Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Inherits:
-
Object
- Object
- Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Defined in:
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
Defined Under Namespace
Classes: RegistryError
Instance Method Summary collapse
-
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder
constructor
A new instance of LatestVersionFinder.
- #latest_version_from_registry ⇒ Object
- #latest_version_with_no_unlock ⇒ Object
- #lowest_security_fix_version ⇒ Object
- #possible_previous_versions_with_details ⇒ Object
- #possible_versions(filter_ignored: true) ⇒ Object
- #possible_versions_with_details(filter_ignored: true) ⇒ Object
Constructor Details
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder
Returns a new instance of LatestVersionFinder.
24 25 26 27 28 29 30 31 32 33 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 24 def initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) @dependency = dependency @credentials = credentials @dependency_files = dependency_files @ignored_versions = ignored_versions @raise_on_ignored = raise_on_ignored @security_advisories = security_advisories end |
Instance Method Details
#latest_version_from_registry ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 35 def latest_version_from_registry return unless valid_npm_details? return if return if specified_dist_tag_requirement? possible_versions.find { |v| !yanked?(v) } rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError raise if dependency_registry == "registry.npmjs.org" # Custom registries can be flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#latest_version_with_no_unlock ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 47 def latest_version_with_no_unlock return unless valid_npm_details? return if specified_dist_tag_requirement? in_range_versions = filter_out_of_range_versions(possible_versions) in_range_versions.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#lowest_security_fix_version ⇒ Object
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 59 def lowest_security_fix_version return unless valid_npm_details? secure_versions = if specified_dist_tag_requirement? [].compact else possible_versions(filter_ignored: false) end secure_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(secure_versions, security_advisories) secure_versions = filter_ignored_versions(secure_versions) secure_versions = filter_lower_versions(secure_versions) secure_versions.reverse.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#possible_previous_versions_with_details ⇒ Object
81 82 83 84 85 86 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 81 def possible_previous_versions_with_details @possible_previous_versions_with_details ||= npm_details.fetch("versions", {}). transform_keys { |k| version_class.new(k) }. reject { |v, _| v.prerelease? && !(v) }. sort_by(&:first).reverse end |
#possible_versions(filter_ignored: true) ⇒ Object
97 98 99 100 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 97 def possible_versions(filter_ignored: true) possible_versions_with_details(filter_ignored: filter_ignored). map(&:first) end |
#possible_versions_with_details(filter_ignored: true) ⇒ Object
88 89 90 91 92 93 94 95 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 88 def possible_versions_with_details(filter_ignored: true) versions = possible_previous_versions_with_details. reject { |_, details| details["deprecated"] } return filter_ignored_versions(versions) if filter_ignored versions end |