Class: Dependabot::Maven::UpdateChecker::VersionFinder

Inherits:
Object
  • Object
show all
Extended by:
T::Sig
Defined in:
lib/dependabot/maven/update_checker/version_finder.rb

Constant Summary collapse

TYPE_SUFFICES =
%w(jre android java native_mt agp).freeze

Instance Method Summary collapse

Constructor Details

#initialize(dependency:, dependency_files:, credentials:, ignored_versions:, security_advisories:, raise_on_ignored: false) ⇒ VersionFinder

Returns a new instance of VersionFinder.



22
23
24
25
26
27
28
29
30
31
32
33
# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 22

def initialize(dependency:, dependency_files:, credentials:,
               ignored_versions:, security_advisories:,
               raise_on_ignored: false)
  @dependency          = dependency
  @dependency_files    = dependency_files
  @credentials         = credentials
  @ignored_versions    = ignored_versions
  @raise_on_ignored    = raise_on_ignored
  @security_advisories = security_advisories
  @forbidden_urls      = []
  @dependency_metadata = {}
end

Instance Method Details

#latest_version_detailsObject



35
36
37
38
39
40
41
42
43
44
# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 35

def latest_version_details
  possible_versions = versions

  possible_versions = filter_prereleases(possible_versions)
  possible_versions = filter_date_based_versions(possible_versions)
  possible_versions = filter_version_types(possible_versions)
  possible_versions = filter_ignored_versions(possible_versions)

  possible_versions.reverse.find { |v| released?(v.fetch(:version)) }
end

#lowest_security_fix_version_detailsObject



46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 46

def lowest_security_fix_version_details
  possible_versions = versions

  possible_versions = filter_prereleases(possible_versions)
  possible_versions = filter_date_based_versions(possible_versions)
  possible_versions = filter_version_types(possible_versions)
  possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
                                                                                            security_advisories)
  possible_versions = filter_ignored_versions(possible_versions)
  possible_versions = filter_lower_versions(possible_versions)

  possible_versions.find { |v| released?(v.fetch(:version)) }
end

#versionsObject

Raises:

  • (PrivateSourceAuthenticationFailure)


61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/dependabot/maven/update_checker/version_finder.rb', line 61

def versions
  version_details =
    repositories.map do |repository_details|
      url = repository_details.fetch("url")
      xml = (repository_details)
      next [] if xml.nil?

      break xml.css("versions > version")
               .select { |node| version_class.correct?(node.content) }
               .map { |node| version_class.new(node.content) }
               .map { |version| { version: version, source_url: url } }
    end.flatten

  raise PrivateSourceAuthenticationFailure, forbidden_urls.first if version_details.none? && forbidden_urls.any?

  version_details.sort_by { |details| details.fetch(:version) }
end