Class: Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

Defined Under Namespace

Classes: RegistryError

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, credentials:, dependency_files:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ LatestVersionFinder

Returns a new instance of LatestVersionFinder.



29
30
31
32
33
34
35
36
37
38
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 29

def initialize(dependency:, credentials:, dependency_files:,
               ignored_versions:, security_advisories:,
               raise_on_ignored: false)
  @dependency          = dependency
  @credentials         = credentials
  @dependency_files    = dependency_files
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
end

Instance Method Details

#latest_version_from_registryObject



40
41
42
43
44
45
46
47
48
49
50
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 40

def latest_version_from_registry
  return unless valid_npm_details?
  return version_from_dist_tags if version_from_dist_tags
  return if specified_dist_tag_requirement?

  possible_versions.find { |v| !yanked?(v) }
rescue Excon::Error::Socket, Excon::Error::Timeout, RegistryError
  raise if dependency_registry == "registry.npmjs.org"
  # Custom registries can be flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#latest_version_with_no_unlockObject



52
53
54
55
56
57
58
59
60
61
62
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 52

def latest_version_with_no_unlock
  return unless valid_npm_details?
  return version_from_dist_tags if specified_dist_tag_requirement?

  in_range_versions = filter_out_of_range_versions(possible_versions)
  in_range_versions.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#lowest_security_fix_versionObject



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 64

def lowest_security_fix_version
  return unless valid_npm_details?

  secure_versions =
    if specified_dist_tag_requirement?
      [version_from_dist_tags].compact
    else
      possible_versions(filter_ignored: false)
    end

  secure_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(secure_versions,
                                                                                          security_advisories)
  secure_versions = filter_ignored_versions(secure_versions)
  secure_versions = filter_lower_versions(secure_versions)

  secure_versions.reverse.find { |version| !yanked?(version) }
rescue Excon::Error::Socket, Excon::Error::Timeout
  raise if dependency_registry == "registry.npmjs.org"
  # Sometimes custom registries are flaky. We don't want to make that
  # our problem, so we quietly return `nil` here.
end

#possible_previous_versions_with_detailsObject



86
87
88
89
90
91
92
93
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 86

def possible_previous_versions_with_details
  @possible_previous_versions_with_details ||= npm_details.fetch("versions", {})
                                                          .transform_keys { |k| version_class.new(k) }
                                                          .reject do |v, _|
                                                            v.prerelease? && !related_to_current_pre?(v)
                                                          end
                                                          .sort_by(&:first).reverse
end

#possible_versions(filter_ignored: true) ⇒ Object



104
105
106
107
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 104

def possible_versions(filter_ignored: true)
  possible_versions_with_details(filter_ignored: filter_ignored)
    .map(&:first)
end

#possible_versions_with_details(filter_ignored: true) ⇒ Object



95
96
97
98
99
100
101
102
# File 'lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb', line 95

def possible_versions_with_details(filter_ignored: true)
  versions = possible_previous_versions_with_details
             .reject { |_, details| details["deprecated"] }

  return filter_ignored_versions(versions) if filter_ignored

  versions
end