dependabot-nuget 0.216.0 → 0.216.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d44dd497e124af3a548585bc2be6e6eb2086eafe910ae3707869952ee2621b04
4
- data.tar.gz: 93b7795f0a9681c930bd4dc13c75c2eb84efab8f410188e492f539e707270e6d
3
+ metadata.gz: b36c726b50217782ae39173525d1a0ab53664449e768aaa9f72f94c4c4625f80
4
+ data.tar.gz: 8cdbc25a21cfa897939d53d48cd04e3dab2b4a6b71ed50c91f022be72d663e88
5
5
  SHA512:
6
- metadata.gz: c32d21b61f2d17587627175db2a82d5cc8d9ed03eacbfa3251b12b3d55d494ce7854385bb5526329bef51bd5e24a510a9471b430941610d559bcafde7fefb4e2
7
- data.tar.gz: 4bbe24a21f3bf5247e4caf1293d5265dbdad38d9353b09b6836e5fa37c100e27e75fd4b00552f2228b64948c5cc42fbd451d1be565e5376f217d8aa8f0509288
6
+ metadata.gz: cfc97aaec50815896f46d32788095849998ffbad62a609e852bec28626f889d444d9393834e755957042cd2a47d96ff099ac6e2dbf594aab87afb32a6507e024
7
+ data.tar.gz: 5d9c2617b7d64c0643c0a562289b9d607be819be62678b7bb8890e4ef570d0836691c71cd7ae4f644fde7af703d14af84289c9764a4ebf327577a85c087c07cf
@@ -32,6 +32,7 @@ module Dependabot
32
32
  fetched_files += packages_config_files
33
33
  fetched_files += nuget_config_files
34
34
  fetched_files << global_json if global_json
35
+ fetched_files << dotnet_tools_json if dotnet_tools_json
35
36
  fetched_files << packages_props if packages_props
36
37
 
37
38
  fetched_files = fetched_files.uniq
@@ -221,6 +222,12 @@ module Dependabot
221
222
  @global_json ||= fetch_file_if_present("global.json")
222
223
  end
223
224
 
225
+ def dotnet_tools_json
226
+ @dotnet_tools_json ||= fetch_file_if_present(".config/dotnet-tools.json")
227
+ rescue Dependabot::DependencyFileNotFound
228
+ nil
229
+ end
230
+
224
231
  def packages_props
225
232
  @packages_props ||= fetch_file_if_present("Packages.props")
226
233
  end
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "json"
4
+
5
+ require "dependabot/dependency"
6
+ require "dependabot/nuget/file_parser"
7
+
8
+ # For details on dotnet-tools.json files see:
9
+ # https://learn.microsoft.com/en-us/dotnet/core/tools/local-tools-how-to-use
10
+ module Dependabot
11
+ module Nuget
12
+ class FileParser
13
+ class DotNetToolsJsonParser
14
+ require "dependabot/file_parsers/base/dependency_set"
15
+
16
+ def initialize(dotnet_tools_json:)
17
+ @dotnet_tools_json = dotnet_tools_json
18
+ end
19
+
20
+ def dependency_set
21
+ dependency_set = Dependabot::FileParsers::Base::DependencySet.new
22
+
23
+ tools = parsed_dotnet_tools_json.fetch("tools", {})
24
+
25
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless tools.is_a?(Hash)
26
+
27
+ tools.each do |dependency_name, node|
28
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless node.is_a?(Hash)
29
+
30
+ version = node["version"]
31
+ dependency_set <<
32
+ Dependency.new(
33
+ name: dependency_name,
34
+ version: version,
35
+ package_manager: "nuget",
36
+ requirements: [{
37
+ requirement: version,
38
+ file: dotnet_tools_json.name,
39
+ groups: ["dependencies"],
40
+ source: nil
41
+ }]
42
+ )
43
+ end
44
+
45
+ dependency_set
46
+ end
47
+
48
+ private
49
+
50
+ attr_reader :dotnet_tools_json
51
+
52
+ def parsed_dotnet_tools_json
53
+ @parsed_dotnet_tools_json ||= JSON.parse(dotnet_tools_json.content)
54
+ rescue JSON::ParserError
55
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
@@ -15,6 +15,7 @@ module Dependabot
15
15
  require_relative "file_parser/project_file_parser"
16
16
  require_relative "file_parser/packages_config_parser"
17
17
  require_relative "file_parser/global_json_parser"
18
+ require_relative "file_parser/dotnet_tools_json_parser"
18
19
 
19
20
  PACKAGE_CONF_DEPENDENCY_SELECTOR = "packages > packages"
20
21
 
@@ -23,6 +24,7 @@ module Dependabot
23
24
  dependency_set += project_file_dependencies
24
25
  dependency_set += packages_config_dependencies
25
26
  dependency_set += global_json_dependencies if global_json
27
+ dependency_set += dotnet_tools_json_dependencies if dotnet_tools_json
26
28
  dependency_set.dependencies
27
29
  end
28
30
 
@@ -56,6 +58,12 @@ module Dependabot
56
58
  GlobalJsonParser.new(global_json: global_json).dependency_set
57
59
  end
58
60
 
61
+ def dotnet_tools_json_dependencies
62
+ return DependencySet.new unless dotnet_tools_json
63
+
64
+ DotNetToolsJsonParser.new(dotnet_tools_json: dotnet_tools_json).dependency_set
65
+ end
66
+
59
67
  def project_file_parser
60
68
  @project_file_parser ||=
61
69
  ProjectFileParser.new(dependency_files: dependency_files)
@@ -76,7 +84,8 @@ module Dependabot
76
84
  project_files -
77
85
  packages_config_files -
78
86
  nuget_configs -
79
- [global_json]
87
+ [global_json] -
88
+ [dotnet_tools_json]
80
89
  end
81
90
 
82
91
  def nuget_configs
@@ -87,6 +96,10 @@ module Dependabot
87
96
  dependency_files.find { |f| f.name.casecmp("global.json").zero? }
88
97
  end
89
98
 
99
+ def dotnet_tools_json
100
+ dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
101
+ end
102
+
90
103
  def check_required_files
91
104
  return if project_files.any? || packages_config_files.any?
92
105
 
@@ -15,6 +15,7 @@ module Dependabot
15
15
  %r{^[^/]*\.[a-z]{2}proj$},
16
16
  /^packages\.config$/i,
17
17
  /^global\.json$/i,
18
+ /^dotnet-tools\.json$/i,
18
19
  /^Directory\.Build\.props$/i,
19
20
  /^Directory\.Build\.targets$/i,
20
21
  /^Packages\.props$/i
@@ -58,6 +59,10 @@ module Dependabot
58
59
  dependency_files.find { |f| f.name.casecmp("global.json").zero? }
59
60
  end
60
61
 
62
+ def dotnet_tools_json
63
+ dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
64
+ end
65
+
61
66
  def check_required_files
62
67
  return if project_files.any? || packages_config_files.any?
63
68
 
@@ -128,6 +133,13 @@ module Dependabot
128
133
  "#{Regexp.escape(dependency.previous_version)}"/x
129
134
  ).to_s
130
135
  ]
136
+ elsif requirement.fetch(:file).casecmp(".config/dotnet-tools.json").zero?
137
+ [
138
+ dotnet_tools_json.content.match(
139
+ /"#{Regexp.escape(dependency.name)}"\s*:\s*{\s*"version"\s*:\s*
140
+ "#{Regexp.escape(dependency.previous_version)}"/xm
141
+ ).to_s
142
+ ]
131
143
  else
132
144
  declaration_finder(dependency, requirement).declaration_strings
133
145
  end
@@ -307,11 +307,11 @@ module Dependabot
307
307
  end
308
308
 
309
309
  def version_class
310
- Nuget::Version
310
+ dependency.version_class
311
311
  end
312
312
 
313
313
  def requirement_class
314
- Nuget::Requirement
314
+ dependency.requirement_class
315
315
  end
316
316
 
317
317
  def remove_wrapping_zero_width_chars(string)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.216.0
4
+ version: 0.216.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-12 00:00:00.000000000 Z
11
+ date: 2023-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.216.0
19
+ version: 0.216.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.216.0
26
+ version: 0.216.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.48.0
117
+ version: 1.50.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.48.0
124
+ version: 1.50.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -219,6 +219,7 @@ files:
219
219
  - lib/dependabot/nuget/file_fetcher/import_paths_finder.rb
220
220
  - lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb
221
221
  - lib/dependabot/nuget/file_parser.rb
222
+ - lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb
222
223
  - lib/dependabot/nuget/file_parser/global_json_parser.rb
223
224
  - lib/dependabot/nuget/file_parser/packages_config_parser.rb
224
225
  - lib/dependabot/nuget/file_parser/project_file_parser.rb