@@ -47,13 +47,19 @@ class MavenDependencyGraph {
4747 const artifact = this.packageUrlToArtifact[depPackage.packageURL.toString()];
4848 let scope = getDependencyScopeForMavenScope(artifact.scopes);
4949 manifest.addDirectDependency(depPackage, scope);
50- function addTransitiveDeps(dependencies) {
50+ function addTransitiveDeps(dependencies, seen = new Set() ) {
5151 if (dependencies) {
5252 dependencies.forEach(transitiveDep => {
53- const transitiveDepArtifact = packageUrlToArtifact[transitiveDep.packageURL.toString()];
53+ let purl = transitiveDep.packageURL.toString();
54+ if (seen.has(purl)) {
55+ // we're in a cycle! skip this one.
56+ return;
57+ }
58+ const transitiveDepArtifact = packageUrlToArtifact[purl];
5459 const transitiveDepScope = getDependencyScopeForMavenScope(transitiveDepArtifact.scopes);
5560 manifest.addIndirectDependency(transitiveDep, transitiveDepScope);
56- addTransitiveDeps(transitiveDep.dependencies);
61+ seen.add(purl);
62+ addTransitiveDeps(transitiveDep.dependencies, seen);
5763 });
5864 }
5965 }
@@ -484,7 +490,7 @@ const depgraph_1 = __nccwpck_require__(8047);
484490const maven_runner_1 = __nccwpck_require__(7433);
485491const file_utils_1 = __nccwpck_require__(799);
486492const packageData = __nccwpck_require__(2876);
487- const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.2 ';
493+ const DEPGRAPH_MAVEN_PLUGIN_VERSION = '4.0.3 ';
488494function generateSnapshot(directory, mvnConfig, snapshotConfig) {
489495 return __awaiter(this, void 0, void 0, function* () {
490496 var _a, _b;
@@ -512,11 +518,11 @@ function generateSnapshot(directory, mvnConfig, snapshotConfig) {
512518 snapshot.job.correlator = (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.correlator)
513519 ? snapshotConfig.correlator
514520 : (_b = snapshot.job) === null || _b === void 0 ? void 0 : _b.correlator;
515- const specifiedRef = getNonEmtptyValue (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.ref);
521+ const specifiedRef = getNonEmptyValue (snapshotConfig === null || snapshotConfig === void 0 ? void 0 : snapshotConfig.ref);
516522 if (specifiedRef) {
517523 snapshot.ref = specifiedRef;
518524 }
519- const specifiedSha = getNonEmtptyValue (snapshot === null || snapshot === void 0 ? void 0 : snapshot.sha);
525+ const specifiedSha = getNonEmptyValue (snapshot === null || snapshot === void 0 ? void 0 : snapshot.sha);
520526 if (specifiedSha) {
521527 snapshot.sha = specifiedSha;
522528 }
@@ -616,7 +622,7 @@ function getRepositoryRelativePath(file) {
616622 core.debug(`Snapshot relative file = ${result}`);
617623 return result;
618624}
619- function getNonEmtptyValue (str) {
625+ function getNonEmptyValue (str) {
620626 if (str) {
621627 const trimmed = str.trim();
622628 if (trimmed.length > 0) {
@@ -33295,7 +33301,7 @@ exports.submitSnapshot = L;
3329533301/***/ ((module) => {
3329633302
3329733303"use strict";
33298- module.exports = JSON.parse('{"name":"maven-dependency-submission-action","version":"4.1.1","description":"Submit Maven dependencies to GitHub dependency submission API","main":"index.js","scripts":{"base-build":"npm ci && tsc","build":"npm run base-build && npm exec -- @vercel/ncc build --source-map lib/src/index.js","build-exe":"npm run build && pkg package.json --compress Gzip","test":"vitest --run"},"repository":{"type":"git","url":"git+https://github.com/advanced-security/maven-dependency-submission-action.git"},"keywords":[],"author":"GitHub, Inc","license":"MIT","bugs":{"url":"https://github.com/advanced-security/maven-dependency-submission-action/issues"},"homepage":"https://github.com/advanced-security/maven-dependency-submission-action","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.1","@github/dependency-submission-toolkit":"^2.0.0","commander":"^12.0.0","packageurl-js":"^1.2.0"},"devDependencies":{"@types/chai":"^4.3.1","@vercel/ncc":"^0.38.1","chai":"^4.3.6","@yao-pkg/pkg":"^5.11.5","ts-node":"^10.9.2","typescript":"^5.3.3","vitest":"^1.2.1"},"bin":{"cli":"lib/src/executable/cli.js"},"pkg":{"targets":["node20-linux-x64","node20-win-x64","node20-macos-x64"],"assets":["package.json"],"publicPackages":"*","outputPath":"cli"}}');
33304+ module.exports = JSON.parse('{"name":"maven-dependency-submission-action","version":"4.1.2","description":"Submit Maven dependencies to GitHub dependency submission API","main":"index.js","scripts":{"base-build":"npm ci && tsc","build":"npm run base-build && npm exec -- @vercel/ncc build --source-map lib/src/index.js","build-exe":"npm run build && pkg package.json --compress Gzip","test":"vitest --run"},"repository":{"type":"git","url":"git+https://github.com/advanced-security/maven-dependency-submission-action.git"},"keywords":[],"author":"GitHub, Inc","license":"MIT","bugs":{"url":"https://github.com/advanced-security/maven-dependency-submission-action/issues"},"homepage":"https://github.com/advanced-security/maven-dependency-submission-action","dependencies":{"@actions/core":"^1.10.1","@actions/exec":"^1.1.1","@github/dependency-submission-toolkit":"^2.0.0","commander":"^12.0.0","packageurl-js":"^1.2.0"},"devDependencies":{"@types/chai":"^4.3.1","@vercel/ncc":"^0.38.1","chai":"^4.3.6","@yao-pkg/pkg":"^5.11.5","ts-node":"^10.9.2","typescript":"^5.3.3","vitest":"^1.6.1"},"bin":{"cli":"lib/src/executable/cli.js"},"pkg":{"targets":["node20-linux-x64","node20-win-x64","node20-macos-x64"],"assets":["package.json"],"publicPackages":"*","outputPath":"cli"}}');
3329933305
3330033306/***/ })
3330133307
0 commit comments