Class: Dependabot::NpmAndYarn::UpdateChecker::PackageLatestVersionFinder

Inherits:

Package::PackageLatestVersionFinder

• Object
• Package::PackageLatestVersionFinder
• Dependabot::NpmAndYarn::UpdateChecker::PackageLatestVersionFinder

Extended by:

T::Sig

Defined in:

lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

Instance Method Summary

• #available_versions ⇒ Object
• #cooldown_enabled? ⇒ Boolean
• #fetch_latest_version(language_version: nil) ⇒ Object

  rubocop:disable Lint/UnusedMethodArgument.

• #fetch_latest_version_with_no_unlock(language_version: nil) ⇒ Object

  rubocop:disable Lint/UnusedMethodArgument.

• #fetch_lowest_security_fix_version(language_version: nil) ⇒ Object

  rubocop:disable Lint/UnusedMethodArgument.

• #filter_lower_releases(releases) ⇒ Object
• #filter_prerelease_versions(releases) ⇒ Object
• #filter_releases(releases) ⇒ Object
• #initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false, cooldown_options: nil) ⇒ PackageLatestVersionFinder constructor

  A new instance of PackageLatestVersionFinder.

• #latest_version_from_registry ⇒ Object
• #latest_version_with_no_unlock(language_version: nil) ⇒ Object
• #lowest_security_fix_version(language_version: nil) ⇒ Object
• #package_details ⇒ Object
• #package_fetcher ⇒ Object
• #possible_previous_releases ⇒ Object
• #possible_previous_versions_with_details ⇒ Object
• #possible_releases(filter_ignored: true) ⇒ Object
• #possible_versions(filter_ignored: true) ⇒ Object
• #possible_versions_with_details(filter_ignored: true) ⇒ Object

Constructor Details

#initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false, cooldown_options: nil) ⇒ PackageLatestVersionFinder

Returns a new instance of PackageLatestVersionFinder.

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 33

def initialize(
  dependency:,
  dependency_files:,
  credentials:,
  ignored_versions:,
  security_advisories:,
  raise_on_ignored: false,
  cooldown_options: nil
)
  @package_fetcher = T.let(nil, T.nilable(Package::PackageDetailsFetcher))
  super
end

Instance Method Details

#available_versions ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 170

def available_versions
  possible_releases
end

#cooldown_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 253

def cooldown_enabled?
  true
end

#fetch_latest_version(language_version: nil) ⇒ Object

rubocop:disable Lint/UnusedMethodArgument

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 94

def fetch_latest_version(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
  with_custom_registry_rescue do
    return unless valid_npm_details?

    tag_release = version_from_dist_tags(cooldown: true)
    return tag_release.version if tag_release

    return if specified_dist_tag_requirement?

    filtered_releases = filter_by_cooldown(possible_releases)
    filtered_releases.find { |r| !yanked_version?(r.version) }&.version
  end
end

#fetch_latest_version_with_no_unlock(language_version: nil) ⇒ Object

rubocop:disable Lint/UnusedMethodArgument

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 113

def fetch_latest_version_with_no_unlock(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
  with_custom_registry_rescue do
    return unless valid_npm_details?
    return version_from_dist_tags(cooldown: true)&.version if specified_dist_tag_requirement?

    filtered_releases = filter_by_cooldown(possible_releases)

    in_range_versions = filter_out_of_range_versions(filtered_releases)
    in_range_versions.find { |r| !yanked_version?(r.version) }&.version
  end
end

#fetch_lowest_security_fix_version(language_version: nil) ⇒ Object

rubocop:disable Lint/UnusedMethodArgument

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 130

def fetch_lowest_security_fix_version(language_version: nil) # rubocop:disable Lint/UnusedMethodArgument
  with_custom_registry_rescue do
    return unless valid_npm_details?

    secure_versions =
      if specified_dist_tag_requirement?
        [version_from_dist_tags].compact
      else
        possible_releases(filter_ignored: false)
      end

    secure_versions =
      Dependabot::UpdateCheckers::VersionFilters
      .filter_vulnerable_versions(
        T.unsafe(secure_versions),
        security_advisories
      )
    secure_versions = filter_ignored_versions(secure_versions)
    secure_versions = filter_lower_versions(secure_versions)

    # Find first non-yanked version
    secure_versions.sort_by(&:version).find do |version|
      !yanked_version?(version.version)
    end&.version
  end
end

#filter_lower_releases(releases) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 208

def filter_lower_releases(releases)
  return releases unless dependency.numeric_version

  releases.select { |release| release.version > dependency.numeric_version }
end

#filter_prerelease_versions(releases) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 161

def filter_prerelease_versions(releases)
  releases.reject do |release|
    release.version.prerelease? && !related_to_current_pre?(release.version)
  end
end

#filter_releases(releases) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 186

def filter_releases(releases)
  filtered =
    releases
    .reject do |release|
      ignore_requirements.any? { |r| r.satisfied_by?(release.version) }
    end
  if @raise_on_ignored &&
     filter_lower_releases(filtered).empty? &&
     filter_lower_releases(releases).any?
    raise Dependabot::AllVersionsIgnored
  end

  if releases.count > filtered.count
    Dependabot.logger.info("Filtered out #{releases.count - filtered.count} ignored versions")
  end
  filtered
end

#latest_version_from_registry ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 69

def latest_version_from_registry
  fetch_latest_version(language_version: nil)
end

#latest_version_with_no_unlock(language_version: nil) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 77

def latest_version_with_no_unlock(language_version: nil)
  fetch_latest_version_with_no_unlock(language_version: language_version)
end

#lowest_security_fix_version(language_version: nil) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 85

def lowest_security_fix_version(language_version: nil)
  fetch_lowest_security_fix_version(language_version: language_version)
end

#package_details ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 59

def package_details
  return @package_details if @package_details

  @package_details = package_fetcher.fetch
  @package_details
end

#package_fetcher ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 47

def package_fetcher
  return @package_fetcher if @package_fetcher

  @package_fetcher = Package::PackageDetailsFetcher.new(
    dependency: dependency,
    dependency_files: dependency_files,
    credentials: credentials
  )
  @package_fetcher
end

#possible_previous_releases ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 237

def possible_previous_releases
  (package_details&.releases || [])
    .reject do |r|
    r.version.prerelease? && !related_to_current_pre?(T.unsafe(r.version))
  end
    .sort_by(&:version).reverse
end

#possible_previous_versions_with_details ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 246

def possible_previous_versions_with_details
  possible_previous_releases.map do |r|
    [r.version, r.details]
  end
end

#possible_releases(filter_ignored: true) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 218

def possible_releases(filter_ignored: true)
  releases = possible_previous_releases.reject do |r|
    r.details["deprecated"]
  end

  return filter_releases(releases) if filter_ignored

  releases
end

#possible_versions(filter_ignored: true) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 232

def possible_versions(filter_ignored: true)
  possible_releases(filter_ignored: filter_ignored).map(&:version)
end

#possible_versions_with_details(filter_ignored: true) ⇒ Object

# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 178

def possible_versions_with_details(filter_ignored: true)
  possible_releases(filter_ignored: filter_ignored).map { |r| [r.version, r.details] }
end