Class: Dependabot::Composer::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Composer::UpdateChecker

Extended by:

T::Sig

Defined in:

lib/dependabot/composer/update_checker.rb,
lib/dependabot/composer/update_checker/version_resolver.rb,
lib/dependabot/composer/update_checker/requirements_updater.rb,
lib/dependabot/composer/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: LatestVersionFinder, RequirementsUpdater, VersionResolver

Instance Method Summary

• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #requirements_update_strategy ⇒ Object
• #updated_requirements ⇒ Object

Instance Method Details

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 32

def latest_resolvable_version
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version ||= T.let(
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :own
    ).latest_resolvable_version,
    T.nilable(Dependabot::Version)
  )
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 63

def latest_resolvable_version_with_no_unlock
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version_with_no_unlock ||= T.let(
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :none
    ).latest_resolvable_version,
    T.nilable(Dependabot::Version)
  )
end

#latest_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 23

def latest_version
  return nil if path_dependency?
  return latest_version_for_git_dependency if git_dependency?

  # Fall back to latest_resolvable_version if no listings found
  latest_version_from_registry || latest_resolvable_version
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 53

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?

  @lowest_resolvable_security_fix_version ||= T.let(
    fetch_lowest_resolvable_security_fix_version,
    T.nilable(Dependabot::Version)
  )
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 48

def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end

#requirements_unlocked_or_can_be? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/composer/update_checker.rb', line 88

def requirements_unlocked_or_can_be?
  !requirements_update_strategy&.lockfile_only?
end

#requirements_update_strategy ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 93

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersionsIfNecessary
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 79

def updated_requirements
  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_resolvable_version: preferred_resolvable_version&.to_s,
    update_strategy: T.must(requirements_update_strategy)
  ).updated_requirements
end