dependabot-nuget 0.216.0 → 0.216.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d44dd497e124af3a548585bc2be6e6eb2086eafe910ae3707869952ee2621b04
4
- data.tar.gz: 93b7795f0a9681c930bd4dc13c75c2eb84efab8f410188e492f539e707270e6d
3
+ metadata.gz: b36c726b50217782ae39173525d1a0ab53664449e768aaa9f72f94c4c4625f80
4
+ data.tar.gz: 8cdbc25a21cfa897939d53d48cd04e3dab2b4a6b71ed50c91f022be72d663e88
5
5
  SHA512:
6
- metadata.gz: c32d21b61f2d17587627175db2a82d5cc8d9ed03eacbfa3251b12b3d55d494ce7854385bb5526329bef51bd5e24a510a9471b430941610d559bcafde7fefb4e2
7
- data.tar.gz: 4bbe24a21f3bf5247e4caf1293d5265dbdad38d9353b09b6836e5fa37c100e27e75fd4b00552f2228b64948c5cc42fbd451d1be565e5376f217d8aa8f0509288
6
+ metadata.gz: cfc97aaec50815896f46d32788095849998ffbad62a609e852bec28626f889d444d9393834e755957042cd2a47d96ff099ac6e2dbf594aab87afb32a6507e024
7
+ data.tar.gz: 5d9c2617b7d64c0643c0a562289b9d607be819be62678b7bb8890e4ef570d0836691c71cd7ae4f644fde7af703d14af84289c9764a4ebf327577a85c087c07cf
@@ -32,6 +32,7 @@ module Dependabot
32
32
  fetched_files += packages_config_files
33
33
  fetched_files += nuget_config_files
34
34
  fetched_files << global_json if global_json
35
+ fetched_files << dotnet_tools_json if dotnet_tools_json
35
36
  fetched_files << packages_props if packages_props
36
37
 
37
38
  fetched_files = fetched_files.uniq
@@ -221,6 +222,12 @@ module Dependabot
221
222
  @global_json ||= fetch_file_if_present("global.json")
222
223
  end
223
224
 
225
+ def dotnet_tools_json
226
+ @dotnet_tools_json ||= fetch_file_if_present(".config/dotnet-tools.json")
227
+ rescue Dependabot::DependencyFileNotFound
228
+ nil
229
+ end
230
+
224
231
  def packages_props
225
232
  @packages_props ||= fetch_file_if_present("Packages.props")
226
233
  end
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "json"
4
+
5
+ require "dependabot/dependency"
6
+ require "dependabot/nuget/file_parser"
7
+
8
+ # For details on dotnet-tools.json files see:
9
+ # https://learn.microsoft.com/en-us/dotnet/core/tools/local-tools-how-to-use
10
+ module Dependabot
11
+ module Nuget
12
+ class FileParser
13
+ class DotNetToolsJsonParser
14
+ require "dependabot/file_parsers/base/dependency_set"
15
+
16
+ def initialize(dotnet_tools_json:)
17
+ @dotnet_tools_json = dotnet_tools_json
18
+ end
19
+
20
+ def dependency_set
21
+ dependency_set = Dependabot::FileParsers::Base::DependencySet.new
22
+
23
+ tools = parsed_dotnet_tools_json.fetch("tools", {})
24
+
25
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless tools.is_a?(Hash)
26
+
27
+ tools.each do |dependency_name, node|
28
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless node.is_a?(Hash)
29
+
30
+ version = node["version"]
31
+ dependency_set <<
32
+ Dependency.new(
33
+ name: dependency_name,
34
+ version: version,
35
+ package_manager: "nuget",
36
+ requirements: [{
37
+ requirement: version,
38
+ file: dotnet_tools_json.name,
39
+ groups: ["dependencies"],
40
+ source: nil
41
+ }]
42
+ )
43
+ end
44
+
45
+ dependency_set
46
+ end
47
+
48
+ private
49
+
50
+ attr_reader :dotnet_tools_json
51
+
52
+ def parsed_dotnet_tools_json
53
+ @parsed_dotnet_tools_json ||= JSON.parse(dotnet_tools_json.content)
54
+ rescue JSON::ParserError
55
+ raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
@@ -15,6 +15,7 @@ module Dependabot
15
15
  require_relative "file_parser/project_file_parser"
16
16
  require_relative "file_parser/packages_config_parser"
17
17
  require_relative "file_parser/global_json_parser"
18
+ require_relative "file_parser/dotnet_tools_json_parser"
18
19
 
19
20
  PACKAGE_CONF_DEPENDENCY_SELECTOR = "packages > packages"
20
21
 
@@ -23,6 +24,7 @@ module Dependabot
23
24
  dependency_set += project_file_dependencies
24
25
  dependency_set += packages_config_dependencies
25
26
  dependency_set += global_json_dependencies if global_json
27
+ dependency_set += dotnet_tools_json_dependencies if dotnet_tools_json
26
28
  dependency_set.dependencies
27
29
  end
28
30
 
@@ -56,6 +58,12 @@ module Dependabot
56
58
  GlobalJsonParser.new(global_json: global_json).dependency_set
57
59
  end
58
60
 
61
+ def dotnet_tools_json_dependencies
62
+ return DependencySet.new unless dotnet_tools_json
63
+
64
+ DotNetToolsJsonParser.new(dotnet_tools_json: dotnet_tools_json).dependency_set
65
+ end
66
+
59
67
  def project_file_parser
60
68
  @project_file_parser ||=
61
69
  ProjectFileParser.new(dependency_files: dependency_files)
@@ -76,7 +84,8 @@ module Dependabot
76
84
  project_files -
77
85
  packages_config_files -
78
86
  nuget_configs -
79
- [global_json]
87
+ [global_json] -
88
+ [dotnet_tools_json]
80
89
  end
81
90
 
82
91
  def nuget_configs
@@ -87,6 +96,10 @@ module Dependabot
87
96
  dependency_files.find { |f| f.name.casecmp("global.json").zero? }
88
97
  end
89
98
 
99
+ def dotnet_tools_json
100
+ dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
101
+ end
102
+
90
103
  def check_required_files
91
104
  return if project_files.any? || packages_config_files.any?
92
105
 
@@ -15,6 +15,7 @@ module Dependabot
15
15
  %r{^[^/]*\.[a-z]{2}proj$},
16
16
  /^packages\.config$/i,
17
17
  /^global\.json$/i,
18
+ /^dotnet-tools\.json$/i,
18
19
  /^Directory\.Build\.props$/i,
19
20
  /^Directory\.Build\.targets$/i,
20
21
  /^Packages\.props$/i
@@ -58,6 +59,10 @@ module Dependabot
58
59
  dependency_files.find { |f| f.name.casecmp("global.json").zero? }
59
60
  end
60
61
 
62
+ def dotnet_tools_json
63
+ dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
64
+ end
65
+
61
66
  def check_required_files
62
67
  return if project_files.any? || packages_config_files.any?
63
68
 
@@ -128,6 +133,13 @@ module Dependabot
128
133
  "#{Regexp.escape(dependency.previous_version)}"/x
129
134
  ).to_s
130
135
  ]
136
+ elsif requirement.fetch(:file).casecmp(".config/dotnet-tools.json").zero?
137
+ [
138
+ dotnet_tools_json.content.match(
139
+ /"#{Regexp.escape(dependency.name)}"\s*:\s*{\s*"version"\s*:\s*
140
+ "#{Regexp.escape(dependency.previous_version)}"/xm
141
+ ).to_s
142
+ ]
131
143
  else
132
144
  declaration_finder(dependency, requirement).declaration_strings
133
145
  end
@@ -307,11 +307,11 @@ module Dependabot
307
307
  end
308
308
 
309
309
  def version_class
310
- Nuget::Version
310
+ dependency.version_class
311
311
  end
312
312
 
313
313
  def requirement_class
314
- Nuget::Requirement
314
+ dependency.requirement_class
315
315
  end
316
316
 
317
317
  def remove_wrapping_zero_width_chars(string)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.216.0
4
+ version: 0.216.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-12 00:00:00.000000000 Z
11
+ date: 2023-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.216.0
19
+ version: 0.216.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.216.0
26
+ version: 0.216.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: debug
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.48.0
117
+ version: 1.50.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.48.0
124
+ version: 1.50.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -219,6 +219,7 @@ files:
219
219
  - lib/dependabot/nuget/file_fetcher/import_paths_finder.rb
220
220
  - lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb
221
221
  - lib/dependabot/nuget/file_parser.rb
222
+ - lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb
222
223
  - lib/dependabot/nuget/file_parser/global_json_parser.rb
223
224
  - lib/dependabot/nuget/file_parser/packages_config_parser.rb
224
225
  - lib/dependabot/nuget/file_parser/project_file_parser.rb