dependabot-maven 0.334.0 → 0.335.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/maven/file_fetcher.rb +8 -4
  3. data/lib/dependabot/maven/file_parser/maven_dependency_parser.rb +5 -3
  4. data/lib/dependabot/maven/file_parser/pom_fetcher.rb +7 -2
  5. data/lib/dependabot/maven/file_parser/property_value_finder.rb +4 -2
  6. data/lib/dependabot/maven/file_parser.rb +27 -13
  7. data/lib/dependabot/maven/file_updater.rb +37 -15
  8. data/lib/dependabot/maven/metadata_finder.rb +4 -2
  9. data/lib/dependabot/maven/package/package_details_fetcher.rb +1 -0
  10. data/lib/dependabot/maven/update_checker/property_updater.rb +5 -2
  11. data/lib/dependabot/maven/update_checker/requirements_updater.rb +6 -2
  12. data/lib/dependabot/maven/update_checker/version_finder.rb +9 -3
  13. data/lib/dependabot/maven/update_checker.rb +13 -6
  14. data/lib/dependabot/maven/version.rb +10 -7
  15. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 335b5be614b54bc7da3e9fe4232a82577deeb359f8578441b1bc9bc76d42c3a2
4
- data.tar.gz: fd7bca083ca599e5569bfab2a20ef6dcf83809238b07232779bfc616bd9c1022
3
+ metadata.gz: 3589833a72c748e0b0b44bc1ea4e93eaeb811e08d901c6d26330875c579bd790
4
+ data.tar.gz: 1a2e5ea242adb1bd815d524a16fadacae9f40989c80943221aa9060f8666210c
5
5
  SHA512:
6
- metadata.gz: 2de9fd3c56fd3990c48d2d2f00201283038d51606de0c8061e0107aab6e707990a22923160589fdb6917564c2af0e58e13f9aaa6e75044e0f0825c6dd097775c
7
- data.tar.gz: c3a8ae5ff7a8ec424d56d4750c6ce6f98b7fbef17f00ec58cadd37c63128b46d38b80c1abfe981b41286c318dd4063b12597c196f015026be723725787bcc574
6
+ metadata.gz: ea807d85d33999f9f002e9fd68d48482d3a39bc353b6297a7bafcfc7d17cb2ecfd408260da55067d1187808c527dd5f19c031ed21c898298bb1100420ad2c1ba
7
+ data.tar.gz: 05b039f34911d5aadbba4fa9a54be56839b7c3992fed21dc587fdc78b7d3169c3a54be58eccdef1d11cb8f997928e7bde618a071002f0ca6e1da81dbb5467301
data/lib/dependabot/maven/file_fetcher.rb CHANGED
@@ -71,8 +71,10 @@ module Dependabot
71
71
  end
72
72
 
73
73
  sig do
74
- params(pom: Dependabot::DependencyFile,
75
- fetched_filenames: T::Array[String]).returns(T::Array[Dependabot::DependencyFile])
74
+ params(
75
+ pom: Dependabot::DependencyFile,
76
+ fetched_filenames: T::Array[String]
77
+ ).returns(T::Array[Dependabot::DependencyFile])
76
78
  end
77
79
  def recursively_fetch_child_poms(pom, fetched_filenames:)
78
80
  base_path = File.dirname(pom.name)
@@ -109,8 +111,10 @@ module Dependabot
109
111
  end
110
112
 
111
113
  sig do
112
- params(pom: Dependabot::DependencyFile,
113
- fetched_filenames: T::Array[String]).returns(T::Array[Dependabot::DependencyFile])
114
+ params(
115
+ pom: Dependabot::DependencyFile,
116
+ fetched_filenames: T::Array[String]
117
+ ).returns(T::Array[Dependabot::DependencyFile])
114
118
  end
115
119
  def recursively_fetch_relative_path_parents(pom, fetched_filenames:)
116
120
  path = parent_path_for_pom(pom)
data/lib/dependabot/maven/file_parser/maven_dependency_parser.rb CHANGED
@@ -64,9 +64,11 @@ module Dependabot
64
64
  end
65
65
 
66
66
  sig do
67
- params(pom: Dependabot::DependencyFile,
68
- dependency_set: Dependabot::FileParsers::Base::DependencySet,
69
- dependency_tree: T::Hash[String, T.untyped]).void
67
+ params(
68
+ pom: Dependabot::DependencyFile,
69
+ dependency_set: Dependabot::FileParsers::Base::DependencySet,
70
+ dependency_tree: T::Hash[String, T.untyped]
71
+ ).void
70
72
  end
71
73
  def self.extract_dependencies_from_tree(pom, dependency_set, dependency_tree)
72
74
  traverse_tree = T.let(-> {}, T.proc.params(node: T::Hash[String, T.untyped]).void)
data/lib/dependabot/maven/file_parser/pom_fetcher.rb CHANGED
@@ -95,8 +95,13 @@ module Dependabot
95
95
  end
96
96
 
97
97
  sig do
98
- params(group_id: String, artifact_id: String, version: String, snapshot_version: String,
99
- base_repo_url: String).returns(String)
98
+ params(
99
+ group_id: String,
100
+ artifact_id: String,
101
+ version: String,
102
+ snapshot_version: String,
103
+ base_repo_url: String
104
+ ).returns(String)
100
105
  end
101
106
  def remote_pom_snapshot_url(group_id, artifact_id, version, snapshot_version, base_repo_url)
102
107
  "#{base_repo_url}/" \
data/lib/dependabot/maven/file_parser/property_value_finder.rb CHANGED
@@ -31,8 +31,10 @@ module Dependabot
31
31
  def initialize(dependency_files:, credentials: [])
32
32
  @dependency_files = dependency_files
33
33
  @credentials = credentials
34
- @pom_fetcher = T.let(PomFetcher.new(dependency_files: dependency_files),
35
- Dependabot::Maven::FileParser::PomFetcher)
34
+ @pom_fetcher = T.let(
35
+ PomFetcher.new(dependency_files: dependency_files),
36
+ Dependabot::Maven::FileParser::PomFetcher
37
+ )
36
38
  end
37
39
 
38
40
  sig do
data/lib/dependabot/maven/file_parser.rb CHANGED
@@ -95,9 +95,12 @@ module Dependabot
95
95
 
96
96
  sig { returns(T.nilable(Ecosystem::VersionManager)) }
97
97
  def language
98
- @language ||= T.let(begin
99
- Language.new("NOT-AVAILABLE")
100
- end, T.nilable(Dependabot::Maven::Language))
98
+ @language ||= T.let(
99
+ begin
100
+ Language.new("NOT-AVAILABLE")
101
+ end,
102
+ T.nilable(Dependabot::Maven::Language)
103
+ )
101
104
  end
102
105
 
103
106
  sig { params(pom: Dependabot::DependencyFile).returns(DependencySet) }
@@ -148,8 +151,10 @@ module Dependabot
148
151
  end
149
152
 
150
153
  sig do
151
- params(pom: Dependabot::DependencyFile,
152
- dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
154
+ params(
155
+ pom: Dependabot::DependencyFile,
156
+ dependency_node: Nokogiri::XML::Element
157
+ ).returns(T.nilable(Dependabot::Dependency))
153
158
  end
154
159
  def dependency_from_dependency_node(pom, dependency_node)
155
160
  return unless (name = dependency_name(dependency_node, pom))
@@ -159,8 +164,10 @@ module Dependabot
159
164
  end
160
165
 
161
166
  sig do
162
- params(pom: Dependabot::DependencyFile,
163
- dependency_node: Nokogiri::XML::Element).returns(T.nilable(Dependabot::Dependency))
167
+ params(
168
+ pom: Dependabot::DependencyFile,
169
+ dependency_node: Nokogiri::XML::Element
170
+ ).returns(T.nilable(Dependabot::Dependency))
164
171
  end
165
172
  def dependency_from_plugin_node(pom, dependency_node)
166
173
  return unless (name = plugin_name(dependency_node, pom))
@@ -170,8 +177,11 @@ module Dependabot
170
177
  end
171
178
 
172
179
  sig do
173
- params(pom: Dependabot::DependencyFile, dependency_node: Nokogiri::XML::Element,
174
- name: String).returns(T.nilable(Dependabot::Dependency))
180
+ params(
181
+ pom: Dependabot::DependencyFile,
182
+ dependency_node: Nokogiri::XML::Element,
183
+ name: String
184
+ ).returns(T.nilable(Dependabot::Dependency))
175
185
  end
176
186
  def build_dependency(pom, dependency_node, name)
177
187
  property_details =
@@ -198,8 +208,10 @@ module Dependabot
198
208
  end
199
209
 
200
210
  sig do
201
- params(dependency_node: Nokogiri::XML::Element,
202
- pom: Dependabot::DependencyFile).returns(T.nilable(String))
211
+ params(
212
+ dependency_node: Nokogiri::XML::Element,
213
+ pom: Dependabot::DependencyFile
214
+ ).returns(T.nilable(String))
203
215
  end
204
216
  def dependency_name(dependency_node, pom)
205
217
  return unless dependency_node.at_xpath("./groupId")
@@ -463,8 +475,10 @@ module Dependabot
463
475
 
464
476
  # Merge metadata from two requirements, combining all keys
465
477
  sig do
466
- params(metadata1: T::Hash[Symbol, T.untyped],
467
- metadata2: T::Hash[Symbol, T.untyped]).returns(T::Hash[Symbol, T.untyped])
478
+ params(
479
+ metadata1: T::Hash[Symbol, T.untyped],
480
+ metadata2: T::Hash[Symbol, T.untyped]
481
+ ).returns(T::Hash[Symbol, T.untyped])
468
482
  end
469
483
  def merge_metadata(metadata1, metadata2)
470
484
  metadata1.merge(metadata2) do |_key, old_value, new_value|
data/lib/dependabot/maven/file_updater.rb CHANGED
@@ -157,8 +157,10 @@ module Dependabot
157
157
  # Detect indentation of the file from indentation of the project tag children
158
158
  indentation_config = detect_indentation_config(project)
159
159
 
160
- dependency_management, dependency_management_created = ensure_dependency_management_element(project,
161
- indentation_config)
160
+ dependency_management, dependency_management_created = ensure_dependency_management_element(
161
+ project,
162
+ indentation_config
163
+ )
162
164
  dependencies, dependencies_created = ensure_dependencies_element(dependency_management, indentation_config)
163
165
 
164
166
  if dependencies.children.last&.to_s&.start_with?("\n")
@@ -168,8 +170,13 @@ module Dependabot
168
170
  end
169
171
 
170
172
  # Create the dependency element with the required fields, adding the appropriate indentation as text nodes
171
- add_dependency_entry(dependency, requirement, dependencies, indentation_config[:levels][:dependency],
172
- indentation_config[:levels][:dependencies])
173
+ add_dependency_entry(
174
+ dependency,
175
+ requirement,
176
+ dependencies,
177
+ indentation_config[:levels][:dependency],
178
+ indentation_config[:levels][:dependencies]
179
+ )
173
180
 
174
181
  # Close all sections with appropriate indentation
175
182
  dependencies.add_text("\n#{indentation_config[:levels][:dependency_management]}")
@@ -182,8 +189,10 @@ module Dependabot
182
189
 
183
190
  # If dependencyManagement was not created, we just replace the existing dependencyManagement element
184
191
  # with the updated one, preserving the rest of the document
185
- content.gsub(%r{\<dependencyManagement\>[\s\S]*\</dependencyManagement\>},
186
- dependency_management.to_s)
192
+ content.gsub(
193
+ %r{\<dependencyManagement\>[\s\S]*\</dependencyManagement\>},
194
+ dependency_management.to_s
195
+ )
187
196
  end
188
197
 
189
198
  sig do
@@ -267,8 +276,10 @@ module Dependabot
267
276
  end
268
277
 
269
278
  sig do
270
- params(project: REXML::Element,
271
- indent_config: T::Hash[Symbol, T.untyped]).returns([REXML::Element, T::Boolean])
279
+ params(
280
+ project: REXML::Element,
281
+ indent_config: T::Hash[Symbol, T.untyped]
282
+ ).returns([REXML::Element, T::Boolean])
272
283
  end
273
284
  def ensure_dependency_management_element(project, indent_config)
274
285
  dependency_management = project.get_elements("dependencyManagement").first
@@ -284,8 +295,10 @@ module Dependabot
284
295
  end
285
296
 
286
297
  sig do
287
- params(dependency_management: REXML::Element,
288
- indent_config: T::Hash[Symbol, T.untyped]).returns([REXML::Element, T::Boolean])
298
+ params(
299
+ dependency_management: REXML::Element,
300
+ indent_config: T::Hash[Symbol, T.untyped]
301
+ ).returns([REXML::Element, T::Boolean])
289
302
  end
290
303
  def ensure_dependencies_element(dependency_management, indent_config)
291
304
  dependencies = dependency_management.get_elements("dependencies").first
@@ -301,12 +314,21 @@ module Dependabot
301
314
  end
302
315
 
303
316
  sig do
304
- params(dependency: Dependabot::Dependency, requirement: T::Hash[Symbol, T.untyped],
305
- dependencies_node: REXML::Element, current_indentation_level: String,
306
- parent_indentation_level: String).void
317
+ params(
318
+ dependency: Dependabot::Dependency,
319
+ requirement: T::Hash[Symbol, T.untyped],
320
+ dependencies_node: REXML::Element,
321
+ current_indentation_level: String,
322
+ parent_indentation_level: String
323
+ ).void
307
324
  end
308
- def add_dependency_entry(dependency, requirement, dependencies_node, current_indentation_level,
309
- parent_indentation_level)
325
+ def add_dependency_entry(
326
+ dependency,
327
+ requirement,
328
+ dependencies_node,
329
+ current_indentation_level,
330
+ parent_indentation_level
331
+ )
310
332
  dependency_node = REXML::Element.new("dependency", dependencies_node)
311
333
  dependency_node.add_text("\n#{current_indentation_level}")
312
334
  group_id = REXML::Element.new("groupId", dependency_node)
data/lib/dependabot/maven/metadata_finder.rb CHANGED
@@ -167,8 +167,10 @@ module Dependabot
167
167
  source&.fetch("url") ||
168
168
  # TODO: Move central_repo_url method to a more appropriate place
169
169
  # Then we can remove T.nilable from pom_fetcher
170
- Dependabot::Maven::FileParser::RepositoriesFinder.new(credentials: credentials,
171
- pom_fetcher: nil).central_repo_url
170
+ Dependabot::Maven::FileParser::RepositoriesFinder.new(
171
+ credentials: credentials,
172
+ pom_fetcher: nil
173
+ ).central_repo_url
172
174
  end
173
175
 
174
176
  sig { returns(String) }
data/lib/dependabot/maven/package/package_details_fetcher.rb CHANGED
@@ -57,6 +57,7 @@ module Dependabot
57
57
 
58
58
  sig { returns(T::Array[T.untyped]) }
59
59
  attr_reader :credentials
60
+
60
61
  sig { returns(T::Array[T.untyped]) }
61
62
  attr_reader :forbidden_urls
62
63
 
data/lib/dependabot/maven/update_checker/property_updater.rb CHANGED
@@ -27,8 +27,11 @@ module Dependabot
27
27
  ).void
28
28
  end
29
29
  def initialize(
30
- dependency:, dependency_files:, credentials:,
31
- ignored_versions:, target_version_details:,
30
+ dependency:,
31
+ dependency_files:,
32
+ credentials:,
33
+ ignored_versions:,
34
+ target_version_details:,
32
35
  update_cooldown: nil
33
36
  )
34
37
  @dependency = dependency
data/lib/dependabot/maven/update_checker/requirements_updater.rb CHANGED
@@ -31,8 +31,12 @@ module Dependabot
31
31
  properties_to_update: T::Array[String]
32
32
  ).void
33
33
  end
34
- def initialize(requirements:, latest_version:, source_url:,
35
- properties_to_update:)
34
+ def initialize(
35
+ requirements:,
36
+ latest_version:,
37
+ source_url:,
38
+ properties_to_update:
39
+ )
36
40
  @requirements = requirements
37
41
  @source_url = source_url
38
42
  @properties_to_update = properties_to_update
data/lib/dependabot/maven/update_checker/version_finder.rb CHANGED
@@ -27,9 +27,15 @@ module Dependabot
27
27
  raise_on_ignored: T::Boolean
28
28
  ).void
29
29
  end
30
- def initialize(dependency:, dependency_files:, credentials:,
31
- ignored_versions:, security_advisories:,
32
- cooldown_options: nil, raise_on_ignored: false)
30
+ def initialize(
31
+ dependency:,
32
+ dependency_files:,
33
+ credentials:,
34
+ ignored_versions:,
35
+ security_advisories:,
36
+ cooldown_options: nil,
37
+ raise_on_ignored: false
38
+ )
33
39
  @forbidden_urls = T.let([], T::Array[String])
34
40
  @dependency_metadata = T.let({}, T::Hash[T.untyped, Nokogiri::XML::Document])
35
41
  @auth_headers_finder = T.let(nil, T.nilable(Utils::AuthHeadersFinder))
data/lib/dependabot/maven/update_checker.rb CHANGED
@@ -28,12 +28,19 @@ module Dependabot
28
28
  )
29
29
  .void
30
30
  end
31
- def initialize(dependency:, dependency_files:, credentials:,
32
- repo_contents_path: nil, ignored_versions: [],
33
- raise_on_ignored: false, security_advisories: [],
34
- requirements_update_strategy: nil, dependency_group: nil,
35
- update_cooldown: nil,
36
- options: {})
31
+ def initialize(
32
+ dependency:,
33
+ dependency_files:,
34
+ credentials:,
35
+ repo_contents_path: nil,
36
+ ignored_versions: [],
37
+ raise_on_ignored: false,
38
+ security_advisories: [],
39
+ requirements_update_strategy: nil,
40
+ dependency_group: nil,
41
+ update_cooldown: nil,
42
+ options: {}
43
+ )
37
44
  super
38
45
 
39
46
  @version_finder = T.let(nil, T.nilable(VersionFinder))
data/lib/dependabot/maven/version.rb CHANGED
@@ -13,13 +13,16 @@ module Dependabot
13
13
  extend T::Sig
14
14
  extend T::Helpers
15
15
 
16
- PRERELEASE_QUALIFIERS = T.let([
17
- Dependabot::Maven::VersionParser::ALPHA,
18
- Dependabot::Maven::VersionParser::BETA,
19
- Dependabot::Maven::VersionParser::MILESTONE,
20
- Dependabot::Maven::VersionParser::RC,
21
- Dependabot::Maven::VersionParser::SNAPSHOT
22
- ].freeze, T::Array[Integer])
16
+ PRERELEASE_QUALIFIERS = T.let(
17
+ [
18
+ Dependabot::Maven::VersionParser::ALPHA,
19
+ Dependabot::Maven::VersionParser::BETA,
20
+ Dependabot::Maven::VersionParser::MILESTONE,
21
+ Dependabot::Maven::VersionParser::RC,
22
+ Dependabot::Maven::VersionParser::SNAPSHOT
23
+ ].freeze,
24
+ T::Array[Integer]
25
+ )
23
26
 
24
27
  VERSION_PATTERN =
25
28
  "[0-9a-zA-Z]+" \
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.334.0
4
+ version: 0.335.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.334.0
18
+ version: 0.335.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.334.0
25
+ version: 0.335.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -113,56 +113,56 @@ dependencies:
113
113
  requirements:
114
114
  - - "~>"
115
115
  - !ruby/object:Gem::Version
116
- version: '1.67'
116
+ version: '1.80'
117
117
  type: :development
118
118
  prerelease: false
119
119
  version_requirements: !ruby/object:Gem::Requirement
120
120
  requirements:
121
121
  - - "~>"
122
122
  - !ruby/object:Gem::Version
123
- version: '1.67'
123
+ version: '1.80'
124
124
  - !ruby/object:Gem::Dependency
125
125
  name: rubocop-performance
126
126
  requirement: !ruby/object:Gem::Requirement
127
127
  requirements:
128
128
  - - "~>"
129
129
  - !ruby/object:Gem::Version
130
- version: '1.22'
130
+ version: '1.26'
131
131
  type: :development
132
132
  prerelease: false
133
133
  version_requirements: !ruby/object:Gem::Requirement
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: '1.22'
137
+ version: '1.26'
138
138
  - !ruby/object:Gem::Dependency
139
139
  name: rubocop-rspec
140
140
  requirement: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: '2.29'
144
+ version: '3.7'
145
145
  type: :development
146
146
  prerelease: false
147
147
  version_requirements: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: '2.29'
151
+ version: '3.7'
152
152
  - !ruby/object:Gem::Dependency
153
153
  name: rubocop-sorbet
154
154
  requirement: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: '0.8'
158
+ version: '0.10'
159
159
  type: :development
160
160
  prerelease: false
161
161
  version_requirements: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: '0.8'
165
+ version: '0.10'
166
166
  - !ruby/object:Gem::Dependency
167
167
  name: simplecov
168
168
  requirement: !ruby/object:Gem::Requirement
@@ -271,7 +271,7 @@ licenses:
271
271
  - MIT
272
272
  metadata:
273
273
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
274
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.334.0
274
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.335.0
275
275
  rdoc_options: []
276
276
  require_paths:
277
277
  - lib