Class: Dependabot::UpdateCheckers::Base
- Inherits:
-
Object
- Object
- Dependabot::UpdateCheckers::Base
- Defined in:
- lib/dependabot/update_checkers/base.rb
Instance Attribute Summary collapse
-
#credentials ⇒ Object
readonly
Returns the value of attribute credentials.
-
#dependency ⇒ Object
readonly
Returns the value of attribute dependency.
-
#dependency_files ⇒ Object
readonly
Returns the value of attribute dependency_files.
-
#ignored_versions ⇒ Object
readonly
Returns the value of attribute ignored_versions.
-
#options ⇒ Object
readonly
Returns the value of attribute options.
-
#raise_on_ignored ⇒ Object
readonly
Returns the value of attribute raise_on_ignored.
-
#repo_contents_path ⇒ Object
readonly
Returns the value of attribute repo_contents_path.
-
#requirements_update_strategy ⇒ Object
readonly
Returns the value of attribute requirements_update_strategy.
-
#security_advisories ⇒ Object
readonly
Returns the value of attribute security_advisories.
Instance Method Summary collapse
- #can_update?(requirements_to_unlock:) ⇒ Boolean
-
#conflicting_dependencies ⇒ Array<Hash{String => String}] name [String] the blocking dependencies name version [String] the version of the blocking dependency requirement [String] the requirement on the target_dependency
Finds any dependencies in the lockfile that have a subdependency on the given dependency that do not satisfy the target_version.
- #ignore_requirements ⇒ Object
-
#initialize(dependency:, dependency_files:, repo_contents_path: nil, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: [], requirements_update_strategy: nil, options: {}) ⇒ Base
constructor
A new instance of Base.
- #latest_resolvable_previous_version(_updated_version) ⇒ Object
- #latest_resolvable_version ⇒ Object
- #latest_resolvable_version_with_no_unlock ⇒ Object
- #latest_version ⇒ Object
- #lowest_resolvable_security_fix_version ⇒ Object
-
#lowest_security_fix_version ⇒ Dependabot::<package manager>::Version, #to_s
Lowest available security fix version not checking resolvability.
- #preferred_resolvable_version ⇒ Object
- #requirement_class ⇒ Object
-
#requirements_unlocked_or_can_be? ⇒ Boolean
For some langauges, the manifest file may be constructed such that Dependabot has no way to update it (e.g., if it fetches its versions from a web API).
- #up_to_date? ⇒ Boolean
- #updated_dependencies(requirements_to_unlock:) ⇒ Object
- #updated_requirements ⇒ Object
- #version_class ⇒ Object
- #vulnerable? ⇒ Boolean
Constructor Details
#initialize(dependency:, dependency_files:, repo_contents_path: nil, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: [], requirements_update_strategy: nil, options: {}) ⇒ Base
Returns a new instance of Base.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/dependabot/update_checkers/base.rb', line 15 def initialize(dependency:, dependency_files:, repo_contents_path: nil, credentials:, ignored_versions: [], raise_on_ignored: false, security_advisories: [], requirements_update_strategy: nil, options: {}) @dependency = dependency @dependency_files = dependency_files @repo_contents_path = repo_contents_path @credentials = credentials @requirements_update_strategy = requirements_update_strategy @ignored_versions = ignored_versions @raise_on_ignored = raise_on_ignored @security_advisories = security_advisories @options = end |
Instance Attribute Details
#credentials ⇒ Object (readonly)
Returns the value of attribute credentials.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def credentials @credentials end |
#dependency ⇒ Object (readonly)
Returns the value of attribute dependency.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def dependency @dependency end |
#dependency_files ⇒ Object (readonly)
Returns the value of attribute dependency_files.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def dependency_files @dependency_files end |
#ignored_versions ⇒ Object (readonly)
Returns the value of attribute ignored_versions.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def ignored_versions @ignored_versions end |
#options ⇒ Object (readonly)
Returns the value of attribute options.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def @options end |
#raise_on_ignored ⇒ Object (readonly)
Returns the value of attribute raise_on_ignored.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def raise_on_ignored @raise_on_ignored end |
#repo_contents_path ⇒ Object (readonly)
Returns the value of attribute repo_contents_path.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def repo_contents_path @repo_contents_path end |
#requirements_update_strategy ⇒ Object (readonly)
Returns the value of attribute requirements_update_strategy.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def requirements_update_strategy @requirements_update_strategy end |
#security_advisories ⇒ Object (readonly)
Returns the value of attribute security_advisories.
10 11 12 |
# File 'lib/dependabot/update_checkers/base.rb', line 10 def security_advisories @security_advisories end |
Instance Method Details
#can_update?(requirements_to_unlock:) ⇒ Boolean
39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/dependabot/update_checkers/base.rb', line 39 def can_update?(requirements_to_unlock:) # Can't update if all versions are being ignored return false if ignore_requirements.include?(requirement_class.new(">= 0")) if dependency.version version_can_update?(requirements_to_unlock: requirements_to_unlock) else # TODO: Handle full unlock updates for dependencies without a lockfile return false if requirements_to_unlock == :none requirements_can_update? end end |
#conflicting_dependencies ⇒ Array<Hash{String => String}] name [String] the blocking dependencies name version [String] the version of the blocking dependency requirement [String] the requirement on the target_dependency
Finds any dependencies in the lockfile that have a subdependency on the given dependency that do not satisfy the target_version.
103 104 105 |
# File 'lib/dependabot/update_checkers/base.rb', line 103 def conflicting_dependencies [] # return an empty array for ecosystems that don't support this yet end |
#ignore_requirements ⇒ Object
144 145 146 |
# File 'lib/dependabot/update_checkers/base.rb', line 144 def ignore_requirements ignored_versions.flat_map { |req| requirement_class.requirements_array(req) } end |
#latest_resolvable_previous_version(_updated_version) ⇒ Object
107 108 109 |
# File 'lib/dependabot/update_checkers/base.rb', line 107 def latest_resolvable_previous_version(_updated_version) dependency.version end |
#latest_resolvable_version ⇒ Object
79 80 81 |
# File 'lib/dependabot/update_checkers/base.rb', line 79 def latest_resolvable_version raise NotImplementedError end |
#latest_resolvable_version_with_no_unlock ⇒ Object
93 94 95 |
# File 'lib/dependabot/update_checkers/base.rb', line 93 def latest_resolvable_version_with_no_unlock raise NotImplementedError end |
#latest_version ⇒ Object
64 65 66 |
# File 'lib/dependabot/update_checkers/base.rb', line 64 def latest_version raise NotImplementedError end |
#lowest_resolvable_security_fix_version ⇒ Object
89 90 91 |
# File 'lib/dependabot/update_checkers/base.rb', line 89 def lowest_resolvable_security_fix_version raise NotImplementedError end |
#lowest_security_fix_version ⇒ Dependabot::<package manager>::Version, #to_s
Lowest available security fix version not checking resolvability
85 86 87 |
# File 'lib/dependabot/update_checkers/base.rb', line 85 def lowest_security_fix_version raise NotImplementedError end |
#preferred_resolvable_version ⇒ Object
68 69 70 71 72 73 74 75 76 77 |
# File 'lib/dependabot/update_checkers/base.rb', line 68 def preferred_resolvable_version # If this dependency is vulnerable, prefer trying to update to the # lowest_resolvable_security_fix_version. Otherwise update all the way # to the latest_resolvable_version. return lowest_resolvable_security_fix_version if vulnerable? latest_resolvable_version rescue NotImplementedError latest_resolvable_version end |
#requirement_class ⇒ Object
119 120 121 |
# File 'lib/dependabot/update_checkers/base.rb', line 119 def requirement_class Utils.requirement_class_for_package_manager(dependency.package_manager) end |
#requirements_unlocked_or_can_be? ⇒ Boolean
For some langauges, the manifest file may be constructed such that Dependabot has no way to update it (e.g., if it fetches its versions from a web API). This method is overridden in those cases.
126 127 128 |
# File 'lib/dependabot/update_checkers/base.rb', line 126 def requirements_unlocked_or_can_be? true end |
#up_to_date? ⇒ Boolean
31 32 33 34 35 36 37 |
# File 'lib/dependabot/update_checkers/base.rb', line 31 def up_to_date? if dependency.version version_up_to_date? else requirements_up_to_date? end end |
#updated_dependencies(requirements_to_unlock:) ⇒ Object
53 54 55 56 57 58 59 60 61 62 |
# File 'lib/dependabot/update_checkers/base.rb', line 53 def updated_dependencies(requirements_to_unlock:) return [] unless can_update?(requirements_to_unlock: requirements_to_unlock) case requirements_to_unlock&.to_sym when :none then [updated_dependency_without_unlock] when :own then [updated_dependency_with_own_req_unlock] when :all then updated_dependencies_after_full_unlock else raise "Unknown unlock level '#{requirements_to_unlock}'" end end |
#updated_requirements ⇒ Object
111 112 113 |
# File 'lib/dependabot/update_checkers/base.rb', line 111 def updated_requirements raise NotImplementedError end |
#version_class ⇒ Object
115 116 117 |
# File 'lib/dependabot/update_checkers/base.rb', line 115 def version_class Utils.version_class_for_package_manager(dependency.package_manager) end |
#vulnerable? ⇒ Boolean
130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/dependabot/update_checkers/base.rb', line 130 def vulnerable? return false if security_advisories.none? # Can't (currently) detect whether dependencies without a version # (i.e., for repos without a lockfile) are vulnerable return false unless dependency.version # Can't (currently) detect whether git dependencies are vulnerable return false if existing_version_is_sha? version = version_class.new(dependency.version) security_advisories.any? { |a| a.vulnerable?(version) } end |