dependabot-maven 0.278.0 → 0.279.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49f86ee20329548a1b6c5db7ce51674bb5679cbf364c793251703cd26af75beb
|
4
|
+
data.tar.gz: 64adcf33d3ef2cd9bc79902cbe03a8a6944598b2a9201f544277a9ee006ff942
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '098eb0589c26a03b7a237b25273314fc502a3fd8196c6d1b4a8dfbb0300f3fc1da47e27bd942720244d2d6b744bc05590f795a3b911a78330214b3e5cca89bae'
|
7
|
+
data.tar.gz: e6f21a7a1835d927900f2c64f5e615c1c7576d75979d1e5b18eb45948b0eec4141508066ce107e89150633de2afb9f2dac5d16bfcad87f060ae641e41ce98823
|
@@ -50,12 +50,8 @@ module Dependabot
|
|
50
50
|
attr_reader :properties_to_update
|
51
51
|
|
52
52
|
def update_requirement(req_string)
|
53
|
-
|
54
|
-
|
55
|
-
else
|
56
|
-
# Since range requirements are excluded this must be exact
|
57
|
-
update_exact_requirement(req_string)
|
58
|
-
end
|
53
|
+
# Since range requirements are excluded this must be exact
|
54
|
+
update_exact_requirement(req_string)
|
59
55
|
end
|
60
56
|
|
61
57
|
def update_exact_requirement(req_string)
|
@@ -64,16 +60,6 @@ module Dependabot
|
|
64
60
|
req_string.gsub(old_version.to_s, latest_version.to_s)
|
65
61
|
end
|
66
62
|
|
67
|
-
# This is really only a Gradle thing, but Gradle relies on this
|
68
|
-
# RequirementsUpdater too
|
69
|
-
def update_dynamic_requirement(req_string)
|
70
|
-
precision = req_string.split(".").take_while { |s| s != "+" }.count
|
71
|
-
|
72
|
-
version_parts = latest_version.segments.first(precision)
|
73
|
-
|
74
|
-
version_parts.join(".") + ".+"
|
75
|
-
end
|
76
|
-
|
77
63
|
def version_class
|
78
64
|
Maven::Version
|
79
65
|
end
|
@@ -1,192 +1,119 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: strict
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
require "dependabot/maven/version_parser"
|
4
5
|
require "dependabot/version"
|
5
6
|
require "dependabot/utils"
|
6
7
|
|
7
|
-
# Java versions use dots and dashes when tokenising their versions.
|
8
|
-
# Gem::Version converts a "-" to ".pre.", so we override the `to_s` method.
|
9
|
-
#
|
10
8
|
# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
|
11
9
|
|
12
10
|
module Dependabot
|
13
11
|
module Maven
|
14
12
|
class Version < Dependabot::Version
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
"snapshot" => 5, "dev" => 5,
|
27
|
-
"ga" => 6, "" => 6, "final" => 6,
|
28
|
-
"sp" => 7
|
29
|
-
}.freeze
|
13
|
+
extend T::Sig
|
14
|
+
extend T::Helpers
|
15
|
+
|
16
|
+
PRERELEASE_QUALIFIERS = T.let([
|
17
|
+
Dependabot::Maven::VersionParser::ALPHA,
|
18
|
+
Dependabot::Maven::VersionParser::BETA,
|
19
|
+
Dependabot::Maven::VersionParser::MILESTONE,
|
20
|
+
Dependabot::Maven::VersionParser::RC,
|
21
|
+
Dependabot::Maven::VersionParser::SNAPSHOT
|
22
|
+
].freeze, T::Array[Integer])
|
23
|
+
|
30
24
|
VERSION_PATTERN =
|
31
25
|
"[0-9a-zA-Z]+" \
|
32
26
|
'(?>\.[0-9a-zA-Z]*)*' \
|
33
27
|
'([_\-\+][0-9A-Za-z_-]*(\.[0-9A-Za-z_-]*)*)?'
|
34
|
-
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
35
28
|
|
29
|
+
sig { returns(Dependabot::Maven::TokenBucket) }
|
30
|
+
attr_accessor :token_bucket
|
31
|
+
|
32
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
36
33
|
def self.correct?(version)
|
37
|
-
return false if version.
|
34
|
+
return false if version.to_s.empty?
|
38
35
|
|
39
|
-
version.to_s.
|
36
|
+
Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
|
37
|
+
rescue ArgumentError
|
38
|
+
Dependabot.logger.info("Malformed version string #{version}")
|
39
|
+
false
|
40
40
|
end
|
41
41
|
|
42
|
+
sig { override.params(version: VersionParameter).void }
|
42
43
|
def initialize(version)
|
43
|
-
|
44
|
+
raise BadRequirementError, "Malformed version string - string is nil" if version.nil?
|
45
|
+
|
46
|
+
@version_string = T.let(version.to_s, String)
|
47
|
+
@token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version_string), Dependabot::Maven::TokenBucket)
|
44
48
|
super(version.to_s.tr("_", "-"))
|
45
49
|
end
|
46
50
|
|
51
|
+
sig { returns(String) }
|
47
52
|
def inspect
|
48
|
-
"#<#{self.class} #{
|
53
|
+
"#<#{self.class} #{version_string}>"
|
49
54
|
end
|
50
55
|
|
56
|
+
sig { returns(String) }
|
51
57
|
def to_s
|
52
|
-
|
58
|
+
version_string
|
53
59
|
end
|
54
60
|
|
61
|
+
sig { returns(T::Boolean) }
|
55
62
|
def prerelease?
|
56
|
-
|
57
|
-
|
58
|
-
next false unless NAMED_QUALIFIERS_HIERARCHY[token]
|
59
|
-
|
60
|
-
NAMED_QUALIFIERS_HIERARCHY[token] < 6
|
63
|
+
token_bucket.to_a.flatten.any? do |token|
|
64
|
+
token.is_a?(Integer) && token.negative?
|
61
65
|
end
|
62
66
|
end
|
63
67
|
|
68
|
+
sig { params(other: VersionParameter).returns(Integer) }
|
64
69
|
def <=>(other)
|
65
|
-
|
66
|
-
|
67
|
-
version = trim_version(version)
|
68
|
-
|
69
|
-
other_version = stringify_version(other)
|
70
|
-
other_version = fill_tokens(other_version)
|
71
|
-
other_version = trim_version(other_version)
|
72
|
-
|
73
|
-
version, other_version = convert_dates(version, other_version)
|
74
|
-
|
75
|
-
prefixed_tokens = split_into_prefixed_tokens(version)
|
76
|
-
other_prefixed_tokens = split_into_prefixed_tokens(other_version)
|
77
|
-
|
78
|
-
prefixed_tokens, other_prefixed_tokens =
|
79
|
-
pad_for_comparison(prefixed_tokens, other_prefixed_tokens)
|
80
|
-
|
81
|
-
prefixed_tokens.count.times.each do |index|
|
82
|
-
comp = compare_prefixed_token(
|
83
|
-
prefix: prefixed_tokens[index][0],
|
84
|
-
token: prefixed_tokens[index][1..-1] || "",
|
85
|
-
other_prefix: other_prefixed_tokens[index][0],
|
86
|
-
other_token: other_prefixed_tokens[index][1..-1] || ""
|
87
|
-
)
|
88
|
-
return comp unless comp.zero?
|
89
|
-
end
|
90
|
-
|
91
|
-
0
|
70
|
+
other = Dependabot::Maven::Version.new(other.to_s) unless other.is_a? Dependabot::Maven::Version
|
71
|
+
T.must(token_bucket <=> T.cast(other, Dependabot::Maven::Version).token_bucket)
|
92
72
|
end
|
93
73
|
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
begin
|
99
|
-
version = @version_string.to_s.downcase
|
100
|
-
version = fill_tokens(version)
|
101
|
-
version = trim_version(version)
|
102
|
-
split_into_prefixed_tokens(version).map { |t| t[1..-1] }
|
103
|
-
end
|
104
|
-
end
|
74
|
+
sig { override.returns(T::Array[String]) }
|
75
|
+
def ignored_patch_versions
|
76
|
+
parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
|
77
|
+
return [] if parts.empty? # for non-semver versions
|
105
78
|
|
106
|
-
|
107
|
-
|
79
|
+
version_parts = parts.fill("0", parts.length...2)
|
80
|
+
# the a0 is so we can get the next earliest prerelease patch version
|
81
|
+
upper_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a0"]
|
82
|
+
lower_bound = "> #{to_semver}"
|
83
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
108
84
|
|
109
|
-
#
|
110
|
-
version.gsub(/^v(?=\d)/, "")
|
85
|
+
["#{lower_bound}, #{upper_bound}"]
|
111
86
|
end
|
112
87
|
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
88
|
+
sig { override.returns(T::Array[String]) }
|
89
|
+
def ignored_minor_versions
|
90
|
+
parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
|
91
|
+
return [] if parts.empty? # for non-semver versions
|
117
92
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
93
|
+
version_parts = parts.fill("0", parts.length...2)
|
94
|
+
lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a0"]
|
95
|
+
upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] + ["a0"]
|
96
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
97
|
+
upper_bound = "< #{upper_parts.join('.')}"
|
123
98
|
|
124
|
-
|
125
|
-
version.split("-").filter_map do |v|
|
126
|
-
parts = v.split(".")
|
127
|
-
parts = parts[0..-2] while NULL_VALUES.include?(parts&.last)
|
128
|
-
parts&.join(".")
|
129
|
-
end.reject(&:empty?).join("-")
|
99
|
+
["#{lower_bound}, #{upper_bound}"]
|
130
100
|
end
|
131
101
|
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
return
|
102
|
+
sig { override.returns(T::Array[String]) }
|
103
|
+
def ignored_major_versions
|
104
|
+
version_parts = token_bucket.tokens # e.g [1,2,3] if version is 1.2.3-alpha3
|
105
|
+
return [] if version_parts.empty? # for non-semver versions
|
136
106
|
|
137
|
-
[
|
138
|
-
|
107
|
+
lower_parts = [version_parts[0].to_i + 1] + ["a0"] # earliest next major version prerelease
|
108
|
+
lower_bound = ">= #{lower_parts.join('.')}"
|
139
109
|
|
140
|
-
|
141
|
-
".#{version}".split(/(?=[\-\.\+])/)
|
110
|
+
[lower_bound]
|
142
111
|
end
|
143
112
|
|
144
|
-
|
145
|
-
prefixed_tokens = prefixed_tokens.dup
|
146
|
-
other_prefixed_tokens = other_prefixed_tokens.dup
|
147
|
-
|
148
|
-
longest = [prefixed_tokens, other_prefixed_tokens].max_by(&:count)
|
149
|
-
shortest = [prefixed_tokens, other_prefixed_tokens].min_by(&:count)
|
150
|
-
|
151
|
-
longest.count.times do |index|
|
152
|
-
next unless shortest[index].nil?
|
153
|
-
|
154
|
-
shortest[index] = longest[index].start_with?(".") ? ".0" : "-"
|
155
|
-
end
|
156
|
-
|
157
|
-
[prefixed_tokens, other_prefixed_tokens]
|
158
|
-
end
|
159
|
-
|
160
|
-
def compare_prefixed_token(prefix:, token:, other_prefix:, other_token:)
|
161
|
-
token_type = token.match?(/^\d+$/) ? :number : :qualifier
|
162
|
-
other_token_type = other_token.match?(/^\d+$/) ? :number : :qualifier
|
163
|
-
|
164
|
-
hierarchy = PREFIXED_TOKEN_HIERARCHY.fetch(prefix).fetch(token_type)
|
165
|
-
other_hierarchy =
|
166
|
-
PREFIXED_TOKEN_HIERARCHY.fetch(other_prefix).fetch(other_token_type)
|
167
|
-
|
168
|
-
hierarchy_comparison = hierarchy <=> other_hierarchy
|
169
|
-
return hierarchy_comparison unless hierarchy_comparison.zero?
|
170
|
-
|
171
|
-
compare_token(token: token, other_token: other_token)
|
172
|
-
end
|
173
|
-
|
174
|
-
def compare_token(token:, other_token:)
|
175
|
-
if (token_hierarchy = NAMED_QUALIFIERS_HIERARCHY[token])
|
176
|
-
return -1 unless NAMED_QUALIFIERS_HIERARCHY[other_token]
|
177
|
-
|
178
|
-
return token_hierarchy <=> NAMED_QUALIFIERS_HIERARCHY[other_token]
|
179
|
-
end
|
180
|
-
|
181
|
-
return 1 if NAMED_QUALIFIERS_HIERARCHY[other_token]
|
182
|
-
|
183
|
-
if token.match?(/\A\d+\z/) && other_token.match?(/\A\d+\z/)
|
184
|
-
token = token.to_i
|
185
|
-
other_token = other_token.to_i
|
186
|
-
end
|
113
|
+
private
|
187
114
|
|
188
|
-
|
189
|
-
|
115
|
+
sig { returns(String) }
|
116
|
+
attr_reader :version_string
|
190
117
|
end
|
191
118
|
end
|
192
119
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-maven
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.279.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-10-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.279.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.279.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -252,7 +252,6 @@ files:
|
|
252
252
|
- lib/dependabot/maven/file_updater/declaration_finder.rb
|
253
253
|
- lib/dependabot/maven/file_updater/property_value_updater.rb
|
254
254
|
- lib/dependabot/maven/metadata_finder.rb
|
255
|
-
- lib/dependabot/maven/new_version.rb
|
256
255
|
- lib/dependabot/maven/requirement.rb
|
257
256
|
- lib/dependabot/maven/token_bucket.rb
|
258
257
|
- lib/dependabot/maven/update_checker.rb
|
@@ -267,7 +266,7 @@ licenses:
|
|
267
266
|
- MIT
|
268
267
|
metadata:
|
269
268
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
270
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
269
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.279.0
|
271
270
|
post_install_message:
|
272
271
|
rdoc_options: []
|
273
272
|
require_paths:
|
@@ -1,71 +0,0 @@
|
|
1
|
-
# typed: strict
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require "dependabot/maven/version_parser"
|
5
|
-
require "dependabot/version"
|
6
|
-
require "dependabot/utils"
|
7
|
-
|
8
|
-
# See https://maven.apache.org/pom.html#Version_Order_Specification for details.
|
9
|
-
|
10
|
-
module Dependabot
|
11
|
-
module Maven
|
12
|
-
class NewVersion
|
13
|
-
extend T::Sig
|
14
|
-
extend T::Helpers
|
15
|
-
|
16
|
-
PRERELEASE_QUALIFIERS = T.let([
|
17
|
-
Dependabot::Maven::VersionParser::ALPHA,
|
18
|
-
Dependabot::Maven::VersionParser::BETA,
|
19
|
-
Dependabot::Maven::VersionParser::MILESTONE,
|
20
|
-
Dependabot::Maven::VersionParser::RC,
|
21
|
-
Dependabot::Maven::VersionParser::SNAPSHOT
|
22
|
-
].freeze, T::Array[Integer])
|
23
|
-
|
24
|
-
sig { returns(Dependabot::Maven::TokenBucket) }
|
25
|
-
attr_accessor :token_bucket
|
26
|
-
|
27
|
-
sig { params(version: String).returns(T::Boolean) }
|
28
|
-
def self.correct?(version)
|
29
|
-
return false if version.empty?
|
30
|
-
|
31
|
-
Dependabot::Maven::VersionParser.parse(version.to_s).to_a.any?
|
32
|
-
rescue Dependabot::BadRequirementError
|
33
|
-
Dependabot.logger.info("Malformed version string - #{version}")
|
34
|
-
false
|
35
|
-
end
|
36
|
-
|
37
|
-
sig { params(version: String).void }
|
38
|
-
def initialize(version)
|
39
|
-
@version_string = T.let(version, String)
|
40
|
-
@token_bucket = T.let(Dependabot::Maven::VersionParser.parse(version), Dependabot::Maven::TokenBucket)
|
41
|
-
end
|
42
|
-
|
43
|
-
sig { returns(String) }
|
44
|
-
def inspect
|
45
|
-
"#<#{self.class} #{version_string}>"
|
46
|
-
end
|
47
|
-
|
48
|
-
sig { returns(String) }
|
49
|
-
def to_s
|
50
|
-
version_string
|
51
|
-
end
|
52
|
-
|
53
|
-
sig { returns(T::Boolean) }
|
54
|
-
def prerelease?
|
55
|
-
token_bucket.to_a.flatten.any? do |token|
|
56
|
-
token.is_a?(Integer) && token.negative?
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
sig { params(other: ::Dependabot::Maven::NewVersion).returns(Integer) }
|
61
|
-
def <=>(other)
|
62
|
-
T.must(token_bucket <=> other.token_bucket)
|
63
|
-
end
|
64
|
-
|
65
|
-
private
|
66
|
-
|
67
|
-
sig { returns(String) }
|
68
|
-
attr_reader :version_string
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|