maven: stop querying repositories once one returns a result

maven/lib/dependabot/maven/update_checker/version_finder.rb

@@ -57,8 +57,10 @@ def versions
           version_details =
             repositories.map do |repository_details|
               url = repository_details.fetch("url")
-              dependency_metadata(repository_details).
-                css("versions > version").
+              xml = dependency_metadata(repository_details)
+              next [] if xml.blank?
+
+              break xml.css("versions > version").
                 select { |node| version_class.correct?(node.content) }.
                 map { |node| version_class.new(node.content) }.
                 map { |version| { version: version, source_url: url } }
@@ -166,15 +168,16 @@ def fetch_dependency_metadata(repository_details)
             headers: repository_details.fetch("auth_headers")
           )
           check_response(response, repository_details.fetch("url"))
+          return unless response.status < 400
 
           Nokogiri::XML(response.body)
         rescue URI::InvalidURIError
-          Nokogiri::XML("")
+          nil
         rescue Excon::Error::Socket, Excon::Error::Timeout,
                Excon::Error::TooManyRedirects
           raise if central_repo_urls.include?(repository_details["url"])
 
-          Nokogiri::XML("")
+          nil
         end
 
         def check_response(response, repository_url)

maven/lib/dependabot/maven/version.rb

@@ -43,6 +43,10 @@ def initialize(version)
         super(version.to_s.tr("_", "-"))
       end
 
+      def inspect
+        "#<#{self.class} #{@version_string}>"
+      end
+
       def to_s
         @version_string
       end

maven/spec/dependabot/maven/file_parser/repositories_finder_spec.rb

@@ -29,12 +29,12 @@
       let(:base_pom_fixture_name) { "custom_repositories_pom.xml" }
 
       it "includes the additional declarations" do
-        expect(repository_urls).to match_array(
+        expect(repository_urls).to eq(
           %w(
-            https://repo.maven.apache.org/maven2
-            http://repository.jboss.org/maven2
             http://scala-tools.org/repo-releases
+            http://repository.jboss.org/maven2
             http://plugin-repository.jboss.org/maven2
+            https://repo.maven.apache.org/maven2
           )
         )
       end
@@ -43,16 +43,16 @@
         let(:base_pom_fixture_name) { "property_repo_pom.xml" }
 
         it "handles the property interpolation" do
-          expect(repository_urls).to match_array(
+          expect(repository_urls).to eq(
             %w(
               http://download.eclipse.org/technology/m2e/releases
               http://download.eclipse.org/releases/neon
               http://eclipse-cs.sf.net/update
               https://dl.bintray.com/pmd/pmd-eclipse-plugin/updates
               http://findbugs.cs.umd.edu/eclipse
               http://download.eclipse.org/tools/orbit/downloads/drops/R20160221192158/repository
-              https://repo.maven.apache.org/maven2
               http://repository.sonatype.org/content/groups/sonatype-public-grid
+              https://repo.maven.apache.org/maven2
             )
           )
         end
@@ -70,12 +70,12 @@
 
         context "checking the parent's repositories" do
           it "doesn't include the declarations from the child" do
-            expect(repository_urls).to match_array(
+            expect(repository_urls).to eq(
               %w(
-                https://repo.maven.apache.org/maven2
-                http://repository.jboss.org/maven2
                 http://scala-tools.org/repo-releases
+                http://repository.jboss.org/maven2
                 http://plugin-repository.jboss.org/maven2
+                https://repo.maven.apache.org/maven2
               )
             )
           end
@@ -85,21 +85,21 @@
           let(:pom) { child_pom }
 
           it "includes the declarations from the parent and the child" do
-            expect(repository_urls).to match_array(
+            expect(repository_urls).to eq(
               %w(
-                https://repo.maven.apache.org/maven2
-                http://repository.jboss.org/maven2
+                http://child-repository.jboss.org/maven2
                 http://scala-tools.org/repo-releases
+                http://repository.jboss.org/maven2
                 http://plugin-repository.jboss.org/maven2
-                http://child-repository.jboss.org/maven2
+                https://repo.maven.apache.org/maven2
               )
             )
           end
 
           context "when asked to exclude inherited repos" do
             it "excludes the declarations in the parent" do
               expect(finder.repository_urls(pom: pom, exclude_inherited: true)).
-                to match_array(
+                to eq(
                   %w(
                     http://child-repository.jboss.org/maven2
                     https://repo.maven.apache.org/maven2
@@ -130,7 +130,7 @@
             end
 
             it "returns the repositories relevant to the child" do
-              expect(repository_urls).to match_array(
+              expect(repository_urls).to eq(
                 %w(
                   http://child-repository.jboss.org/maven2
                   https://repo.maven.apache.org/maven2
@@ -145,7 +145,7 @@
             end
 
             it "returns the repositories relevant to the child" do
-              expect(repository_urls).to match_array(
+              expect(repository_urls).to eq(
                 %w(
                   http://child-repository.jboss.org/maven2
                   https://repo.maven.apache.org/maven2
@@ -163,13 +163,13 @@
             end
 
             it "includes the declarations from the parent and the child" do
-              expect(repository_urls).to match_array(
+              expect(repository_urls).to eq(
                 %w(
-                  https://repo.maven.apache.org/maven2
-                  http://repository.jboss.org/maven2
+                  http://child-repository.jboss.org/maven2
                   http://scala-tools.org/repo-releases
+                  http://repository.jboss.org/maven2
                   http://plugin-repository.jboss.org/maven2
-                  http://child-repository.jboss.org/maven2
+                  https://repo.maven.apache.org/maven2
                 )
               )
             end
@@ -191,7 +191,7 @@
               end
 
               it "returns the repositories relevant to the child" do
-                expect(repository_urls).to match_array(
+                expect(repository_urls).to eq(
                   %w(
                     http://child-repository.jboss.org/maven2
                     https://repo.maven.apache.org/maven2
@@ -210,13 +210,13 @@
             end
 
             it "includes the declarations from the parent and the child" do
-              expect(repository_urls).to match_array(
+              expect(repository_urls).to eq(
                 %w(
-                  https://repo.maven.apache.org/maven2
-                  http://repository.jboss.org/maven2
+                  http://child-repository.jboss.org/maven2
                   http://scala-tools.org/repo-releases
+                  http://repository.jboss.org/maven2
                   http://plugin-repository.jboss.org/maven2
-                  http://child-repository.jboss.org/maven2
+                  https://repo.maven.apache.org/maven2
                 )
               )
             end

maven/spec/dependabot/maven/update_checker/version_finder_spec.rb

@@ -707,9 +707,12 @@
             fixture("maven_central_metadata", "with_date_releases.xml")
           stub_request(:get, maven_central_metadata_url).
             to_return(status: 200, body: body)
+          # 404 causes Dependabot to fall back to the central repo
+          stub_request(:get, jboss_metadata_url).
+            to_return(status: 404)
         end
 
-        its(:count) { is_expected.to eq(87) }
+        its(:count) { is_expected.to eq(17) }
 
         describe "the first version" do
           subject { versions.first }