dependabot-maven 0.263.0 → 0.264.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_parser/pom_fetcher.rb +31 -6
  3. data/lib/dependabot/maven/file_parser/property_value_finder.rb +29 -7
  4. data/lib/dependabot/maven/file_parser.rb +67 -12
  5. data/lib/dependabot/maven/file_updater/property_value_updater.rb +31 -12
  6. data/lib/dependabot/maven/update_checker.rb +1 -1
  7. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 552768ff6db96fce263a5a771e6a7026292b7762f164e4c8db9b9d086ef1fbf1
4
- data.tar.gz: 2eae3cbb621aebdeeebb4de95093f7c4b002bcde6e8b1b7e29e1367120a13686
3
+ metadata.gz: 51df7f3dc716cc7674949df83e48d90d04921493c750524def54b0cbe24dc920
4
+ data.tar.gz: b2cd29d713898236089bd0049b12b05098f5cd9f7e8e3393a711955fc1dbea66
5
5
  SHA512:
6
- metadata.gz: 5e7a9f332a6295e56d186774f400680129af29f257b359c9636dae18b9234efc73826c7f76d5d3574a7aa04bc5c2f7391e3c7b1a4e92e916278349d35ce6ee17
7
- data.tar.gz: e8d6f1a5cd5a23161dad0d8fdde58538c4c63d402783dd420f0778ee3e008a68b59c63dc0e659f2ca41f616bb3ad0b728ada61666b41409dcfb4e8c5bebee66f
6
+ metadata.gz: 76f561eb9ab1cef94fe2cf02455ba8b63ed98296c8aa17b12a8e7e19297e883b03380fc4feb0644f9b3ff296e59a42bb40563cc905106ff2343195281ae88e95
7
+ data.tar.gz: 134b49a299b44872d274fad695741584eaced44b3528a78a6d3178334f1f1582c440b9260295f758af5f0310456ac71fa123dc0a062aed73788bdc4aec306098
data/lib/dependabot/maven/file_parser/pom_fetcher.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "nokogiri"
5
6
 
6
7
  require "dependabot/dependency_file"
@@ -11,15 +12,19 @@ module Dependabot
11
12
  module Maven
12
13
  class FileParser
13
14
  class PomFetcher
15
+ extend T::Sig
16
+
17
+ sig { params(dependency_files: T::Array[DependencyFile]).void }
14
18
  def initialize(dependency_files:)
15
19
  @dependency_files = dependency_files
16
- @poms = {}
20
+ @poms = T.let({}, T::Hash[String, DependencyFile])
17
21
  end
18
22
 
23
+ sig { returns(T::Hash[String, DependencyFile]) }
19
24
  def internal_dependency_poms
20
25
  return @internal_dependency_poms if @internal_dependency_poms
21
26
 
22
- @internal_dependency_poms = {}
27
+ @internal_dependency_poms = T.let({}, T.nilable(T::Hash[String, DependencyFile]))
23
28
  dependency_files.each do |pom|
24
29
  doc = Nokogiri::XML(pom.content)
25
30
  group_id = doc.at_css("project > groupId") ||
@@ -33,12 +38,20 @@ module Dependabot
33
38
  artifact_id.content.strip
34
39
  ].join(":")
35
40
 
36
- @internal_dependency_poms[dependency_name] = pom
41
+ T.must(@internal_dependency_poms)[dependency_name] = pom
37
42
  end
38
43
 
39
- @internal_dependency_poms
44
+ T.must(@internal_dependency_poms)
40
45
  end
41
46
 
47
+ sig do
48
+ params(
49
+ group_id: String,
50
+ artifact_id: String,
51
+ version: String,
52
+ urls_to_try: T::Array[String]
53
+ ).returns(T.nilable(DependencyFile)) # Fix: Added closing parenthesis
54
+ end
42
55
  def fetch_remote_parent_pom(group_id, artifact_id, version, urls_to_try)
43
56
  pom_id = "#{group_id}:#{artifact_id}:#{version}"
44
57
  return @poms[pom_id] if @poms.key?(pom_id)
@@ -74,24 +87,33 @@ module Dependabot
74
87
 
75
88
  private
76
89
 
90
+ sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
77
91
  def remote_pom_url(group_id, artifact_id, version, base_repo_url)
78
92
  "#{base_repo_url}/" \
79
93
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
80
94
  "#{artifact_id}-#{version}.pom"
81
95
  end
82
96
 
97
+ sig do
98
+ params(group_id: String, artifact_id: String, version: String, snapshot_version: String,
99
+ base_repo_url: String).returns(String)
100
+ end
83
101
  def remote_pom_snapshot_url(group_id, artifact_id, version, snapshot_version, base_repo_url)
84
102
  "#{base_repo_url}/" \
85
103
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
86
104
  "#{artifact_id}-#{snapshot_version}.pom"
87
105
  end
88
106
 
107
+ sig { params(group_id: String, artifact_id: String, version: String, base_repo_url: String).returns(String) }
89
108
  def remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_repo_url)
90
109
  "#{base_repo_url}/" \
91
110
  "#{group_id.tr('.', '/')}/#{artifact_id}/#{version}/" \
92
111
  "maven-metadata.xml"
93
112
  end
94
113
 
114
+ sig do
115
+ params(group_id: String, artifact_id: String, version: String, base_url: String).returns(T.nilable(String))
116
+ end
95
117
  def fetch_snapshot_pom_url(group_id, artifact_id, version, base_url)
96
118
  url = remote_pom_snapshot_metadata_url(group_id, artifact_id, version, base_url)
97
119
  response = fetch(url)
@@ -107,15 +129,18 @@ module Dependabot
107
129
  remote_pom_snapshot_url(group_id, artifact_id, version, snapshot, base_url)
108
130
  end
109
131
 
132
+ sig { params(url: String).returns(Excon::Response) }
110
133
  def fetch(url)
111
- @maven_responses ||= {}
134
+ @maven_responses ||= T.let({}, T.nilable(T::Hash[String, Excon::Response]))
112
135
  @maven_responses[url] ||= Dependabot::RegistryClient.get(url: url, options: { retry_limit: 1 })
113
136
  end
114
137
 
138
+ sig { params(content: String).returns(T::Boolean) }
115
139
  def pom?(content)
116
140
  !Nokogiri::XML(content).at_css("project > artifactId").nil?
117
141
  end
118
142
 
143
+ sig { returns(T::Array[DependencyFile]) }
119
144
  attr_reader :dependency_files
120
145
  end
121
146
  end
data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED
@@ -1,8 +1,8 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
5
-
5
+ require "sorbet-runtime"
6
6
  require "dependabot/dependency_file"
7
7
  require "dependabot/maven/file_parser"
8
8
  require "dependabot/registry_client"
@@ -14,17 +14,24 @@ module Dependabot
14
14
  module Maven
15
15
  class FileParser
16
16
  class PropertyValueFinder
17
+ extend T::Sig
18
+
17
19
  require_relative "repositories_finder"
18
20
  require_relative "pom_fetcher"
19
21
 
20
22
  DOT_SEPARATOR_REGEX = %r{\.(?!\d+([.\/_\-]|$)+)}
21
23
 
24
+ sig { params(dependency_files: T::Array[DependencyFile], credentials: T::Array[String]).void }
22
25
  def initialize(dependency_files:, credentials: [])
23
26
  @dependency_files = dependency_files
24
27
  @credentials = credentials
25
- @pom_fetcher = PomFetcher.new(dependency_files: dependency_files)
28
+ @pom_fetcher = T.let(PomFetcher.new(dependency_files: dependency_files),
29
+ Dependabot::Maven::FileParser::PomFetcher)
26
30
  end
27
31
 
32
+ sig do
33
+ params(property_name: String, callsite_pom: DependencyFile).returns(T.nilable(T::Hash[Symbol, T.untyped]))
34
+ end
28
35
  def property_details(property_name:, callsite_pom:)
29
36
  pom = callsite_pom
30
37
  doc = Nokogiri::XML(pom.content)
@@ -71,8 +78,17 @@ module Dependabot
71
78
 
72
79
  private
73
80
 
81
+ sig { returns(T::Array[DependencyFile]) }
74
82
  attr_reader :dependency_files
75
83
 
84
+ sig do
85
+ params(
86
+ expression: String,
87
+ property_name: String,
88
+ callsite_pom: DependencyFile
89
+ )
90
+ .returns(T.nilable(T::Hash[Symbol, String]))
91
+ end
76
92
  def extract_value_from_expression(expression:, property_name:, callsite_pom:)
77
93
  # and the expression is pointing to self then raise the error
78
94
  if expression.eql?("${#{property_name}}")
@@ -83,14 +99,16 @@ module Dependabot
83
99
  end
84
100
 
85
101
  # and the expression is pointing to another tag, then get the value of that tag
86
- property_details(property_name: expression.slice(2..-2), callsite_pom: callsite_pom)
102
+ property_details(property_name: T.must(expression.slice(2..-2)), callsite_pom: callsite_pom)
87
103
  end
88
104
 
105
+ sig { params(property_name: String).returns(String) }
89
106
  def sanitize_property_name(property_name)
90
107
  property_name.sub(/^pom\./, "").sub(/^project\./, "")
91
108
  end
92
109
 
93
110
  # rubocop:disable Metrics/PerceivedComplexity
111
+ sig { params(pom: DependencyFile).returns(T.nilable(DependencyFile)) }
94
112
  def parent_pom(pom)
95
113
  doc = Nokogiri::XML(pom.content)
96
114
  doc.remove_namespaces!
@@ -111,6 +129,7 @@ module Dependabot
111
129
  end
112
130
  # rubocop:enable Metrics/PerceivedComplexity
113
131
 
132
+ sig { params(pom: DependencyFile).returns(T::Array[String]) }
114
133
  def parent_repository_urls(pom)
115
134
  repositories_finder.repository_urls(
116
135
  pom: pom,
@@ -119,14 +138,17 @@ module Dependabot
119
138
  )
120
139
  end
121
140
 
141
+ sig { returns(RepositoriesFinder) }
122
142
  def repositories_finder
123
- @repositories_finder ||=
124
- RepositoriesFinder.new(
143
+ @repositories_finder ||= T.let(
144
+ Dependabot::Maven::FileParser::RepositoriesFinder.new(
125
145
  pom_fetcher: @pom_fetcher,
126
146
  dependency_files: dependency_files,
127
147
  credentials: @credentials,
128
148
  evaluate_properties: false
129
- )
149
+ ),
150
+ T.nilable(Dependabot::Maven::FileParser::RepositoriesFinder)
151
+ )
130
152
  end
131
153
  end
132
154
  end
data/lib/dependabot/maven/file_parser.rb CHANGED
@@ -1,4 +1,4 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
@@ -15,6 +15,7 @@ require "dependabot/errors"
15
15
  module Dependabot
16
16
  module Maven
17
17
  class FileParser < Dependabot::FileParsers::Base
18
+ extend T::Sig
18
19
  require "dependabot/file_parsers/base/dependency_set"
19
20
  require_relative "file_parser/property_value_finder"
20
21
 
@@ -35,6 +36,7 @@ module Dependabot
35
36
  # Regex to get the property name from a declaration that uses a property
36
37
  PROPERTY_REGEX = /\$\{(?<property>.*?)\}/
37
38
 
39
+ sig { override.returns(T::Array[Dependabot::Dependency]) }
38
40
  def parse
39
41
  dependency_set = DependencySet.new
40
42
  pomfiles.each { |pom| dependency_set += pomfile_dependencies(pom) }
@@ -44,6 +46,7 @@ module Dependabot
44
46
 
45
47
  private
46
48
 
49
+ sig { params(pom: Dependabot::DependencyFile).returns(DependencySet) }
47
50
  def pomfile_dependencies(pom)
48
51
  dependency_set = DependencySet.new
49
52
 
@@ -70,6 +73,7 @@ module Dependabot
70
73
  dependency_set
71
74
  end
72
75
 
76
+ sig { params(extension: Dependabot::DependencyFile).returns(DependencySet) }
73
77
  def extensionfile_dependencies(extension)
74
78
  dependency_set = DependencySet.new
75
79
 
@@ -89,6 +93,10 @@ module Dependabot
89
93
  dependency_set
90
94
  end
91
95
 
96
+ sig do
97
+ params(pom: Dependabot::DependencyFile,
98
+ dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
99
+ end
92
100
  def dependency_from_dependency_node(pom, dependency_node)
93
101
  return unless (name = dependency_name(dependency_node, pom))
94
102
  return if internal_dependency_names.include?(name)
@@ -96,6 +104,10 @@ module Dependabot
96
104
  build_dependency(pom, dependency_node, name)
97
105
  end
98
106
 
107
+ sig do
108
+ params(pom: Dependabot::DependencyFile,
109
+ dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
110
+ end
99
111
  def dependency_from_plugin_node(pom, dependency_node)
100
112
  return unless (name = plugin_name(dependency_node, pom))
101
113
  return if internal_dependency_names.include?(name)
@@ -103,6 +115,10 @@ module Dependabot
103
115
  build_dependency(pom, dependency_node, name)
104
116
  end
105
117
 
118
+ sig do
119
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element,
120
+ name: String).returns(T.nilable(Dependabot::Dependency))
121
+ end
106
122
  def build_dependency(pom, dependency_node, name)
107
123
  property_details =
108
124
  {
@@ -127,6 +143,10 @@ module Dependabot
127
143
  )
128
144
  end
129
145
 
146
+ sig do
147
+ params(dependency_node: Nokogiri::XML::Element,
148
+ pom: Dependabot::DependencyFile).returns(T.nilable(String))
149
+ end
130
150
  def dependency_name(dependency_node, pom)
131
151
  return unless dependency_node.at_xpath("./groupId")
132
152
  return unless dependency_node.at_xpath("./artifactId")
@@ -143,6 +163,9 @@ module Dependabot
143
163
  ].join(":")
144
164
  end
145
165
 
166
+ sig do
167
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
168
+ end
146
169
  def dependency_classifier(dependency_node, pom)
147
170
  return unless dependency_node.at_xpath("./classifier")
148
171
 
@@ -152,6 +175,9 @@ module Dependabot
152
175
  )
153
176
  end
154
177
 
178
+ sig do
179
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
180
+ end
155
181
  def plugin_name(dependency_node, pom)
156
182
  return unless plugin_group_id(pom, dependency_node)
157
183
  return unless dependency_node.at_xpath("./artifactId")
@@ -165,6 +191,7 @@ module Dependabot
165
191
  ].join(":")
166
192
  end
167
193
 
194
+ sig { params(pom: Dependabot::DependencyFile, node: Nokogiri::XML::Element).returns(T.nilable(String)) }
168
195
  def plugin_group_id(pom, node)
169
196
  return "org.apache.maven.plugins" unless node.at_xpath("./groupId")
170
197
 
@@ -174,6 +201,9 @@ module Dependabot
174
201
  )
175
202
  end
176
203
 
204
+ sig do
205
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
206
+ end
177
207
  def dependency_version(pom, dependency_node)
178
208
  requirement = dependency_requirement(pom, dependency_node)
179
209
  return nil unless requirement
@@ -185,6 +215,9 @@ module Dependabot
185
215
  requirement.gsub(/[\(\)\[\]]/, "").strip
186
216
  end
187
217
 
218
+ sig do
219
+ params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T.nilable(String))
220
+ end
188
221
  def dependency_requirement(pom, dependency_node)
189
222
  return unless dependency_node.at_xpath("./version")
190
223
 
@@ -194,10 +227,12 @@ module Dependabot
194
227
  version_content.empty? ? nil : version_content
195
228
  end
196
229
 
230
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(T::Array[String]) }
197
231
  def dependency_groups(pom, dependency_node)
198
232
  dependency_scope(pom, dependency_node) == "test" ? ["test"] : []
199
233
  end
200
234
 
235
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
201
236
  def dependency_scope(pom, dependency_node)
202
237
  return "compile" unless dependency_node.at_xpath("./scope")
203
238
 
@@ -207,6 +242,7 @@ module Dependabot
207
242
  scope_content.empty? ? "compile" : scope_content
208
243
  end
209
244
 
245
+ sig { params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element).returns(String) }
210
246
  def packaging_type(pom, dependency_node)
211
247
  return "pom" if dependency_node.node_name == "parent"
212
248
  return "jar" unless dependency_node.at_xpath("./type")
@@ -217,6 +253,7 @@ module Dependabot
217
253
  evaluated_value(packaging_type_content, pom)
218
254
  end
219
255
 
256
+ sig { params(dependency_node: Nokogiri::XML::Element).returns(T.nilable(String)) }
220
257
  def version_property_name(dependency_node)
221
258
  return unless dependency_node.at_xpath("./version")
222
259
 
@@ -228,17 +265,21 @@ module Dependabot
228
265
  .named_captures.fetch("property")
229
266
  end
230
267
 
268
+ sig { params(value: String, pom: Dependabot::DependencyFile).returns(String) }
231
269
  def evaluated_value(value, pom)
232
270
  return value unless value.match?(PROPERTY_REGEX)
233
271
 
234
- property_name = value.match(PROPERTY_REGEX)
235
- .named_captures.fetch("property")
236
- property_value = value_for_property(property_name, pom)
272
+ property_name = T.must(value.match(PROPERTY_REGEX))
273
+ .named_captures.fetch("property")
274
+ property_value = value_for_property(T.must(property_name), pom)
237
275
 
238
276
  new_value = value.gsub(value.match(PROPERTY_REGEX).to_s, property_value)
239
277
  evaluated_value(new_value, pom)
240
278
  end
241
279
 
280
+ sig do
281
+ params(dependency_node: Nokogiri::XML::Element, pom: Dependabot::DependencyFile).returns(T.nilable(String))
282
+ end
242
283
  def property_source(dependency_node, pom)
243
284
  property_name = version_property_name(dependency_node)
244
285
  return unless property_name
@@ -254,6 +295,7 @@ module Dependabot
254
295
  raise DependencyFileNotEvaluatable, msg
255
296
  end
256
297
 
298
+ sig { params(property_name: String, pom: Dependabot::DependencyFile).returns(String) }
257
299
  def value_for_property(property_name, pom)
258
300
  value =
259
301
  property_value_finder
@@ -268,25 +310,35 @@ module Dependabot
268
310
 
269
311
  # Cached, since this can makes calls to the registry (to get property
270
312
  # values from parent POMs)
313
+ sig { returns(Dependabot::Maven::FileParser::PropertyValueFinder) }
271
314
  def property_value_finder
272
- @property_value_finder ||=
273
- PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials)
315
+ @property_value_finder ||= T.let(
316
+ PropertyValueFinder.new(dependency_files: dependency_files, credentials: credentials.map(&:to_s)),
317
+ T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
318
+ )
274
319
  end
275
320
 
321
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
276
322
  def pomfiles
277
- @pomfiles ||=
323
+ @pomfiles ||= T.let(
278
324
  dependency_files.select do |f|
279
325
  f.name.end_with?(".xml") && !f.name.end_with?("extensions.xml")
280
- end
326
+ end,
327
+ T.nilable(T::Array[Dependabot::DependencyFile])
328
+ )
281
329
  end
282
330
 
331
+ sig { returns(T::Array[Dependabot::DependencyFile]) }
283
332
  def extensionfiles
284
- @extensionfiles ||=
285
- dependency_files.select { |f| f.name.end_with?("extensions.xml") }
333
+ @extensionfiles ||= T.let(
334
+ dependency_files.select { |f| f.name.end_with?("extensions.xml") },
335
+ T.nilable(T::Array[Dependabot::DependencyFile])
336
+ )
286
337
  end
287
338
 
339
+ sig { returns(T::Array[String]) }
288
340
  def internal_dependency_names
289
- @internal_dependency_names ||=
341
+ @internal_dependency_names ||= T.let(
290
342
  dependency_files.filter_map do |pom|
291
343
  doc = Nokogiri::XML(pom.content)
292
344
  group_id = doc.at_css("project > groupId") ||
@@ -296,9 +348,12 @@ module Dependabot
296
348
  next unless group_id && artifact_id
297
349
 
298
350
  [group_id.content.strip, artifact_id.content.strip].join(":")
299
- end
351
+ end,
352
+ T.nilable(T::Array[String])
353
+ )
300
354
  end
301
355
 
356
+ sig { override.void }
302
357
  def check_required_files
303
358
  raise "No pom.xml!" unless get_original_file("pom.xml")
304
359
  end
data/lib/dependabot/maven/file_updater/property_value_updater.rb CHANGED
@@ -1,6 +1,7 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
4
5
  require "nokogiri"
5
6
 
6
7
  require "dependabot/dependency_file"
@@ -11,54 +12,72 @@ module Dependabot
11
12
  module Maven
12
13
  class FileUpdater
13
14
  class PropertyValueUpdater
15
+ extend T::Sig
16
+
17
+ sig { params(dependency_files: T::Array[DependencyFile]).void }
14
18
  def initialize(dependency_files:)
15
19
  @dependency_files = dependency_files
16
20
  end
17
21
 
22
+ # rubocop:disable Metrics/AbcSize
23
+ # rubocop:disable Metrics/PerceivedComplexity
24
+ sig do
25
+ params(
26
+ property_name: String,
27
+ callsite_pom: DependencyFile,
28
+ updated_value: String
29
+ ).returns(T::Array[DependencyFile])
30
+ end
18
31
  def update_pomfiles_for_property_change(property_name:, callsite_pom:,
19
32
  updated_value:)
20
33
  declaration_details = property_value_finder.property_details(
21
34
  property_name: property_name,
22
35
  callsite_pom: callsite_pom
23
36
  )
24
- node = declaration_details.fetch(:node)
25
- filename = declaration_details.fetch(:file)
37
+ node = declaration_details&.fetch(:node)
38
+ filename = declaration_details&.fetch(:file)
26
39
 
27
40
  pom_to_update = dependency_files.find { |f| f.name == filename }
28
41
  property_re = %r{<#{Regexp.quote(node.name)}>
29
42
  \s*#{Regexp.quote(node.content)}\s*
30
43
  </#{Regexp.quote(node.name)}>}xm
31
44
  property_text = node.to_s
32
- if pom_to_update.content&.match?(property_re)
33
- updated_content = pom_to_update.content.sub(
45
+ if pom_to_update&.content&.match?(property_re)
46
+ updated_content = pom_to_update&.content&.sub(
34
47
  property_re,
35
48
  "<#{node.name}>#{updated_value}</#{node.name}>"
36
49
  )
37
- elsif pom_to_update.content.include? property_text
50
+ elsif pom_to_update&.content&.include? property_text
38
51
  node.content = updated_value
39
- updated_content = pom_to_update.content.sub(
52
+ updated_content = pom_to_update&.content&.sub(
40
53
  property_text,
41
54
  node.to_s
42
55
  )
43
56
  end
44
57
 
45
58
  updated_pomfiles = dependency_files.dup
46
- updated_pomfiles[updated_pomfiles.index(pom_to_update)] =
47
- update_file(file: pom_to_update, content: updated_content)
59
+ updated_pomfiles[T.must(updated_pomfiles.index(pom_to_update))] =
60
+ update_file(file: T.must(pom_to_update), content: T.must(updated_content))
48
61
 
49
62
  updated_pomfiles
50
63
  end
64
+ # rubocop:enable Metrics/PerceivedComplexity
65
+ # rubocop:enable Metrics/AbcSize
51
66
 
52
67
  private
53
68
 
69
+ sig { returns T::Array[Dependabot::DependencyFile] }
54
70
  attr_reader :dependency_files
55
71
 
72
+ sig { returns Maven::FileParser::PropertyValueFinder }
56
73
  def property_value_finder
57
- @property_value_finder ||=
58
- Maven::FileParser::PropertyValueFinder
59
- .new(dependency_files: dependency_files)
74
+ @property_value_finder ||= T.let(
75
+ Maven::FileParser::PropertyValueFinder.new(dependency_files: dependency_files),
76
+ T.nilable(Dependabot::Maven::FileParser::PropertyValueFinder)
77
+ )
60
78
  end
61
79
 
80
+ sig { params(file: DependencyFile, content: String).returns(DependencyFile) }
62
81
  def update_file(file:, content:)
63
82
  updated_file = file.dup
64
83
  updated_file.content = content
data/lib/dependabot/maven/update_checker.rb CHANGED
@@ -138,7 +138,7 @@ module Dependabot
138
138
  def property_value_finder
139
139
  @property_value_finder ||=
140
140
  Maven::FileParser::PropertyValueFinder
141
- .new(dependency_files: dependency_files, credentials: credentials)
141
+ .new(dependency_files: dependency_files, credentials: credentials.map(&:to_s))
142
142
  end
143
143
 
144
144
  def version_comes_from_multi_dependency_property?
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.263.0
4
+ version: 0.264.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-27 00:00:00.000000000 Z
11
+ date: 2024-07-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.263.0
19
+ version: 0.264.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.263.0
26
+ version: 0.264.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -264,7 +264,7 @@ licenses:
264
264
  - MIT
265
265
  metadata:
266
266
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
267
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.263.0
267
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0
268
268
  post_install_message:
269
269
  rdoc_options: []
270
270
  require_paths: