class Dependabot::GoModules::UpdateChecker
Public Instance Methods
latest_resolvable_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 15 def latest_resolvable_version # We don't yet support updating indirect dependencies for go_modules # # To update indirect dependencies we'll need to promote the indirect # dependency to the go.mod file forcing the resolver to pick this # version (possibly as `// indirect`) unless dependency.top_level? return unless dependency.version return version_class.new(dependency.version) end latest_version_finder.latest_version end
latest_resolvable_version_with_no_unlock()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 53 def latest_resolvable_version_with_no_unlock # Irrelevant, since Go modules uses a single dependency file nil end
latest_version()
click to toggle source
This is currently used to short-circuit latest_resolvable_version
, with the assumption that it'll be quicker than checking resolvability. As this is quite quick in Go anyway, we just alias.
# File lib/dependabot/go_modules/update_checker.rb, line 33 def latest_version latest_resolvable_version end
lowest_resolvable_security_fix_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 37 def lowest_resolvable_security_fix_version raise "Dependency not vulnerable!" unless vulnerable? unless dependency.top_level? return unless dependency.version return version_class.new(dependency.version) end lowest_security_fix_version end
lowest_security_fix_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 49 def lowest_security_fix_version latest_version_finder.lowest_security_fix_version end
updated_requirements()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 58 def updated_requirements dependency.requirements.map do |req| req.merge(requirement: latest_version) end end
Private Instance Methods
default_source()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 110 def default_source { type: "default", source: dependency.name } end
existing_version_is_sha?()
click to toggle source
Override the base class's check for whether this is a git dependency, since not all dep git dependencies have a SHA version (sometimes their version is the tag)
# File lib/dependabot/go_modules/update_checker.rb, line 90 def existing_version_is_sha? git_dependency? end
git_commit_checker()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 114 def git_commit_checker @git_commit_checker ||= GitCommitChecker.new( dependency: dependency, credentials: credentials, ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored ) end
git_dependency?()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 106 def git_dependency? git_commit_checker.git_dependency? end
latest_version_finder()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 66 def latest_version_finder @latest_version_finder ||= LatestVersionFinder.new( dependency: dependency, dependency_files: dependency_files, credentials: credentials, ignored_versions: ignored_versions, security_advisories: security_advisories, raise_on_ignored: raise_on_ignored ) end
latest_version_resolvable_with_full_unlock?()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 78 def latest_version_resolvable_with_full_unlock? # Full unlock checks aren't implemented for Go (yet) false end
library?()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 94 def library? dependency_files.none? { |f| f.type == "package_main" } end
updated_dependencies_after_full_unlock()
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 83 def updated_dependencies_after_full_unlock raise NotImplementedError end
version_from_tag(tag)
click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 98 def version_from_tag(tag) # To compare with the current version we either use the commit SHA # (if that's what the parser picked up) or the tag name. return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/) tag&.fetch(:tag) end