dependabot-maven 0.141.1 → 0.143.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fb530a1c8378e43ace00ea44e5f683ee64142c696f628c57830574e352097bd
-  data.tar.gz: cf0777299e97975ea4ce97ba926608346d11f003ec01fec6e5e3a19c8936fdf8
+  metadata.gz: 16fd9bc66bd0adf75ddf046b3c3d16a62eb23129bd3125ffee8c0cf874567153
+  data.tar.gz: 731a3832bc1433f5ca981ab0d20a02d81ccd22c9750178afc2175e76a6ed125c
 SHA512:
-  metadata.gz: 9acafa33468546c704a6118ed35837832341a5d928f18dcfa2638c29828d66a2fc880e93cdc2c42a944e3ec01405b6a6922819ac759ede0687498dc42399a975
-  data.tar.gz: 9017b597915608f49972db123e5dc655b3f28ceee1fff1bb44eced063786b97ff37cb9f0b9af57882b6be48802eb2555381517e262c7dbdaac2a1eccd3f0b2d3
+  metadata.gz: e6d17ebf6c3b84d430cdd1bae7f7ec2a8e2f1f0bf5805c012082b960fda9172e8a466fd2264d25b52c198dcc9b7e9f484ac704289dc143a819a49e4afe12b768
+  data.tar.gz: bd6887791bdccb84c820077f7ecece2d4d9673a5123d4e42e9910ab2dcd7165ad568cebbd918dd1fa78afbef35a00ac5bc18216764ca43361c58021648e2adc5

data/lib/dependabot/maven/requirement.rb

@@ -7,6 +7,7 @@ module Dependabot
   module Maven
     class Requirement < Gem::Requirement
       quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
+      OR_SYNTAX = /(?<=\]|\)),/.freeze
       PATTERN_RAW =
         "\\s*(#{quoted})?\\s*(#{Maven::Version::VERSION_PATTERN})\\s*"
       PATTERN = /\A#{PATTERN_RAW}\z/.freeze
@@ -46,7 +47,9 @@ module Dependabot
       private
 
       def self.split_java_requirement(req_string)
-        req_string.split(/(?<=\]|\)),/).flat_map do |str|
+        return [req_string] unless req_string.match?(OR_SYNTAX)
+
+        req_string.split(OR_SYNTAX).flat_map do |str|
           next str if str.start_with?("(", "[")
 
           exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
           raise "Can't convert multiple Java reqs to a single Ruby one"
         end
 
-        return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
-
-        convert_java_equals_req_to_ruby(req_string)
+        # NOTE: Support ruby-style version requirements that are created from
+        # PR ignore conditions
+        version_reqs = req_string.split(",").map(&:strip)
+        if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
+          convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
+        else
+          version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
+        end
       end
 
       def convert_java_range_to_ruby_range(req_string)
@@ -95,10 +103,11 @@ module Dependabot
       end
 
       def convert_wildcard_req(req_string)
-        version = req_string.gsub(/(?:\.|^)\+/, "")
-        return ">= 0" if version.empty?
+        version = req_string.split("+").first
+        return ">= 0" if version.nil? || version.empty?
 
-        "~> #{version}.0"
+        version += "0" if version.end_with?(".")
+        "~> #{version}"
       end
     end
   end

data/lib/dependabot/maven/update_checker/version_finder.rb

@@ -14,8 +14,6 @@ module Dependabot
       class VersionFinder
         TYPE_SUFFICES = %w(jre android java).freeze
 
-        MAVEN_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
-
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, security_advisories:,
                        raise_on_ignored: false)
@@ -95,10 +93,10 @@ module Dependabot
           filtered = possible_versions
 
           ignored_versions.each do |req|
-            ignore_req = Maven::Requirement.new(parse_requirement_string(req))
+            ignore_requirements = Maven::Requirement.requirements_array(req)
             filtered =
               filtered.
-              reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+              reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
           end
 
           raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -106,12 +104,6 @@ module Dependabot
           filtered
         end
 
-        def parse_requirement_string(string)
-          return string if string.match?(MAVEN_RANGE_REGEX)
-
-          string.split(",").map(&:strip)
-        end
-
         def filter_vulnerable_versions(possible_versions)
           versions_array = possible_versions
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.141.1
+  version: 0.143.2
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-13 00:00:00.000000000 Z
+date: 2021-04-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.1
+        version: 0.143.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.1
+        version: 0.143.2
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.12.0
+        version: 1.13.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.5.0
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key: 
 specification_version: 4
 summary: Maven support for dependabot