fix: process managed dependencies before standard dependencies when parsing pom.xmls (#279)

G-Rath · web-flow · commit 5fd7399e2298 · 2024-11-01T09:02:32.000+13:00
diff --git a/pkg/lockfile/parse-maven-lock.go b/pkg/lockfile/parse-maven-lock.go
@@ -115,7 +115,7 @@ func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error) {
 
 	details := map[string]PackageDetails{}
 
-	for _, lockPackage := range parsedLockfile.Dependencies {
+	for _, lockPackage := range parsedLockfile.ManagedDependencies {
 		finalName := lockPackage.GroupID + ":" + lockPackage.ArtifactID
 
 		details[finalName] = PackageDetails{
@@ -126,8 +126,8 @@ func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error) {
 		}
 	}
 
-	// managed dependencies take precedent over standard dependencies
-	for _, lockPackage := range parsedLockfile.ManagedDependencies {
+	// standard dependencies take precedent over managed dependencies
+	for _, lockPackage := range parsedLockfile.Dependencies {
 		finalName := lockPackage.GroupID + ":" + lockPackage.ArtifactID
 
 		details[finalName] = PackageDetails{
diff --git a/pkg/lockfile/parse-maven-lock_test.go b/pkg/lockfile/parse-maven-lock_test.go
@@ -101,7 +101,7 @@ func TestParseMavenLock_WithDependencyManagement(t *testing.T) {
 	expectPackages(t, packages, []lockfile.PackageDetails{
 		{
 			Name:      "io.netty:netty-all",
-			Version:   "4.1.42.Final",
+			Version:   "4.1.9",
 			Ecosystem: lockfile.MavenEcosystem,
 			CompareAs: lockfile.MavenEcosystem,
 		},

Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error) {`
`115`	`115`
`116`	`116`	`details := map[string]PackageDetails{}`
`117`	`117`
`118`		`- for _, lockPackage := range parsedLockfile.Dependencies {`
	`118`	`+ for _, lockPackage := range parsedLockfile.ManagedDependencies {`
`119`	`119`	`finalName := lockPackage.GroupID + ":" + lockPackage.ArtifactID`
`120`	`120`
`121`	`121`	`details[finalName] = PackageDetails{`
`@@ -126,8 +126,8 @@ func ParseMavenLock(pathToLockfile string) ([]PackageDetails, error) {`
`126`	`126`	`}`
`127`	`127`	`}`
`128`	`128`
`129`		`- // managed dependencies take precedent over standard dependencies`
`130`		`- for _, lockPackage := range parsedLockfile.ManagedDependencies {`
	`129`	`+ // standard dependencies take precedent over managed dependencies`
	`130`	`+ for _, lockPackage := range parsedLockfile.Dependencies {`
`131`	`131`	`finalName := lockPackage.GroupID + ":" + lockPackage.ArtifactID`
`132`	`132`
`133`	`133`	`details[finalName] = PackageDetails{`
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ func TestParseMavenLock_WithDependencyManagement(t *testing.T) {`
`101`	`101`	`expectPackages(t, packages, []lockfile.PackageDetails{`
`102`	`102`	`{`
`103`	`103`	`Name: "io.netty:netty-all",`
`104`		`- Version: "4.1.42.Final",`
	`104`	`+ Version: "4.1.9",`
`105`	`105`	`Ecosystem: lockfile.MavenEcosystem,`
`106`	`106`	`CompareAs: lockfile.MavenEcosystem,`
`107`	`107`	`},`