RubyGems - dependabot-core - Versions diffs - 0.76.1 - Mend

dependabot-core 0.76.1

Files changed (321) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +6408 -0
data/LICENSE +37 -0
data/README.md +115 -0
data/helpers/elixir/bin/check_update.exs +92 -0
data/helpers/elixir/bin/do_update.exs +39 -0
data/helpers/elixir/bin/parse_deps.exs +103 -0
data/helpers/elixir/bin/run.exs +76 -0
data/helpers/elixir/mix.exs +21 -0
data/helpers/elixir/mix.lock +3 -0
data/helpers/go/Makefile +9 -0
data/helpers/go/go.mod +9 -0
data/helpers/go/go.sum +5 -0
data/helpers/go/importresolver/main.go +34 -0
data/helpers/go/main.go +77 -0
data/helpers/go/updatechecker/main.go +107 -0
data/helpers/go/updater/go.mod +3 -0
data/helpers/go/updater/go.sum +2 -0
data/helpers/go/updater/helpers.go +57 -0
data/helpers/go/updater/main.go +48 -0
data/helpers/npm/.agignore +1 -0
data/helpers/npm/.envrc +2 -0
data/helpers/npm/.eslintrc +14 -0
data/helpers/npm/.nvimrc +7 -0
data/helpers/npm/bin/run.js +34 -0
data/helpers/npm/lib/helpers.js +25 -0
data/helpers/npm/lib/peer-dependency-checker.js +102 -0
data/helpers/npm/lib/subdependency-updater.js +48 -0
data/helpers/npm/lib/updater.js +95 -0
data/helpers/npm/package.json +17 -0
data/helpers/npm/test/fixtures/npm-left-pad.json +1 -0
data/helpers/npm/test/fixtures/updater/original/package-lock.json +16 -0
data/helpers/npm/test/fixtures/updater/original/package.json +9 -0
data/helpers/npm/test/fixtures/updater/updated/package-lock.json +16 -0
data/helpers/npm/test/helpers.js +7 -0
data/helpers/npm/test/updater.test.js +50 -0
data/helpers/npm/yarn.lock +6120 -0
data/helpers/php/.php_cs +34 -0
data/helpers/php/bin/run.php +57 -0
data/helpers/php/composer.json +14 -0
data/helpers/php/composer.lock +1521 -0
data/helpers/php/composer.phar +0 -0
data/helpers/php/setup.sh +4 -0
data/helpers/php/src/DependabotInstallationManager.php +61 -0
data/helpers/php/src/DependabotPluginManager.php +23 -0
data/helpers/php/src/ExceptionIO.php +25 -0
data/helpers/php/src/Hasher.php +21 -0
data/helpers/php/src/UpdateChecker.php +123 -0
data/helpers/php/src/Updater.php +97 -0
data/helpers/python/lib/__init__.py +0 -0
data/helpers/python/lib/hasher.py +23 -0
data/helpers/python/lib/parser.py +130 -0
data/helpers/python/requirements.txt +9 -0
data/helpers/python/run.py +18 -0
data/helpers/test/run.rb +15 -0
data/helpers/utils/git-credential-store-immutable +10 -0
data/helpers/yarn/.agignore +1 -0
data/helpers/yarn/.envrc +2 -0
data/helpers/yarn/.eslintrc +14 -0
data/helpers/yarn/.nvimrc +7 -0
data/helpers/yarn/bin/run.js +36 -0
data/helpers/yarn/lib/fix-duplicates.js +53 -0
data/helpers/yarn/lib/helpers.js +5 -0
data/helpers/yarn/lib/lockfile-parser.js +21 -0
data/helpers/yarn/lib/peer-dependency-checker.js +130 -0
data/helpers/yarn/lib/replace-lockfile-declaration.js +45 -0
data/helpers/yarn/lib/subdependency-updater.js +69 -0
data/helpers/yarn/lib/updater.js +254 -0
data/helpers/yarn/package.json +17 -0
data/helpers/yarn/test/fixtures/updater/original/package.json +6 -0
data/helpers/yarn/test/fixtures/updater/original/yarn.lock +11 -0
data/helpers/yarn/test/fixtures/updater/updated/yarn.lock +12 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/package.json +5 -0
data/helpers/yarn/test/fixtures/updater/with-version-comments/yarn.lock +13 -0
data/helpers/yarn/test/fixtures/yarnpkg-is-positive.json +1 -0
data/helpers/yarn/test/fixtures/yarnpkg-left-pad.json +1 -0
data/helpers/yarn/test/helpers.js +7 -0
data/helpers/yarn/test/updater.test.js +93 -0
data/helpers/yarn/yarn.lock +4912 -0
data/lib/bundler_definition_bundler_version_patch.rb +15 -0
data/lib/bundler_definition_ruby_version_patch.rb +14 -0
data/lib/bundler_git_source_patch.rb +27 -0
data/lib/dependabot.rb +4 -0
data/lib/dependabot/clients/bitbucket.rb +101 -0
data/lib/dependabot/clients/github_with_retries.rb +117 -0
data/lib/dependabot/clients/gitlab.rb +72 -0
data/lib/dependabot/dependency.rb +118 -0
data/lib/dependabot/dependency_file.rb +54 -0
data/lib/dependabot/errors.rb +179 -0
data/lib/dependabot/file_fetchers.rb +48 -0
data/lib/dependabot/file_fetchers/README.md +65 -0
data/lib/dependabot/file_fetchers/base.rb +302 -0
data/lib/dependabot/file_fetchers/docker/docker.rb +40 -0
data/lib/dependabot/file_fetchers/dotnet/nuget.rb +215 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +51 -0
data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +55 -0
data/lib/dependabot/file_fetchers/elixir/hex.rb +78 -0
data/lib/dependabot/file_fetchers/elm/elm_package.rb +52 -0
data/lib/dependabot/file_fetchers/git/submodules.rb +73 -0
data/lib/dependabot/file_fetchers/go/dep.rb +69 -0
data/lib/dependabot/file_fetchers/go/modules.rb +64 -0
data/lib/dependabot/file_fetchers/java/gradle.rb +56 -0
data/lib/dependabot/file_fetchers/java/gradle/settings_file_parser.rb +66 -0
data/lib/dependabot/file_fetchers/java/maven.rb +127 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn.rb +330 -0
data/lib/dependabot/file_fetchers/java_script/npm_and_yarn/path_dependency_builder.rb +107 -0
data/lib/dependabot/file_fetchers/php/composer.rb +131 -0
data/lib/dependabot/file_fetchers/python/pip.rb +305 -0
data/lib/dependabot/file_fetchers/ruby/bundler.rb +185 -0
data/lib/dependabot/file_fetchers/ruby/bundler/child_gemfile_finder.rb +70 -0
data/lib/dependabot/file_fetchers/ruby/bundler/path_gemspec_finder.rb +114 -0
data/lib/dependabot/file_fetchers/ruby/bundler/require_relative_finder.rb +67 -0
data/lib/dependabot/file_fetchers/rust/cargo.rb +240 -0
data/lib/dependabot/file_parsers.rb +48 -0
data/lib/dependabot/file_parsers/README.md +45 -0
data/lib/dependabot/file_parsers/base.rb +31 -0
data/lib/dependabot/file_parsers/base/dependency_set.rb +77 -0
data/lib/dependabot/file_parsers/docker/docker.rb +164 -0
data/lib/dependabot/file_parsers/dotnet/nuget.rb +85 -0
data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +65 -0
data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +156 -0
data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +131 -0
data/lib/dependabot/file_parsers/elixir/hex.rb +134 -0
data/lib/dependabot/file_parsers/elm/elm_package.rb +136 -0
data/lib/dependabot/file_parsers/git/submodules.rb +69 -0
data/lib/dependabot/file_parsers/go/dep.rb +163 -0
data/lib/dependabot/file_parsers/go/modules.rb +34 -0
data/lib/dependabot/file_parsers/go/modules/go_mod_parser.rb +134 -0
data/lib/dependabot/file_parsers/java/gradle.rb +236 -0
data/lib/dependabot/file_parsers/java/gradle/property_value_finder.rb +90 -0
data/lib/dependabot/file_parsers/java/gradle/repositories_finder.rb +145 -0
data/lib/dependabot/file_parsers/java/maven.rb +252 -0
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +166 -0
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +188 -0
data/lib/dependabot/file_parsers/java_script/npm_and_yarn.rb +394 -0
data/lib/dependabot/file_parsers/php/composer.rb +177 -0
data/lib/dependabot/file_parsers/python/pip.rb +223 -0
data/lib/dependabot/file_parsers/python/pip/pipfile_files_parser.rb +154 -0
data/lib/dependabot/file_parsers/python/pip/poetry_files_parser.rb +141 -0
data/lib/dependabot/file_parsers/python/pip/setup_file_parser.rb +160 -0
data/lib/dependabot/file_parsers/ruby/bundler.rb +295 -0
data/lib/dependabot/file_parsers/ruby/bundler/file_preparer.rb +85 -0
data/lib/dependabot/file_parsers/ruby/bundler/gemfile_checker.rb +48 -0
data/lib/dependabot/file_parsers/rust/cargo.rb +213 -0
data/lib/dependabot/file_updaters.rb +48 -0
data/lib/dependabot/file_updaters/README.md +58 -0
data/lib/dependabot/file_updaters/base.rb +52 -0
data/lib/dependabot/file_updaters/docker/docker.rb +133 -0
data/lib/dependabot/file_updaters/dotnet/nuget.rb +151 -0
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +69 -0
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +78 -0
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +64 -0
data/lib/dependabot/file_updaters/elixir/hex.rb +71 -0
data/lib/dependabot/file_updaters/elixir/hex/lockfile_updater.rb +147 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_git_pin_updater.rb +53 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_requirement_updater.rb +74 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_sanitizer.rb +28 -0
data/lib/dependabot/file_updaters/elixir/hex/mixfile_updater.rb +98 -0
data/lib/dependabot/file_updaters/elm/elm_package.rb +79 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_json_updater.rb +69 -0
data/lib/dependabot/file_updaters/elm/elm_package/elm_package_updater.rb +69 -0
data/lib/dependabot/file_updaters/git/submodules.rb +38 -0
data/lib/dependabot/file_updaters/go/dep.rb +77 -0
data/lib/dependabot/file_updaters/go/dep/lockfile_updater.rb +219 -0
data/lib/dependabot/file_updaters/go/dep/manifest_updater.rb +155 -0
data/lib/dependabot/file_updaters/go/modules.rb +71 -0
data/lib/dependabot/file_updaters/go/modules/go_mod_updater.rb +81 -0
data/lib/dependabot/file_updaters/java/gradle.rb +176 -0
data/lib/dependabot/file_updaters/java/gradle/dependency_set_updater.rb +66 -0
data/lib/dependabot/file_updaters/java/gradle/property_value_updater.rb +58 -0
data/lib/dependabot/file_updaters/java/maven.rb +155 -0
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +132 -0
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +61 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn.rb +159 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npm_lockfile_updater.rb +532 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/npmrc_builder.rb +191 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_preparer.rb +91 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/package_json_updater.rb +220 -0
data/lib/dependabot/file_updaters/java_script/npm_and_yarn/yarn_lockfile_updater.rb +475 -0
data/lib/dependabot/file_updaters/php/composer.rb +78 -0
data/lib/dependabot/file_updaters/php/composer/lockfile_updater.rb +264 -0
data/lib/dependabot/file_updaters/php/composer/manifest_updater.rb +70 -0
data/lib/dependabot/file_updaters/python/pip.rb +147 -0
data/lib/dependabot/file_updaters/python/pip/pip_compile_file_updater.rb +363 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_file_updater.rb +397 -0
data/lib/dependabot/file_updaters/python/pip/pipfile_preparer.rb +125 -0
data/lib/dependabot/file_updaters/python/pip/poetry_file_updater.rb +289 -0
data/lib/dependabot/file_updaters/python/pip/pyproject_preparer.rb +105 -0
data/lib/dependabot/file_updaters/python/pip/requirement_file_updater.rb +166 -0
data/lib/dependabot/file_updaters/python/pip/requirement_replacer.rb +95 -0
data/lib/dependabot/file_updaters/python/pip/setup_file_sanitizer.rb +91 -0
data/lib/dependabot/file_updaters/ruby/bundler.rb +121 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemfile_updater.rb +116 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_dependency_name_finder.rb +52 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_sanitizer.rb +298 -0
data/lib/dependabot/file_updaters/ruby/bundler/gemspec_updater.rb +64 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_pin_replacer.rb +80 -0
data/lib/dependabot/file_updaters/ruby/bundler/git_source_remover.rb +102 -0
data/lib/dependabot/file_updaters/ruby/bundler/lockfile_updater.rb +384 -0
data/lib/dependabot/file_updaters/ruby/bundler/requirement_replacer.rb +188 -0
data/lib/dependabot/file_updaters/rust/cargo.rb +83 -0
data/lib/dependabot/file_updaters/rust/cargo/lockfile_updater.rb +251 -0
data/lib/dependabot/file_updaters/rust/cargo/manifest_updater.rb +162 -0
data/lib/dependabot/git_commit_checker.rb +412 -0
data/lib/dependabot/metadata_finders.rb +46 -0
data/lib/dependabot/metadata_finders/README.md +53 -0
data/lib/dependabot/metadata_finders/base.rb +117 -0
data/lib/dependabot/metadata_finders/base/changelog_finder.rb +317 -0
data/lib/dependabot/metadata_finders/base/changelog_pruner.rb +177 -0
data/lib/dependabot/metadata_finders/base/commits_finder.rb +217 -0
data/lib/dependabot/metadata_finders/base/release_finder.rb +251 -0
data/lib/dependabot/metadata_finders/docker/docker.rb +18 -0
data/lib/dependabot/metadata_finders/dotnet/nuget.rb +116 -0
data/lib/dependabot/metadata_finders/elixir/hex.rb +69 -0
data/lib/dependabot/metadata_finders/elm/elm_package.rb +22 -0
data/lib/dependabot/metadata_finders/git/submodules.rb +20 -0
data/lib/dependabot/metadata_finders/go/dep.rb +56 -0
data/lib/dependabot/metadata_finders/java/maven.rb +173 -0
data/lib/dependabot/metadata_finders/java_script/npm_and_yarn.rb +215 -0
data/lib/dependabot/metadata_finders/php/composer.rb +66 -0
data/lib/dependabot/metadata_finders/python/pip.rb +120 -0
data/lib/dependabot/metadata_finders/ruby/bundler.rb +150 -0
data/lib/dependabot/metadata_finders/rust/cargo.rb +64 -0
data/lib/dependabot/pull_request_creator.rb +151 -0
data/lib/dependabot/pull_request_creator/branch_namer.rb +170 -0
data/lib/dependabot/pull_request_creator/commit_signer.rb +63 -0
data/lib/dependabot/pull_request_creator/github.rb +233 -0
data/lib/dependabot/pull_request_creator/gitlab.rb +122 -0
data/lib/dependabot/pull_request_creator/labeler.rb +361 -0
data/lib/dependabot/pull_request_creator/message_builder.rb +888 -0
data/lib/dependabot/pull_request_updater.rb +43 -0
data/lib/dependabot/pull_request_updater/github.rb +151 -0
data/lib/dependabot/shared_helpers.rb +201 -0
data/lib/dependabot/source.rb +120 -0
data/lib/dependabot/update_checkers.rb +48 -0
data/lib/dependabot/update_checkers/README.md +67 -0
data/lib/dependabot/update_checkers/base.rb +220 -0
data/lib/dependabot/update_checkers/docker/docker.rb +290 -0
data/lib/dependabot/update_checkers/dotnet/nuget.rb +127 -0
data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +97 -0
data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +232 -0
data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +81 -0
data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +231 -0
data/lib/dependabot/update_checkers/elixir/hex.rb +274 -0
data/lib/dependabot/update_checkers/elixir/hex/file_preparer.rb +193 -0
data/lib/dependabot/update_checkers/elixir/hex/requirements_updater.rb +177 -0
data/lib/dependabot/update_checkers/elixir/hex/version_resolver.rb +175 -0
data/lib/dependabot/update_checkers/elm/elm_package.rb +126 -0
data/lib/dependabot/update_checkers/elm/elm_package/cli_parser.rb +33 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_18_version_resolver.rb +234 -0
data/lib/dependabot/update_checkers/elm/elm_package/elm_19_version_resolver.rb +198 -0
data/lib/dependabot/update_checkers/elm/elm_package/requirements_updater.rb +75 -0
data/lib/dependabot/update_checkers/git/submodules.rb +52 -0
data/lib/dependabot/update_checkers/go/dep.rb +311 -0
data/lib/dependabot/update_checkers/go/dep/file_preparer.rb +221 -0
data/lib/dependabot/update_checkers/go/dep/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/go/dep/requirements_updater.rb +223 -0
data/lib/dependabot/update_checkers/go/dep/version_resolver.rb +164 -0
data/lib/dependabot/update_checkers/go/modules.rb +112 -0
data/lib/dependabot/update_checkers/java/gradle.rb +148 -0
data/lib/dependabot/update_checkers/java/gradle/multi_dependency_updater.rb +105 -0
data/lib/dependabot/update_checkers/java/gradle/version_finder.rb +183 -0
data/lib/dependabot/update_checkers/java/maven.rb +159 -0
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +127 -0
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +92 -0
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +225 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn.rb +280 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb +342 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/library_detector.rb +69 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/registry_finder.rb +226 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/requirements_updater.rb +197 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/subdependency_version_resolver.rb +228 -0
data/lib/dependabot/update_checkers/java_script/npm_and_yarn/version_resolver.rb +452 -0
data/lib/dependabot/update_checkers/php/composer.rb +165 -0
data/lib/dependabot/update_checkers/php/composer/requirements_updater.rb +243 -0
data/lib/dependabot/update_checkers/php/composer/version_resolver.rb +203 -0
data/lib/dependabot/update_checkers/python/pip.rb +227 -0
data/lib/dependabot/update_checkers/python/pip/latest_version_finder.rb +252 -0
data/lib/dependabot/update_checkers/python/pip/pip_compile_version_resolver.rb +380 -0
data/lib/dependabot/update_checkers/python/pip/pipfile_version_resolver.rb +559 -0
data/lib/dependabot/update_checkers/python/pip/poetry_version_resolver.rb +300 -0
data/lib/dependabot/update_checkers/python/pip/requirements_updater.rb +367 -0
data/lib/dependabot/update_checkers/ruby/bundler.rb +324 -0
data/lib/dependabot/update_checkers/ruby/bundler/file_preparer.rb +278 -0
data/lib/dependabot/update_checkers/ruby/bundler/force_updater.rb +261 -0
data/lib/dependabot/update_checkers/ruby/bundler/latest_version_finder.rb +169 -0
data/lib/dependabot/update_checkers/ruby/bundler/requirements_updater.rb +264 -0
data/lib/dependabot/update_checkers/ruby/bundler/ruby_requirement_setter.rb +115 -0
data/lib/dependabot/update_checkers/ruby/bundler/shared_bundler_helpers.rb +243 -0
data/lib/dependabot/update_checkers/ruby/bundler/version_resolver.rb +255 -0
data/lib/dependabot/update_checkers/rust/cargo.rb +282 -0
data/lib/dependabot/update_checkers/rust/cargo/file_preparer.rb +202 -0
data/lib/dependabot/update_checkers/rust/cargo/requirements_updater.rb +175 -0
data/lib/dependabot/update_checkers/rust/cargo/version_resolver.rb +242 -0
data/lib/dependabot/utils.rb +84 -0
data/lib/dependabot/utils/docker/credentials_finder.rb +65 -0
data/lib/dependabot/utils/dotnet/requirement.rb +90 -0
data/lib/dependabot/utils/dotnet/version.rb +22 -0
data/lib/dependabot/utils/elixir/requirement.rb +53 -0
data/lib/dependabot/utils/elixir/version.rb +59 -0
data/lib/dependabot/utils/elm/requirement.rb +92 -0
data/lib/dependabot/utils/elm/version.rb +19 -0
data/lib/dependabot/utils/go/path_converter.rb +74 -0
data/lib/dependabot/utils/go/requirement.rb +152 -0
data/lib/dependabot/utils/go/shared_helper.rb +20 -0
data/lib/dependabot/utils/go/version.rb +40 -0
data/lib/dependabot/utils/java/requirement.rb +110 -0
data/lib/dependabot/utils/java/version.rb +179 -0
data/lib/dependabot/utils/java_script/requirement.rb +117 -0
data/lib/dependabot/utils/java_script/version.rb +30 -0
data/lib/dependabot/utils/php/requirement.rb +97 -0
data/lib/dependabot/utils/php/version.rb +22 -0
data/lib/dependabot/utils/python/requirement.rb +130 -0
data/lib/dependabot/utils/python/version.rb +88 -0
data/lib/dependabot/utils/ruby/requirement.rb +26 -0
data/lib/dependabot/utils/rust/requirement.rb +108 -0
data/lib/dependabot/utils/rust/version.rb +32 -0
data/lib/dependabot/version.rb +5 -0
data/lib/python_requirement_parser.rb +33 -0
data/lib/python_versions.rb +21 -0
metadata +641 -0

data/lib/dependabot/utils/go/requirement.rb ADDED Viewed

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+################################################################################
+# For more details on Go version constraints, see:                             #
+# - https://github.com/Masterminds/semver                                      #
+# - https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md               #
+################################################################################
+require "dependabot/utils/go/version"
+module Dependabot
+  module Utils
+    module Go
+      class Requirement < Gem::Requirement
+        WILDCARD_REGEX = /(?:\.|^)[xX*]/.freeze
+        OR_SEPARATOR = /(?<=[a-zA-Z0-9*])\s*\|{2}/.freeze
+        # Override the version pattern to allow a 'v' prefix
+        quoted = OPS.keys.map { |k| Regexp.quote(k) }.join("|")
+        version_pattern = "v?#{Utils::Go::Version::VERSION_PATTERN}"
+        PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{version_pattern})\\s*"
+        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+        # Use Utils::Go::Version rather than Gem::Version to ensure that
+        # pre-release versions aren't transformed.
+        def self.parse(obj)
+          if obj.is_a?(Gem::Version)
+            return ["=", Utils::Go::Version.new(obj.to_s)]
+          end
+          unless (matches = PATTERN.match(obj.to_s))
+            msg = "Illformed requirement [#{obj.inspect}]"
+            raise BadRequirementError, msg
+          end
+          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
+          [matches[1] || "=", Utils::Go::Version.new(matches[2])]
+        end
+        # Returns an array of requirements. At least one requirement from the
+        # returned array must be satisfied for a version to be valid.
+        def self.requirements_array(requirement_string)
+          return [new(nil)] if requirement_string.nil?
+          requirement_string.strip.split(OR_SEPARATOR).map do |req_string|
+            new(req_string)
+          end
+        end
+        def initialize(*requirements)
+          requirements = requirements.flatten.flat_map do |req_string|
+            req_string.split(",").map do |r|
+              convert_go_constraint_to_ruby_constraint(r.strip)
+            end
+          end
+          super(requirements)
+        end
+        private
+        def convert_go_constraint_to_ruby_constraint(req_string)
+          req_string = req_string
+          req_string = convert_wildcard_characters(req_string)
+          if req_string.match?(WILDCARD_REGEX)
+            ruby_range(req_string.gsub(WILDCARD_REGEX, "").gsub(/^[^\d]/, ""))
+          elsif req_string.match?(/^~[^>]/) then convert_tilde_req(req_string)
+          elsif req_string.include?(" - ") then convert_hyphen_req(req_string)
+          elsif req_string.match?(/^[\dv^]/) then convert_caret_req(req_string)
+          elsif req_string.match?(/[<=>]/) then req_string
+          else ruby_range(req_string)
+          end
+        end
+        def convert_wildcard_characters(req_string)
+          if req_string.match?(/^[\dv^>~]/)
+            replace_wildcard_in_lower_bound(req_string)
+          elsif req_string.start_with?("<")
+            parts = req_string.split(".")
+            parts.map.with_index do |part, index|
+              next "0" if part.match?(WILDCARD_REGEX)
+              next part.to_i + 1 if parts[index + 1]&.match?(WILDCARD_REGEX)
+              part
+            end.join(".")
+          else
+            req_string
+          end
+        end
+        def replace_wildcard_in_lower_bound(req_string)
+          after_wildcard = false
+          if req_string.start_with?("~")
+            req_string = req_string.gsub(/(?:(?:\.|^)[xX*])(\.[xX*])+/, "")
+          end
+          req_string.split(".").
+            map do |part|
+              part.split("-").map.with_index do |p, i|
+                # Before we hit a wildcard we just return the existing part
+                next p unless p.match?(WILDCARD_REGEX) || after_wildcard
+                # On or after a wildcard we replace the version part with zero
+                after_wildcard = true
+                i.zero? ? "0" : "a"
+              end.join("-")
+            end.join(".")
+        end
+        def convert_tilde_req(req_string)
+          version = req_string.gsub(/^~/, "")
+          parts = version.split(".")
+          parts << "0" if parts.count < 3
+          "~> #{parts.join('.')}"
+        end
+        def convert_hyphen_req(req_string)
+          lower_bound, upper_bound = req_string.split(/\s+-\s+/)
+          [">= #{lower_bound}", "<= #{upper_bound}"]
+        end
+        def ruby_range(req_string)
+          parts = req_string.split(".")
+          # If we have three or more parts then this is an exact match
+          return req_string if parts.count >= 3
+          # If we have no parts then the version is completely unlocked
+          return ">= 0" if parts.count.zero?
+          # If we have fewer than three parts we do a partial match
+          parts << "0"
+          "~> #{parts.join('.')}"
+        end
+        # Note: Dep's caret notation implementation doesn't distinguish between
+        # pre and post-1.0.0 requirements (unlike in JS)
+        def convert_caret_req(req_string)
+          version = req_string.gsub(/^\^?v?/, "")
+          parts = version.split(".")
+          upper_bound = [parts.first.to_i + 1, 0, 0, "a"].map(&:to_s).join(".")
+          [">= #{version}", "< #{upper_bound}"]
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/go/shared_helper.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+module Dependabot
+  module Utils
+    module Go
+      module SharedHelper
+        def self.path
+          project_root = File.join(File.dirname(__FILE__), "../../../..")
+          platform =
+            case RbConfig::CONFIG["arch"]
+            when /linux/ then "linux"
+            when /darwin/ then "darwin"
+            else raise "Invalid platform #{RbConfig::CONFIG['arch']}"
+            end
+          File.join(project_root, "helpers/go/go-helpers.#{platform}64")
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/go/version.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+# Go pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
+# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
+# alteration.
+# Best docs are at https://github.com/Masterminds/semver
+module Dependabot
+  module Utils
+    module Go
+      class Version < Gem::Version
+        VERSION_PATTERN = '[0-9]+[0-9a-zA-Z]*(?>\.[0-9a-zA-Z]+)*' \
+                          '(-[0-9A-Za-z-]+(\.[0-9a-zA-Z-]+)*)?' \
+                          '(\+incompatible)?'
+        ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+        def self.correct?(version)
+          version = version.gsub(/^v/, "") if version.is_a?(String)
+          version = version&.to_s&.split("+")&.first
+          super(version)
+        end
+        def initialize(version)
+          @version_string = version.to_s.gsub(/^v/, "")
+          version = version.gsub(/^v/, "") if version.is_a?(String)
+          version = version&.to_s&.split("+")&.first
+          super
+        end
+        def inspect # :nodoc:
+          "#<#{self.class} #{@version_string.inspect}>"
+        end
+        def to_s
+          @version_string
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/java/requirement.rb ADDED Viewed

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+require "dependabot/utils/java/version"
+module Dependabot
+  module Utils
+    module Java
+      class Requirement < Gem::Requirement
+        quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
+        PATTERN_RAW =
+          "\\s*(#{quoted})?\\s*(#{Utils::Java::Version::VERSION_PATTERN})\\s*"
+        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
+        def self.parse(obj)
+          if obj.is_a?(Gem::Version)
+            return ["=", Utils::Java::Version.new(obj.to_s)]
+          end
+          unless (matches = PATTERN.match(obj.to_s))
+            msg = "Illformed requirement [#{obj.inspect}]"
+            raise BadRequirementError, msg
+          end
+          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
+          [matches[1] || "=", Utils::Java::Version.new(matches[2])]
+        end
+        def self.requirements_array(requirement_string)
+          split_java_requirement(requirement_string).map do |str|
+            new(str)
+          end
+        end
+        def initialize(*requirements)
+          requirements = requirements.flatten.flat_map do |req_string|
+            convert_java_constraint_to_ruby_constraint(req_string)
+          end
+          super(requirements)
+        end
+        def satisfied_by?(version)
+          version = Utils::Java::Version.new(version.to_s)
+          super
+        end
+        private
+        def self.split_java_requirement(req_string)
+          req_string.split(/(?<=\]|\)),/).flat_map do |str|
+            next str if str.start_with?("(", "[")
+            exacts, *rest = str.split(/,(?=\[|\()/)
+            [*exacts.split(","), *rest]
+          end
+        end
+        private_class_method :split_java_requirement
+        def convert_java_constraint_to_ruby_constraint(req_string)
+          return unless req_string
+          if self.class.send(:split_java_requirement, req_string).count > 1
+            raise "Can't convert multiple Java reqs to a single Ruby one"
+          end
+          if req_string&.include?(",")
+            return convert_java_range_to_ruby_range(req_string)
+          end
+          convert_java_equals_req_to_ruby(req_string)
+        end
+        def convert_java_range_to_ruby_range(req_string)
+          lower_b, upper_b = req_string.split(",").map(&:strip)
+          lower_b =
+            if ["(", "["].include?(lower_b) then nil
+            elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
+            else ">= #{lower_b.sub(/\[\s*/, '').strip}"
+            end
+          upper_b =
+            if [")", "]"].include?(upper_b) then nil
+            elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
+            else "<= #{upper_b.sub(/\s*\]/, '').strip}"
+            end
+          [lower_b, upper_b].compact
+        end
+        def convert_java_equals_req_to_ruby(req_string)
+          return convert_wildcard_req(req_string) if req_string&.include?("+")
+          # If a soft requirement is being used, treat it as an equality matcher
+          return req_string unless req_string&.start_with?("[")
+          req_string.gsub(/[\[\]\(\)]/, "")
+        end
+        def convert_wildcard_req(req_string)
+          version = req_string.gsub(/(?:\.|^)\+/, "")
+          return ">= 0" if version.empty?
+          "~> #{version}.0"
+        end
+      end
+    end
+  end
+end

data/lib/dependabot/utils/java/version.rb ADDED Viewed

@@ -0,0 +1,179 @@
+# frozen_string_literal: true
+# Java versions use dots and dashes when tokenising their versions.
+# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
+#
+# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
+module Dependabot
+  module Utils
+    module Java
+      class Version < Gem::Version
+        NULL_VALUES = %w(0 final ga).freeze
+        PREFIXED_TOKEN_HIERARCHY = {
+          "." => { qualifier: 1, number: 4 },
+          "-" => { qualifier: 2, number: 3 }
+        }.freeze
+        NAMED_QUALIFIERS_HIERARCHY = {
+          "a" => 1, "alpha"     => 1,
+          "b" => 2, "beta"      => 2,
+          "m" => 3, "milestone" => 3,
+          "rc" => 4, "cr" => 4,
+          "snapshot" => 5,
+          "ga" => 6, "" => 6, "final" => 6,
+          "sp" => 7
+        }.freeze
+        VERSION_PATTERN =
+          '[0-9a-zA-Z]+(?>\.[0-9a-zA-Z]*)*(-[0-9A-Za-z-]*(\.[0-9A-Za-z-]*)*)?'
+        ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+        def self.correct?(version)
+          return false if version.nil?
+          version.to_s.match?(ANCHORED_VERSION_PATTERN)
+        end
+        def initialize(version)
+          @version_string = version.to_s
+          super(version.to_s.tr("_", "-"))
+        end
+        def to_s
+          @version_string
+        end
+        def prerelease?
+          tokens.any? do |token|
+            next false unless NAMED_QUALIFIERS_HIERARCHY[token]
+            NAMED_QUALIFIERS_HIERARCHY[token] < 6
+          end
+        end
+        private
+        def tokens
+          @tokens ||=
+            begin
+              version = @version_string.to_s.downcase
+              version = fill_tokens(version)
+              version = trim_version(version)
+              split_into_prefixed_tokens(version).map { |t| t[1..-1] }
+            end
+        end
+        def <=>(other)
+          version = stringify_version(@version_string)
+          version = fill_tokens(version)
+          version = trim_version(version)
+          other_version = stringify_version(other)
+          other_version = fill_tokens(other_version)
+          other_version = trim_version(other_version)
+          version, other_version = convert_dates(version, other_version)
+          prefixed_tokens = split_into_prefixed_tokens(version)
+          other_prefixed_tokens = split_into_prefixed_tokens(other_version)
+          prefixed_tokens, other_prefixed_tokens =
+            pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+          prefixed_tokens.count.times.each do |index|
+            comp = compare_prefixed_token(
+              prefix: prefixed_tokens[index][0],
+              token: prefixed_tokens[index][1..-1] || "",
+              other_prefix: other_prefixed_tokens[index][0],
+              other_token: other_prefixed_tokens[index][1..-1] || ""
+            )
+            return comp unless comp.zero?
+          end
+          0
+        end
+        def stringify_version(version)
+          version = version.to_s.downcase
+          # Not technically correct, but pragmatic
+          version.gsub(/^v(?=\d)/, "")
+        end
+        def fill_tokens(version)
+          # Add separators when transitioning from digits to characters
+          version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
+          version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
+          # Replace empty tokens with 0
+          version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
+          version = version.gsub(/^([\.\-])/, '0\1')
+          version.gsub(/([\.\-])$/, '\10')
+        end
+        def trim_version(version)
+          version.split("-").map do |v|
+            parts = v.split(".")
+            parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
+            parts&.join(".")
+          end.compact.reject(&:empty?).join("-")
+        end
+        def convert_dates(version, other_version)
+          default = [version, other_version]
+          return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+          return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+          [version.delete("-"), other_version.delete("-")]
+        end
+        def split_into_prefixed_tokens(version)
+          ".#{version}".split(/(?=[\-\.])/)
+        end
+        def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+          prefixed_tokens = prefixed_tokens.dup
+          other_prefixed_tokens = other_prefixed_tokens.dup
+          longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
+          shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
+          longest.count.times do |index|
+            next unless shortest[index].nil?
+            shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
+          end
+          [prefixed_tokens, other_prefixed_tokens]
+        end
+        def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
+          token_type = token.match?(/^\d+$/) ? :number : :qualifier
+          other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
+          hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
+          other_hierarchy =
+            PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
+          hierarchy_comparison = hierarchy <=> other_hierarchy
+          return hierarchy_comparison unless hierarchy_comparison.zero?
+          compare_token(token: token, other_token: other_token)
+        end
+        def compare_token(token:, other_token:)
+          if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
+            return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
+            return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
+          end
+          return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
+          token = token.to_i if token.match?(/^\d+$/)
+          other_token = other_token.to_i if other_token.match?(/^\d+$/)
+          token <=> other_token
+        end
+      end
+    end
+  end
+end