Class: Dependabot::Dependency

Inherits:
Object
  • Object
show all
Defined in:
lib/dependabot/dependency.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name:, requirements:, package_manager:, version: nil, previous_version: nil, previous_requirements: nil, subdependency_metadata: [], removed: false, metadata: {}) ⇒ Dependency

Returns a new instance of Dependency.



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/dependabot/dependency.rb', line 43

def initialize(name:, requirements:, package_manager:, version: nil,
               previous_version: nil, previous_requirements: nil,
               subdependency_metadata: [], removed: false, metadata: {})
  @name = name
  @version = version
  @requirements = requirements.map { |req| symbolize_keys(req) }
  @previous_version = previous_version
  @previous_requirements =
    previous_requirements&.map { |req| symbolize_keys(req) }
  @package_manager = package_manager
  unless top_level? || subdependency_metadata == []
    @subdependency_metadata = subdependency_metadata
                              &.map { |h| symbolize_keys(h) }
  end
  @removed = removed
  @metadata = symbolize_keys(metadata || {})

  check_values
end

Instance Attribute Details

#metadataObject (readonly)

Returns the value of attribute metadata.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def metadata
  @metadata
end

#nameObject (readonly)

Returns the value of attribute name.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def name
  @name
end

#package_managerObject (readonly)

Returns the value of attribute package_manager.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def package_manager
  @package_manager
end

#previous_requirementsObject (readonly)

Returns the value of attribute previous_requirements.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def previous_requirements
  @previous_requirements
end

#previous_versionObject (readonly)

Returns the value of attribute previous_version.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def previous_version
  @previous_version
end

#requirementsObject (readonly)

Returns the value of attribute requirements.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def requirements
  @requirements
end

#subdependency_metadataObject (readonly)

Returns the value of attribute subdependency_metadata.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def subdependency_metadata
  @subdependency_metadata
end

#versionObject (readonly)

Returns the value of attribute version.



39
40
41
 
# File 'lib/dependabot/dependency.rb', line 39

def version
  @version
end

Class Method Details

.display_name_builder_for_package_manager(package_manager) ⇒ Object 



23
24
25
 
# File 'lib/dependabot/dependency.rb', line 23

def self.display_name_builder_for_package_manager(package_manager)
  @display_name_builders[package_manager]
end

.name_normaliser_for_package_manager(package_manager) ⇒ Object 



31
32
33
 
# File 'lib/dependabot/dependency.rb', line 31

def self.name_normaliser_for_package_manager(package_manager)
  @name_normalisers[package_manager] || ->(name) { name }
end

.production_check_for_package_manager(package_manager) ⇒ Object 



12
13
14
15
16
17
 
# File 'lib/dependabot/dependency.rb', line 12

def self.production_check_for_package_manager(package_manager)
  production_check = @production_checks[package_manager]
  return production_check if production_check

  raise "Unsupported package_manager #{package_manager}"
end

.register_display_name_builder(package_manager, name_builder) ⇒ Object 



27
28
29
 
# File 'lib/dependabot/dependency.rb', line 27

def self.register_display_name_builder(package_manager, name_builder)
  @display_name_builders[package_manager] = name_builder
end

.register_name_normaliser(package_manager, name_builder) ⇒ Object 



35
36
37
 
# File 'lib/dependabot/dependency.rb', line 35

def self.register_name_normaliser(package_manager, name_builder)
  @name_normalisers[package_manager] = name_builder
end

.register_production_check(package_manager, production_check) ⇒ Object 



19
20
21
 
# File 'lib/dependabot/dependency.rb', line 19

def self.register_production_check(package_manager, production_check)
  @production_checks[package_manager] = production_check
end

Instance Method Details

#==(other) ⇒ Object 



191
192
193
 
# File 'lib/dependabot/dependency.rb', line 191

def ==(other)
  other.instance_of?(self.class) && to_h == other.to_h
end

#all_sourcesObject 



235
236
237
238
239
240
241
242
243
 
# File 'lib/dependabot/dependency.rb', line 235

def all_sources
  if top_level?
    requirements.map { |requirement| requirement.fetch(:source) }
  elsif subdependency_metadata
    subdependency_metadata.filter_map { |data| data[:source] }
  else
    []
  end
end

#all_versionsObject

Returns all detected versions of the dependency. Only ecosystems that support this feature will return more than the current version.



177
178
179
180
181
182
 
# File 'lib/dependabot/dependency.rb', line 177

def all_versions
  all_versions = metadata[:all_versions]
  return [version].compact unless all_versions

  all_versions.filter_map(&:version)
end

#appears_in_lockfile?Boolean

Returns:

  • (Boolean) 


88
89
90
 
# File 'lib/dependabot/dependency.rb', line 88

def appears_in_lockfile?
  previous_version || (version && previous_requirements.nil?)
end

#display_nameObject 



106
107
108
109
110
111
112
 
# File 'lib/dependabot/dependency.rb', line 106

def display_name
  display_name_builder =
    self.class.display_name_builder_for_package_manager(package_manager)
  return name unless display_name_builder

  display_name_builder.call(name)
end

#docker_digest_from_reqs(requirements) ⇒ Object 



151
152
153
154
155
 
# File 'lib/dependabot/dependency.rb', line 151

def docker_digest_from_reqs(requirements)
  requirements
    .filter_map { |r| r.dig(:source, "digest") || r.dig(:source, :digest) }
    .first
end

#eql?(other) ⇒ Boolean

Returns:

  • (Boolean) 


199
200
201
 
# File 'lib/dependabot/dependency.rb', line 199

def eql?(other)
  self == other
end

#hashObject 



195
196
197
 
# File 'lib/dependabot/dependency.rb', line 195

def hash
  to_h.hash
end

#humanized_previous_versionObject 



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
# File 'lib/dependabot/dependency.rb', line 114

def humanized_previous_version
  # If we don't have a previous version, we *may* still be able to figure
  # one out if a ref was provided and has been changed (in which case the
  # previous ref was essentially the version).
  if previous_version.nil?
    return ref_changed? ? previous_ref : nil
  end

  if previous_version.match?(/^[0-9a-f]{40}/)
    return previous_ref if ref_changed? && previous_ref

    "`#{previous_version[0..6]}`"
  elsif version == previous_version &&
        package_manager == "docker"
    digest = docker_digest_from_reqs(previous_requirements)
    "`#{digest.split(':').last[0..6]}`"
  else
    previous_version
  end
end

#humanized_versionObject 



135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/dependabot/dependency.rb', line 135

def humanized_version
  return if removed?

  if version.match?(/^[0-9a-f]{40}/)
    return new_ref if ref_changed? && new_ref

    "`#{version[0..6]}`"
  elsif version == previous_version &&
        package_manager == "docker"
    digest = docker_digest_from_reqs(requirements)
    "`#{digest.split(':').last[0..6]}`"
  else
    version
  end
end

#informational_only?Boolean

This dependency is being indirectly updated by an update to another dependency. We don’t need to try and update it ourselves but want to surface it to the user in the PR.

Returns:

  • (Boolean) 


187
188
189
 
# File 'lib/dependabot/dependency.rb', line 187

def informational_only?
  metadata[:information_only]
end

#new_refObject 



164
165
166
167
168
169
 
# File 'lib/dependabot/dependency.rb', line 164

def new_ref
  new_refs = requirements.filter_map do |r|
    r.dig(:source, "ref") || r.dig(:source, :ref)
  end.uniq
  new_refs.first if new_refs.count == 1
end

#numeric_versionObject 



71
72
73
 
# File 'lib/dependabot/dependency.rb', line 71

def numeric_version
  @numeric_version ||= version_class.new(version) if version && version_class.correct?(version)
end

#previous_refObject 



157
158
159
160
161
162
 
# File 'lib/dependabot/dependency.rb', line 157

def previous_ref
  previous_refs = previous_requirements.filter_map do |r|
    r.dig(:source, "ref") || r.dig(:source, :ref)
  end.uniq
  previous_refs.first if previous_refs.count == 1
end

#production?Boolean

Returns:

  • (Boolean) 


92
93
94
95
96
97
98
99
100
 
# File 'lib/dependabot/dependency.rb', line 92

def production?
  return subdependency_production_check unless top_level?

  groups = requirements.flat_map { |r| r.fetch(:groups).map(&:to_s) }

  self.class
      .production_check_for_package_manager(package_manager)
      .call(groups)
end

#ref_changed?Boolean

Returns:

  • (Boolean) 


171
172
173
 
# File 'lib/dependabot/dependency.rb', line 171

def ref_changed?
  previous_ref != new_ref
end

#removed?Boolean

Returns:

  • (Boolean) 


67
68
69
 
# File 'lib/dependabot/dependency.rb', line 67

def removed?
  @removed
end

#requirement_classObject 



207
208
209
 
# File 'lib/dependabot/dependency.rb', line 207

def requirement_class
  Utils.requirement_class_for_package_manager(package_manager)
end

#source_details(allowed_types: nil) ⇒ Object 



215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/dependabot/dependency.rb', line 215

def source_details(allowed_types: nil)
  sources = all_sources.uniq.compact
  sources.select! { |source| allowed_types.include?(source[:type].to_s) } if allowed_types

  git = allowed_types == ["git"]

  if (git && sources.map { |s| s[:url] }.uniq.count > 1) || (!git && sources.count > 1)
    raise "Multiple sources! #{sources.join(', ')}"
  end

  sources.first
end

#source_typeObject 



228
229
230
231
232
233
 
# File 'lib/dependabot/dependency.rb', line 228

def source_type
  details = source_details
  return "default" if details.nil?

  details[:type] || details.fetch("type")
end

#specific_requirementsObject 



203
204
205
 
# File 'lib/dependabot/dependency.rb', line 203

def specific_requirements
  requirements.select { |r| requirement_class.new(r[:requirement]).specific? }
end

#subdependency_production_checkObject 



102
103
104
 
# File 'lib/dependabot/dependency.rb', line 102

def subdependency_production_check
  !subdependency_metadata&.all? { |h| h[:production] == false }
end

#to_hObject 



75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/dependabot/dependency.rb', line 75

def to_h
  {
    "name" => name,
    "version" => version,
    "requirements" => requirements,
    "previous_version" => previous_version,
    "previous_requirements" => previous_requirements,
    "package_manager" => package_manager,
    "subdependency_metadata" => subdependency_metadata,
    "removed" => removed? ? true : nil
  }.compact
end

#top_level?Boolean

Returns:

  • (Boolean) 


63
64
65
 
# File 'lib/dependabot/dependency.rb', line 63

def top_level?
  requirements.any?
end

#version_classObject 



211
212
213
 
# File 'lib/dependabot/dependency.rb', line 211

def version_class
  Utils.version_class_for_package_manager(package_manager)
end