class Dependabot::Dep::UpdateChecker
Public Instance Methods
latest_resolvable_version()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 25 def latest_resolvable_version # We don't yet support updating indirect dependencies for dep return dependency.version unless dependency.top_level? @latest_resolvable_version ||= if modules_dependency? latest_version elsif git_dependency? latest_resolvable_version_for_git_dependency else latest_resolvable_released_version(unlock_requirement: true) end end
latest_resolvable_version_with_no_unlock()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 39 def latest_resolvable_version_with_no_unlock # We don't yet support updating indirect dependencies for dep return dependency.version unless dependency.top_level? @latest_resolvable_version_with_no_unlock ||= if git_dependency? latest_resolvable_commit_with_unchanged_git_source else latest_resolvable_released_version(unlock_requirement: false) end end
latest_version()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 15 def latest_version @latest_version ||= LatestVersionFinder.new( dependency: dependency, dependency_files: dependency_files, credentials: credentials, ignored_versions: ignored_versions ).latest_version end
requirements_update_strategy()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 62 def requirements_update_strategy # If passed in as an option (in the base class) honour that option return @requirements_update_strategy.to_sym if @requirements_update_strategy # Otherwise, widen ranges for libraries and bump versions for apps library? ? :widen_ranges : :bump_versions end
updated_requirements()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 51 def updated_requirements @updated_requirements ||= RequirementsUpdater.new( requirements: dependency.requirements, updated_source: updated_source, update_strategy: requirements_update_strategy, latest_version: latest_version&.to_s, latest_resolvable_version: latest_resolvable_version&.to_s ).updated_requirements end
Private Instance Methods
default_source()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 263 def default_source return { type: "default", source: dependency.name } if modules_dependency? original_declaration = parsed_file(manifest). values_at(*Dep::FileParser::REQUIREMENT_TYPES). flatten.compact. find { |d| d["name"] == dependency.name } { type: "default", source: original_declaration&.fetch("source", nil) || dependency.name } end
dependency_in_gopkg_lock?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 250 def dependency_in_gopkg_lock? lockfile = dependency_files.find { |f| f.name == "Gopkg.lock" } return false unless lockfile parsed_file(lockfile).fetch("projects", []).any? do |details| details.fetch("name") == dependency.name end end
dependency_source_details()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 227 def dependency_source_details sources = dependency.requirements.map { |r| r.fetch(:source) }.uniq.compact raise "Multiple sources! #{sources.join(', ')}" if sources.count > 1 sources.first end
existing_version_is_sha?()
click to toggle source
Override the base class's check for whether this is a git dependency, since not all dep git dependencies have a SHA version (sometimes their version is the tag)
Calls superclass method
# File lib/dependabot/dep/update_checker.rb, line 84 def existing_version_is_sha? return git_dependency? if dependency.top_level? super end
git_branch_or_ref_in_release?(release)
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 279 def git_branch_or_ref_in_release?(release) return false unless release git_commit_checker.branch_or_ref_in_release?(release) end
git_commit_checker()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 294 def git_commit_checker @git_commit_checker ||= GitCommitChecker.new( dependency: dependency, credentials: credentials, ignored_versions: ignored_versions ) end
git_dependency?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 259 def git_dependency? git_commit_checker.git_dependency? end
latest_git_tag_is_resolvable?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 178 def latest_git_tag_is_resolvable? return @git_tag_resolvable if @latest_git_tag_is_resolvable_checked @latest_git_tag_is_resolvable_checked = true return false if git_commit_checker.local_tag_for_latest_version.nil? replacement_tag = git_commit_checker.local_tag_for_latest_version prepared_files = FilePreparer.new( dependency: dependency, dependency_files: dependency_files, unlock_requirement: false, remove_git_source: false, replacement_git_pin: replacement_tag.fetch(:tag) ).prepared_dependency_files VersionResolver.new( dependency: dependency, dependency_files: prepared_files, credentials: credentials ).latest_resolvable_version @git_tag_resolvable = true rescue SharedHelpers::HelperSubprocessFailed => e # This should rescue resolvability errors in future raise unless e.message.include?("Solving failure") @git_tag_resolvable = false end
latest_resolvable_commit_with_unchanged_git_source()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 133 def latest_resolvable_commit_with_unchanged_git_source return @latest_resolvable_commit_with_unchanged_git_source if @commit_lookup_attempted @commit_lookup_attempted = true @latest_resolvable_commit_with_unchanged_git_source ||= begin prepared_files = FilePreparer.new( dependency_files: dependency_files, dependency: dependency, unlock_requirement: false, remove_git_source: false, latest_allowable_version: latest_version ).prepared_dependency_files VersionResolver.new( dependency: dependency, dependency_files: prepared_files, credentials: credentials ).latest_resolvable_version end rescue SharedHelpers::HelperSubprocessFailed => e # This should rescue resolvability errors in future raise unless e.message.include?("Solving failure") end
latest_resolvable_released_version(unlock_requirement:)
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 158 def latest_resolvable_released_version(unlock_requirement:) @latest_resolvable_released_version ||= {} @latest_resolvable_released_version[unlock_requirement] ||= begin prepared_files = FilePreparer.new( dependency_files: dependency_files, dependency: dependency, unlock_requirement: unlock_requirement, remove_git_source: git_dependency?, latest_allowable_version: latest_version ).prepared_dependency_files VersionResolver.new( dependency: dependency, dependency_files: prepared_files, credentials: credentials ).latest_resolvable_version end end
latest_resolvable_version_for_git_dependency()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 94 def latest_resolvable_version_for_git_dependency return latest_version if modules_dependency? latest_release = begin latest_resolvable_released_version(unlock_requirement: true) rescue SharedHelpers::HelperSubprocessFailed => e raise unless e.message.include?("Solving failure") end # If there's a resolvable release that includes the current pinned # ref or that the current branch is behind, we switch to that release. return latest_release if git_branch_or_ref_in_release?(latest_release) # Otherwise, if the gem isn't pinned, the latest version is just the # latest commit for the specified branch. return latest_resolvable_commit_with_unchanged_git_source unless git_commit_checker.pinned? # If the dependency is pinned to a tag that looks like a version then # we want to update that tag. if git_commit_checker.pinned_ref_looks_like_version? && latest_git_tag_is_resolvable? new_tag = git_commit_checker.local_tag_for_latest_version return version_from_tag(new_tag) end # If the dependency is pinned to a tag that doesn't look like a # version then there's nothing we can do. nil end
latest_version_resolvable_with_full_unlock?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 72 def latest_version_resolvable_with_full_unlock? # Full unlock checks aren't implemented for Go (yet) false end
library?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 90 def library? dependency_files.none? { |f| f.type == "package_main" } end
manifest()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 290 def manifest @manifest ||= dependency_files.find { |f| f.name == "Gopkg.toml" } end
modules_dependency?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 243 def modules_dependency? # If dep is being used then we use that to determine the latest # version we can update to (since it will have resolvability # requirements, whereas Go modules won't) !dependency_in_gopkg_lock? end
parsed_file(file)
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 285 def parsed_file(file) @parsed_file ||= {} @parsed_file[file.name] ||= TomlRB.parse(file.content) end
should_switch_source_from_ref_to_release?()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 236 def should_switch_source_from_ref_to_release? return false unless git_dependency? return false if latest_resolvable_version_for_git_dependency.nil? Gem::Version.correct?(latest_resolvable_version_for_git_dependency) end
updated_dependencies_after_full_unlock()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 77 def updated_dependencies_after_full_unlock raise NotImplementedError end
updated_source()
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 209 def updated_source # Never need to update source, unless a git_dependency return dependency_source_details unless git_dependency? # Source becomes `nil` if switching to default rubygems return default_source if should_switch_source_from_ref_to_release? # Update the git tag if updating a pinned version if git_commit_checker.pinned_ref_looks_like_version? && latest_git_tag_is_resolvable? new_tag = git_commit_checker.local_tag_for_latest_version return dependency_source_details.merge(ref: new_tag.fetch(:tag)) end # Otherwise return the original source dependency_source_details end
version_from_tag(tag)
click to toggle source
# File lib/dependabot/dep/update_checker.rb, line 125 def version_from_tag(tag) # To compare with the current version we either use the commit SHA # (if that's what the parser picked up) of the tag name. return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/) tag&.fetch(:tag) end