semver_dialects 2.0.2 → 3.0.0

data/lib/semver_dialects/semver2.rb

@@ -0,0 +1,159 @@
+# frozen_string_literal: true
+
+require 'strscan'
+
+module SemverDialects
+  module Semver2
+    # Represents a token that matches any major, minor, or patch number.
+    ANY_NUMBER = 'x'
+
+    class Version < BaseVersion
+      def initialize(tokens, prerelease_tag: nil)
+        @tokens = tokens
+        @addition = prerelease_tag
+      end
+
+      def <=>(other)
+        if (idx = tokens.index(ANY_NUMBER))
+          a = tokens[0..(idx - 1)]
+          b = other.tokens[0..(idx - 1)]
+          return compare_tokens(a, b)
+        end
+
+        if (idx = other.tokens.index(ANY_NUMBER))
+          a = tokens[0..(idx - 1)]
+          b = other.tokens[0..(idx - 1)]
+          return compare_tokens(a, b)
+        end
+
+        super
+      end
+
+      private
+
+      # Compares pre-release tags as specified in https://semver.org/#spec-item-9.
+      def compare_additions(a, b) # rubocop:disable Naming/MethodParameterName
+        #  Pre-release versions have a lower precedence than the associated normal version.
+        return -1 if !a.nil? && b.nil? # only self is a pre-release
+        return 1 if a.nil? && !b.nil? # only other is a pre-release
+
+        a <=> b
+      end
+    end
+
+    class PrereleaseTag < BaseVersion
+      def initialize(tokens)
+        @tokens = tokens
+      end
+
+      # Returns true if the prerelease tag is empty.
+      # In Semver 2 1.2.3-0 is NOT equivalent to 1.2.3.
+      def is_zero?
+        tokens.empty?
+      end
+
+      private
+
+      # Compares pre-release identifiers as specified in https://semver.org/#spec-item-11.
+      def compare_token_pair(a, b) # rubocop:disable Naming/MethodParameterName
+        case a
+        when Integer
+          case b
+          when String
+            # Numeric identifiers always have lower precedence than non-numeric identifiers.
+            return -1
+          when nil
+            # A larger set of pre-release fields has a higher precedence than a smaller set, if all of the preceding identifiers are equal.
+            return 1
+          end
+        when String
+          case b
+          when Integer
+            # Numeric identifiers always have lower precedence than non-numeric identifiers.
+            return 1
+          when nil
+            # A larger set of pre-release fields has a higher precedence than a smaller set, if all of the preceding identifiers are equal.
+            return 1
+          end
+        when nil
+          case b
+          when Integer
+            # A larger set of pre-release fields has a higher precedence than a smaller set, if all of the preceding identifiers are equal.
+            return -1
+          when String
+            # A larger set of pre-release fields has a higher precedence than a smaller set, if all of the preceding identifiers are equal.
+            return -1
+          end
+        end
+        # Identifiers have both the same type (numeric or non-numeric).
+        # This returns nil if the identifiers can't be compared.
+        a <=> b
+      end
+    end
+
+    class VersionParser
+      def self.parse(input)
+        new(input).parse
+      end
+
+      attr_reader :input
+
+      def initialize(input)
+        @input = input
+        @scanner = StringScanner.new(input)
+      end
+
+      def parse
+        tokens = []
+        prerelease_tag = nil
+
+        # skip ignore leading v if any
+        scanner.skip('v')
+
+        until scanner.eos?
+          if (s = scanner.scan(/\d+/))
+            tokens << s.to_i
+          elsif (s = scanner.scan(/\.x\z/i))
+            tokens << ANY_NUMBER
+          elsif (s = scanner.scan('.'))
+            # continue
+          elsif (s = scanner.scan('-'))
+            prerelease_tag = parse_prerelease_tag
+          elsif (s = scanner.scan(/\+.*/))
+            # continue
+          else
+            raise IncompleteScanError, scanner.rest
+          end
+        end
+
+        Version.new(tokens, prerelease_tag: prerelease_tag)
+      end
+
+      private
+
+      attr_reader :scanner
+
+      def parse_prerelease_tag
+        tokens = []
+        at_build_tag = false
+
+        until scanner.eos? || at_build_tag
+          if (s = scanner.scan(/\d+(?![a-zA-Z-])/))
+            tokens << s.to_i
+          elsif (s = scanner.scan(/[0-9a-zA-Z-]+/))
+            tokens << s
+          elsif (s = scanner.scan('.'))
+            # continue
+          elsif (s = scanner.scan('+'))
+            scanner.unscan
+            at_build_tag = true
+          else
+            raise IncompleteScanError, scanner.rest
+          end
+        end
+
+        PrereleaseTag.new(tokens)
+      end
+    end
+  end
+end

data/lib/semver_dialects/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SemverDialects
-  VERSION = '2.0.2'
+  VERSION = '3.0.0'
 end

data/lib/semver_dialects.rb

@@ -1,17 +1,20 @@
 # frozen_string_literal: true
 
 require 'semver_dialects/version'
-require 'semver_dialects/semantic_version/version_translator'
-require 'semver_dialects/semantic_version/version_parser'
-require 'semver_dialects/semantic_version/version_range'
+require 'semver_dialects/base_version'
+require 'semver_dialects/maven'
+require 'semver_dialects/semver2'
+require 'semver_dialects/semantic_version'
+require 'semver_dialects/boundary'
+require 'semver_dialects/interval'
+require 'semver_dialects/interval_parser'
+require 'semver_dialects/interval_set'
+require 'semver_dialects/interval_set_parser'
 require 'deb_version'
 
 module SemverDialects
   # Captures all errors that could be possibly raised
   class Error < StandardError
-    def initialize(msg)
-      super(msg)
-    end
   end
 
   class UnsupportedPackageTypeError < Error
@@ -44,70 +47,156 @@ module SemverDialects
     end
   end
 
-  # A utiltity module that helps with version matching
-  module VersionChecker
-    def self.version_translate(typ, version_string)
-      case typ
-      when 'maven'
-        VersionTranslator.translate_maven(version_string)
-      when 'npm'
-        VersionTranslator.translate_npm(version_string)
-      when 'conan'
-        VersionTranslator.translate_conan(version_string)
-      when 'nuget'
-        VersionTranslator.translate_nuget(version_string)
-      when 'go'
-        VersionTranslator.translate_go(version_string)
-      when 'gem'
-        VersionTranslator.translate_gem(version_string)
-      when 'pypi'
-        VersionTranslator.translate_pypi(version_string)
-      when 'packagist'
-        VersionTranslator.translate_packagist(version_string)
-      else
-        raise UnsupportedPackageTypeError, typ
-      end
-    end
+  class IncompleteScanError < InvalidVersionError
+    attr_reader :rest
 
-    # Determines if a version of a given package type satisfies a constraint.
-    #
-    # On normal execution, this method might raise the following exceptions:
-    #
-    # - UnsupportedPackageTypeError if the package type is not supported
-    # - InvalidVersionError if the version is invalid
-    # - InvalidConstraintError if the constraint is invalid or contains invalid versions
-    #
-    def self.version_sat?(typ, raw_ver, raw_constraint)
-      # os package versions are handled very differently from application package versions
-      return os_pkg_version_sat?(typ, raw_ver, raw_constraint) if os_purl_type?(typ)
-
-      # build an interval that only contains the version
-      version = VersionCut.new(raw_ver)
-      version_as_interval = VersionInterval.new(IntervalType::LEFT_CLOSED | IntervalType::RIGHT_CLOSED, version, version)
-
-      constraint = VersionRange.new(false)
-      version_translate(typ, raw_constraint).each do |version_interval_str|
-        constraint << VersionParser.parse(version_interval_str)
-      end
-
-      constraint.overlaps_with?(version_as_interval)
+    def initialize(rest)
+      @rest = rest
     end
 
-    def self.os_purl_type?(typ)
-      ['deb', 'rpm', 'apk'].include?(typ)
+    def message
+      "scan did not consume '#{@rest}'"
     end
+  end
+
+  # Determines if a version of a given package type satisfies a constraint.
+  #
+  # On normal execution, this method might raise the following exceptions:
+  #
+  # - UnsupportedPackageTypeError if the package type is not supported
+  # - InvalidVersionError if the version is invalid
+  # - InvalidConstraintError if the constraint is invalid or contains invalid versions
+  #
+  def self.version_satisfies?(typ, raw_ver, raw_constraint)
+    # os package versions are handled very differently from application package versions
+    return os_pkg_version_satisfies?(typ, raw_ver, raw_constraint) if os_purl_type?(typ)
+
+    # build an interval that only contains the version
+    version = SemverDialects.parse_version(typ, raw_ver)
+    version_as_interval = Interval.from_version(version)
+
+    interval_set = IntervalSetParser.parse(typ, raw_constraint)
+
+    interval_set.overlaps_with?(version_as_interval)
+  end
+
+  def self.os_purl_type?(typ)
+    %w[deb rpm apk].include?(typ)
+  end
 
-    def self.os_pkg_version_sat?(typ, raw_ver, raw_constraint)
-      if typ == 'deb'
-        # we only support the less than operator, because that's the only one currently output
-        # by the advisory exporter for operating system packages.
-        raise SemverDialects::InvalidConstraintError, raw_constraint unless raw_constraint[0] == '<'
+  def self.os_pkg_version_satisfies?(typ, raw_ver, raw_constraint)
+    return unless typ == 'deb'
+    # we only support the less than operator, because that's the only one currently output
+    # by the advisory exporter for operating system packages.
+    raise SemverDialects::InvalidConstraintError, raw_constraint unless raw_constraint[0] == '<'
 
-        v1 = DebVersion.new(raw_ver)
-        v2 = DebVersion.new(raw_constraint[1..-1])
+    v1 = DebVersion.new(raw_ver)
+    v2 = DebVersion.new(raw_constraint[1..])
+
+    v1 < v2
+  end
 
-        return v1 < v2
-      end
+  # Parse a version according to the syntax type.
+  def self.parse_version(typ, raw_ver)
+    # for efficiency most popular package types come first
+    case typ
+    when 'maven'
+      Maven::VersionParser.parse(raw_ver)
+
+    when 'npm'
+      # npm follows Semver 2.0.0.
+      Semver2::VersionParser.parse(raw_ver)
+
+    when 'go'
+      # Go follows Semver 2.0.0.
+      #
+      # Go pseudo-versions are pre-releases as defined in Semver 2.0.0,
+      # and can be compared as such. However, a pseudo-version can't be compared
+      # to a pre-release or another pseudo-version of the same base version.
+      #
+      # quoting https://go.dev/ref/mod#pseudo-versions
+      #
+      # Each pseudo-version may be in one of three forms, depending on the base version. These forms ensure that a pseudo-version compares higher than its base version, but lower than the next tagged version.
+      #
+
+      # vX.0.0-yyyymmddhhmmss-abcdefabcdef is used when there is no known
+      # base version. As with all versions, the major version X must match the
+      # module’s major version suffix.
+      #
+      # vX.Y.Z-pre.0.yyyymmddhhmmss-abcdefabcdef is used when the base version
+      # is a pre-release version like vX.Y.Z-pre.
+      #
+      # vX.Y.(Z+1)-0.yyyymmddhhmmss-abcdefabcdef is used when the base version
+      # is a release version like vX.Y.Z. For example, if the base version is
+      # v1.2.3, a pseudo-version might be v1.2.4-0.20191109021931-daa7c04131f5.
+      #
+      Semver2::VersionParser.parse(raw_ver)
+
+    when 'pypi'
+      # See https://packaging.python.org/en/latest/specifications/version-specifiers/#version-specifiers
+      # TODO: Implement a dedicated parser.
+      SemanticVersion.new(raw_ver)
+
+    when 'nuget'
+      # NuGet diverges from Semver 2.0.0.
+      #
+      # quoting https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#where-nugetversion-diverges-from-semantic-versioning
+      #
+      # NuGetVersion supports a 4th version segment, Revision, to be compatible
+      # with, or a superset of, System.Version. Therefore, excluding prerelease
+      # and metadata labels, a version string is Major.Minor.Patch.Revision. As
+      # per version normalization described above, if Revision is zero, it is
+      # omitted from the normalized version string.
+      #
+      # NuGetVersion only requires the major segment to be defined. All others
+      # are optional, and are equivalent to zero. This means that 1, 1.0,
+      # 1.0.0, and 1.0.0.0 are all accepted and equal.
+      #
+      # NuGetVersion uses case insensitive string comparisons for pre-release
+      # components. This means that 1.0.0-alpha and 1.0.0-Alpha are equal.
+      #
+      Semver2::VersionParser.parse(raw_ver.downcase)
+
+    when 'gem'
+      # Rubygem does not follow Semver. Its versioning scheme is not documented.
+      #
+      # quoting https://guides.rubygems.org/specification-reference/
+      #
+      # The version string can contain numbers and periods, such as 1.0.0. A
+      # gem is a ‘prerelease’ gem if the version has a letter in it, such as
+      # 1.0.0.pre.
+      Gem::Version.new(raw_ver)
+
+    when 'packagist'
+      # Packagist defines specific identifiers like alpha, beta, and stable,
+      # and the comparison rules for these are not compatible with Semver.
+      # See https://github.com/composer/semver/blob/1d09200268e7d1052ded8e5da9c73c96a63d18f5/src/VersionParser.php#L39
+      SemanticVersion.new(raw_ver)
+
+    when 'conan'
+      # Conan diverges from Semver 2.0.0.
+      #
+      # quoting https://docs.conan.io/2/tutorial/versioning/version_ranges.html#semantic-versioning
+      #
+      # Conan extends the semver specification to any number of digits, and
+      # also allows to include lowercase letters in it. This was done because
+      # during 1.X a lot of experience and feedback from users was gathered,
+      # and it became evident than in C++ the versioning scheme is often more
+      # complex, and users were demanding more flexibility, allowing versions
+      # like 1.2.3.a.8 if necessary.
+      #
+      # Conan versions non-digit identifiers follow the same rules as package
+      # names, they can only contain lowercase letters. This is to avoid
+      # 1.2.3-Beta to be a different version than 1.2.3-beta which can be
+      # problematic, even a security risk.
+      #
+      SemanticVersion.new(raw_ver)
+
+    else
+      raise UnsupportedPackageTypeError, typ
     end
+  rescue ArgumentError
+    # Gem::Version.new raises an ArgumentError for invalid versions.
+    raise InvalidVersionError, raw_ver
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: semver_dialects
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 3.0.0
 platform: ruby
 authors:
 - Julian Thome
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-03-20 00:00:00.000000000 Z
+date: 2024-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pastel
@@ -40,6 +40,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: deb_version
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.1
 - !ruby/object:Gem::Dependency
   name: tty-command
   requirement: !ruby/object:Gem::Requirement
@@ -55,19 +69,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.10.1
 - !ruby/object:Gem::Dependency
-  name: deb_version
+  name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
-  type: :runtime
+        version: '2.13'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '2.13'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -110,6 +124,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-parameterized
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.63'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.63'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -135,15 +177,18 @@ extensions: []
 extra_rdoc_files: []
 files:
 - lib/semver_dialects.rb
+- lib/semver_dialects/base_version.rb
+- lib/semver_dialects/boundary.rb
 - lib/semver_dialects/cli.rb
 - lib/semver_dialects/command.rb
 - lib/semver_dialects/commands/check_version.rb
-- lib/semver_dialects/semantic_version/semantic_version.rb
-- lib/semver_dialects/semantic_version/version_cut.rb
-- lib/semver_dialects/semantic_version/version_interval.rb
-- lib/semver_dialects/semantic_version/version_parser.rb
-- lib/semver_dialects/semantic_version/version_range.rb
-- lib/semver_dialects/semantic_version/version_translator.rb
+- lib/semver_dialects/interval.rb
+- lib/semver_dialects/interval_parser.rb
+- lib/semver_dialects/interval_set.rb
+- lib/semver_dialects/interval_set_parser.rb
+- lib/semver_dialects/maven.rb
+- lib/semver_dialects/semantic_version.rb
+- lib/semver_dialects/semver2.rb
 - lib/semver_dialects/version.rb
 - lib/utils.rb
 homepage: https://rubygems.org/gems/semver_dialects