Class: Dependabot::Dependency

Inherits:

Object

• Object
• Dependabot::Dependency

Extended by:

T::Sig

Defined in:

lib/dependabot/dependency.rb

Instance Attribute Summary

• #attribution_directory ⇒ Object

  Returns the value of attribute attribution_directory.

• #attribution_selection_reason ⇒ Object

  Returns the value of attribute attribution_selection_reason.

• #attribution_source_group ⇒ Object

  Returns the value of attribute attribution_source_group.

• #attribution_timestamp ⇒ Object

  Returns the value of attribute attribution_timestamp.

• #directory ⇒ Object

  Returns the value of attribute directory.

• #metadata ⇒ Object readonly

  Returns the value of attribute metadata.

• #name ⇒ Object readonly

  Returns the value of attribute name.

• #package_manager ⇒ Object readonly

  Returns the value of attribute package_manager.

• #previous_requirements ⇒ Object readonly

  Returns the value of attribute previous_requirements.

• #previous_version ⇒ Object readonly

  Returns the value of attribute previous_version.

• #requirements ⇒ Object readonly

  Returns the value of attribute requirements.

• #subdependency_metadata ⇒ Object readonly

  Returns the value of attribute subdependency_metadata.

• #version ⇒ Object readonly

  Returns the value of attribute version.

Class Method Summary

• .display_name_builder_for_package_manager(package_manager) ⇒ Object
• .name_normaliser_for_package_manager(package_manager) ⇒ Object
• .production_check_for_package_manager(package_manager) ⇒ Object
• .register_display_name_builder(package_manager, name_builder) ⇒ Object
• .register_name_normaliser(package_manager, name_builder) ⇒ Object
• .register_production_check(package_manager, production_check) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #all_sources ⇒ Object
• #all_versions ⇒ Object
• #appears_in_lockfile? ⇒ Boolean
• #display_name ⇒ Object
• #docker_digest_from_reqs(requirements) ⇒ Object
• #eql?(other) ⇒ Boolean
• #hash ⇒ Object
• #humanized_previous_version ⇒ Object
• #humanized_version ⇒ Object
• #informational_only? ⇒ Boolean
• #initialize(name:, requirements:, package_manager:, version: nil, previous_version: nil, previous_requirements: nil, directory: nil, subdependency_metadata: [], removed: false, metadata: {}) ⇒ Dependency constructor

  A new instance of Dependency.

• #new_ref ⇒ Object
• #numeric_version ⇒ Object
• #previous_ref ⇒ Object
• #production? ⇒ Boolean
• #ref_changed? ⇒ Boolean
• #removed? ⇒ Boolean
• #requirement_class ⇒ Object
• #requirements_changed? ⇒ Boolean
• #source_details(allowed_types: nil) ⇒ Object
• #source_type ⇒ Object
• #specific_requirements ⇒ Object
• #subdependency_production_check ⇒ Object
• #to_h ⇒ Object
• #top_level? ⇒ Boolean
• #version_class ⇒ Object

Constructor Details

#initialize(name:, requirements:, package_manager:, version: nil, previous_version: nil, previous_requirements: nil, directory: nil, subdependency_metadata: [], removed: false, metadata: {}) ⇒ Dependency

Returns a new instance of Dependency.

# File 'lib/dependabot/dependency.rb', line 121

def initialize(
  name:,
  requirements:,
  package_manager:,
  version: nil,
  previous_version: nil,
  previous_requirements: nil,
  directory: nil,
  subdependency_metadata: [],
  removed: false,
  metadata: {}
)
  @name = name
  @version = T.let(
    case version
    when Dependabot::Version then version.to_s
    when String then version
    end,
    T.nilable(String)
  )
  @version = nil if @version == ""
  @requirements = T.let(requirements.map { |req| symbolize_keys(req) }, T::Array[T::Hash[Symbol, T.untyped]])
  @previous_version = previous_version
  @previous_version = nil if @previous_version == ""
  @previous_requirements = T.let(
    previous_requirements&.map { |req| symbolize_keys(req) },
    T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
  )
  @package_manager = package_manager
  @directory = directory
  unless top_level? || subdependency_metadata == []
    @subdependency_metadata = T.let(
      subdependency_metadata&.map { |h| symbolize_keys(h) },
      T.nilable(T::Array[T::Hash[Symbol, T.untyped]])
    )
  end
  @removed = removed
  @metadata = T.let(symbolize_keys(metadata || {}), T::Hash[Symbol, T.untyped])
  check_values
end

Instance Attribute Details

#attribution_directory ⇒ Object

Returns the value of attribute attribution_directory.

# File 'lib/dependabot/dependency.rb', line 99

def attribution_directory
  @attribution_directory
end

#attribution_selection_reason ⇒ Object

Returns the value of attribute attribution_selection_reason.

# File 'lib/dependabot/dependency.rb', line 96

def attribution_selection_reason
  @attribution_selection_reason
end

#attribution_source_group ⇒ Object

Returns the value of attribute attribution_source_group.

# File 'lib/dependabot/dependency.rb', line 93

def attribution_source_group
  @attribution_source_group
end

#attribution_timestamp ⇒ Object

Returns the value of attribute attribution_timestamp.

# File 'lib/dependabot/dependency.rb', line 102

def attribution_timestamp
  @attribution_timestamp
end

#directory ⇒ Object

Returns the value of attribute directory.

# File 'lib/dependabot/dependency.rb', line 83

def directory
  @directory
end

#metadata ⇒ Object (readonly)

Returns the value of attribute metadata.

# File 'lib/dependabot/dependency.rb', line 89

def metadata
  @metadata
end

#name ⇒ Object (readonly)

Returns the value of attribute name.

# File 'lib/dependabot/dependency.rb', line 65

def name
  @name
end

#package_manager ⇒ Object (readonly)

Returns the value of attribute package_manager.

# File 'lib/dependabot/dependency.rb', line 74

def package_manager
  @package_manager
end

#previous_requirements ⇒ Object (readonly)

Returns the value of attribute previous_requirements.

# File 'lib/dependabot/dependency.rb', line 80

def previous_requirements
  @previous_requirements
end

#previous_version ⇒ Object (readonly)

Returns the value of attribute previous_version.

# File 'lib/dependabot/dependency.rb', line 77

def previous_version
  @previous_version
end

#requirements ⇒ Object (readonly)

Returns the value of attribute requirements.

# File 'lib/dependabot/dependency.rb', line 71

def requirements
  @requirements
end

#subdependency_metadata ⇒ Object (readonly)

Returns the value of attribute subdependency_metadata.

# File 'lib/dependabot/dependency.rb', line 86

def subdependency_metadata
  @subdependency_metadata
end

#version ⇒ Object (readonly)

Returns the value of attribute version.

# File 'lib/dependabot/dependency.rb', line 68

def version
  @version
end

Class Method Details

.display_name_builder_for_package_manager(package_manager) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 40

def self.display_name_builder_for_package_manager(package_manager)
  @display_name_builders[package_manager]
end

.name_normaliser_for_package_manager(package_manager) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 50

def self.name_normaliser_for_package_manager(package_manager)
  @name_normalisers[package_manager] || ->(name) { name }
end

.production_check_for_package_manager(package_manager) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 21

def self.production_check_for_package_manager(package_manager)
  production_check = @production_checks[package_manager]
  return production_check if production_check

  raise "Unsupported package_manager #{package_manager}"
end

.register_display_name_builder(package_manager, name_builder) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 45

def self.register_display_name_builder(package_manager, name_builder)
  @display_name_builders[package_manager] = name_builder
end

.register_name_normaliser(package_manager, name_builder) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 60

def self.register_name_normaliser(package_manager, name_builder)
  @name_normalisers[package_manager] = name_builder
end

.register_production_check(package_manager, production_check) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 35

def self.register_production_check(package_manager, production_check)
  @production_checks[package_manager] = production_check
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 315

def ==(other)
  case other
  when Dependency
    to_h == other.to_h
  else
    false
  end
end

#all_sources ⇒ Object

# File 'lib/dependabot/dependency.rb', line 377

def all_sources
  if top_level?
    requirements.map { |requirement| requirement.fetch(:source) }
  elsif subdependency_metadata
    T.must(subdependency_metadata).filter_map { |data| data[:source] }
  else
    []
  end
end

#all_versions ⇒ Object

# File 'lib/dependabot/dependency.rb', line 299

def all_versions
  all_versions = metadata[:all_versions]
  return [version].compact unless all_versions

  all_versions.filter_map(&:version)
end

#appears_in_lockfile? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 197

def appears_in_lockfile?
  !!(previous_version || (version && previous_requirements.nil?))
end

#display_name ⇒ Object

# File 'lib/dependabot/dependency.rb', line 218

def display_name
  display_name_builder =
    self.class.display_name_builder_for_package_manager(package_manager)
  return name unless display_name_builder

  display_name_builder.call(name)
end

#docker_digest_from_reqs(requirements) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 267

def docker_digest_from_reqs(requirements)
  requirements
    .filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
    .first
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 330

def eql?(other)
  self == other
end

#hash ⇒ Object

# File 'lib/dependabot/dependency.rb', line 325

def hash
  to_h.hash
end

#humanized_previous_version ⇒ Object

# File 'lib/dependabot/dependency.rb', line 227

def humanized_previous_version
  # If we don't have a previous version, we *may* still be able to figure
  # one out if a ref was provided and has been changed (in which case the
  # previous ref was essentially the version).
  if previous_version.nil?
    return ref_changed? ? previous_ref : nil
  end

  if T.must(previous_version).match?(/^[0-9a-f]{40}/)
    return previous_ref if ref_changed? && previous_ref

    "`#{T.must(previous_version)[0..6]}`"
  elsif version == previous_version &&
        package_manager == "docker"
    digest = docker_digest_from_reqs(T.must(previous_requirements))
    "`#{T.must(T.must(digest).split(':').last)[0..6]}`"
  else
    previous_version
  end
end

#humanized_version ⇒ Object

# File 'lib/dependabot/dependency.rb', line 249

def humanized_version
  return "removed" if removed?
  return nil if version.nil?

  if T.must(version).match?(/^[0-9a-f]{40}/)
    return new_ref if ref_changed? && new_ref

    "`#{T.must(version)[0..6]}`"
  elsif version == previous_version &&
        package_manager == "docker"
    digest = docker_digest_from_reqs(requirements)
    "`#{T.must(T.must(digest).split(':').last)[0..6]}`"
  else
    version
  end
end

#informational_only? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 310

def informational_only?
  metadata[:information_only]
end

#new_ref ⇒ Object

# File 'lib/dependabot/dependency.rb', line 284

def new_ref
  new_refs = requirements.filter_map do |r|
    r.dig(:source, "ref") || r.dig(:source, :ref)
  end.uniq
  new_refs.first if new_refs.one?
end

#numeric_version ⇒ Object

# File 'lib/dependabot/dependency.rb', line 175

def numeric_version
  return unless version && version_class.correct?(version)

  @numeric_version ||= T.let(version_class.new(T.must(version)), T.nilable(Dependabot::Version))
end

#previous_ref ⇒ Object

# File 'lib/dependabot/dependency.rb', line 274

def previous_ref
  return nil if previous_requirements.nil?

  previous_refs = T.must(previous_requirements).filter_map do |r|
    r.dig(:source, "ref") || r.dig(:source, :ref)
  end.uniq
  previous_refs.first if previous_refs.one?
end

#production? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 202

def production?
  return subdependency_production_check unless top_level?

  groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }

  self.class
      .production_check_for_package_manager(package_manager)
      .call(groups)
end

#ref_changed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 292

def ref_changed?
  previous_ref != new_ref
end

#removed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 170

def removed?
  @removed
end

#requirement_class ⇒ Object

# File 'lib/dependabot/dependency.rb', line 340

def requirement_class
  Utils.requirement_class_for_package_manager(package_manager)
end

#requirements_changed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 388

def requirements_changed?
  (requirements - T.must(previous_requirements)).any?
end

#source_details(allowed_types: nil) ⇒ Object

# File 'lib/dependabot/dependency.rb', line 355

def source_details(allowed_types: nil)
  sources = all_sources.uniq.compact
  sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types

  git = allowed_types == ["git"]

  if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
    raise "Multiple sources! #{sources.join(', ')}"
  end

  sources.first
end

#source_type ⇒ Object

# File 'lib/dependabot/dependency.rb', line 369

def source_type
  details = source_details
  return "default" if details.nil?

  details[:type] || details.fetch("type")
end

#specific_requirements ⇒ Object

# File 'lib/dependabot/dependency.rb', line 335

def specific_requirements
  requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
end

#subdependency_production_check ⇒ Object

# File 'lib/dependabot/dependency.rb', line 213

def subdependency_production_check
  !subdependency_metadata&.all? { |h| h[:production] == false }
end

#to_h ⇒ Object

# File 'lib/dependabot/dependency.rb', line 182

def to_h
  {
    "name" => name,
    "version" => version,
    "requirements" => requirements,
    "previous_version" => previous_version,
    "previous_requirements" => previous_requirements,
    "directory" => directory,
    "package_manager" => package_manager,
    "subdependency_metadata" => subdependency_metadata,
    "removed" => removed? || nil
  }.compact
end

#top_level? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/dependency.rb', line 165

def top_level?
  requirements.any?
end

#version_class ⇒ Object

# File 'lib/dependabot/dependency.rb', line 345

def version_class
  Utils.version_class_for_package_manager(package_manager)
end