class Dependabot::Gradle::UpdateChecker

Public Instance Methods

latest_resolvable_version() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 20
def latest_resolvable_version
  # TODO: Resolve the build.gradle to find the latest version we could
  # update to without updating any other dependencies at the same time.
  #
  # The above is hard. Currently we just return the latest version and
  # hope (hence this package manager is in beta!)
  return if git_dependency?
  return nil if version_comes_from_multi_dependency_property?
  return nil if version_comes_from_dependency_set?

  latest_version
end
latest_resolvable_version_with_no_unlock() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 45
def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Gradle has a single dependency file.
  #
  # For completeness we ought to resolve the build.gradle and return the
  # latest version that satisfies the current constraint AND any
  # constraints placed on it by other dependencies. Seeing as we're
  # never going to take any action as a result, though, we just return
  # nil.
  nil
end
latest_version() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 14
def latest_version
  return if git_dependency?

  latest_version_details&.fetch(:version)
end
lowest_resolvable_security_fix_version() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 37
def lowest_resolvable_security_fix_version
  return if git_dependency?
  return nil if version_comes_from_multi_dependency_property?
  return nil if version_comes_from_dependency_set?

  lowest_security_fix_version
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 33
def lowest_security_fix_version
  lowest_security_fix_version_details&.fetch(:version)
end
requirements_unlocked_or_can_be?() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 69
def requirements_unlocked_or_can_be?
  # If the dependency version come from a property we couldn't
  # interpolate then there's nothing we can do.
  !dependency.version.include?("$")
end
updated_requirements() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 56
def updated_requirements
  property_names =
    declarations_using_a_property.
    map { |req| req.dig(:metadata, :property_name) }

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version&.to_s,
    source_url: preferred_version_details&.fetch(:source_url),
    properties_to_update: property_names
  ).updated_requirements
end

Private Instance Methods

all_property_based_dependencies() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 179
def all_property_based_dependencies
  @all_property_based_dependencies ||=
    Gradle::FileParser.new(
      dependency_files: dependency_files,
      source: nil
    ).parse.select do |dep|
      dep.requirements.any? { |req| req.dig(:metadata, :property_name) }
    end
end
declarations_using_a_property() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 173
def declarations_using_a_property
  @declarations_using_a_property ||=
    dependency.requirements.
    select { |req| req.dig(:metadata, :property_name) }
end
git_commit_checker() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 145
def git_commit_checker
  @git_commit_checker ||=
    GitCommitChecker.new(
      dependency: dependency,
      credentials: credentials
    )
end
git_dependency?() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 141
def git_dependency?
  git_commit_checker.git_dependency?
end
latest_version_details() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 108
def latest_version_details
  @latest_version_details ||= version_finder.latest_version_details
end
latest_version_resolvable_with_full_unlock?() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 77
def latest_version_resolvable_with_full_unlock?
  unless version_comes_from_multi_dependency_property? ||
         version_comes_from_dependency_set?
    return false
  end

  multi_dependency_updater.update_possible?
end
lowest_security_fix_version_details() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 112
def lowest_security_fix_version_details
  @lowest_security_fix_version_details ||=
    version_finder.lowest_security_fix_version_details
end
multi_dependency_updater() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 129
def multi_dependency_updater
  @multi_dependency_updater ||=
    MultiDependencyUpdater.new(
      dependency: dependency,
      dependency_files: dependency_files,
      credentials: credentials,
      target_version_details: latest_version_details,
      ignored_versions: ignored_versions,
      raise_on_ignored: raise_on_ignored
    )
end
numeric_version_can_update?(requirements_to_unlock:) click to toggle source
Calls superclass method
# File lib/dependabot/gradle/update_checker.rb, line 96
def numeric_version_can_update?(requirements_to_unlock:)
  return false unless version_class.correct?(dependency.version)

  super
end
numeric_version_up_to_date?() click to toggle source
Calls superclass method
# File lib/dependabot/gradle/update_checker.rb, line 90
def numeric_version_up_to_date?
  return false unless version_class.correct?(dependency.version)

  super
end
preferred_version_details() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 102
def preferred_version_details
  return lowest_security_fix_version_details if vulnerable?

  latest_version_details
end
updated_dependencies_after_full_unlock() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 86
def updated_dependencies_after_full_unlock
  multi_dependency_updater.updated_dependencies
end
version_comes_from_dependency_set?() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 167
def version_comes_from_dependency_set?
  dependency.requirements.any? do |req|
    req.dig(:metadata, :dependency_set)
  end
end
version_comes_from_multi_dependency_property?() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 153
def version_comes_from_multi_dependency_property?
  declarations_using_a_property.any? do |requirement|
    property_name = requirement.fetch(:metadata).fetch(:property_name)

    all_property_based_dependencies.any? do |dep|
      next false if dep.name == dependency.name

      dep.requirements.any? do |req|
        req.dig(:metadata, :property_name) == property_name
      end
    end
  end
end
version_finder() click to toggle source
# File lib/dependabot/gradle/update_checker.rb, line 117
def version_finder
  @version_finder ||=
    VersionFinder.new(
      dependency: dependency,
      dependency_files: dependency_files,
      credentials: credentials,
      ignored_versions: ignored_versions,
      raise_on_ignored: raise_on_ignored,
      security_advisories: security_advisories
    )
end