Class: Dependabot::Bundler::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Bundler::UpdateChecker

Defined in:

lib/dependabot/bundler/update_checker.rb,
lib/dependabot/bundler/update_checker/file_preparer.rb,
lib/dependabot/bundler/update_checker/force_updater.rb,
lib/dependabot/bundler/update_checker/version_resolver.rb,
lib/dependabot/bundler/update_checker/requirements_updater.rb,
lib/dependabot/bundler/update_checker/latest_version_finder.rb,
lib/dependabot/bundler/update_checker/shared_bundler_helpers.rb,
lib/dependabot/bundler/update_checker/conflicting_dependency_resolver.rb,
lib/dependabot/bundler/update_checker/latest_version_finder/dependency_source.rb

Defined Under Namespace

Modules: SharedBundlerHelpers Classes: ConflictingDependencyResolver, FilePreparer, ForceUpdater, LatestVersionFinder, RequirementsUpdater, VersionResolver

Instance Method Summary

• #conflicting_dependencies ⇒ Object
• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #requirements_update_strategy ⇒ Object
• #updated_requirements ⇒ Object

Instance Method Details

#conflicting_dependencies ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 107

def conflicting_dependencies
  ConflictingDependencyResolver.new(
    dependency_files: dependency_files,
    repo_contents_path: repo_contents_path,
    credentials: credentials,
    options: options
  ).conflicting_dependencies(
    dependency: dependency,
    target_version: lowest_security_fix_version
  )
end

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 27

def latest_resolvable_version
  return latest_resolvable_version_for_git_dependency if git_dependency?

  latest_resolvable_version_details&.fetch(:version)
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 50

def latest_resolvable_version_with_no_unlock
  current_ver = dependency.version
  return current_ver if git_dependency? && git_commit_checker.pinned?

  @latest_resolvable_version_detail_with_no_unlock ||=
    version_resolver(remove_git_source: false, unlock_requirement: false)
    .latest_resolvable_version_details

  if git_dependency?
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:commit_sha)
  else
    @latest_resolvable_version_detail_with_no_unlock&.fetch(:version)
  end
end

#latest_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 21

def latest_version
  return latest_version_for_git_dependency if git_dependency?

  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 38

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?
  return latest_resolvable_version if git_dependency?

  lowest_fix =
    latest_version_finder(remove_git_source: false)
    .lowest_security_fix_version
  return unless lowest_fix && resolvable?(lowest_fix)

  lowest_fix
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 33

def lowest_security_fix_version
  latest_version_finder(remove_git_source: false)
    .lowest_security_fix_version
end

#requirements_unlocked_or_can_be? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/bundler/update_checker.rb', line 78

def requirements_unlocked_or_can_be?
  return true if requirements_unlocked?
  return false if requirements_update_strategy.lockfile_only?

  dependency.specific_requirements
            .all? do |req|
    file = T.must(dependency_files.find { |f| f.name == req.fetch(:file) })
    updated = FileUpdater::RequirementReplacer.new(
      dependency: dependency,
      file_type: file.name.end_with?("gemspec") ? :gemspec : :gemfile,
      updated_requirement: "whatever"
    ).rewrite(file.content)

    updated != file.content
  end
end

#requirements_update_strategy ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 95

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  if dependency.version.nil?
    RequirementsUpdateStrategy::BumpVersionsIfNecessary
  else
    RequirementsUpdateStrategy::BumpVersions
  end
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/bundler/update_checker.rb', line 65

def updated_requirements
  latest_version_for_req_updater = latest_version_details&.fetch(:version)&.to_s
  latest_resolvable_version_for_req_updater = preferred_resolvable_version_details&.fetch(:version)&.to_s

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    update_strategy: requirements_update_strategy,
    updated_source: updated_source,
    latest_version: latest_version_for_req_updater,
    latest_resolvable_version: latest_resolvable_version_for_req_updater
  ).updated_requirements
end