class Dependabot::Maven::UpdateChecker
Public Instance Methods
latest_resolvable_version()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 18 def latest_resolvable_version # Maven's version resolution algorithm is very simple: it just uses # the version defined "closest", with the first declaration winning # if two declarations are equally close. As a result, we can just # return that latest version unless dealing with a property dep. # https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies return nil if version_comes_from_multi_dependency_property? latest_version end
latest_resolvable_version_with_no_unlock()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 37 def latest_resolvable_version_with_no_unlock # Irrelevant, since Maven has a single dependency file (the pom.xml). # # For completeness we ought to resolve the pom.xml and return the # latest version that satisfies the current constraint AND any # constraints placed on it by other dependencies. Seeing as we're # never going to take any action as a result, though, we just return # nil. nil end
latest_version()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 14 def latest_version latest_version_details&.fetch(:version) end
lowest_resolvable_security_fix_version()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 33 def lowest_resolvable_security_fix_version lowest_security_fix_version end
lowest_security_fix_version()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 29 def lowest_security_fix_version lowest_security_fix_version_details&.fetch(:version) end
requirements_unlocked_or_can_be?()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 61 def requirements_unlocked_or_can_be? declarations_using_a_property.none? do |requirement| prop_name = requirement.dig(:metadata, :property_name) pom = dependency_files.find { |f| f.name == requirement[:file] } declaration_pom_name = property_value_finder. property_details(property_name: prop_name, callsite_pom: pom)&. fetch(:file) declaration_pom_name == "remote_pom.xml" || declaration_pom_name&.end_with?("pom_parent.xml") end end
updated_requirements()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 48 def updated_requirements property_names = declarations_using_a_property. map { |req| req.dig(:metadata, :property_name) } RequirementsUpdater.new( requirements: dependency.requirements, latest_version: preferred_resolvable_version&.to_s, source_url: preferred_version_details&.fetch(:source_url), properties_to_update: property_names ).updated_requirements end
Private Instance Methods
all_property_based_dependencies()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 168 def all_property_based_dependencies @all_property_based_dependencies ||= Maven::FileParser.new( dependency_files: dependency_files, source: nil ).parse.select do |dep| dep.requirements.any? { |req| req.dig(:metadata, :property_name) } end end
declarations_using_a_property()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 162 def declarations_using_a_property @declarations_using_a_property ||= dependency.requirements. select { |req| req.dig(:metadata, :property_name) } end
latest_version_details()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 106 def latest_version_details @latest_version_details ||= version_finder.latest_version_details end
latest_version_resolvable_with_full_unlock?()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 78 def latest_version_resolvable_with_full_unlock? return false unless version_comes_from_multi_dependency_property? property_updater.update_possible? end
lowest_security_fix_version_details()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 110 def lowest_security_fix_version_details @lowest_security_fix_version_details ||= version_finder.lowest_security_fix_version_details end
numeric_version_can_update?(requirements_to_unlock:)
click to toggle source
Calls superclass method
# File lib/dependabot/maven/update_checker.rb, line 94 def numeric_version_can_update?(requirements_to_unlock:) return false unless version_class.correct?(dependency.version) super end
numeric_version_up_to_date?()
click to toggle source
Calls superclass method
# File lib/dependabot/maven/update_checker.rb, line 88 def numeric_version_up_to_date? return false unless version_class.correct?(dependency.version) super end
preferred_version_details()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 100 def preferred_version_details return lowest_security_fix_version_details if vulnerable? latest_version_details end
property_updater()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 127 def property_updater @property_updater ||= PropertyUpdater.new( dependency: dependency, dependency_files: dependency_files, target_version_details: latest_version_details, credentials: credentials, ignored_versions: ignored_versions ) end
property_value_finder()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 138 def property_value_finder @property_value_finder ||= Maven::FileParser::PropertyValueFinder. new(dependency_files: dependency_files) end
updated_dependencies_after_full_unlock()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 84 def updated_dependencies_after_full_unlock property_updater.updated_dependencies end
version_comes_from_multi_dependency_property?()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 144 def version_comes_from_multi_dependency_property? declarations_using_a_property.any? do |requirement| property_name = requirement.fetch(:metadata).fetch(:property_name) property_source = requirement.fetch(:metadata). fetch(:property_source) all_property_based_dependencies.any? do |dep| next false if dep.name == dependency.name dep.requirements.any? do |req| next unless req.dig(:metadata, :property_name) == property_name req.dig(:metadata, :property_source) == property_source end end end end
version_finder()
click to toggle source
# File lib/dependabot/maven/update_checker.rb, line 115 def version_finder @version_finder ||= VersionFinder.new( dependency: dependency, dependency_files: dependency_files, credentials: credentials, ignored_versions: ignored_versions, raise_on_ignored: raise_on_ignored, security_advisories: security_advisories ) end