class Dependabot::Cargo::UpdateChecker::LatestVersionFinder

Attributes

credentials[R]
dependency[R]
dependency_files[R]
ignored_versions[R]
security_advisories[R]

Public Class Methods

new(dependency:, dependency_files:, credentials:, ignored_versions:, raise_on_ignored: false, security_advisories:) click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 11
def initialize(dependency:, dependency_files:, credentials:,
               ignored_versions:, raise_on_ignored: false,
               security_advisories:)
  @dependency          = dependency
  @dependency_files    = dependency_files
  @credentials         = credentials
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
end

Public Instance Methods

latest_version() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 22
def latest_version
  @latest_version ||= fetch_latest_version
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 26
def lowest_security_fix_version
  @lowest_security_fix_version ||= fetch_lowest_security_fix_version
end

Private Instance Methods

available_versions() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 76
def available_versions
  crates_listing.
    fetch("versions", []).
    reject { |v| v["yanked"] }.
    map { |v| version_class.new(v.fetch("num")) }
end
crates_listing() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 83
def crates_listing
  return @crates_listing unless @crates_listing.nil?

  response = Excon.get(
    "https://crates.io/api/v1/crates/#{dependency.name}",
    idempotent: true,
    **SharedHelpers.excon_defaults
  )

  @crates_listing = JSON.parse(response.body)
rescue Excon::Error::Timeout
  retrying ||= false
  raise if retrying

  retrying = true
  sleep(rand(1.0..5.0)) && retry
end
fetch_latest_version() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 35
def fetch_latest_version
  versions = available_versions
  versions = filter_prerelease_versions(versions)
  versions = filter_ignored_versions(versions)
  versions.max
end
fetch_lowest_security_fix_version() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 42
def fetch_lowest_security_fix_version
  versions = available_versions
  versions = filter_prerelease_versions(versions)
  versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(versions,
                                                                                   security_advisories)
  versions = filter_ignored_versions(versions)
  versions = filter_lower_versions(versions)

  versions.min
end
filter_ignored_versions(versions_array) click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 59
def filter_ignored_versions(versions_array)
  filtered = versions_array.
             reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
    raise Dependabot::AllVersionsIgnored
  end

  filtered
end
filter_lower_versions(versions_array) click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 69
def filter_lower_versions(versions_array)
  return versions_array unless dependency.version && version_class.correct?(dependency.version)

  versions_array.
    select { |version| version > version_class.new(dependency.version) }
end
filter_prerelease_versions(versions_array) click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 53
def filter_prerelease_versions(versions_array)
  return versions_array if wants_prerelease?

  versions_array.reject(&:prerelease?)
end
ignore_requirements() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 113
def ignore_requirements
  ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
end
requirement_class() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 121
def requirement_class
  Utils.requirement_class_for_package_manager(
    dependency.package_manager
  )
end
version_class() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 117
def version_class
  Utils.version_class_for_package_manager(dependency.package_manager)
end
wants_prerelease?() click to toggle source
# File lib/dependabot/cargo/update_checker/latest_version_finder.rb, line 101
def wants_prerelease?
  if dependency.version &&
     version_class.new(dependency.version).prerelease?
    return true
  end

  dependency.requirements.any? do |req|
    reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
    reqs.any? { |r| r.match?(/[A-Za-z]/) }
  end
end