dependabot-maven 0.276.0 → 0.278.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d73dfbfce3413f3d179bf73f68859d6dad38f3f25edfdda6326c3968f40cdddc
|
4
|
+
data.tar.gz: 78defdf21de9734aadb0885c6aa1d44ba5fff411ce02bd0566612332c6a7ba94
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c7bf8160553aa4585f8cca47812067fb364bb659f05ac56ccfc257c68e50778bf8cf9871c951b0d791bb4062ae164fa452de02da4a44ba7b21b28b0ce470cac5
|
7
|
+
data.tar.gz: fdfbc1d3c0d84fa6d760034e14b6defa7d2c224f0f49e6668370265d8f3a6ce031f5b43791359d899548a69a0ec9ecf7ac64c04c3fdcff326de25f71c7734c59
|
@@ -0,0 +1,71 @@
|
|
1
|
+
# typed: strict
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "dependabot/maven/version_parser"
|
5
|
+
require "dependabot/version"
|
6
|
+
require "dependabot/utils"
|
7
|
+
|
8
|
+
# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
|
9
|
+
|
10
|
+
module Dependabot
|
11
|
+
module Maven
|
12
|
+
class NewVersion
|
13
|
+
extend T::Sig
|
14
|
+
extend T::Helpers
|
15
|
+
|
16
|
+
PRERELEASE_QUALIFIERS = T.let([
|
17
|
+
Dependabot::Maven::VersionParser::ALPHA,
|
18
|
+
Dependabot::Maven::VersionParser::BETA,
|
19
|
+
Dependabot::Maven::VersionParser::MILESTONE,
|
20
|
+
Dependabot::Maven::VersionParser::RC,
|
21
|
+
Dependabot::Maven::VersionParser::SNAPSHOT
|
22
|
+
].freeze, T::Array[Integer])
|
23
|
+
|
24
|
+
sig { returns(Dependabot::Maven::TokenBucket) }
|
25
|
+
attr_accessor :token_bucket
|
26
|
+
|
27
|
+
sig { params(version: String).returns(T::Boolean) }
|
28
|
+
def self.correct?(version)
|
29
|
+
return false if version.empty?
|
30
|
+
|
31
|
+
Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
|
32
|
+
rescue Dependabot::BadRequirementError
|
33
|
+
Dependabot.logger.info("Malformed version string - #{version}")
|
34
|
+
false
|
35
|
+
end
|
36
|
+
|
37
|
+
sig { params(version: String).void }
|
38
|
+
def initialize(version)
|
39
|
+
@version_string = T.let(version, String)
|
40
|
+
@token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
|
41
|
+
end
|
42
|
+
|
43
|
+
sig { returns(String) }
|
44
|
+
def inspect
|
45
|
+
"#<#{self.class} #{version_string}>"
|
46
|
+
end
|
47
|
+
|
48
|
+
sig { returns(String) }
|
49
|
+
def to_s
|
50
|
+
version_string
|
51
|
+
end
|
52
|
+
|
53
|
+
sig { returns(T::Boolean) }
|
54
|
+
def prerelease?
|
55
|
+
token_bucket.to_a.flatten.any? do |token|
|
56
|
+
token.is_a?(Integer) && token.negative?
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
|
61
|
+
def <=>(other)
|
62
|
+
T.must(token_bucket <=> other.token_bucket)
|
63
|
+
end
|
64
|
+
|
65
|
+
private
|
66
|
+
|
67
|
+
sig { returns(String) }
|
68
|
+
attr_reader :version_string
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -50,8 +50,12 @@ module Dependabot
|
|
50
50
|
attr_reader :properties_to_update
|
51
51
|
|
52
52
|
def update_requirement(req_string)
|
53
|
-
|
54
|
-
|
53
|
+
if req_string.include?(".+")
|
54
|
+
update_dynamic_requirement(req_string)
|
55
|
+
else
|
56
|
+
# Since range requirements are excluded this must be exact
|
57
|
+
update_exact_requirement(req_string)
|
58
|
+
end
|
55
59
|
end
|
56
60
|
|
57
61
|
def update_exact_requirement(req_string)
|
@@ -60,6 +64,16 @@ module Dependabot
|
|
60
64
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
61
65
|
end
|
62
66
|
|
67
|
+
# This is really only a Gradle thing, but Gradle relies on this
|
68
|
+
# RequirementsUpdater too
|
69
|
+
def update_dynamic_requirement(req_string)
|
70
|
+
precision = req_string.split(".").take_while { |s| s != "+" }.count
|
71
|
+
|
72
|
+
version_parts = latest_version.segments.first(precision)
|
73
|
+
|
74
|
+
version_parts.join(".") + ".+"
|
75
|
+
end
|
76
|
+
|
63
77
|
def version_class
|
64
78
|
Maven::Version
|
65
79
|
end
|
@@ -1,80 +1,192 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require "dependabot/maven/version_parser"
|
5
4
|
require "dependabot/version"
|
6
5
|
require "dependabot/utils"
|
7
6
|
|
7
|
+
# Java versions use dots and dashes when tokenising their versions.
|
8
|
+
# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
|
9
|
+
#
|
8
10
|
# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
|
9
11
|
|
10
12
|
module Dependabot
|
11
13
|
module Maven
|
12
14
|
class Version < Dependabot::Version
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
15
|
+
NULL_VALUES = %w(0 final ga).freeze
|
16
|
+
PREFIXED_TOKEN_HIERARCHY = {
|
17
|
+
"." => { qualifier: 1, number: 4 },
|
18
|
+
"-" => { qualifier: 2, number: 3 },
|
19
|
+
"+" => { qualifier: 3, number: 2 }
|
20
|
+
}.freeze
|
21
|
+
NAMED_QUALIFIERS_HIERARCHY = {
|
22
|
+
"a" => 1, "alpha" => 1,
|
23
|
+
"b" => 2, "beta" => 2,
|
24
|
+
"m" => 3, "milestone" => 3,
|
25
|
+
"rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
|
26
|
+
"snapshot" => 5, "dev" => 5,
|
27
|
+
"ga" => 6, "" => 6, "final" => 6,
|
28
|
+
"sp" => 7
|
29
|
+
}.freeze
|
24
30
|
VERSION_PATTERN =
|
25
31
|
"[0-9a-zA-Z]+" \
|
26
32
|
'(?>\.[0-9a-zA-Z]*)*' \
|
27
33
|
'([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
|
34
|
+
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
28
35
|
|
29
|
-
sig { returns(Dependabot::Maven::TokenBucket) }
|
30
|
-
attr_accessor :token_bucket
|
31
|
-
|
32
|
-
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
33
36
|
def self.correct?(version)
|
34
|
-
return false if version.
|
37
|
+
return false if version.nil?
|
35
38
|
|
36
|
-
|
37
|
-
rescue ArgumentError
|
38
|
-
Dependabot.logger.info("Malformed version string #{version}")
|
39
|
-
false
|
39
|
+
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
40
40
|
end
|
41
41
|
|
42
|
-
sig { override.params(version: VersionParameter).void }
|
43
42
|
def initialize(version)
|
44
|
-
|
45
|
-
|
46
|
-
@version_string = T.let(version.to_s, String)
|
47
|
-
@token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
|
43
|
+
@version_string = version.to_s
|
48
44
|
super(version.to_s.tr("_", "-"))
|
49
45
|
end
|
50
46
|
|
51
|
-
sig { returns(String) }
|
52
47
|
def inspect
|
53
|
-
"#<#{self.class} #{version_string}>"
|
48
|
+
"#<#{self.class} #{@version_string}>"
|
54
49
|
end
|
55
50
|
|
56
|
-
sig { returns(String) }
|
57
51
|
def to_s
|
58
|
-
version_string
|
52
|
+
@version_string
|
59
53
|
end
|
60
54
|
|
61
|
-
sig { returns(T::Boolean) }
|
62
55
|
def prerelease?
|
63
|
-
|
64
|
-
token
|
56
|
+
tokens.any? do |token|
|
57
|
+
next true if token == "eap"
|
58
|
+
next false unless NAMED_QUALIFIERS_HIERARCHY[token]
|
59
|
+
|
60
|
+
NAMED_QUALIFIERS_HIERARCHY[token] < 6
|
65
61
|
end
|
66
62
|
end
|
67
63
|
|
68
|
-
sig { params(other: VersionParameter).returns(Integer) }
|
69
64
|
def <=>(other)
|
70
|
-
|
71
|
-
|
65
|
+
version = stringify_version(@version_string)
|
66
|
+
version = fill_tokens(version)
|
67
|
+
version = trim_version(version)
|
68
|
+
|
69
|
+
other_version = stringify_version(other)
|
70
|
+
other_version = fill_tokens(other_version)
|
71
|
+
other_version = trim_version(other_version)
|
72
|
+
|
73
|
+
version, other_version = convert_dates(version, other_version)
|
74
|
+
|
75
|
+
prefixed_tokens = split_into_prefixed_tokens(version)
|
76
|
+
other_prefixed_tokens = split_into_prefixed_tokens(other_version)
|
77
|
+
|
78
|
+
prefixed_tokens, other_prefixed_tokens =
|
79
|
+
pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
|
80
|
+
|
81
|
+
prefixed_tokens.count.times.each do |index|
|
82
|
+
comp = compare_prefixed_token(
|
83
|
+
prefix: prefixed_tokens[index][0],
|
84
|
+
token: prefixed_tokens[index][1..-1] || "",
|
85
|
+
other_prefix: other_prefixed_tokens[index][0],
|
86
|
+
other_token: other_prefixed_tokens[index][1..-1] || ""
|
87
|
+
)
|
88
|
+
return comp unless comp.zero?
|
89
|
+
end
|
90
|
+
|
91
|
+
0
|
72
92
|
end
|
73
93
|
|
74
94
|
private
|
75
95
|
|
76
|
-
|
77
|
-
|
96
|
+
def tokens
|
97
|
+
@tokens ||=
|
98
|
+
begin
|
99
|
+
version = @version_string.to_s.downcase
|
100
|
+
version = fill_tokens(version)
|
101
|
+
version = trim_version(version)
|
102
|
+
split_into_prefixed_tokens(version).map { |t| t[1..-1] }
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
def stringify_version(version)
|
107
|
+
version = version.to_s.downcase
|
108
|
+
|
109
|
+
# Not technically correct, but pragmatic
|
110
|
+
version.gsub(/^v(?=\d)/, "")
|
111
|
+
end
|
112
|
+
|
113
|
+
def fill_tokens(version)
|
114
|
+
# Add separators when transitioning from digits to characters
|
115
|
+
version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
|
116
|
+
version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
|
117
|
+
|
118
|
+
# Replace empty tokens with 0
|
119
|
+
version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
|
120
|
+
version = version.gsub(/^([\.\-])/, '0\1')
|
121
|
+
version.gsub(/([\.\-])$/, '\10')
|
122
|
+
end
|
123
|
+
|
124
|
+
def trim_version(version)
|
125
|
+
version.split("-").filter_map do |v|
|
126
|
+
parts = v.split(".")
|
127
|
+
parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
|
128
|
+
parts&.join(".")
|
129
|
+
end.reject(&:empty?).join("-")
|
130
|
+
end
|
131
|
+
|
132
|
+
def convert_dates(version, other_version)
|
133
|
+
default = [version, other_version]
|
134
|
+
return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
|
135
|
+
return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
|
136
|
+
|
137
|
+
[version.delete("-"), other_version.delete("-")]
|
138
|
+
end
|
139
|
+
|
140
|
+
def split_into_prefixed_tokens(version)
|
141
|
+
".#{version}".split(/(?=[\-\.\+])/)
|
142
|
+
end
|
143
|
+
|
144
|
+
def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
|
145
|
+
prefixed_tokens = prefixed_tokens.dup
|
146
|
+
other_prefixed_tokens = other_prefixed_tokens.dup
|
147
|
+
|
148
|
+
longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
|
149
|
+
shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
|
150
|
+
|
151
|
+
longest.count.times do |index|
|
152
|
+
next unless shortest[index].nil?
|
153
|
+
|
154
|
+
shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
|
155
|
+
end
|
156
|
+
|
157
|
+
[prefixed_tokens, other_prefixed_tokens]
|
158
|
+
end
|
159
|
+
|
160
|
+
def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
|
161
|
+
token_type = token.match?(/^\d+$/) ? :number : :qualifier
|
162
|
+
other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
|
163
|
+
|
164
|
+
hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
|
165
|
+
other_hierarchy =
|
166
|
+
PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
|
167
|
+
|
168
|
+
hierarchy_comparison = hierarchy <=> other_hierarchy
|
169
|
+
return hierarchy_comparison unless hierarchy_comparison.zero?
|
170
|
+
|
171
|
+
compare_token(token: token, other_token: other_token)
|
172
|
+
end
|
173
|
+
|
174
|
+
def compare_token(token:, other_token:)
|
175
|
+
if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
|
176
|
+
return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
|
177
|
+
|
178
|
+
return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
|
179
|
+
end
|
180
|
+
|
181
|
+
return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
|
182
|
+
|
183
|
+
if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
|
184
|
+
token = token.to_i
|
185
|
+
other_token = other_token.to_i
|
186
|
+
end
|
187
|
+
|
188
|
+
token <=> other_token
|
189
|
+
end
|
78
190
|
end
|
79
191
|
end
|
80
192
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.278.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-09-
|
11
|
+
date: 2024-09-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.278.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.278.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -252,6 +252,7 @@ files:
|
|
252
252
|
- lib/dependabot/maven/file_updater/declaration_finder.rb
|
253
253
|
- lib/dependabot/maven/file_updater/property_value_updater.rb
|
254
254
|
- lib/dependabot/maven/metadata_finder.rb
|
255
|
+
- lib/dependabot/maven/new_version.rb
|
255
256
|
- lib/dependabot/maven/requirement.rb
|
256
257
|
- lib/dependabot/maven/token_bucket.rb
|
257
258
|
- lib/dependabot/maven/update_checker.rb
|
@@ -266,7 +267,7 @@ licenses:
|
|
266
267
|
- MIT
|
267
268
|
metadata:
|
268
269
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
269
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
270
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.278.0
|
270
271
|
post_install_message:
|
271
272
|
rdoc_options: []
|
272
273
|
require_paths:
|