Class: Dependabot::Composer::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Composer::UpdateChecker

Defined in:

lib/dependabot/composer/update_checker.rb,
lib/dependabot/composer/update_checker/version_resolver.rb,
lib/dependabot/composer/update_checker/requirements_updater.rb,
lib/dependabot/composer/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: LatestVersionFinder, RequirementsUpdater, VersionResolver

Instance Method Summary

• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #requirements_update_strategy ⇒ Object
• #updated_requirements ⇒ Object

Instance Method Details

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 27

def latest_resolvable_version
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version ||=
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :own
    ).latest_resolvable_version
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 53

def latest_resolvable_version_with_no_unlock
  return nil if path_dependency? || git_dependency?

  @latest_resolvable_version_with_no_unlock ||=
    VersionResolver.new(
      credentials: credentials,
      dependency: dependency,
      dependency_files: dependency_files,
      latest_allowable_version: latest_version_from_registry,
      requirements_to_unlock: :none
    ).latest_resolvable_version
end

#latest_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 19

def latest_version
  return nil if path_dependency?
  return latest_version_for_git_dependency if git_dependency?

  # Fall back to latest_resolvable_version if no listings found
  latest_version_from_registry || latest_resolvable_version
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 44

def lowest_resolvable_security_fix_version
  raise "Dependency not vulnerable!" unless vulnerable?

  return @lowest_resolvable_security_fix_version if defined?(@lowest_resolvable_security_fix_version)

  @lowest_resolvable_security_fix_version =
    fetch_lowest_resolvable_security_fix_version
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 40

def lowest_security_fix_version
  latest_version_finder.lowest_security_fix_version
end

#requirements_unlocked_or_can_be? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/composer/update_checker.rb', line 74

def requirements_unlocked_or_can_be?
  !requirements_update_strategy.lockfile_only?
end

#requirements_update_strategy ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 78

def requirements_update_strategy
  # If passed in as an option (in the base class) honour that option
  return @requirements_update_strategy if @requirements_update_strategy

  # Otherwise, widen ranges for libraries and bump versions for apps
  library? ? RequirementsUpdateStrategy::WidenRanges : RequirementsUpdateStrategy::BumpVersionsIfNecessary
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/composer/update_checker.rb', line 66

def updated_requirements
  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_resolvable_version: preferred_resolvable_version&.to_s,
    update_strategy: requirements_update_strategy
  ).updated_requirements
end