dependabot-core 0.79.4 → 0.80.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/dependabot/file_fetchers.rb +0 -2
- data/lib/dependabot/file_parsers.rb +0 -2
- data/lib/dependabot/file_updaters.rb +0 -2
- data/lib/dependabot/file_updaters/ruby/.DS_Store +0 -0
- data/lib/dependabot/metadata_finders.rb +0 -2
- data/lib/dependabot/update_checkers.rb +0 -2
- data/lib/dependabot/utils.rb +0 -4
- data/lib/dependabot/version.rb +1 -1
- metadata +2 -20
- data/lib/dependabot/file_fetchers/dotnet/nuget.rb +0 -215
- data/lib/dependabot/file_fetchers/dotnet/nuget/import_paths_finder.rb +0 -51
- data/lib/dependabot/file_fetchers/dotnet/nuget/sln_project_paths_finder.rb +0 -55
- data/lib/dependabot/file_parsers/dotnet/nuget.rb +0 -85
- data/lib/dependabot/file_parsers/dotnet/nuget/packages_config_parser.rb +0 -65
- data/lib/dependabot/file_parsers/dotnet/nuget/project_file_parser.rb +0 -156
- data/lib/dependabot/file_parsers/dotnet/nuget/property_value_finder.rb +0 -131
- data/lib/dependabot/file_updaters/dotnet/nuget.rb +0 -151
- data/lib/dependabot/file_updaters/dotnet/nuget/packages_config_declaration_finder.rb +0 -69
- data/lib/dependabot/file_updaters/dotnet/nuget/project_file_declaration_finder.rb +0 -78
- data/lib/dependabot/file_updaters/dotnet/nuget/property_value_updater.rb +0 -64
- data/lib/dependabot/metadata_finders/dotnet/nuget.rb +0 -116
- data/lib/dependabot/update_checkers/dotnet/nuget.rb +0 -127
- data/lib/dependabot/update_checkers/dotnet/nuget/property_updater.rb +0 -97
- data/lib/dependabot/update_checkers/dotnet/nuget/repository_finder.rb +0 -232
- data/lib/dependabot/update_checkers/dotnet/nuget/requirements_updater.rb +0 -81
- data/lib/dependabot/update_checkers/dotnet/nuget/version_finder.rb +0 -231
- data/lib/dependabot/utils/dotnet/requirement.rb +0 -90
- data/lib/dependabot/utils/dotnet/version.rb +0 -22
@@ -1,81 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
#######################################################################
|
4
|
-
# For more details on Dotnet version constraints, see: #
|
5
|
-
# https://docs.microsoft.com/en-us/nuget/reference/package-versioning #
|
6
|
-
#######################################################################
|
7
|
-
|
8
|
-
require "dependabot/update_checkers/dotnet/nuget"
|
9
|
-
require "dependabot/utils/dotnet/version"
|
10
|
-
|
11
|
-
module Dependabot
|
12
|
-
module UpdateCheckers
|
13
|
-
module Dotnet
|
14
|
-
class Nuget
|
15
|
-
class RequirementsUpdater
|
16
|
-
VERSION_REGEX = /[0-9a-zA-Z]+(?:\.[a-zA-Z0-9\-]+)*/.freeze
|
17
|
-
|
18
|
-
def initialize(requirements:, latest_version:, source_details:)
|
19
|
-
@requirements = requirements
|
20
|
-
@source_details = source_details
|
21
|
-
return unless latest_version
|
22
|
-
|
23
|
-
@latest_version = version_class.new(latest_version)
|
24
|
-
end
|
25
|
-
|
26
|
-
def updated_requirements
|
27
|
-
return requirements unless latest_version
|
28
|
-
|
29
|
-
# Note: Order is important here. The FileUpdater needs the updated
|
30
|
-
# requirement at index `i` to correspond to the previous requirement
|
31
|
-
# at the same index.
|
32
|
-
requirements.map do |req|
|
33
|
-
next req if req.fetch(:requirement).nil?
|
34
|
-
next req if req.fetch(:requirement).include?(",")
|
35
|
-
|
36
|
-
new_req =
|
37
|
-
if req.fetch(:requirement).include?("*")
|
38
|
-
update_wildcard_requirement(req.fetch(:requirement))
|
39
|
-
else
|
40
|
-
# Since range requirements are excluded by the line above we
|
41
|
-
# can just do a `gsub` on anything that looks like a version
|
42
|
-
req[:requirement].gsub(VERSION_REGEX, latest_version.to_s)
|
43
|
-
end
|
44
|
-
|
45
|
-
next req if new_req == req.fetch(:requirement)
|
46
|
-
|
47
|
-
req.merge(requirement: new_req, source: updated_source)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
private
|
52
|
-
|
53
|
-
attr_reader :requirements, :latest_version, :source_details
|
54
|
-
|
55
|
-
def version_class
|
56
|
-
Utils::Dotnet::Version
|
57
|
-
end
|
58
|
-
|
59
|
-
def update_wildcard_requirement(req_string)
|
60
|
-
precision = req_string.split("*").first.split(/\.|\-/).count
|
61
|
-
wilcard_section = req_string.partition(/(?=[.\-]\*)/).last
|
62
|
-
|
63
|
-
version_parts = latest_version.segments.first(precision)
|
64
|
-
version = version_parts.join(".")
|
65
|
-
|
66
|
-
version + wilcard_section
|
67
|
-
end
|
68
|
-
|
69
|
-
def updated_source
|
70
|
-
{
|
71
|
-
type: "nuget_repo",
|
72
|
-
url: source_details.fetch(:repo_url),
|
73
|
-
nuspec_url: source_details.fetch(:nuspec_url),
|
74
|
-
source_url: source_details.fetch(:source_url)
|
75
|
-
}
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
@@ -1,231 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "excon"
|
4
|
-
require "nokogiri"
|
5
|
-
|
6
|
-
require "dependabot/utils/dotnet/version"
|
7
|
-
require "dependabot/utils/dotnet/requirement"
|
8
|
-
require "dependabot/update_checkers/dotnet/nuget"
|
9
|
-
require "dependabot/shared_helpers"
|
10
|
-
|
11
|
-
module Dependabot
|
12
|
-
module UpdateCheckers
|
13
|
-
module Dotnet
|
14
|
-
class Nuget
|
15
|
-
class VersionFinder
|
16
|
-
require_relative "repository_finder"
|
17
|
-
|
18
|
-
def initialize(dependency:, dependency_files:, credentials:,
|
19
|
-
ignored_versions: [])
|
20
|
-
@dependency = dependency
|
21
|
-
@dependency_files = dependency_files
|
22
|
-
@credentials = credentials
|
23
|
-
@ignored_versions = ignored_versions
|
24
|
-
end
|
25
|
-
|
26
|
-
def latest_version_details
|
27
|
-
@latest_version_details ||=
|
28
|
-
begin
|
29
|
-
tmp_versions = versions
|
30
|
-
unless wants_prerelease?
|
31
|
-
tmp_versions.reject! { |d| d.fetch(:version).prerelease? }
|
32
|
-
end
|
33
|
-
tmp_versions.reject! do |hash|
|
34
|
-
ignore_reqs.any? { |r| r.satisfied_by?(hash.fetch(:version)) }
|
35
|
-
end
|
36
|
-
tmp_versions.max_by { |hash| hash.fetch(:version) }
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
def versions
|
41
|
-
available_v3_versions + available_v2_versions
|
42
|
-
end
|
43
|
-
|
44
|
-
attr_reader :dependency, :dependency_files, :credentials,
|
45
|
-
:ignored_versions
|
46
|
-
|
47
|
-
private
|
48
|
-
|
49
|
-
def available_v3_versions
|
50
|
-
v3_nuget_listings.flat_map do |listing|
|
51
|
-
listing.
|
52
|
-
fetch("versions", []).
|
53
|
-
map do |v|
|
54
|
-
nuspec_url =
|
55
|
-
listing.fetch("listing_details").
|
56
|
-
fetch(:versions_url).
|
57
|
-
gsub(/index\.json$/, "#{v}/#{sanitized_name}.nuspec")
|
58
|
-
|
59
|
-
{
|
60
|
-
version: version_class.new(v),
|
61
|
-
nuspec_url: nuspec_url,
|
62
|
-
source_url: nil,
|
63
|
-
repo_url:
|
64
|
-
listing.fetch("listing_details").fetch(:repository_url)
|
65
|
-
}
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
def available_v2_versions
|
71
|
-
v2_nuget_listings.flat_map do |listing|
|
72
|
-
body = listing.fetch("xml_body", [])
|
73
|
-
doc = Nokogiri::XML(body)
|
74
|
-
doc.remove_namespaces!
|
75
|
-
|
76
|
-
doc.xpath("/feed/entry").map do |entry|
|
77
|
-
listed = entry.at_xpath("./properties/Listed")&.content&.strip
|
78
|
-
next if listed&.casecmp("false")&.zero?
|
79
|
-
|
80
|
-
entry_details = dependency_details_from_v2_entry(entry)
|
81
|
-
entry_details.merge(
|
82
|
-
repo_url: listing.fetch("listing_details").
|
83
|
-
fetch(:repository_url)
|
84
|
-
)
|
85
|
-
end.compact
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
def dependency_details_from_v2_entry(entry)
|
90
|
-
version = entry.at_xpath("./properties/Version").content.strip
|
91
|
-
source_urls = []
|
92
|
-
[
|
93
|
-
entry.at_xpath("./properties/ProjectUrl").content,
|
94
|
-
entry.at_xpath("./properties/ReleaseNotes").content
|
95
|
-
].join(" ").scan(Source::SOURCE_REGEX) do
|
96
|
-
source_urls << Regexp.last_match.to_s
|
97
|
-
end
|
98
|
-
|
99
|
-
source_url = source_urls.find { |url| Source.from_url(url) }
|
100
|
-
source_url = Source.from_url(source_url)&.url if source_url
|
101
|
-
|
102
|
-
{
|
103
|
-
version: version_class.new(version),
|
104
|
-
nuspec_url: nil,
|
105
|
-
source_url: source_url
|
106
|
-
}
|
107
|
-
end
|
108
|
-
|
109
|
-
def wants_prerelease?
|
110
|
-
if dependency.version &&
|
111
|
-
version_class.correct?(dependency.version) &&
|
112
|
-
version_class.new(dependency.version).prerelease?
|
113
|
-
return true
|
114
|
-
end
|
115
|
-
|
116
|
-
dependency.requirements.any? do |req|
|
117
|
-
reqs = (req.fetch(:requirement) || "").split(",").map(&:strip)
|
118
|
-
reqs.any? { |r| r.include?("-") }
|
119
|
-
end
|
120
|
-
end
|
121
|
-
|
122
|
-
def v3_nuget_listings
|
123
|
-
return @v3_nuget_listings unless @v3_nuget_listings.nil?
|
124
|
-
|
125
|
-
dependency_urls.
|
126
|
-
select { |details| details.fetch(:repository_type) == "v3" }.
|
127
|
-
map do |url_details|
|
128
|
-
versions = versions_for_v3_repository(url_details)
|
129
|
-
next unless versions
|
130
|
-
|
131
|
-
{ "versions" => versions, "listing_details" => url_details }
|
132
|
-
end.compact
|
133
|
-
end
|
134
|
-
|
135
|
-
def v2_nuget_listings
|
136
|
-
return @v2_nuget_listings unless @v2_nuget_listings.nil?
|
137
|
-
|
138
|
-
dependency_urls.
|
139
|
-
select { |details| details.fetch(:repository_type) == "v2" }.
|
140
|
-
map do |url_details|
|
141
|
-
response = Excon.get(
|
142
|
-
url_details[:versions_url],
|
143
|
-
headers: url_details[:auth_header],
|
144
|
-
idempotent: true,
|
145
|
-
**excon_defaults
|
146
|
-
)
|
147
|
-
next unless response.status == 200
|
148
|
-
|
149
|
-
{
|
150
|
-
"xml_body" => response.body,
|
151
|
-
"listing_details" => url_details
|
152
|
-
}
|
153
|
-
end.compact
|
154
|
-
end
|
155
|
-
|
156
|
-
def versions_for_v3_repository(repository_details)
|
157
|
-
# If we have a search URL we use it (since it will exclude unlisted
|
158
|
-
# versions)
|
159
|
-
if repository_details[:search_url]
|
160
|
-
response = Excon.get(
|
161
|
-
repository_details[:search_url],
|
162
|
-
headers: repository_details[:auth_header],
|
163
|
-
idempotent: true,
|
164
|
-
**excon_defaults
|
165
|
-
)
|
166
|
-
return unless response.status == 200
|
167
|
-
|
168
|
-
JSON.parse(response.body).fetch("data").
|
169
|
-
find { |d| d.fetch("id").casecmp(sanitized_name).zero? }&.
|
170
|
-
fetch("versions")&.
|
171
|
-
map { |d| d.fetch("version") }
|
172
|
-
# Otherwise, use the versions URL
|
173
|
-
elsif repository_details[:versions_url]
|
174
|
-
response = Excon.get(
|
175
|
-
repository_details[:versions_url],
|
176
|
-
headers: repository_details[:auth_header],
|
177
|
-
idempotent: true,
|
178
|
-
**excon_defaults
|
179
|
-
)
|
180
|
-
return unless response.status == 200
|
181
|
-
|
182
|
-
JSON.parse(response.body).fetch("versions")
|
183
|
-
end
|
184
|
-
end
|
185
|
-
|
186
|
-
def dependency_urls
|
187
|
-
@dependency_urls ||=
|
188
|
-
RepositoryFinder.new(
|
189
|
-
dependency: dependency,
|
190
|
-
credentials: credentials,
|
191
|
-
config_file: nuget_config
|
192
|
-
).dependency_urls
|
193
|
-
end
|
194
|
-
|
195
|
-
def ignore_reqs
|
196
|
-
ignored_versions.map { |req| requirement_class.new(req.split(",")) }
|
197
|
-
end
|
198
|
-
|
199
|
-
def nuget_config
|
200
|
-
@nuget_config ||=
|
201
|
-
dependency_files.find { |f| f.name.casecmp("nuget.config").zero? }
|
202
|
-
end
|
203
|
-
|
204
|
-
def sanitized_name
|
205
|
-
dependency.name.downcase
|
206
|
-
end
|
207
|
-
|
208
|
-
def version_class
|
209
|
-
Utils::Dotnet::Version
|
210
|
-
end
|
211
|
-
|
212
|
-
def requirement_class
|
213
|
-
Utils::Dotnet::Requirement
|
214
|
-
end
|
215
|
-
|
216
|
-
def excon_defaults
|
217
|
-
# For large JSON files we sometimes need a little longer than for
|
218
|
-
# other languages. For example, see:
|
219
|
-
# https://dotnet.myget.org/F/aspnetcore-dev/api/v3/query?
|
220
|
-
# q=microsoft.aspnetcore.mvc&prerelease=true
|
221
|
-
SharedHelpers.excon_defaults.merge(
|
222
|
-
connect_timeout: 10,
|
223
|
-
write_timeout: 10,
|
224
|
-
read_timeout: 10
|
225
|
-
)
|
226
|
-
end
|
227
|
-
end
|
228
|
-
end
|
229
|
-
end
|
230
|
-
end
|
231
|
-
end
|
@@ -1,90 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require "dependabot/utils/dotnet/version"
|
4
|
-
|
5
|
-
# For details on .NET version constraints see:
|
6
|
-
# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
|
7
|
-
module Dependabot
|
8
|
-
module Utils
|
9
|
-
module Dotnet
|
10
|
-
class Requirement < Gem::Requirement
|
11
|
-
def self.parse(obj)
|
12
|
-
if obj.is_a?(Gem::Version)
|
13
|
-
return ["=", Utils::Dotnet::Version.new(obj.to_s)]
|
14
|
-
end
|
15
|
-
|
16
|
-
unless (matches = PATTERN.match(obj.to_s))
|
17
|
-
msg = "Illformed requirement [#{obj.inspect}]"
|
18
|
-
raise BadRequirementError, msg
|
19
|
-
end
|
20
|
-
|
21
|
-
return DefaultRequirement if matches[1] == ">=" && matches[2] == "0"
|
22
|
-
|
23
|
-
[matches[1] || "=", Utils::Dotnet::Version.new(matches[2])]
|
24
|
-
end
|
25
|
-
|
26
|
-
# For consistency with other langauges, we define a requirements array.
|
27
|
-
# Dotnet doesn't have an `OR` separator for requirements, so it always
|
28
|
-
# contains a single element.
|
29
|
-
def self.requirements_array(requirement_string)
|
30
|
-
[new(requirement_string)]
|
31
|
-
end
|
32
|
-
|
33
|
-
def initialize(*requirements)
|
34
|
-
requirements = requirements.flatten.flat_map do |req_string|
|
35
|
-
convert_dotnet_constraint_to_ruby_constraint(req_string)
|
36
|
-
end
|
37
|
-
|
38
|
-
super(requirements)
|
39
|
-
end
|
40
|
-
|
41
|
-
def satisfied_by?(version)
|
42
|
-
version = Utils::Dotnet::Version.new(version.to_s)
|
43
|
-
super
|
44
|
-
end
|
45
|
-
|
46
|
-
private
|
47
|
-
|
48
|
-
def convert_dotnet_constraint_to_ruby_constraint(req_string)
|
49
|
-
return unless req_string
|
50
|
-
|
51
|
-
if req_string&.start_with?("(", "[")
|
52
|
-
return convert_dotnet_range_to_ruby_range(req_string)
|
53
|
-
end
|
54
|
-
|
55
|
-
return req_string.split(",").map(&:strip) if req_string.include?(",")
|
56
|
-
return req_string unless req_string.include?("*")
|
57
|
-
|
58
|
-
convert_wildcard_req(req_string)
|
59
|
-
end
|
60
|
-
|
61
|
-
def convert_dotnet_range_to_ruby_range(req_string)
|
62
|
-
lower_b, upper_b = req_string.split(",").map(&:strip)
|
63
|
-
|
64
|
-
lower_b =
|
65
|
-
if ["(", "["].include?(lower_b) then nil
|
66
|
-
elsif lower_b.start_with?("(") then "> #{lower_b.sub(/\(\s*/, '')}"
|
67
|
-
else ">= #{lower_b.sub(/\[\s*/, '').strip}"
|
68
|
-
end
|
69
|
-
|
70
|
-
upper_b =
|
71
|
-
if [")", "]"].include?(upper_b) then nil
|
72
|
-
elsif upper_b.end_with?(")") then "< #{upper_b.sub(/\s*\)/, '')}"
|
73
|
-
else "<= #{upper_b.sub(/\s*\]/, '').strip}"
|
74
|
-
end
|
75
|
-
|
76
|
-
[lower_b, upper_b].compact
|
77
|
-
end
|
78
|
-
|
79
|
-
def convert_wildcard_req(req_string)
|
80
|
-
return ">= 0" if req_string.start_with?("*")
|
81
|
-
|
82
|
-
defined_part = req_string.split("*").first
|
83
|
-
suffix = defined_part.end_with?(".") ? "0" : "a"
|
84
|
-
version = defined_part + suffix
|
85
|
-
"~> #{version}"
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|
90
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Dotnet pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
|
4
|
-
# converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
|
5
|
-
# alteration.
|
6
|
-
|
7
|
-
module Dependabot
|
8
|
-
module Utils
|
9
|
-
module Dotnet
|
10
|
-
class Version < Gem::Version
|
11
|
-
def initialize(version)
|
12
|
-
@version_string = version.to_s
|
13
|
-
super
|
14
|
-
end
|
15
|
-
|
16
|
-
def to_s
|
17
|
-
@version_string
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|