Class: Dependabot::UpdateCheckers::Base
- Inherits:
-
Object
- Object
- Dependabot::UpdateCheckers::Base
- Defined in:
- lib/dependabot/update_checkers/base.rb
Instance Attribute Summary collapse
-
#credentials ⇒ Object
readonly
Returns the value of attribute credentials.
-
#dependency ⇒ Object
readonly
Returns the value of attribute dependency.
-
#dependency_files ⇒ Object
readonly
Returns the value of attribute dependency_files.
-
#ignored_versions ⇒ Object
readonly
Returns the value of attribute ignored_versions.
-
#requirements_update_strategy ⇒ Object
readonly
Returns the value of attribute requirements_update_strategy.
-
#security_advisories ⇒ Object
readonly
Returns the value of attribute security_advisories.
Instance Method Summary collapse
- #can_update?(requirements_to_unlock:) ⇒ Boolean
-
#initialize(dependency:, dependency_files:, credentials:, ignored_versions: [], security_advisories: [], requirements_update_strategy: nil) ⇒ Base
constructor
A new instance of Base.
- #latest_resolvable_version ⇒ Object
- #latest_resolvable_version_with_no_unlock ⇒ Object
- #latest_version ⇒ Object
- #lowest_resolvable_security_fix_version ⇒ Object
- #preferred_resolvable_version ⇒ Object
- #requirement_class ⇒ Object
-
#requirements_unlocked_or_can_be? ⇒ Boolean
For some langauges, the manifest file may be constructed such that Dependabot has no way to update it (e.g., if it fetches its versions from a web API).
- #up_to_date? ⇒ Boolean
- #updated_dependencies(requirements_to_unlock:) ⇒ Object
- #updated_requirements ⇒ Object
- #version_class ⇒ Object
- #vulnerable? ⇒ Boolean
Constructor Details
#initialize(dependency:, dependency_files:, credentials:, ignored_versions: [], security_advisories: [], requirements_update_strategy: nil) ⇒ Base
Returns a new instance of Base.
14 15 16 17 18 19 20 21 22 23 |
# File 'lib/dependabot/update_checkers/base.rb', line 14 def initialize(dependency:, dependency_files:, credentials:, ignored_versions: [], security_advisories: [], requirements_update_strategy: nil) @dependency = dependency @dependency_files = dependency_files @credentials = credentials @requirements_update_strategy = requirements_update_strategy @ignored_versions = ignored_versions @security_advisories = security_advisories end |
Instance Attribute Details
#credentials ⇒ Object (readonly)
Returns the value of attribute credentials.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def credentials @credentials end |
#dependency ⇒ Object (readonly)
Returns the value of attribute dependency.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def dependency @dependency end |
#dependency_files ⇒ Object (readonly)
Returns the value of attribute dependency_files.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def dependency_files @dependency_files end |
#ignored_versions ⇒ Object (readonly)
Returns the value of attribute ignored_versions.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def ignored_versions @ignored_versions end |
#requirements_update_strategy ⇒ Object (readonly)
Returns the value of attribute requirements_update_strategy.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def requirements_update_strategy @requirements_update_strategy end |
#security_advisories ⇒ Object (readonly)
Returns the value of attribute security_advisories.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def security_advisories @security_advisories end |
Instance Method Details
#can_update?(requirements_to_unlock:) ⇒ Boolean
33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/dependabot/update_checkers/base.rb', line 33 def can_update?(requirements_to_unlock:) # Can't update if all versions are being ignored return false if ignore_reqs.include?(requirement_class.new(">= 0")) if dependency.version version_can_update?(requirements_to_unlock: requirements_to_unlock) else # TODO: Handle full unlock updates for dependencies without a lockfile return false if requirements_to_unlock == :none requirements_can_update? end end |
#latest_resolvable_version ⇒ Object
75 76 77 |
# File 'lib/dependabot/update_checkers/base.rb', line 75 def latest_resolvable_version raise NotImplementedError end |
#latest_resolvable_version_with_no_unlock ⇒ Object
83 84 85 |
# File 'lib/dependabot/update_checkers/base.rb', line 83 def latest_resolvable_version_with_no_unlock raise NotImplementedError end |
#latest_version ⇒ Object
60 61 62 |
# File 'lib/dependabot/update_checkers/base.rb', line 60 def latest_version raise NotImplementedError end |
#lowest_resolvable_security_fix_version ⇒ Object
79 80 81 |
# File 'lib/dependabot/update_checkers/base.rb', line 79 def lowest_resolvable_security_fix_version raise NotImplementedError end |
#preferred_resolvable_version ⇒ Object
64 65 66 67 68 69 70 71 72 73 |
# File 'lib/dependabot/update_checkers/base.rb', line 64 def preferred_resolvable_version # If this dependency is vulnerable, prefer trying to update to the # lowest_resolvable_security_fix_version. Otherwise update all the way # to the latest_resolvable_version. return lowest_resolvable_security_fix_version if vulnerable? latest_resolvable_version rescue NotImplementedError latest_resolvable_version end |
#requirement_class ⇒ Object
95 96 97 |
# File 'lib/dependabot/update_checkers/base.rb', line 95 def requirement_class Utils.requirement_class_for_package_manager(dependency.package_manager) end |
#requirements_unlocked_or_can_be? ⇒ Boolean
For some langauges, the manifest file may be constructed such that Dependabot has no way to update it (e.g., if it fetches its versions from a web API). This method is overridden in those cases.
102 103 104 |
# File 'lib/dependabot/update_checkers/base.rb', line 102 def requirements_unlocked_or_can_be? true end |
#up_to_date? ⇒ Boolean
25 26 27 28 29 30 31 |
# File 'lib/dependabot/update_checkers/base.rb', line 25 def up_to_date? if dependency.version version_up_to_date? else requirements_up_to_date? end end |
#updated_dependencies(requirements_to_unlock:) ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/dependabot/update_checkers/base.rb', line 47 def updated_dependencies(requirements_to_unlock:) unless can_update?(requirements_to_unlock: requirements_to_unlock) return [] end case requirements_to_unlock&.to_sym when :none then [updated_dependency_without_unlock] when :own then [updated_dependency_with_own_req_unlock] when :all then updated_dependencies_after_full_unlock else raise "Unknown unlock level '#{requirements_to_unlock}'" end end |
#updated_requirements ⇒ Object
87 88 89 |
# File 'lib/dependabot/update_checkers/base.rb', line 87 def updated_requirements raise NotImplementedError end |
#version_class ⇒ Object
91 92 93 |
# File 'lib/dependabot/update_checkers/base.rb', line 91 def version_class Utils.version_class_for_package_manager(dependency.package_manager) end |
#vulnerable? ⇒ Boolean
106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/dependabot/update_checkers/base.rb', line 106 def vulnerable? return false if security_advisories.none? # Can't (currently) detect whether dependencies without a version # (i.e., for repos without a lockfile) are vulnerable return false unless dependency.version # Can't (currently) detect whether git dependencies are vulnerable return false if existing_version_is_sha? version = version_class.new(dependency.version) security_advisories.any? { |a| a.vulnerable?(version) } end |