cargo: AllVersionsIgnored

dependabot · May 25, 2020 · 0c26945 · 0c26945
1 parent 8473ed1
commit 0c26945
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 4 deletions.
diff --git a/cargo/lib/dependabot/cargo/update_checker.rb b/cargo/lib/dependabot/cargo/update_checker.rb
@@ -109,6 +109,7 @@ def latest_version_finder
           dependency_files: dependency_files,
           credentials: credentials,
           ignored_versions: ignored_versions,
+          raise_on_ignored: raise_on_ignored,
           security_advisories: security_advisories
         )
       end

diff --git a/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb b/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb
@@ -8,11 +8,13 @@ module Cargo
     class UpdateChecker
       class LatestVersionFinder
         def initialize(dependency:, dependency_files:, credentials:,
-                       ignored_versions:, security_advisories:)
+                       ignored_versions:, raise_on_ignored: false,
+                       security_advisories:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @credentials         = credentials
           @ignored_versions    = ignored_versions
+          @raise_on_ignored    = raise_on_ignored
           @security_advisories = security_advisories
         end
 
@@ -39,8 +41,8 @@ def fetch_latest_version
         def fetch_lowest_security_fix_version
           versions = available_versions
           versions = filter_prerelease_versions(versions)
-          versions = filter_ignored_versions(versions)
           versions = filter_vulnerable_versions(versions)
+          versions = filter_ignored_versions(versions)
           versions = filter_lower_versions(versions)
           versions.min
         end
@@ -52,8 +54,13 @@ def filter_prerelease_versions(versions_array)
         end
 
         def filter_ignored_versions(versions_array)
-          versions_array.
-            reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
+          filtered = versions_array.
+                     reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v) } }
+          if @raise_on_ignored && filtered.empty? && versions_array.any?
+            raise Dependabot::AllVersionsIgnored
+          end
+
+          filtered
         end
 
         def filter_vulnerable_versions(versions_array)

diff --git a/cargo/spec/dependabot/cargo/update_checker/latest_version_finder_spec.rb b/cargo/spec/dependabot/cargo/update_checker/latest_version_finder_spec.rb
@@ -19,11 +19,13 @@
       dependency_files: dependency_files,
       credentials: credentials,
       ignored_versions: ignored_versions,
+      raise_on_ignored: raise_on_ignored,
       security_advisories: security_advisories
     )
   end
 
   let(:ignored_versions) { [] }
+  let(:raise_on_ignored) { false }
   let(:security_advisories) { [] }
   let(:credentials) do
     [{
@@ -150,6 +152,20 @@
       it { is_expected.to eq(Gem::Version.new("0.1.20")) }
     end
 
+    context "when all versions are being ignored" do
+      let(:ignored_versions) { [">= 0"] }
+      it "returns nil" do
+        expect(subject).to be_nil
+      end
+
+      context "raise_on_ignored" do
+        let(:raise_on_ignored) { true }
+        it "raises an error" do
+          expect { subject }.to raise_error(Dependabot::AllVersionsIgnored)
+        end
+      end
+    end
+
     context "when the lowest fixed version is a pre-release" do
       let(:dependency_name) { "xdg" }
       let(:dependency_version) { "1.0.0" }

diff --git a/cargo/spec/dependabot/cargo/update_checker_spec.rb b/cargo/spec/dependabot/cargo/update_checker_spec.rb
@@ -22,11 +22,13 @@
       dependency_files: dependency_files,
       credentials: credentials,
       ignored_versions: ignored_versions,
+      raise_on_ignored: raise_on_ignored,
       security_advisories: security_advisories
     )
   end
 
   let(:ignored_versions) { [] }
+  let(:raise_on_ignored) { false }
   let(:security_advisories) { [] }
   let(:credentials) do
     [{
@@ -201,6 +203,14 @@
       it { is_expected.to eq(Gem::Version.new("0.1.39")) }
     end
 
+    context "when all versions are being ignored" do
+      let(:ignored_versions) { [">= 0"] }
+      let(:raise_on_ignored) { true }
+      it "raises an error" do
+        expect { subject }.to raise_error(Dependabot::AllVersionsIgnored)
+      end
+    end
+
     context "with a git dependency" do
       before do
         git_url = "https://github.com/BurntSushi/utf8-ranges.git"