Class: Dependabot::Maven::UpdateChecker::VersionFinder

Inherits:

Object

• Object
• Dependabot::Maven::UpdateChecker::VersionFinder

Defined in:

lib/dependabot/maven/update_checker/version_finder.rb

Constant Summary

TYPE_SUFFICES =

%w(jre android java native_mt agp).freeze

Instance Method Summary

• #initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ VersionFinder constructor

  A new instance of VersionFinder.

• #latest_version_details ⇒ Object
• #lowest_security_fix_version_details ⇒ Object
• #versions ⇒ Object

Constructor Details

#initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ VersionFinder

Returns a new instance of VersionFinder.

# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 18

def initialize(dependency:, dependency_files:, credentials:,
               ignored_versions:, security_advisories:,
               raise_on_ignored: false)
  @dependency          = dependency
  @dependency_files    = dependency_files
  @credentials         = credentials
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
  @forbidden_urls      = []
end

Instance Method Details

#latest_version_details ⇒ Object

# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 30

def latest_version_details
  possible_versions = versions

  possible_versions = filter_prereleases(possible_versions)
  possible_versions = filter_date_based_versions(possible_versions)
  possible_versions = filter_version_types(possible_versions)
  possible_versions = filter_ignored_versions(possible_versions)

  possible_versions.reverse.find { |v| released?(v.fetch(:version)) }
end

#lowest_security_fix_version_details ⇒ Object

# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 41

def lowest_security_fix_version_details
  possible_versions = versions

  possible_versions = filter_prereleases(possible_versions)
  possible_versions = filter_date_based_versions(possible_versions)
  possible_versions = filter_version_types(possible_versions)
  possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
                                                                                            security_advisories)
  possible_versions = filter_ignored_versions(possible_versions)
  possible_versions = filter_lower_versions(possible_versions)

  possible_versions.find { |v| released?(v.fetch(:version)) }
end

#versions ⇒ Object

Raises:

• (PrivateSourceAuthenticationFailure)

# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 55

def versions
  version_details =
    repositories.map do |repository_details|
      url = repository_details.fetch("url")
      dependency_metadata(repository_details).
        css("versions > version").
        select { |node| version_class.correct?(node.content) }.
        map { |node| version_class.new(node.content) }.
        map { |version| { version: version, source_url: url } }
    end.flatten

  raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?

  version_details.sort_by { |details| details.fetch(:version) }
end