Class: Dependabot::Maven::Shared::SharedVersionFinder

Inherits:

Package::PackageLatestVersionFinder

• Object
• Package::PackageLatestVersionFinder
• Dependabot::Maven::Shared::SharedVersionFinder

Extended by:

T::Sig

Defined in:

lib/dependabot/maven/shared/shared_version_finder.rb

Direct Known Subclasses

UpdateChecker::VersionFinder

Constant Summary

MAVEN_RELEASE_QUALIFIERS =

Regex to match common Maven release qualifiers that indicate stable releases. See github.com/apache/maven/blob/848fbb4bf2d427b72bdb2471c22fced7ebd9a7a1/maven-artifact/src/main/java/org/apache/maven/artifact/versioning/ComparableVersion.java#L315-L320

/
  ^.+[-._](
    RELEASE|# Official release
    FINAL|# Final build
    GA# General Availability
  )$
/ix

MAVEN_PRE_RELEASE_QUALIFIERS =

Common Maven pre-release qualifiers. They often indicate versions that are not yet stable but that are released to the public for testing. Examples: 1.0.0-RC1, 2.0.0-ALPHA2, 3.1.0-BETA, 4.0.0-DEV5, etc. See maven.apache.org/guides/mini/guide-naming-conventions.html#version-identifier

/
  [-._]?(
    # --- Qualifiers that usually REQUIRE a number ---
    # Examples: "RC1", "BETA2", "M3", "ALPHA-1", "EAP.2"
    # The number differentiates multiple pre-releases; a version like "1.0.0-RC"
    (?i)(?:RC|CR|M|MILESTONE|ALPHA|BETA|EA|EAP)(?:[-._]?\d+)?
    |
    # --- Qualifiers that do NOT usually have numbers ---
    DEV|
    PREVIEW|
    PRERELEASE|
    EXPERIMENTAL|
    UNSTABLE
  )$
/ix

MAVEN_SNAPSHOT_QUALIFIER =

/-SNAPSHOT$/i

Instance Method Summary

• #matches_dependency_version_type?(comparison_version) ⇒ Boolean

Instance Method Details

#matches_dependency_version_type?(comparison_version) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/maven/shared/shared_version_finder.rb', line 48

def matches_dependency_version_type?(comparison_version)
  return true unless dependency.version

  current_version_string = dependency.version
  candidate_version_string = comparison_version.to_s

  current_is_pre_release = current_version_string&.match?(MAVEN_PRE_RELEASE_QUALIFIERS)
  candidate_is_pre_release = candidate_version_string.match?(MAVEN_PRE_RELEASE_QUALIFIERS)

  # Pre-releases are only compatible with other pre-releases
  # When this happens, the suffix does not need to match exactly
  # This allows transitions between 1.0.0-RC1 and 1.0.0-CR2, for example
  return true if current_is_pre_release && candidate_is_pre_release

  current_is_snapshot = current_version_string&.match?(MAVEN_SNAPSHOT_QUALIFIER)
  # If the current version is a pre-release or a snapshot, allow upgrading to a stable release
  # This can help move from pre-release to the stable version that supersedes it,
  # but this should not happen vice versa as a stable release should not be downgraded to a pre-release
  return true if (current_is_pre_release || current_is_snapshot) && !candidate_is_pre_release

  current_suffix = extract_version_suffix(current_version_string)
  candidate_suffix = extract_version_suffix(candidate_version_string)

  if jre_or_jdk?(current_suffix) && jre_or_jdk?(candidate_suffix)
    return compatible_java_runtime?(T.must(current_suffix), T.must(candidate_suffix))
  end

  # If both versions share the exact suffix or no suffix, they are compatible
  current_suffix == candidate_suffix
end