dependabot-nuget 0.117.6 → 0.117.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/nuget/update_checker.rb +3 -1
  3. data/lib/dependabot/nuget/update_checker/property_updater.rb +4 -1
  4. data/lib/dependabot/nuget/update_checker/requirements_updater.rb +7 -5
  5. data/lib/dependabot/nuget/update_checker/version_finder.rb +12 -6
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e1705d4e7aadc7f39a382cd9e61a613c7bcb0a627101ac867445712ea50c14f
4
- data.tar.gz: ec59b595619466dbcc7e92745bc286c2d1f26f3ba089484f3713c44b864bb9a7
3
+ metadata.gz: '086c2197a6a562a6de05fa612462f340728ff5887bd9472a771394d56db84432'
4
+ data.tar.gz: 440a0ff6854def8b4af4b50f5735dcac5545e6da9f2f9e0c121b7e411cc77d5e
5
5
  SHA512:
6
- metadata.gz: b896adef41315a4c24564730bfb321365c7ec5844a55707dac5551a577d61bf1eac6f0d8f0777a8f97fc3af3302c5043657dfe83475012eb9db2a8ba455b19bc
7
- data.tar.gz: a24775fccd3431723d028484c4cfa5d97cfe7263ba7d69d8e5b1628fc38d0226eb05054b2a2357f83d9b1e2ccba9f31f1ddae5916e0b889cb58289f25366962f
6
+ metadata.gz: 116976d7995552011f5b9eaee9ce37e92ea1a7c17143998c70d8095bbe762407bd909ea8564f21a229a8ec420a375fa9e5dda4097375ece0e235711175b2cda8
7
+ data.tar.gz: 32af20a089e8013688f1b468e9e62259559241ea95c0e7caaa5869fc196a31844cd7195d4562abab9b1af2e0003cfdd1d4d87df7a0cf951de16a7a32727733f7
data/lib/dependabot/nuget/update_checker.rb CHANGED
@@ -95,6 +95,7 @@ module Dependabot
95
95
  dependency_files: dependency_files,
96
96
  credentials: credentials,
97
97
  ignored_versions: ignored_versions,
98
+ raise_on_ignored: @raise_on_ignored,
98
99
  security_advisories: security_advisories
99
100
  )
100
101
  end
@@ -106,7 +107,8 @@ module Dependabot
106
107
  dependency_files: dependency_files,
107
108
  target_version_details: latest_version_details,
108
109
  credentials: credentials,
109
- ignored_versions: ignored_versions
110
+ ignored_versions: ignored_versions,
111
+ raise_on_ignored: @raise_on_ignored
110
112
  )
111
113
  end
112
114
 
data/lib/dependabot/nuget/update_checker/property_updater.rb CHANGED
@@ -11,11 +11,13 @@ module Dependabot
11
11
  require_relative "requirements_updater"
12
12
 
13
13
  def initialize(dependency:, dependency_files:, credentials:,
14
- target_version_details:, ignored_versions:)
14
+ target_version_details:, ignored_versions:,
15
+ raise_on_ignored: false)
15
16
  @dependency = dependency
16
17
  @dependency_files = dependency_files
17
18
  @credentials = credentials
18
19
  @ignored_versions = ignored_versions
20
+ @raise_on_ignored = raise_on_ignored
19
21
  @target_version = target_version_details&.fetch(:version)
20
22
  @source_details = target_version_details&.
21
23
  slice(:nuspec_url, :repo_url, :source_url)
@@ -31,6 +33,7 @@ module Dependabot
31
33
  dependency_files: dependency_files,
32
34
  credentials: credentials,
33
35
  ignored_versions: ignored_versions,
36
+ raise_on_ignored: @raise_on_ignored,
34
37
  security_advisories: []
35
38
  ).versions.map { |v| v.fetch(:version) }
36
39
 
data/lib/dependabot/nuget/update_checker/requirements_updater.rb CHANGED
@@ -12,8 +12,6 @@ module Dependabot
12
12
  module Nuget
13
13
  class UpdateChecker
14
14
  class RequirementsUpdater
15
- VERSION_REGEX = /[0-9a-zA-Z]+(?:\.[a-zA-Z0-9\-]+)*/.freeze
16
-
17
15
  def initialize(requirements:, latest_version:, source_details:)
18
16
  @requirements = requirements
19
17
  @source_details = source_details
@@ -36,9 +34,13 @@ module Dependabot
36
34
  if req.fetch(:requirement).include?("*")
37
35
  update_wildcard_requirement(req.fetch(:requirement))
38
36
  else
39
- # Since range requirements are excluded by the line above we
40
- # can just do a `gsub` on anything that looks like a version
41
- req[:requirement].gsub(VERSION_REGEX, latest_version.to_s)
37
+ # Since range requirements are excluded by the line above we can
38
+ # replace anything that looks like a version with the new
39
+ # version
40
+ req[:requirement].sub(
41
+ /#{Nuget::Version::VERSION_PATTERN}/,
42
+ latest_version.to_s
43
+ )
42
44
  end
43
45
 
44
46
  next req if new_req == req.fetch(:requirement)
data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED
@@ -15,11 +15,13 @@ module Dependabot
15
15
  require_relative "repository_finder"
16
16
 
17
17
  def initialize(dependency:, dependency_files:, credentials:,
18
- ignored_versions:, security_advisories:)
18
+ ignored_versions:, raise_on_ignored: false,
19
+ security_advisories:)
19
20
  @dependency = dependency
20
21
  @dependency_files = dependency_files
21
22
  @credentials = credentials
22
23
  @ignored_versions = ignored_versions
24
+ @raise_on_ignored = raise_on_ignored
23
25
  @security_advisories = security_advisories
24
26
  end
25
27
 
@@ -38,8 +40,8 @@ module Dependabot
38
40
  begin
39
41
  possible_versions = versions
40
42
  possible_versions = filter_prereleases(possible_versions)
41
- possible_versions = filter_ignored_versions(possible_versions)
42
43
  possible_versions = filter_vulnerable_versions(possible_versions)
44
+ possible_versions = filter_ignored_versions(possible_versions)
43
45
  possible_versions = filter_lower_versions(possible_versions)
44
46
  possible_versions.min_by { |hash| hash.fetch(:version) }
45
47
  end
@@ -62,16 +64,20 @@ module Dependabot
62
64
  end
63
65
 
64
66
  def filter_ignored_versions(possible_versions)
65
- versions_array = possible_versions
67
+ filtered = possible_versions
66
68
 
67
69
  ignored_versions.each do |req|
68
70
  ignore_req = requirement_class.new(req.split(","))
69
- versions_array =
70
- versions_array.
71
+ filtered =
72
+ filtered.
71
73
  reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
72
74
  end
73
75
 
74
- versions_array
76
+ if @raise_on_ignored && filtered.empty? && possible_versions.any?
77
+ raise AllVersionsIgnored
78
+ end
79
+
80
+ filtered
75
81
  end
76
82
 
77
83
  def filter_vulnerable_versions(possible_versions)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.6
4
+ version: 0.117.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-09 00:00:00.000000000 Z
11
+ date: 2020-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.6
19
+ version: 0.117.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.6
26
+ version: 0.117.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.80.1
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.80.1
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement