dependabot-nuget 0.211.0 → 0.213.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c52ee5a1c0902c360140b7425a5050a8c97cb0f7ceb90870056032368ca00c6
-  data.tar.gz: 1a8307c23e5bfa43387ded3b49598ffa2ca1900b42237d66a0f87398849678be
+  metadata.gz: a5f084f252deef0d960dff54bc9d3bbef2c21b38f6853f19a3ea5229f239660f
+  data.tar.gz: 8fd0eac3457d63ba3132ea4d9955e041439303310cb6a8b6f89fce60ade5faf7
 SHA512:
-  metadata.gz: d43d2e4e65c71954a87088c02d3f54534f07568bb3f0c0d385e778fbf3f4632b81c10495934b99f06699dd57076d614e5e67b048ffb4a6ebaaf5bfb4de0857e5
-  data.tar.gz: 9e76485ddba6429ea2808bc09627221a61934dc0240ad7e84c44f14906d439506e3c50bf02daea054aa6ab2d903ece49e827bebd9272ba9042945f05c062ad08
+  metadata.gz: 24446f402afc0c8f466cc1d74c6d03386a7436b297f04ad166a95fa69d741dfd195b8778c3edfdbf2d6baccb64d3a1ace47fc54de88b73bef3dc71b8579a8e46
+  data.tar.gz: d19f127b8a9a8890fc60be39912e6b30669b0fb371813f6b0547841740ce3061caea3fae953c10d29e849503f8807fdd322ca6ac0c41a670b6233b906b0bba71

data/lib/dependabot/nuget/file_fetcher.rb

@@ -73,11 +73,11 @@ module Dependabot
           [*project_files.map { |f| File.dirname(f.name) }, "."].uniq
 
         @packages_config_files ||=
-          candidate_paths.map do |dir|
+          candidate_paths.filter_map do |dir|
             file = repo_contents(dir: dir).
                    find { |f| f.name.casecmp("packages.config").zero? }
             fetch_file_from_host(File.join(dir, file.name)) if file
-          end.compact
+          end
       end
 
       # rubocop:disable Metrics/PerceivedComplexity
@@ -157,7 +157,7 @@ module Dependabot
                 project_paths
             end
 
-            paths.map do |path|
+            paths.filter_map do |path|
               fetch_file_from_host(path)
             rescue Dependabot::DependencyFileNotFound => e
               @missing_sln_project_file_errors ||= []
@@ -165,7 +165,7 @@ module Dependabot
               # Don't worry about missing files too much for now (at least
               # until we start resolving properties)
               nil
-            end.compact
+            end
           end
       end
 
@@ -209,12 +209,12 @@ module Dependabot
           [*project_files.map { |f| File.dirname(f.name) }, "."].uniq
 
         @nuget_config_files ||=
-          candidate_paths.map do |dir|
+          candidate_paths.filter_map do |dir|
             file = repo_contents(dir: dir).
                    find { |f| f.name.casecmp("nuget.config").zero? }
             file = fetch_file_from_host(File.join(dir, file.name)) if file
             file&.tap { |f| f.support_file = true }
-          end.compact
+          end
       end
 
       def global_json

data/lib/dependabot/nuget/file_parser/global_json_parser.rb

@@ -33,7 +33,7 @@ module Dependabot
                 requirements: [{
                   requirement: version,
                   file: global_json.name,
-                  groups: [],
+                  groups: ["dependencies"],
                   source: nil
                 }]
               )

data/lib/dependabot/nuget/file_parser/packages_config_parser.rb

@@ -61,7 +61,7 @@ module Dependabot
         def dependency_type(dependency_node)
           val = dependency_node.attribute("developmentDependency")&.value&.strip ||
                 dependency_node.at_xpath("./developmentDependency")&.content&.strip
-          val.to_s.downcase == "true" ? "devDependencies" : "dependencies"
+          val.to_s.casecmp("true").zero? ? "devDependencies" : "dependencies"
         end
       end
     end

data/lib/dependabot/nuget/file_parser/project_file_parser.rb

@@ -14,15 +14,15 @@ module Dependabot
         require "dependabot/file_parsers/base/dependency_set"
         require_relative "property_value_finder"
 
-        DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
-                              "ItemGroup > GlobalPackageReference, "\
-                              "ItemGroup > PackageVersion, "\
-                              "ItemGroup > Dependency, "\
+        DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, " \
+                              "ItemGroup > GlobalPackageReference, " \
+                              "ItemGroup > PackageVersion, " \
+                              "ItemGroup > Dependency, " \
                               "ItemGroup > DevelopmentDependency"
 
-        PROJECT_SDK_REGEX   = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$}.freeze
-        PROPERTY_REGEX      = /\$\((?<property>.*?)\)/.freeze
-        ITEM_REGEX          = /\@\((?<property>.*?)\)/.freeze
+        PROJECT_SDK_REGEX   = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$}
+        PROPERTY_REGEX      = /\$\((?<property>.*?)\)/
+        ITEM_REGEX          = /\@\((?<property>.*?)\)/
 
         def initialize(dependency_files:)
           @dependency_files = dependency_files

data/lib/dependabot/nuget/file_parser/property_value_finder.rb

@@ -10,7 +10,7 @@ module Dependabot
   module Nuget
     class FileParser
       class PropertyValueFinder
-        PROPERTY_REGEX = /\$\((?<property>.*?)\)/.freeze
+        PROPERTY_REGEX = /\$\((?<property>.*?)\)/
 
         def initialize(dependency_files:)
           @dependency_files = dependency_files
@@ -47,7 +47,7 @@ module Dependabot
             find_property_in_packages_props(property: property_name)
 
           return unless node_details
-          return node_details unless node_details[:value] =~ PROPERTY_REGEX
+          return node_details unless PROPERTY_REGEX.match?(node_details[:value])
 
           check_next_level_of_stack(node_details, stack)
         end
@@ -91,8 +91,7 @@ module Dependabot
           ]
 
           file = import_paths.
-                 map { |p| dependency_files.find { |f| f.name == p } }.
-                 compact.
+                 filter_map { |p| dependency_files.find { |f| f.name == p } }.
                  find { |f| deep_find_prop_node(property: property, file: f) }
 
           return unless file

data/lib/dependabot/nuget/file_updater/packages_config_declaration_finder.rb

@@ -9,7 +9,7 @@ module Dependabot
       class PackagesConfigDeclarationFinder
         DECLARATION_REGEX =
           %r{<package [^>]*?/>|
-             <package [^>]*?[^/]>.*?</package>}mx.freeze
+             <package [^>]*?[^/]>.*?</package>}mx
 
         attr_reader :dependency_name, :declaring_requirement,
                     :packages_config

data/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb

@@ -19,18 +19,18 @@ module Dependabot
             <Dependency [^>]*?[^/]>.*?</Dependency>|
             <DevelopmentDependency [^>]*?/>|
             <DevelopmentDependency [^>]*?[^/]>.*?</DevelopmentDependency>
-          }mx.freeze
+          }mx
         SDK_IMPORT_REGEX =
           / <Import [^>]*?Sdk="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?>
           | <Import [^>]*?Version="[^"]*?"[^>]*?Sdk="[^"]*?"[^>]*?>
-          /mx.freeze
+          /mx
         SDK_PROJECT_REGEX =
           / <Project [^>]*?Sdk="[^"]*?"[^>]*?>
-          /mx.freeze
+          /mx
         SDK_SDK_REGEX =
           / <Sdk [^>]*?Name="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?>
           | <Sdk [^>]*?Version="[^"]*?"[^>]*?Name="[^"]*?"[^>]*?>
-          /mx.freeze
+          /mx
 
         attr_reader :dependency_name, :declaring_requirement,
                     :dependency_files

data/lib/dependabot/nuget/metadata_finder.rb

@@ -63,7 +63,7 @@ module Dependabot
 
       def extract_source_repo(body)
         JSON.parse(body).fetch("data", []).each do |search_result|
-          next unless search_result["id"].downcase == dependency.name.downcase
+          next unless search_result["id"].casecmp(dependency.name).zero?
 
           if search_result.key?("projectUrl")
             source = Source.from_url(search_result.fetch("projectUrl"))
@@ -121,21 +121,7 @@ module Dependabot
         source = dependency.requirements.
                  find { |r| r&.fetch(:source) }&.fetch(:source)
 
-        if source&.key?(:nuspec_url)
-          source.fetch(:nuspec_url) ||
-            "https://api.nuget.org/v3-flatcontainer/"\
-            "#{dependency.name.downcase}/#{dependency.version}/"\
-            "#{dependency.name.downcase}.nuspec"
-        elsif source&.key?(:nuspec_url)
-          source.fetch("nuspec_url") ||
-            "https://api.nuget.org/v3-flatcontainer/"\
-            "#{dependency.name.downcase}/#{dependency.version}/"\
-            "#{dependency.name.downcase}.nuspec"
-        else
-          "https://api.nuget.org/v3-flatcontainer/"\
-          "#{dependency.name.downcase}/#{dependency.version}/"\
-          "#{dependency.name.downcase}.nuspec"
-        end
+        return source.fetch(:nuspec_url) if source&.key?(:nuspec_url)
       end
 
       def dependency_source_url

data/lib/dependabot/nuget/requirement.rb

@@ -21,7 +21,7 @@ module Dependabot
         [matches[1] || "=", Nuget::Version.new(matches[2])]
       end
 
-      # For consistency with other langauges, we define a requirements array.
+      # For consistency with other languages, we define a requirements array.
       # Dotnet doesn't have an `OR` separator for requirements, so it always
       # contains a single element.
       def self.requirements_array(requirement_string)

data/lib/dependabot/nuget/update_checker/repository_finder.rb

@@ -11,6 +11,7 @@ module Dependabot
     class UpdateChecker
       class RepositoryFinder
         DEFAULT_REPOSITORY_URL = "https://api.nuget.org/v3/index.json"
+        DEFAULT_REPOSITORY_API_KEY = "nuget.org"
 
         def initialize(dependency:, credentials:, config_files: [])
           @dependency  = dependency
@@ -30,7 +31,7 @@ module Dependabot
           @find_dependency_urls ||=
             known_repositories.flat_map do |details|
               if details.fetch(:url) == DEFAULT_REPOSITORY_URL
-                # Save a request for the default URL, since we already how
+                # Save a request for the default URL, since we already know how
                 # it addresses packages
                 next default_repository_details
               end
@@ -151,27 +152,26 @@ module Dependabot
         def repos_from_config_file(config_file)
           doc = Nokogiri::XML(config_file.content)
           doc.remove_namespaces!
-          sources =
-            doc.css("configuration > packageSources > add").map do |node|
-              {
-                key:
-                  node.attribute("key")&.value&.strip ||
-                    node.at_xpath("./key")&.content&.strip,
-                url:
-                  node.attribute("value")&.value&.strip ||
-                    node.at_xpath("./value")&.content&.strip
-              }
+          # analogous to having a root config with the default repository
+          base_sources = [{ url: DEFAULT_REPOSITORY_URL, key: "nuget.org" }]
+
+          sources = []
+          doc.css("configuration > packageSources").children.each do |node|
+            if node.name == "clear"
+              sources.clear
+              base_sources.clear
+            else
+              key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
+              url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
+              sources << { url: url, key: key }
             end
-
+          end
+          sources += base_sources # TODO: quirky overwrite behavior
           disabled_sources = disabled_sources(doc)
           sources.reject! do |s|
             disabled_sources.include?(s[:key])
           end
 
-          unless doc.css("configuration > packageSources > clear").any?
-            sources << { url: DEFAULT_REPOSITORY_URL, key: nil }
-          end
-
           sources.reject! do |s|
             known_urls = credential_repositories.map { |cr| cr.fetch(:url) }
             known_urls.include?(s.fetch(:url))
@@ -191,10 +191,10 @@ module Dependabot
         def default_repository_details
           {
             repository_url: DEFAULT_REPOSITORY_URL,
-            versions_url: "https://api.nuget.org/v3-flatcontainer/"\
-                             "#{dependency.name.downcase}/index.json",
-            search_url: "https://azuresearch-usnc.nuget.org/query"\
-                             "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
+            versions_url: "https://api.nuget.org/v3-flatcontainer/" \
+                          "#{dependency.name.downcase}/index.json",
+            search_url: "https://azuresearch-usnc.nuget.org/query" \
+                        "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
             auth_header: {},
             repository_type: "v3"
           }
@@ -202,7 +202,7 @@ module Dependabot
 
         # rubocop:disable Metrics/PerceivedComplexity
         def disabled_sources(doc)
-          doc.css("configuration > disabledPackageSources > add").map do |node|
+          doc.css("configuration > disabledPackageSources > add").filter_map do |node|
             value = node.attribute("value")&.value ||
                     node.at_xpath("./value")&.content
 
@@ -222,7 +222,7 @@ module Dependabot
             next source_details[:token] = nil if key.match?(/^\d/)
 
             tag = key.gsub(" ", "_x0020_")
-            creds_nodes = doc.css("configuration > packageSourceCredentials "\
+            creds_nodes = doc.css("configuration > packageSourceCredentials " \
                                   "> #{tag} > add")
 
             username =

data/lib/dependabot/nuget/update_checker/requirements_updater.rb

@@ -38,7 +38,7 @@ module Dependabot
                 # replace anything that looks like a version with the new
                 # version
                 req[:requirement].sub(
-                  /#{Nuget::Version::VERSION_PATTERN}/,
+                  /#{Nuget::Version::VERSION_PATTERN}/o,
                   latest_version.to_s
                 )
               end

data/lib/dependabot/nuget/update_checker/version_finder.rb

@@ -15,7 +15,7 @@ module Dependabot
       class VersionFinder
         require_relative "repository_finder"
 
-        NUGET_RANGE_REGEX = /[\(\[].*,.*[\)\]]/.freeze
+        NUGET_RANGE_REGEX = /[\(\[].*,.*[\)\]]/
 
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, raise_on_ignored: false,
@@ -127,7 +127,7 @@ module Dependabot
             doc = Nokogiri::XML(body)
             doc.remove_namespaces!
 
-            doc.xpath("/feed/entry").map do |entry|
+            doc.xpath("/feed/entry").filter_map do |entry|
               listed = entry.at_xpath("./properties/Listed")&.content&.strip
               next if listed&.casecmp("false")&.zero?
 
@@ -136,7 +136,7 @@ module Dependabot
                 repo_url: listing.fetch("listing_details").
                           fetch(:repository_url)
               )
-            end.compact
+            end
           end
         end
 
@@ -172,7 +172,7 @@ module Dependabot
 
           dependency.requirements.any? do |req|
             reqs = parse_requirement_string(req.fetch(:requirement) || "")
-            return true if reqs.any? { |r| r == "*-*" }
+            return true if reqs.any?("*-*")
             next unless reqs.any? { |r| r.include?("-") }
 
             requirement_class.
@@ -193,12 +193,12 @@ module Dependabot
           @v3_nuget_listings ||=
             dependency_urls.
             select { |details| details.fetch(:repository_type) == "v3" }.
-            map do |url_details|
+            filter_map do |url_details|
               versions = versions_for_v3_repository(url_details)
               next unless versions
 
               { "versions" => versions, "listing_details" => url_details }
-            end.compact
+            end
         end
 
         def v2_nuget_listings
@@ -208,14 +208,14 @@ module Dependabot
             dependency_urls.
             select { |details| details.fetch(:repository_type) == "v2" }.
             flat_map { |url_details| fetch_paginated_v2_nuget_listings(url_details) }.
-            map do |url_details, response|
+            filter_map do |url_details, response|
               next unless response.status == 200
 
               {
                 "xml_body" => response.body,
                 "listing_details" => url_details
               }
-            end.compact
+            end
         end
 
         def fetch_paginated_v2_nuget_listings(url_details, results = {})

data/lib/dependabot/nuget/version.rb

@@ -11,7 +11,7 @@ module Dependabot
   module Nuget
     class Version < Gem::Version
       VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
-      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/.freeze
+      ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
 
       def self.correct?(version)
         return false if version.nil?

data/lib/dependabot/nuget.rb

@@ -15,4 +15,11 @@ Dependabot::PullRequestCreator::Labeler.
   register_label_details("nuget", name: ".NET", colour: "7121c6")
 
 require "dependabot/dependency"
-Dependabot::Dependency.register_production_check("nuget", ->(_) { true })
+Dependabot::Dependency.register_production_check(
+  "nuget",
+  lambda do |groups|
+    return true if groups.empty?
+
+    groups.include?("dependencies")
+  end
+)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.211.0
+  version: 0.213.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,42 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
+        version: 0.213.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.211.0
-- !ruby/object:Gem::Dependency
-  name: debase
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-- !ruby/object:Gem::Dependency
-  name: debase-ruby_core_source
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.10.16
+        version: 0.213.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.11.1
+        version: 3.13.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -142,28 +114,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.35.1
+        version: 1.37.1
 - !ruby/object:Gem::Dependency
-  name: ruby-debug-ide
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 1.15.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -274,14 +246,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.1.0
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: ".NET (NuGet) support for dependabot"