dependabot-gradle 0.154.1 → 0.155.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d7a204af7e4f5c4e8ec69f047506a525c3122bd27d54457054d8b058fb62cd6
-  data.tar.gz: e4d549f9501b3ab96d9bba086e8361108b44e7c792e6f53a68c639f1d44e562c
+  metadata.gz: f701fadda2b24f4190b6bd8c0488bc268f929d1e3e1eb55856da873eee877e21
+  data.tar.gz: a0b0576996d344169f4fcf3e76340b4490232ff05dcc29e953b30a902a9412f3
 SHA512:
-  metadata.gz: c2fb7638aa1b2b7f337df9fbdf960e1efd505cb4054329731fc83f8cf9be0f65fc612bf866f4b1ef3d6ff338a622a4ed007f468c1dcb5028130789418bc3bf16
-  data.tar.gz: f28bcd6f83c26e571d55319226bf68655b49bd33f22d800104874abc291516b556769b2bf592c3c2ee0eebbc06fe63a638d1bd6235c5a9bab8cdaaaed266cdbd
+  metadata.gz: 0ce1f4d2d5ce814c5c7cf91519824044df90acbf78994071c7a8e0da2a04f0d70673b4954433de892bf275fb4d5432682042fa11f5b106eb68d6607a028822d1
+  data.tar.gz: 132b62bb9dcd7474201ed522ef520e72a10b0fa7cb1f4e850db5196035bc43b740d585b6e66a3365c5a594afb42eef6db7b1e10d069e96db871aa047c296b783

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -2,6 +2,7 @@
 
 require "nokogiri"
 require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/gradle/file_parser/repositories_finder"
 require "dependabot/gradle/update_checker"
 require "dependabot/gradle/version"
@@ -46,7 +47,8 @@ module Dependabot
           possible_versions = filter_prereleases(possible_versions)
           possible_versions = filter_date_based_versions(possible_versions)
           possible_versions = filter_version_types(possible_versions)
-          possible_versions = filter_vulnerable_versions(possible_versions)
+          possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
+                                                                                                    security_advisories)
           possible_versions = filter_ignored_versions(possible_versions)
           possible_versions = filter_lower_versions(possible_versions)
 
@@ -111,18 +113,6 @@ module Dependabot
           filtered
         end
 
-        def filter_vulnerable_versions(possible_versions)
-          versions_array = possible_versions
-
-          security_advisories.each do |advisory|
-            versions_array =
-              versions_array.
-              reject { |v| advisory.vulnerable?(v.fetch(:version)) }
-          end
-
-          versions_array
-        end
-
         def filter_lower_versions(possible_versions)
           return possible_versions unless dependency.version && version_class.correct?(dependency.version)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.154.1
+  version: 0.155.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-16 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.1
+        version: 0.155.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement