dependabot-nuget 0.211.0 → 0.212.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/file_fetcher.rb +6 -6
- data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +1 -1
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +4 -4
- data/lib/dependabot/nuget/file_parser/property_value_finder.rb +2 -3
- data/lib/dependabot/nuget/metadata_finder.rb +8 -8
- data/lib/dependabot/nuget/update_checker/repository_finder.rb +5 -5
- data/lib/dependabot/nuget/update_checker/requirements_updater.rb +1 -1
- data/lib/dependabot/nuget/update_checker/version_finder.rb +7 -7
- metadata +22 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f2670db3fd0c6b63fef409230620f4167fb0832deb5df3133dc9762e54104746
|
|
4
|
+
data.tar.gz: 749cd634dde39e45264654b33e3cfd0f8759ead2e9b808906dd33bf8299b7948
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0c433d102aa4773f20f75b33e0e8566335fe05948abadb9b854e66cedb15ce0061daa1a8b00977ac00ea139d48b86b114a986e192fb2e9aa526b08811285f28
|
|
7
|
+
data.tar.gz: efab05fc35e9daa61950bae053557ffbeb864fbbb04cbeb052fbf1f6b478ee303d330ed51ec99b3b357f36ac7efe47e9f1ab1ae503563e1fe013240ae9926ebb
|
|
@@ -73,11 +73,11 @@ module Dependabot
|
|
|
73
73
|
[*project_files.map { |f| File.dirname(f.name) }, "."].uniq
|
|
74
74
|
|
|
75
75
|
@packages_config_files ||=
|
|
76
|
-
candidate_paths.
|
|
76
|
+
candidate_paths.filter_map do |dir|
|
|
77
77
|
file = repo_contents(dir: dir).
|
|
78
78
|
find { |f| f.name.casecmp("packages.config").zero? }
|
|
79
79
|
fetch_file_from_host(File.join(dir, file.name)) if file
|
|
80
|
-
end
|
|
80
|
+
end
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
# rubocop:disable Metrics/PerceivedComplexity
|
|
@@ -157,7 +157,7 @@ module Dependabot
|
|
|
157
157
|
project_paths
|
|
158
158
|
end
|
|
159
159
|
|
|
160
|
-
paths.
|
|
160
|
+
paths.filter_map do |path|
|
|
161
161
|
fetch_file_from_host(path)
|
|
162
162
|
rescue Dependabot::DependencyFileNotFound => e
|
|
163
163
|
@missing_sln_project_file_errors ||= []
|
|
@@ -165,7 +165,7 @@ module Dependabot
|
|
|
165
165
|
# Don't worry about missing files too much for now (at least
|
|
166
166
|
# until we start resolving properties)
|
|
167
167
|
nil
|
|
168
|
-
end
|
|
168
|
+
end
|
|
169
169
|
end
|
|
170
170
|
end
|
|
171
171
|
|
|
@@ -209,12 +209,12 @@ module Dependabot
|
|
|
209
209
|
[*project_files.map { |f| File.dirname(f.name) }, "."].uniq
|
|
210
210
|
|
|
211
211
|
@nuget_config_files ||=
|
|
212
|
-
candidate_paths.
|
|
212
|
+
candidate_paths.filter_map do |dir|
|
|
213
213
|
file = repo_contents(dir: dir).
|
|
214
214
|
find { |f| f.name.casecmp("nuget.config").zero? }
|
|
215
215
|
file = fetch_file_from_host(File.join(dir, file.name)) if file
|
|
216
216
|
file&.tap { |f| f.support_file = true }
|
|
217
|
-
end
|
|
217
|
+
end
|
|
218
218
|
end
|
|
219
219
|
|
|
220
220
|
def global_json
|
|
@@ -61,7 +61,7 @@ module Dependabot
|
|
|
61
61
|
def dependency_type(dependency_node)
|
|
62
62
|
val = dependency_node.attribute("developmentDependency")&.value&.strip ||
|
|
63
63
|
dependency_node.at_xpath("./developmentDependency")&.content&.strip
|
|
64
|
-
val.to_s.
|
|
64
|
+
val.to_s.casecmp("true").zero? ? "devDependencies" : "dependencies"
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
end
|
|
@@ -14,10 +14,10 @@ module Dependabot
|
|
|
14
14
|
require "dependabot/file_parsers/base/dependency_set"
|
|
15
15
|
require_relative "property_value_finder"
|
|
16
16
|
|
|
17
|
-
DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
|
|
18
|
-
"ItemGroup > GlobalPackageReference, "\
|
|
19
|
-
"ItemGroup > PackageVersion, "\
|
|
20
|
-
"ItemGroup > Dependency, "\
|
|
17
|
+
DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, " \
|
|
18
|
+
"ItemGroup > GlobalPackageReference, " \
|
|
19
|
+
"ItemGroup > PackageVersion, " \
|
|
20
|
+
"ItemGroup > Dependency, " \
|
|
21
21
|
"ItemGroup > DevelopmentDependency"
|
|
22
22
|
|
|
23
23
|
PROJECT_SDK_REGEX = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$}.freeze
|
|
@@ -47,7 +47,7 @@ module Dependabot
|
|
|
47
47
|
find_property_in_packages_props(property: property_name)
|
|
48
48
|
|
|
49
49
|
return unless node_details
|
|
50
|
-
return node_details unless node_details[:value]
|
|
50
|
+
return node_details unless PROPERTY_REGEX.match?(node_details[:value])
|
|
51
51
|
|
|
52
52
|
check_next_level_of_stack(node_details, stack)
|
|
53
53
|
end
|
|
@@ -91,8 +91,7 @@ module Dependabot
|
|
|
91
91
|
]
|
|
92
92
|
|
|
93
93
|
file = import_paths.
|
|
94
|
-
|
|
95
|
-
compact.
|
|
94
|
+
filter_map { |p| dependency_files.find { |f| f.name == p } }.
|
|
96
95
|
find { |f| deep_find_prop_node(property: property, file: f) }
|
|
97
96
|
|
|
98
97
|
return unless file
|
|
@@ -63,7 +63,7 @@ module Dependabot
|
|
|
63
63
|
|
|
64
64
|
def extract_source_repo(body)
|
|
65
65
|
JSON.parse(body).fetch("data", []).each do |search_result|
|
|
66
|
-
next unless search_result["id"].
|
|
66
|
+
next unless search_result["id"].casecmp(dependency.name).zero?
|
|
67
67
|
|
|
68
68
|
if search_result.key?("projectUrl")
|
|
69
69
|
source = Source.from_url(search_result.fetch("projectUrl"))
|
|
@@ -123,18 +123,18 @@ module Dependabot
|
|
|
123
123
|
|
|
124
124
|
if source&.key?(:nuspec_url)
|
|
125
125
|
source.fetch(:nuspec_url) ||
|
|
126
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
|
127
|
-
"#{dependency.name.downcase}/#{dependency.version}/"\
|
|
126
|
+
"https://api.nuget.org/v3-flatcontainer/" \
|
|
127
|
+
"#{dependency.name.downcase}/#{dependency.version}/" \
|
|
128
128
|
"#{dependency.name.downcase}.nuspec"
|
|
129
129
|
elsif source&.key?(:nuspec_url)
|
|
130
130
|
source.fetch("nuspec_url") ||
|
|
131
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
|
132
|
-
"#{dependency.name.downcase}/#{dependency.version}/"\
|
|
131
|
+
"https://api.nuget.org/v3-flatcontainer/" \
|
|
132
|
+
"#{dependency.name.downcase}/#{dependency.version}/" \
|
|
133
133
|
"#{dependency.name.downcase}.nuspec"
|
|
134
134
|
else
|
|
135
|
-
"https://api.nuget.org/v3-flatcontainer/"\
|
|
136
|
-
|
|
137
|
-
|
|
135
|
+
"https://api.nuget.org/v3-flatcontainer/" \
|
|
136
|
+
"#{dependency.name.downcase}/#{dependency.version}/" \
|
|
137
|
+
"#{dependency.name.downcase}.nuspec"
|
|
138
138
|
end
|
|
139
139
|
end
|
|
140
140
|
|
|
@@ -191,10 +191,10 @@ module Dependabot
|
|
|
191
191
|
def default_repository_details
|
|
192
192
|
{
|
|
193
193
|
repository_url: DEFAULT_REPOSITORY_URL,
|
|
194
|
-
versions_url: "https://api.nuget.org/v3-flatcontainer/"\
|
|
195
|
-
|
|
196
|
-
search_url: "https://azuresearch-usnc.nuget.org/query"\
|
|
197
|
-
|
|
194
|
+
versions_url: "https://api.nuget.org/v3-flatcontainer/" \
|
|
195
|
+
"#{dependency.name.downcase}/index.json",
|
|
196
|
+
search_url: "https://azuresearch-usnc.nuget.org/query" \
|
|
197
|
+
"?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
|
|
198
198
|
auth_header: {},
|
|
199
199
|
repository_type: "v3"
|
|
200
200
|
}
|
|
@@ -222,7 +222,7 @@ module Dependabot
|
|
|
222
222
|
next source_details[:token] = nil if key.match?(/^\d/)
|
|
223
223
|
|
|
224
224
|
tag = key.gsub(" ", "_x0020_")
|
|
225
|
-
creds_nodes = doc.css("configuration > packageSourceCredentials "\
|
|
225
|
+
creds_nodes = doc.css("configuration > packageSourceCredentials " \
|
|
226
226
|
"> #{tag} > add")
|
|
227
227
|
|
|
228
228
|
username =
|
|
@@ -127,7 +127,7 @@ module Dependabot
|
|
|
127
127
|
doc = Nokogiri::XML(body)
|
|
128
128
|
doc.remove_namespaces!
|
|
129
129
|
|
|
130
|
-
doc.xpath("/feed/entry").
|
|
130
|
+
doc.xpath("/feed/entry").filter_map do |entry|
|
|
131
131
|
listed = entry.at_xpath("./properties/Listed")&.content&.strip
|
|
132
132
|
next if listed&.casecmp("false")&.zero?
|
|
133
133
|
|
|
@@ -136,7 +136,7 @@ module Dependabot
|
|
|
136
136
|
repo_url: listing.fetch("listing_details").
|
|
137
137
|
fetch(:repository_url)
|
|
138
138
|
)
|
|
139
|
-
end
|
|
139
|
+
end
|
|
140
140
|
end
|
|
141
141
|
end
|
|
142
142
|
|
|
@@ -172,7 +172,7 @@ module Dependabot
|
|
|
172
172
|
|
|
173
173
|
dependency.requirements.any? do |req|
|
|
174
174
|
reqs = parse_requirement_string(req.fetch(:requirement) || "")
|
|
175
|
-
return true if reqs.any?
|
|
175
|
+
return true if reqs.any?("*-*")
|
|
176
176
|
next unless reqs.any? { |r| r.include?("-") }
|
|
177
177
|
|
|
178
178
|
requirement_class.
|
|
@@ -193,12 +193,12 @@ module Dependabot
|
|
|
193
193
|
@v3_nuget_listings ||=
|
|
194
194
|
dependency_urls.
|
|
195
195
|
select { |details| details.fetch(:repository_type) == "v3" }.
|
|
196
|
-
|
|
196
|
+
filter_map do |url_details|
|
|
197
197
|
versions = versions_for_v3_repository(url_details)
|
|
198
198
|
next unless versions
|
|
199
199
|
|
|
200
200
|
{ "versions" => versions, "listing_details" => url_details }
|
|
201
|
-
end
|
|
201
|
+
end
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
def v2_nuget_listings
|
|
@@ -208,14 +208,14 @@ module Dependabot
|
|
|
208
208
|
dependency_urls.
|
|
209
209
|
select { |details| details.fetch(:repository_type) == "v2" }.
|
|
210
210
|
flat_map { |url_details| fetch_paginated_v2_nuget_listings(url_details) }.
|
|
211
|
-
|
|
211
|
+
filter_map do |url_details, response|
|
|
212
212
|
next unless response.status == 200
|
|
213
213
|
|
|
214
214
|
{
|
|
215
215
|
"xml_body" => response.body,
|
|
216
216
|
"listing_details" => url_details
|
|
217
217
|
}
|
|
218
|
-
end
|
|
218
|
+
end
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
def fetch_paginated_v2_nuget_listings(url_details, results = {})
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.212.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.212.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.212.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: debase
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 3.
|
|
89
|
+
version: 3.12.0
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 3.
|
|
96
|
+
version: 3.12.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: rake
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -142,14 +142,28 @@ dependencies:
|
|
|
142
142
|
requirements:
|
|
143
143
|
- - "~>"
|
|
144
144
|
- !ruby/object:Gem::Version
|
|
145
|
-
version: 1.
|
|
145
|
+
version: 1.36.0
|
|
146
146
|
type: :development
|
|
147
147
|
prerelease: false
|
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
149
149
|
requirements:
|
|
150
150
|
- - "~>"
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
|
-
version: 1.
|
|
152
|
+
version: 1.36.0
|
|
153
|
+
- !ruby/object:Gem::Dependency
|
|
154
|
+
name: rubocop-performance
|
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
|
156
|
+
requirements:
|
|
157
|
+
- - "~>"
|
|
158
|
+
- !ruby/object:Gem::Version
|
|
159
|
+
version: 1.14.2
|
|
160
|
+
type: :development
|
|
161
|
+
prerelease: false
|
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
163
|
+
requirements:
|
|
164
|
+
- - "~>"
|
|
165
|
+
- !ruby/object:Gem::Version
|
|
166
|
+
version: 1.14.2
|
|
153
167
|
- !ruby/object:Gem::Dependency
|
|
154
168
|
name: ruby-debug-ide
|
|
155
169
|
requirement: !ruby/object:Gem::Requirement
|