update filters to support release array

Author: kbukum1

bun/lib/dependabot/bun/update_checker/latest_version_finder.rb

@@ -123,10 +123,14 @@ def fetch_latest_version_with_no_unlock(language_version: nil)
           end
         end
 
-        sig { override.params(versions: T::Array[Dependabot::Version]).returns(T::Array[Dependabot::Version]) }
-        def apply_post_fetch_latest_versions_filter(versions)
-          original_count = versions.count
-          filtered_versions = lazy_filter_yanked_versions_by_min_max(versions, check_max: true)
+        sig do
+          override
+            .params(releases: T::Array[Dependabot::Package::PackageRelease])
+            .returns(T::Array[Dependabot::Package::PackageRelease])
+        end
+        def apply_post_fetch_latest_versions_filter(releases)
+          original_count = releases.count
+          filtered_versions = lazy_filter_yanked_versions_by_min_max(releases, check_max: true)
 
           # Log the filter if any versions were removed
           if original_count > filtered_versions.count
@@ -141,26 +145,30 @@ def apply_post_fetch_latest_versions_filter(versions)
 
         sig do
           params(
-            versions: T::Array[Dependabot::Version],
+            releases: T::Array[Dependabot::Package::PackageRelease],
             check_max: T::Boolean
-          ).returns(T::Array[Dependabot::Version])
+          ).returns(T::Array[Dependabot::Package::PackageRelease])
         end
-        def lazy_filter_yanked_versions_by_min_max(versions, check_max: true)
+        def lazy_filter_yanked_versions_by_min_max(releases, check_max: true)
           # Sort the versions based on the check_max flag (max -> descending, min -> ascending)
-          sorted_versions = check_max ? versions.sort.reverse : versions.sort
+          sorted_releases = if check_max
+                              releases.sort_by(&:version).reverse
+                            else
+                              releases.sort_by(&:version)
+                            end
 
           filtered_versions = []
 
           not_yanked = T.let(false, T::Boolean)
 
           # Iterate through the sorted versions lazily, filtering out yanked versions
-          sorted_versions.each do |version|
-            next if !not_yanked && yanked_version?(version)
+          sorted_releases.each do |release|
+            next if !not_yanked && yanked_version?(release.version)
 
             not_yanked = true
 
             # Once we find a valid (non-yanked) version, add it to the filtered list
-            filtered_versions << version
+            filtered_versions << release
             break
           end
 

bundler/lib/dependabot/bundler/update_checker/latest_version_finder.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "excon"
@@ -20,6 +20,33 @@ class UpdateChecker
       class LatestVersionFinder < Dependabot::Package::PackageLatestVersionFinder
         extend T::Sig
 
+        sig do
+          params(
+            dependency: Dependabot::Dependency,
+            dependency_files: T::Array[Dependabot::DependencyFile],
+            credentials: T::Array[Dependabot::Credential],
+            ignored_versions: T::Array[String],
+            security_advisories: T::Array[Dependabot::SecurityAdvisory],
+            cooldown_options: T.nilable(Dependabot::Package::ReleaseCooldownOptions),
+            raise_on_ignored: T::Boolean,
+            options: T::Hash[Symbol, T.untyped]
+          ).void
+        end
+        def initialize(
+          dependency:,
+          dependency_files:,
+          credentials:,
+          ignored_versions:,
+          security_advisories:,
+          cooldown_options: nil,
+          raise_on_ignored: false,
+          options: {}
+        )
+          @package_details = T.let(nil, T.nilable(Dependabot::Package::PackageDetails))
+          @latest_version_details = T.let(nil, T.nilable(T::Hash[Symbol, T.untyped]))
+          super
+        end
+
         sig { override.returns(T.nilable(Dependabot::Package::PackageDetails)) }
         def package_details
           @package_details ||= Package::PackageDetailsFetcher.new(
@@ -29,6 +56,7 @@ def package_details
           ).fetch
         end
 
+        sig { returns(T.nilable(T::Hash[Symbol, T.untyped])) }
         def latest_version_details
           @latest_version_details ||= if cooldown_enabled?
                                         latest_version = fetch_latest_version(language_version: nil)
@@ -57,20 +85,28 @@ def available_versions
 
         private
 
+        sig { returns(T.nilable(T::Hash[Symbol, Dependabot::Version])) }
         def fetch_latest_version_details
           return dependency_source.latest_git_version_details if dependency_source.git?
 
-          relevant_versions = dependency_source.versions
+          relevant_versions = available_versions || []
           relevant_versions = filter_prerelease_versions(relevant_versions)
           relevant_versions = filter_ignored_versions(relevant_versions)
 
-          relevant_versions.empty? ? nil : { version: relevant_versions.max }
+          return if relevant_versions.empty?
+
+          release = relevant_versions.max_by(&:version)
+
+          return if release.nil?
+
+          { version: release.version }
         end
 
-        def fetch_lowest_security_fix_version(*)
+        sig { returns(T.nilable(Dependabot::Version)) }
+        def fetch_lowest_security_fix_version
           return if dependency_source.git?
 
-          relevant_versions = dependency_source.versions
+          relevant_versions = available_versions || []
           relevant_versions = filter_prerelease_versions(relevant_versions)
           relevant_versions = Dependabot::UpdateCheckers::VersionFilters
                               .filter_vulnerable_versions(
@@ -80,7 +116,7 @@ def fetch_lowest_security_fix_version(*)
           relevant_versions = filter_ignored_versions(relevant_versions)
           relevant_versions = filter_lower_versions(relevant_versions)
 
-          relevant_versions.min
+          relevant_versions.min_by(&:version)&.version
         end
 
         sig { returns(T::Boolean) }
@@ -99,7 +135,7 @@ def wants_prerelease?
           )
         end
 
-        # sig { returns(DependencySource) }
+        sig { returns(DependencySource) }
         def dependency_source
           @dependency_source ||= T.let(
             DependencySource.new(

cargo/lib/dependabot/cargo/update_checker/latest_version_finder.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 
 require "excon"
@@ -26,12 +26,20 @@ def package_details
           ).fetch
         end
 
-        def latest_version
-          @latest_version ||= fetch_latest_version
+        sig do
+          override.params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+                  .returns(T.nilable(Dependabot::Version))
+        end
+        def latest_version(language_version: nil)
+          @latest_version ||= fetch_latest_version(language_version: language_version)
         end
 
-        def lowest_security_fix_version
-          @lowest_security_fix_version ||= fetch_lowest_security_fix_version(language_version: nil)
+        sig do
+          override.params(language_version: T.nilable(T.any(String, Dependabot::Version)))
+                  .returns(T.nilable(Dependabot::Version))
+        end
+        def lowest_security_fix_version(language_version: nil)
+          @lowest_security_fix_version ||= fetch_lowest_security_fix_version(language_version: language_version)
         end
 
         protected
@@ -53,14 +61,23 @@ def cooldown_enabled?
 
         private
 
+        sig { returns(Dependabot::Dependency) }
         attr_reader :dependency
+        sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
+        sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
+        sig { returns(T::Array[String]) }
         attr_reader :ignored_versions
+        sig { returns(T::Array[Dependabot::SecurityAdvisory]) }
         attr_reader :security_advisories
 
-        def apply_post_fetch_lowest_security_fix_versions_filter(versions)
-          filter_prerelease_versions(versions)
+        sig do
+          override.params(releases: T::Array[Dependabot::Package::PackageRelease])
+                  .returns(T::Array[Dependabot::Package::PackageRelease])
+        end
+        def apply_post_fetch_lowest_security_fix_versions_filter(releases)
+          filter_prerelease_versions(releases)
         end
       end
     end