dependabot-gradle 0.153.0 → 0.154.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0a6b75daa78cb5631eeffa41d26c44980a17a62a481d2245b8fe0005f7b9ead
-  data.tar.gz: efef6c045c863c203ec756a5ea52503d0808eba2dacb13a7bf9ff18b7205544e
+  metadata.gz: cc9f486314f8313cf206b17d5c3addccdb99ffd3ece80425d142fae5b5c17c62
+  data.tar.gz: 8ef59daa428e83d4dd56d8e93670e6579a10b0934bc88fb0d54c190f1325719d
 SHA512:
-  metadata.gz: 747a7009e9a8f11c817510401b9190dabb28b3e2ffc1108eb59583fda0baa2a6b611b7a1dde069480e720adc6d86e6649bfd9834cc9ad3fb20749451ee2ffbbd
-  data.tar.gz: 988dd2329afc4e439dfe82dc79aba6f6bdade4be09b9cd05f6f5022e1c48d049d1af124721056839c25731b5672bee0a69f842d0135970e404ab1094228d1b3c
+  metadata.gz: 0b29dc5312a2741d0e3525919e72c155126d543cdb221a55be7596f5f5470335eca03a32aef376821f328167e8cb3f518b6ede743b55feca1920bf47ac1def57
+  data.tar.gz: fabc6120c4bb22e86bc3205324e76e9be97bb20dfcb9f37d3cb071042541874b2e727fe3360d04225449cc46dc0888fb516d45e301b2a5d6050bb5d5e081530b

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -2,6 +2,7 @@
 
 require "nokogiri"
 require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/gradle/file_parser/repositories_finder"
 require "dependabot/gradle/update_checker"
 require "dependabot/gradle/version"
@@ -46,7 +47,8 @@ module Dependabot
           possible_versions = filter_prereleases(possible_versions)
           possible_versions = filter_date_based_versions(possible_versions)
           possible_versions = filter_version_types(possible_versions)
-          possible_versions = filter_vulnerable_versions(possible_versions)
+          possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
+                                                                                                    security_advisories)
           possible_versions = filter_ignored_versions(possible_versions)
           possible_versions = filter_lower_versions(possible_versions)
 
@@ -111,18 +113,6 @@ module Dependabot
           filtered
         end
 
-        def filter_vulnerable_versions(possible_versions)
-          versions_array = possible_versions
-
-          security_advisories.each do |advisory|
-            versions_array =
-              versions_array.
-              reject { |v| advisory.vulnerable?(v.fetch(:version)) }
-          end
-
-          versions_array
-        end
-
         def filter_lower_versions(possible_versions)
           return possible_versions unless dependency.version && version_class.correct?(dependency.version)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.153.0
+  version: 0.154.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-14 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.4
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.153.0
+        version: 0.154.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement