Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder

Inherits:

Object

• Object
• Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder

Defined in:

lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: RegistryError

Instance Method Summary

• #initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder constructor

  A new instance of LatestVersionFinder.

• #latest_version_from_registry ⇒ Object
• #latest_version_with_no_unlock ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #possible_previous_versions_with_details ⇒ Object
• #possible_versions(filter_ignored: true) ⇒ Object
• #possible_versions_with_details(filter_ignored: true) ⇒ Object

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder

Returns a new instance of LatestVersionFinder.

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 23

def initialize(dependency:, credentials:, dependency_files:,
               ignored_versions:, security_advisories:,
               raise_on_ignored: false)
  @dependency          = dependency
  @credentials         = credentials
  @dependency_files    = dependency_files
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
end

Instance Method Details

#latest_version_from_registry ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 34

def latest_version_from_registry
  return unless valid_npm_details?
  return version_from_dist_tags if version_from_dist_tags
  return if specified_dist_tag_requirement?

  possible_versions.find { |v| !yanked?(v) }
rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError
  raise if dependency_registry == "registry.npmjs.org"
  # Custom registries can be flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#latest_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 46

def latest_version_with_no_unlock
  return unless valid_npm_details?
  return version_from_dist_tags if specified_dist_tag_requirement?

  in_range_versions = filter_out_of_range_versions(possible_versions)
  in_range_versions.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 58

def lowest_security_fix_version
  return unless valid_npm_details?

  versions_array =
    if specified_dist_tag_requirement?
      [version_from_dist_tags].compact
    else possible_versions(filter_ignored: false)
    end

  secure_versions = filter_vulnerable_versions(versions_array)
  secure_versions = filter_ignored_versions(secure_versions)
  secure_versions = filter_lower_versions(secure_versions)
  secure_versions.reverse.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#possible_previous_versions_with_details ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 77

def possible_previous_versions_with_details
  @possible_previous_versions_with_details ||= begin
    npm_details.fetch("versions", {}).
      transform_keys { |k| version_class.new(k) }.
      reject { |v, _| v.prerelease? && !related_to_current_pre?(v) }.
      sort_by(&:first).reverse
  end
end

#possible_versions(filter_ignored: true) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 95

def possible_versions(filter_ignored: true)
  possible_versions_with_details(filter_ignored: filter_ignored).
    map(&:first)
end

#possible_versions_with_details(filter_ignored: true) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 86

def possible_versions_with_details(filter_ignored: true)
  versions = possible_previous_versions_with_details.
             reject { |_, details| details["deprecated"] }

  return filter_ignored_versions(versions) if filter_ignored

  versions
end