dependabot-maven 0.141.0 → 0.143.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 151a0ba3ce7459d72866cfb1f41905cf273d8511aba880175ee61425b1d926ca
-  data.tar.gz: b2608b35aed7d66344017049d42c0a245a5611f475768c21a711a82d929180d1
+  metadata.gz: 999a155b4286ad444b3ea6994f850c94eb17c3142f82513720e4184948ba80e6
+  data.tar.gz: 74e0aba3214a910154d3707bb54c9b720c6207e3b6bc2e8b10b967a23dd9a8ff
 SHA512:
-  metadata.gz: 56eee00d65f6ffcd920792299fc18a5478e1989d0a982ad7b1e717d87cace69b39ffc467d40fe8afd723f1a2f0225b164497812670d9d3128bb389f9748cce94
-  data.tar.gz: 597decbc541d8dbabb9fb9cf193cee11bd7e75523be05177e3dd5dcd813b85317d1815801c923870e4e37c9e306552614fcf388fcdfba578d0133ea500672e3a
+  metadata.gz: fc80e0a1337850473d8057b8d7e0dc83e7b226218aa391bc22a19495bab903dc7563bba301a6fbbc4188368e3798fdd368e949f6cfcb2c6da2c12038b9407039
+  data.tar.gz: 3aba61db57419b4b321c51213c985977553226316324981663d4aa118966a937b8cfc7a7258727beda118e582c6f17d2c362df8b8d306327d02916182fbfbbc6

data/lib/dependabot/maven/requirement.rb

@@ -7,6 +7,7 @@ module Dependabot
   module Maven
     class Requirement < Gem::Requirement
       quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
+      OR_SYNTAX = /(?<=\]|\)),/.freeze
       PATTERN_RAW =
         "\\s*(#{quoted})?\\s*(#{Maven::Version::VERSION_PATTERN})\\s*"
       PATTERN = /\A#{PATTERN_RAW}\z/.freeze
@@ -46,7 +47,9 @@ module Dependabot
       private
 
       def self.split_java_requirement(req_string)
-        req_string.split(/(?<=\]|\)),/).flat_map do |str|
+        return [req_string] unless req_string.match?(OR_SYNTAX)
+
+        req_string.split(OR_SYNTAX).flat_map do |str|
           next str if str.start_with?("(", "[")
 
           exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
           raise "Can't convert multiple Java reqs to a single Ruby one"
         end
 
-        return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
-
-        convert_java_equals_req_to_ruby(req_string)
+        # NOTE: Support ruby-style version requirements that are created from
+        # PR ignore conditions
+        version_reqs = req_string.split(",").map(&:strip)
+        if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
+          convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
+        else
+          version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
+        end
       end
 
       def convert_java_range_to_ruby_range(req_string)
@@ -95,10 +103,11 @@ module Dependabot
       end
 
       def convert_wildcard_req(req_string)
-        version = req_string.gsub(/(?:\.|^)\+/, "")
-        return ">= 0" if version.empty?
+        version = req_string.split("+").first
+        return ">= 0" if version.nil? || version.empty?
 
-        "~> #{version}.0"
+        version += "0" if version.end_with?(".")
+        "~> #{version}"
       end
     end
   end

data/lib/dependabot/maven/update_checker/version_finder.rb

@@ -14,8 +14,6 @@ module Dependabot
       class VersionFinder
         TYPE_SUFFICES = %w(jre android java).freeze
 
-        MAVEN_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
-
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, security_advisories:,
                        raise_on_ignored: false)
@@ -95,10 +93,10 @@ module Dependabot
           filtered = possible_versions
 
           ignored_versions.each do |req|
-            ignore_req = Maven::Requirement.new(parse_requirement_string(req))
+            ignore_requirements = Maven::Requirement.requirements_array(req)
             filtered =
               filtered.
-              reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+              reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
           end
 
           raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -106,12 +104,6 @@ module Dependabot
           filtered
         end
 
-        def parse_requirement_string(string)
-          return string if string.match?(MAVEN_RANGE_REGEX)
-
-          string.split(",").map(&:strip)
-        end
-
         def filter_vulnerable_versions(possible_versions)
           versions_array = possible_versions
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.141.0
+  version: 0.143.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-12 00:00:00.000000000 Z
+date: 2021-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.0
+        version: 0.143.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.0
+        version: 0.143.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Maven support for dependabot