Update checkers

Update checkers check whether a given dependency is up-to-date. If it isn't, they augment it with details of the version to update to.

There is a Dependabot::UpdateCheckers class for each language Dependabot supports.

Public API

Each Dependabot::UpdateCheckers class implements the following methods:

Method Description
`#up_to_date?` Returns a boolean for whether the dependency this instance was created with is currently at the latest version.
`#can_update?` Returns a boolean for whether the dependency this instance was created with needs updating. This will be true if the dependency and/or its requirements can be updated to support a newer version whilst keeping the dependency files it came from resolvable.
`#updated_dependencies` Returns an array of updated `Dependabot::Dependency` instance with updated `version` and `requirements` attributes. The previous values are stored on the instance as `previous_version` and `previous_requirements`.
`#latest_version` See the "Writing an update checker" section.
`#latest_resolvable_version` See the "Writing an update checker" section.
`#updated_requirements` See the "Writing an update checker" section.

An integration might look as follows:

require 'dependabot/update_checkers'

dependency = dependencies.first

update_checker_class = Dependabot::UpdateCheckers::Ruby::Bundler
update_checker = update_checker_class.new(
  dependency: dependency,
  dependency_files: files,
  credentials: [{
    "type" => "git_source",
    "host" => "github.com",
    "username" => "x-access-token",
    "password" => "token"
  }]
)

puts "Update needed for #{dependency.name}? "\
     "#{update_checker.can_update?(requirements_to_update: :own)}"

Writing an update checker for a new language

All new update checkers should inherit from Dependabot::UpdateCheckers::Base and implement the following methods:

Method Description
`#latest_version` The latest version of the dependency, ignoring resolvability. This is used to short-circuit update checking when the dependency is already at the latest version (since checking resolvability is typically slow).
`#latest_resolvable_version` The latest version of the dependency that will still allow the full dependency set to resolve.
`#latest_resolvable_version_with_no_unlock` The latest version of the dependency that satisfies the dependency's current version constraints and will still allow the full dependency set to resolve.
`#updated_requirements` An updated set of requirements for the dependency that should replace the existing requirements in the manifest file. Use by the file updater class when updating the manifest file.
`#latest_version_resolvable_with_full_unlock?` A boolean for whether the latest version can be resolved if all other dependencies are unlocked in the manifest file. Can be set to always return `false` if multi-dependency updates aren't yet supported.
`#updated_dependencies_after_full_unlock` And updated set of dependencies after a full unlock and update has taken place. Not required if `latest_version_resolvable_with_full_unlock?` always returns false.

To ensure the above are implemented, you should include it_behaves_like "a dependency update checker" in your specs for the new update checker.

Writing update checkers generally gets tricky when resolvability has to be taken into account. It is almost always easiest to do so in the language your update checker relates to, so you may wish to shell out to that language. See UpdateCheckers::Php::Composer for an example of how to do so.