dependabot-nuget 0.117.10 → 0.118.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5f2eac3ba62a19444e76978374d1188a5a5fdfb25019df6a376378fe01cfabd5
4
- data.tar.gz: c8c786373c33b180edce533469b43f2dbcff1b57094f74aaa3cbd787817e1efb
3
+ metadata.gz: ae18cf9eb6e6e645cc3143e455800779dd8fb565907b020adfe460f14dc8de80
4
+ data.tar.gz: b34a148c234d3471db3d421eac2b878ef14d6cc69dd1133f08db78a5bf901cb1
5
5
  SHA512:
6
- metadata.gz: 1f740f874212d59a7bb6e1261f1f720742be061c27ee4c8ab6ae02deb5024b1df770350e9cd896de254f6754d7d05a9f0fc644a411844afde195da48a2ede39c
7
- data.tar.gz: e232df12187191876d00bb1e810af240839c318c70486719e4c863626e34c7f37a9e3585f7b2a9f7cc0849122ae466842abc31fe5b43d56eb22264b956170775
6
+ metadata.gz: c9663d93bd396c04094bb3adcb5d2b621a74e8ba3006c305767b5fb71b72653f73bdf45a65564d44f160bcbc98ac9b2ba706a38f393a18794da453d87379ccff
7
+ data.tar.gz: 56cee152e9fd52d4452dda410bdb3a0d1ada56b9ec33b494d0c0f98594aa36fbabb32af3dbd9904ebe14ba3ac2aacba66c932002fccef80f0266cf2b9cfe9823
@@ -117,6 +117,8 @@ module Dependabot
117
117
  possible_paths += [
118
118
  "Directory.Build.props",
119
119
  "Directory.build.props",
120
+ "Directory.Packages.props",
121
+ "Directory.packages.props",
120
122
  "Directory.Build.targets",
121
123
  "Directory.build.targets"
122
124
  ]
@@ -137,6 +139,8 @@ module Dependabot
137
139
  [
138
140
  Pathname.new(base + "/Directory.Build.props").cleanpath.to_path,
139
141
  Pathname.new(base + "/Directory.build.props").cleanpath.to_path,
142
+ Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path,
143
+ Pathname.new(base + "/Directory.packages.props").cleanpath.to_path,
140
144
  Pathname.new(base + "/Directory.Build.targets").cleanpath.to_path,
141
145
  Pathname.new(base + "/Directory.build.targets").cleanpath.to_path
142
146
  ]
@@ -16,6 +16,7 @@ module Dependabot
16
16
 
17
17
  DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
18
18
  "ItemGroup > GlobalPackageReference, "\
19
+ "ItemGroup > PackageVersion, "\
19
20
  "ItemGroup > Dependency, "\
20
21
  "ItemGroup > DevelopmentDependency"
21
22
 
@@ -37,6 +37,12 @@ module Dependabot
37
37
  callsite_file: callsite_file
38
38
  )
39
39
 
40
+ node_details ||=
41
+ find_property_in_directory_build_packages(
42
+ property: property_name,
43
+ callsite_file: callsite_file
44
+ )
45
+
40
46
  node_details ||=
41
47
  find_property_in_packages_props(property: property_name)
42
48
 
@@ -112,6 +118,13 @@ module Dependabot
112
118
  deep_find_prop_node(property: property, file: file)
113
119
  end
114
120
 
121
+ def find_property_in_directory_build_packages(property:, callsite_file:)
122
+ file = build_packages_file_for_project(callsite_file)
123
+ return unless file
124
+
125
+ deep_find_prop_node(property: property, file: file)
126
+ end
127
+
115
128
  def find_property_in_packages_props(property:)
116
129
  file = packages_props_file
117
130
  return unless file
@@ -152,6 +165,22 @@ module Dependabot
152
165
  dependency_files.find { |f| f.name == path }
153
166
  end
154
167
 
168
+ def build_packages_file_for_project(project_file)
169
+ dir = File.dirname(project_file.name)
170
+
171
+ # Nuget walks up the directory structure looking for a
172
+ # Directory.Packages.props file
173
+ possible_paths = dir.split("/").map.with_index do |_, i|
174
+ base = dir.split("/").first(i + 1).join("/")
175
+ Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path
176
+ end.reverse + ["Directory.Packages.props"]
177
+
178
+ path = possible_paths.uniq.
179
+ find { |p| dependency_files.find { |f| f.name == p } }
180
+
181
+ dependency_files.find { |f| f.name == path }
182
+ end
183
+
155
184
  def packages_props_file
156
185
  dependency_files.find { |f| f.name.casecmp("Packages.props").zero? }
157
186
  end
@@ -13,6 +13,8 @@ module Dependabot
13
13
  <PackageReference [^>]*?[^/]>.*?</PackageReference>|
14
14
  <GlobalPackageReference [^>]*?/>|
15
15
  <GlobalPackageReference [^>]*?[^/]>.*?</GlobalPackageReference>|
16
+ <PackageVersion [^>]*?/>|
17
+ <PackageVersion [^>]*?[^/]>.*?</PackageVersion>|
16
18
  <Dependency [^>]*?/>|
17
19
  <Dependency [^>]*?[^/]>.*?</Dependency>|
18
20
  <DevelopmentDependency [^>]*?/>|
@@ -95,6 +95,7 @@ module Dependabot
95
95
  dependency_files: dependency_files,
96
96
  credentials: credentials,
97
97
  ignored_versions: ignored_versions,
98
+ raise_on_ignored: @raise_on_ignored,
98
99
  security_advisories: security_advisories
99
100
  )
100
101
  end
@@ -106,7 +107,8 @@ module Dependabot
106
107
  dependency_files: dependency_files,
107
108
  target_version_details: latest_version_details,
108
109
  credentials: credentials,
109
- ignored_versions: ignored_versions
110
+ ignored_versions: ignored_versions,
111
+ raise_on_ignored: @raise_on_ignored
110
112
  )
111
113
  end
112
114
 
@@ -11,11 +11,13 @@ module Dependabot
11
11
  require_relative "requirements_updater"
12
12
 
13
13
  def initialize(dependency:, dependency_files:, credentials:,
14
- target_version_details:, ignored_versions:)
14
+ target_version_details:, ignored_versions:,
15
+ raise_on_ignored: false)
15
16
  @dependency = dependency
16
17
  @dependency_files = dependency_files
17
18
  @credentials = credentials
18
19
  @ignored_versions = ignored_versions
20
+ @raise_on_ignored = raise_on_ignored
19
21
  @target_version = target_version_details&.fetch(:version)
20
22
  @source_details = target_version_details&.
21
23
  slice(:nuspec_url, :repo_url, :source_url)
@@ -31,6 +33,7 @@ module Dependabot
31
33
  dependency_files: dependency_files,
32
34
  credentials: credentials,
33
35
  ignored_versions: ignored_versions,
36
+ raise_on_ignored: @raise_on_ignored,
34
37
  security_advisories: []
35
38
  ).versions.map { |v| v.fetch(:version) }
36
39
 
@@ -15,11 +15,13 @@ module Dependabot
15
15
  require_relative "repository_finder"
16
16
 
17
17
  def initialize(dependency:, dependency_files:, credentials:,
18
- ignored_versions:, security_advisories:)
18
+ ignored_versions:, raise_on_ignored: false,
19
+ security_advisories:)
19
20
  @dependency = dependency
20
21
  @dependency_files = dependency_files
21
22
  @credentials = credentials
22
23
  @ignored_versions = ignored_versions
24
+ @raise_on_ignored = raise_on_ignored
23
25
  @security_advisories = security_advisories
24
26
  end
25
27
 
@@ -38,8 +40,8 @@ module Dependabot
38
40
  begin
39
41
  possible_versions = versions
40
42
  possible_versions = filter_prereleases(possible_versions)
41
- possible_versions = filter_ignored_versions(possible_versions)
42
43
  possible_versions = filter_vulnerable_versions(possible_versions)
44
+ possible_versions = filter_ignored_versions(possible_versions)
43
45
  possible_versions = filter_lower_versions(possible_versions)
44
46
  possible_versions.min_by { |hash| hash.fetch(:version) }
45
47
  end
@@ -62,16 +64,20 @@ module Dependabot
62
64
  end
63
65
 
64
66
  def filter_ignored_versions(possible_versions)
65
- versions_array = possible_versions
67
+ filtered = possible_versions
66
68
 
67
69
  ignored_versions.each do |req|
68
70
  ignore_req = requirement_class.new(req.split(","))
69
- versions_array =
70
- versions_array.
71
+ filtered =
72
+ filtered.
71
73
  reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
72
74
  end
73
75
 
74
- versions_array
76
+ if @raise_on_ignored && filtered.empty? && possible_versions.any?
77
+ raise AllVersionsIgnored
78
+ end
79
+
80
+ filtered
75
81
  end
76
82
 
77
83
  def filter_vulnerable_versions(possible_versions)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.10
4
+ version: 0.118.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-21 00:00:00.000000000 Z
11
+ date: 2020-06-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.10
19
+ version: 0.118.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.10
26
+ version: 0.118.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,28 +114,28 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.83.0
117
+ version: 0.85.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.83.0
124
+ version: 0.85.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: '5.0'
131
+ version: 6.0.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: '5.0'
138
+ version: 6.0.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: webmock
141
141
  requirement: !ruby/object:Gem::Requirement