Implement SBT UpdateChecker to fetch available versions

maven/lib/dependabot/maven/shared/base_version_finder.rb

@@ -0,0 +1,105 @@
+# typed: strong
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/maven/shared/shared_version_finder"
+
+module Dependabot
+  module Maven
+    module Shared
+      # Intermediate class for ecosystems (Maven, SBT) that use a package_details-based
+      # release pipeline with HEAD-check verification. Gradle uses its own filter chain
+      # and inherits directly from SharedVersionFinder.
+      class BaseVersionFinder < SharedVersionFinder
+        extend T::Sig
+        extend T::Helpers
+
+        abstract!
+
+        sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
+        def releases
+          (package_details&.releases || []).reverse
+        end
+
+        sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+        def latest_version_details
+          release = fetch_latest_release
+          release&.version ? { version: release.version, source_url: release.url } : nil
+        end
+
+        sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+        def lowest_security_fix_version_details
+          release = fetch_lowest_security_fix_release
+          release&.version ? { version: release.version, source_url: release.url } : nil
+        end
+
+        protected
+
+        sig do
+          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+            .returns(T.nilable(Dependabot::Version))
+        end
+        def fetch_latest_version(language_version: nil)
+          fetch_latest_release(language_version: language_version)&.version
+        end
+
+        sig do
+          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+            .returns(T.nilable(Dependabot::Version))
+        end
+        def fetch_latest_version_with_no_unlock(language_version:)
+          fetch_latest_release(language_version: language_version)&.version
+        end
+
+        sig do
+          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+            .returns(T.nilable(Dependabot::Version))
+        end
+        def fetch_lowest_security_fix_version(language_version: nil)
+          fetch_lowest_security_fix_release(language_version: language_version)&.version
+        end
+
+        sig do
+          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+            .returns(T.nilable(Dependabot::Package::PackageRelease))
+        end
+        def fetch_latest_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
+          possible_releases = filter_prerelease_versions(releases)
+          possible_releases = filter_date_based_versions(possible_releases)
+          possible_releases = filter_version_types(possible_releases)
+          possible_releases = filter_ignored_versions(possible_releases)
+          possible_releases = filter_by_cooldown(possible_releases)
+          possible_releases_reverse = possible_releases.reverse
+
+          possible_releases_reverse.find do |r|
+            released?(r.version)
+          end
+        end
+
+        sig do
+          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+            .returns(T.nilable(Dependabot::Package::PackageRelease))
+        end
+        def fetch_lowest_security_fix_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
+          possible_releases = filter_prerelease_versions(releases)
+          possible_releases = filter_date_based_versions(possible_releases)
+          possible_releases = filter_version_types(possible_releases)
+          possible_releases = Dependabot::UpdateCheckers::VersionFilters
+                              .filter_vulnerable_versions(
+                                possible_releases,
+                                security_advisories
+                              )
+          possible_releases = filter_ignored_versions(possible_releases)
+          possible_releases = filter_lower_versions(possible_releases)
+
+          possible_releases.find { |r| released?(r.version) }
+        end
+
+        private
+
+        sig { abstract.params(version: Dependabot::Version).returns(T::Boolean) }
+        def released?(version); end
+      end
+    end
+  end
+end

maven/lib/dependabot/maven/shared/shared_version_finder.rb

@@ -11,6 +11,9 @@ module Maven
     module Shared
       class SharedVersionFinder < Dependabot::Package::PackageLatestVersionFinder
         extend T::Sig
+        extend T::Helpers
+
+        abstract!
 
         # Regex to match common Maven release qualifiers that indicate stable releases.
         # See https://github.com/apache/maven/blob/848fbb4bf2d427b72bdb2471c22fced7ebd9a7a1/maven-artifact/src/main/java/org/apache/maven/artifact/versioning/ComparableVersion.java#L315-L320
@@ -123,6 +126,11 @@ def version_class
           dependency.version_class
         end
 
+        sig { returns(T::Boolean) }
+        def cooldown_enabled?
+          true
+        end
+
         private
 
         # Determines whether two versions have compatible suffixes.
@@ -405,11 +413,6 @@ def extract_suffix_from_part(part)
 
           suffix.empty? ? nil : suffix
         end
-
-        sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
-        def package_details
-          raise NotImplementedError, "Subclasses must implement `package_details`"
-        end
       end
     end
   end

maven/lib/dependabot/maven/update_checker/version_finder.rb

@@ -6,13 +6,13 @@
 require "dependabot/update_checkers/version_filters"
 require "dependabot/maven/package/package_details_fetcher"
 require "dependabot/maven/update_checker"
-require "dependabot/maven/shared/shared_version_finder"
+require "dependabot/maven/shared/base_version_finder"
 require "sorbet-runtime"
 
 module Dependabot
   module Maven
     class UpdateChecker
-      class VersionFinder < Dependabot::Maven::Shared::SharedVersionFinder
+      class VersionFinder < Dependabot::Maven::Shared::BaseVersionFinder
         extend T::Sig
 
         sig do
@@ -52,92 +52,13 @@ def package_details
           @package_details ||= package_details_fetcher.fetch
         end
 
-        sig { returns(T::Array[Dependabot::Package::PackageRelease]) }
-        def releases
-          (package_details&.releases || []).reverse
-        end
-
-        sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
-        def latest_version_details
-          release = fetch_latest_release
-          release&.version ? { version: release.version, source_url: release.url } : nil
-        end
-
-        sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
-        def lowest_security_fix_version_details
-          release = fetch_lowest_security_fix_release
-          release&.version ? { version: release.version, source_url: release.url } : nil
-        end
-
-        protected
-
-        sig { returns(T::Boolean) }
-        def cooldown_enabled?
-          true
-        end
-
-        sig do
-          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
-            .returns(T.nilable(Dependabot::Version))
-        end
-        def fetch_latest_version(language_version: nil)
-          fetch_latest_release(language_version: language_version)&.version
-        end
-
-        sig do
-          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
-            .returns(T.nilable(Dependabot::Version))
-        end
-        def fetch_latest_version_with_no_unlock(language_version:)
-          fetch_latest_release(language_version: language_version)&.version
-        end
-
-        sig do
-          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
-            .returns(T.nilable(Dependabot::Version))
-        end
-        def fetch_lowest_security_fix_version(language_version: nil)
-          fetch_lowest_security_fix_release(language_version: language_version)&.version
-        end
-
-        sig do
-          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
-            .returns(T.nilable(Dependabot::Package::PackageRelease))
-        end
-        def fetch_latest_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
-          possible_releases = filter_prerelease_versions(releases)
-          possible_releases = filter_date_based_versions(possible_releases)
-          possible_releases = filter_version_types(possible_releases)
-          possible_releases = filter_ignored_versions(possible_releases)
-          possible_releases = filter_by_cooldown(possible_releases)
-          possible_releases_reverse = possible_releases.reverse
-
-          possible_releases_reverse.find do |r|
-            package_details_fetcher.released?(r.version)
-          end
-        end
-
-        sig do
-          params(language_version: T.nilable(T.any(String, Dependabot::Version)))
-            .returns(T.nilable(Dependabot::Package::PackageRelease))
-        end
-        def fetch_lowest_security_fix_release(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
-          possible_releases = filter_prerelease_versions(releases)
-          possible_releases = filter_date_based_versions(possible_releases)
-          possible_releases = filter_version_types(possible_releases)
-          possible_releases = Dependabot::UpdateCheckers::VersionFilters
-                              .filter_vulnerable_versions(
-                                possible_releases,
-                                security_advisories
-                              )
-          possible_releases = filter_ignored_versions(possible_releases)
-          possible_releases = filter_lower_versions(possible_releases)
+        private
 
-          possible_releases.find { |r| package_details_fetcher.released?(r.version) }
+        sig { override.params(version: Dependabot::Version).returns(T::Boolean) }
+        def released?(version)
+          package_details_fetcher.released?(version)
         end
 
-        private
-
         sig { returns(Package::PackageDetailsFetcher) }
         def package_details_fetcher
           @package_details_fetcher ||= Package::PackageDetailsFetcher.new(

maven/spec/dependabot/maven/shared/shared_version_finder_spec.rb

@@ -10,8 +10,17 @@
 require "dependabot/package/package_release"
 
 RSpec.describe Dependabot::Maven::Shared::SharedVersionFinder do
+  # SharedVersionFinder is abstract, so use a concrete subclass for testing
+  let(:concrete_class) do
+    Class.new(described_class) do
+      def package_details
+        nil
+      end
+    end
+  end
+
   let(:finder) do
-    described_class.new(
+    concrete_class.new(
       dependency: dependency,
       dependency_files: dependency_files,
       credentials: credentials,