dependabot-nuget 0.117.6 → 0.117.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/nuget/update_checker.rb +3 -1
  3. data/lib/dependabot/nuget/update_checker/property_updater.rb +4 -1
  4. data/lib/dependabot/nuget/update_checker/requirements_updater.rb +7 -5
  5. data/lib/dependabot/nuget/update_checker/version_finder.rb +12 -6
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e1705d4e7aadc7f39a382cd9e61a613c7bcb0a627101ac867445712ea50c14f
4
- data.tar.gz: ec59b595619466dbcc7e92745bc286c2d1f26f3ba089484f3713c44b864bb9a7
3
+ metadata.gz: '086c2197a6a562a6de05fa612462f340728ff5887bd9472a771394d56db84432'
4
+ data.tar.gz: 440a0ff6854def8b4af4b50f5735dcac5545e6da9f2f9e0c121b7e411cc77d5e
5
5
  SHA512:
6
- metadata.gz: b896adef41315a4c24564730bfb321365c7ec5844a55707dac5551a577d61bf1eac6f0d8f0777a8f97fc3af3302c5043657dfe83475012eb9db2a8ba455b19bc
7
- data.tar.gz: a24775fccd3431723d028484c4cfa5d97cfe7263ba7d69d8e5b1628fc38d0226eb05054b2a2357f83d9b1e2ccba9f31f1ddae5916e0b889cb58289f25366962f
6
+ metadata.gz: 116976d7995552011f5b9eaee9ce37e92ea1a7c17143998c70d8095bbe762407bd909ea8564f21a229a8ec420a375fa9e5dda4097375ece0e235711175b2cda8
7
+ data.tar.gz: 32af20a089e8013688f1b468e9e62259559241ea95c0e7caaa5869fc196a31844cd7195d4562abab9b1af2e0003cfdd1d4d87df7a0cf951de16a7a32727733f7
data/lib/dependabot/nuget/update_checker.rb CHANGED
@@ -95,6 +95,7 @@ module Dependabot
95
95
  dependency_files: dependency_files,
96
96
  credentials: credentials,
97
97
  ignored_versions: ignored_versions,
98
+ raise_on_ignored: @raise_on_ignored,
98
99
  security_advisories: security_advisories
99
100
  )
100
101
  end
@@ -106,7 +107,8 @@ module Dependabot
106
107
  dependency_files: dependency_files,
107
108
  target_version_details: latest_version_details,
108
109
  credentials: credentials,
109
- ignored_versions: ignored_versions
110
+ ignored_versions: ignored_versions,
111
+ raise_on_ignored: @raise_on_ignored
110
112
  )
111
113
  end
112
114
 
data/lib/dependabot/nuget/update_checker/property_updater.rb CHANGED
@@ -11,11 +11,13 @@ module Dependabot
11
11
  require_relative "requirements_updater"
12
12
 
13
13
  def initialize(dependency:, dependency_files:, credentials:,
14
- target_version_details:, ignored_versions:)
14
+ target_version_details:, ignored_versions:,
15
+ raise_on_ignored: false)
15
16
  @dependency = dependency
16
17
  @dependency_files = dependency_files
17
18
  @credentials = credentials
18
19
  @ignored_versions = ignored_versions
20
+ @raise_on_ignored = raise_on_ignored
19
21
  @target_version = target_version_details&.fetch(:version)
20
22
  @source_details = target_version_details&.
21
23
  slice(:nuspec_url, :repo_url, :source_url)
@@ -31,6 +33,7 @@ module Dependabot
31
33
  dependency_files: dependency_files,
32
34
  credentials: credentials,
33
35
  ignored_versions: ignored_versions,
36
+ raise_on_ignored: @raise_on_ignored,
34
37
  security_advisories: []
35
38
  ).versions.map { |v| v.fetch(:version) }
36
39
 
data/lib/dependabot/nuget/update_checker/requirements_updater.rb CHANGED
@@ -12,8 +12,6 @@ module Dependabot
12
12
  module Nuget
13
13
  class UpdateChecker
14
14
  class RequirementsUpdater
15
- VERSION_REGEX = /[0-9a-zA-Z]+(?:\.[a-zA-Z0-9\-]+)*/.freeze
16
-
17
15
  def initialize(requirements:, latest_version:, source_details:)
18
16
  @requirements = requirements
19
17
  @source_details = source_details
@@ -36,9 +34,13 @@ module Dependabot
36
34
  if req.fetch(:requirement).include?("*")
37
35
  update_wildcard_requirement(req.fetch(:requirement))
38
36
  else
39
- # Since range requirements are excluded by the line above we
40
- # can just do a `gsub` on anything that looks like a version
41
- req[:requirement].gsub(VERSION_REGEX, latest_version.to_s)
37
+ # Since range requirements are excluded by the line above we can
38
+ # replace anything that looks like a version with the new
39
+ # version
40
+ req[:requirement].sub(
41
+ /#{Nuget::Version::VERSION_PATTERN}/,
42
+ latest_version.to_s
43
+ )
42
44
  end
43
45
 
44
46
  next req if new_req == req.fetch(:requirement)
data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED
@@ -15,11 +15,13 @@ module Dependabot
15
15
  require_relative "repository_finder"
16
16
 
17
17
  def initialize(dependency:, dependency_files:, credentials:,
18
- ignored_versions:, security_advisories:)
18
+ ignored_versions:, raise_on_ignored: false,
19
+ security_advisories:)
19
20
  @dependency = dependency
20
21
  @dependency_files = dependency_files
21
22
  @credentials = credentials
22
23
  @ignored_versions = ignored_versions
24
+ @raise_on_ignored = raise_on_ignored
23
25
  @security_advisories = security_advisories
24
26
  end
25
27
 
@@ -38,8 +40,8 @@ module Dependabot
38
40
  begin
39
41
  possible_versions = versions
40
42
  possible_versions = filter_prereleases(possible_versions)
41
- possible_versions = filter_ignored_versions(possible_versions)
42
43
  possible_versions = filter_vulnerable_versions(possible_versions)
44
+ possible_versions = filter_ignored_versions(possible_versions)
43
45
  possible_versions = filter_lower_versions(possible_versions)
44
46
  possible_versions.min_by { |hash| hash.fetch(:version) }
45
47
  end
@@ -62,16 +64,20 @@ module Dependabot
62
64
  end
63
65
 
64
66
  def filter_ignored_versions(possible_versions)
65
- versions_array = possible_versions
67
+ filtered = possible_versions
66
68
 
67
69
  ignored_versions.each do |req|
68
70
  ignore_req = requirement_class.new(req.split(","))
69
- versions_array =
70
- versions_array.
71
+ filtered =
72
+ filtered.
71
73
  reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
72
74
  end
73
75
 
74
- versions_array
76
+ if @raise_on_ignored && filtered.empty? && possible_versions.any?
77
+ raise AllVersionsIgnored
78
+ end
79
+
80
+ filtered
75
81
  end
76
82
 
77
83
  def filter_vulnerable_versions(possible_versions)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.117.6
4
+ version: 0.117.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-09 00:00:00.000000000 Z
11
+ date: 2020-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.117.6
19
+ version: 0.117.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.117.6
26
+ version: 0.117.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.80.1
117
+ version: 0.83.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.80.1
124
+ version: 0.83.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: vcr
127
127
  requirement: !ruby/object:Gem::Requirement