Class: Dependabot::Nuget::UpdateChecker

Inherits:

UpdateCheckers::Base

Object
UpdateCheckers::Base
Dependabot::Nuget::UpdateChecker

show all

Extended by:: T::Sig

Defined in:: lib/dependabot/nuget/update_checker.rb,
lib/dependabot/nuget/update_checker/version_finder.rb,
lib/dependabot/nuget/update_checker/property_updater.rb,
lib/dependabot/nuget/update_checker/dependency_finder.rb,
lib/dependabot/nuget/update_checker/requirements_updater.rb

Defined Under Namespace

Classes: DependencyFinder, PropertyUpdater, RequirementsUpdater, VersionFinder

Constant Summary collapse

PROPERTY_REGEX =

/\$\((?<property>.*?)\)/

Class Method Summary collapse

.native_analysis_enabled? ⇒ Boolean

Instance Method Summary collapse

#latest_resolvable_version ⇒ Object
#latest_resolvable_version_with_no_unlock ⇒ Object
#latest_version ⇒ Object
#lowest_resolvable_security_fix_version ⇒ Object
#lowest_security_fix_version ⇒ Object
#requirements_unlocked_or_can_be? ⇒ Boolean
#up_to_date? ⇒ Boolean
#updated_requirements ⇒ Object

Class Method Details

.native_analysis_enabled? ⇒ `Boolean`

Returns:

(Boolean)



24
25
26

# File 'lib/dependabot/nuget/update_checker.rb', line 24

def self.native_analysis_enabled?
  Dependabot::Experiments.enabled?(:nuget_native_analysis)
end

Instance Method Details

#latest_resolvable_version ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 43

def latest_resolvable_version
  return native_update_checker.latest_resolvable_version if UpdateChecker.native_analysis_enabled?

  # We always want a full unlock since any package update could update peer dependencies as well.
  # To force a full unlock instead of an own unlock, we return nil.
  nil
end

#latest_resolvable_version_with_no_unlock ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 66

def latest_resolvable_version_with_no_unlock
  return native_update_checker.latest_resolvable_version_with_no_unlock if UpdateChecker.native_analysis_enabled?

  # Irrelevant, since Nuget has a single dependency file
  nil
end

#latest_version ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 29

def latest_version
  return native_update_checker.latest_version if UpdateChecker.native_analysis_enabled?

  # No need to find latest version for transitive dependencies unless they have a vulnerability.
  return dependency.version if !dependency.top_level? && !vulnerable?

  # if no update sources have the requisite package, then we can only assume that the current version is correct
  @latest_version = T.let(
    latest_version_details&.fetch(:version)&.to_s || dependency.version,
    T.nilable(String)
  )
end

#lowest_resolvable_security_fix_version ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 59

def lowest_resolvable_security_fix_version
  return nil if version_comes_from_multi_dependency_property?

  lowest_security_fix_version
end

#lowest_security_fix_version ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 52

def lowest_security_fix_version
  return native_update_checker.lowest_security_fix_version if UpdateChecker.native_analysis_enabled?

  lowest_security_fix_version_details&.fetch(:version)
end

#requirements_unlocked_or_can_be? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/dependabot/nuget/update_checker.rb', line 100

def requirements_unlocked_or_can_be?
  # If any requirements have an uninterpolated property in them then
  # that property couldn't be found, and the requirement therefore
  # cannot be unlocked (since we can't update that property)
  dependency.requirements.none? do |req|
    req.fetch(:requirement)&.match?(PROPERTY_REGEX)
  end
end

#up_to_date? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/dependabot/nuget/update_checker.rb', line 85

def up_to_date?
  return native_update_checker.up_to_date? if UpdateChecker.native_analysis_enabled?

  # No need to update transitive dependencies unless they have a vulnerability.
  return true if !dependency.top_level? && !vulnerable?

  # If any requirements have an uninterpolated property in them then
  # that property couldn't be found, and we assume that the dependency
  # is up-to-date
  return true unless requirements_unlocked_or_can_be?

  super
end

#updated_requirements ⇒ `Object`

# File 'lib/dependabot/nuget/update_checker.rb', line 74

def updated_requirements
  return native_update_checker.updated_requirements if UpdateChecker.native_analysis_enabled?

  RequirementsUpdater.new(
    requirements: dependency.requirements,
    latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
    source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
  ).updated_requirements
end

Class: Dependabot::Nuget::UpdateChecker

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.native_analysis_enabled? ⇒ Boolean

Instance Method Details

#latest_resolvable_version ⇒ Object

#latest_resolvable_version_with_no_unlock ⇒ Object

#latest_version ⇒ Object

#lowest_resolvable_security_fix_version ⇒ Object

#lowest_security_fix_version ⇒ Object

#requirements_unlocked_or_can_be? ⇒ Boolean

#up_to_date? ⇒ Boolean

#updated_requirements ⇒ Object

.native_analysis_enabled? ⇒ `Boolean`

#latest_resolvable_version ⇒ `Object`

#latest_resolvable_version_with_no_unlock ⇒ `Object`

#latest_version ⇒ `Object`

#lowest_resolvable_security_fix_version ⇒ `Object`

#lowest_security_fix_version ⇒ `Object`

#requirements_unlocked_or_can_be? ⇒ `Boolean`

#up_to_date? ⇒ `Boolean`

#updated_requirements ⇒ `Object`