dependabot-nuget 0.183.0 → 0.186.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/metadata_finder.rb +65 -1
- metadata +24 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ab85c8d5dd72faa0b3115bb75e18fc9099235f8bca7f81814e0d879a33a5de0e
|
|
4
|
+
data.tar.gz: 516d5eabe78b13edc1e13e148f4a128246b35477acbbf2a9a8c27daae2c48bae
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fd385d88d1254200d4ef0eac2f0a839ad63ac03038cf1087e7552cb631cf456cb3a02a7dc0509ef3d56f751b5a03f8d6cf73957a3333b1686571c58e8b2487b9
|
|
7
|
+
data.tar.gz: eae29e796c1f94437cf7d87e5810b3838ff5a61e4b58657e24c19ede3a3a698755626f0038d7cd27abc891eff6c7299f024425cd89a003885f0d51a1f60c75d0
|
|
@@ -12,7 +12,71 @@ module Dependabot
|
|
|
12
12
|
def look_up_source
|
|
13
13
|
return Source.from_url(dependency_source_url) if dependency_source_url
|
|
14
14
|
|
|
15
|
-
look_up_source_in_nuspec(dependency_nuspec_file)
|
|
15
|
+
src_repo = look_up_source_in_nuspec(dependency_nuspec_file)
|
|
16
|
+
return src_repo if src_repo
|
|
17
|
+
|
|
18
|
+
# Fallback to getting source from the search result's projectUrl or licenseUrl.
|
|
19
|
+
# GitHub Packages doesn't support getting the `.nuspec`, switch to getting
|
|
20
|
+
# that instead once it is supported.
|
|
21
|
+
src_repo_from_project
|
|
22
|
+
rescue StandardError
|
|
23
|
+
# At this point in the process the PR is ready to be posted, we tried to gather commit
|
|
24
|
+
# and release notes, but have encountered an exception. So let's eat it since it's
|
|
25
|
+
# better to have a PR with no info than error out.
|
|
26
|
+
nil
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def src_repo_from_project
|
|
30
|
+
source = dependency.requirements.find { |r| r&.fetch(:source) }&.fetch(:source)
|
|
31
|
+
return unless source
|
|
32
|
+
|
|
33
|
+
# Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
|
|
34
|
+
response = Excon.get(
|
|
35
|
+
source.fetch(:url),
|
|
36
|
+
idempotent: true,
|
|
37
|
+
**SharedHelpers.excon_defaults(headers: { **auth_header, "Accept" => "application/json" })
|
|
38
|
+
)
|
|
39
|
+
return unless response.status == 200
|
|
40
|
+
|
|
41
|
+
# Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
|
|
42
|
+
search_base = extract_search_url(response.body)
|
|
43
|
+
return unless search_base
|
|
44
|
+
|
|
45
|
+
response = Excon.get(
|
|
46
|
+
search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
|
|
47
|
+
idempotent: true,
|
|
48
|
+
**SharedHelpers.excon_defaults(headers: { **auth_header, "Accept" => "application/json" })
|
|
49
|
+
)
|
|
50
|
+
return unless response.status == 200
|
|
51
|
+
|
|
52
|
+
# Find a projectUrl or licenseUrl that look like a source URL
|
|
53
|
+
extract_source_repo(response.body)
|
|
54
|
+
rescue JSON::ParserError
|
|
55
|
+
# Ignored, this is expected for some registries that don't handle these request.
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def extract_search_url(body)
|
|
59
|
+
JSON.parse(body).
|
|
60
|
+
fetch("resources", []).
|
|
61
|
+
find { |r| r.fetch("@type") == "SearchQueryService" }&.
|
|
62
|
+
fetch("@id")
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def extract_source_repo(body)
|
|
66
|
+
JSON.parse(body).fetch("data", []).each do |search_result|
|
|
67
|
+
next unless search_result["id"].downcase == dependency.name.downcase
|
|
68
|
+
|
|
69
|
+
if search_result.key?("projectUrl")
|
|
70
|
+
source = Source.from_url(search_result.fetch("projectUrl"))
|
|
71
|
+
return source if source
|
|
72
|
+
end
|
|
73
|
+
if search_result.key?("licenseUrl")
|
|
74
|
+
source = Source.from_url(search_result.fetch("licenseUrl"))
|
|
75
|
+
return source if source
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
# failed to find a source URL
|
|
79
|
+
nil
|
|
16
80
|
end
|
|
17
81
|
|
|
18
82
|
def look_up_source_in_nuspec(nuspec)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.186.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,28 +16,42 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.186.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.186.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - '='
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.
|
|
33
|
+
version: 0.2.3
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - '='
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 0.2.3
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: debase-ruby_core_source
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - '='
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 0.10.14
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - '='
|
|
39
53
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
54
|
+
version: 0.10.14
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: debug
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,14 +128,14 @@ dependencies:
|
|
|
114
128
|
requirements:
|
|
115
129
|
- - "~>"
|
|
116
130
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
131
|
+
version: 1.28.2
|
|
118
132
|
type: :development
|
|
119
133
|
prerelease: false
|
|
120
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
135
|
requirements:
|
|
122
136
|
- - "~>"
|
|
123
137
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
138
|
+
version: 1.28.2
|
|
125
139
|
- !ruby/object:Gem::Dependency
|
|
126
140
|
name: ruby-debug-ide
|
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|