dependabot-maven 0.374.0 → 0.375.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 776842dd7dfc634e7b49362b8fd1d91bb8e8bd89552a6bd7e691258e5b69f04d
|
|
4
|
+
data.tar.gz: 59e345219811845c9e868da85f474e1d8cb32b21ed3d6f3210ee051233cdea2b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a91dd63188f7a0d7470e60d14a1c164a7ee36e5676a32d03d09dc2a73b191a1f123537a6bc6597b228ac9921f165474f1df091526aabe6a6c82965b1b5f2d460
|
|
7
|
+
data.tar.gz: d333fc34854b5546764f994d71fe6edc72e3224b5b12d5dc38bdf1bdd28d780cbffedcbb23ac1ff649bc5c7bf77b06e944cca045a360a93a9ac4623d2e58809c
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
# frozen_string_literal: true
|
|
3
|
+
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
require "dependabot/maven/shared/shared_version_finder"
|
|
6
|
+
|
|
7
|
+
module Dependabot
|
|
8
|
+
module Maven
|
|
9
|
+
module Shared
|
|
10
|
+
# Intermediate class for ecosystems (Maven, SBT) that use a package_details-based
|
|
11
|
+
# release pipeline with HEAD-check verification. Gradle uses its own filter chain
|
|
12
|
+
# and inherits directly from SharedVersionFinder.
|
|
13
|
+
class BaseVersionFinder < SharedVersionFinder
|
|
14
|
+
extend T::Sig
|
|
15
|
+
extend T::Helpers
|
|
16
|
+
|
|
17
|
+
abstract!
|
|
18
|
+
|
|
19
|
+
sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
|
|
20
|
+
def releases
|
|
21
|
+
(package_details&.releases || []).reverse
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
|
|
25
|
+
def latest_version_details
|
|
26
|
+
release = fetch_latest_release
|
|
27
|
+
release&.version ? { version: release.version, source_url: release.url } : nil
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
|
|
31
|
+
def lowest_security_fix_version_details
|
|
32
|
+
release = fetch_lowest_security_fix_release
|
|
33
|
+
release&.version ? { version: release.version, source_url: release.url } : nil
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
protected
|
|
37
|
+
|
|
38
|
+
sig do
|
|
39
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
40
|
+
.returns(T.nilable(Dependabot::Version))
|
|
41
|
+
end
|
|
42
|
+
def fetch_latest_version(language_version: nil)
|
|
43
|
+
fetch_latest_release(language_version: language_version)&.version
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
sig do
|
|
47
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
48
|
+
.returns(T.nilable(Dependabot::Version))
|
|
49
|
+
end
|
|
50
|
+
def fetch_latest_version_with_no_unlock(language_version:)
|
|
51
|
+
fetch_latest_release(language_version: language_version)&.version
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
sig do
|
|
55
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
56
|
+
.returns(T.nilable(Dependabot::Version))
|
|
57
|
+
end
|
|
58
|
+
def fetch_lowest_security_fix_version(language_version: nil)
|
|
59
|
+
fetch_lowest_security_fix_release(language_version: language_version)&.version
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
sig do
|
|
63
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
64
|
+
.returns(T.nilable(Dependabot::Package::PackageRelease))
|
|
65
|
+
end
|
|
66
|
+
def fetch_latest_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
|
|
67
|
+
possible_releases = filter_prerelease_versions(releases)
|
|
68
|
+
possible_releases = filter_date_based_versions(possible_releases)
|
|
69
|
+
possible_releases = filter_version_types(possible_releases)
|
|
70
|
+
possible_releases = filter_ignored_versions(possible_releases)
|
|
71
|
+
possible_releases = filter_by_cooldown(possible_releases)
|
|
72
|
+
possible_releases_reverse = possible_releases.reverse
|
|
73
|
+
|
|
74
|
+
possible_releases_reverse.find do |r|
|
|
75
|
+
released?(r.version)
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
sig do
|
|
80
|
+
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
81
|
+
.returns(T.nilable(Dependabot::Package::PackageRelease))
|
|
82
|
+
end
|
|
83
|
+
def fetch_lowest_security_fix_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
|
|
84
|
+
possible_releases = filter_prerelease_versions(releases)
|
|
85
|
+
possible_releases = filter_date_based_versions(possible_releases)
|
|
86
|
+
possible_releases = filter_version_types(possible_releases)
|
|
87
|
+
possible_releases = Dependabot::UpdateCheckers::VersionFilters
|
|
88
|
+
.filter_vulnerable_versions(
|
|
89
|
+
possible_releases,
|
|
90
|
+
security_advisories
|
|
91
|
+
)
|
|
92
|
+
possible_releases = filter_ignored_versions(possible_releases)
|
|
93
|
+
possible_releases = filter_lower_versions(possible_releases)
|
|
94
|
+
|
|
95
|
+
possible_releases.find { |r| released?(r.version) }
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
private
|
|
99
|
+
|
|
100
|
+
sig { abstract.params(version: Dependabot::Version).returns(T::Boolean) }
|
|
101
|
+
def released?(version); end
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
end
|
|
@@ -11,6 +11,9 @@ module Dependabot
|
|
|
11
11
|
module Shared
|
|
12
12
|
class SharedVersionFinder < Dependabot::Package::PackageLatestVersionFinder
|
|
13
13
|
extend T::Sig
|
|
14
|
+
extend T::Helpers
|
|
15
|
+
|
|
16
|
+
abstract!
|
|
14
17
|
|
|
15
18
|
# Regex to match common Maven release qualifiers that indicate stable releases.
|
|
16
19
|
# See https://github.com/apache/maven/blob/848fbb4bf2d427b72bdb2471c22fced7ebd9a7a1/maven-artifact/src/main/java/org/apache/maven/artifact/versioning/ComparableVersion.java#L315-L320
|
|
@@ -123,6 +126,11 @@ module Dependabot
|
|
|
123
126
|
dependency.version_class
|
|
124
127
|
end
|
|
125
128
|
|
|
129
|
+
sig { returns(T::Boolean) }
|
|
130
|
+
def cooldown_enabled?
|
|
131
|
+
true
|
|
132
|
+
end
|
|
133
|
+
|
|
126
134
|
private
|
|
127
135
|
|
|
128
136
|
# Determines whether two versions have compatible suffixes.
|
|
@@ -405,11 +413,6 @@ module Dependabot
|
|
|
405
413
|
|
|
406
414
|
suffix.empty? ? nil : suffix
|
|
407
415
|
end
|
|
408
|
-
|
|
409
|
-
sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
|
|
410
|
-
def package_details
|
|
411
|
-
raise NotImplementedError, "Subclasses must implement `package_details`"
|
|
412
|
-
end
|
|
413
416
|
end
|
|
414
417
|
end
|
|
415
418
|
end
|
|
@@ -6,13 +6,13 @@ require "dependabot/package/release_cooldown_options"
|
|
|
6
6
|
require "dependabot/update_checkers/version_filters"
|
|
7
7
|
require "dependabot/maven/package/package_details_fetcher"
|
|
8
8
|
require "dependabot/maven/update_checker"
|
|
9
|
-
require "dependabot/maven/shared/
|
|
9
|
+
require "dependabot/maven/shared/base_version_finder"
|
|
10
10
|
require "sorbet-runtime"
|
|
11
11
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module Maven
|
|
14
14
|
class UpdateChecker
|
|
15
|
-
class VersionFinder < Dependabot::Maven::Shared::
|
|
15
|
+
class VersionFinder < Dependabot::Maven::Shared::BaseVersionFinder
|
|
16
16
|
extend T::Sig
|
|
17
17
|
|
|
18
18
|
sig do
|
|
@@ -52,92 +52,13 @@ module Dependabot
|
|
|
52
52
|
@package_details ||= package_details_fetcher.fetch
|
|
53
53
|
end
|
|
54
54
|
|
|
55
|
-
|
|
56
|
-
def releases
|
|
57
|
-
(package_details&.releases || []).reverse
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
|
|
61
|
-
def latest_version_details
|
|
62
|
-
release = fetch_latest_release
|
|
63
|
-
release&.version ? { version: release.version, source_url: release.url } : nil
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
|
|
67
|
-
def lowest_security_fix_version_details
|
|
68
|
-
release = fetch_lowest_security_fix_release
|
|
69
|
-
release&.version ? { version: release.version, source_url: release.url } : nil
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
protected
|
|
73
|
-
|
|
74
|
-
sig { returns(T::Boolean) }
|
|
75
|
-
def cooldown_enabled?
|
|
76
|
-
true
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
sig do
|
|
80
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
81
|
-
.returns(T.nilable(Dependabot::Version))
|
|
82
|
-
end
|
|
83
|
-
def fetch_latest_version(language_version: nil)
|
|
84
|
-
fetch_latest_release(language_version: language_version)&.version
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
sig do
|
|
88
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
89
|
-
.returns(T.nilable(Dependabot::Version))
|
|
90
|
-
end
|
|
91
|
-
def fetch_latest_version_with_no_unlock(language_version:)
|
|
92
|
-
fetch_latest_release(language_version: language_version)&.version
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
sig do
|
|
96
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
97
|
-
.returns(T.nilable(Dependabot::Version))
|
|
98
|
-
end
|
|
99
|
-
def fetch_lowest_security_fix_version(language_version: nil)
|
|
100
|
-
fetch_lowest_security_fix_release(language_version: language_version)&.version
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
sig do
|
|
104
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
105
|
-
.returns(T.nilable(Dependabot::Package::PackageRelease))
|
|
106
|
-
end
|
|
107
|
-
def fetch_latest_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
|
|
108
|
-
possible_releases = filter_prerelease_versions(releases)
|
|
109
|
-
possible_releases = filter_date_based_versions(possible_releases)
|
|
110
|
-
possible_releases = filter_version_types(possible_releases)
|
|
111
|
-
possible_releases = filter_ignored_versions(possible_releases)
|
|
112
|
-
possible_releases = filter_by_cooldown(possible_releases)
|
|
113
|
-
possible_releases_reverse = possible_releases.reverse
|
|
114
|
-
|
|
115
|
-
possible_releases_reverse.find do |r|
|
|
116
|
-
package_details_fetcher.released?(r.version)
|
|
117
|
-
end
|
|
118
|
-
end
|
|
119
|
-
|
|
120
|
-
sig do
|
|
121
|
-
params(language_version: T.nilable(T.any(String, Dependabot::Version)))
|
|
122
|
-
.returns(T.nilable(Dependabot::Package::PackageRelease))
|
|
123
|
-
end
|
|
124
|
-
def fetch_lowest_security_fix_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
|
|
125
|
-
possible_releases = filter_prerelease_versions(releases)
|
|
126
|
-
possible_releases = filter_date_based_versions(possible_releases)
|
|
127
|
-
possible_releases = filter_version_types(possible_releases)
|
|
128
|
-
possible_releases = Dependabot::UpdateCheckers::VersionFilters
|
|
129
|
-
.filter_vulnerable_versions(
|
|
130
|
-
possible_releases,
|
|
131
|
-
security_advisories
|
|
132
|
-
)
|
|
133
|
-
possible_releases = filter_ignored_versions(possible_releases)
|
|
134
|
-
possible_releases = filter_lower_versions(possible_releases)
|
|
55
|
+
private
|
|
135
56
|
|
|
136
|
-
|
|
57
|
+
sig { override.params(version: Dependabot::Version).returns(T::Boolean) }
|
|
58
|
+
def released?(version)
|
|
59
|
+
package_details_fetcher.released?(version)
|
|
137
60
|
end
|
|
138
61
|
|
|
139
|
-
private
|
|
140
|
-
|
|
141
62
|
sig { returns(Package::PackageDetailsFetcher) }
|
|
142
63
|
def package_details_fetcher
|
|
143
64
|
@package_details_fetcher ||= Package::PackageDetailsFetcher.new(
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-maven
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.375.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.375.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.375.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: rexml
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -272,6 +272,7 @@ files:
|
|
|
272
272
|
- lib/dependabot/maven/package_manager.rb
|
|
273
273
|
- lib/dependabot/maven/pom.xml
|
|
274
274
|
- lib/dependabot/maven/requirement.rb
|
|
275
|
+
- lib/dependabot/maven/shared/base_version_finder.rb
|
|
275
276
|
- lib/dependabot/maven/shared/shared_metadata_finder.rb
|
|
276
277
|
- lib/dependabot/maven/shared/shared_package_details_fetcher.rb
|
|
277
278
|
- lib/dependabot/maven/shared/shared_requirement.rb
|
|
@@ -289,7 +290,7 @@ licenses:
|
|
|
289
290
|
- MIT
|
|
290
291
|
metadata:
|
|
291
292
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
292
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
293
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.375.0
|
|
293
294
|
rdoc_options: []
|
|
294
295
|
require_paths:
|
|
295
296
|
- lib
|