dependabot-maven 0.273.0 → 0.275.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/maven/new_version.rb +71 -0
- data/lib/dependabot/maven/token_bucket.rb +99 -0
- data/lib/dependabot/maven/version_parser.rb +139 -0
- metadata +8 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 34e834338532d9b5075b9da8b125fd68ab0c799b626d20ba78c68f6a7caec872
|
4
|
+
data.tar.gz: 4847822f6792330975b50649d4bc62c695dff89273546f2e40147423fe85a266
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 642aacea8f45cee1f8ff1ed81c91c96569a2334895587bf57480dd2b283cad662c7e376759f51b70958df3e4f0267d0801e215d7e4c45033c788c63d225495a3
|
7
|
+
data.tar.gz: d0b825961255e3ed2acc27f3e8b735598ba2e24830438d1c4cd00eaabb6202d6f29989a683983efee2b6cc6cf1304f69cabf177db04300d585eebb0f5c851e3b
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# typed: strict
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "dependabot/maven/version_parser"
|
5
|
+
require "dependabot/version"
|
6
|
+
require "dependabot/utils"
|
7
|
+
|
8
|
+
# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
|
9
|
+
|
10
|
+
module Dependabot
|
11
|
+
module Maven
|
12
|
+
class NewVersion
|
13
|
+
extend T::Sig
|
14
|
+
extend T::Helpers
|
15
|
+
|
16
|
+
PRERELEASE_QUALIFIERS = T.let([
|
17
|
+
Dependabot::Maven::VersionParser::ALPHA,
|
18
|
+
Dependabot::Maven::VersionParser::BETA,
|
19
|
+
Dependabot::Maven::VersionParser::MILESTONE,
|
20
|
+
Dependabot::Maven::VersionParser::RC,
|
21
|
+
Dependabot::Maven::VersionParser::SNAPSHOT
|
22
|
+
].freeze, T::Array[Integer])
|
23
|
+
|
24
|
+
sig { returns(Dependabot::Maven::TokenBucket) }
|
25
|
+
attr_accessor :token_bucket
|
26
|
+
|
27
|
+
sig { params(version: String).returns(T::Boolean) }
|
28
|
+
def self.correct?(version)
|
29
|
+
return false if version.empty?
|
30
|
+
|
31
|
+
Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
|
32
|
+
rescue Dependabot::BadRequirementError
|
33
|
+
Dependabot.logger.info("Malformed version string - #{version}")
|
34
|
+
false
|
35
|
+
end
|
36
|
+
|
37
|
+
sig { params(version: String).void }
|
38
|
+
def initialize(version)
|
39
|
+
@version_string = T.let(version, String)
|
40
|
+
@token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
|
41
|
+
end
|
42
|
+
|
43
|
+
sig { returns(String) }
|
44
|
+
def inspect
|
45
|
+
"#<#{self.class} #{version_string}>"
|
46
|
+
end
|
47
|
+
|
48
|
+
sig { returns(String) }
|
49
|
+
def to_s
|
50
|
+
version_string
|
51
|
+
end
|
52
|
+
|
53
|
+
sig { returns(T::Boolean) }
|
54
|
+
def prerelease?
|
55
|
+
token_bucket.to_a.flatten.any? do |token|
|
56
|
+
token.is_a?(Integer) && token.negative?
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
|
61
|
+
def <=>(other)
|
62
|
+
T.must(token_bucket <=> other.token_bucket)
|
63
|
+
end
|
64
|
+
|
65
|
+
private
|
66
|
+
|
67
|
+
sig { returns(String) }
|
68
|
+
attr_reader :version_string
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,99 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
require "dependabot/maven/version_parser"
|
6
|
+
|
7
|
+
# See https://maven.apache.org/pom.html#Version_Order_Specification for details
|
8
|
+
#
|
9
|
+
module Dependabot
|
10
|
+
module Maven
|
11
|
+
class TokenBucket < T::Struct
|
12
|
+
extend T::Sig
|
13
|
+
extend T::Helpers
|
14
|
+
include Comparable
|
15
|
+
|
16
|
+
prop :tokens, T::Array[T.untyped]
|
17
|
+
prop :addition, T.nilable(TokenBucket)
|
18
|
+
|
19
|
+
sig { returns(T::Array[T.untyped]) }
|
20
|
+
def to_a
|
21
|
+
return tokens if addition.nil?
|
22
|
+
|
23
|
+
tokens.clone.append(addition.to_a)
|
24
|
+
end
|
25
|
+
|
26
|
+
sig { params(other: TokenBucket).returns(T.nilable(Integer)) }
|
27
|
+
def <=>(other)
|
28
|
+
cmp = compare_tokens(tokens, other.tokens)
|
29
|
+
return cmp unless cmp&.zero?
|
30
|
+
|
31
|
+
compare_additions(addition, other.addition)
|
32
|
+
end
|
33
|
+
|
34
|
+
sig do
|
35
|
+
params(
|
36
|
+
first: T::Array[T.any(String, Integer)],
|
37
|
+
second: T::Array[T.any(String, Integer)]
|
38
|
+
).returns(T.nilable(Integer))
|
39
|
+
end
|
40
|
+
def compare_tokens(first, second)
|
41
|
+
max_idx = [first.size, second.size].max - 1
|
42
|
+
(0..max_idx).each do |idx|
|
43
|
+
cmp = compare_token_pair(first[idx], second[idx])
|
44
|
+
return cmp unless T.must(cmp).zero?
|
45
|
+
end
|
46
|
+
0
|
47
|
+
end
|
48
|
+
|
49
|
+
sig do
|
50
|
+
params(
|
51
|
+
first: T.nilable(T.any(String, Integer)),
|
52
|
+
second: T.nilable(T.any(String, Integer))
|
53
|
+
).returns(T.nilable(Integer))
|
54
|
+
end
|
55
|
+
def compare_token_pair(first = 0, second = 0) # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
|
56
|
+
first ||= 0
|
57
|
+
second ||= 0
|
58
|
+
|
59
|
+
if first.is_a?(Integer) && second.is_a?(String)
|
60
|
+
return first <= 0 ? -1 : 1
|
61
|
+
end
|
62
|
+
|
63
|
+
if first.is_a?(String) && second.is_a?(Integer)
|
64
|
+
return second <= 0 ? 1 : -1
|
65
|
+
end
|
66
|
+
|
67
|
+
if first == Dependabot::Maven::VersionParser::SP &&
|
68
|
+
second.is_a?(String) && second != Dependabot::Maven::VersionParser::SP
|
69
|
+
return -1
|
70
|
+
end
|
71
|
+
|
72
|
+
if second == Dependabot::Maven::VersionParser::SP &&
|
73
|
+
first.is_a?(String) && first != Dependabot::Maven::VersionParser::SP
|
74
|
+
return 1
|
75
|
+
end
|
76
|
+
|
77
|
+
if first.is_a?(Integer) && second.is_a?(Integer)
|
78
|
+
first <=> second
|
79
|
+
elsif first.is_a?(String) && second.is_a?(String)
|
80
|
+
first <=> second
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
sig do
|
85
|
+
params(first: T.nilable(TokenBucket), second: T.nilable(TokenBucket)).returns(T.nilable(Integer))
|
86
|
+
end
|
87
|
+
def compare_additions(first, second)
|
88
|
+
return 0 if first.nil? && second.nil?
|
89
|
+
|
90
|
+
(first || empty_addition) <=> (second || empty_addition)
|
91
|
+
end
|
92
|
+
|
93
|
+
sig { returns(TokenBucket) }
|
94
|
+
def empty_addition
|
95
|
+
TokenBucket.new(tokens: [])
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
@@ -0,0 +1,139 @@
|
|
1
|
+
# typed: strict
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
require "strscan"
|
6
|
+
require "dependabot/maven/token_bucket"
|
7
|
+
|
8
|
+
# See https://maven.apache.org/pom.html#Version_Order_Specification for details
|
9
|
+
#
|
10
|
+
module Dependabot
|
11
|
+
module Maven
|
12
|
+
class VersionParser
|
13
|
+
extend T::Sig
|
14
|
+
extend T::Helpers
|
15
|
+
|
16
|
+
ALPHA = -5
|
17
|
+
BETA = -4
|
18
|
+
MILESTONE = -3
|
19
|
+
RC = -2
|
20
|
+
SNAPSHOT = -1
|
21
|
+
SP = "sp"
|
22
|
+
|
23
|
+
sig { params(version: T.nilable(String)).returns(TokenBucket) }
|
24
|
+
def self.parse(version)
|
25
|
+
raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
|
26
|
+
raise BadRequirementError, "Malformed version string - string is empty" if version.empty?
|
27
|
+
|
28
|
+
new(version).parse
|
29
|
+
end
|
30
|
+
|
31
|
+
sig { params(version: String).void }
|
32
|
+
def initialize(version)
|
33
|
+
@version = version
|
34
|
+
@token_bucket = T.let(TokenBucket.new(tokens: []), T.nilable(TokenBucket))
|
35
|
+
@parse_result = T.let(@token_bucket, T.nilable(TokenBucket))
|
36
|
+
@scanner = T.let(StringScanner.new(version.downcase), StringScanner)
|
37
|
+
end
|
38
|
+
|
39
|
+
sig { returns(TokenBucket) }
|
40
|
+
def parse
|
41
|
+
parse_version(false)
|
42
|
+
|
43
|
+
# no tokens: version is just one of the tokens we split on e.g '.' or '-'
|
44
|
+
raise BadRequirementError, "Malformed version string - #{version}" if parse_result.to_a.empty?
|
45
|
+
|
46
|
+
T.must(parse_result)
|
47
|
+
end
|
48
|
+
|
49
|
+
private
|
50
|
+
|
51
|
+
sig { returns(StringScanner) }
|
52
|
+
attr_reader :scanner
|
53
|
+
|
54
|
+
sig { returns(String) }
|
55
|
+
attr_reader :version
|
56
|
+
|
57
|
+
sig { returns(T.nilable(TokenBucket)) }
|
58
|
+
attr_reader :parse_result
|
59
|
+
|
60
|
+
sig { params(token: T.nilable(T.any(String, Integer))).void }
|
61
|
+
def parse_addition(token = nil)
|
62
|
+
@token_bucket&.addition = TokenBucket.new(tokens: [token].compact)
|
63
|
+
@token_bucket = @token_bucket&.addition
|
64
|
+
|
65
|
+
scanner.skip(/-+/)
|
66
|
+
parse_version(true)
|
67
|
+
end
|
68
|
+
|
69
|
+
sig { params(number_begins_partition: T.nilable(T::Boolean)).void }
|
70
|
+
def parse_version(number_begins_partition) # rubocop:disable Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/PerceivedComplexity
|
71
|
+
# skip leading v if any
|
72
|
+
scanner.skip(/v/)
|
73
|
+
|
74
|
+
until scanner.eos?
|
75
|
+
if (s = scanner.scan(/\d+/))
|
76
|
+
if number_begins_partition
|
77
|
+
parse_addition(s.to_i)
|
78
|
+
else
|
79
|
+
T.must(@token_bucket).tokens << s.to_i
|
80
|
+
end
|
81
|
+
|
82
|
+
elsif (s = scanner.match?(/a\d+/))
|
83
|
+
# aN is equivalent to alpha-N
|
84
|
+
scanner.skip("a")
|
85
|
+
parse_addition(ALPHA)
|
86
|
+
|
87
|
+
elsif (s = scanner.match?(/b\d+/))
|
88
|
+
# bN is equivalent to beta-N
|
89
|
+
scanner.skip("b")
|
90
|
+
parse_addition(BETA)
|
91
|
+
|
92
|
+
elsif (s = scanner.match?(/m\d+/))
|
93
|
+
# mN is equivalent to milestone-N
|
94
|
+
scanner.skip("m")
|
95
|
+
parse_addition(MILESTONE)
|
96
|
+
|
97
|
+
elsif (s = scanner.scan(/(alpha|beta|milestone|rc|cr|sp|ga|final|release|snapshot)[a-z]+/))
|
98
|
+
# process "alpha" and others as normal lexical tokens if they're followed by a letter
|
99
|
+
parse_addition(s)
|
100
|
+
|
101
|
+
elsif (s = scanner.scan("alpha"))
|
102
|
+
# handle alphaN, alpha-X, alpha.X, or ending alpha
|
103
|
+
parse_addition(ALPHA)
|
104
|
+
|
105
|
+
elsif (s = scanner.scan("beta"))
|
106
|
+
parse_addition(BETA)
|
107
|
+
elsif (s = scanner.scan("milestone"))
|
108
|
+
parse_addition(MILESTONE)
|
109
|
+
|
110
|
+
elsif (s = scanner.scan(/(rc|cr)/))
|
111
|
+
parse_addition(RC)
|
112
|
+
|
113
|
+
elsif (s = scanner.scan("snapshot"))
|
114
|
+
parse_addition(SNAPSHOT)
|
115
|
+
|
116
|
+
elsif (s = scanner.scan(/ga|final|release/))
|
117
|
+
parse_addition
|
118
|
+
|
119
|
+
elsif (s = scanner.scan("sp"))
|
120
|
+
parse_addition(SP)
|
121
|
+
|
122
|
+
# `+` is parsed as an addition as stated in maven version spec
|
123
|
+
elsif (s = scanner.scan(/[a-z_+]+/))
|
124
|
+
parse_addition(s)
|
125
|
+
|
126
|
+
elsif (s = scanner.scan("."))
|
127
|
+
number_begins_partition = false
|
128
|
+
|
129
|
+
elsif (s = scanner.scan("-"))
|
130
|
+
number_begins_partition = true
|
131
|
+
|
132
|
+
else
|
133
|
+
raise BadRequirementError, "Malformed version string - #{version}"
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.275.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-09-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.275.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.275.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -252,19 +252,22 @@ files:
|
|
252
252
|
- lib/dependabot/maven/file_updater/declaration_finder.rb
|
253
253
|
- lib/dependabot/maven/file_updater/property_value_updater.rb
|
254
254
|
- lib/dependabot/maven/metadata_finder.rb
|
255
|
+
- lib/dependabot/maven/new_version.rb
|
255
256
|
- lib/dependabot/maven/requirement.rb
|
257
|
+
- lib/dependabot/maven/token_bucket.rb
|
256
258
|
- lib/dependabot/maven/update_checker.rb
|
257
259
|
- lib/dependabot/maven/update_checker/property_updater.rb
|
258
260
|
- lib/dependabot/maven/update_checker/requirements_updater.rb
|
259
261
|
- lib/dependabot/maven/update_checker/version_finder.rb
|
260
262
|
- lib/dependabot/maven/utils/auth_headers_finder.rb
|
261
263
|
- lib/dependabot/maven/version.rb
|
264
|
+
- lib/dependabot/maven/version_parser.rb
|
262
265
|
homepage: https://github.com/dependabot/dependabot-core
|
263
266
|
licenses:
|
264
267
|
- MIT
|
265
268
|
metadata:
|
266
269
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
267
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
270
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
|
268
271
|
post_install_message:
|
269
272
|
rdoc_options: []
|
270
273
|
require_paths:
|