Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Inherits:
-
Object
- Object
- Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Defined in:
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
Defined Under Namespace
Classes: RegistryError
Instance Method Summary collapse
-
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:) ⇒ LatestVersionFinder
constructor
A new instance of LatestVersionFinder.
- #latest_version_from_registry ⇒ Object
- #latest_version_with_no_unlock ⇒ Object
- #lowest_security_fix_version ⇒ Object
- #possible_previous_versions_with_details ⇒ Object
- #possible_versions ⇒ Object
- #possible_versions_with_details ⇒ Object
Constructor Details
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:) ⇒ LatestVersionFinder
Returns a new instance of LatestVersionFinder.
25 26 27 28 29 30 31 32 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 25 def initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:) @dependency = dependency @credentials = credentials @dependency_files = dependency_files @ignored_versions = ignored_versions @security_advisories = security_advisories end |
Instance Method Details
#latest_version_from_registry ⇒ Object
34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 34 def latest_version_from_registry return unless valid_npm_details? return if return if specified_dist_tag_requirement? possible_versions.find { |v| !yanked?(v) } rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError raise if dependency_registry == "registry.npmjs.org" # Custom registries can be flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#latest_version_with_no_unlock ⇒ Object
46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 46 def latest_version_with_no_unlock return unless valid_npm_details? return if specified_dist_tag_requirement? in_range_versions = filter_out_of_range_versions(possible_versions) in_range_versions.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#lowest_security_fix_version ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 58 def lowest_security_fix_version return unless valid_npm_details? versions_array = if specified_dist_tag_requirement? [].compact else possible_versions end secure_versions = filter_vulnerable_versions(versions_array) secure_versions = filter_lower_versions(secure_versions) secure_versions.reverse.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#possible_previous_versions_with_details ⇒ Object
76 77 78 79 80 81 82 83 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 76 def possible_previous_versions_with_details @possible_previous_versions_with_details ||= begin npm_details.fetch("versions", {}). transform_keys { |k| version_class.new(k) }. reject { |v, _| v.prerelease? && !(v) }. sort_by(&:first).reverse end end |
#possible_versions ⇒ Object
91 92 93 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 91 def possible_versions possible_versions_with_details.map(&:first) end |
#possible_versions_with_details ⇒ Object
85 86 87 88 89 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 85 def possible_versions_with_details possible_previous_versions_with_details. reject { |_, details| details["deprecated"] }. reject { |v, _| ignore_reqs.any? { |r| r.satisfied_by?(v) } } end |