dependabot-gradle 0.154.2 → 0.155.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a9d61e3ff9517310fc93777af09fe2ebece50e47bcfe79a937de2cde9c70bfe
-  data.tar.gz: 49c3a2e251bc7fd0e2307e7665bf8567fee2ef2e1659d8005cb72c2e50a91d69
+  metadata.gz: 9f30b1977a87032782f9de1d461223489db8f69e9b95bb223212de4461313dee
+  data.tar.gz: 7d95b8531b7de7c09e6d9b9f997e2c0657039e77455746bc200bb63d2ab9b8f0
 SHA512:
-  metadata.gz: 7e2a657d068b6bb976b94bca2864bd648f01cf5d3ad37cff4b9d1ce3eb48021f78e0659967ef77e22f880f34046ef2d0719defc4377fb3a86f294b7d4d6b2c52
-  data.tar.gz: bc8aa89c9e0e5c76fb9916d6154704400ec06c1255ed7e1902d8b11faebe64384a6fcb3f3449dd5aab19e79ecddfa7e8800b1feb82638612eb9d9ba5bd33719e
+  metadata.gz: 13e84b8f8dc17242a81a0c58505169fc477d3ca38b0dd416c5533e8bbf55add18419ab177f3830308b7186e82d016d732bd0d72960146ff6a00e73268beae8c6
+  data.tar.gz: 9be41f09c2afc05f307b4a350be7c1fde369217fce47c5a162cd04788f91cf993e5334b4e757d13ee699a260cee721436469fc4995c61df4efa21782547294e8

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -2,6 +2,7 @@
 
 require "nokogiri"
 require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/gradle/file_parser/repositories_finder"
 require "dependabot/gradle/update_checker"
 require "dependabot/gradle/version"
@@ -46,7 +47,8 @@ module Dependabot
           possible_versions = filter_prereleases(possible_versions)
           possible_versions = filter_date_based_versions(possible_versions)
           possible_versions = filter_version_types(possible_versions)
-          possible_versions = filter_vulnerable_versions(possible_versions)
+          possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
+                                                                                                    security_advisories)
           possible_versions = filter_ignored_versions(possible_versions)
           possible_versions = filter_lower_versions(possible_versions)
 
@@ -111,18 +113,6 @@ module Dependabot
           filtered
         end
 
-        def filter_vulnerable_versions(possible_versions)
-          versions_array = possible_versions
-
-          security_advisories.each do |advisory|
-            versions_array =
-              versions_array.
-              reject { |v| advisory.vulnerable?(v.fetch(:version)) }
-          end
-
-          versions_array
-        end
-
         def filter_lower_versions(possible_versions)
           return possible_versions unless dependency.version && version_class.correct?(dependency.version)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.154.2
+  version: 0.155.1
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-17 00:00:00.000000000 Z
+date: 2021-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.155.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.155.1
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.155.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.2
+        version: 0.155.1
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement