diff --git a/bundler/lib/dependabot/bundler/update_checker/latest_version_finder.rb b/bundler/lib/dependabot/bundler/update_checker/latest_version_finder.rb index 932302dabb9..76396e8d11a 100644 --- a/bundler/lib/dependabot/bundler/update_checker/latest_version_finder.rb +++ b/bundler/lib/dependabot/bundler/update_checker/latest_version_finder.rb @@ -81,18 +81,17 @@ def filter_ignored_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && Gem::Version.correct?(dependency.version) + return versions_array unless dependency.numeric_version versions_array. - select { |version| version > Gem::Version.new(dependency.version) } + select { |version| version > dependency.numeric_version } end def wants_prerelease? @wants_prerelease ||= begin - current_version = dependency.version - if current_version && Gem::Version.correct?(current_version) && - Gem::Version.new(current_version).prerelease? + current_version = dependency.numeric_version + if current_version&.prerelease? true else dependency.requirements.any? do |req| diff --git a/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb b/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb index 0924e95090c..e31e0786be2 100644 --- a/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb +++ b/cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb @@ -68,10 +68,10 @@ def filter_ignored_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless dependency.numeric_version versions_array. - select { |version| version > version_class.new(dependency.version) } + select { |version| version > dependency.numeric_version } end def available_versions @@ -89,10 +89,7 @@ def crates_listing end def wants_prerelease? - if dependency.version && - version_class.new(dependency.version).prerelease? - return true - end + return true if dependency.numeric_version&.prerelease? dependency.requirements.any? do |req| reqs = (req.fetch(:requirement) || "").split(",").map(&:strip) diff --git a/common/lib/dependabot/dependency.rb b/common/lib/dependabot/dependency.rb index 8a1d78cb79d..be4f97bcf61 100644 --- a/common/lib/dependabot/dependency.rb +++ b/common/lib/dependabot/dependency.rb @@ -67,6 +67,10 @@ def removed? @removed end + def numeric_version + @numeric_version ||= version_class.new(version) if version && version_class.correct?(version) + end + def to_h { "name" => name, @@ -136,6 +140,10 @@ def eql?(other) private + def version_class + Utils.version_class_for_package_manager(package_manager) + end + def check_values raise ArgumentError, "blank strings must not be provided as versions" if [version, previous_version].any?("") diff --git a/common/lib/dependabot/git_commit_checker.rb b/common/lib/dependabot/git_commit_checker.rb index ddf41354470..6c9c007ed87 100644 --- a/common/lib/dependabot/git_commit_checker.rb +++ b/common/lib/dependabot/git_commit_checker.rb @@ -23,14 +23,11 @@ class GitCommitChecker def initialize(dependency:, credentials:, ignored_versions: [], raise_on_ignored: false, - requirement_class: nil, version_class: nil, consider_version_branches_pinned: false) @dependency = dependency @credentials = credentials @ignored_versions = ignored_versions @raise_on_ignored = raise_on_ignored - @requirement_class = requirement_class - @version_class = version_class @consider_version_branches_pinned = consider_version_branches_pinned end @@ -141,8 +138,6 @@ def filter_lower_versions(tags) end def local_tag_for_pinned_version - return unless pinned? - ref = dependency_source_details.fetch(:ref) tags = local_tags.select { |t| t.commit_sha == ref && version_class.correct?(t.name) }. sort_by { |t| version_class.new(t.name) } @@ -443,15 +438,11 @@ def scan_version(name) end def version_class - return @version_class if @version_class - - Utils.version_class_for_package_manager(dependency.package_manager) + @version_class ||= Utils.version_class_for_package_manager(dependency.package_manager) end def requirement_class - return @requirement_class if @requirement_class - - Utils.requirement_class_for_package_manager(dependency.package_manager) + @requirement_class ||= Utils.requirement_class_for_package_manager(dependency.package_manager) end def local_repo_git_metadata_fetcher diff --git a/common/lib/dependabot/update_checkers/base.rb b/common/lib/dependabot/update_checkers/base.rb index a1632b8fd10..8a3603083a8 100644 --- a/common/lib/dependabot/update_checkers/base.rb +++ b/common/lib/dependabot/update_checkers/base.rb @@ -137,8 +137,7 @@ def vulnerable? # Can't (currently) detect whether git dependencies are vulnerable return false if existing_version_is_sha? - version = version_class.new(dependency.version) - security_advisories.any? { |a| a.vulnerable?(version) } + security_advisories.any? { |a| a.vulnerable?(current_version) } end def ignore_requirements @@ -235,7 +234,7 @@ def numeric_version_up_to_date? # this case we treat the version as up-to-date so that it's ignored. return true if latest_version.to_s.match?(/^[0-9a-f]{40}$/) - latest_version <= version_class.new(dependency.version) + latest_version <= current_version end def numeric_version_can_update?(requirements_to_unlock:) @@ -244,7 +243,7 @@ def numeric_version_can_update?(requirements_to_unlock:) case requirements_to_unlock&.to_sym when :none new_version = latest_resolvable_version_with_no_unlock - new_version && new_version > version_class.new(dependency.version) + new_version && new_version > current_version when :own preferred_version_resolvable_with_unlock? when :all @@ -259,7 +258,7 @@ def preferred_version_resolvable_with_unlock? if existing_version_is_sha? return false if new_version.to_s.start_with?(dependency.version) - elsif new_version <= version_class.new(dependency.version) + elsif new_version <= current_version return false end @@ -275,6 +274,10 @@ def requirements_up_to_date? changed_requirements.none? end + def current_version + @current_version ||= dependency.numeric_version + end + def can_compare_requirements? version_from_requirements && latest_version && diff --git a/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb b/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb index ff78a89799c..916bb3a2364 100644 --- a/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb +++ b/composer/lib/dependabot/composer/update_checker/latest_version_finder.rb @@ -73,15 +73,15 @@ def filter_ignored_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless dependency.numeric_version versions_array. - select { |version| version > version_class.new(dependency.version) } + select { |version| version > dependency.numeric_version } end def wants_prerelease? - current_version = dependency.version - return true if current_version && version_class.new(current_version).prerelease? + current_version = dependency.numeric_version + return true if current_version&.prerelease? dependency.requirements.any? do |req| req[:requirement].match?(/\d-[A-Za-z]/) diff --git a/elm/lib/dependabot/elm/update_checker.rb b/elm/lib/dependabot/elm/update_checker.rb index d7c838d0e18..a1c902c975e 100644 --- a/elm/lib/dependabot/elm/update_checker.rb +++ b/elm/lib/dependabot/elm/update_checker.rb @@ -87,10 +87,10 @@ def candidate_versions end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless current_version versions_array. - select { |version| version > version_class.new(dependency.version) } + select { |version| version > current_version } end def all_versions diff --git a/github_actions/lib/dependabot/github_actions/update_checker.rb b/github_actions/lib/dependabot/github_actions/update_checker.rb index e1974fe9114..362e79fa1ec 100644 --- a/github_actions/lib/dependabot/github_actions/update_checker.rb +++ b/github_actions/lib/dependabot/github_actions/update_checker.rb @@ -65,7 +65,7 @@ def fetch_latest_version_for_git_dependency # we want to update that tag. if git_commit_checker.pinned_ref_looks_like_version? && latest_version_tag latest_version = latest_version_tag.fetch(:version) - return version_class.new(dependency.version) if shortened_semver_eq?(dependency.version, latest_version.to_s) + return current_version if shortened_semver_eq?(dependency.version, latest_version.to_s) return latest_version end diff --git a/go_modules/lib/dependabot/go_modules/update_checker.rb b/go_modules/lib/dependabot/go_modules/update_checker.rb index 60e2cebdfff..5ad2e1ef9f9 100644 --- a/go_modules/lib/dependabot/go_modules/update_checker.rb +++ b/go_modules/lib/dependabot/go_modules/update_checker.rb @@ -21,7 +21,7 @@ def latest_resolvable_version unless dependency.top_level? return unless dependency.version - return version_class.new(dependency.version) + return current_version end latest_version_finder.latest_version @@ -40,7 +40,7 @@ def lowest_resolvable_security_fix_version unless dependency.top_level? return unless dependency.version - return version_class.new(dependency.version) + return current_version end lowest_security_fix_version diff --git a/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb b/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb index 2426a11c90b..3235bb6f98b 100644 --- a/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb +++ b/go_modules/lib/dependabot/go_modules/update_checker/latest_version_finder.rb @@ -143,10 +143,10 @@ def filter_prerelease_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless dependency.numeric_version versions_array. - select { |version| version > version_class.new(dependency.version) } + select { |version| version > dependency.numeric_version } end def filter_ignored_versions(versions_array) @@ -162,9 +162,8 @@ def filter_ignored_versions(versions_array) def wants_prerelease? @wants_prerelease ||= begin - current_version = dependency.version - current_version && version_class.correct?(current_version) && - version_class.new(current_version).prerelease? + current_version = dependency.numeric_version + current_version&.prerelease? end end diff --git a/gradle/lib/dependabot/gradle/update_checker/version_finder.rb b/gradle/lib/dependabot/gradle/update_checker/version_finder.rb index 3691d513f3e..e1f31f78433 100644 --- a/gradle/lib/dependabot/gradle/update_checker/version_finder.rb +++ b/gradle/lib/dependabot/gradle/update_checker/version_finder.rb @@ -112,25 +112,23 @@ def filter_ignored_versions(possible_versions) end def filter_lower_versions(possible_versions) - return possible_versions unless dependency.version && version_class.correct?(dependency.version) + return possible_versions unless dependency.numeric_version possible_versions.select do |v| - v.fetch(:version) > version_class.new(dependency.version) + v.fetch(:version) > dependency.numeric_version end end def wants_prerelease? - return false unless dependency.version - return false unless version_class.correct?(dependency.version) + return false unless dependency.numeric_version - version_class.new(dependency.version).prerelease? + dependency.numeric_version.prerelease? end def wants_date_based_version? - return false unless dependency.version - return false unless version_class.correct?(dependency.version) + return false unless dependency.numeric_version - version_class.new(dependency.version) >= version_class.new(100) + dependency.numeric_version >= version_class.new(100) end def google_version_details diff --git a/hex/lib/dependabot/hex/update_checker.rb b/hex/lib/dependabot/hex/update_checker.rb index 5814a01b121..18ddddfbd57 100644 --- a/hex/lib/dependabot/hex/update_checker.rb +++ b/hex/lib/dependabot/hex/update_checker.rb @@ -231,7 +231,7 @@ def latest_release_from_hex_registry # rubocop:enable Metrics/PerceivedComplexity def filter_lower_versions(versions_array) - return versions_array unless current_version && version_class.correct?(current_version) + return versions_array unless current_version versions_array.select do |version| version > current_version @@ -251,12 +251,6 @@ def hex_registry_response nil end - def current_version - return unless dependency.version && version_class.correct?(dependency.version) - - version_class.new(dependency.version) - end - def wants_prerelease? return true if current_version&.prerelease? diff --git a/maven/lib/dependabot/maven/update_checker/version_finder.rb b/maven/lib/dependabot/maven/update_checker/version_finder.rb index b7a07b093de..efd34d0ac70 100644 --- a/maven/lib/dependabot/maven/update_checker/version_finder.rb +++ b/maven/lib/dependabot/maven/update_checker/version_finder.rb @@ -113,25 +113,23 @@ def filter_ignored_versions(possible_versions) end def filter_lower_versions(possible_versions) - return possible_versions unless dependency.version && version_class.correct?(dependency.version) + return possible_versions unless dependency.numeric_version possible_versions.select do |v| - v.fetch(:version) > version_class.new(dependency.version) + v.fetch(:version) > dependency.numeric_version end end def wants_prerelease? - return false unless dependency.version - return false unless version_class.correct?(dependency.version) + return false unless dependency.numeric_version - version_class.new(dependency.version).prerelease? + dependency.numeric_version.prerelease? end def wants_date_based_version? - return false unless dependency.version - return false unless version_class.correct?(dependency.version) + return false unless dependency.numeric_version - version_class.new(dependency.version) >= version_class.new(100) + dependency.numeric_version >= version_class.new(100) end def released?(version) diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb index 6b86c2cab4a..7b259f1431a 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker.rb @@ -22,7 +22,7 @@ def up_to_date? dependency.version && version_class.correct?(dependency.version) && vulnerable_versions.any? && - !vulnerable_versions.include?(version_class.new(dependency.version)) + !vulnerable_versions.include?(current_version) super end diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb index d985aebb1c6..b291b63a3b4 100644 --- a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb +++ b/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb @@ -130,10 +130,10 @@ def filter_out_of_range_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless dependency.numeric_version versions_array. - select { |version, _| version > version_class.new(dependency.version) } + select { |version, _| version > dependency.numeric_version } end def version_from_dist_tags @@ -159,13 +159,10 @@ def version_from_dist_tags wants_latest_dist_tag?(latest) ? latest : nil end - # rubocop:disable Metrics/PerceivedComplexity def related_to_current_pre?(version) - current_version = dependency.version - if current_version && - version_class.correct?(current_version) && - version_class.new(current_version).prerelease? && - version_class.new(current_version).release == version.release + current_version = dependency.numeric_version + if current_version&.prerelease? && + current_version&.release == version.release return true end @@ -181,7 +178,6 @@ def related_to_current_pre?(version) false end end - # rubocop:enable Metrics/PerceivedComplexity def specified_dist_tag_requirement? dependency.requirements.any? do |req| @@ -204,10 +200,9 @@ def wants_latest_dist_tag?(latest_version) end def current_version_greater_than?(version) - return false unless dependency.version - return false unless version_class.correct?(dependency.version) + return false unless dependency.numeric_version - version_class.new(dependency.version) > version + dependency.numeric_version > version end def current_requirement_greater_than?(version) diff --git a/nuget/lib/dependabot/nuget/update_checker/version_finder.rb b/nuget/lib/dependabot/nuget/update_checker/version_finder.rb index 7c4df7e11f4..dd6e53c04ac 100644 --- a/nuget/lib/dependabot/nuget/update_checker/version_finder.rb +++ b/nuget/lib/dependabot/nuget/update_checker/version_finder.rb @@ -88,10 +88,10 @@ def filter_ignored_versions(possible_versions) end def filter_lower_versions(possible_versions) - return possible_versions unless dependency.version && version_class.correct?(dependency.version) + return possible_versions unless dependency.numeric_version possible_versions.select do |v| - v.fetch(:version) > version_class.new(dependency.version) + v.fetch(:version) > dependency.numeric_version end end @@ -162,11 +162,9 @@ def dependency_details_from_v2_entry(entry) # rubocop:disable Metrics/PerceivedComplexity def related_to_current_pre?(version) - current_version = dependency.version - if current_version && - version_class.correct?(current_version) && - version_class.new(current_version).prerelease? && - version_class.new(current_version).release == version.release + current_version = dependency.numeric_version + if current_version&.prerelease? && + current_version&.release == version.release return true end diff --git a/python/lib/dependabot/python/update_checker/latest_version_finder.rb b/python/lib/dependabot/python/update_checker/latest_version_finder.rb index 40aa389f864..7fe46618793 100644 --- a/python/lib/dependabot/python/update_checker/latest_version_finder.rb +++ b/python/lib/dependabot/python/update_checker/latest_version_finder.rb @@ -112,9 +112,9 @@ def filter_ignored_versions(versions_array) end def filter_lower_versions(versions_array) - return versions_array unless dependency.version && version_class.correct?(dependency.version) + return versions_array unless dependency.numeric_version - versions_array.select { |version| version > version_class.new(dependency.version) } + versions_array.select { |version| version > dependency.numeric_version } end def filter_out_of_range_versions(versions_array) diff --git a/terraform/lib/dependabot/terraform/update_checker.rb b/terraform/lib/dependabot/terraform/update_checker.rb index fa1d634ea88..304d4f6b0a0 100644 --- a/terraform/lib/dependabot/terraform/update_checker.rb +++ b/terraform/lib/dependabot/terraform/update_checker.rb @@ -45,14 +45,6 @@ def requirements_unlocked_or_can_be? !proxy_requirement? end - def requirement_class - Requirement - end - - def version_class - Version - end - private def latest_version_resolvable_with_full_unlock? @@ -194,9 +186,7 @@ def git_commit_checker dependency: dependency, credentials: credentials, ignored_versions: ignored_versions, - raise_on_ignored: raise_on_ignored, - requirement_class: Requirement, - version_class: Version + raise_on_ignored: raise_on_ignored ) end