dependabot-core 0.79.4 → 0.80.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/dependabot/file_fetchers.rb +0 -2
  4. data/lib/dependabot/file_parsers.rb +0 -2
  5. data/lib/dependabot/file_updaters.rb +0 -2
  6. data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
  7. data/lib/dependabot/metadata_finders.rb +0 -2
  8. data/lib/dependabot/update_checkers.rb +0 -2
  9. data/lib/dependabot/utils.rb +0 -4
  10. data/lib/dependabot/version.rb +1 -1
  11. metadata +2 -20
  12. data/lib/dependabot/file_fetchers/dotnet/nuget.rb +0 -215
  13. data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +0 -51
  14. data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +0 -55
  15. data/lib/dependabot/file_parsers/dotnet/nuget.rb +0 -85
  16. data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +0 -65
  17. data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +0 -156
  18. data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +0 -131
  19. data/lib/dependabot/file_updaters/dotnet/nuget.rb +0 -151
  20. data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +0 -69
  21. data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +0 -78
  22. data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +0 -64
  23. data/lib/dependabot/metadata_finders/dotnet/nuget.rb +0 -116
  24. data/lib/dependabot/update_checkers/dotnet/nuget.rb +0 -127
  25. data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +0 -97
  26. data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +0 -232
  27. data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +0 -81
  28. data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +0 -231
  29. data/lib/dependabot/utils/dotnet/requirement.rb +0 -90
  30. data/lib/dependabot/utils/dotnet/version.rb +0 -22
data/lib/dependabot/file_updaters/dotnet/nuget.rb DELETED
@@ -1,151 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "dependabot/file_updaters/base"
4
-
5
- module Dependabot
6
- module FileUpdaters
7
- module Dotnet
8
- class Nuget < Dependabot::FileUpdaters::Base
9
- require_relative "nuget/packages_config_declaration_finder"
10
- require_relative "nuget/project_file_declaration_finder"
11
- require_relative "nuget/property_value_updater"
12
-
13
- def self.updated_files_regex
14
- [
15
- %r{^[^/]*\.[a-z]{2}proj$},
16
- /^packages\.config$/i
17
- ]
18
- end
19
-
20
- def updated_dependency_files
21
- updated_files = dependency_files.dup
22
-
23
- # Loop through each of the changed requirements, applying changes to
24
- # all files for that change. Note that the logic is different here
25
- # to other languages because donet has property inheritance across
26
- # files
27
- dependencies.each do |dependency|
28
- updated_files = update_files_for_dependency(
29
- files: updated_files,
30
- dependency: dependency
31
- )
32
- end
33
-
34
- updated_files.reject! { |f| dependency_files.include?(f) }
35
-
36
- raise "No files changed!" if updated_files.none?
37
-
38
- updated_files
39
- end
40
-
41
- private
42
-
43
- def project_files
44
- dependency_files.select { |df| df.name.match?(/\.[a-z]{2}proj$/) }
45
- end
46
-
47
- def packages_config_files
48
- dependency_files.select do |f|
49
- f.name.split("/").last.casecmp("packages.config").zero?
50
- end
51
- end
52
-
53
- def check_required_files
54
- return if project_files.any? || packages_config_files.any?
55
-
56
- raise "No project file or packages.config!"
57
- end
58
-
59
- def update_files_for_dependency(files:, dependency:)
60
- # The UpdateChecker ensures the order of requirements is preserved
61
- # when updating, so we can zip them together in new/old pairs.
62
- reqs = dependency.requirements.zip(dependency.previous_requirements).
63
- reject { |new_req, old_req| new_req == old_req }
64
-
65
- # Loop through each changed requirement and update the files
66
- reqs.each do |new_req, old_req|
67
- raise "Bad req match" unless new_req[:file] == old_req[:file]
68
- next if new_req[:requirement] == old_req[:requirement]
69
-
70
- file = files.find { |f| f.name == new_req.fetch(:file) }
71
-
72
- files =
73
- if new_req.dig(:metadata, :property_name)
74
- update_property_value(files, file, new_req)
75
- else
76
- update_declaration(files, dependency, file, old_req, new_req)
77
- end
78
- end
79
-
80
- files
81
- end
82
-
83
- def update_property_value(files, file, req)
84
- files = files.dup
85
- property_name = req.fetch(:metadata).fetch(:property_name)
86
-
87
- PropertyValueUpdater.
88
- new(dependency_files: files).
89
- update_files_for_property_change(
90
- property_name: property_name,
91
- updated_value: req.fetch(:requirement),
92
- callsite_file: file
93
- )
94
- end
95
-
96
- def update_declaration(files, dependency, file, old_req, new_req)
97
- files = files.dup
98
-
99
- updated_content = file.content
100
-
101
- original_declarations(dependency, old_req).each do |old_dec|
102
- updated_content = updated_content.gsub(
103
- old_dec,
104
- updated_declaration(old_dec, old_req, new_req)
105
- )
106
- end
107
-
108
- raise "Expected content to change!" if updated_content == file.content
109
-
110
- files[files.index(file)] =
111
- updated_file(file: file, content: updated_content)
112
- files
113
- end
114
-
115
- def original_declarations(dependency, requirement)
116
- declaration_finder(dependency, requirement).declaration_strings
117
- end
118
-
119
- def declaration_finder(dependency, requirement)
120
- @declaration_finders ||= {}
121
-
122
- requirement_fn = requirement.fetch(:file)
123
- @declaration_finders[dependency.hash + requirement.hash] ||=
124
- if requirement_fn.split("/").last.casecmp("packages.config").zero?
125
- PackagesConfigDeclarationFinder.new(
126
- dependency_name: dependency.name,
127
- declaring_requirement: requirement,
128
- packages_config:
129
- packages_config_files.find { |f| f.name == requirement_fn }
130
- )
131
- else
132
- ProjectFileDeclarationFinder.new(
133
- dependency_name: dependency.name,
134
- declaring_requirement: requirement,
135
- dependency_files: dependency_files
136
- )
137
- end
138
- end
139
-
140
- def updated_declaration(old_declaration, previous_req, requirement)
141
- original_req_string = previous_req.fetch(:requirement)
142
-
143
- old_declaration.gsub(
144
- original_req_string,
145
- requirement.fetch(:requirement)
146
- )
147
- end
148
- end
149
- end
150
- end
151
- end
data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb DELETED
@@ -1,69 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
- require "dependabot/file_updaters/dotnet/nuget"
5
-
6
- module Dependabot
7
- module FileUpdaters
8
- module Dotnet
9
- class Nuget
10
- class PackagesConfigDeclarationFinder
11
- DECLARATION_REGEX =
12
- %r{<package [^>]*?/>|
13
- <package [^>]*?[^/]>.*?</package>}mx.freeze
14
-
15
- attr_reader :dependency_name, :declaring_requirement,
16
- :packages_config
17
-
18
- def initialize(dependency_name:, packages_config:,
19
- declaring_requirement:)
20
- @dependency_name = dependency_name
21
- @packages_config = packages_config
22
- @declaring_requirement = declaring_requirement
23
-
24
- if declaring_requirement[:file].split("/").last.
25
- casecmp("packages.config").zero?
26
- return
27
- end
28
-
29
- raise "Requirement not from packages.config!"
30
- end
31
-
32
- def declaration_strings
33
- @declaration_strings ||= fetch_declaration_strings
34
- end
35
-
36
- def declaration_nodes
37
- declaration_strings.map do |declaration_string|
38
- Nokogiri::XML(declaration_string)
39
- end
40
- end
41
-
42
- private
43
-
44
- def fetch_declaration_strings
45
- deep_find_declarations(packages_config.content).select do |nd|
46
- node = Nokogiri::XML(nd)
47
- node.remove_namespaces!
48
- node = node.at_xpath("/package")
49
-
50
- node_name = node.attribute("id")&.value&.strip ||
51
- node.at_xpath("./id")&.content&.strip
52
- next false unless node_name == dependency_name
53
-
54
- node_requirement = node.attribute("version")&.value&.strip ||
55
- node.at_xpath("./version")&.content&.strip
56
- node_requirement == declaring_requirement.fetch(:requirement)
57
- end
58
- end
59
-
60
- def deep_find_declarations(string)
61
- string.scan(DECLARATION_REGEX).flat_map do |matching_node|
62
- [matching_node, *deep_find_declarations(matching_node[0..-2])]
63
- end
64
- end
65
- end
66
- end
67
- end
68
- end
69
- end
data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb DELETED
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
- require "dependabot/file_updaters/dotnet/nuget"
5
-
6
- module Dependabot
7
- module FileUpdaters
8
- module Dotnet
9
- class Nuget
10
- class ProjectFileDeclarationFinder
11
- DECLARATION_REGEX =
12
- %r{
13
- <PackageReference [^>]*?/>|
14
- <PackageReference [^>]*?[^/]>.*?</PackageReference>|
15
- <Dependency [^>]*?/>|
16
- <Dependency [^>]*?[^/]>.*?</Dependency>|
17
- <DevelopmentDependency [^>]*?/>|
18
- <DevelopmentDependency [^>]*?[^/]>.*?</DevelopmentDependency>
19
- }mx.freeze
20
-
21
- attr_reader :dependency_name, :declaring_requirement,
22
- :dependency_files
23
-
24
- def initialize(dependency_name:, dependency_files:,
25
- declaring_requirement:)
26
- @dependency_name = dependency_name
27
- @dependency_files = dependency_files
28
- @declaring_requirement = declaring_requirement
29
- end
30
-
31
- def declaration_strings
32
- @declaration_strings ||= fetch_declaration_strings
33
- end
34
-
35
- def declaration_nodes
36
- declaration_strings.map do |declaration_string|
37
- Nokogiri::XML(declaration_string)
38
- end
39
- end
40
-
41
- private
42
-
43
- def fetch_declaration_strings
44
- deep_find_declarations(declaring_file.content).select do |nd|
45
- node = Nokogiri::XML(nd)
46
- node.remove_namespaces!
47
- node = node.at_xpath("/PackageReference") ||
48
- node.at_xpath("/Dependency") ||
49
- node.at_xpath("/DevelopmentDependency")
50
-
51
- node_name = node.attribute("Include")&.value&.strip ||
52
- node.at_xpath("./Include")&.content&.strip
53
- next false unless node_name == dependency_name
54
-
55
- node_requirement = node.attribute("Version")&.value&.strip ||
56
- node.at_xpath("./Version")&.content&.strip
57
- node_requirement == declaring_requirement.fetch(:requirement)
58
- end
59
- end
60
-
61
- def deep_find_declarations(string)
62
- string.scan(DECLARATION_REGEX).flat_map do |matching_node|
63
- [matching_node, *deep_find_declarations(matching_node[0..-2])]
64
- end
65
- end
66
-
67
- def declaring_file
68
- filename = declaring_requirement.fetch(:file)
69
- declaring_file = dependency_files.find { |f| f.name == filename }
70
- return declaring_file if declaring_file
71
-
72
- raise "No file found with name #{filename}!"
73
- end
74
- end
75
- end
76
- end
77
- end
78
- end
data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb DELETED
@@ -1,64 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
-
5
- require "dependabot/dependency_file"
6
- require "dependabot/file_updaters/dotnet/nuget"
7
- require "dependabot/file_parsers/dotnet/nuget/property_value_finder"
8
-
9
- module Dependabot
10
- module FileUpdaters
11
- module Dotnet
12
- class Nuget
13
- class PropertyValueUpdater
14
- def initialize(dependency_files:)
15
- @dependency_files = dependency_files
16
- end
17
-
18
- def update_files_for_property_change(property_name:, updated_value:,
19
- callsite_file:)
20
- declaration_details =
21
- property_value_finder.
22
- property_details(
23
- property_name: property_name,
24
- callsite_file: callsite_file
25
- )
26
-
27
- declaration_file = dependency_files.find do |f|
28
- declaration_details.fetch(:file) == f.name
29
- end
30
- node = declaration_details.fetch(:node)
31
-
32
- updated_content = declaration_file.content.sub(
33
- %r{<#{Regexp.quote(node.name)}>
34
- \s*#{Regexp.quote(node.content)}\s*
35
- </#{Regexp.quote(node.name)}>}xm,
36
- "<#{node.name}>#{updated_value}</#{node.name}>"
37
- )
38
-
39
- files = dependency_files.dup
40
- files[files.index(declaration_file)] =
41
- update_file(file: declaration_file, content: updated_content)
42
- files
43
- end
44
-
45
- private
46
-
47
- attr_reader :dependency_files
48
-
49
- def property_value_finder
50
- @property_value_finder ||=
51
- FileParsers::Dotnet::Nuget::PropertyValueFinder.
52
- new(dependency_files: dependency_files)
53
- end
54
-
55
- def update_file(file:, content:)
56
- updated_file = file.dup
57
- updated_file.content = content
58
- updated_file
59
- end
60
- end
61
- end
62
- end
63
- end
64
- end
data/lib/dependabot/metadata_finders/dotnet/nuget.rb DELETED
@@ -1,116 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "nokogiri"
4
- require "dependabot/metadata_finders/base"
5
-
6
- module Dependabot
7
- module MetadataFinders
8
- module Dotnet
9
- class Nuget < Dependabot::MetadataFinders::Base
10
- private
11
-
12
- def look_up_source
13
- return Source.from_url(dependency_source_url) if dependency_source_url
14
-
15
- look_up_source_in_nuspec(dependency_nuspec_file)
16
- end
17
-
18
- def look_up_source_in_nuspec(nuspec)
19
- potential_source_urls = [
20
- nuspec.at_css("package > metadata > repository")&.
21
- attribute("url")&.value,
22
- nuspec.at_css("package > metadata > repository > url")&.content,
23
- nuspec.at_css("package > metadata > projectUrl")&.content,
24
- nuspec.at_css("package > metadata > licenseUrl")&.content
25
- ].compact
26
-
27
- source_url = potential_source_urls.find { |url| Source.from_url(url) }
28
- source_url ||= source_from_anywhere_in_nuspec(nuspec)
29
-
30
- Source.from_url(source_url)
31
- end
32
-
33
- def source_from_anywhere_in_nuspec(nuspec)
34
- github_urls = []
35
- nuspec.to_s.scan(Source::SOURCE_REGEX) do
36
- github_urls << Regexp.last_match.to_s
37
- end
38
-
39
- github_urls.find do |url|
40
- repo = Source.from_url(url).repo
41
- repo.downcase.end_with?(dependency.name.downcase)
42
- end
43
- end
44
-
45
- def dependency_nuspec_file
46
- return @dependency_nuspec_file unless @dependency_nuspec_file.nil?
47
-
48
- response = Excon.get(
49
- dependency_nuspec_url,
50
- headers: auth_header,
51
- idempotent: true,
52
- **SharedHelpers.excon_defaults
53
- )
54
-
55
- @dependency_nuspec_file = Nokogiri::XML(response.body)
56
- end
57
-
58
- # rubocop:disable Metrics/AbcSize
59
- def dependency_nuspec_url
60
- source = dependency.requirements.
61
- find { |r| r&.fetch(:source) }&.fetch(:source)
62
-
63
- if source&.key?(:nuspec_url)
64
- source.fetch(:nuspec_url) ||
65
- "https://api.nuget.org/v3-flatcontainer/"\
66
- "#{dependency.name.downcase}/#{dependency.version}/"\
67
- "#{dependency.name.downcase}.nuspec"
68
- elsif source&.key?(:nuspec_url)
69
- source.fetch("nuspec_url") ||
70
- "https://api.nuget.org/v3-flatcontainer/"\
71
- "#{dependency.name.downcase}/#{dependency.version}/"\
72
- "#{dependency.name.downcase}.nuspec"
73
- else
74
- "https://api.nuget.org/v3-flatcontainer/"\
75
- "#{dependency.name.downcase}/#{dependency.version}/"\
76
- "#{dependency.name.downcase}.nuspec"
77
- end
78
- end
79
- # rubocop:enable Metrics/AbcSize
80
-
81
- def dependency_source_url
82
- source = dependency.requirements.
83
- find { |r| r&.fetch(:source) }&.fetch(:source)
84
-
85
- return unless source
86
- return source.fetch(:source_url) if source.key?(:source_url)
87
-
88
- source.fetch("source_url")
89
- end
90
-
91
- def auth_header
92
- source = dependency.requirements.
93
- find { |r| r&.fetch(:source) }&.fetch(:source)
94
- url = source&.fetch(:url, nil) || source&.fetch("url")
95
-
96
- token = credentials.
97
- select { |cred| cred["type"] == "nuget_feed" }.
98
- find { |cred| cred["url"] == url }&.
99
- fetch("token", nil)
100
-
101
- return {} unless token
102
-
103
- if token.include?(":")
104
- encoded_token = Base64.encode64(token).delete("\n")
105
- { "Authorization" => "Basic #{encoded_token}" }
106
- elsif Base64.decode64(token).ascii_only? &&
107
- Base64.decode64(token).include?(":")
108
- { "Authorization" => "Basic #{token.delete("\n")}" }
109
- else
110
- { "Authorization" => "Bearer #{token}" }
111
- end
112
- end
113
- end
114
- end
115
- end
116
- end