dependabot-nuget 0.111.35 → 0.111.36

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd4cbd0ba1fc0f54682ca4f6d282b43511155167d15e427225048478e64799ea
-  data.tar.gz: cd88c1769dadf9cd62f6a05d719178be343bb01122dcdf3f89956824ddf127a0
+  metadata.gz: f16ae47a3670b1551bd50ae80988ee35f440335e15a8a1942bb86f14caffeb4d
+  data.tar.gz: f029c8c5044f20fc6bc530d3c08c8e289389a344b2c8de1eda7648beb38702b4
 SHA512:
-  metadata.gz: e4bc44215d93b7f7293bbdcdcf8d482f35d4a3596ca4d763e8c78a343635f3eef697002fd8c8b2f9cd64071331ed2de2d680b18d3eaf2f9c7b331abb56d0966e
-  data.tar.gz: 64887728a63d2429489d4888b8078ffc73dbcfbddb5396d859a4b26d6f928e8ef9bdbf3fe49421491189af3c50be1b6234e894219fd1857a35eae5c887f06b2c
+  metadata.gz: b646d2c58d0b005e15dfdd7109be97bd9bdaf36ffdd194b5ca8320f22b675ce76dd787b2e16a29312e4a91292246c39fef3a64f8d1c3c4b925bd04944d221943
+  data.tar.gz: 0cc61846f5359bc57fc88f928c04e20873217d9a9972c29e7e3af9b906d4407a9f7429ef98661fb7e4431aab0a361ce718006c3d34e326c486825d77cde16363

data/lib/dependabot/nuget/file_fetcher.rb

@@ -30,7 +30,7 @@ module Dependabot
         fetched_files += imported_property_files
 
         fetched_files += packages_config_files
-        fetched_files << nuget_config if nuget_config
+        fetched_files += nuget_config_files
         fetched_files << global_json if global_json
 
         fetched_files = fetched_files.uniq
@@ -197,14 +197,19 @@ module Dependabot
           end
       end
 
-      def nuget_config
-        @nuget_config ||=
-          begin
-            file = repo_contents.
+      def nuget_config_files
+        return @nuget_config_files if @nuget_config_files
+
+        candidate_paths =
+          [*project_files.map { |f| File.dirname(f.name) }, "."].uniq
+
+        @nuget_config_files ||=
+          candidate_paths.map do |dir|
+            file = repo_contents(dir: dir).
                    find { |f| f.name.casecmp("nuget.config").zero? }
-            file = fetch_file_from_host(file.name) if file
+            file = fetch_file_from_host(File.join(dir, file.name)) if file
             file&.tap { |f| f.support_file = true }
-          end
+          end.compact
       end
 
       def global_json

data/lib/dependabot/nuget/file_parser.rb

@@ -75,11 +75,12 @@ module Dependabot
         dependency_files -
           project_files -
           packages_config_files -
-          [nuget_config, global_json]
+          nuget_configs -
+          [global_json]
       end
 
-      def nuget_config
-        dependency_files.find { |f| f.name.casecmp("nuget.config").zero? }
+      def nuget_configs
+        dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
       end
 
       def global_json

data/lib/dependabot/nuget/update_checker/repository_finder.rb

@@ -12,10 +12,10 @@ module Dependabot
       class RepositoryFinder
         DEFAULT_REPOSITORY_URL = "https://api.nuget.org/v3/index.json"
 
-        def initialize(dependency:, credentials:, config_file: nil)
+        def initialize(dependency:, credentials:, config_files: [])
           @dependency  = dependency
           @credentials = credentials
-          @config_file = config_file
+          @config_files = config_files
         end
 
         def dependency_urls
@@ -24,7 +24,7 @@ module Dependabot
 
         private
 
-        attr_reader :dependency, :credentials, :config_file
+        attr_reader :dependency, :credentials, :config_files
 
         def find_dependency_urls
           @find_dependency_urls ||=
@@ -143,10 +143,11 @@ module Dependabot
             map { |c| { url: c.fetch("url"), token: c["token"] } }
         end
 
-        # rubocop:disable Metrics/AbcSize
         def config_file_repositories
-          return [] unless config_file
+          config_files.flat_map { |file| repos_from_config_file(file) }
+        end
 
+        def repos_from_config_file(config_file)
           doc = Nokogiri::XML(config_file.content)
           doc.remove_namespaces!
           sources =
@@ -173,7 +174,6 @@ module Dependabot
 
           sources
         end
-        # rubocop:enable Metrics/AbcSize
 
         def default_repository_details
           {

data/lib/dependabot/nuget/update_checker/version_finder.rb

@@ -261,13 +261,13 @@ module Dependabot
             RepositoryFinder.new(
               dependency: dependency,
               credentials: credentials,
-              config_file: nuget_config
+              config_files: nuget_configs
             ).dependency_urls
         end
 
-        def nuget_config
-          @nuget_config ||=
-            dependency_files.find { |f| f.name.casecmp("nuget.config").zero? }
+        def nuget_configs
+          @nuget_configs ||=
+            dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
         end
 
         def sanitized_name

data/lib/dependabot/nuget/version.rb

@@ -40,9 +40,50 @@ module Dependabot
       end
 
       def <=>(other)
-        version_comparison = super(other)
+        version_comparison = compare_release(other)
         return version_comparison unless version_comparison.zero?
 
+        version_comparison = compare_prerelease_part(other)
+        return version_comparison unless version_comparison.zero?
+
+        compare_build_info(other)
+      end
+
+      def compare_release(other)
+        release_str = @version_string.split("-").first.split("+").first || ""
+        other_release_str = other.to_s.split("-").first.split("+").first || ""
+
+        Gem::Version.new(release_str).<=>(Gem::Version.new(other_release_str))
+      end
+
+      # rubocop:disable Metrics/CyclomaticComplexity
+      # rubocop:disable Metrics/PerceivedComplexity
+      def compare_prerelease_part(other)
+        release_str = @version_string.split("-").first.split("+").first || ""
+        prerelease_string = @version_string.
+                            sub(release_str, "").
+                            sub("-", "").
+                            split("+").
+                            first
+        prerelease_string = nil if prerelease_string == ""
+
+        other_release_str = other.to_s.split("-").first.split("+").first || ""
+        other_prerelease_string = other.to_s.
+                                  sub(other_release_str, "").
+                                  sub("-", "").
+                                  split("+").
+                                  first
+        other_prerelease_string = nil if other_prerelease_string == ""
+
+        return -1 if prerelease_string && !other_prerelease_string
+        return 1 if !prerelease_string && other_prerelease_string
+
+        prerelease_string.<=>(other_prerelease_string)
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity
+      # rubocop:enable Metrics/PerceivedComplexity
+
+      def compare_build_info(other)
         return build_info.nil? ? 0 : 1 unless other.is_a?(Nuget::Version)
 
         # Build information comparison

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.111.35
+  version: 0.111.36
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-26 00:00:00.000000000 Z
+date: 2019-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.35
+        version: 0.111.36
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.111.35
+        version: 0.111.36
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement