RubyGems - dependabot-julia - Versions diffs - 0.357.0 → 0.358.0 - Mend

dependabot-julia 0.357.0 → 0.358.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/dependabot/julia/requirement.rb +52 -41
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76fe4785dc95ee847322f2673a67df374eb0d2eebf5a740b966f1c487e2e6375
-  data.tar.gz: 174617969c5b36d6aa341f23c310c125794a095a61e3f7de457a874542a8dfb5
+  metadata.gz: c442b3d384670e44fdceb57d184f86c67f0568580c773a9edad960cd664e0e18
+  data.tar.gz: 94bb9140bec5fa998ccc894c452a8a2a13e77450830a101ae3bc3a0e100e8b28
 SHA512:
-  metadata.gz: 6240ebc3636af1e5b52bf4c18090800555593aa8be82aa4a567f6b4802eec283d103618d135a08ee8b62b695e182f7d245dd8d367c93c7120a5060fb7ec03fa9
-  data.tar.gz: df44056fe3096eabd8ba8ff3ce42445cf7c1a68d8f2c3b795c58c12fa0dc7386cc460613033f2598c63463ffa1668ce75c4ade3b7d5357bf3e39212c1d120bc6
+  metadata.gz: 05b7acbb49fb4ed7f759de5c554d5a5daf4d005aaba74296a21ef6e8ede74577828ff6fe5a83aa129d78b58d0765ce175e0fa23fd77a742d1587418978524fe9
+  data.tar.gz: 86d1919b0c98ec0b083f876ca7db6d737e967c2e459b9a8e2353d8f640bf67f9b2b33ed90c260ea4013bfadf4bbc1feea97680359325816363a6b1d40638d50b

data/lib/dependabot/julia/requirement.rb CHANGED Viewed

@@ -30,8 +30,14 @@ module Dependabot
       sig { params(constraints: T::Array[String]).returns(T::Boolean) }
       def self.compound_constraint?(constraints)
-        # Compound constraints (e.g., ">= 1.0, < 2.0") have operators and multiple parts
-        constraints.length > 1 && constraints.any? { |c| c.match?(/^[<>=~^]/) }
+        # Compound constraints (e.g., ">= 1.0, < 2.0") are when explicit comparison operators
+        # (>=, <=, <, >, =) work together to define a single range.
+        # Separate constraints (e.g., "^1.10, 2" or "0.34, 0.35") use version specs
+        # (with or without ^/~) as OR conditions - any matching spec is acceptable.
+        # Only treat as compound if ALL constraints use explicit comparison operators.
+        return false if constraints.length <= 1
+        constraints.all? { |c| c.match?(/^[<>=]/) }
       end
       sig { params(constraints: T::Array[String]).returns(T::Array[Dependabot::Julia::Requirement]) }
@@ -74,51 +80,56 @@ module Dependabot
         [constraint]
       end
+      sig { params(version_string: String).returns([String, Integer, Integer, Integer, Integer]) }
+      private_class_method def self.parse_version_parts(version_string)
+        parts = version_string.split(".")
+        [
+          version_string,
+          parts.length,
+          T.must(parts[0]).to_i,
+          parts[1].to_i,
+          parts[2].to_i
+        ]
+      end
+      sig { params(major: Integer, minor: Integer, patch: Integer, num_parts: Integer).returns(String) }
+      private_class_method def self.caret_upper_bound(major, minor, patch, num_parts)
+        # Julia caret semantics: upper bound determined by left-most non-zero digit
+        return "#{major + 1}.0.0" if major.positive?
+        return "0.#{minor + 1}.0" if minor.positive?
+        return "0.0.#{patch + 1}" if num_parts == 3
+        return "0.1.0" if num_parts == 2
+        "1.0.0"
+      end
       sig { params(constraint: String).returns(T::Array[String]) }
       private_class_method def self.normalize_caret_constraint(constraint)
-        version = T.must(constraint[1..-1])
-        parts = version.split(".")
-        major = T.must(parts[0]).to_i
-        minor = parts[1].to_i
-        patch = parts[2].to_i
-        # Julia caret semantics:
-        # - For 0.0.x: compatible within patch (e.g., 0.0.5 -> 0.0.x, < 0.0.6 or < 0.1.0?)
-        # - For 0.x.y: compatible within minor (e.g., 0.34.6 -> 0.34.x, < 0.35.0)
-        # - For x.y.z (x > 0): compatible within major (e.g., 1.2.3 -> 1.x.x, < 2.0.0)
-        if major.zero? && minor.zero?
-          # 0.0.x versions: bump patch
-          [">= #{version}", "< 0.0.#{patch + 1}"]
-        elsif major.zero?
-          # 0.x.y versions: bump minor (0.34.6 -> < 0.35.0)
-          [">= #{version}", "< 0.#{minor + 1}.0"]
-        else
-          # x.y.z versions where x > 0: bump major
-          [">= #{version}", "< #{major + 1}.0.0"]
-        end
+        version, num_parts, major, minor, patch = parse_version_parts(T.must(constraint[1..-1]))
+        # Julia caret semantics (from https://pkgdocs.julialang.org/v1/compatibility/):
+        # ^1.2.3 -> [1.2.3, 2.0.0), ^0.2.3 -> [0.2.3, 0.3.0), ^0.0.3 -> [0.0.3, 0.0.4)
+        # ^0.0 -> [0.0.0, 0.1.0), ^0 -> [0.0.0, 1.0.0)
+        [">= #{version}", "< #{caret_upper_bound(major, minor, patch, num_parts)}"]
+      end
+      sig { params(major: Integer, minor: Integer, patch: Integer, num_parts: Integer).returns(String) }
+      private_class_method def self.tilde_upper_bound(major, minor, patch, num_parts)
+        # Julia tilde semantics: ~1 equivalent to ^1, otherwise bump minor (except 0.0.x bumps patch)
+        return "#{major + 1}.0.0" if num_parts == 1
+        return "0.0.#{patch + 1}" if major.zero? && minor.zero? && num_parts == 3
+        return "0.1.0" if major.zero? && minor.zero?
+        "#{major}.#{minor + 1}.0"
       end
       sig { params(constraint: String).returns(T::Array[String]) }
       private_class_method def self.normalize_tilde_constraint(constraint)
-        version = T.must(constraint[1..-1])
-        parts = version.split(".")
-        major = T.must(parts[0]).to_i
-        minor = parts[1].to_i
-        # Julia tilde semantics (similar to npm):
-        # - For 0.0.x: compatible within patch (same as caret)
-        # - For 0.x.y or x.y.z: compatible within minor (bump minor)
-        if major.zero? && minor.zero?
-          # 0.0.x versions: bump patch
-          patch = parts[2].to_i
-          [">= #{version}", "< 0.0.#{patch + 1}"]
-        elsif major.zero?
-          # 0.x.y versions: bump minor (same as caret for 0.x)
-          [">= #{version}", "< 0.#{minor + 1}.0"]
-        else
-          # x.y.z versions where x > 0: bump minor only
-          [">= #{version}", "< #{major}.#{minor + 1}.0"]
-        end
+        version, num_parts, major, minor, patch = parse_version_parts(T.must(constraint[1..-1]))
+        # Julia tilde semantics (from https://pkgdocs.julialang.org/v1/compatibility/):
+        # ~1.2.3 -> [1.2.3, 1.3.0), ~1 -> [1.0.0, 2.0.0), ~0.0.3 -> [0.0.3, 0.0.4)
+        [">= #{version}", "< #{tilde_upper_bound(major, minor, patch, num_parts)}"]
       end
       sig { params(constraint: String).returns(T::Array[String]) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-julia
 version: !ruby/object:Gem::Version
-  version: 0.357.0
+  version: 0.358.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.357.0
+        version: 0.358.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -261,7 +261,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.357.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.358.0
 rdoc_options: []
 require_paths:
 - lib