Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: RegistryError

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:) ⇒ LatestVersionFinder

Returns a new instance of LatestVersionFinder.



18
19
20
21
22
23
24
25
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 18

def initialize(dependency:, credentials:, dependency_files:,
               ignored_versions:, security_advisories:)
  @dependency          = dependency
  @credentials         = credentials
  @dependency_files    = dependency_files
  @ignored_versions    = ignored_versions
  @security_advisories = security_advisories
end

Instance Method Details

#latest_version_from_registryObject 



27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 27

def latest_version_from_registry
  return unless valid_npm_details?
  return version_from_dist_tags if version_from_dist_tags
  return if specified_dist_tag_requirement?

  possible_versions.find { |v| !yanked?(v) }
rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError
  raise if dependency_registry == "registry.npmjs.org"
  # Custom registries can be flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#latest_version_with_no_unlockObject 



39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 39

def latest_version_with_no_unlock
  return unless valid_npm_details?
  return version_from_dist_tags if specified_dist_tag_requirement?

  in_range_versions = filter_out_of_range_versions(possible_versions)
  in_range_versions.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#lowest_security_fix_versionObject 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 51

def lowest_security_fix_version
  return unless valid_npm_details?

  versions_array =
    if specified_dist_tag_requirement?
      [version_from_dist_tags].compact
    else possible_versions
    end

  secure_versions = filter_vulnerable_versions(versions_array)
  secure_versions = filter_lower_versions(secure_versions)
  secure_versions.reverse.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#possible_versionsObject 



78
79
80
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 78

def possible_versions
  possible_versions_with_details.map(&:first)
end

#possible_versions_with_detailsObject 



69
70
71
72
73
74
75
76
 
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 69

def possible_versions_with_details
  npm_details.fetch("versions", {}).
    reject { |_, details| details["deprecated"] }.
    transform_keys { |k| version_class.new(k) }.
    reject { |k, _| k.prerelease? && !related_to_current_pre?(k) }.
    reject { |k, _| ignore_reqs.any? { |r| r.satisfied_by?(k) } }.
    sort_by(&:first).reverse
end