RubyGems - dependabot-maven - Versions diffs - 0.275.0 → 0.276.0 - Mend

dependabot-maven 0.275.0 → 0.276.0

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/dependabot/maven/update_checker/requirements_updater.rb +2 -16
data/lib/dependabot/maven/version.rb +39 -151
metadata +5 -6
data/lib/dependabot/maven/new_version.rb +0 -71

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 34e834338532d9b5075b9da8b125fd68ab0c799b626d20ba78c68f6a7caec872
-  data.tar.gz: 4847822f6792330975b50649d4bc62c695dff89273546f2e40147423fe85a266
+  metadata.gz: ad6e39551492801502e013e8934b584d2357fb63ce8dcbac1d8595ae97ace06b
+  data.tar.gz: 5e7bf11324be13067df5081d825aa1072da1daec535a222bed3caa0a12e2d5d5
 SHA512:
-  metadata.gz: 642aacea8f45cee1f8ff1ed81c91c96569a2334895587bf57480dd2b283cad662c7e376759f51b70958df3e4f0267d0801e215d7e4c45033c788c63d225495a3
-  data.tar.gz: d0b825961255e3ed2acc27f3e8b735598ba2e24830438d1c4cd00eaabb6202d6f29989a683983efee2b6cc6cf1304f69cabf177db04300d585eebb0f5c851e3b
+  metadata.gz: df458c686885588e4751a45edc95b4559638752ade6cca6c89d67da4d5444e0311e55ed1615a78fcd1d66c63ea77efa92bcce6f923c85d48cbec2d3aec525945
+  data.tar.gz: 7615212cdd6ded48a8c62da5ba1f6d01d5f158bafb6ce6a229f41063dabd22903c86d3029a50e78833505ba4a17d655d24fea4c4f71f17b13a68d50825edbf11

data/lib/dependabot/maven/update_checker/requirements_updater.rb CHANGED Viewed

@@ -50,12 +50,8 @@ module Dependabot
         attr_reader :properties_to_update
         def update_requirement(req_string)
-          if req_string.include?(".+")
-            update_dynamic_requirement(req_string)
-          else
-            # Since range requirements are excluded this must be exact
-            update_exact_requirement(req_string)
-          end
+          # Since range requirements are excluded this must be exact
+          update_exact_requirement(req_string)
         end
         def update_exact_requirement(req_string)
@@ -64,16 +60,6 @@ module Dependabot
           req_string.gsub(old_version.to_s, latest_version.to_s)
         end
-        # This is really only a Gradle thing, but Gradle relies on this
-        # RequirementsUpdater too
-        def update_dynamic_requirement(req_string)
-          precision = req_string.split(".").take_while { |s| s != "+" }.count
-          version_parts = latest_version.segments.first(precision)
-          version_parts.join(".") + ".+"
-        end
         def version_class
           Maven::Version
         end

data/lib/dependabot/maven/version.rb CHANGED Viewed

@@ -1,192 +1,80 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
+require "dependabot/maven/version_parser"
 require "dependabot/version"
 require "dependabot/utils"
-# Java versions use dots and dashes when tokenising their versions.
-# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
-#
 # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
 module Dependabot
   module Maven
     class Version < Dependabot::Version
-      NULL_VALUES = %w(0 final ga).freeze
-      PREFIXED_TOKEN_HIERARCHY = {
-        "." => { qualifier: 1, number: 4 },
-        "-" => { qualifier: 2, number: 3 },
-        "+" => { qualifier: 3, number: 2 }
-      }.freeze
-      NAMED_QUALIFIERS_HIERARCHY = {
-        "a" => 1, "alpha"     => 1,
-        "b" => 2, "beta"      => 2,
-        "m" => 3, "milestone" => 3,
-        "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
-        "snapshot" => 5, "dev" => 5,
-        "ga" => 6, "" => 6, "final" => 6,
-        "sp" => 7
-      }.freeze
+      extend T::Sig
+      extend T::Helpers
+      PRERELEASE_QUALIFIERS = T.let([
+        Dependabot::Maven::VersionParser::ALPHA,
+        Dependabot::Maven::VersionParser::BETA,
+        Dependabot::Maven::VersionParser::MILESTONE,
+        Dependabot::Maven::VersionParser::RC,
+        Dependabot::Maven::VersionParser::SNAPSHOT
+      ].freeze, T::Array[Integer])
       VERSION_PATTERN =
         "[0-9a-zA-Z]+" \
         '(?>\.[0-9a-zA-Z]*)*' \
         '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
+      sig { returns(Dependabot::Maven::TokenBucket) }
+      attr_accessor :token_bucket
+      sig { override.params(version: VersionParameter).returns(T::Boolean) }
       def self.correct?(version)
-        return false if version.nil?
+        return false if version.to_s.empty?
-        version.to_s.match?(ANCHORED_VERSION_PATTERN)
+        Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
+      rescue ArgumentError
+        Dependabot.logger.info("Malformed version string #{version}")
+        false
       end
+      sig { override.params(version: VersionParameter).void }
       def initialize(version)
-        @version_string = version.to_s
+        raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
+        @version_string = T.let(version.to_s, String)
+        @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
         super(version.to_s.tr("_", "-"))
       end
+      sig { returns(String) }
       def inspect
-        "#<#{self.class} #{@version_string}>"
+        "#<#{self.class} #{version_string}>"
       end
+      sig { returns(String) }
       def to_s
-        @version_string
+        version_string
       end
+      sig { returns(T::Boolean) }
       def prerelease?
-        tokens.any? do |token|
-          next true if token == "eap"
-          next false unless NAMED_QUALIFIERS_HIERARCHY[token]
-          NAMED_QUALIFIERS_HIERARCHY[token] < 6
+        token_bucket.to_a.flatten.any? do |token|
+          token.is_a?(Integer) && token.negative?
         end
       end
+      sig { params(other: VersionParameter).returns(Integer) }
       def <=>(other)
-        version = stringify_version(@version_string)
-        version = fill_tokens(version)
-        version = trim_version(version)
-        other_version = stringify_version(other)
-        other_version = fill_tokens(other_version)
-        other_version = trim_version(other_version)
-        version, other_version = convert_dates(version, other_version)
-        prefixed_tokens = split_into_prefixed_tokens(version)
-        other_prefixed_tokens = split_into_prefixed_tokens(other_version)
-        prefixed_tokens, other_prefixed_tokens =
-          pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
-        prefixed_tokens.count.times.each do |index|
-          comp = compare_prefixed_token(
-            prefix: prefixed_tokens[index][0],
-            token: prefixed_tokens[index][1..-1] || "",
-            other_prefix: other_prefixed_tokens[index][0],
-            other_token: other_prefixed_tokens[index][1..-1] || ""
-          )
-          return comp unless comp.zero?
-        end
-        0
+        other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
+        T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
       end
       private
-      def tokens
-        @tokens ||=
-          begin
-            version = @version_string.to_s.downcase
-            version = fill_tokens(version)
-            version = trim_version(version)
-            split_into_prefixed_tokens(version).map { |t| t[1..-1] }
-          end
-      end
-      def stringify_version(version)
-        version = version.to_s.downcase
-        # Not technically correct, but pragmatic
-        version.gsub(/^v(?=\d)/, "")
-      end
-      def fill_tokens(version)
-        # Add separators when transitioning from digits to characters
-        version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
-        version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
-        # Replace empty tokens with 0
-        version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
-        version = version.gsub(/^([\.\-])/, '0\1')
-        version.gsub(/([\.\-])$/, '\10')
-      end
-      def trim_version(version)
-        version.split("-").filter_map do |v|
-          parts = v.split(".")
-          parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
-          parts&.join(".")
-        end.reject(&:empty?).join("-")
-      end
-      def convert_dates(version, other_version)
-        default = [version, other_version]
-        return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
-        return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
-        [version.delete("-"), other_version.delete("-")]
-      end
-      def split_into_prefixed_tokens(version)
-        ".#{version}".split(/(?=[\-\.\+])/)
-      end
-      def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
-        prefixed_tokens = prefixed_tokens.dup
-        other_prefixed_tokens = other_prefixed_tokens.dup
-        longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
-        shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
-        longest.count.times do |index|
-          next unless shortest[index].nil?
-          shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
-        end
-        [prefixed_tokens, other_prefixed_tokens]
-      end
-      def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
-        token_type = token.match?(/^\d+$/) ? :number : :qualifier
-        other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
-        hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
-        other_hierarchy =
-          PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
-        hierarchy_comparison = hierarchy <=> other_hierarchy
-        return hierarchy_comparison unless hierarchy_comparison.zero?
-        compare_token(token: token, other_token: other_token)
-      end
-      def compare_token(token:, other_token:)
-        if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
-          return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
-          return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
-        end
-        return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
-        if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
-          token = token.to_i
-          other_token = other_token.to_i
-        end
-        token <=> other_token
-      end
+      sig { returns(String) }
+      attr_reader :version_string
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.275.0
+  version: 0.276.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-12 00:00:00.000000000 Z
+date: 2024-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.275.0
+        version: 0.276.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -252,7 +252,6 @@ files:
 - lib/dependabot/maven/file_updater/declaration_finder.rb
 - lib/dependabot/maven/file_updater/property_value_updater.rb
 - lib/dependabot/maven/metadata_finder.rb
-- lib/dependabot/maven/new_version.rb
 - lib/dependabot/maven/requirement.rb
 - lib/dependabot/maven/token_bucket.rb
 - lib/dependabot/maven/update_checker.rb
@@ -267,7 +266,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.275.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
 post_install_message:
 rdoc_options: []
 require_paths:

data/lib/dependabot/maven/new_version.rb DELETED Viewed

@@ -1,71 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "dependabot/maven/version_parser"
-require "dependabot/version"
-require "dependabot/utils"
-# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
-module Dependabot
-  module Maven
-    class NewVersion
-      extend T::Sig
-      extend T::Helpers
-      PRERELEASE_QUALIFIERS = T.let([
-        Dependabot::Maven::VersionParser::ALPHA,
-        Dependabot::Maven::VersionParser::BETA,
-        Dependabot::Maven::VersionParser::MILESTONE,
-        Dependabot::Maven::VersionParser::RC,
-        Dependabot::Maven::VersionParser::SNAPSHOT
-      ].freeze, T::Array[Integer])
-      sig { returns(Dependabot::Maven::TokenBucket) }
-      attr_accessor :token_bucket
-      sig { params(version: String).returns(T::Boolean) }
-      def self.correct?(version)
-        return false if version.empty?
-        Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
-      rescue Dependabot::BadRequirementError
-        Dependabot.logger.info("Malformed version string - #{version}")
-        false
-      end
-      sig { params(version: String).void }
-      def initialize(version)
-        @version_string = T.let(version, String)
-        @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
-      end
-      sig { returns(String) }
-      def inspect
-        "#<#{self.class} #{version_string}>"
-      end
-      sig { returns(String) }
-      def to_s
-        version_string
-      end
-      sig { returns(T::Boolean) }
-      def prerelease?
-        token_bucket.to_a.flatten.any? do |token|
-          token.is_a?(Integer) && token.negative?
-        end
-      end
-      sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
-      def <=>(other)
-        T.must(token_bucket <=> other.token_bucket)
-      end
-      private
-      sig { returns(String) }
-      attr_reader :version_string
-    end
-  end
-end