class Dependabot::GoModules::UpdateChecker::LatestVersionFinder

Constants

PSEUDO_VERSION_REGEX
RESOLVABILITY_ERROR_REGEXES

Attributes

credentials[R]
dependency[R]
dependency_files[R]
ignored_versions[R]
security_advisories[R]

Public Class Methods

new(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 28
def initialize(dependency:, dependency_files:, credentials:,
               ignored_versions:, security_advisories:, raise_on_ignored: false)
  @dependency          = dependency
  @dependency_files    = dependency_files
  @credentials         = credentials
  @ignored_versions    = ignored_versions
  @security_advisories = security_advisories
  @raise_on_ignored    = raise_on_ignored
end

Public Instance Methods

latest_version() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 38
def latest_version
  @latest_version ||= fetch_latest_version
end
lowest_security_fix_version() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 42
def lowest_security_fix_version
  @lowest_security_fix_version ||= fetch_lowest_security_fix_version
end

Private Instance Methods

available_versions() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 73
def available_versions
  SharedHelpers.in_a_temporary_directory do
    SharedHelpers.with_git_configured(credentials: credentials) do
      File.write("go.mod", go_mod.content)

      # Turn off the module proxy for now, as it's causing issues with
      # private git dependencies
      env = { "GOPRIVATE" => "*" }

      version_strings = SharedHelpers.run_helper_subprocess(
        command: NativeHelpers.helper_path,
        env: env,
        function: "getVersions",
        args: {
          dependency: {
            name: dependency.name,
            version: "v" + dependency.version
          }
        }
      )

      return [version_class.new(dependency.version)] if version_strings.nil?

      version_strings.select { |v| version_class.correct?(v) }.
        map { |v| version_class.new(v) }
    end
  end
rescue SharedHelpers::HelperSubprocessFailed => e
  retry_count ||= 0
  retry_count += 1
  retry if transitory_failure?(e) && retry_count < 2

  handle_subprocess_error(e)
end
fetch_latest_version() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 50
def fetch_latest_version
  return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX

  candidate_versions = available_versions
  candidate_versions = filter_prerelease_versions(candidate_versions)
  candidate_versions = filter_ignored_versions(candidate_versions)

  candidate_versions.max
end
fetch_lowest_security_fix_version() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 60
def fetch_lowest_security_fix_version
  return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX

  relevant_versions = available_versions
  relevant_versions = filter_prerelease_versions(relevant_versions)
  relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions,
                                                                                            security_advisories)
  relevant_versions = filter_ignored_versions(relevant_versions)
  relevant_versions = filter_lower_versions(relevant_versions)

  relevant_versions.min
end
filter_ignored_versions(versions_array) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 139
def filter_ignored_versions(versions_array)
  filtered = versions_array.
             reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } }
  if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any?
    raise AllVersionsIgnored
  end

  filtered
end
filter_lower_versions(versions_array) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 132
def filter_lower_versions(versions_array)
  return versions_array unless dependency.version && version_class.correct?(dependency.version)

  versions_array.
    select { |version| version > version_class.new(dependency.version) }
end
filter_prerelease_versions(versions_array) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 126
def filter_prerelease_versions(versions_array)
  return versions_array if wants_prerelease?

  versions_array.reject(&:prerelease?)
end
go_mod() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 122
def go_mod
  @go_mod ||= dependency_files.find { |f| f.name == "go.mod" }
end
handle_subprocess_error(error) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 108
def handle_subprocess_error(error)
  if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx }
    ResolvabilityErrors.handle(error.message, credentials: credentials)
  end

  raise
end
ignore_requirements() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 158
def ignore_requirements
  ignored_versions.flat_map { |req| requirement_class.requirements_array(req) }
end
requirement_class() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 162
def requirement_class
  Utils.requirement_class_for_package_manager(
    dependency.package_manager
  )
end
transitory_failure?(error) click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 116
def transitory_failure?(error)
  return true if error.message.include?("EOF")

  error.message.include?("Internal Server Error")
end
version_class() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 168
def version_class
  Utils.version_class_for_package_manager(dependency.package_manager)
end
wants_prerelease?() click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 149
def wants_prerelease?
  @wants_prerelease ||=
    begin
      current_version = dependency.version
      current_version && version_class.correct?(current_version) &&
        version_class.new(current_version).prerelease?
    end
end