed3f2a7fa0edbe92ae5306b7e672baef38b07df05c84ab8a9c92e750e7f0
|
|
7
|
+
data.tar.gz: 684113129ad6e6c864495899db78f1177385230c1af2b6b2b2df92f195605d69201d7fb98810079b0b22d0d58df76d97b67fc79da844012cf24f95499e91aee5
|
|
@@ -36,9 +36,10 @@ module Dependabot
|
|
|
36
36
|
node =
|
|
37
37
|
loop do
|
|
38
38
|
candidate_node =
|
|
39
|
-
doc.
|
|
40
|
-
doc.
|
|
41
|
-
doc.
|
|
39
|
+
doc.xpath("/project/#{nm}").last ||
|
|
40
|
+
doc.xpath("/project/properties/#{property_name}").last ||
|
|
41
|
+
doc.xpath("/project/profiles/profile/properties/#{property_name}").last
|
|
42
|
+
|
|
42
43
|
break candidate_node if candidate_node
|
|
43
44
|
break unless nm.match?(DOT_SEPARATOR_REGEX)
|
|
44
45
|
|
|
@@ -47,6 +48,15 @@ module Dependabot
|
|
|
47
48
|
raise DependencyFileNotEvaluatable, e.message
|
|
48
49
|
end
|
|
49
50
|
|
|
51
|
+
# and value is an expression
|
|
52
|
+
if node && node.content.strip.start_with?("${")
|
|
53
|
+
return extract_value_from_expression(
|
|
54
|
+
expression: node.content.strip,
|
|
55
|
+
property_name: property_name,
|
|
56
|
+
callsite_pom: callsite_pom
|
|
57
|
+
)
|
|
58
|
+
end
|
|
59
|
+
|
|
50
60
|
# If we found a property, return it
|
|
51
61
|
return { file: pom.name, node: node, value: node.content.strip } if node
|
|
52
62
|
|
|
@@ -63,6 +73,19 @@ module Dependabot
|
|
|
63
73
|
|
|
64
74
|
attr_reader :dependency_files
|
|
65
75
|
|
|
76
|
+
def extract_value_from_expression(expression:, property_name:, callsite_pom:)
|
|
77
|
+
# and the expression is pointing to self then raise the error
|
|
78
|
+
if expression.eql?("${#{property_name}}")
|
|
79
|
+
raise Dependabot::DependencyFileNotParseable.new(
|
|
80
|
+
callsite_pom.name,
|
|
81
|
+
"Error trying to resolve recursive expression '#{expression}'."
|
|
82
|
+
)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# and the expression is pointing to another tag, then get the value of that tag
|
|
86
|
+
property_details(property_name: expression.slice(2..-2), callsite_pom: callsite_pom)
|
|
87
|
+
end
|
|
88
|
+
|
|
66
89
|
def sanitize_property_name(property_name)
|
|
67
90
|
property_name.sub(/^pom\./, "").sub(/^project\./, "")
|
|
68
91
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.253.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.253.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.253.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -164,20 +164,6 @@ dependencies:
|
|
|
164
164
|
- - "~>"
|
|
165
165
|
- !ruby/object:Gem::Version
|
|
166
166
|
version: 0.7.3
|
|
167
|
-
- !ruby/object:Gem::Dependency
|
|
168
|
-
name: stackprof
|
|
169
|
-
requirement: !ruby/object:Gem::Requirement
|
|
170
|
-
requirements:
|
|
171
|
-
- - "~>"
|
|
172
|
-
- !ruby/object:Gem::Version
|
|
173
|
-
version: 0.2.16
|
|
174
|
-
type: :development
|
|
175
|
-
prerelease: false
|
|
176
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
177
|
-
requirements:
|
|
178
|
-
- - "~>"
|
|
179
|
-
- !ruby/object:Gem::Version
|
|
180
|
-
version: 0.2.16
|
|
181
167
|
- !ruby/object:Gem::Dependency
|
|
182
168
|
name: turbo_tests
|
|
183
169
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -264,7 +250,7 @@ licenses:
|
|
|
264
250
|
- Nonstandard
|
|
265
251
|
metadata:
|
|
266
252
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
267
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
253
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.253.0
|
|
268
254
|
post_install_message:
|
|
269
255
|
rdoc_options: []
|
|
270
256
|
require_paths:
|