class Dependabot::Composer::UpdateChecker

Public Instance Methods

latest_resolvable_version() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 24
def latest_resolvable_version
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version ||=
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :own
    ).latest_resolvable_version
end
latest_resolvable_version_with_no_unlock() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 50
def latest_resolvable_version_with_no_unlock
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version_with_no_unlock ||=
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :none
    ).latest_resolvable_version
end
latest_version() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 16
def latest_version
  return nil if path_dependency?
  return latest_version_for_git_dependency if git_dependency?

  # Fall back to latest_resolvable_version if no listings found
  latest_version_from_registry || latest_resolvable_version
end
lowest_resolvable_security_fix_version() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 41
def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?

  return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)

  @lowest_resolvable_security_fix_version =
    fetch_lowest_resolvable_security_fix_version
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 37
def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end
requirements_update_strategy() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 71
def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy.to_sym if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  library? ? :widen_ranges : :bump_versions_if_necessary
end
updated_requirements() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 63
def updated_requirements
  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_resolvable_version: preferred_resolvable_version&.to_s,
    update_strategy: requirements_update_strategy
  ).updated_requirements
end

Private Instance Methods

composer_file() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 133
def composer_file
  composer_file =
    dependency_files.find { |f| f.name == "composer.json" }
  raise "No composer.json!" unless composer_file

  composer_file
end
fetch_lowest_resolvable_security_fix_version() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 105
def fetch_lowest_resolvable_security_fix_version
  return nil if path_dependency? || git_dependency?

  fix_version = lowest_security_fix_version
  return latest_resolvable_version if fix_version.nil?

  resolved_fix_version = VersionResolver.new(
    credentials: credentials,
    dependency: dependency,
    dependency_files: dependency_files,
    latest_allowable_version: fix_version,
    requirements_to_unlock: :own
  ).latest_resolvable_version

  return fix_version if fix_version == resolved_fix_version

  latest_resolvable_version
end
git_commit_checker() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 164
def git_commit_checker
  @git_commit_checker ||= Dependabot::GitCommitChecker.new(
    dependency: dependency,
    credentials: credentials,
    ignored_versions: ignored_versions,
    raise_on_ignored: raise_on_ignored
  )
end
git_dependency?() click to toggle source

To be a true git dependency, it must have a branch.

# File lib/dependabot/composer/update_checker.rb, line 129
def git_dependency?
  dependency.requirements.any? { |r| r.dig(:source, :branch) }
end
latest_version_finder() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 94
def latest_version_finder
  @latest_version_finder ||= LatestVersionFinder.new(
    dependency: dependency,
    dependency_files: dependency_files,
    credentials: credentials,
    ignored_versions: ignored_versions,
    raise_on_ignored: raise_on_ignored,
    security_advisories: security_advisories
  )
end
latest_version_for_git_dependency() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 145
def latest_version_for_git_dependency
  # If the dependency isn't pinned then we just want to check that it
  # points to the latest commit on the relevant branch.
  return git_commit_checker.head_commit_for_current_branch unless git_commit_checker.pinned?

  # If the dependency is pinned to a tag that looks like a version then
  # we want to update that tag. The latest version will then be the SHA
  # of the latest tag that looks like a version.
  if git_commit_checker.pinned_ref_looks_like_version? &&
     git_commit_checker.local_tag_for_latest_version
    latest_tag = git_commit_checker.local_tag_for_latest_version
    return latest_tag.fetch(:commit_sha)
  end

  # If the dependency is pinned to a tag that doesn't look like a
  # version then there's nothing we can do.
  dependency.version
end
latest_version_from_registry() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 90
def latest_version_from_registry
  latest_version_finder.latest_version
end
latest_version_resolvable_with_full_unlock?() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 81
def latest_version_resolvable_with_full_unlock?
  # Full unlock checks aren't implemented for Composer (yet)
  false
end
library?() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 141
def library?
  JSON.parse(composer_file.content)["type"] == "library"
end
path_dependency?() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 124
def path_dependency?
  dependency.requirements.any? { |r| r.dig(:source, :type) == "path" }
end
updated_dependencies_after_full_unlock() click to toggle source
# File lib/dependabot/composer/update_checker.rb, line 86
def updated_dependencies_after_full_unlock
  raise NotImplementedError
end