Class: Dependabot::Maven::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Maven::UpdateChecker

Defined in:

lib/dependabot/maven/update_checker.rb,
lib/dependabot/maven/update_checker/version_finder.rb,
lib/dependabot/maven/update_checker/property_updater.rb,
lib/dependabot/maven/update_checker/requirements_updater.rb

Defined Under Namespace

Classes: PropertyUpdater, RequirementsUpdater, VersionFinder

Instance Method Summary

• #initialize(dependency:, dependency_files:, credentials:, repo_contents_path: nil, ignored_versions: [], raise_on_ignored: false, security_advisories: [], requirements_update_strategy: nil, dependency_group: nil, update_cooldown: nil, options: {}) ⇒ UpdateChecker constructor

  A new instance of UpdateChecker.

• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #updated_requirements ⇒ Object

Constructor Details

#initialize(dependency:, dependency_files:, credentials:, repo_contents_path: nil, ignored_versions: [], raise_on_ignored: false, security_advisories: [], requirements_update_strategy: nil, dependency_group: nil, update_cooldown: nil, options: {}) ⇒ UpdateChecker

# File 'lib/dependabot/maven/update_checker.rb', line 31

def initialize(
  dependency:,
  dependency_files:,
  credentials:,
  repo_contents_path: nil,
  ignored_versions: [],
  raise_on_ignored: false,
  security_advisories: [],
  requirements_update_strategy: nil,
  dependency_group: nil,
  update_cooldown: nil,
  options: {}
)
  super

  @version_finder = T.let(nil, T.nilable(VersionFinder))
  @property_updater = T.let(nil, T.nilable(PropertyUpdater))
  @property_value_finder = T.let(nil, T.nilable(Maven::FileParser::PropertyValueFinder))
  @declarations_using_a_property = T.let(nil, T.nilable(T::Array[T::Hash[Symbol, T.untyped]]))
  @all_property_based_dependencies = T.let(nil, T.nilable(T::Array[Dependabot::Dependency]))
end

Instance Method Details

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 59

def latest_resolvable_version
  # Maven's version resolution algorithm is very simple: it just uses
  # the version defined "closest", with the first declaration winning
  # if two declarations are equally close. As a result, we can just
  # return that latest version unless dealing with a property dep.
  # https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies
  return nil if version_comes_from_multi_dependency_property?

  latest_version
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 81

def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Maven has a single dependency file (the pom.xml).
  #
  # For completeness we ought to resolve the pom.xml and return the
  # latest version that satisfies the current constraint AND any
  # constraints placed on it by other dependencies. Seeing as we're
  # never going to take any action as a result, though, we just return
  # nil.
  nil
end

#latest_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 54

def latest_version
  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 76

def lowest_resolvable_security_fix_version
  lowest_security_fix_version
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 71

def lowest_security_fix_version
  lowest_security_fix_version_details&.fetch(:version)
end

#requirements_unlocked_or_can_be? ⇒ Boolean

# File 'lib/dependabot/maven/update_checker.rb', line 107

def requirements_unlocked_or_can_be?
  declarations_using_a_property.none? do |requirement|
    prop_name = requirement.dig(:metadata, :property_name)
    pom = dependency_files.find { |f| f.name == requirement[:file] }

    return false unless prop_name && pom

    declaration_pom_name =
      property_value_finder
      .property_details(property_name: prop_name, callsite_pom: pom)
      &.fetch(:file)

    declaration_pom_name == "remote_pom.xml"
  end
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 93

def updated_requirements
  property_names =
    declarations_using_a_property
    .map { |req| req.dig(:metadata, :property_name) }

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version&.to_s,
    source_url: preferred_version_details&.fetch(:source_url),
    properties_to_update: property_names
  ).updated_requirements
end