Class: Dependabot::Maven::UpdateChecker

Inherits:

UpdateCheckers::Base

• Object
• UpdateCheckers::Base
• Dependabot::Maven::UpdateChecker

Defined in:

lib/dependabot/maven/update_checker.rb,
lib/dependabot/maven/update_checker/version_finder.rb,
lib/dependabot/maven/update_checker/property_updater.rb,
lib/dependabot/maven/update_checker/requirements_updater.rb

Defined Under Namespace

Classes: PropertyUpdater, RequirementsUpdater, VersionFinder

Instance Method Summary

• #latest_resolvable_version ⇒ Object
• #latest_resolvable_version_with_no_unlock ⇒ Object
• #latest_version ⇒ Object
• #lowest_resolvable_security_fix_version ⇒ Object
• #lowest_security_fix_version ⇒ Object
• #requirements_unlocked_or_can_be? ⇒ Boolean
• #updated_requirements ⇒ Object

Instance Method Details

#latest_resolvable_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 19

def latest_resolvable_version
  # Maven's version resolution algorithm is very simple: it just uses
  # the version defined "closest", with the first declaration winning
  # if two declarations are equally close. As a result, we can just
  # return that latest version unless dealing with a property dep.
  # https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Transitive_Dependencies
  return nil if version_comes_from_multi_dependency_property?

  latest_version
end

#latest_resolvable_version_with_no_unlock ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 38

def latest_resolvable_version_with_no_unlock
  # Irrelevant, since Maven has a single dependency file (the pom.xml).
  #
  # For completeness we ought to resolve the pom.xml and return the
  # latest version that satisfies the current constraint AND any
  # constraints placed on it by other dependencies. Seeing as we're
  # never going to take any action as a result, though, we just return
  # nil.
  nil
end

#latest_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 15

def latest_version
  latest_version_details&.fetch(:version)
end

#lowest_resolvable_security_fix_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 34

def lowest_resolvable_security_fix_version
  lowest_security_fix_version
end

#lowest_security_fix_version ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 30

def lowest_security_fix_version
  lowest_security_fix_version_details&.fetch(:version)
end

#requirements_unlocked_or_can_be? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/dependabot/maven/update_checker.rb', line 62

def requirements_unlocked_or_can_be?
  declarations_using_a_property.none? do |requirement|
    prop_name = requirement.dig(:metadata, :property_name)
    pom = dependency_files.find { |f| f.name == requirement[:file] }

    declaration_pom_name =
      property_value_finder
      .property_details(property_name: prop_name, callsite_pom: pom)
      &.fetch(:file)

    declaration_pom_name == "remote_pom.xml"
  end
end

#updated_requirements ⇒ Object

# File 'lib/dependabot/maven/update_checker.rb', line 49

def updated_requirements
  property_names =
    declarations_using_a_property
    .map { |req| req.dig(:metadata, :property_name) }

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version&.to_s,
    source_url: preferred_version_details&.fetch(:source_url),
    properties_to_update: property_names
  ).updated_requirements
end