Class: Dependabot::UpdateCheckers::JavaScript::NpmAndYarn::LatestVersionFinder

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb

Defined Under Namespace

Classes: RegistryError

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, ignored_versions:) ⇒ LatestVersionFinder

Returns a new instance of LatestVersionFinder.



18
19
20
21
22
23
24
 
# File 'lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb', line 18

def initialize(dependency:, credentials:, dependency_files:,
               ignored_versions:)
  @dependency       = dependency
  @credentials      = credentials
  @dependency_files = dependency_files
  @ignored_versions = ignored_versions
end

Instance Method Details

#latest_resolvable_version_with_no_unlockObject 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb', line 40

def latest_resolvable_version_with_no_unlock
  return unless npm_details

  if specified_dist_tag_requirement?
    return version_from_dist_tags(npm_details)
  end

  reqs = dependency.requirements.map do |r|
    Utils::JavaScript::Requirement.
      requirements_array(r.fetch(:requirement))
  end.compact

  possible_versions.
    find do |version|
      reqs.all? { |r| r.any? { |opt| opt.satisfied_by?(version) } } &&
        !yanked?(version)
    end
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#latest_version_details_from_registryObject 



26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb', line 26

def latest_version_details_from_registry
  return nil unless npm_details&.fetch("dist-tags", nil)

  dist_tag_version = version_from_dist_tags(npm_details)
  return { version: dist_tag_version } if dist_tag_version
  return nil if specified_dist_tag_requirement?

  { version: version_from_versions_array }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Custom registries can be flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#possible_versionsObject 



63
64
65
66
67
68
69
70
 
# File 'lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb', line 63

def possible_versions
  npm_details.fetch("versions", {}).
    reject { |_, details| details["deprecated"] }.
    keys.map { |v| version_class.new(v) }.
    reject { |v| v.prerelease? && !related_to_current_pre?(v) }.
    reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }.
    sort.reverse
end

#possible_versions_with_detailsObject 



72
73
74
75
76
77
78
79
 
# File 'lib/dependabot/update_checkers/java_script/npm_and_yarn/latest_version_finder.rb', line 72

def possible_versions_with_details
  npm_details.fetch("versions", {}).
    reject { |_, details| details["deprecated"] }.
    transform_keys { |k| version_class.new(k) }.
    reject { |k, _| k.prerelease? && !related_to_current_pre?(k) }.
    reject { |k, _| ignore_reqs.any? { |r| r.satisfied_by?(k) } }.
    sort_by(&:first).reverse
end