class Dependabot::GoModules::UpdateChecker::LatestVersionFinder
Constants
- PSEUDO_VERSION_REGEX
- RESOLVABILITY_ERROR_REGEXES
Attributes
credentials[R]
dependency[R]
dependency_files[R]
ignored_versions[R]
security_advisories[R]
Public Class Methods
new(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 28 def initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false) @dependency = dependency @dependency_files = dependency_files @credentials = credentials @ignored_versions = ignored_versions @security_advisories = security_advisories @raise_on_ignored = raise_on_ignored end
Public Instance Methods
latest_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 38 def latest_version @latest_version ||= fetch_latest_version end
lowest_security_fix_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 42 def lowest_security_fix_version @lowest_security_fix_version ||= fetch_lowest_security_fix_version end
Private Instance Methods
available_versions()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 73 def available_versions SharedHelpers.in_a_temporary_directory do SharedHelpers.with_git_configured(credentials: credentials) do File.write("go.mod", go_mod.content) # Turn off the module proxy for now, as it's causing issues with # private git dependencies env = { "GOPRIVATE" => "*" } version_strings = SharedHelpers.run_helper_subprocess( command: NativeHelpers.helper_path, env: env, function: "getVersions", args: { dependency: { name: dependency.name, version: "v" + dependency.version } } ) return [version_class.new(dependency.version)] if version_strings.nil? version_strings.select { |v| version_class.correct?(v) }. map { |v| version_class.new(v) } end end rescue SharedHelpers::HelperSubprocessFailed => e retry_count ||= 0 retry_count += 1 retry if transitory_failure?(e) && retry_count < 2 handle_subprocess_error(e) end
fetch_latest_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 50 def fetch_latest_version return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX candidate_versions = available_versions candidate_versions = filter_prerelease_versions(candidate_versions) candidate_versions = filter_ignored_versions(candidate_versions) candidate_versions.max end
fetch_lowest_security_fix_version()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 60 def fetch_lowest_security_fix_version return dependency.version if dependency.version =~ PSEUDO_VERSION_REGEX relevant_versions = available_versions relevant_versions = filter_prerelease_versions(relevant_versions) relevant_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(relevant_versions, security_advisories) relevant_versions = filter_ignored_versions(relevant_versions) relevant_versions = filter_lower_versions(relevant_versions) relevant_versions.min end
filter_ignored_versions(versions_array)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 139 def filter_ignored_versions(versions_array) filtered = versions_array. reject { |v| ignore_requirements.any? { |r| r.satisfied_by?(v) } } if @raise_on_ignored && filter_lower_versions(filtered).empty? && filter_lower_versions(versions_array).any? raise AllVersionsIgnored end filtered end
filter_lower_versions(versions_array)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 132 def filter_lower_versions(versions_array) return versions_array unless dependency.version && version_class.correct?(dependency.version) versions_array. select { |version| version > version_class.new(dependency.version) } end
filter_prerelease_versions(versions_array)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 126 def filter_prerelease_versions(versions_array) return versions_array if wants_prerelease? versions_array.reject(&:prerelease?) end
go_mod()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 122 def go_mod @go_mod ||= dependency_files.find { |f| f.name == "go.mod" } end
handle_subprocess_error(error)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 108 def handle_subprocess_error(error) if RESOLVABILITY_ERROR_REGEXES.any? { |rgx| error.message =~ rgx } ResolvabilityErrors.handle(error.message, credentials: credentials) end raise end
ignore_requirements()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 158 def ignore_requirements ignored_versions.flat_map { |req| requirement_class.requirements_array(req) } end
requirement_class()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 162 def requirement_class Utils.requirement_class_for_package_manager( dependency.package_manager ) end
transitory_failure?(error)
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 116 def transitory_failure?(error) return true if error.message.include?("EOF") error.message.include?("Internal Server Error") end
version_class()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 168 def version_class Utils.version_class_for_package_manager(dependency.package_manager) end
wants_prerelease?()
click to toggle source
# File lib/dependabot/go_modules/update_checker/latest_version_finder.rb, line 149 def wants_prerelease? @wants_prerelease ||= begin current_version = dependency.version current_version && version_class.correct?(current_version) && version_class.new(current_version).prerelease? end end