Class: Dependabot::Bundler::UpdateChecker

Inherits:
UpdateCheckers::Base
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/bundler/update_checker.rb,
lib/dependabot/bundler/update_checker/file_preparer.rb,
lib/dependabot/bundler/update_checker/force_updater.rb,
lib/dependabot/bundler/update_checker/version_resolver.rb,
lib/dependabot/bundler/update_checker/requirements_updater.rb,
lib/dependabot/bundler/update_checker/latest_version_finder.rb,
lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb,
lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb,
lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb

Defined Under Namespace

Modules: SharedBundlerHelpers Classes: ConflictingDependencyResolver, FilePreparer, ForceUpdater, LatestVersionFinder, RequirementsUpdater, VersionResolver

Instance Method Summary collapse

Instance Method Details

#conflicting_dependenciesObject 



124
125
126
127
128
129
130
131
132
133
134
 
# File 'lib/dependabot/bundler/update_checker.rb', line 124

def conflicting_dependencies
  ConflictingDependencyResolver.new(
    dependency_files: dependency_files,
    repo_contents_path: repo_contents_path,
    credentials: credentials,
    options: options
  ).conflicting_dependencies(
    dependency: dependency,
    target_version: lowest_security_fix_version.to_s # Convert Version to String
  )
end

#latest_resolvable_versionObject 



30
31
32
33
34
 
# File 'lib/dependabot/bundler/update_checker.rb', line 30

def latest_resolvable_version
  return latest_resolvable_version_for_git_dependency if git_dependency?

  latest_resolvable_version_details&.fetch(:version)
end

#latest_resolvable_version_with_no_unlockObject 



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/dependabot/bundler/update_checker.rb', line 58

def latest_resolvable_version_with_no_unlock
  current_ver = dependency.version
  return current_ver if git_dependency? && git_commit_checker.pinned?

  @latest_resolvable_version_detail_with_no_unlock = T.let(
    @latest_resolvable_version_detail_with_no_unlock,
    T.nilable(T::Hash[Symbol, T.untyped])
  )

  @latest_resolvable_version_detail_with_no_unlock ||=
    version_resolver(remove_git_source: false, unlock_requirement: false)
    .latest_resolvable_version_details

  if git_dependency?
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
  else
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:version)
  end
end

#latest_versionObject 



23
24
25
26
27
 
# File 'lib/dependabot/bundler/update_checker.rb', line 23

def latest_version
  return latest_version_for_git_dependency if git_dependency?

  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_versionObject 



45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/dependabot/bundler/update_checker.rb', line 45

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?
  return T.cast(latest_resolvable_version, T.nilable(Dependabot::Bundler::Version)) if git_dependency?

  lowest_fix =
    latest_version_finder(remove_git_source: false)
    .lowest_security_fix_version
  return unless lowest_fix && resolvable?(T.cast(lowest_fix, Dependabot::Bundler::Version))

  T.cast(lowest_fix, Dependabot::Bundler::Version)
end

#lowest_security_fix_versionObject 



37
38
39
40
41
42
 
# File 'lib/dependabot/bundler/update_checker.rb', line 37

def lowest_security_fix_version
  T.cast(
    latest_version_finder(remove_git_source: false).lowest_security_fix_version,
    T.nilable(Dependabot::Bundler::Version)
  )
end

#requirements_unlocked_or_can_be?Boolean

Returns:

  • (Boolean) 


93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/dependabot/bundler/update_checker.rb', line 93

def requirements_unlocked_or_can_be?
  return true if requirements_unlocked?
  return false if T.must(requirements_update_strategy).lockfile_only?

  dependency.specific_requirements
            .all? do |req|
    file = T.must(dependency_files.find { |f| f.name == req.fetch(:file) })
    updated = FileUpdater::RequirementReplacer.new(
      dependency: dependency,
      file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
      updated_requirement: "whatever"
    ).rewrite(file.content)

    updated != file.content
  end
end

#requirements_update_strategyObject 



111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/dependabot/bundler/update_checker.rb', line 111

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  if dependency.version.nil?
    RequirementsUpdateStrategy::BumpVersionsIfNecessary
  else
    RequirementsUpdateStrategy::BumpVersions
  end
end

#updated_requirementsObject 



79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/dependabot/bundler/update_checker.rb', line 79

def updated_requirements
  latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
  latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    update_strategy: T.must(requirements_update_strategy),
    updated_source: updated_source,
    latest_version: latest_version_for_req_updater,
    latest_resolvable_version: latest_resolvable_version_for_req_updater
  ).updated_requirements
end