dependabot-gradle 0.154.0 → 0.154.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9e797cf7b48916cb0d1301a3854d5a0cc58f810ef0311fda78afc516cacf1baf
-  data.tar.gz: 93a1e961073e6edfa51dc84d3501beb8fe39691fb2ec3b368c9c84a35b9f58bd
+  metadata.gz: a51943ee967b61b41a536c53b347f70efb970c6c85f2ecd068334b5939f50401
+  data.tar.gz: 150d47e975e49d66c1b1c55712e572fb76673a6bfc5ab32da2bad519d32d2e3f
 SHA512:
-  metadata.gz: 2f7dc89ac326d724f66a221c54f826e7e1811cb674b69c26d3b7995489715b85b354ec6b7df0a9c299530ee3d10410809fa27cf2eae042ec7abc7aef43169a34
-  data.tar.gz: f00b17332abc3991582840f7464a1bc9b81ca20ed688ef4fb58b779717a5d40fab5c876f91e7b033d56928a3f9be112a9394f9a1bbd10d8139c5294019f91bda
+  metadata.gz: 37f43ffec65d7275bf39197a9b6e8a7ec0d4d0f8fd4c43fea0e25981634f4cd630990871c3039d34a4818b24f595c5e69cc454881cf40b8f660c58cfb0c1f9ac
+  data.tar.gz: 750583621270ebc8dcd80a3be4f39faa00346ca83c11f5aa7ed2ce1cf7b59b3a2101e6ec2fe93584a67dfd6da97781687c1dab6a4ef509949b10c632a15f3e5e

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -2,6 +2,7 @@
 
 require "nokogiri"
 require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/gradle/file_parser/repositories_finder"
 require "dependabot/gradle/update_checker"
 require "dependabot/gradle/version"
@@ -46,7 +47,8 @@ module Dependabot
           possible_versions = filter_prereleases(possible_versions)
           possible_versions = filter_date_based_versions(possible_versions)
           possible_versions = filter_version_types(possible_versions)
-          possible_versions = filter_vulnerable_versions(possible_versions)
+          possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
+                                                                                                    security_advisories)
           possible_versions = filter_ignored_versions(possible_versions)
           possible_versions = filter_lower_versions(possible_versions)
 
@@ -111,18 +113,6 @@ module Dependabot
           filtered
         end
 
-        def filter_vulnerable_versions(possible_versions)
-          versions_array = possible_versions
-
-          security_advisories.each do |advisory|
-            versions_array =
-              versions_array.
-              reject { |v| advisory.vulnerable?(v.fetch(:version)) }
-          end
-
-          versions_array
-        end
-
         def filter_lower_versions(possible_versions)
           return possible_versions unless dependency.version && version_class.correct?(dependency.version)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.154.0
+  version: 0.154.5
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-15 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.0
+        version: 0.154.5
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement