dependabot-maven 0.276.0 → 0.277.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad6e39551492801502e013e8934b584d2357fb63ce8dcbac1d8595ae97ace06b
-  data.tar.gz: 5e7bf11324be13067df5081d825aa1072da1daec535a222bed3caa0a12e2d5d5
+  metadata.gz: b3b46b76c0fbe2d331eb9b4873f9a93be3f6da7d185dc0de6bcc92fdc36c9698
+  data.tar.gz: d726485be24fe3c8f850507acbb568326cc8ddae4d523144f2ef83624091d647
 SHA512:
-  metadata.gz: df458c686885588e4751a45edc95b4559638752ade6cca6c89d67da4d5444e0311e55ed1615a78fcd1d66c63ea77efa92bcce6f923c85d48cbec2d3aec525945
-  data.tar.gz: 7615212cdd6ded48a8c62da5ba1f6d01d5f158bafb6ce6a229f41063dabd22903c86d3029a50e78833505ba4a17d655d24fea4c4f71f17b13a68d50825edbf11
+  metadata.gz: 31cc6c13dcb2a7136accb3ae9e24a05c70d8d3b19f13d6349a6c9611512342713b423955aa8b7d56321bc59d8e06623dfe786f57e08333b07aabffa6ef004f32
+  data.tar.gz: ea83d05638026cf5dde1bc518086cf4d469451139b3716baa3e365993d7e825ef2d0d4803de4bde37fad78fbb17c63535fabae0e22169727c3c575d2e4c1465b

data/lib/dependabot/maven/new_version.rb

@@ -0,0 +1,71 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "dependabot/maven/version_parser"
+require "dependabot/version"
+require "dependabot/utils"
+
+# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
+
+module Dependabot
+  module Maven
+    class NewVersion
+      extend T::Sig
+      extend T::Helpers
+
+      PRERELEASE_QUALIFIERS = T.let([
+        Dependabot::Maven::VersionParser::ALPHA,
+        Dependabot::Maven::VersionParser::BETA,
+        Dependabot::Maven::VersionParser::MILESTONE,
+        Dependabot::Maven::VersionParser::RC,
+        Dependabot::Maven::VersionParser::SNAPSHOT
+      ].freeze, T::Array[Integer])
+
+      sig { returns(Dependabot::Maven::TokenBucket) }
+      attr_accessor :token_bucket
+
+      sig { params(version: String).returns(T::Boolean) }
+      def self.correct?(version)
+        return false if version.empty?
+
+        Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
+      rescue Dependabot::BadRequirementError
+        Dependabot.logger.info("Malformed version string - #{version}")
+        false
+      end
+
+      sig { params(version: String).void }
+      def initialize(version)
+        @version_string = T.let(version, String)
+        @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
+      end
+
+      sig { returns(String) }
+      def inspect
+        "#<#{self.class} #{version_string}>"
+      end
+
+      sig { returns(String) }
+      def to_s
+        version_string
+      end
+
+      sig { returns(T::Boolean) }
+      def prerelease?
+        token_bucket.to_a.flatten.any? do |token|
+          token.is_a?(Integer) && token.negative?
+        end
+      end
+
+      sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
+      def <=>(other)
+        T.must(token_bucket <=> other.token_bucket)
+      end
+
+      private
+
+      sig { returns(String) }
+      attr_reader :version_string
+    end
+  end
+end

data/lib/dependabot/maven/update_checker/requirements_updater.rb

@@ -50,8 +50,12 @@ module Dependabot
         attr_reader :properties_to_update
 
         def update_requirement(req_string)
-          # Since range requirements are excluded this must be exact
-          update_exact_requirement(req_string)
+          if req_string.include?(".+")
+            update_dynamic_requirement(req_string)
+          else
+            # Since range requirements are excluded this must be exact
+            update_exact_requirement(req_string)
+          end
         end
 
         def update_exact_requirement(req_string)
@@ -60,6 +64,16 @@ module Dependabot
           req_string.gsub(old_version.to_s, latest_version.to_s)
         end
 
+        # This is really only a Gradle thing, but Gradle relies on this
+        # RequirementsUpdater too
+        def update_dynamic_requirement(req_string)
+          precision = req_string.split(".").take_while { |s| s != "+" }.count
+
+          version_parts = latest_version.segments.first(precision)
+
+          version_parts.join(".") + ".+"
+        end
+
         def version_class
           Maven::Version
         end

data/lib/dependabot/maven/version.rb

@@ -1,80 +1,192 @@
-# typed: strict
+# typed: true
 # frozen_string_literal: true
 
-require "dependabot/maven/version_parser"
 require "dependabot/version"
 require "dependabot/utils"
 
+# Java versions use dots and dashes when tokenising their versions.
+# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
+#
 # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
 
 module Dependabot
   module Maven
     class Version < Dependabot::Version
-      extend T::Sig
-      extend T::Helpers
-
-      PRERELEASE_QUALIFIERS = T.let([
-        Dependabot::Maven::VersionParser::ALPHA,
-        Dependabot::Maven::VersionParser::BETA,
-        Dependabot::Maven::VersionParser::MILESTONE,
-        Dependabot::Maven::VersionParser::RC,
-        Dependabot::Maven::VersionParser::SNAPSHOT
-      ].freeze, T::Array[Integer])
-
+      NULL_VALUES = %w(0 final ga).freeze
+      PREFIXED_TOKEN_HIERARCHY = {
+        "." => { qualifier: 1, number: 4 },
+        "-" => { qualifier: 2, number: 3 },
+        "+" => { qualifier: 3, number: 2 }
+      }.freeze
+      NAMED_QUALIFIERS_HIERARCHY = {
+        "a" => 1, "alpha"     => 1,
+        "b" => 2, "beta"      => 2,
+        "m" => 3, "milestone" => 3,
+        "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
+        "snapshot" => 5, "dev" => 5,
+        "ga" => 6, "" => 6, "final" => 6,
+        "sp" => 7
+      }.freeze
       VERSION_PATTERN =
         "[0-9a-zA-Z]+" \
         '(?>\.[0-9a-zA-Z]*)*' \
         '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 
-      sig { returns(Dependabot::Maven::TokenBucket) }
-      attr_accessor :token_bucket
-
-      sig { override.params(version: VersionParameter).returns(T::Boolean) }
       def self.correct?(version)
-        return false if version.to_s.empty?
+        return false if version.nil?
 
-        Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
-      rescue ArgumentError
-        Dependabot.logger.info("Malformed version string #{version}")
-        false
+        version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
 
-      sig { override.params(version: VersionParameter).void }
       def initialize(version)
-        raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
-
-        @version_string = T.let(version.to_s, String)
-        @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
+        @version_string = version.to_s
         super(version.to_s.tr("_", "-"))
       end
 
-      sig { returns(String) }
       def inspect
-        "#<#{self.class} #{version_string}>"
+        "#<#{self.class} #{@version_string}>"
       end
 
-      sig { returns(String) }
       def to_s
-        version_string
+        @version_string
       end
 
-      sig { returns(T::Boolean) }
       def prerelease?
-        token_bucket.to_a.flatten.any? do |token|
-          token.is_a?(Integer) && token.negative?
+        tokens.any? do |token|
+          next true if token == "eap"
+          next false unless NAMED_QUALIFIERS_HIERARCHY[token]
+
+          NAMED_QUALIFIERS_HIERARCHY[token] < 6
         end
       end
 
-      sig { params(other: VersionParameter).returns(Integer) }
       def <=>(other)
-        other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
-        T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
+        version = stringify_version(@version_string)
+        version = fill_tokens(version)
+        version = trim_version(version)
+
+        other_version = stringify_version(other)
+        other_version = fill_tokens(other_version)
+        other_version = trim_version(other_version)
+
+        version, other_version = convert_dates(version, other_version)
+
+        prefixed_tokens = split_into_prefixed_tokens(version)
+        other_prefixed_tokens = split_into_prefixed_tokens(other_version)
+
+        prefixed_tokens, other_prefixed_tokens =
+          pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+
+        prefixed_tokens.count.times.each do |index|
+          comp = compare_prefixed_token(
+            prefix: prefixed_tokens[index][0],
+            token: prefixed_tokens[index][1..-1] || "",
+            other_prefix: other_prefixed_tokens[index][0],
+            other_token: other_prefixed_tokens[index][1..-1] || ""
+          )
+          return comp unless comp.zero?
+        end
+
+        0
       end
 
       private
 
-      sig { returns(String) }
-      attr_reader :version_string
+      def tokens
+        @tokens ||=
+          begin
+            version = @version_string.to_s.downcase
+            version = fill_tokens(version)
+            version = trim_version(version)
+            split_into_prefixed_tokens(version).map { |t| t[1..-1] }
+          end
+      end
+
+      def stringify_version(version)
+        version = version.to_s.downcase
+
+        # Not technically correct, but pragmatic
+        version.gsub(/^v(?=\d)/, "")
+      end
+
+      def fill_tokens(version)
+        # Add separators when transitioning from digits to characters
+        version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
+        version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
+
+        # Replace empty tokens with 0
+        version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
+        version = version.gsub(/^([\.\-])/, '0\1')
+        version.gsub(/([\.\-])$/, '\10')
+      end
+
+      def trim_version(version)
+        version.split("-").filter_map do |v|
+          parts = v.split(".")
+          parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
+          parts&.join(".")
+        end.reject(&:empty?).join("-")
+      end
+
+      def convert_dates(version, other_version)
+        default = [version, other_version]
+        return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+        return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
+
+        [version.delete("-"), other_version.delete("-")]
+      end
+
+      def split_into_prefixed_tokens(version)
+        ".#{version}".split(/(?=[\-\.\+])/)
+      end
+
+      def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
+        prefixed_tokens = prefixed_tokens.dup
+        other_prefixed_tokens = other_prefixed_tokens.dup
+
+        longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
+        shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
+
+        longest.count.times do |index|
+          next unless shortest[index].nil?
+
+          shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
+        end
+
+        [prefixed_tokens, other_prefixed_tokens]
+      end
+
+      def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
+        token_type = token.match?(/^\d+$/) ? :number : :qualifier
+        other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
+
+        hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
+        other_hierarchy =
+          PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
+
+        hierarchy_comparison = hierarchy <=> other_hierarchy
+        return hierarchy_comparison unless hierarchy_comparison.zero?
+
+        compare_token(token: token, other_token: other_token)
+      end
+
+      def compare_token(token:, other_token:)
+        if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
+          return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
+
+          return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
+        end
+
+        return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
+
+        if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
+          token = token.to_i
+          other_token = other_token.to_i
+        end
+
+        token <=> other_token
+      end
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-maven
 version: !ruby/object:Gem::Version
-  version: 0.276.0
+  version: 0.277.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-19 00:00:00.000000000 Z
+date: 2024-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.276.0
+        version: 0.277.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.276.0
+        version: 0.277.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -252,6 +252,7 @@ files:
 - lib/dependabot/maven/file_updater/declaration_finder.rb
 - lib/dependabot/maven/file_updater/property_value_updater.rb
 - lib/dependabot/maven/metadata_finder.rb
+- lib/dependabot/maven/new_version.rb
 - lib/dependabot/maven/requirement.rb
 - lib/dependabot/maven/token_bucket.rb
 - lib/dependabot/maven/update_checker.rb
@@ -266,7 +267,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
 post_install_message: 
 rdoc_options: []
 require_paths: