dependabot-maven 0.276.0 → 0.277.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ad6e39551492801502e013e8934b584d2357fb63ce8dcbac1d8595ae97ace06b
4
- data.tar.gz: 5e7bf11324be13067df5081d825aa1072da1daec535a222bed3caa0a12e2d5d5
3
+ metadata.gz: b3b46b76c0fbe2d331eb9b4873f9a93be3f6da7d185dc0de6bcc92fdc36c9698
4
+ data.tar.gz: d726485be24fe3c8f850507acbb568326cc8ddae4d523144f2ef83624091d647
5
5
  SHA512:
6
- metadata.gz: df458c686885588e4751a45edc95b4559638752ade6cca6c89d67da4d5444e0311e55ed1615a78fcd1d66c63ea77efa92bcce6f923c85d48cbec2d3aec525945
7
- data.tar.gz: 7615212cdd6ded48a8c62da5ba1f6d01d5f158bafb6ce6a229f41063dabd22903c86d3029a50e78833505ba4a17d655d24fea4c4f71f17b13a68d50825edbf11
6
+ metadata.gz: 31cc6c13dcb2a7136accb3ae9e24a05c70d8d3b19f13d6349a6c9611512342713b423955aa8b7d56321bc59d8e06623dfe786f57e08333b07aabffa6ef004f32
7
+ data.tar.gz: ea83d05638026cf5dde1bc518086cf4d469451139b3716baa3e365993d7e825ef2d0d4803de4bde37fad78fbb17c63535fabae0e22169727c3c575d2e4c1465b
@@ -0,0 +1,71 @@
1
+ # typed: strict
2
+ # frozen_string_literal: true
3
+
4
+ require "dependabot/maven/version_parser"
5
+ require "dependabot/version"
6
+ require "dependabot/utils"
7
+
8
+ # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
9
+
10
+ module Dependabot
11
+ module Maven
12
+ class NewVersion
13
+ extend T::Sig
14
+ extend T::Helpers
15
+
16
+ PRERELEASE_QUALIFIERS = T.let([
17
+ Dependabot::Maven::VersionParser::ALPHA,
18
+ Dependabot::Maven::VersionParser::BETA,
19
+ Dependabot::Maven::VersionParser::MILESTONE,
20
+ Dependabot::Maven::VersionParser::RC,
21
+ Dependabot::Maven::VersionParser::SNAPSHOT
22
+ ].freeze, T::Array[Integer])
23
+
24
+ sig { returns(Dependabot::Maven::TokenBucket) }
25
+ attr_accessor :token_bucket
26
+
27
+ sig { params(version: String).returns(T::Boolean) }
28
+ def self.correct?(version)
29
+ return false if version.empty?
30
+
31
+ Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
32
+ rescue Dependabot::BadRequirementError
33
+ Dependabot.logger.info("Malformed version string - #{version}")
34
+ false
35
+ end
36
+
37
+ sig { params(version: String).void }
38
+ def initialize(version)
39
+ @version_string = T.let(version, String)
40
+ @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
41
+ end
42
+
43
+ sig { returns(String) }
44
+ def inspect
45
+ "#<#{self.class} #{version_string}>"
46
+ end
47
+
48
+ sig { returns(String) }
49
+ def to_s
50
+ version_string
51
+ end
52
+
53
+ sig { returns(T::Boolean) }
54
+ def prerelease?
55
+ token_bucket.to_a.flatten.any? do |token|
56
+ token.is_a?(Integer) && token.negative?
57
+ end
58
+ end
59
+
60
+ sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
61
+ def <=>(other)
62
+ T.must(token_bucket <=> other.token_bucket)
63
+ end
64
+
65
+ private
66
+
67
+ sig { returns(String) }
68
+ attr_reader :version_string
69
+ end
70
+ end
71
+ end
@@ -50,8 +50,12 @@ module Dependabot
50
50
  attr_reader :properties_to_update
51
51
 
52
52
  def update_requirement(req_string)
53
- # Since range requirements are excluded this must be exact
54
- update_exact_requirement(req_string)
53
+ if req_string.include?(".+")
54
+ update_dynamic_requirement(req_string)
55
+ else
56
+ # Since range requirements are excluded this must be exact
57
+ update_exact_requirement(req_string)
58
+ end
55
59
  end
56
60
 
57
61
  def update_exact_requirement(req_string)
@@ -60,6 +64,16 @@ module Dependabot
60
64
  req_string.gsub(old_version.to_s, latest_version.to_s)
61
65
  end
62
66
 
67
+ # This is really only a Gradle thing, but Gradle relies on this
68
+ # RequirementsUpdater too
69
+ def update_dynamic_requirement(req_string)
70
+ precision = req_string.split(".").take_while { |s| s != "+" }.count
71
+
72
+ version_parts = latest_version.segments.first(precision)
73
+
74
+ version_parts.join(".") + ".+"
75
+ end
76
+
63
77
  def version_class
64
78
  Maven::Version
65
79
  end
@@ -1,80 +1,192 @@
1
- # typed: strict
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
- require "dependabot/maven/version_parser"
5
4
  require "dependabot/version"
6
5
  require "dependabot/utils"
7
6
 
7
+ # Java versions use dots and dashes when tokenising their versions.
8
+ # Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
9
+ #
8
10
  # See https://maven.apache.org/pom.html#Version_Order_Specification for details.
9
11
 
10
12
  module Dependabot
11
13
  module Maven
12
14
  class Version < Dependabot::Version
13
- extend T::Sig
14
- extend T::Helpers
15
-
16
- PRERELEASE_QUALIFIERS = T.let([
17
- Dependabot::Maven::VersionParser::ALPHA,
18
- Dependabot::Maven::VersionParser::BETA,
19
- Dependabot::Maven::VersionParser::MILESTONE,
20
- Dependabot::Maven::VersionParser::RC,
21
- Dependabot::Maven::VersionParser::SNAPSHOT
22
- ].freeze, T::Array[Integer])
23
-
15
+ NULL_VALUES = %w(0 final ga).freeze
16
+ PREFIXED_TOKEN_HIERARCHY = {
17
+ "." => { qualifier: 1, number: 4 },
18
+ "-" => { qualifier: 2, number: 3 },
19
+ "+" => { qualifier: 3, number: 2 }
20
+ }.freeze
21
+ NAMED_QUALIFIERS_HIERARCHY = {
22
+ "a" => 1, "alpha" => 1,
23
+ "b" => 2, "beta" => 2,
24
+ "m" => 3, "milestone" => 3,
25
+ "rc" => 4, "cr" => 4, "pr" => 4, "pre" => 4,
26
+ "snapshot" => 5, "dev" => 5,
27
+ "ga" => 6, "" => 6, "final" => 6,
28
+ "sp" => 7
29
+ }.freeze
24
30
  VERSION_PATTERN =
25
31
  "[0-9a-zA-Z]+" \
26
32
  '(?>\.[0-9a-zA-Z]*)*' \
27
33
  '([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
34
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
28
35
 
29
- sig { returns(Dependabot::Maven::TokenBucket) }
30
- attr_accessor :token_bucket
31
-
32
- sig { override.params(version: VersionParameter).returns(T::Boolean) }
33
36
  def self.correct?(version)
34
- return false if version.to_s.empty?
37
+ return false if version.nil?
35
38
 
36
- Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
37
- rescue ArgumentError
38
- Dependabot.logger.info("Malformed version string #{version}")
39
- false
39
+ version.to_s.match?(ANCHORED_VERSION_PATTERN)
40
40
  end
41
41
 
42
- sig { override.params(version: VersionParameter).void }
43
42
  def initialize(version)
44
- raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
45
-
46
- @version_string = T.let(version.to_s, String)
47
- @token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
43
+ @version_string = version.to_s
48
44
  super(version.to_s.tr("_", "-"))
49
45
  end
50
46
 
51
- sig { returns(String) }
52
47
  def inspect
53
- "#<#{self.class} #{version_string}>"
48
+ "#<#{self.class} #{@version_string}>"
54
49
  end
55
50
 
56
- sig { returns(String) }
57
51
  def to_s
58
- version_string
52
+ @version_string
59
53
  end
60
54
 
61
- sig { returns(T::Boolean) }
62
55
  def prerelease?
63
- token_bucket.to_a.flatten.any? do |token|
64
- token.is_a?(Integer) && token.negative?
56
+ tokens.any? do |token|
57
+ next true if token == "eap"
58
+ next false unless NAMED_QUALIFIERS_HIERARCHY[token]
59
+
60
+ NAMED_QUALIFIERS_HIERARCHY[token] < 6
65
61
  end
66
62
  end
67
63
 
68
- sig { params(other: VersionParameter).returns(Integer) }
69
64
  def <=>(other)
70
- other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
71
- T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
65
+ version = stringify_version(@version_string)
66
+ version = fill_tokens(version)
67
+ version = trim_version(version)
68
+
69
+ other_version = stringify_version(other)
70
+ other_version = fill_tokens(other_version)
71
+ other_version = trim_version(other_version)
72
+
73
+ version, other_version = convert_dates(version, other_version)
74
+
75
+ prefixed_tokens = split_into_prefixed_tokens(version)
76
+ other_prefixed_tokens = split_into_prefixed_tokens(other_version)
77
+
78
+ prefixed_tokens, other_prefixed_tokens =
79
+ pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
80
+
81
+ prefixed_tokens.count.times.each do |index|
82
+ comp = compare_prefixed_token(
83
+ prefix: prefixed_tokens[index][0],
84
+ token: prefixed_tokens[index][1..-1] || "",
85
+ other_prefix: other_prefixed_tokens[index][0],
86
+ other_token: other_prefixed_tokens[index][1..-1] || ""
87
+ )
88
+ return comp unless comp.zero?
89
+ end
90
+
91
+ 0
72
92
  end
73
93
 
74
94
  private
75
95
 
76
- sig { returns(String) }
77
- attr_reader :version_string
96
+ def tokens
97
+ @tokens ||=
98
+ begin
99
+ version = @version_string.to_s.downcase
100
+ version = fill_tokens(version)
101
+ version = trim_version(version)
102
+ split_into_prefixed_tokens(version).map { |t| t[1..-1] }
103
+ end
104
+ end
105
+
106
+ def stringify_version(version)
107
+ version = version.to_s.downcase
108
+
109
+ # Not technically correct, but pragmatic
110
+ version.gsub(/^v(?=\d)/, "")
111
+ end
112
+
113
+ def fill_tokens(version)
114
+ # Add separators when transitioning from digits to characters
115
+ version = version.gsub(/(\d)([A-Za-z])/, '\1-\2')
116
+ version = version.gsub(/([A-Za-z])(\d)/, '\1-\2')
117
+
118
+ # Replace empty tokens with 0
119
+ version = version.gsub(/([\.\-])([\.\-])/, '\10\2')
120
+ version = version.gsub(/^([\.\-])/, '0\1')
121
+ version.gsub(/([\.\-])$/, '\10')
122
+ end
123
+
124
+ def trim_version(version)
125
+ version.split("-").filter_map do |v|
126
+ parts = v.split(".")
127
+ parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
128
+ parts&.join(".")
129
+ end.reject(&:empty?).join("-")
130
+ end
131
+
132
+ def convert_dates(version, other_version)
133
+ default = [version, other_version]
134
+ return default unless version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
135
+ return default unless other_version.match?(/^\d{4}-?\d{2}-?\d{2}$/)
136
+
137
+ [version.delete("-"), other_version.delete("-")]
138
+ end
139
+
140
+ def split_into_prefixed_tokens(version)
141
+ ".#{version}".split(/(?=[\-\.\+])/)
142
+ end
143
+
144
+ def pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
145
+ prefixed_tokens = prefixed_tokens.dup
146
+ other_prefixed_tokens = other_prefixed_tokens.dup
147
+
148
+ longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
149
+ shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
150
+
151
+ longest.count.times do |index|
152
+ next unless shortest[index].nil?
153
+
154
+ shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
155
+ end
156
+
157
+ [prefixed_tokens, other_prefixed_tokens]
158
+ end
159
+
160
+ def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
161
+ token_type = token.match?(/^\d+$/) ? :number : :qualifier
162
+ other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
163
+
164
+ hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
165
+ other_hierarchy =
166
+ PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
167
+
168
+ hierarchy_comparison = hierarchy <=> other_hierarchy
169
+ return hierarchy_comparison unless hierarchy_comparison.zero?
170
+
171
+ compare_token(token: token, other_token: other_token)
172
+ end
173
+
174
+ def compare_token(token:, other_token:)
175
+ if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
176
+ return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
177
+
178
+ return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
179
+ end
180
+
181
+ return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
182
+
183
+ if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
184
+ token = token.to_i
185
+ other_token = other_token.to_i
186
+ end
187
+
188
+ token <=> other_token
189
+ end
78
190
  end
79
191
  end
80
192
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-maven
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.276.0
4
+ version: 0.277.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-19 00:00:00.000000000 Z
11
+ date: 2024-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.276.0
19
+ version: 0.277.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.276.0
26
+ version: 0.277.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -252,6 +252,7 @@ files:
252
252
  - lib/dependabot/maven/file_updater/declaration_finder.rb
253
253
  - lib/dependabot/maven/file_updater/property_value_updater.rb
254
254
  - lib/dependabot/maven/metadata_finder.rb
255
+ - lib/dependabot/maven/new_version.rb
255
256
  - lib/dependabot/maven/requirement.rb
256
257
  - lib/dependabot/maven/token_bucket.rb
257
258
  - lib/dependabot/maven/update_checker.rb
@@ -266,7 +267,7 @@ licenses:
266
267
  - MIT
267
268
  metadata:
268
269
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
269
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0
270
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.277.0
270
271
  post_install_message:
271
272
  rdoc_options: []
272
273
  require_paths: