Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Inherits:
-
Object
- Object
- Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder
- Extended by:
- T::Sig
- Defined in:
- lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb
Defined Under Namespace
Classes: RegistryError
Instance Method Summary collapse
-
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder
constructor
A new instance of LatestVersionFinder.
- #latest_version_from_registry ⇒ Object
- #latest_version_with_no_unlock ⇒ Object
- #lowest_security_fix_version ⇒ Object
- #possible_previous_versions_with_details ⇒ Object
- #possible_versions(filter_ignored: true) ⇒ Object
- #possible_versions_with_details(filter_ignored: true) ⇒ Object
Constructor Details
#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder
Returns a new instance of LatestVersionFinder.
29 30 31 32 33 34 35 36 37 38 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 29 def initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) @dependency = dependency @credentials = credentials @dependency_files = dependency_files @ignored_versions = ignored_versions @raise_on_ignored = raise_on_ignored @security_advisories = security_advisories end |
Instance Method Details
#latest_version_from_registry ⇒ Object
40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 40 def latest_version_from_registry return unless valid_npm_details? return if return if specified_dist_tag_requirement? possible_versions.find { |v| !yanked?(v) } rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError raise if dependency_registry == "registry.npmjs.org" # Custom registries can be flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#latest_version_with_no_unlock ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 52 def latest_version_with_no_unlock return unless valid_npm_details? return if specified_dist_tag_requirement? in_range_versions = filter_out_of_range_versions(possible_versions) in_range_versions.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#lowest_security_fix_version ⇒ Object
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 64 def lowest_security_fix_version return unless valid_npm_details? secure_versions = if specified_dist_tag_requirement? [].compact else possible_versions(filter_ignored: false) end secure_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(secure_versions, security_advisories) secure_versions = filter_ignored_versions(secure_versions) secure_versions = filter_lower_versions(secure_versions) secure_versions.reverse.find { |version| !yanked?(version) } rescue Excon::Error::Socket, Excon::Error::Timeout raise if dependency_registry == "registry.npmjs.org" # Sometimes custom registries are flaky. We don't want to make that # our problem, so we quietly return `nil` here. end |
#possible_previous_versions_with_details ⇒ Object
86 87 88 89 90 91 92 93 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 86 def possible_previous_versions_with_details @possible_previous_versions_with_details ||= npm_details.fetch("versions", {}) .transform_keys { |k| version_class.new(k) } .reject do |v, _| v.prerelease? && !(v) end .sort_by(&:first).reverse end |
#possible_versions(filter_ignored: true) ⇒ Object
104 105 106 107 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 104 def possible_versions(filter_ignored: true) possible_versions_with_details(filter_ignored: filter_ignored) .map(&:first) end |
#possible_versions_with_details(filter_ignored: true) ⇒ Object
95 96 97 98 99 100 101 102 |
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 95 def possible_versions_with_details(filter_ignored: true) versions = possible_previous_versions_with_details .reject { |_, details| details["deprecated"] } return filter_ignored_versions(versions) if filter_ignored versions end |