dependabot-maven 0.263.0 → 0.264.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_parser/pom_fetcher.rb +31 -6
  3. data/lib/dependabot/maven/file_parser/property_value_finder.rb +29 -7
  4. data/lib/dependabot/maven/file_parser.rb +67 -12
  5. data/lib/dependabot/maven/file_updater/property_value_updater.rb +31 -12
  6. data/lib/dependabot/maven/update_checker.rb +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 552768ff6db96fce263a5a771e6a7026292b7762f164e4c8db9b9d086ef1fbf1
4
- data.tar.gz: 2eae3cbb621aebdeeebb4de95093f7c4b002bcde6e8b1b7e29e1367120a13686
3
+ metadata.gz: 51df7f3dc716cc7674949df83e48d90d04921493c750524def54b0cbe24dc920
4
+ data.tar.gz: b2cd29d713898236089bd0049b12b05098f5cd9f7e8e3393a711955fc1dbea66
5
5
  SHA512:
6
- metadata.gz: 5e7a9f332a6295e56d186774f400680129af29f257b359c9636dae18b9234efc73826c7f76d5d3574a7aa04bc5c2f7391e3c7b1a4e92e916278349d35ce6ee17
7
- data.tar.gz: e8d6f1a5cd5a23161dad0d8fdde58538c4c63d402783dd420f0778ee3e008a68b59c63dc0e659f2ca41f616bb3ad0b728ada61666b41409dcfb4e8c5bebee66f
6
+ metadata.gz: 76f561eb9ab1cef94fe2cf02455ba8b63ed98296c8aa17b12a8e7e19297e883b03380fc4feb0644f9b3ff296e59a42bb40563cc905106ff2343195281ae88e95
7
+ data.tar.gz: 134b49a299b44872d274fad695741584eaced44b3528a78a6d3178334f1f1582c440b9260295f758af5f0310456ac71fa123dc0a062aed73788bdc4aec306098
data/lib/dependabot/maven/file_parser/pom_fetcher.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "nokogiri"
5
6
 
6
7
  require "dependabot/dependency_file"
@@ -11,15 +12,19 @@ module Dependabot
11
12
  module Maven
12
13
  class FileParser
13
14
  class PomFetcher
15
+ extend T::Sig
16
+
17
+ sig { params(dependency_files: T::Array[DependencyFile]).void }
14
18
  def initialize(dependency_files:)
15
19
  @dependency_files = dependency_files
16
- @poms = {}
20
+ @poms = T.let({}, T::Hash[String, DependencyFile])
17
21
  end
18
22
 
23
+ sig { returns(T::Hash[String, DependencyFile]) }
19
24
  def internal_dependency_poms
20
25
  return @internal_dependency_poms if @internal_dependency_poms
21
26
 
22
- @internal_dependency_poms = {}
27
+ @internal_dependency_poms = T.let({}, T.nilable(T::Hash[String, DependencyFile]))
23
28
  dependency_files.each do |pom|
24
29
  doc = Nokogiri::XML(pom.content)
25
30
  group_id = doc.at_css("project > groupId") ||
@@ -33,12 +38,20 @@ module Dependabot
33
38
  artifact_id.content.strip
34
39
  ].join(":")
35
40
 
36
- @internal_dependency_poms[dependency_name] = pom
41
+ T.must(@internal_dependency_poms)[dependency_name] = pom
37
42
  end
38
43
 
39
- @internal_dependency_poms
44
+ T.must(@internal_dependency_poms)
40
45
  end
41
46
 
47
+ sig do
48
+ params(
49
+ group_id: String,
50
+ artifact_id: String,
51
+ version: String,
52
+ urls_to_try: T::Array[String]
53
+ ).returns(T.nilable(DependencyFile)) # Fix: Added closing parenthesis
54
+ end
42
55
  def fetch_remote_parent_pom(group_id, artifact_id, version, urls_to_try)
43
56
  pom_id = "#{group_id}:#{artifact_id}:#{version}"
44
57
  return @poms[pom_id] if @poms.key?(pom_id)
@@ -74,24 +87,33 @@ module Dependabot
74
87
 
75
88
  private
76
89
 
90
+ sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
77
91
  def remote_pom_url(group_id, artifact_id, version, base_repo_url)
78
92
  "#{base_repo_url}/" \
79
93
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
80
94
  "#{artifact_id}-#{version}.pom"
81
95
  end
82
96
 
97
+ sig do
98
+ params(group_id: String, artifact_id: String, version: String, snapshot_version: String,
99
+ base_repo_url: String).returns(String)
100
+ end
83
101
  def remote_pom_snapshot_url(group_id, artifact_id, version, snapshot_version, base_repo_url)
84
102
  "#{base_repo_url}/" \
85
103
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
86
104
  "#{artifact_id}-#{snapshot_version}.pom"
87
105
  end
88
106
 
107
+ sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
89
108
  def remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_repo_url)
90
109
  "#{base_repo_url}/" \
91
110
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
92
111
  "maven-metadata.xml"
93
112
  end
94
113
 
114
+ sig do
115
+ params(group_id: String, artifact_id: String, version: String, base_url: String).returns(T.nilable(String))
116
+ end
95
117
  def fetch_snapshot_pom_url(group_id, artifact_id, version, base_url)
96
118
  url = remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_url)
97
119
  response = fetch(url)
@@ -107,15 +129,18 @@ module Dependabot
107
129
  remote_pom_snapshot_url(group_id, artifact_id, version, snapshot, base_url)
108
130
  end
109
131
 
132
+ sig { params(url: String).returns(Excon::Response) }
110
133
  def fetch(url)
111
- @maven_responses ||= {}
134
+ @maven_responses ||= T.let({}, T.nilable(T::Hash[String, Excon::Response]))
112
135
  @maven_responses[url] ||= Dependabot::RegistryClient.get(url: url, options: { retry_limit: 1 })
113
136
  end
114
137
 
138
+ sig { params(content: String).returns(T::Boolean) }
115
139
  def pom?(content)
116
140
  !Nokogiri::XML(content).at_css("project > artifactId").nil?
117
141
  end
118
142
 
143
+ sig { returns(T::Array[DependencyFile]) }
119
144
  attr_reader :dependency_files
120
145
  end
121
146
  end
data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED
@@ -1,8 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
5
-
5
+ require "sorbet-runtime"
6
6
  require "dependabot/dependency_file"
7
7
  require "dependabot/maven/file_parser"
8
8
  require "dependabot/registry_client"
@@ -14,17 +14,24 @@ module Dependabot
14
14
  module Maven
15
15
  class FileParser
16
16
  class PropertyValueFinder
17
+ extend T::Sig
18
+
17
19
  require_relative "repositories_finder"
18
20
  require_relative "pom_fetcher"
19
21
 
20
22
  DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
21
23
 
24
+ sig { params(dependency_files: T::Array[DependencyFile], credentials: T::Array[String]).void }
22
25
  def initialize(dependency_files:, credentials: [])
23
26
  @dependency_files = dependency_files
24
27
  @credentials = credentials
25
- @pom_fetcher = PomFetcher.new(dependency_files: dependency_files)
28
+ @pom_fetcher = T.let(PomFetcher.new(dependency_files: dependency_files),
29
+ Dependabot::Maven::FileParser::PomFetcher)
26
30
  end
27
31
 
32
+ sig do
33
+ params(property_name: String, callsite_pom: DependencyFile).returns(T.nilable(T::Hash[Symbol, T.untyped]))
34
+ end
28
35
  def property_details(property_name:, callsite_pom:)
29
36
  pom = callsite_pom
30
37
  doc = Nokogiri::XML(pom.content)
@@ -71,8 +78,17 @@ module Dependabot
71
78
 
72
79
  private
73
80
 
81
+ sig { returns(T::Array[DependencyFile]) }
74
82
  attr_reader :dependency_files
75
83
 
84
+ sig do
85
+ params(
86
+ expression: String,
87
+ property_name: String,
88
+ callsite_pom: DependencyFile
89
+ )
90
+ .returns(T.nilable(T::Hash[Symbol, String]))
91
+ end
76
92
  def extract_value_from_expression(expression:, property_name:, callsite_pom:)
77
93
  # and the expression is pointing to self then raise the error
78
94
  if expression.eql?("${#{property_name}}")
@@ -83,14 +99,16 @@ module Dependabot
83
99
  end
84
100
 
85
101
  # and the expression is pointing to another tag, then get the value of that tag
86
- property_details(property_name: expression.slice(2..-2), callsite_pom: callsite_pom)
102
+ property_details(property_name: T.must(expression.slice(2..-2)), callsite_pom: callsite_pom)
87
103
  end
88
104
 
105
+ sig { params(property_name: String).returns(String) }
89
106
  def sanitize_property_name(property_name)
90
107
  property_name.sub(/^pom\./, "").sub(/^project\./, "")
91
108
  end
92
109
 
93
110
  # rubocop:disable Metrics/PerceivedComplexity
111
+ sig { params(pom: DependencyFile).returns(T.nilable(DependencyFile)) }
94
112
  def parent_pom(pom)
95
113
  doc = Nokogiri::XML(pom.content)
96
114
  doc.remove_namespaces!
@@ -111,6 +129,7 @@ module Dependabot
111
129
  end
112
130
  # rubocop:enable Metrics/PerceivedComplexity
113
131
 
132
+ sig { params(pom: DependencyFile).returns(T::Array[String]) }
114
133
  def parent_repository_urls(pom)
115
134
  repositories_finder.repository_urls(
116
135
  pom: pom,
@@ -119,14 +138,17 @@ module Dependabot
119
138
  )
120
139
  end
121
140
 
141
+ sig { returns(RepositoriesFinder) }
122
142
  def repositories_finder
123
- @repositories_finder ||=
124
- RepositoriesFinder.new(
143
+ @repositories_finder ||= T.let(
144
+ Dependabot::Maven::FileParser::RepositoriesFinder.new(
125
145
  pom_fetcher: @pom_fetcher,
126
146
  dependency_files: dependency_files,
127
147
  credentials: @credentials,
128
148
  evaluate_properties: false
129
- )
149
+ ),
150
+ T.nilable(Dependabot::Maven::FileParser::RepositoriesFinder)
151
+ )
130
152
  end
131
153
  end
132
154
  end
data/lib/dependabot/maven/file_parser.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
@@ -15,6 +15,7 @@ require "dependabot/errors"
15
15
  module Dependabot
16
16
  module Maven
17
17
  class FileParser < Dependabot::FileParsers::Base
18
+ extend T::Sig
18
19
  require "dependabot/file_parsers/base/dependency_set"
19
20
  require_relative "file_parser/property_value_finder"
20
21
 
@@ -35,6 +36,7 @@ module Dependabot
35
36
  # Regex to get the property name from a declaration that uses a property
36
37
  PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
37
38
 
39
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
38
40
  def parse
39
41
  dependency_set = DependencySet.new
40
42
  pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
@@ -44,6 +46,7 @@ module Dependabot
44
46
 
45
47
  private
46
48
 
49
+ sig { params(pom: Dependabot::DependencyFile).returns(DependencySet) }
47
50
  def pomfile_dependencies(pom)
48
51
  dependency_set = DependencySet.new
49
52
 
@@ -70,6 +73,7 @@ module Dependabot
70
73
  dependency_set
71
74
  end
72
75
 
76
+ sig { params(extension: Dependabot::DependencyFile).returns(DependencySet) }
73
77
  def extensionfile_dependencies(extension)
74
78
  dependency_set = DependencySet.new
75
79
 
@@ -89,6 +93,10 @@ module Dependabot
89
93
  dependency_set
90
94
  end
91
95
 
96
+ sig do
97
+ params(pom: Dependabot::DependencyFile,
98
+ dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
99
+ end
92
100
  def dependency_from_dependency_node(pom, dependency_node)
93
101
  return unless (name = dependency_name(dependency_node, pom))
94
102
  return if internal_dependency_names.include?(name)
@@ -96,6 +104,10 @@ module Dependabot
96
104
  build_dependency(pom, dependency_node, name)
97
105
  end
98
106
 
107
+ sig do
108
+ params(pom: Dependabot::DependencyFile,
109
+ dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
110
+ end
99
111
  def dependency_from_plugin_node(pom, dependency_node)
100
112
  return unless (name = plugin_name(dependency_node, pom))
101
113
  return if internal_dependency_names.include?(name)
@@ -103,6 +115,10 @@ module Dependabot
103
115
  build_dependency(pom, dependency_node, name)
104
116
  end
105
117
 
118
+ sig do
119
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element,
120
+ name: String).returns(T.nilable(Dependabot::Dependency))
121
+ end
106
122
  def build_dependency(pom, dependency_node, name)
107
123
  property_details =
108
124
  {
@@ -127,6 +143,10 @@ module Dependabot
127
143
  )
128
144
  end
129
145
 
146
+ sig do
147
+ params(dependency_node: Nokogiri::XML::Element,
148
+ pom: Dependabot::DependencyFile).returns(T.nilable(String))
149
+ end
130
150
  def dependency_name(dependency_node, pom)
131
151
  return unless dependency_node.at_xpath("./groupId")
132
152
  return unless dependency_node.at_xpath("./artifactId")
@@ -143,6 +163,9 @@ module Dependabot
143
163
  ].join(":")
144
164
  end
145
165
 
166
+ sig do
167
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
168
+ end
146
169
  def dependency_classifier(dependency_node, pom)
147
170
  return unless dependency_node.at_xpath("./classifier")
148
171
 
@@ -152,6 +175,9 @@ module Dependabot
152
175
  )
153
176
  end
154
177
 
178
+ sig do
179
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
180
+ end
155
181
  def plugin_name(dependency_node, pom)
156
182
  return unless plugin_group_id(pom, dependency_node)
157
183
  return unless dependency_node.at_xpath("./artifactId")
@@ -165,6 +191,7 @@ module Dependabot
165
191
  ].join(":")
166
192
  end
167
193
 
194
+ sig { params(pom: Dependabot::DependencyFile, node: Nokogiri::XML::Element).returns(T.nilable(String)) }
168
195
  def plugin_group_id(pom, node)
169
196
  return "org.apache.maven.plugins" unless node.at_xpath("./groupId")
170
197
 
@@ -174,6 +201,9 @@ module Dependabot
174
201
  )
175
202
  end
176
203
 
204
+ sig do
205
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
206
+ end
177
207
  def dependency_version(pom, dependency_node)
178
208
  requirement = dependency_requirement(pom, dependency_node)
179
209
  return nil unless requirement
@@ -185,6 +215,9 @@ module Dependabot
185
215
  requirement.gsub(/[\(\)\[\]]/, "").strip
186
216
  end
187
217
 
218
+ sig do
219
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
220
+ end
188
221
  def dependency_requirement(pom, dependency_node)
189
222
  return unless dependency_node.at_xpath("./version")
190
223
 
@@ -194,10 +227,12 @@ module Dependabot
194
227
  version_content.empty? ? nil : version_content
195
228
  end
196
229
 
230
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T::Array[String]) }
197
231
  def dependency_groups(pom, dependency_node)
198
232
  dependency_scope(pom, dependency_node) == "test" ? ["test"] : []
199
233
  end
200
234
 
235
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
201
236
  def dependency_scope(pom, dependency_node)
202
237
  return "compile" unless dependency_node.at_xpath("./scope")
203
238
 
@@ -207,6 +242,7 @@ module Dependabot
207
242
  scope_content.empty? ? "compile" : scope_content
208
243
  end
209
244
 
245
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
210
246
  def packaging_type(pom, dependency_node)
211
247
  return "pom" if dependency_node.node_name == "parent"
212
248
  return "jar" unless dependency_node.at_xpath("./type")
@@ -217,6 +253,7 @@ module Dependabot
217
253
  evaluated_value(packaging_type_content, pom)
218
254
  end
219
255
 
256
+ sig { params(dependency_node: Nokogiri::XML::Element).returns(T.nilable(String)) }
220
257
  def version_property_name(dependency_node)
221
258
  return unless dependency_node.at_xpath("./version")
222
259
 
@@ -228,17 +265,21 @@ module Dependabot
228
265
  .named_captures.fetch("property")
229
266
  end
230
267
 
268
+ sig { params(value: String, pom: Dependabot::DependencyFile).returns(String) }
231
269
  def evaluated_value(value, pom)
232
270
  return value unless value.match?(PROPERTY_REGEX)
233
271
 
234
- property_name = value.match(PROPERTY_REGEX)
235
- .named_captures.fetch("property")
236
- property_value = value_for_property(property_name, pom)
272
+ property_name = T.must(value.match(PROPERTY_REGEX))
273
+ .named_captures.fetch("property")
274
+ property_value = value_for_property(T.must(property_name), pom)
237
275
 
238
276
  new_value = value.gsub(value.match(PROPERTY_REGEX).to_s, property_value)
239
277
  evaluated_value(new_value, pom)
240
278
  end
241
279
 
280
+ sig do
281
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
282
+ end
242
283
  def property_source(dependency_node, pom)
243
284
  property_name = version_property_name(dependency_node)
244
285
  return unless property_name
@@ -254,6 +295,7 @@ module Dependabot
254
295
  raise DependencyFileNotEvaluatable, msg
255
296
  end
256
297
 
298
+ sig { params(property_name: String, pom: Dependabot::DependencyFile).returns(String) }
257
299
  def value_for_property(property_name, pom)
258
300
  value =
259
301
  property_value_finder
@@ -268,25 +310,35 @@ module Dependabot
268
310
 
269
311
  # Cached, since this can makes calls to the registry (to get property
270
312
  # values from parent POMs)
313
+ sig { returns(Dependabot::Maven::FileParser::PropertyValueFinder) }
271
314
  def property_value_finder
272
- @property_value_finder ||=
273
- PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials)
315
+ @property_value_finder ||= T.let(
316
+ PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials.map(&:to_s)),
317
+ T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
318
+ )
274
319
  end
275
320
 
321
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
276
322
  def pomfiles
277
- @pomfiles ||=
323
+ @pomfiles ||= T.let(
278
324
  dependency_files.select do |f|
279
325
  f.name.end_with?(".xml") && !f.name.end_with?("extensions.xml")
280
- end
326
+ end,
327
+ T.nilable(T::Array[Dependabot::DependencyFile])
328
+ )
281
329
  end
282
330
 
331
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
283
332
  def extensionfiles
284
- @extensionfiles ||=
285
- dependency_files.select { |f| f.name.end_with?("extensions.xml") }
333
+ @extensionfiles ||= T.let(
334
+ dependency_files.select { |f| f.name.end_with?("extensions.xml") },
335
+ T.nilable(T::Array[Dependabot::DependencyFile])
336
+ )
286
337
  end
287
338
 
339
+ sig { returns(T::Array[String]) }
288
340
  def internal_dependency_names
289
- @internal_dependency_names ||=
341
+ @internal_dependency_names ||= T.let(
290
342
  dependency_files.filter_map do |pom|
291
343
  doc = Nokogiri::XML(pom.content)
292
344
  group_id = doc.at_css("project > groupId") ||
@@ -296,9 +348,12 @@ module Dependabot
296
348
  next unless group_id && artifact_id
297
349
 
298
350
  [group_id.content.strip, artifact_id.content.strip].join(":")
299
- end
351
+ end,
352
+ T.nilable(T::Array[String])
353
+ )
300
354
  end
301
355
 
356
+ sig { override.void }
302
357
  def check_required_files
303
358
  raise "No pom.xml!" unless get_original_file("pom.xml")
304
359
  end
data/lib/dependabot/maven/file_updater/property_value_updater.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "nokogiri"
5
6
 
6
7
  require "dependabot/dependency_file"
@@ -11,54 +12,72 @@ module Dependabot
11
12
  module Maven
12
13
  class FileUpdater
13
14
  class PropertyValueUpdater
15
+ extend T::Sig
16
+
17
+ sig { params(dependency_files: T::Array[DependencyFile]).void }
14
18
  def initialize(dependency_files:)
15
19
  @dependency_files = dependency_files
16
20
  end
17
21
 
22
+ # rubocop:disable Metrics/AbcSize
23
+ # rubocop:disable Metrics/PerceivedComplexity
24
+ sig do
25
+ params(
26
+ property_name: String,
27
+ callsite_pom: DependencyFile,
28
+ updated_value: String
29
+ ).returns(T::Array[DependencyFile])
30
+ end
18
31
  def update_pomfiles_for_property_change(property_name:, callsite_pom:,
19
32
  updated_value:)
20
33
  declaration_details = property_value_finder.property_details(
21
34
  property_name: property_name,
22
35
  callsite_pom: callsite_pom
23
36
  )
24
- node = declaration_details.fetch(:node)
25
- filename = declaration_details.fetch(:file)
37
+ node = declaration_details&.fetch(:node)
38
+ filename = declaration_details&.fetch(:file)
26
39
 
27
40
  pom_to_update = dependency_files.find { |f| f.name == filename }
28
41
  property_re = %r{<#{Regexp.quote(node.name)}>
29
42
  \s*#{Regexp.quote(node.content)}\s*
30
43
  </#{Regexp.quote(node.name)}>}xm
31
44
  property_text = node.to_s
32
- if pom_to_update.content&.match?(property_re)
33
- updated_content = pom_to_update.content.sub(
45
+ if pom_to_update&.content&.match?(property_re)
46
+ updated_content = pom_to_update&.content&.sub(
34
47
  property_re,
35
48
  "<#{node.name}>#{updated_value}</#{node.name}>"
36
49
  )
37
- elsif pom_to_update.content.include? property_text
50
+ elsif pom_to_update&.content&.include? property_text
38
51
  node.content = updated_value
39
- updated_content = pom_to_update.content.sub(
52
+ updated_content = pom_to_update&.content&.sub(
40
53
  property_text,
41
54
  node.to_s
42
55
  )
43
56
  end
44
57
 
45
58
  updated_pomfiles = dependency_files.dup
46
- updated_pomfiles[updated_pomfiles.index(pom_to_update)] =
47
- update_file(file: pom_to_update, content: updated_content)
59
+ updated_pomfiles[T.must(updated_pomfiles.index(pom_to_update))] =
60
+ update_file(file: T.must(pom_to_update), content: T.must(updated_content))
48
61
 
49
62
  updated_pomfiles
50
63
  end
64
+ # rubocop:enable Metrics/PerceivedComplexity
65
+ # rubocop:enable Metrics/AbcSize
51
66
 
52
67
  private
53
68
 
69
+ sig { returns T::Array[Dependabot::DependencyFile] }
54
70
  attr_reader :dependency_files
55
71
 
72
+ sig { returns Maven::FileParser::PropertyValueFinder }
56
73
  def property_value_finder
57
- @property_value_finder ||=
58
- Maven::FileParser::PropertyValueFinder
59
- .new(dependency_files: dependency_files)
74
+ @property_value_finder ||= T.let(
75
+ Maven::FileParser::PropertyValueFinder.new(dependency_files: dependency_files),
76
+ T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
77
+ )
60
78
  end
61
79
 
80
+ sig { params(file: DependencyFile, content: String).returns(DependencyFile) }
62
81
  def update_file(file:, content:)
63
82
  updated_file = file.dup
64
83
  updated_file.content = content
data/lib/dependabot/maven/update_checker.rb CHANGED
@@ -138,7 +138,7 @@ module Dependabot
138
138
  def property_value_finder
139
139
  @property_value_finder ||=
140
140
  Maven::FileParser::PropertyValueFinder
141
- .new(dependency_files: dependency_files, credentials: credentials)
141
+ .new(dependency_files: dependency_files, credentials: credentials.map(&:to_s))
142
142
  end
143
143
 
144
144
  def version_comes_from_multi_dependency_property?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.263.0
4
+ version: 0.264.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-27 00:00:00.000000000 Z
11
+ date: 2024-07-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.263.0
19
+ version: 0.264.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.263.0
26
+ version: 0.264.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -264,7 +264,7 @@ licenses:
264
264
  - MIT
265
265
  metadata:
266
266
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
267
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.263.0
267
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
268
268
  post_install_message:
269
269
  rdoc_options: []
270
270
  require_paths: