RubyGems - dependabot-nuget - Versions diffs - 0.117.10 → 0.118.3 - Mend

dependabot-nuget 0.117.10 → 0.118.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f2eac3ba62a19444e76978374d1188a5a5fdfb25019df6a376378fe01cfabd5
-  data.tar.gz: c8c786373c33b180edce533469b43f2dbcff1b57094f74aaa3cbd787817e1efb
+  metadata.gz: ae18cf9eb6e6e645cc3143e455800779dd8fb565907b020adfe460f14dc8de80
+  data.tar.gz: b34a148c234d3471db3d421eac2b878ef14d6cc69dd1133f08db78a5bf901cb1
 SHA512:
-  metadata.gz: 1f740f874212d59a7bb6e1261f1f720742be061c27ee4c8ab6ae02deb5024b1df770350e9cd896de254f6754d7d05a9f0fc644a411844afde195da48a2ede39c
-  data.tar.gz: e232df12187191876d00bb1e810af240839c318c70486719e4c863626e34c7f37a9e3585f7b2a9f7cc0849122ae466842abc31fe5b43d56eb22264b956170775
+  metadata.gz: c9663d93bd396c04094bb3adcb5d2b621a74e8ba3006c305767b5fb71b72653f73bdf45a65564d44f160bcbc98ac9b2ba706a38f393a18794da453d87379ccff
+  data.tar.gz: 56cee152e9fd52d4452dda410bdb3a0d1ada56b9ec33b494d0c0f98594aa36fbabb32af3dbd9904ebe14ba3ac2aacba66c932002fccef80f0266cf2b9cfe9823

data/lib/dependabot/nuget/file_fetcher.rb CHANGED

@@ -117,6 +117,8 @@ module Dependabot
           possible_paths += [
             "Directory.Build.props",
             "Directory.build.props",
+            "Directory.Packages.props",
+            "Directory.packages.props",
             "Directory.Build.targets",
             "Directory.build.targets"
           ]
@@ -137,6 +139,8 @@ module Dependabot
         [
           Pathname.new(base + "/Directory.Build.props").cleanpath.to_path,
           Pathname.new(base + "/Directory.build.props").cleanpath.to_path,
+          Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path,
+          Pathname.new(base + "/Directory.packages.props").cleanpath.to_path,
           Pathname.new(base + "/Directory.Build.targets").cleanpath.to_path,
           Pathname.new(base + "/Directory.build.targets").cleanpath.to_path
         ]

data/lib/dependabot/nuget/file_parser/project_file_parser.rb CHANGED

@@ -16,6 +16,7 @@ module Dependabot
         DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
                               "ItemGroup > GlobalPackageReference, "\
+                              "ItemGroup > PackageVersion, "\
                               "ItemGroup > Dependency, "\
                               "ItemGroup > DevelopmentDependency"

data/lib/dependabot/nuget/file_parser/property_value_finder.rb CHANGED

@@ -37,6 +37,12 @@ module Dependabot
               callsite_file: callsite_file
             )
+          node_details ||=
+            find_property_in_directory_build_packages(
+              property: property_name,
+              callsite_file: callsite_file
+            )
           node_details ||=
             find_property_in_packages_props(property: property_name)
@@ -112,6 +118,13 @@ module Dependabot
           deep_find_prop_node(property: property, file: file)
         end
+        def find_property_in_directory_build_packages(property:, callsite_file:)
+          file = build_packages_file_for_project(callsite_file)
+          return unless file
+          deep_find_prop_node(property: property, file: file)
+        end
         def find_property_in_packages_props(property:)
           file = packages_props_file
           return unless file
@@ -152,6 +165,22 @@ module Dependabot
           dependency_files.find { |f| f.name == path }
         end
+        def build_packages_file_for_project(project_file)
+          dir = File.dirname(project_file.name)
+          # Nuget walks up the directory structure looking for a
+          # Directory.Packages.props file
+          possible_paths = dir.split("/").map.with_index do |_, i|
+            base = dir.split("/").first(i + 1).join("/")
+            Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path
+          end.reverse + ["Directory.Packages.props"]
+          path = possible_paths.uniq.
+                 find { |p| dependency_files.find { |f| f.name == p } }
+          dependency_files.find { |f| f.name == path }
+        end
         def packages_props_file
           dependency_files.find { |f| f.name.casecmp("Packages.props").zero? }
         end

data/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb CHANGED

@@ -13,6 +13,8 @@ module Dependabot
             <PackageReference [^>]*?[^/]>.*?</PackageReference>|
             <GlobalPackageReference [^>]*?/>|
             <GlobalPackageReference [^>]*?[^/]>.*?</GlobalPackageReference>|
+            <PackageVersion [^>]*?/>|
+            <PackageVersion [^>]*?[^/]>.*?</PackageVersion>|
             <Dependency [^>]*?/>|
             <Dependency [^>]*?[^/]>.*?</Dependency>|
             <DevelopmentDependency [^>]*?/>|

data/lib/dependabot/nuget/update_checker.rb CHANGED

@@ -95,6 +95,7 @@ module Dependabot
             dependency_files: dependency_files,
             credentials: credentials,
             ignored_versions: ignored_versions,
+            raise_on_ignored: @raise_on_ignored,
             security_advisories: security_advisories
           )
       end
@@ -106,7 +107,8 @@ module Dependabot
             dependency_files: dependency_files,
             target_version_details: latest_version_details,
             credentials: credentials,
-            ignored_versions: ignored_versions
+            ignored_versions: ignored_versions,
+            raise_on_ignored: @raise_on_ignored
           )
       end

data/lib/dependabot/nuget/update_checker/property_updater.rb CHANGED

@@ -11,11 +11,13 @@ module Dependabot
         require_relative "requirements_updater"
         def initialize(dependency:, dependency_files:, credentials:,
-                       target_version_details:, ignored_versions:)
+                       target_version_details:, ignored_versions:,
+                       raise_on_ignored: false)
           @dependency       = dependency
           @dependency_files = dependency_files
           @credentials      = credentials
           @ignored_versions = ignored_versions
+          @raise_on_ignored = raise_on_ignored
           @target_version   = target_version_details&.fetch(:version)
           @source_details   = target_version_details&.
                               slice(:nuspec_url, :repo_url, :source_url)
@@ -31,6 +33,7 @@ module Dependabot
                 dependency_files: dependency_files,
                 credentials: credentials,
                 ignored_versions: ignored_versions,
+                raise_on_ignored: @raise_on_ignored,
                 security_advisories: []
               ).versions.map { |v| v.fetch(:version) }

data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED

@@ -15,11 +15,13 @@ module Dependabot
         require_relative "repository_finder"
         def initialize(dependency:, dependency_files:, credentials:,
-                       ignored_versions:, security_advisories:)
+                       ignored_versions:, raise_on_ignored: false,
+                       security_advisories:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @credentials         = credentials
           @ignored_versions    = ignored_versions
+          @raise_on_ignored    = raise_on_ignored
           @security_advisories = security_advisories
         end
@@ -38,8 +40,8 @@ module Dependabot
             begin
               possible_versions = versions
               possible_versions = filter_prereleases(possible_versions)
-              possible_versions = filter_ignored_versions(possible_versions)
               possible_versions = filter_vulnerable_versions(possible_versions)
+              possible_versions = filter_ignored_versions(possible_versions)
               possible_versions = filter_lower_versions(possible_versions)
               possible_versions.min_by { |hash| hash.fetch(:version) }
             end
@@ -62,16 +64,20 @@ module Dependabot
         end
         def filter_ignored_versions(possible_versions)
-          versions_array = possible_versions
+          filtered = possible_versions
           ignored_versions.each do |req|
             ignore_req = requirement_class.new(req.split(","))
-            versions_array =
-              versions_array.
+            filtered =
+              filtered.
               reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
           end
-          versions_array
+          if @raise_on_ignored && filtered.empty? && possible_versions.any?
+            raise AllVersionsIgnored
+          end
+          filtered
         end
         def filter_vulnerable_versions(possible_versions)

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.117.10
+  version: 0.118.3
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-21 00:00:00.000000000 Z
+date: 2020-06-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.117.10
+        version: 0.118.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.117.10
+        version: 0.118.3
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -114,28 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.85.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.83.0
+        version: 0.85.0
 - !ruby/object:Gem::Dependency
   name: vcr
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 6.0.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement