dependabot-maven 0.274.0 → 0.276.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f2dc96b3b4e5aa7a47c3344c1fcb8a7abe883f011a23f5713809ad0b151be91
-  data.tar.gz: f29e13fb7ff4ab77168854e5ac648df6c77c0b7cb65c812bd4c18549d8ac224a
+  metadata.gz: ad6e39551492801502e013e8934b584d2357fb63ce8dcbac1d8595ae97ace06b
+  data.tar.gz: 5e7bf11324be13067df5081d825aa1072da1daec535a222bed3caa0a12e2d5d5
 SHA512:
-  metadata.gz: 7233b52a2fb23d10a1727b06588026af845050943aa79bd5b0d3d4a0fba50bd28bda04acd717fc32ad9640fa9e09b63ffef9f0374d797e885e0c0d4d82b45b1e
-  data.tar.gz: 7fb6067db86ad1ec4459a6e98bef45daec9604dc726e3f01896ec167aad7f34422d7eef07bad75a9d4021007690dc7191df2710eafd0438f890aac2d713c81a6
+  metadata.gz: df458c686885588e4751a45edc95b4559638752ade6cca6c89d67da4d5444e0311e55ed1615a78fcd1d66c63ea77efa92bcce6f923c85d48cbec2d3aec525945
+  data.tar.gz: 7615212cdd6ded48a8c62da5ba1f6d01d5f158bafb6ce6a229f41063dabd22903c86d3029a50e78833505ba4a17d655d24fea4c4f71f17b13a68d50825edbf11

data/lib/dependabot/maven/token_bucket.rb

@@ -0,0 +1,99 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/maven/version_parser"
+
+# See https://maven.apache.org/pom.html#Version_Order_Specification for details
+#
+module Dependabot
+  module Maven
+    class TokenBucket < T::Struct
+      extend T::Sig
+      extend T::Helpers
+      include Comparable
+
+      prop :tokens, T::Array[T.untyped]
+      prop :addition, T.nilable(TokenBucket)
+
+      sig { returns(T::Array[T.untyped]) }
+      def to_a
+        return tokens if addition.nil?
+
+        tokens.clone.append(addition.to_a)
+      end
+
+      sig { params(other: TokenBucket).returns(T.nilable(Integer)) }
+      def <=>(other)
+        cmp = compare_tokens(tokens, other.tokens)
+        return cmp unless cmp&.zero?
+
+        compare_additions(addition, other.addition)
+      end
+
+      sig do
+        params(
+          first: T::Array[T.any(String, Integer)],
+          second: T::Array[T.any(String, Integer)]
+        ).returns(T.nilable(Integer))
+      end
+      def compare_tokens(first, second)
+        max_idx = [first.size, second.size].max - 1
+        (0..max_idx).each do |idx|
+          cmp = compare_token_pair(first[idx], second[idx])
+          return cmp unless T.must(cmp).zero?
+        end
+        0
+      end
+
+      sig do
+        params(
+          first: T.nilable(T.any(String, Integer)),
+          second: T.nilable(T.any(String, Integer))
+        ).returns(T.nilable(Integer))
+      end
+      def compare_token_pair(first = 0, second = 0) # rubocop:disable Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
+        first ||= 0
+        second ||= 0
+
+        if first.is_a?(Integer) && second.is_a?(String)
+          return first <= 0 ? -1 : 1
+        end
+
+        if first.is_a?(String) && second.is_a?(Integer)
+          return second <= 0 ? 1 : -1
+        end
+
+        if first == Dependabot::Maven::VersionParser::SP &&
+           second.is_a?(String) && second != Dependabot::Maven::VersionParser::SP
+          return -1
+        end
+
+        if second == Dependabot::Maven::VersionParser::SP &&
+           first.is_a?(String) && first != Dependabot::Maven::VersionParser::SP
+          return 1
+        end
+
+        if first.is_a?(Integer) && second.is_a?(Integer)
+          first <=> second
+        elsif first.is_a?(String) && second.is_a?(String)
+          first <=> second
+        end
+      end
+
+      sig do
+        params(first: T.nilable(TokenBucket), second: T.nilable(TokenBucket)).returns(T.nilable(Integer))
+      end
+      def compare_additions(first, second)
+        return 0 if first.nil? && second.nil?
+
+        (first || empty_addition) <=> (second || empty_addition)
+      end
+
+      sig { returns(TokenBucket) }
+      def empty_addition
+        TokenBucket.new(tokens: [])
+      end
+    end
+  end
+end

data/lib/dependabot/maven/update_checker/requirements_updater.rb

@@ -50,12 +50,8 @@ module Dependabot
         attr_reader :properties_to_update
 
         def update_requirement(req_string)
-          if req_string.include?(".+")
-            update_dynamic_requirement(req_string)
-          else
-            # Since range requirements are excluded this must be exact
-            update_exact_requirement(req_string)
-          end
+          # Since range requirements are excluded this must be exact
+          update_exact_requirement(req_string)
         end
 
         def update_exact_requirement(req_string)
@@ -64,16 +60,6 @@ module Dependabot
           req_string.gsub(old_version.to_s, latest_version.to_s)
         end
 
-        # This is really only a Gradle thing, but Gradle relies on this
-        # RequirementsUpdater too
-        def update_dynamic_requirement(req_string)
-          precision = req_string.split(".").take_while { |s| s != "+" }.count
-
-          version_parts = latest_version.segments.first(precision)
-
-          version_parts.join(".") + ".+"
-        end
-
         def version_class
           Maven::Version
         end

data/lib/dependabot/maven/version.rb

@@ -1,192 +1,80 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
+require "dependabot/maven/version_parser"
 require "dependabot/version"
 require "dependabot/utils"
 
-# Java versions use dots and dashes when tokenising their versions.
-# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
-#
 # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
 
 module Dependabot
   module Maven
     class Version < Dependabot::Version
-      NULL_VALUES = %w(0 final ga).freeze
-      PREFIXED_TOKEN_HIERARCHY = {
-        "." => { qualifier: 1, number: 4 },
-        "-" => { qualifier: 2, number: 3 },
-        "+" => { qualifier: 3, number: 2 }
-      }.freeze
-      NAMED_QUALIFIERS_HIERARCHY = {
-        "a" => 1, "alpha"     => 1,
-        "b" => 2, "beta"      => 2,
-        "m" => 3, "milestone" => 3,
-        "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
-        "snapshot" => 5, "dev" => 5,
-        "ga" => 6, "" => 6, "final" => 6,
-        "sp" => 7
-      }.freeze
+      extend T::Sig
+      extend T::Helpers
+
+      PRERELEASE_QUALIFIERS = T.let([
+        Dependabot::Maven::VersionParser::ALPHA,
+        Dependabot::Maven::VersionParser::BETA,
+        Dependabot::Maven::VersionParser::MILESTONE,
+        Dependabot::Maven::VersionParser::RC,
+        Dependabot::Maven::VersionParser::SNAPSHOT
+      ].freeze, T::Array[Integer])
+
       VERSION_PATTERN =
         "[0-9a-zA-Z]+" \
         '(?>\.[0-9a-zA-Z]*)*' \
         '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 
+      sig { returns(Dependabot::Maven::TokenBucket) }
+      attr_accessor :token_bucket
+
+      sig { override.params(version: VersionParameter).returns(T::Boolean) }
       def self.correct?(version)
-        return false if version.nil?
+        return false if version.to_s.empty?
 
-        version.to_s.match?(ANCHORED_VERSION_PATTERN)
+        Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
+      rescue ArgumentError
+        Dependabot.logger.info("Malformed version string #{version}")
+        false
       end
 
+      sig { override.params(version: VersionParameter).void }
       def initialize(version)
-        @version_string = version.to_s
+        raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
+
+        @version_string = T.let(version.to_s, String)
+        @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
         super(version.to_s.tr("_", "-"))
       end
 
+      sig { returns(String) }
       def inspect
-        "#<#{self.class} #{@version_string}>"
+        "#<#{self.class} #{version_string}>"
       end
 
+      sig { returns(String) }
       def to_s
-        @version_string
+        version_string
       end
 
+      sig { returns(T::Boolean) }
       def prerelease?
-        tokens.any? do |token|
-          next true if token == "eap"
-          next false unless NAMED_QUALIFIERS_HIERARCHY[token]
-
-          NAMED_QUALIFIERS_HIERARCHY[token] < 6
+        token_bucket.to_a.flatten.any? do |token|
+          token.is_a?(Integer) && token.negative?
         end
       end
 
+      sig { params(other: VersionParameter).returns(Integer) }
       def <=>(other)
-        version = stringify_version(@version_string)
-        version = fill_tokens(version)
-        version = trim_version(version)
-
-        other_version = stringify_version(other)
-        other_version = fill_tokens(other_version)
-        other_version = trim_version(other_version)
-
-        version, other_version = convert_dates(version, other_version)
-
-        prefixed_tokens = split_into_prefixed_tokens(version)
-        other_prefixed_tokens = split_into_prefixed_tokens(other_version)
-
-        prefixed_tokens, other_prefixed_tokens =
-          pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
-
-        prefixed_tokens.count.times.each do |index|
-          comp = compare_prefixed_token(
-            prefix: prefixed_tokens[index][0],
-            token: prefixed_tokens[index][1..-1] || "",
-            other_prefix: other_prefixed_tokens[index][0],
-            other_token: other_prefixed_tokens[index][1..-1] || ""
-          )
-          return comp unless comp.zero?
-        end
-
-        0
+        other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
+        T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
       end
 
       private
 
-      def tokens
-        @tokens ||=
-          begin
-            version = @version_string.to_s.downcase
-            version = fill_tokens(version)
-            version = trim_version(version)
-            split_into_prefixed_tokens(version).map { |t| t[1..-1] }
-          end
-      end
-
-      def stringify_version(version)
-        version = version.to_s.downcase
-
-        # Not technically correct, but pragmatic
-        version.gsub(/^v(?=\d)/, "")
-      end
-
-      def fill_tokens(version)
-        # Add separators when transitioning from digits to characters
-        version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
-        version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
-
-        # Replace empty tokens with 0
-        version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
-        version = version.gsub(/^([\.\-])/, '0\1')
-        version.gsub(/([\.\-])$/, '\10')
-      end
-
-      def trim_version(version)
-        version.split("-").filter_map do |v|
-          parts = v.split(".")
-          parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
-          parts&.join(".")
-        end.reject(&:empty?).join("-")
-      end
-
-      def convert_dates(version, other_version)
-        default = [version, other_version]
-        return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
-        return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
-
-        [version.delete("-"), other_version.delete("-")]
-      end
-
-      def split_into_prefixed_tokens(version)
-        ".#{version}".split(/(?=[\-\.\+])/)
-      end
-
-      def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
-        prefixed_tokens = prefixed_tokens.dup
-        other_prefixed_tokens = other_prefixed_tokens.dup
-
-        longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
-        shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
-
-        longest.count.times do |index|
-          next unless shortest[index].nil?
-
-          shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
-        end
-
-        [prefixed_tokens, other_prefixed_tokens]
-      end
-
-      def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
-        token_type = token.match?(/^\d+$/) ? :number : :qualifier
-        other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
-
-        hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
-        other_hierarchy =
-          PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
-
-        hierarchy_comparison = hierarchy <=> other_hierarchy
-        return hierarchy_comparison unless hierarchy_comparison.zero?
-
-        compare_token(token: token, other_token: other_token)
-      end
-
-      def compare_token(token:, other_token:)
-        if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
-          return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
-
-          return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
-        end
-
-        return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
-
-        if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
-          token = token.to_i
-          other_token = other_token.to_i
-        end
-
-        token <=> other_token
-      end
+      sig { returns(String) }
+      attr_reader :version_string
     end
   end
 end

data/lib/dependabot/maven/version_parser.rb

@@ -0,0 +1,139 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "strscan"
+require "dependabot/maven/token_bucket"
+
+# See https://maven.apache.org/pom.html#Version_Order_Specification for details
+#
+module Dependabot
+  module Maven
+    class VersionParser
+      extend T::Sig
+      extend T::Helpers
+
+      ALPHA = -5
+      BETA = -4
+      MILESTONE = -3
+      RC = -2
+      SNAPSHOT = -1
+      SP = "sp"
+
+      sig { params(version: T.nilable(String)).returns(TokenBucket) }
+      def self.parse(version)
+        raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
+        raise BadRequirementError, "Malformed version string - string is empty" if version.empty?
+
+        new(version).parse
+      end
+
+      sig { params(version: String).void }
+      def initialize(version)
+        @version = version
+        @token_bucket = T.let(TokenBucket.new(tokens: []), T.nilable(TokenBucket))
+        @parse_result = T.let(@token_bucket, T.nilable(TokenBucket))
+        @scanner = T.let(StringScanner.new(version.downcase), StringScanner)
+      end
+
+      sig { returns(TokenBucket) }
+      def parse
+        parse_version(false)
+
+        # no tokens: version is just one of the tokens we split on e.g '.' or '-'
+        raise BadRequirementError, "Malformed version string - #{version}" if parse_result.to_a.empty?
+
+        T.must(parse_result)
+      end
+
+      private
+
+      sig { returns(StringScanner) }
+      attr_reader :scanner
+
+      sig { returns(String) }
+      attr_reader :version
+
+      sig { returns(T.nilable(TokenBucket)) }
+      attr_reader :parse_result
+
+      sig { params(token: T.nilable(T.any(String, Integer))).void }
+      def parse_addition(token = nil)
+        @token_bucket&.addition = TokenBucket.new(tokens: [token].compact)
+        @token_bucket = @token_bucket&.addition
+
+        scanner.skip(/-+/)
+        parse_version(true)
+      end
+
+      sig { params(number_begins_partition: T.nilable(T::Boolean)).void }
+      def parse_version(number_begins_partition) # rubocop:disable Metrics/AbcSize,Metrics/CyclomaticComplexity,Metrics/MethodLength,Metrics/PerceivedComplexity
+        # skip leading v if any
+        scanner.skip(/v/)
+
+        until scanner.eos?
+          if (s = scanner.scan(/\d+/))
+            if number_begins_partition
+              parse_addition(s.to_i)
+            else
+              T.must(@token_bucket).tokens << s.to_i
+            end
+
+          elsif (s = scanner.match?(/a\d+/))
+            # aN is equivalent to alpha-N
+            scanner.skip("a")
+            parse_addition(ALPHA)
+
+          elsif (s = scanner.match?(/b\d+/))
+            # bN is equivalent to beta-N
+            scanner.skip("b")
+            parse_addition(BETA)
+
+          elsif (s = scanner.match?(/m\d+/))
+            # mN is equivalent to milestone-N
+            scanner.skip("m")
+            parse_addition(MILESTONE)
+
+          elsif (s = scanner.scan(/(alpha|beta|milestone|rc|cr|sp|ga|final|release|snapshot)[a-z]+/))
+            # process "alpha" and others as normal lexical tokens if they're followed by a letter
+            parse_addition(s)
+
+          elsif (s = scanner.scan("alpha"))
+            # handle alphaN, alpha-X, alpha.X, or ending alpha
+            parse_addition(ALPHA)
+
+          elsif (s = scanner.scan("beta"))
+            parse_addition(BETA)
+          elsif (s = scanner.scan("milestone"))
+            parse_addition(MILESTONE)
+
+          elsif (s = scanner.scan(/(rc|cr)/))
+            parse_addition(RC)
+
+          elsif (s = scanner.scan("snapshot"))
+            parse_addition(SNAPSHOT)
+
+          elsif (s = scanner.scan(/ga|final|release/))
+            parse_addition
+
+          elsif (s = scanner.scan("sp"))
+            parse_addition(SP)
+
+          # `+` is parsed as an addition as stated in maven version spec
+          elsif (s = scanner.scan(/[a-z_+]+/))
+            parse_addition(s)
+
+          elsif (s = scanner.scan("."))
+            number_begins_partition = false
+
+          elsif (s = scanner.scan("-"))
+            number_begins_partition = true
+
+          else
+            raise BadRequirementError, "Malformed version string - #{version}"
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.274.0
+  version: 0.276.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-05 00:00:00.000000000 Z
+date: 2024-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.274.0
+        version: 0.276.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.274.0
+        version: 0.276.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -253,18 +253,20 @@ files:
 - lib/dependabot/maven/file_updater/property_value_updater.rb
 - lib/dependabot/maven/metadata_finder.rb
 - lib/dependabot/maven/requirement.rb
+- lib/dependabot/maven/token_bucket.rb
 - lib/dependabot/maven/update_checker.rb
 - lib/dependabot/maven/update_checker/property_updater.rb
 - lib/dependabot/maven/update_checker/requirements_updater.rb
 - lib/dependabot/maven/update_checker/version_finder.rb
 - lib/dependabot/maven/utils/auth_headers_finder.rb
 - lib/dependabot/maven/version.rb
+- lib/dependabot/maven/version_parser.rb
 homepage: https://github.com/dependabot/dependabot-core
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.274.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
 post_install_message: 
 rdoc_options: []
 require_paths: