Class: Dependabot::Maven::UpdateChecker

Inherits:

UpdateCheckers::Base

Object
UpdateCheckers::Base
Dependabot::Maven::UpdateChecker

show all

Defined in:: lib/dependabot/maven/update_checker.rb,
lib/dependabot/maven/update_checker/version_finder.rb,
lib/dependabot/maven/update_checker/property_updater.rb,
lib/dependabot/maven/update_checker/requirements_updater.rb

Defined Under Namespace

Classes: PropertyUpdater, RequirementsUpdater, VersionFinder

Instance Method Summary collapse

Instance Method Details

#latest_resolvable_version ⇒ `Object`

# File 'lib/dependabot/maven/update_checker.rb', line 18

def latest_resolvable_version
  # Maven's version resolution algorithm is very simple: it just uses
  # the version defined "closest", with the first declaration winning
  # if two declarations are equally close. As a result, we can just
  # return that latest version unless dealing with a property dep.
  # https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies
  return nil if version_comes_from_multi_dependency_property?

  latest_version
end

#latest_resolvable_version_with_no_unlock ⇒ `Object`

# File 'lib/dependabot/maven/update_checker.rb', line 37

def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Maven has a single dependency file (the pom.xml).
  #
  # For completeness we ought to resolve the pom.xml and return the
  # latest version that satisfies the current constraint AND any
  # constraints placed on it by other dependencies. Seeing as we're
  # never going to take any action as a result, though, we just return
  # nil.
  nil
end

#latest_version ⇒ `Object`



14
15
16

# File 'lib/dependabot/maven/update_checker.rb', line 14

def latest_version
  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_version ⇒ `Object`



33
34
35

# File 'lib/dependabot/maven/update_checker.rb', line 33

def lowest_resolvable_security_fix_version
  lowest_security_fix_version
end

#lowest_security_fix_version ⇒ `Object`



29
30
31

# File 'lib/dependabot/maven/update_checker.rb', line 29

def lowest_security_fix_version
  lowest_security_fix_version_details&.fetch(:version)
end

#requirements_unlocked_or_can_be? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/dependabot/maven/update_checker.rb', line 61

def requirements_unlocked_or_can_be?
  declarations_using_a_property.none? do |requirement|
    prop_name = requirement.dig(:metadata, :property_name)
    pom = dependency_files.find { |f| f.name == requirement[:file] }

    declaration_pom_name =
      property_value_finder.
      property_details(property_name: prop_name, callsite_pom: pom)&.
      fetch(:file)

    declaration_pom_name == "remote_pom.xml" ||
      declaration_pom_name&.end_with?("pom_parent.xml")
  end
end

#updated_requirements ⇒ `Object`

# File 'lib/dependabot/maven/update_checker.rb', line 48

def updated_requirements
  property_names =
    declarations_using_a_property.
    map { |req| req.dig(:metadata, :property_name) }

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version&.to_s,
    source_url: preferred_version_details&.fetch(:source_url),
    properties_to_update: property_names
  ).updated_requirements
end

Class: Dependabot::Maven::UpdateChecker

Defined Under Namespace

Instance Method Summary collapse

Instance Method Details

#latest_resolvable_version ⇒ Object

#latest_resolvable_version_with_no_unlock ⇒ Object

#latest_version ⇒ Object

#lowest_resolvable_security_fix_version ⇒ Object

#lowest_security_fix_version ⇒ Object

#requirements_unlocked_or_can_be? ⇒ Boolean

#updated_requirements ⇒ Object

#latest_resolvable_version ⇒ `Object`

#latest_resolvable_version_with_no_unlock ⇒ `Object`

#latest_version ⇒ `Object`

#lowest_resolvable_security_fix_version ⇒ `Object`

#lowest_security_fix_version ⇒ `Object`

#requirements_unlocked_or_can_be? ⇒ `Boolean`

#updated_requirements ⇒ `Object`