Class: Dependabot::NpmAndYarn::UpdateChecker

Inherits:
UpdateCheckers::Base
  • Object
show all
Defined in:
lib/dependabot/npm_and_yarn/update_checker.rb,
lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb,
lib/dependabot/npm_and_yarn/update_checker/library_detector.rb,
lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb,
lib/dependabot/npm_and_yarn/update_checker/requirements_updater.rb,
lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb,
lib/dependabot/npm_and_yarn/update_checker/dependency_files_builder.rb,
lib/dependabot/npm_and_yarn/update_checker/subdependency_version_resolver.rb,
lib/dependabot/npm_and_yarn/update_checker/conflicting_dependency_resolver.rb

Defined Under Namespace

Classes: ConflictingDependencyResolver, DependencyFilesBuilder, LatestVersionFinder, LibraryDetector, RegistryFinder, RequirementsUpdater, SubdependencyVersionResolver, VersionResolver

Instance Method Summary collapse

Instance Method Details

#conflicting_dependenciesObject 



97
98
99
100
101
102
103
104
105
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 97

def conflicting_dependencies
  ConflictingDependencyResolver.new(
    dependency_files: dependency_files,
    credentials: credentials
  ).conflicting_dependencies(
    dependency: dependency,
    target_version: lowest_security_fix_version
  )
end

#latest_resolvable_previous_version(updated_version) ⇒ Object 



63
64
65
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 63

def latest_resolvable_previous_version(updated_version)
  version_resolver.latest_resolvable_previous_version(updated_version)
end

#latest_resolvable_versionObject 



27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 27

def latest_resolvable_version
  return unless latest_version

  @latest_resolvable_version ||=
    if dependency.top_level?
      version_resolver.latest_resolvable_version
    else
      # If the dependency is indirect its version is constrained  by the
      # requirements placed on it by dependencies lower down the tree
      subdependency_version_resolver.latest_resolvable_version
    end
end

#latest_resolvable_version_with_no_unlockObject 



55
56
57
58
59
60
61
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 55

def latest_resolvable_version_with_no_unlock
  return latest_resolvable_version unless dependency.top_level?

  return latest_resolvable_version_with_no_unlock_for_git_dependency if git_dependency?

  latest_version_finder.latest_version_with_no_unlock
end

#latest_versionObject 



18
19
20
21
22
23
24
25
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 18

def latest_version
  @latest_version ||=
    if git_dependency?
      latest_version_for_git_dependency
    else
      latest_version_details&.fetch(:version)
    end
end

#lowest_resolvable_security_fix_versionObject 



44
45
46
47
48
49
50
51
52
53
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 44

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?
  # NOTE: we currently don't resolve transitive/sub-dependencies as
  # npm/yarn don't provide any control over updating to a specific
  # sub-dependency
  return latest_resolvable_version unless dependency.top_level?

  # TODO: Might want to check resolvability here?
  lowest_security_fix_version
end

#lowest_security_fix_versionObject 



40
41
42
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 40

def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end

#requirements_update_strategyObject 



89
90
91
92
93
94
95
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 89

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy.to_sym if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  library? ? :widen_ranges : :bump_versions
end

#updated_requirementsObject 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/dependabot/npm_and_yarn/update_checker.rb', line 67

def updated_requirements
  resolvable_version =
    if preferred_resolvable_version.is_a?(version_class)
      preferred_resolvable_version.to_s
    elsif preferred_resolvable_version.nil?
      nil
    else
      # If the preferred_resolvable_version came back as anything other
      # than a version class or `nil` it must be because this is a git
      # dependency, for which we don't check resolvability.
      latest_version_details&.fetch(:version, nil)&.to_s
    end

  @updated_requirements ||=
    RequirementsUpdater.new(
      requirements: dependency.requirements,
      updated_source: updated_source,
      latest_resolvable_version: resolvable_version,
      update_strategy: requirements_update_strategy
    ).updated_requirements
end