RubyGems - dependabot-core - Versions diffs - 0.84.1 → 0.85.0 - Mend

dependabot-core 0.84.1 → 0.85.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/dependabot/file_fetchers.rb +0 -2
data/lib/dependabot/file_parsers.rb +0 -2
data/lib/dependabot/file_updaters.rb +0 -2
data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
data/lib/dependabot/metadata_finders.rb +0 -2
data/lib/dependabot/update_checkers.rb +0 -2
data/lib/dependabot/utils.rb +0 -4
data/lib/dependabot/version.rb +1 -1
metadata +3 -16
data/lib/dependabot/file_fetchers/java/maven.rb +0 -127
data/lib/dependabot/file_parsers/java/maven.rb +0 -252
data/lib/dependabot/file_parsers/java/maven/property_value_finder.rb +0 -166
data/lib/dependabot/file_parsers/java/maven/repositories_finder.rb +0 -188
data/lib/dependabot/file_updaters/java/maven.rb +0 -155
data/lib/dependabot/file_updaters/java/maven/declaration_finder.rb +0 -148
data/lib/dependabot/file_updaters/java/maven/property_value_updater.rb +0 -61
data/lib/dependabot/metadata_finders/java/maven.rb +0 -173
data/lib/dependabot/update_checkers/java/maven.rb +0 -159
data/lib/dependabot/update_checkers/java/maven/property_updater.rb +0 -127
data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb +0 -92
data/lib/dependabot/update_checkers/java/maven/version_finder.rb +0 -225
data/lib/dependabot/utils/java/requirement.rb +0 -110
data/lib/dependabot/utils/java/version.rb +0 -179

data/lib/dependabot/update_checkers/java/maven/property_updater.rb DELETED

@@ -1,127 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/file_parsers/java/maven"
-require "dependabot/update_checkers/java/maven"
-require "dependabot/update_checkers/java/maven/requirements_updater"
-require "dependabot/file_updaters/java/maven/declaration_finder"
-module Dependabot
-  module UpdateCheckers
-    module Java
-      class Maven
-        class PropertyUpdater
-          require_relative "version_finder"
-          def initialize(dependency:, dependency_files:, credentials:,
-                         target_version_details:, ignored_versions:)
-            @dependency       = dependency
-            @dependency_files = dependency_files
-            @credentials      = credentials
-            @ignored_versions = ignored_versions
-            @target_version   = target_version_details&.fetch(:version)
-            @source_url       = target_version_details&.fetch(:source_url)
-          end
-          def update_possible?
-            return false unless target_version
-            @update_possible ||=
-              dependencies_using_property.all? do |dep|
-                versions = VersionFinder.new(
-                  dependency: dep,
-                  dependency_files: dependency_files,
-                  credentials: credentials,
-                  ignored_versions: ignored_versions
-                ).versions.map { |v| v.fetch(:version) }
-                versions.include?(target_version) || versions.none?
-              end
-          end
-          def updated_dependencies
-            raise "Update not possible!" unless update_possible?
-            @updated_dependencies ||=
-              dependencies_using_property.map do |dep|
-                Dependency.new(
-                  name: dep.name,
-                  version: updated_version(dep),
-                  requirements: updated_requirements(dep),
-                  previous_version: dep.version,
-                  previous_requirements: dep.requirements,
-                  package_manager: dep.package_manager
-                )
-              end
-          end
-          private
-          attr_reader :dependency, :dependency_files, :target_version,
-                      :source_url, :credentials, :ignored_versions
-          def dependencies_using_property
-            @dependencies_using_property ||=
-              FileParsers::Java::Maven.new(
-                dependency_files: dependency_files,
-                source: nil
-              ).parse.select do |dep|
-                dep.requirements.any? do |r|
-                  next unless r.dig(:metadata, :property_name) == property_name
-                  r.dig(:metadata, :property_source) == property_source
-                end
-              end
-          end
-          def property_name
-            @property_name ||= dependency.requirements.
-                               find { |r| r.dig(:metadata, :property_name) }&.
-                               dig(:metadata, :property_name)
-            raise "No requirement with a property name!" unless @property_name
-            @property_name
-          end
-          def property_source
-            @property_source ||=
-              dependency.requirements.
-              find { |r| r.dig(:metadata, :property_name) == property_name }&.
-              dig(:metadata, :property_source)
-          end
-          def version_string(dep)
-            declaring_requirement =
-              dep.requirements.
-              find { |r| r.dig(:metadata, :property_name) == property_name }
-            FileUpdaters::Java::Maven::DeclarationFinder.new(
-              dependency: dep,
-              declaring_requirement: declaring_requirement,
-              dependency_files: dependency_files
-            ).declaration_nodes.first.at_css("version")&.content
-          end
-          def pom
-            dependency_files.find { |f| f.name == "pom.xml" }
-          end
-          def updated_version(dep)
-            version_string(dep).gsub("${#{property_name}}", target_version.to_s)
-          end
-          def updated_requirements(dep)
-            @updated_requirements ||= {}
-            @updated_requirements[dep.name] ||=
-              RequirementsUpdater.new(
-                requirements: dep.requirements,
-                latest_version: updated_version(dep),
-                source_url: source_url,
-                properties_to_update: [property_name]
-              ).updated_requirements
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/java/maven/requirements_updater.rb DELETED

@@ -1,92 +0,0 @@
-# frozen_string_literal: true
-#######################################################
-# For more details on Maven version constraints, see: #
-# https://maven.apache.org/pom.html#Dependencies      #
-#######################################################
-require "dependabot/update_checkers/java/maven"
-require "dependabot/utils/java/version"
-require "dependabot/utils/java/requirement"
-module Dependabot
-  module UpdateCheckers
-    module Java
-      class Maven
-        class RequirementsUpdater
-          def initialize(requirements:, latest_version:, source_url:,
-                         properties_to_update:)
-            @requirements = requirements
-            @source_url = source_url
-            @properties_to_update = properties_to_update
-            return unless latest_version
-            @latest_version = version_class.new(latest_version)
-          end
-          def updated_requirements
-            return requirements unless latest_version
-            # Note: Order is important here. The FileUpdater needs the updated
-            # requirement at index `i` to correspond to the previous requirement
-            # at the same index.
-            requirements.map do |req|
-              next req if req.fetch(:requirement).nil?
-              next req if req.fetch(:requirement).include?(",")
-              property_name = req.dig(:metadata, :property_name)
-              if property_name && !properties_to_update.include?(property_name)
-                next req
-              end
-              new_req = update_requirement(req[:requirement])
-              req.merge(requirement: new_req, source: updated_source)
-            end
-          end
-          private
-          attr_reader :requirements, :latest_version, :source_url,
-                      :properties_to_update
-          def update_requirement(req_string)
-            if req_string.include?(".+")
-              update_dynamic_requirement(req_string)
-            else
-              # Since range requirements are excluded this must be exact
-              update_exact_requirement(req_string)
-            end
-          end
-          def update_exact_requirement(req_string)
-            old_version = requirement_class.new(req_string).
-                          requirements.first.last
-            req_string.gsub(old_version.to_s, latest_version.to_s)
-          end
-          # This is really only a Gradle thing, but Gradle relies on this
-          # RequirementsUpdater too
-          def update_dynamic_requirement(req_string)
-            precision = req_string.split(".").take_while { |s| s != "+" }.count
-            version_parts = latest_version.segments.first(precision)
-            version_parts.join(".") + ".+"
-          end
-          def version_class
-            Utils::Java::Version
-          end
-          def requirement_class
-            Utils::Java::Requirement
-          end
-          def updated_source
-            { type: "maven_repo", url: source_url }
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/update_checkers/java/maven/version_finder.rb DELETED

@@ -1,225 +0,0 @@
-# frozen_string_literal: true
-require "nokogiri"
-require "dependabot/shared_helpers"
-require "dependabot/file_parsers/java/maven/repositories_finder"
-require "dependabot/update_checkers/java/maven"
-require "dependabot/utils/java/version"
-require "dependabot/utils/java/requirement"
-module Dependabot
-  module UpdateCheckers
-    module Java
-      class Maven
-        class VersionFinder
-          TYPE_SUFFICES = %w(jre android java).freeze
-          def initialize(dependency:, dependency_files:, credentials:,
-                         ignored_versions:)
-            @dependency       = dependency
-            @dependency_files = dependency_files
-            @credentials      = credentials
-            @ignored_versions = ignored_versions
-            @forbidden_urls   = []
-          end
-          def latest_version_details
-            possible_versions = versions
-            unless wants_prerelease?
-              possible_versions =
-                possible_versions.
-                reject { |v| v.fetch(:version).prerelease? }
-            end
-            unless wants_date_based_version?
-              possible_versions =
-                possible_versions.
-                reject { |v| v.fetch(:version) > version_class.new(1900) }
-            end
-            possible_versions =
-              possible_versions.
-              select { |v| matches_dependency_version_type?(v.fetch(:version)) }
-            ignored_versions.each do |req|
-              ignore_req = Utils::Java::Requirement.new(req.split(","))
-              possible_versions =
-                possible_versions.
-                reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
-            end
-            possible_versions.reverse.find { |v| released?(v.fetch(:version)) }
-          end
-          def versions
-            version_details =
-              repositories.map do |repository_details|
-                url = repository_details.fetch("url")
-                dependency_metadata(repository_details).
-                  css("versions > version").
-                  select { |node| version_class.correct?(node.content) }.
-                  map { |node| version_class.new(node.content) }.
-                  map { |version| { version: version, source_url: url } }
-              end.flatten
-            if version_details.none? && forbidden_urls.any?
-              raise PrivateSourceAuthenticationFailure, forbidden_urls.first
-            end
-            version_details.sort_by { |details| details.fetch(:version) }
-          end
-          private
-          attr_reader :dependency, :dependency_files, :credentials,
-                      :ignored_versions, :forbidden_urls
-          def wants_prerelease?
-            return false unless dependency.version
-            return false unless version_class.correct?(dependency.version)
-            version_class.new(dependency.version).prerelease?
-          end
-          def wants_date_based_version?
-            return false unless dependency.version
-            return false unless version_class.correct?(dependency.version)
-            version_class.new(dependency.version) >= version_class.new(100)
-          end
-          def released?(version)
-            repositories.any? do |repository_details|
-              url = repository_details.fetch("url")
-              response = Excon.get(
-                dependency_files_url(url, version),
-                user: repository_details.fetch("username"),
-                password: repository_details.fetch("password"),
-                idempotent: true,
-                **SharedHelpers.excon_defaults
-              )
-              artifact_id = dependency.name.split(":").last
-              type = dependency.requirements.first.
-                     dig(:metadata, :packaging_type)
-              response.body.include?("#{artifact_id}-#{version}.#{type}")
-            rescue Excon::Error::Socket, Excon::Error::Timeout
-              false
-            end
-          end
-          def dependency_metadata(repository_details)
-            @dependency_metadata ||= {}
-            @dependency_metadata[repository_details.hash] ||=
-              begin
-                response = Excon.get(
-                  dependency_metadata_url(repository_details.fetch("url")),
-                  user: repository_details.fetch("username"),
-                  password: repository_details.fetch("password"),
-                  idempotent: true,
-                  **SharedHelpers.excon_defaults
-                )
-                check_response(response, repository_details.fetch("url"))
-                Nokogiri::XML(response.body)
-              rescue Excon::Error::Socket, Excon::Error::Timeout
-                central =
-                  FileParsers::Java::Maven::RepositoriesFinder::CENTRAL_REPO_URL
-                raise if repository_details.fetch("url") == central
-                Nokogiri::XML("")
-              end
-          end
-          def check_response(response, repository_url)
-            central =
-              FileParsers::Java::Maven::RepositoriesFinder::CENTRAL_REPO_URL
-            return unless [401, 403].include?(response.status)
-            return if @forbidden_urls.include?(repository_url)
-            return if repository_url == central
-            @forbidden_urls << repository_url
-          end
-          def repositories
-            return @repositories if @repositories
-            details = pom_repository_details + credentials_repository_details
-            @repositories =
-              details.reject do |repo|
-                next if repo["password"]
-                # Reject this entry if an identical one with a password exists
-                details.any? { |r| r["url"] == repo["url"] && r["password"] }
-              end
-          end
-          def pom_repository_details
-            @pom_repository_details ||=
-              FileParsers::Java::Maven::RepositoriesFinder.
-              new(dependency_files: dependency_files).
-              repository_urls(pom: pom).
-              map do |url|
-                { "url" => url, "username" => nil, "password" => nil }
-              end
-          end
-          def credentials_repository_details
-            credentials.
-              select { |cred| cred["type"] == "maven_repository" }.
-              map do |cred|
-                {
-                  "url" => cred.fetch("url").gsub(%r{/+$}, ""),
-                  "username" => cred.fetch("username", nil),
-                  "password" => cred.fetch("password", nil)
-                }
-              end
-          end
-          def matches_dependency_version_type?(comparison_version)
-            return true unless dependency.version
-            current_type =
-              TYPE_SUFFICES.
-              find { |t| dependency.version.split(/[.\-]/).include?(t) }
-            version_type =
-              TYPE_SUFFICES.
-              find { |t| comparison_version.to_s.split(/[.\-]/).include?(t) }
-            current_type == version_type
-          end
-          def pom
-            filename = dependency.requirements.first.fetch(:file)
-            dependency_files.find { |f| f.name == filename }
-          end
-          def dependency_metadata_url(repository_url)
-            group_id, artifact_id = dependency.name.split(":")
-            "#{repository_url}/"\
-            "#{group_id.tr('.', '/')}/"\
-            "#{artifact_id}/"\
-            "maven-metadata.xml"
-          end
-          def dependency_files_url(repository_url, version)
-            group_id, artifact_id = dependency.name.split(":")
-            "#{repository_url}/"\
-            "#{group_id.tr('.', '/')}/"\
-            "#{artifact_id}/"\
-            "#{version}/"
-          end
-          def version_class
-            Utils::Java::Version
-          end
-        end
-      end
-    end
-  end
-end

data/lib/dependabot/utils/java/requirement.rb DELETED

@@ -1,110 +0,0 @@
-# frozen_string_literal: true
-require "dependabot/utils/java/version"
-module Dependabot
-  module Utils
-    module Java
-      class Requirement < Gem::Requirement
-        quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
-        PATTERN_RAW =
-          "\\s*(#{quoted})?\\s*(#{Utils::Java::Version::VERSION_PATTERN})\\s*"
-        PATTERN = /\A#{PATTERN_RAW}\z/.freeze
-        def self.parse(obj)
-          if obj.is_a?(Gem::Version)
-            return ["=", Utils::Java::Version.new(obj.to_s)]
-          end
-          unless (matches = PATTERN.match(obj.to_s))
-            msg = "Illformed requirement [#{obj.inspect}]"
-            raise BadRequirementError, msg
-          end
-          return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
-          [matches[1] || "=", Utils::Java::Version.new(matches[2])]
-        end
-        def self.requirements_array(requirement_string)
-          split_java_requirement(requirement_string).map do |str|
-            new(str)
-          end
-        end
-        def initialize(*requirements)
-          requirements = requirements.flatten.flat_map do |req_string|
-            convert_java_constraint_to_ruby_constraint(req_string)
-          end
-          super(requirements)
-        end
-        def satisfied_by?(version)
-          version = Utils::Java::Version.new(version.to_s)
-          super
-        end
-        private
-        def self.split_java_requirement(req_string)
-          req_string.split(/(?<=\]|\)),/).flat_map do |str|
-            next str if str.start_with?("(", "[")
-            exacts, *rest = str.split(/,(?=\[|\()/)
-            [*exacts.split(","), *rest]
-          end
-        end
-        private_class_method :split_java_requirement
-        def convert_java_constraint_to_ruby_constraint(req_string)
-          return unless req_string
-          if self.class.send(:split_java_requirement, req_string).count > 1
-            raise "Can't convert multiple Java reqs to a single Ruby one"
-          end
-          if req_string&.include?(",")
-            return convert_java_range_to_ruby_range(req_string)
-          end
-          convert_java_equals_req_to_ruby(req_string)
-        end
-        def convert_java_range_to_ruby_range(req_string)
-          lower_b, upper_b = req_string.split(",").map(&:strip)
-          lower_b =
-            if ["(", "["].include?(lower_b) then nil
-            elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
-            else ">= #{lower_b.sub(/\[\s*/, '').strip}"
-            end
-          upper_b =
-            if [")", "]"].include?(upper_b) then nil
-            elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
-            else "<= #{upper_b.sub(/\s*\]/, '').strip}"
-            end
-          [lower_b, upper_b].compact
-        end
-        def convert_java_equals_req_to_ruby(req_string)
-          return convert_wildcard_req(req_string) if req_string&.include?("+")
-          # If a soft requirement is being used, treat it as an equality matcher
-          return req_string unless req_string&.start_with?("[")
-          req_string.gsub(/[\[\]\(\)]/, "")
-        end
-        def convert_wildcard_req(req_string)
-          version = req_string.gsub(/(?:\.|^)\+/, "")
-          return ">= 0" if version.empty?
-          "~> #{version}.0"
-        end
-      end
-    end
-  end
-end