RubyGems - dependabot-maven - Versions diffs - 0.93.3 → 0.93.4 - Mend

dependabot-maven 0.93.3 → 0.93.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/maven/metadata_finder.rb +9 -6
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c04d99d3c9d688ee4cf675ed92026b24f684818cd0a97dc62500ab7f5bb416dd
-  data.tar.gz: cbdf24400c16e721f1c4a89b2c03a4877d86aee9f734f7b77b52dfcea46c8101
+  metadata.gz: 81a0b80416df65437048303376c2432df59bf27f0572e07437d5e4698ffd4013
+  data.tar.gz: fcea1999c2e177350ff1c901e6b1b7665206b09e160af1ed9dd6a1d93731c4cd
 SHA512:
-  metadata.gz: 29be96ac1341d008021ca3edf1e10404238b0598227a70587016a11872a0b989f289484222cb40f68960b9de7a847c6a9d3d24349b546191ebab6adafe26d507
-  data.tar.gz: 7124f699dd51f6e8443e338096c8384f2e8d8635ed384697d39360d77bdf913184dca62b42c7ee7fa56f3f22ecf3d545995a53922d718ce3e38a058d8164e1b6
+  metadata.gz: 80b7a24ff9d25f255768fe46c3b8d93402593837f23888f1dad4c7bbd2498a0792b170192d523e33a08595948dea62974529f322f4f38f5bd39fb30656b8d7fd
+  data.tar.gz: 8bc6b7b3a36dfa07c252f69e5808ecdc404b71b92279e0525a9ffa2d2dadc2b625a82bb322e0d8b415dc391515b9e7b7f1ba8c16375a761fcd3c9345c8b8a618

data/lib/dependabot/maven/metadata_finder.rb CHANGED Viewed

@@ -55,12 +55,12 @@ module Dependabot
         source_url = potential_source_urls.find { |url| Source.from_url(url) }
         source_url ||= source_from_anywhere_in_pom(pom)
-        source_url = substitute_property_in_source_url(source_url, pom)
+        source_url = substitute_properties_in_source_url(source_url, pom)
         Source.from_url(source_url)
       end
-      def substitute_property_in_source_url(source_url, pom)
+      def substitute_properties_in_source_url(source_url, pom)
         return unless source_url
         return source_url unless source_url.include?("${")
@@ -81,7 +81,8 @@ module Dependabot
             nm = nm.sub(DOT_SEPARATOR_REGEX, "/")
           end
-        source_url.gsub(source_url.match(regex).to_s, property_value)
+        url = source_url.gsub(source_url.match(regex).to_s, property_value)
+        substitute_properties_in_source_url(url, pom)
       end
       def source_from_anywhere_in_pom(pom)
@@ -124,10 +125,12 @@ module Dependabot
         return unless artifact_id && group_id && version
+        url = "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}/"\
+              "#{version}/"\
+              "#{artifact_id}-#{version}.pom"
         response = Excon.get(
-          "#{maven_repo_url}/#{group_id.tr('.', '/')}/#{artifact_id}/"\
-          "#{version}/"\
-          "#{artifact_id}-#{version}.pom",
+          substitute_properties_in_source_url(url, pom),
           headers: auth_details,
           idempotent: true,
           **SharedHelpers.excon_defaults

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.93.3
+  version: 0.93.4
 platform: ruby
 authors:
 - Dependabot
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.93.3
+        version: 0.93.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.93.3
+        version: 0.93.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement