diff --git a/maven/lib/dependabot/maven/update_checker/version_finder.rb b/maven/lib/dependabot/maven/update_checker/version_finder.rb index f544be1da7c..797aa1328af 100644 --- a/maven/lib/dependabot/maven/update_checker/version_finder.rb +++ b/maven/lib/dependabot/maven/update_checker/version_finder.rb @@ -57,8 +57,10 @@ def versions version_details = repositories.map do |repository_details| url = repository_details.fetch("url") - dependency_metadata(repository_details). - css("versions > version"). + xml = dependency_metadata(repository_details) + next [] if xml.blank? + + break xml.css("versions > version"). select { |node| version_class.correct?(node.content) }. map { |node| version_class.new(node.content) }. map { |version| { version: version, source_url: url } } @@ -166,15 +168,16 @@ def fetch_dependency_metadata(repository_details) headers: repository_details.fetch("auth_headers") ) check_response(response, repository_details.fetch("url")) + return unless response.status < 400 Nokogiri::XML(response.body) rescue URI::InvalidURIError - Nokogiri::XML("") + nil rescue Excon::Error::Socket, Excon::Error::Timeout, Excon::Error::TooManyRedirects raise if central_repo_urls.include?(repository_details["url"]) - Nokogiri::XML("") + nil end def check_response(response, repository_url) diff --git a/maven/lib/dependabot/maven/version.rb b/maven/lib/dependabot/maven/version.rb index 530c7e24fda..9354753316a 100644 --- a/maven/lib/dependabot/maven/version.rb +++ b/maven/lib/dependabot/maven/version.rb @@ -43,6 +43,10 @@ def initialize(version) super(version.to_s.tr("_", "-")) end + def inspect + "#<#{self.class} #{@version_string}>" + end + def to_s @version_string end diff --git a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb index bc11b2fb7cf..c9a70b4ab62 100644 --- a/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb +++ b/maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb @@ -29,12 +29,12 @@ let(:base_pom_fixture_name) { "custom_repositories_pom.xml" } it "includes the additional declarations" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( - https://repo.maven.apache.org/maven2 - http://repository.jboss.org/maven2 http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 http://plugin-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 ) ) end @@ -43,7 +43,7 @@ let(:base_pom_fixture_name) { "property_repo_pom.xml" } it "handles the property interpolation" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( http://download.eclipse.org/technology/m2e/releases http://download.eclipse.org/releases/neon @@ -51,8 +51,8 @@ https://dl.bintray.com/pmd/pmd-eclipse-plugin/updates http://findbugs.cs.umd.edu/eclipse http://download.eclipse.org/tools/orbit/downloads/drops/R20160221192158/repository - https://repo.maven.apache.org/maven2 http://repository.sonatype.org/content/groups/sonatype-public-grid + https://repo.maven.apache.org/maven2 ) ) end @@ -70,12 +70,12 @@ context "checking the parent's repositories" do it "doesn't include the declarations from the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( - https://repo.maven.apache.org/maven2 - http://repository.jboss.org/maven2 http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 http://plugin-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 ) ) end @@ -85,13 +85,13 @@ let(:pom) { child_pom } it "includes the declarations from the parent and the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( - https://repo.maven.apache.org/maven2 - http://repository.jboss.org/maven2 + http://child-repository.jboss.org/maven2 http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 http://plugin-repository.jboss.org/maven2 - http://child-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 ) ) end @@ -99,7 +99,7 @@ context "when asked to exclude inherited repos" do it "excludes the declarations in the parent" do expect(finder.repository_urls(pom: pom, exclude_inherited: true)). - to match_array( + to eq( %w( http://child-repository.jboss.org/maven2 https://repo.maven.apache.org/maven2 @@ -130,7 +130,7 @@ end it "returns the repositories relevant to the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( http://child-repository.jboss.org/maven2 https://repo.maven.apache.org/maven2 @@ -145,7 +145,7 @@ end it "returns the repositories relevant to the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( http://child-repository.jboss.org/maven2 https://repo.maven.apache.org/maven2 @@ -163,13 +163,13 @@ end it "includes the declarations from the parent and the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( - https://repo.maven.apache.org/maven2 - http://repository.jboss.org/maven2 + http://child-repository.jboss.org/maven2 http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 http://plugin-repository.jboss.org/maven2 - http://child-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 ) ) end @@ -191,7 +191,7 @@ end it "returns the repositories relevant to the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( http://child-repository.jboss.org/maven2 https://repo.maven.apache.org/maven2 @@ -210,13 +210,13 @@ end it "includes the declarations from the parent and the child" do - expect(repository_urls).to match_array( + expect(repository_urls).to eq( %w( - https://repo.maven.apache.org/maven2 - http://repository.jboss.org/maven2 + http://child-repository.jboss.org/maven2 http://scala-tools.org/repo-releases + http://repository.jboss.org/maven2 http://plugin-repository.jboss.org/maven2 - http://child-repository.jboss.org/maven2 + https://repo.maven.apache.org/maven2 ) ) end diff --git a/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb b/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb index 80d1cba68f8..d8fe9c4617f 100644 --- a/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb +++ b/maven/spec/dependabot/maven/update_checker/version_finder_spec.rb @@ -707,9 +707,12 @@ fixture("maven_central_metadata", "with_date_releases.xml") stub_request(:get, maven_central_metadata_url). to_return(status: 200, body: body) + # 404 causes Dependabot to fall back to the central repo + stub_request(:get, jboss_metadata_url). + to_return(status: 404) end - its(:count) { is_expected.to eq(87) } + its(:count) { is_expected.to eq(17) } describe "the first version" do subject { versions.first }