dependabot-core 0.79.4 → 0.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/file_fetchers.rb +0 -2
- data/lib/dependabot/file_parsers.rb +0 -2
- data/lib/dependabot/file_updaters.rb +0 -2
- data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
- data/lib/dependabot/metadata_finders.rb +0 -2
- data/lib/dependabot/update_checkers.rb +0 -2
- data/lib/dependabot/utils.rb +0 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -20
- data/lib/dependabot/file_fetchers/dotnet/nuget.rb +0 -215
- data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +0 -51
- data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +0 -55
- data/lib/dependabot/file_parsers/dotnet/nuget.rb +0 -85
- data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +0 -65
- data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +0 -156
- data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +0 -131
- data/lib/dependabot/file_updaters/dotnet/nuget.rb +0 -151
- data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +0 -69
- data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +0 -78
- data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +0 -64
- data/lib/dependabot/metadata_finders/dotnet/nuget.rb +0 -116
- data/lib/dependabot/update_checkers/dotnet/nuget.rb +0 -127
- data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +0 -97
- data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +0 -232
- data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +0 -81
- data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +0 -231
- data/lib/dependabot/utils/dotnet/requirement.rb +0 -90
- data/lib/dependabot/utils/dotnet/version.rb +0 -22
@@ -1,151 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/file_updaters/base"
|
4
|
-
|
5
|
-
module Dependabot
|
6
|
-
module FileUpdaters
|
7
|
-
module Dotnet
|
8
|
-
class Nuget < Dependabot::FileUpdaters::Base
|
9
|
-
require_relative "nuget/packages_config_declaration_finder"
|
10
|
-
require_relative "nuget/project_file_declaration_finder"
|
11
|
-
require_relative "nuget/property_value_updater"
|
12
|
-
|
13
|
-
def self.updated_files_regex
|
14
|
-
[
|
15
|
-
%r{^[^/]*\.[a-z]{2}proj$},
|
16
|
-
/^packages\.config$/i
|
17
|
-
]
|
18
|
-
end
|
19
|
-
|
20
|
-
def updated_dependency_files
|
21
|
-
updated_files = dependency_files.dup
|
22
|
-
|
23
|
-
# Loop through each of the changed requirements, applying changes to
|
24
|
-
# all files for that change. Note that the logic is different here
|
25
|
-
# to other languages because donet has property inheritance across
|
26
|
-
# files
|
27
|
-
dependencies.each do |dependency|
|
28
|
-
updated_files = update_files_for_dependency(
|
29
|
-
files: updated_files,
|
30
|
-
dependency: dependency
|
31
|
-
)
|
32
|
-
end
|
33
|
-
|
34
|
-
updated_files.reject! { |f| dependency_files.include?(f) }
|
35
|
-
|
36
|
-
raise "No files changed!" if updated_files.none?
|
37
|
-
|
38
|
-
updated_files
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def project_files
|
44
|
-
dependency_files.select { |df| df.name.match?(/\.[a-z]{2}proj$/) }
|
45
|
-
end
|
46
|
-
|
47
|
-
def packages_config_files
|
48
|
-
dependency_files.select do |f|
|
49
|
-
f.name.split("/").last.casecmp("packages.config").zero?
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def check_required_files
|
54
|
-
return if project_files.any? || packages_config_files.any?
|
55
|
-
|
56
|
-
raise "No project file or packages.config!"
|
57
|
-
end
|
58
|
-
|
59
|
-
def update_files_for_dependency(files:, dependency:)
|
60
|
-
# The UpdateChecker ensures the order of requirements is preserved
|
61
|
-
# when updating, so we can zip them together in new/old pairs.
|
62
|
-
reqs = dependency.requirements.zip(dependency.previous_requirements).
|
63
|
-
reject { |new_req, old_req| new_req == old_req }
|
64
|
-
|
65
|
-
# Loop through each changed requirement and update the files
|
66
|
-
reqs.each do |new_req, old_req|
|
67
|
-
raise "Bad req match" unless new_req[:file] == old_req[:file]
|
68
|
-
next if new_req[:requirement] == old_req[:requirement]
|
69
|
-
|
70
|
-
file = files.find { |f| f.name == new_req.fetch(:file) }
|
71
|
-
|
72
|
-
files =
|
73
|
-
if new_req.dig(:metadata, :property_name)
|
74
|
-
update_property_value(files, file, new_req)
|
75
|
-
else
|
76
|
-
update_declaration(files, dependency, file, old_req, new_req)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
files
|
81
|
-
end
|
82
|
-
|
83
|
-
def update_property_value(files, file, req)
|
84
|
-
files = files.dup
|
85
|
-
property_name = req.fetch(:metadata).fetch(:property_name)
|
86
|
-
|
87
|
-
PropertyValueUpdater.
|
88
|
-
new(dependency_files: files).
|
89
|
-
update_files_for_property_change(
|
90
|
-
property_name: property_name,
|
91
|
-
updated_value: req.fetch(:requirement),
|
92
|
-
callsite_file: file
|
93
|
-
)
|
94
|
-
end
|
95
|
-
|
96
|
-
def update_declaration(files, dependency, file, old_req, new_req)
|
97
|
-
files = files.dup
|
98
|
-
|
99
|
-
updated_content = file.content
|
100
|
-
|
101
|
-
original_declarations(dependency, old_req).each do |old_dec|
|
102
|
-
updated_content = updated_content.gsub(
|
103
|
-
old_dec,
|
104
|
-
updated_declaration(old_dec, old_req, new_req)
|
105
|
-
)
|
106
|
-
end
|
107
|
-
|
108
|
-
raise "Expected content to change!" if updated_content == file.content
|
109
|
-
|
110
|
-
files[files.index(file)] =
|
111
|
-
updated_file(file: file, content: updated_content)
|
112
|
-
files
|
113
|
-
end
|
114
|
-
|
115
|
-
def original_declarations(dependency, requirement)
|
116
|
-
declaration_finder(dependency, requirement).declaration_strings
|
117
|
-
end
|
118
|
-
|
119
|
-
def declaration_finder(dependency, requirement)
|
120
|
-
@declaration_finders ||= {}
|
121
|
-
|
122
|
-
requirement_fn = requirement.fetch(:file)
|
123
|
-
@declaration_finders[dependency.hash + requirement.hash] ||=
|
124
|
-
if requirement_fn.split("/").last.casecmp("packages.config").zero?
|
125
|
-
PackagesConfigDeclarationFinder.new(
|
126
|
-
dependency_name: dependency.name,
|
127
|
-
declaring_requirement: requirement,
|
128
|
-
packages_config:
|
129
|
-
packages_config_files.find { |f| f.name == requirement_fn }
|
130
|
-
)
|
131
|
-
else
|
132
|
-
ProjectFileDeclarationFinder.new(
|
133
|
-
dependency_name: dependency.name,
|
134
|
-
declaring_requirement: requirement,
|
135
|
-
dependency_files: dependency_files
|
136
|
-
)
|
137
|
-
end
|
138
|
-
end
|
139
|
-
|
140
|
-
def updated_declaration(old_declaration, previous_req, requirement)
|
141
|
-
original_req_string = previous_req.fetch(:requirement)
|
142
|
-
|
143
|
-
old_declaration.gsub(
|
144
|
-
original_req_string,
|
145
|
-
requirement.fetch(:requirement)
|
146
|
-
)
|
147
|
-
end
|
148
|
-
end
|
149
|
-
end
|
150
|
-
end
|
151
|
-
end
|
@@ -1,69 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "nokogiri"
|
4
|
-
require "dependabot/file_updaters/dotnet/nuget"
|
5
|
-
|
6
|
-
module Dependabot
|
7
|
-
module FileUpdaters
|
8
|
-
module Dotnet
|
9
|
-
class Nuget
|
10
|
-
class PackagesConfigDeclarationFinder
|
11
|
-
DECLARATION_REGEX =
|
12
|
-
%r{<package [^>]*?/>|
|
13
|
-
<package [^>]*?[^/]>.*?</package>}mx.freeze
|
14
|
-
|
15
|
-
attr_reader :dependency_name, :declaring_requirement,
|
16
|
-
:packages_config
|
17
|
-
|
18
|
-
def initialize(dependency_name:, packages_config:,
|
19
|
-
declaring_requirement:)
|
20
|
-
@dependency_name = dependency_name
|
21
|
-
@packages_config = packages_config
|
22
|
-
@declaring_requirement = declaring_requirement
|
23
|
-
|
24
|
-
if declaring_requirement[:file].split("/").last.
|
25
|
-
casecmp("packages.config").zero?
|
26
|
-
return
|
27
|
-
end
|
28
|
-
|
29
|
-
raise "Requirement not from packages.config!"
|
30
|
-
end
|
31
|
-
|
32
|
-
def declaration_strings
|
33
|
-
@declaration_strings ||= fetch_declaration_strings
|
34
|
-
end
|
35
|
-
|
36
|
-
def declaration_nodes
|
37
|
-
declaration_strings.map do |declaration_string|
|
38
|
-
Nokogiri::XML(declaration_string)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
private
|
43
|
-
|
44
|
-
def fetch_declaration_strings
|
45
|
-
deep_find_declarations(packages_config.content).select do |nd|
|
46
|
-
node = Nokogiri::XML(nd)
|
47
|
-
node.remove_namespaces!
|
48
|
-
node = node.at_xpath("/package")
|
49
|
-
|
50
|
-
node_name = node.attribute("id")&.value&.strip ||
|
51
|
-
node.at_xpath("./id")&.content&.strip
|
52
|
-
next false unless node_name == dependency_name
|
53
|
-
|
54
|
-
node_requirement = node.attribute("version")&.value&.strip ||
|
55
|
-
node.at_xpath("./version")&.content&.strip
|
56
|
-
node_requirement == declaring_requirement.fetch(:requirement)
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
def deep_find_declarations(string)
|
61
|
-
string.scan(DECLARATION_REGEX).flat_map do |matching_node|
|
62
|
-
[matching_node, *deep_find_declarations(matching_node[0..-2])]
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "nokogiri"
|
4
|
-
require "dependabot/file_updaters/dotnet/nuget"
|
5
|
-
|
6
|
-
module Dependabot
|
7
|
-
module FileUpdaters
|
8
|
-
module Dotnet
|
9
|
-
class Nuget
|
10
|
-
class ProjectFileDeclarationFinder
|
11
|
-
DECLARATION_REGEX =
|
12
|
-
%r{
|
13
|
-
<PackageReference [^>]*?/>|
|
14
|
-
<PackageReference [^>]*?[^/]>.*?</PackageReference>|
|
15
|
-
<Dependency [^>]*?/>|
|
16
|
-
<Dependency [^>]*?[^/]>.*?</Dependency>|
|
17
|
-
<DevelopmentDependency [^>]*?/>|
|
18
|
-
<DevelopmentDependency [^>]*?[^/]>.*?</DevelopmentDependency>
|
19
|
-
}mx.freeze
|
20
|
-
|
21
|
-
attr_reader :dependency_name, :declaring_requirement,
|
22
|
-
:dependency_files
|
23
|
-
|
24
|
-
def initialize(dependency_name:, dependency_files:,
|
25
|
-
declaring_requirement:)
|
26
|
-
@dependency_name = dependency_name
|
27
|
-
@dependency_files = dependency_files
|
28
|
-
@declaring_requirement = declaring_requirement
|
29
|
-
end
|
30
|
-
|
31
|
-
def declaration_strings
|
32
|
-
@declaration_strings ||= fetch_declaration_strings
|
33
|
-
end
|
34
|
-
|
35
|
-
def declaration_nodes
|
36
|
-
declaration_strings.map do |declaration_string|
|
37
|
-
Nokogiri::XML(declaration_string)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def fetch_declaration_strings
|
44
|
-
deep_find_declarations(declaring_file.content).select do |nd|
|
45
|
-
node = Nokogiri::XML(nd)
|
46
|
-
node.remove_namespaces!
|
47
|
-
node = node.at_xpath("/PackageReference") ||
|
48
|
-
node.at_xpath("/Dependency") ||
|
49
|
-
node.at_xpath("/DevelopmentDependency")
|
50
|
-
|
51
|
-
node_name = node.attribute("Include")&.value&.strip ||
|
52
|
-
node.at_xpath("./Include")&.content&.strip
|
53
|
-
next false unless node_name == dependency_name
|
54
|
-
|
55
|
-
node_requirement = node.attribute("Version")&.value&.strip ||
|
56
|
-
node.at_xpath("./Version")&.content&.strip
|
57
|
-
node_requirement == declaring_requirement.fetch(:requirement)
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def deep_find_declarations(string)
|
62
|
-
string.scan(DECLARATION_REGEX).flat_map do |matching_node|
|
63
|
-
[matching_node, *deep_find_declarations(matching_node[0..-2])]
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
def declaring_file
|
68
|
-
filename = declaring_requirement.fetch(:file)
|
69
|
-
declaring_file = dependency_files.find { |f| f.name == filename }
|
70
|
-
return declaring_file if declaring_file
|
71
|
-
|
72
|
-
raise "No file found with name #{filename}!"
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "nokogiri"
|
4
|
-
|
5
|
-
require "dependabot/dependency_file"
|
6
|
-
require "dependabot/file_updaters/dotnet/nuget"
|
7
|
-
require "dependabot/file_parsers/dotnet/nuget/property_value_finder"
|
8
|
-
|
9
|
-
module Dependabot
|
10
|
-
module FileUpdaters
|
11
|
-
module Dotnet
|
12
|
-
class Nuget
|
13
|
-
class PropertyValueUpdater
|
14
|
-
def initialize(dependency_files:)
|
15
|
-
@dependency_files = dependency_files
|
16
|
-
end
|
17
|
-
|
18
|
-
def update_files_for_property_change(property_name:, updated_value:,
|
19
|
-
callsite_file:)
|
20
|
-
declaration_details =
|
21
|
-
property_value_finder.
|
22
|
-
property_details(
|
23
|
-
property_name: property_name,
|
24
|
-
callsite_file: callsite_file
|
25
|
-
)
|
26
|
-
|
27
|
-
declaration_file = dependency_files.find do |f|
|
28
|
-
declaration_details.fetch(:file) == f.name
|
29
|
-
end
|
30
|
-
node = declaration_details.fetch(:node)
|
31
|
-
|
32
|
-
updated_content = declaration_file.content.sub(
|
33
|
-
%r{<#{Regexp.quote(node.name)}>
|
34
|
-
\s*#{Regexp.quote(node.content)}\s*
|
35
|
-
</#{Regexp.quote(node.name)}>}xm,
|
36
|
-
"<#{node.name}>#{updated_value}</#{node.name}>"
|
37
|
-
)
|
38
|
-
|
39
|
-
files = dependency_files.dup
|
40
|
-
files[files.index(declaration_file)] =
|
41
|
-
update_file(file: declaration_file, content: updated_content)
|
42
|
-
files
|
43
|
-
end
|
44
|
-
|
45
|
-
private
|
46
|
-
|
47
|
-
attr_reader :dependency_files
|
48
|
-
|
49
|
-
def property_value_finder
|
50
|
-
@property_value_finder ||=
|
51
|
-
FileParsers::Dotnet::Nuget::PropertyValueFinder.
|
52
|
-
new(dependency_files: dependency_files)
|
53
|
-
end
|
54
|
-
|
55
|
-
def update_file(file:, content:)
|
56
|
-
updated_file = file.dup
|
57
|
-
updated_file.content = content
|
58
|
-
updated_file
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,116 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "nokogiri"
|
4
|
-
require "dependabot/metadata_finders/base"
|
5
|
-
|
6
|
-
module Dependabot
|
7
|
-
module MetadataFinders
|
8
|
-
module Dotnet
|
9
|
-
class Nuget < Dependabot::MetadataFinders::Base
|
10
|
-
private
|
11
|
-
|
12
|
-
def look_up_source
|
13
|
-
return Source.from_url(dependency_source_url) if dependency_source_url
|
14
|
-
|
15
|
-
look_up_source_in_nuspec(dependency_nuspec_file)
|
16
|
-
end
|
17
|
-
|
18
|
-
def look_up_source_in_nuspec(nuspec)
|
19
|
-
potential_source_urls = [
|
20
|
-
nuspec.at_css("package > metadata > repository")&.
|
21
|
-
attribute("url")&.value,
|
22
|
-
nuspec.at_css("package > metadata > repository > url")&.content,
|
23
|
-
nuspec.at_css("package > metadata > projectUrl")&.content,
|
24
|
-
nuspec.at_css("package > metadata > licenseUrl")&.content
|
25
|
-
].compact
|
26
|
-
|
27
|
-
source_url = potential_source_urls.find { |url| Source.from_url(url) }
|
28
|
-
source_url ||= source_from_anywhere_in_nuspec(nuspec)
|
29
|
-
|
30
|
-
Source.from_url(source_url)
|
31
|
-
end
|
32
|
-
|
33
|
-
def source_from_anywhere_in_nuspec(nuspec)
|
34
|
-
github_urls = []
|
35
|
-
nuspec.to_s.scan(Source::SOURCE_REGEX) do
|
36
|
-
github_urls << Regexp.last_match.to_s
|
37
|
-
end
|
38
|
-
|
39
|
-
github_urls.find do |url|
|
40
|
-
repo = Source.from_url(url).repo
|
41
|
-
repo.downcase.end_with?(dependency.name.downcase)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
def dependency_nuspec_file
|
46
|
-
return @dependency_nuspec_file unless @dependency_nuspec_file.nil?
|
47
|
-
|
48
|
-
response = Excon.get(
|
49
|
-
dependency_nuspec_url,
|
50
|
-
headers: auth_header,
|
51
|
-
idempotent: true,
|
52
|
-
**SharedHelpers.excon_defaults
|
53
|
-
)
|
54
|
-
|
55
|
-
@dependency_nuspec_file = Nokogiri::XML(response.body)
|
56
|
-
end
|
57
|
-
|
58
|
-
# rubocop:disable Metrics/AbcSize
|
59
|
-
def dependency_nuspec_url
|
60
|
-
source = dependency.requirements.
|
61
|
-
find { |r| r&.fetch(:source) }&.fetch(:source)
|
62
|
-
|
63
|
-
if source&.key?(:nuspec_url)
|
64
|
-
source.fetch(:nuspec_url) ||
|
65
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
66
|
-
"#{dependency.name.downcase}/#{dependency.version}/"\
|
67
|
-
"#{dependency.name.downcase}.nuspec"
|
68
|
-
elsif source&.key?(:nuspec_url)
|
69
|
-
source.fetch("nuspec_url") ||
|
70
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
71
|
-
"#{dependency.name.downcase}/#{dependency.version}/"\
|
72
|
-
"#{dependency.name.downcase}.nuspec"
|
73
|
-
else
|
74
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
75
|
-
"#{dependency.name.downcase}/#{dependency.version}/"\
|
76
|
-
"#{dependency.name.downcase}.nuspec"
|
77
|
-
end
|
78
|
-
end
|
79
|
-
# rubocop:enable Metrics/AbcSize
|
80
|
-
|
81
|
-
def dependency_source_url
|
82
|
-
source = dependency.requirements.
|
83
|
-
find { |r| r&.fetch(:source) }&.fetch(:source)
|
84
|
-
|
85
|
-
return unless source
|
86
|
-
return source.fetch(:source_url) if source.key?(:source_url)
|
87
|
-
|
88
|
-
source.fetch("source_url")
|
89
|
-
end
|
90
|
-
|
91
|
-
def auth_header
|
92
|
-
source = dependency.requirements.
|
93
|
-
find { |r| r&.fetch(:source) }&.fetch(:source)
|
94
|
-
url = source&.fetch(:url, nil) || source&.fetch("url")
|
95
|
-
|
96
|
-
token = credentials.
|
97
|
-
select { |cred| cred["type"] == "nuget_feed" }.
|
98
|
-
find { |cred| cred["url"] == url }&.
|
99
|
-
fetch("token", nil)
|
100
|
-
|
101
|
-
return {} unless token
|
102
|
-
|
103
|
-
if token.include?(":")
|
104
|
-
encoded_token = Base64.encode64(token).delete("\n")
|
105
|
-
{ "Authorization" => "Basic #{encoded_token}" }
|
106
|
-
elsif Base64.decode64(token).ascii_only? &&
|
107
|
-
Base64.decode64(token).include?(":")
|
108
|
-
{ "Authorization" => "Basic #{token.delete("\n")}" }
|
109
|
-
else
|
110
|
-
{ "Authorization" => "Bearer #{token}" }
|
111
|
-
end
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|