class Dependabot::GoModules::UpdateChecker

Public Instance Methods

latest_resolvable_version() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 15
def latest_resolvable_version
  # We don't yet support updating indirect dependencies for go_modules
  #
  # To update indirect dependencies we'll need to promote the indirect
  # dependency to the go.mod file forcing the resolver to pick this
  # version (possibly as `// indirect`)
  unless dependency.top_level?
    return unless dependency.version

    return version_class.new(dependency.version)
  end

  latest_version_finder.latest_version
end
latest_resolvable_version_with_no_unlock() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 53
def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Go modules uses a single dependency file
  nil
end
latest_version() click to toggle source

This is currently used to short-circuit latest_resolvable_version, with the assumption that it'll be quicker than checking resolvability. As this is quite quick in Go anyway, we just alias.

# File lib/dependabot/go_modules/update_checker.rb, line 33
def latest_version
  latest_resolvable_version
end
lowest_resolvable_security_fix_version() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 37
def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?

  unless dependency.top_level?
    return unless dependency.version

    return version_class.new(dependency.version)
  end

  lowest_security_fix_version
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 49
def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end
updated_requirements() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 58
def updated_requirements
  dependency.requirements.map do |req|
    req.merge(requirement: latest_version)
  end
end

Private Instance Methods

default_source() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 110
def default_source
  { type: "default", source: dependency.name }
end
existing_version_is_sha?() click to toggle source

Override the base class's check for whether this is a git dependency, since not all dep git dependencies have a SHA version (sometimes their version is the tag)

# File lib/dependabot/go_modules/update_checker.rb, line 90
def existing_version_is_sha?
  git_dependency?
end
git_commit_checker() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 114
def git_commit_checker
  @git_commit_checker ||=
    GitCommitChecker.new(
      dependency: dependency,
      credentials: credentials,
      ignored_versions: ignored_versions,
      raise_on_ignored: raise_on_ignored
    )
end
git_dependency?() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 106
def git_dependency?
  git_commit_checker.git_dependency?
end
latest_version_finder() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 66
def latest_version_finder
  @latest_version_finder ||=
    LatestVersionFinder.new(
      dependency: dependency,
      dependency_files: dependency_files,
      credentials: credentials,
      ignored_versions: ignored_versions,
      security_advisories: security_advisories,
      raise_on_ignored: raise_on_ignored
    )
end
latest_version_resolvable_with_full_unlock?() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 78
def latest_version_resolvable_with_full_unlock?
  # Full unlock checks aren't implemented for Go (yet)
  false
end
library?() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 94
def library?
  dependency_files.none? { |f| f.type == "package_main" }
end
updated_dependencies_after_full_unlock() click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 83
def updated_dependencies_after_full_unlock
  raise NotImplementedError
end
version_from_tag(tag) click to toggle source
# File lib/dependabot/go_modules/update_checker.rb, line 98
def version_from_tag(tag)
  # To compare with the current version we either use the commit SHA
  # (if that's what the parser picked up) or the tag name.
  return tag&.fetch(:commit_sha) if dependency.version&.match?(/^[0-9a-f]{40}$/)

  tag&.fetch(:tag)
end