dependabot-maven 0.278.0 → 0.280.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d73dfbfce3413f3d179bf73f68859d6dad38f3f25edfdda6326c3968f40cdddc
4
- data.tar.gz: 78defdf21de9734aadb0885c6aa1d44ba5fff411ce02bd0566612332c6a7ba94
3
+ metadata.gz: 669e3997e249e8535406a9d5d9e0c7acde26c6b44f2d8ee0b56ef7b6bc731147
4
+ data.tar.gz: 448771065c86241d417f1a62ed0e35192c3c3fe217f3ff748d668b82dbf2a557
5
5
  SHA512:
6
- metadata.gz: c7bf8160553aa4585f8cca47812067fb364bb659f05ac56ccfc257c68e50778bf8cf9871c951b0d791bb4062ae164fa452de02da4a44ba7b21b28b0ce470cac5
7
- data.tar.gz: fdfbc1d3c0d84fa6d760034e14b6defa7d2c224f0f49e6668370265d8f3a6ce031f5b43791359d899548a69a0ec9ecf7ac64c04c3fdcff326de25f71c7734c59
6
+ metadata.gz: e73590f9ac4791ab3a853fab6eadda290aea9f4749e4d5cee786c95257d85d781d74fbf1d662e0b9095e1dce69f18d30f37e806db60bdaf5df0ffaa74f7ebb99
7
+ data.tar.gz: 7e13ff18fd4fcbe3127d4cf6740537f076dd571bbcd87b14eeb8c726bf568f29a7f1f0a11779b232f9cc0702d0d9bd327bd7cc113876050317d9d190760eadae
@@ -50,12 +50,8 @@ module Dependabot
50
50
  attr_reader :properties_to_update
51
51
 
52
52
  def update_requirement(req_string)
53
- if req_string.include?(".+")
54
- update_dynamic_requirement(req_string)
55
- else
56
- # Since range requirements are excluded this must be exact
57
- update_exact_requirement(req_string)
58
- end
53
+ # Since range requirements are excluded this must be exact
54
+ update_exact_requirement(req_string)
59
55
  end
60
56
 
61
57
  def update_exact_requirement(req_string)
@@ -64,16 +60,6 @@ module Dependabot
64
60
  req_string.gsub(old_version.to_s, latest_version.to_s)
65
61
  end
66
62
 
67
- # This is really only a Gradle thing, but Gradle relies on this
68
- # RequirementsUpdater too
69
- def update_dynamic_requirement(req_string)
70
- precision = req_string.split(".").take_while { |s| s != "+" }.count
71
-
72
- version_parts = latest_version.segments.first(precision)
73
-
74
- version_parts.join(".") + ".+"
75
- end
76
-
77
63
  def version_class
78
64
  Maven::Version
79
65
  end
@@ -1,192 +1,119 @@
1
- # typed: true
1
+ # typed: strict
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "dependabot/maven/version_parser"
4
5
  require "dependabot/version"
5
6
  require "dependabot/utils"
6
7
 
7
- # Java versions use dots and dashes when tokenising their versions.
8
- # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
9
- #
10
8
  # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
11
9
 
12
10
  module Dependabot
13
11
  module Maven
14
12
  class Version < Dependabot::Version
15
- NULL_VALUES = %w(0 final ga).freeze
16
- PREFIXED_TOKEN_HIERARCHY = {
17
- "." => { qualifier: 1, number: 4 },
18
- "-" => { qualifier: 2, number: 3 },
19
- "+" => { qualifier: 3, number: 2 }
20
- }.freeze
21
- NAMED_QUALIFIERS_HIERARCHY = {
22
- "a" => 1, "alpha" => 1,
23
- "b" => 2, "beta" => 2,
24
- "m" => 3, "milestone" => 3,
25
- "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
26
- "snapshot" => 5, "dev" => 5,
27
- "ga" => 6, "" => 6, "final" => 6,
28
- "sp" => 7
29
- }.freeze
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
16
+ PRERELEASE_QUALIFIERS = T.let([
17
+ Dependabot::Maven::VersionParser::ALPHA,
18
+ Dependabot::Maven::VersionParser::BETA,
19
+ Dependabot::Maven::VersionParser::MILESTONE,
20
+ Dependabot::Maven::VersionParser::RC,
21
+ Dependabot::Maven::VersionParser::SNAPSHOT
22
+ ].freeze, T::Array[Integer])
23
+
30
24
  VERSION_PATTERN =
31
25
  "[0-9a-zA-Z]+" \
32
26
  '(?>\.[0-9a-zA-Z]*)*' \
33
27
  '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
34
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
35
28
 
29
+ sig { returns(Dependabot::Maven::TokenBucket) }
30
+ attr_accessor :token_bucket
31
+
32
+ sig { override.params(version: VersionParameter).returns(T::Boolean) }
36
33
  def self.correct?(version)
37
- return false if version.nil?
34
+ return false if version.to_s.empty?
38
35
 
39
- version.to_s.match?(ANCHORED_VERSION_PATTERN)
36
+ Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
37
+ rescue ArgumentError
38
+ Dependabot.logger.info("Malformed version string #{version}")
39
+ false
40
40
  end
41
41
 
42
+ sig { override.params(version: VersionParameter).void }
42
43
  def initialize(version)
43
- @version_string = version.to_s
44
+ raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
45
+
46
+ @version_string = T.let(version.to_s, String)
47
+ @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
44
48
  super(version.to_s.tr("_", "-"))
45
49
  end
46
50
 
51
+ sig { returns(String) }
47
52
  def inspect
48
- "#<#{self.class} #{@version_string}>"
53
+ "#<#{self.class} #{version_string}>"
49
54
  end
50
55
 
56
+ sig { returns(String) }
51
57
  def to_s
52
- @version_string
58
+ version_string
53
59
  end
54
60
 
61
+ sig { returns(T::Boolean) }
55
62
  def prerelease?
56
- tokens.any? do |token|
57
- next true if token == "eap"
58
- next false unless NAMED_QUALIFIERS_HIERARCHY[token]
59
-
60
- NAMED_QUALIFIERS_HIERARCHY[token] < 6
63
+ token_bucket.to_a.flatten.any? do |token|
64
+ token.is_a?(Integer) && token.negative?
61
65
  end
62
66
  end
63
67
 
68
+ sig { params(other: VersionParameter).returns(Integer) }
64
69
  def <=>(other)
65
- version = stringify_version(@version_string)
66
- version = fill_tokens(version)
67
- version = trim_version(version)
68
-
69
- other_version = stringify_version(other)
70
- other_version = fill_tokens(other_version)
71
- other_version = trim_version(other_version)
72
-
73
- version, other_version = convert_dates(version, other_version)
74
-
75
- prefixed_tokens = split_into_prefixed_tokens(version)
76
- other_prefixed_tokens = split_into_prefixed_tokens(other_version)
77
-
78
- prefixed_tokens, other_prefixed_tokens =
79
- pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
80
-
81
- prefixed_tokens.count.times.each do |index|
82
- comp = compare_prefixed_token(
83
- prefix: prefixed_tokens[index][0],
84
- token: prefixed_tokens[index][1..-1] || "",
85
- other_prefix: other_prefixed_tokens[index][0],
86
- other_token: other_prefixed_tokens[index][1..-1] || ""
87
- )
88
- return comp unless comp.zero?
89
- end
90
-
91
- 0
70
+ other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
71
+ T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
92
72
  end
93
73
 
94
- private
95
-
96
- def tokens
97
- @tokens ||=
98
- begin
99
- version = @version_string.to_s.downcase
100
- version = fill_tokens(version)
101
- version = trim_version(version)
102
- split_into_prefixed_tokens(version).map { |t| t[1..-1] }
103
- end
104
- end
74
+ sig { override.returns(T::Array[String]) }
75
+ def ignored_patch_versions
76
+ parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
77
+ return [] if parts.empty? # for non-semver versions
105
78
 
106
- def stringify_version(version)
107
- version = version.to_s.downcase
79
+ version_parts = parts.fill("0", parts.length...2)
80
+ # the a0 is so we can get the next earliest prerelease patch version
81
+ upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a0"]
82
+ lower_bound = "> #{to_semver}"
83
+ upper_bound = "< #{upper_parts.join('.')}"
108
84
 
109
- # Not technically correct, but pragmatic
110
- version.gsub(/^v(?=\d)/, "")
85
+ ["#{lower_bound}, #{upper_bound}"]
111
86
  end
112
87
 
113
- def fill_tokens(version)
114
- # Add separators when transitioning from digits to characters
115
- version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
116
- version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
88
+ sig { override.returns(T::Array[String]) }
89
+ def ignored_minor_versions
90
+ parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
91
+ return [] if parts.empty? # for non-semver versions
117
92
 
118
- # Replace empty tokens with 0
119
- version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
120
- version = version.gsub(/^([\.\-])/, '0\1')
121
- version.gsub(/([\.\-])$/, '\10')
122
- end
93
+ version_parts = parts.fill("0", parts.length...2)
94
+ lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a0"]
95
+ upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] + ["a0"]
96
+ lower_bound = ">= #{lower_parts.join('.')}"
97
+ upper_bound = "< #{upper_parts.join('.')}"
123
98
 
124
- def trim_version(version)
125
- version.split("-").filter_map do |v|
126
- parts = v.split(".")
127
- parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
128
- parts&.join(".")
129
- end.reject(&:empty?).join("-")
99
+ ["#{lower_bound}, #{upper_bound}"]
130
100
  end
131
101
 
132
- def convert_dates(version, other_version)
133
- default = [version, other_version]
134
- return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
135
- return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
102
+ sig { override.returns(T::Array[String]) }
103
+ def ignored_major_versions
104
+ version_parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
105
+ return [] if version_parts.empty? # for non-semver versions
136
106
 
137
- [version.delete("-"), other_version.delete("-")]
138
- end
107
+ lower_parts = [version_parts[0].to_i + 1] + ["a0"] # earliest next major version prerelease
108
+ lower_bound = ">= #{lower_parts.join('.')}"
139
109
 
140
- def split_into_prefixed_tokens(version)
141
- ".#{version}".split(/(?=[\-\.\+])/)
110
+ [lower_bound]
142
111
  end
143
112
 
144
- def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
145
- prefixed_tokens = prefixed_tokens.dup
146
- other_prefixed_tokens = other_prefixed_tokens.dup
147
-
148
- longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
149
- shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
150
-
151
- longest.count.times do |index|
152
- next unless shortest[index].nil?
153
-
154
- shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
155
- end
156
-
157
- [prefixed_tokens, other_prefixed_tokens]
158
- end
159
-
160
- def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
161
- token_type = token.match?(/^\d+$/) ? :number : :qualifier
162
- other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
163
-
164
- hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
165
- other_hierarchy =
166
- PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
167
-
168
- hierarchy_comparison = hierarchy <=> other_hierarchy
169
- return hierarchy_comparison unless hierarchy_comparison.zero?
170
-
171
- compare_token(token: token, other_token: other_token)
172
- end
173
-
174
- def compare_token(token:, other_token:)
175
- if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
176
- return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
177
-
178
- return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
179
- end
180
-
181
- return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
182
-
183
- if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
184
- token = token.to_i
185
- other_token = other_token.to_i
186
- end
113
+ private
187
114
 
188
- token <=> other_token
189
- end
115
+ sig { returns(String) }
116
+ attr_reader :version_string
190
117
  end
191
118
  end
192
119
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.278.0
4
+ version: 0.280.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-26 00:00:00.000000000 Z
11
+ date: 2024-10-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.278.0
19
+ version: 0.280.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.278.0
26
+ version: 0.280.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.8.1
159
+ version: 0.8.5
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.8.1
166
+ version: 0.8.5
167
167
  - !ruby/object:Gem::Dependency
168
168
  name: simplecov
169
169
  requirement: !ruby/object:Gem::Requirement
@@ -252,7 +252,6 @@ files:
252
252
  - lib/dependabot/maven/file_updater/declaration_finder.rb
253
253
  - lib/dependabot/maven/file_updater/property_value_updater.rb
254
254
  - lib/dependabot/maven/metadata_finder.rb
255
- - lib/dependabot/maven/new_version.rb
256
255
  - lib/dependabot/maven/requirement.rb
257
256
  - lib/dependabot/maven/token_bucket.rb
258
257
  - lib/dependabot/maven/update_checker.rb
@@ -267,8 +266,8 @@ licenses:
267
266
  - MIT
268
267
  metadata:
269
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
270
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.278.0
271
- post_install_message:
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.280.0
270
+ post_install_message:
272
271
  rdoc_options: []
273
272
  require_paths:
274
273
  - lib
@@ -284,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
283
  version: 3.1.0
285
284
  requirements: []
286
285
  rubygems_version: 3.5.9
287
- signing_key:
286
+ signing_key:
288
287
  specification_version: 4
289
288
  summary: Provides Dependabot support for Maven
290
289
  test_files: []
@@ -1,71 +0,0 @@
1
- # typed: strict
2
- # frozen_string_literal: true
3
-
4
- require "dependabot/maven/version_parser"
5
- require "dependabot/version"
6
- require "dependabot/utils"
7
-
8
- # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
9
-
10
- module Dependabot
11
- module Maven
12
- class NewVersion
13
- extend T::Sig
14
- extend T::Helpers
15
-
16
- PRERELEASE_QUALIFIERS = T.let([
17
- Dependabot::Maven::VersionParser::ALPHA,
18
- Dependabot::Maven::VersionParser::BETA,
19
- Dependabot::Maven::VersionParser::MILESTONE,
20
- Dependabot::Maven::VersionParser::RC,
21
- Dependabot::Maven::VersionParser::SNAPSHOT
22
- ].freeze, T::Array[Integer])
23
-
24
- sig { returns(Dependabot::Maven::TokenBucket) }
25
- attr_accessor :token_bucket
26
-
27
- sig { params(version: String).returns(T::Boolean) }
28
- def self.correct?(version)
29
- return false if version.empty?
30
-
31
- Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
32
- rescue Dependabot::BadRequirementError
33
- Dependabot.logger.info("Malformed version string - #{version}")
34
- false
35
- end
36
-
37
- sig { params(version: String).void }
38
- def initialize(version)
39
- @version_string = T.let(version, String)
40
- @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
41
- end
42
-
43
- sig { returns(String) }
44
- def inspect
45
- "#<#{self.class} #{version_string}>"
46
- end
47
-
48
- sig { returns(String) }
49
- def to_s
50
- version_string
51
- end
52
-
53
- sig { returns(T::Boolean) }
54
- def prerelease?
55
- token_bucket.to_a.flatten.any? do |token|
56
- token.is_a?(Integer) && token.negative?
57
- end
58
- end
59
-
60
- sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
61
- def <=>(other)
62
- T.must(token_bucket <=> other.token_bucket)
63
- end
64
-
65
- private
66
-
67
- sig { returns(String) }
68
- attr_reader :version_string
69
- end
70
- end
71
- end