dependabot-gradle 0.154.3 → 0.154.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1c9afd41a5cbb71977609ac6ad2a4c2720e32dc9f42782ae1e82b2f836e8f95a
-  data.tar.gz: f82994aff7945af26e5ef3def9a8df8547075397cd8480992bf11426c95aafba
+  metadata.gz: cc9f486314f8313cf206b17d5c3addccdb99ffd3ece80425d142fae5b5c17c62
+  data.tar.gz: 8ef59daa428e83d4dd56d8e93670e6579a10b0934bc88fb0d54c190f1325719d
 SHA512:
-  metadata.gz: 8dc4a9414529c013d28f6119bb305644cbc505b8bd5aa770a6d3ebc98381730082053cef7b309075504554d6ce64a75b62c5ef0012fae49d8cc43073b9bdc483
-  data.tar.gz: 1e8bf3ab302267049c9919f2af40eafbfe3b4b2830fa30373829b2d1243a71554cf473775ea6e8b98d7305cc1931070b8be7473f3f4cb0e5fe8d7de7336f8995
+  metadata.gz: 0b29dc5312a2741d0e3525919e72c155126d543cdb221a55be7596f5f5470335eca03a32aef376821f328167e8cb3f518b6ede743b55feca1920bf47ac1def57
+  data.tar.gz: fabc6120c4bb22e86bc3205324e76e9be97bb20dfcb9f37d3cb071042541874b2e727fe3360d04225449cc46dc0888fb516d45e301b2a5d6050bb5d5e081530b

data/lib/dependabot/gradle/update_checker/version_finder.rb

@@ -2,6 +2,7 @@
 
 require "nokogiri"
 require "dependabot/shared_helpers"
+require "dependabot/update_checkers/version_filters"
 require "dependabot/gradle/file_parser/repositories_finder"
 require "dependabot/gradle/update_checker"
 require "dependabot/gradle/version"
@@ -46,7 +47,8 @@ module Dependabot
           possible_versions = filter_prereleases(possible_versions)
           possible_versions = filter_date_based_versions(possible_versions)
           possible_versions = filter_version_types(possible_versions)
-          possible_versions = filter_vulnerable_versions(possible_versions)
+          possible_versions = Dependabot::UpdateCheckers::VersionFilters.filter_vulnerable_versions(possible_versions,
+                                                                                                    security_advisories)
           possible_versions = filter_ignored_versions(possible_versions)
           possible_versions = filter_lower_versions(possible_versions)
 
@@ -111,18 +113,6 @@ module Dependabot
           filtered
         end
 
-        def filter_vulnerable_versions(possible_versions)
-          versions_array = possible_versions
-
-          security_advisories.each do |advisory|
-            versions_array =
-              versions_array.
-              reject { |v| advisory.vulnerable?(v.fetch(:version)) }
-          end
-
-          versions_array
-        end
-
         def filter_lower_versions(possible_versions)
           return possible_versions unless dependency.version && version_class.correct?(dependency.version)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-gradle
 version: !ruby/object:Gem::Version
-  version: 0.154.3
+  version: 0.154.4
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-21 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
 - !ruby/object:Gem::Dependency
   name: dependabot-maven
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.154.3
+        version: 0.154.4
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement