Class: Dependabot::Bundler::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Bundler::UpdateChecker

Defined in:

lib/dependabot/bundler/update_checker.rb,
lib/dependabot/bundler/update_checker/file_preparer.rb,
lib/dependabot/bundler/update_checker/force_updater.rb,
lib/dependabot/bundler/update_checker/version_resolver.rb,
lib/dependabot/bundler/update_checker/requirements_updater.rb,
lib/dependabot/bundler/update_checker/latest_version_finder.rb,
lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb,
lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb,
lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb

Defined Under Namespace

Modules: SharedBundlerHelpers Classes: ConflictingDependencyResolver, FilePreparer, ForceUpdater, LatestVersionFinder, RequirementsUpdater, VersionResolver

Instance Method Summary

• #conflicting_dependencies ⇒ Object
• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #requirements_update_strategy ⇒ Object
• #updated_requirements ⇒ Object

Instance Method Details

#conflicting_dependencies ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 109

def conflicting_dependencies
  ConflictingDependencyResolver.new(
    dependency_files: dependency_files,
    repo_contents_path: repo_contents_path,
    credentials: credentials
  ).conflicting_dependencies(
    dependency: dependency,
    target_version: lowest_security_fix_version
  )
end

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 24

def latest_resolvable_version
  return latest_resolvable_version_for_git_dependency if git_dependency?

  latest_resolvable_version_details&.fetch(:version)
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 47

def latest_resolvable_version_with_no_unlock
  current_ver = dependency.version
  return current_ver if git_dependency? && git_commit_checker.pinned?

  @latest_resolvable_version_detail_with_no_unlock ||=
    version_resolver(remove_git_source: false, unlock_requirement: false).
    latest_resolvable_version_details

  if git_dependency?
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
  else
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:version)
  end
end

#latest_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 18

def latest_version
  return latest_version_for_git_dependency if git_dependency?

  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 35

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?
  return latest_resolvable_version if git_dependency?

  lowest_fix =
    latest_version_finder(remove_git_source: false).
    lowest_security_fix_version
  return unless lowest_fix

  resolvable?(lowest_fix) ? lowest_fix : latest_resolvable_version
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 30

def lowest_security_fix_version
  latest_version_finder(remove_git_source: false).
    lowest_security_fix_version
end

#requirements_unlocked_or_can_be? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/bundler/update_checker.rb', line 86

def requirements_unlocked_or_can_be?
  dependency.requirements.
    select { |r| requirement_class.new(r[:requirement]).specific? }.
    all? do |req|
      file = dependency_files.find { |f| f.name == req.fetch(:file) }
      updated = FileUpdater::RequirementReplacer.new(
        dependency: dependency,
        file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
        updated_requirement: "whatever"
      ).rewrite(file.content)

      updated != file.content
    end
end

#requirements_update_strategy ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 101

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy.to_sym if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  dependency.version.nil? ? :bump_versions_if_necessary : :bump_versions
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 62

def updated_requirements
  latest_version_for_req_updater =
    if switching_source_from_git_to_rubygems?
      git_commit_checker.local_tag_for_latest_version.fetch(:version).to_s
    else
      latest_version_details&.fetch(:version)&.to_s
    end

  latest_resolvable_version_for_req_updater =
    if switching_source_from_git_to_rubygems?
      latest_version_for_req_updater
    else
      preferred_resolvable_version_details&.fetch(:version)&.to_s
    end

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    update_strategy: requirements_update_strategy,
    updated_source: updated_source,
    latest_version: latest_version_for_req_updater,
    latest_resolvable_version: latest_resolvable_version_for_req_updater
  ).updated_requirements
end