Class: Dependabot::Python::UpdateChecker

Inherits:
UpdateCheckers::Base
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/python/update_checker.rb,
lib/dependabot/python/update_checker/pip_version_resolver.rb,
lib/dependabot/python/update_checker/requirements_updater.rb,
lib/dependabot/python/update_checker/latest_version_finder.rb,
lib/dependabot/python/update_checker/pipenv_version_resolver.rb,
lib/dependabot/python/update_checker/poetry_version_resolver.rb,
lib/dependabot/python/update_checker/pip_compile_version_resolver.rb

Direct Known Subclasses

PoetryErrorHandler

Defined Under Namespace

Classes: LatestVersionFinder, PipCompileVersionResolver, PipVersionResolver, PipenvVersionResolver, PoetryVersionResolver, RequirementsUpdater

Constant Summary collapse

MAIN_PYPI_INDEXES = 
%w(
  https://pypi.python.org/simple/
  https://pypi.org/simple/
).freeze
VERSION_REGEX = 
/[0-9]+(?:\.[A-Za-z0-9\-_]+)*/

Instance Method Summary collapse

Instance Method Details

#latest_resolvable_versionObject 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/dependabot/python/update_checker.rb', line 45

def latest_resolvable_version
  @latest_resolvable_version ||= T.let(
    if resolver_type == :requirements
      resolver.latest_resolvable_version
    elsif resolver_type == :pip_compile && resolver.resolvable?(version: latest_version)
      latest_version
    else
      resolver.latest_resolvable_version(
        requirement: unlocked_requirement_string
      )
    end,
    T.nilable(Gem::Version)
  )
end

#latest_resolvable_version_with_no_unlockObject 



61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/dependabot/python/update_checker.rb', line 61

def latest_resolvable_version_with_no_unlock
  @latest_resolvable_version_with_no_unlock ||= T.let(
    if resolver_type == :requirements
      resolver.latest_resolvable_version_with_no_unlock
    else
      resolver.latest_resolvable_version(
        requirement: current_requirement_string
      )
    end,
    T.nilable(Gem::Version)
  )
end

#latest_versionObject 



37
38
39
40
41
42
 
# File 'lib/dependabot/python/update_checker.rb', line 37

def latest_version
  @latest_version ||= T.let(
    fetch_latest_version,
    T.nilable(Gem::Version)
  )
end

#lowest_resolvable_security_fix_versionObject 



80
81
82
83
84
85
86
87
 
# File 'lib/dependabot/python/update_checker.rb', line 80

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?

  @lowest_resolvable_security_fix_version ||= T.let(
    fetch_lowest_resolvable_security_fix_version,
    T.nilable(Gem::Version)
  )
end

#lowest_security_fix_versionObject 



75
76
77
 
# File 'lib/dependabot/python/update_checker.rb', line 75

def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end

#requirements_unlocked_or_can_be?Boolean

Returns:

  • (Boolean) 


100
101
102
 
# File 'lib/dependabot/python/update_checker.rb', line 100

def requirements_unlocked_or_can_be?
  !requirements_update_strategy.lockfile_only?
end

#requirements_update_strategyObject 



105
106
107
108
109
110
111
 
# File 'lib/dependabot/python/update_checker.rb', line 105

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy if @requirements_update_strategy

  # Otherwise, check if this is a library or not
  library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersions
end

#updated_requirementsObject 



90
91
92
93
94
95
96
97
 
# File 'lib/dependabot/python/update_checker.rb', line 90

def updated_requirements
  RequirementsUpdater.new(
    requirements: requirements,
    latest_resolvable_version: preferred_resolvable_version&.to_s,
    update_strategy: requirements_update_strategy,
    has_lockfile: !(pipfile_lock || poetry_lock).nil?
  ).updated_requirements
end