dependabot-maven 0.142.1 → 0.143.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b0dda89c54d1009061768bd30fefb3c3a89b857531f82e2b83f00bd418868b17
4
- data.tar.gz: 5707c57ed18a85f120c239c4b4790643bec81423f2d83a9a901f101a3a926eb0
3
+ metadata.gz: b6ba15a30cef12b3184f76cd36d608f68b6cebb3b35ddf9ec93599b76161c749
4
+ data.tar.gz: 476db8c4673362439e876ebe60fcc1b34531f1e3616c05c0de64ec6d1004cf77
5
5
  SHA512:
6
- metadata.gz: 97324b29b6eb06f883fa281626929f5b7619bdf47cc8f362b91880951b2e4609482bb62b5faa7a007834e54e90be111aa48dac7f454efdcd9637ff2ec08b2995
7
- data.tar.gz: c21caa8d4f49150f18de90bd88de20a0bbd46999389b5fd19c3dc4b019b29dcac5900f8037e78d0ae6abbf3fda357245103ed5f2271cb64e184cf2d2e6d1e6a7
6
+ metadata.gz: 305fad03523eca3849401185afe1e2b5b80337fe911069a03907818b106b6cdb4411bd2c1c08f1a4a6868a8170bdf225cba5b4d001856523916cab30804f5d19
7
+ data.tar.gz: e45855789e4c857ed4501db481920b101a9282c7417b6766707b353b04b6e7c1dc163458e7f717af0a634c5dc7c66c56410807ed19e943e604bb1523ef441379
@@ -7,6 +7,7 @@ module Dependabot
7
7
  module Maven
8
8
  class Requirement < Gem::Requirement
9
9
  quoted = OPS.keys.map { |k| Regexp.quote k }.join("|")
10
+ OR_SYNTAX = /(?<=\]|\)),/.freeze
10
11
  PATTERN_RAW =
11
12
  "\\s*(#{quoted})?\\s*(#{Maven::Version::VERSION_PATTERN})\\s*"
12
13
  PATTERN = /\A#{PATTERN_RAW}\z/.freeze
@@ -46,7 +47,9 @@ module Dependabot
46
47
  private
47
48
 
48
49
  def self.split_java_requirement(req_string)
49
- req_string.split(/(?<=\]|\)),/).flat_map do |str|
50
+ return [req_string] unless req_string.match?(OR_SYNTAX)
51
+
52
+ req_string.split(OR_SYNTAX).flat_map do |str|
50
53
  next str if str.start_with?("(", "[")
51
54
 
52
55
  exacts, *rest = str.split(/,(?=\[|\()/)
@@ -62,9 +65,14 @@ module Dependabot
62
65
  raise "Can't convert multiple Java reqs to a single Ruby one"
63
66
  end
64
67
 
65
- return convert_java_range_to_ruby_range(req_string) if req_string&.include?(",")
66
-
67
- convert_java_equals_req_to_ruby(req_string)
68
+ # NOTE: Support ruby-style version requirements that are created from
69
+ # PR ignore conditions
70
+ version_reqs = req_string.split(",").map(&:strip)
71
+ if req_string.include?(",") && !version_reqs.all? { |s| PATTERN.match?(s) }
72
+ convert_java_range_to_ruby_range(req_string) if req_string.include?(",")
73
+ else
74
+ version_reqs.map { |r| convert_java_equals_req_to_ruby(r) }
75
+ end
68
76
  end
69
77
 
70
78
  def convert_java_range_to_ruby_range(req_string)
@@ -95,10 +103,11 @@ module Dependabot
95
103
  end
96
104
 
97
105
  def convert_wildcard_req(req_string)
98
- version = req_string.gsub(/(?:\.|^)\+/, "")
99
- return ">= 0" if version.empty?
106
+ version = req_string.split("+").first
107
+ return ">= 0" if version.nil? || version.empty?
100
108
 
101
- "~> #{version}.0"
109
+ version += "0" if version.end_with?(".")
110
+ "~> #{version}"
102
111
  end
103
112
  end
104
113
  end
@@ -14,8 +14,6 @@ module Dependabot
14
14
  class VersionFinder
15
15
  TYPE_SUFFICES = %w(jre android java).freeze
16
16
 
17
- MAVEN_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
18
-
19
17
  def initialize(dependency:, dependency_files:, credentials:,
20
18
  ignored_versions:, security_advisories:,
21
19
  raise_on_ignored: false)
@@ -95,10 +93,10 @@ module Dependabot
95
93
  filtered = possible_versions
96
94
 
97
95
  ignored_versions.each do |req|
98
- ignore_req = Maven::Requirement.new(parse_requirement_string(req))
96
+ ignore_requirements = Maven::Requirement.requirements_array(req)
99
97
  filtered =
100
98
  filtered.
101
- reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
99
+ reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
102
100
  end
103
101
 
104
102
  raise AllVersionsIgnored if @raise_on_ignored && filtered.empty? && possible_versions.any?
@@ -106,12 +104,6 @@ module Dependabot
106
104
  filtered
107
105
  end
108
106
 
109
- def parse_requirement_string(string)
110
- return string if string.match?(MAVEN_RANGE_REGEX)
111
-
112
- string.split(",").map(&:strip)
113
- end
114
-
115
107
  def filter_vulnerable_versions(possible_versions)
116
108
  versions_array = possible_versions
117
109
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.142.1
4
+ version: 0.143.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-16 00:00:00.000000000 Z
11
+ date: 2021-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.142.1
19
+ version: 0.143.4
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.142.1
26
+ version: 0.143.4
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.12.0
103
+ version: 1.13.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.12.0
110
+ version: 1.13.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement