dependabot-nuget 0.216.0 → 0.216.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/file_fetcher.rb +7 -0
- data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb +60 -0
- data/lib/dependabot/nuget/file_parser.rb +14 -1
- data/lib/dependabot/nuget/file_updater.rb +12 -0
- data/lib/dependabot/nuget/update_checker/version_finder.rb +2 -2
- metadata +7 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b36c726b50217782ae39173525d1a0ab53664449e768aaa9f72f94c4c4625f80
|
4
|
+
data.tar.gz: 8cdbc25a21cfa897939d53d48cd04e3dab2b4a6b71ed50c91f022be72d663e88
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cfc97aaec50815896f46d32788095849998ffbad62a609e852bec28626f889d444d9393834e755957042cd2a47d96ff099ac6e2dbf594aab87afb32a6507e024
|
7
|
+
data.tar.gz: 5d9c2617b7d64c0643c0a562289b9d607be819be62678b7bb8890e4ef570d0836691c71cd7ae4f644fde7af703d14af84289c9764a4ebf327577a85c087c07cf
|
@@ -32,6 +32,7 @@ module Dependabot
|
|
32
32
|
fetched_files += packages_config_files
|
33
33
|
fetched_files += nuget_config_files
|
34
34
|
fetched_files << global_json if global_json
|
35
|
+
fetched_files << dotnet_tools_json if dotnet_tools_json
|
35
36
|
fetched_files << packages_props if packages_props
|
36
37
|
|
37
38
|
fetched_files = fetched_files.uniq
|
@@ -221,6 +222,12 @@ module Dependabot
|
|
221
222
|
@global_json ||= fetch_file_if_present("global.json")
|
222
223
|
end
|
223
224
|
|
225
|
+
def dotnet_tools_json
|
226
|
+
@dotnet_tools_json ||= fetch_file_if_present(".config/dotnet-tools.json")
|
227
|
+
rescue Dependabot::DependencyFileNotFound
|
228
|
+
nil
|
229
|
+
end
|
230
|
+
|
224
231
|
def packages_props
|
225
232
|
@packages_props ||= fetch_file_if_present("Packages.props")
|
226
233
|
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "json"
|
4
|
+
|
5
|
+
require "dependabot/dependency"
|
6
|
+
require "dependabot/nuget/file_parser"
|
7
|
+
|
8
|
+
# For details on dotnet-tools.json files see:
|
9
|
+
# https://learn.microsoft.com/en-us/dotnet/core/tools/local-tools-how-to-use
|
10
|
+
module Dependabot
|
11
|
+
module Nuget
|
12
|
+
class FileParser
|
13
|
+
class DotNetToolsJsonParser
|
14
|
+
require "dependabot/file_parsers/base/dependency_set"
|
15
|
+
|
16
|
+
def initialize(dotnet_tools_json:)
|
17
|
+
@dotnet_tools_json = dotnet_tools_json
|
18
|
+
end
|
19
|
+
|
20
|
+
def dependency_set
|
21
|
+
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
22
|
+
|
23
|
+
tools = parsed_dotnet_tools_json.fetch("tools", {})
|
24
|
+
|
25
|
+
raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless tools.is_a?(Hash)
|
26
|
+
|
27
|
+
tools.each do |dependency_name, node|
|
28
|
+
raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path unless node.is_a?(Hash)
|
29
|
+
|
30
|
+
version = node["version"]
|
31
|
+
dependency_set <<
|
32
|
+
Dependency.new(
|
33
|
+
name: dependency_name,
|
34
|
+
version: version,
|
35
|
+
package_manager: "nuget",
|
36
|
+
requirements: [{
|
37
|
+
requirement: version,
|
38
|
+
file: dotnet_tools_json.name,
|
39
|
+
groups: ["dependencies"],
|
40
|
+
source: nil
|
41
|
+
}]
|
42
|
+
)
|
43
|
+
end
|
44
|
+
|
45
|
+
dependency_set
|
46
|
+
end
|
47
|
+
|
48
|
+
private
|
49
|
+
|
50
|
+
attr_reader :dotnet_tools_json
|
51
|
+
|
52
|
+
def parsed_dotnet_tools_json
|
53
|
+
@parsed_dotnet_tools_json ||= JSON.parse(dotnet_tools_json.content)
|
54
|
+
rescue JSON::ParserError
|
55
|
+
raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -15,6 +15,7 @@ module Dependabot
|
|
15
15
|
require_relative "file_parser/project_file_parser"
|
16
16
|
require_relative "file_parser/packages_config_parser"
|
17
17
|
require_relative "file_parser/global_json_parser"
|
18
|
+
require_relative "file_parser/dotnet_tools_json_parser"
|
18
19
|
|
19
20
|
PACKAGE_CONF_DEPENDENCY_SELECTOR = "packages > packages"
|
20
21
|
|
@@ -23,6 +24,7 @@ module Dependabot
|
|
23
24
|
dependency_set += project_file_dependencies
|
24
25
|
dependency_set += packages_config_dependencies
|
25
26
|
dependency_set += global_json_dependencies if global_json
|
27
|
+
dependency_set += dotnet_tools_json_dependencies if dotnet_tools_json
|
26
28
|
dependency_set.dependencies
|
27
29
|
end
|
28
30
|
|
@@ -56,6 +58,12 @@ module Dependabot
|
|
56
58
|
GlobalJsonParser.new(global_json: global_json).dependency_set
|
57
59
|
end
|
58
60
|
|
61
|
+
def dotnet_tools_json_dependencies
|
62
|
+
return DependencySet.new unless dotnet_tools_json
|
63
|
+
|
64
|
+
DotNetToolsJsonParser.new(dotnet_tools_json: dotnet_tools_json).dependency_set
|
65
|
+
end
|
66
|
+
|
59
67
|
def project_file_parser
|
60
68
|
@project_file_parser ||=
|
61
69
|
ProjectFileParser.new(dependency_files: dependency_files)
|
@@ -76,7 +84,8 @@ module Dependabot
|
|
76
84
|
project_files -
|
77
85
|
packages_config_files -
|
78
86
|
nuget_configs -
|
79
|
-
[global_json]
|
87
|
+
[global_json] -
|
88
|
+
[dotnet_tools_json]
|
80
89
|
end
|
81
90
|
|
82
91
|
def nuget_configs
|
@@ -87,6 +96,10 @@ module Dependabot
|
|
87
96
|
dependency_files.find { |f| f.name.casecmp("global.json").zero? }
|
88
97
|
end
|
89
98
|
|
99
|
+
def dotnet_tools_json
|
100
|
+
dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
|
101
|
+
end
|
102
|
+
|
90
103
|
def check_required_files
|
91
104
|
return if project_files.any? || packages_config_files.any?
|
92
105
|
|
@@ -15,6 +15,7 @@ module Dependabot
|
|
15
15
|
%r{^[^/]*\.[a-z]{2}proj$},
|
16
16
|
/^packages\.config$/i,
|
17
17
|
/^global\.json$/i,
|
18
|
+
/^dotnet-tools\.json$/i,
|
18
19
|
/^Directory\.Build\.props$/i,
|
19
20
|
/^Directory\.Build\.targets$/i,
|
20
21
|
/^Packages\.props$/i
|
@@ -58,6 +59,10 @@ module Dependabot
|
|
58
59
|
dependency_files.find { |f| f.name.casecmp("global.json").zero? }
|
59
60
|
end
|
60
61
|
|
62
|
+
def dotnet_tools_json
|
63
|
+
dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
|
64
|
+
end
|
65
|
+
|
61
66
|
def check_required_files
|
62
67
|
return if project_files.any? || packages_config_files.any?
|
63
68
|
|
@@ -128,6 +133,13 @@ module Dependabot
|
|
128
133
|
"#{Regexp.escape(dependency.previous_version)}"/x
|
129
134
|
).to_s
|
130
135
|
]
|
136
|
+
elsif requirement.fetch(:file).casecmp(".config/dotnet-tools.json").zero?
|
137
|
+
[
|
138
|
+
dotnet_tools_json.content.match(
|
139
|
+
/"#{Regexp.escape(dependency.name)}"\s*:\s*{\s*"version"\s*:\s*
|
140
|
+
"#{Regexp.escape(dependency.previous_version)}"/xm
|
141
|
+
).to_s
|
142
|
+
]
|
131
143
|
else
|
132
144
|
declaration_finder(dependency, requirement).declaration_strings
|
133
145
|
end
|
@@ -307,11 +307,11 @@ module Dependabot
|
|
307
307
|
end
|
308
308
|
|
309
309
|
def version_class
|
310
|
-
|
310
|
+
dependency.version_class
|
311
311
|
end
|
312
312
|
|
313
313
|
def requirement_class
|
314
|
-
|
314
|
+
dependency.requirement_class
|
315
315
|
end
|
316
316
|
|
317
317
|
def remove_wrapping_zero_width_chars(string)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.216.
|
4
|
+
version: 0.216.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-04-
|
11
|
+
date: 2023-04-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.216.
|
19
|
+
version: 0.216.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.216.
|
26
|
+
version: 0.216.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: debug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 1.
|
117
|
+
version: 1.50.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 1.
|
124
|
+
version: 1.50.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: rubocop-performance
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -219,6 +219,7 @@ files:
|
|
219
219
|
- lib/dependabot/nuget/file_fetcher/import_paths_finder.rb
|
220
220
|
- lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb
|
221
221
|
- lib/dependabot/nuget/file_parser.rb
|
222
|
+
- lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb
|
222
223
|
- lib/dependabot/nuget/file_parser/global_json_parser.rb
|
223
224
|
- lib/dependabot/nuget/file_parser/packages_config_parser.rb
|
224
225
|
- lib/dependabot/nuget/file_parser/project_file_parser.rb
|