dependabot-maven 0.273.0 → 0.275.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f08c5e84b1da70a3eff170ddc26f9a0689289f6af5f946e8c24abce650abcb1b
4
- data.tar.gz: 66700800b05beb9203efea9a988d257750d77b9a2d8a3292d3e33705f71f6b6b
3
+ metadata.gz: 34e834338532d9b5075b9da8b125fd68ab0c799b626d20ba78c68f6a7caec872
4
+ data.tar.gz: 4847822f6792330975b50649d4bc62c695dff89273546f2e40147423fe85a266
5
5
  SHA512:
6
- metadata.gz: 92f7317b42482d14f9925ac02875e01f31d5829213f941a5ad304c663efd1d9a3a8b352e8fb3f78d959f7f9443524004ee47e10f3868029a7dffeb14ac5ad43c
7
- data.tar.gz: 3ec8922cb53fc85dd657c2f23557349c240154887339b7dee95ec1ad24d9e508c95555f332dba5f0d38a6200d32f62b096f832fa37d965dcc3c19de9dbc03435
6
+ metadata.gz: 642aacea8f45cee1f8ff1ed81c91c96569a2334895587bf57480dd2b283cad662c7e376759f51b70958df3e4f0267d0801e215d7e4c45033c788c63d225495a3
7
+ data.tar.gz: d0b825961255e3ed2acc27f3e8b735598ba2e24830438d1c4cd00eaabb6202d6f29989a683983efee2b6cc6cf1304f69cabf177db04300d585eebb0f5c851e3b
@@ -0,0 +1,71 @@
1
+ # typed: strict
2
+ # frozen_string_literal: true
3
+
4
+ require "dependabot/maven/version_parser"
5
+ require "dependabot/version"
6
+ require "dependabot/utils"
7
+
8
+ # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
9
+
10
+ module Dependabot
11
+ module Maven
12
+ class NewVersion
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
16
+ PRERELEASE_QUALIFIERS = T.let([
17
+ Dependabot::Maven::VersionParser::ALPHA,
18
+ Dependabot::Maven::VersionParser::BETA,
19
+ Dependabot::Maven::VersionParser::MILESTONE,
20
+ Dependabot::Maven::VersionParser::RC,
21
+ Dependabot::Maven::VersionParser::SNAPSHOT
22
+ ].freeze, T::Array[Integer])
23
+
24
+ sig { returns(Dependabot::Maven::TokenBucket) }
25
+ attr_accessor :token_bucket
26
+
27
+ sig { params(version: String).returns(T::Boolean) }
28
+ def self.correct?(version)
29
+ return false if version.empty?
30
+
31
+ Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
32
+ rescue Dependabot::BadRequirementError
33
+ Dependabot.logger.info("Malformed version string - #{version}")
34
+ false
35
+ end
36
+
37
+ sig { params(version: String).void }
38
+ def initialize(version)
39
+ @version_string = T.let(version, String)
40
+ @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
41
+ end
42
+
43
+ sig { returns(String) }
44
+ def inspect
45
+ "#<#{self.class} #{version_string}>"
46
+ end
47
+
48
+ sig { returns(String) }
49
+ def to_s
50
+ version_string
51
+ end
52
+
53
+ sig { returns(T::Boolean) }
54
+ def prerelease?
55
+ token_bucket.to_a.flatten.any? do |token|
56
+ token.is_a?(Integer) && token.negative?
57
+ end
58
+ end
59
+
60
+ sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
61
+ def <=>(other)
62
+ T.must(token_bucket <=> other.token_bucket)
63
+ end
64
+
65
+ private
66
+
67
+ sig { returns(String) }
68
+ attr_reader :version_string
69
+ end
70
+ end
71
+ end
@@ -0,0 +1,99 @@
1
+ # typed: strong
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "dependabot/maven/version_parser"
6
+
7
+ # See https://maven.apache.org/pom.html#Version_Order_Specification for details
8
+ #
9
+ module Dependabot
10
+ module Maven
11
+ class TokenBucket < T::Struct
12
+ extend T::Sig
13
+ extend T::Helpers
14
+ include Comparable
15
+
16
+ prop :tokens, T::Array[T.untyped]
17
+ prop :addition, T.nilable(TokenBucket)
18
+
19
+ sig { returns(T::Array[T.untyped]) }
20
+ def to_a
21
+ return tokens if addition.nil?
22
+
23
+ tokens.clone.append(addition.to_a)
24
+ end
25
+
26
+ sig { params(other: TokenBucket).returns(T.nilable(Integer)) }
27
+ def <=>(other)
28
+ cmp = compare_tokens(tokens, other.tokens)
29
+ return cmp unless cmp&.zero?
30
+
31
+ compare_additions(addition, other.addition)
32
+ end
33
+
34
+ sig do
35
+ params(
36
+ first: T::Array[T.any(String, Integer)],
37
+ second: T::Array[T.any(String, Integer)]
38
+ ).returns(T.nilable(Integer))
39
+ end
40
+ def compare_tokens(first, second)
41
+ max_idx = [first.size, second.size].max - 1
42
+ (0..max_idx).each do |idx|
43
+ cmp = compare_token_pair(first[idx], second[idx])
44
+ return cmp unless T.must(cmp).zero?
45
+ end
46
+ 0
47
+ end
48
+
49
+ sig do
50
+ params(
51
+ first: T.nilable(T.any(String, Integer)),
52
+ second: T.nilable(T.any(String, Integer))
53
+ ).returns(T.nilable(Integer))
54
+ end
55
+ def compare_token_pair(first = 0, second = 0) # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
56
+ first ||= 0
57
+ second ||= 0
58
+
59
+ if first.is_a?(Integer) && second.is_a?(String)
60
+ return first <= 0 ? -1 : 1
61
+ end
62
+
63
+ if first.is_a?(String) && second.is_a?(Integer)
64
+ return second <= 0 ? 1 : -1
65
+ end
66
+
67
+ if first == Dependabot::Maven::VersionParser::SP &&
68
+ second.is_a?(String) && second != Dependabot::Maven::VersionParser::SP
69
+ return -1
70
+ end
71
+
72
+ if second == Dependabot::Maven::VersionParser::SP &&
73
+ first.is_a?(String) && first != Dependabot::Maven::VersionParser::SP
74
+ return 1
75
+ end
76
+
77
+ if first.is_a?(Integer) && second.is_a?(Integer)
78
+ first <=> second
79
+ elsif first.is_a?(String) && second.is_a?(String)
80
+ first <=> second
81
+ end
82
+ end
83
+
84
+ sig do
85
+ params(first: T.nilable(TokenBucket), second: T.nilable(TokenBucket)).returns(T.nilable(Integer))
86
+ end
87
+ def compare_additions(first, second)
88
+ return 0 if first.nil? && second.nil?
89
+
90
+ (first || empty_addition) <=> (second || empty_addition)
91
+ end
92
+
93
+ sig { returns(TokenBucket) }
94
+ def empty_addition
95
+ TokenBucket.new(tokens: [])
96
+ end
97
+ end
98
+ end
99
+ end
@@ -0,0 +1,139 @@
1
+ # typed: strict
2
+ # frozen_string_literal: true
3
+
4
+ require "sorbet-runtime"
5
+ require "strscan"
6
+ require "dependabot/maven/token_bucket"
7
+
8
+ # See https://maven.apache.org/pom.html#Version_Order_Specification for details
9
+ #
10
+ module Dependabot
11
+ module Maven
12
+ class VersionParser
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
16
+ ALPHA = -5
17
+ BETA = -4
18
+ MILESTONE = -3
19
+ RC = -2
20
+ SNAPSHOT = -1
21
+ SP = "sp"
22
+
23
+ sig { params(version: T.nilable(String)).returns(TokenBucket) }
24
+ def self.parse(version)
25
+ raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
26
+ raise BadRequirementError, "Malformed version string - string is empty" if version.empty?
27
+
28
+ new(version).parse
29
+ end
30
+
31
+ sig { params(version: String).void }
32
+ def initialize(version)
33
+ @version = version
34
+ @token_bucket = T.let(TokenBucket.new(tokens: []), T.nilable(TokenBucket))
35
+ @parse_result = T.let(@token_bucket, T.nilable(TokenBucket))
36
+ @scanner = T.let(StringScanner.new(version.downcase), StringScanner)
37
+ end
38
+
39
+ sig { returns(TokenBucket) }
40
+ def parse
41
+ parse_version(false)
42
+
43
+ # no tokens: version is just one of the tokens we split on e.g '.' or '-'
44
+ raise BadRequirementError, "Malformed version string - #{version}" if parse_result.to_a.empty?
45
+
46
+ T.must(parse_result)
47
+ end
48
+
49
+ private
50
+
51
+ sig { returns(StringScanner) }
52
+ attr_reader :scanner
53
+
54
+ sig { returns(String) }
55
+ attr_reader :version
56
+
57
+ sig { returns(T.nilable(TokenBucket)) }
58
+ attr_reader :parse_result
59
+
60
+ sig { params(token: T.nilable(T.any(String, Integer))).void }
61
+ def parse_addition(token = nil)
62
+ @token_bucket&.addition = TokenBucket.new(tokens: [token].compact)
63
+ @token_bucket = @token_bucket&.addition
64
+
65
+ scanner.skip(/-+/)
66
+ parse_version(true)
67
+ end
68
+
69
+ sig { params(number_begins_partition: T.nilable(T::Boolean)).void }
70
+ def parse_version(number_begins_partition) # rubocop:disable Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/PerceivedComplexity
71
+ # skip leading v if any
72
+ scanner.skip(/v/)
73
+
74
+ until scanner.eos?
75
+ if (s = scanner.scan(/\d+/))
76
+ if number_begins_partition
77
+ parse_addition(s.to_i)
78
+ else
79
+ T.must(@token_bucket).tokens << s.to_i
80
+ end
81
+
82
+ elsif (s = scanner.match?(/a\d+/))
83
+ # aN is equivalent to alpha-N
84
+ scanner.skip("a")
85
+ parse_addition(ALPHA)
86
+
87
+ elsif (s = scanner.match?(/b\d+/))
88
+ # bN is equivalent to beta-N
89
+ scanner.skip("b")
90
+ parse_addition(BETA)
91
+
92
+ elsif (s = scanner.match?(/m\d+/))
93
+ # mN is equivalent to milestone-N
94
+ scanner.skip("m")
95
+ parse_addition(MILESTONE)
96
+
97
+ elsif (s = scanner.scan(/(alpha|beta|milestone|rc|cr|sp|ga|final|release|snapshot)[a-z]+/))
98
+ # process "alpha" and others as normal lexical tokens if they're followed by a letter
99
+ parse_addition(s)
100
+
101
+ elsif (s = scanner.scan("alpha"))
102
+ # handle alphaN, alpha-X, alpha.X, or ending alpha
103
+ parse_addition(ALPHA)
104
+
105
+ elsif (s = scanner.scan("beta"))
106
+ parse_addition(BETA)
107
+ elsif (s = scanner.scan("milestone"))
108
+ parse_addition(MILESTONE)
109
+
110
+ elsif (s = scanner.scan(/(rc|cr)/))
111
+ parse_addition(RC)
112
+
113
+ elsif (s = scanner.scan("snapshot"))
114
+ parse_addition(SNAPSHOT)
115
+
116
+ elsif (s = scanner.scan(/ga|final|release/))
117
+ parse_addition
118
+
119
+ elsif (s = scanner.scan("sp"))
120
+ parse_addition(SP)
121
+
122
+ # `+` is parsed as an addition as stated in maven version spec
123
+ elsif (s = scanner.scan(/[a-z_+]+/))
124
+ parse_addition(s)
125
+
126
+ elsif (s = scanner.scan("."))
127
+ number_begins_partition = false
128
+
129
+ elsif (s = scanner.scan("-"))
130
+ number_begins_partition = true
131
+
132
+ else
133
+ raise BadRequirementError, "Malformed version string - #{version}"
134
+ end
135
+ end
136
+ end
137
+ end
138
+ end
139
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.273.0
4
+ version: 0.275.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-29 00:00:00.000000000 Z
11
+ date: 2024-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.273.0
19
+ version: 0.275.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.273.0
26
+ version: 0.275.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -252,19 +252,22 @@ files:
252
252
  - lib/dependabot/maven/file_updater/declaration_finder.rb
253
253
  - lib/dependabot/maven/file_updater/property_value_updater.rb
254
254
  - lib/dependabot/maven/metadata_finder.rb
255
+ - lib/dependabot/maven/new_version.rb
255
256
  - lib/dependabot/maven/requirement.rb
257
+ - lib/dependabot/maven/token_bucket.rb
256
258
  - lib/dependabot/maven/update_checker.rb
257
259
  - lib/dependabot/maven/update_checker/property_updater.rb
258
260
  - lib/dependabot/maven/update_checker/requirements_updater.rb
259
261
  - lib/dependabot/maven/update_checker/version_finder.rb
260
262
  - lib/dependabot/maven/utils/auth_headers_finder.rb
261
263
  - lib/dependabot/maven/version.rb
264
+ - lib/dependabot/maven/version_parser.rb
262
265
  homepage: https://github.com/dependabot/dependabot-core
263
266
  licenses:
264
267
  - MIT
265
268
  metadata:
266
269
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
267
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.273.0
270
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
268
271
  post_install_message:
269
272
  rdoc_options: []
270
273
  require_paths: