class Dependabot::Bundler::UpdateChecker::LatestVersionFinder

Attributes

credentials[R]
dependency[R]
dependency_files[R]
ignored_versions[R]
options[R]
repo_contents_path[R]
security_advisories[R]

Public Class Methods

new(dependency:, dependency_files:, repo_contents_path: nil, credentials:, ignored_versions:, raise_on_ignored: false, security_advisories:, options:) click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 17
def initialize(dependency:, dependency_files:, repo_contents_path: nil,
               credentials:, ignored_versions:, raise_on_ignored: false,
               security_advisories:, options:)
  @dependency          = dependency
  @dependency_files    = dependency_files
  @repo_contents_path  = repo_contents_path
  @credentials         = credentials
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
  @options             = options
end

Public Instance Methods

latest_version_details() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 30
def latest_version_details
  @latest_version_details ||= fetch_latest_version_details
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 34
def lowest_security_fix_version
  @lowest_security_fix_version ||= fetch_lowest_security_fix_version
end

Private Instance Methods

dependency_source() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 105
def dependency_source
  @dependency_source ||= DependencySource.new(
    dependency: dependency,
    dependency_files: dependency_files,
    credentials: credentials,
    options: options
  )
end
fetch_latest_version_details() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 44
def fetch_latest_version_details
  return dependency_source.latest_git_version_details if dependency_source.git?

  relevant_versions = dependency_source.versions
  relevant_versions = filter_prerelease_versions(relevant_versions)
  relevant_versions = filter_ignored_versions(relevant_versions)

  relevant_versions.empty? ? nil : { version: relevant_versions.max }
end
fetch_lowest_security_fix_version() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 54
def fetch_lowest_security_fix_version
  return if dependency_source.git?

  relevant_versions = dependency_source.versions
  relevant_versions = filter_prerelease_versions(relevant_versions)
  relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
                                                                                            security_advisories)
  relevant_versions = filter_ignored_versions(relevant_versions)
  relevant_versions = filter_lower_versions(relevant_versions)

  relevant_versions.min
end
filter_ignored_versions(versions_array) click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 73
def filter_ignored_versions(versions_array)
  filtered = versions_array.
             reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
    raise AllVersionsIgnored
  end

  filtered
end
filter_lower_versions(versions_array) click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 83
def filter_lower_versions(versions_array)
  return versions_array unless dependency.version && Gem::Version.correct?(dependency.version)

  versions_array.
    select { |version| version > Gem::Version.new(dependency.version) }
end
filter_prerelease_versions(versions_array) click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 67
def filter_prerelease_versions(versions_array)
  return versions_array if wants_prerelease?

  versions_array.reject(&:prerelease?)
end
gemfile() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 124
def gemfile
  dependency_files.find { |f| f.name == "Gemfile" } ||
    dependency_files.find { |f| f.name == "gems.rb" }
end
ignore_requirements() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 114
def ignore_requirements
  ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
end
requirement_class() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 118
def requirement_class
  Utils.requirement_class_for_package_manager(
    dependency.package_manager
  )
end
wants_prerelease?() click to toggle source
# File lib/dependabot/bundler/update_checker/latest_version_finder.rb, line 90
def wants_prerelease?
  @wants_prerelease ||=
    begin
      current_version = dependency.version
      if current_version && Gem::Version.correct?(current_version) &&
         Gem::Version.new(current_version).prerelease?
        true
      else
        dependency.requirements.any? do |req|
          req[:requirement].match?(/[a-z]/i)
        end
      end
    end
end