Class: Dependabot::Maven::UpdateChecker

Inherits:
UpdateCheckers::Base
  • Object
show all
Defined in:
lib/dependabot/maven/update_checker.rb,
lib/dependabot/maven/update_checker/version_finder.rb,
lib/dependabot/maven/update_checker/property_updater.rb,
lib/dependabot/maven/update_checker/requirements_updater.rb

Defined Under Namespace

Classes: PropertyUpdater, RequirementsUpdater, VersionFinder

Instance Method Summary collapse

Instance Method Details

#latest_resolvable_versionObject



18
19
20
21
22
23
24
25
26
27
# File 'lib/dependabot/maven/update_checker.rb', line 18

def latest_resolvable_version
  # Maven's version resolution algorithm is very simple: it just uses
  # the version defined "closest", with the first declaration winning
  # if two declarations are equally close. As a result, we can just
  # return that latest version unless dealing with a property dep.
  # https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies
  return nil if version_comes_from_multi_dependency_property?

  latest_version
end

#latest_resolvable_version_with_no_unlockObject



35
36
37
38
39
40
41
42
43
44
# File 'lib/dependabot/maven/update_checker.rb', line 35

def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Maven has a single dependency file (the pom.xml).
  #
  # For completeness we ought to resolve the pom.xml and return the
  # latest version that satisfies the current constraint AND any
  # constraints placed on it by other dependencies. Seeing as we're
  # never going to take any action as a result, though, we just return
  # nil.
  nil
end

#latest_versionObject



14
15
16
# File 'lib/dependabot/maven/update_checker.rb', line 14

def latest_version
  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_versionObject



29
30
31
32
33
# File 'lib/dependabot/maven/update_checker.rb', line 29

def lowest_resolvable_security_fix_version
  return nil if version_comes_from_multi_dependency_property?

  lowest_security_fix_version_details&.fetch(:version)
end

#requirements_unlocked_or_can_be?Boolean

Returns:

  • (Boolean)


59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/dependabot/maven/update_checker.rb', line 59

def requirements_unlocked_or_can_be?
  declarations_using_a_property.none? do |requirement|
    prop_name = requirement.dig(:metadata, :property_name)
    pom = dependency_files.find { |f| f.name == requirement[:file] }

    declaration_pom_name =
      property_value_finder.
      property_details(property_name: prop_name, callsite_pom: pom)&.
      fetch(:file)

    declaration_pom_name == "remote_pom.xml" ||
      declaration_pom_name&.end_with?("pom_parent.xml")
  end
end

#updated_requirementsObject



46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/dependabot/maven/update_checker.rb', line 46

def updated_requirements
  property_names =
    declarations_using_a_property.
    map { |req| req.dig(:metadata, :property_name) }

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version&.to_s,
    source_url: preferred_version_details&.fetch(:source_url),
    properties_to_update: property_names
  ).updated_requirements
end